Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Order0958490.vbe
|
data
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\QIbTTutRfdLJtpX.vbs
|
ISO-8859 text
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Critical_powershell.exe_6dcd90a0cfadcd56d98897fd4ad3469a57ab5cb_00000000_4b925f84-1812-45da-a3c6-375e7f851971\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Critical_powershell.exe_b4b21b9272f0623778607a435112f88140f556cc_00000000_47adebdb-28eb-4de3-b355-e1e0bc28e990\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6846.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6895.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER68F2.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER697F.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_aogrz5d0.pee.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dsnyvsgx.0xg.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_er4emgz2.2z5.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ms0lth0h.t0c.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF5e5c4f.TMP
(copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\YGJZ6NNE49LHNRRTI3OL.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ZSX3PS9AQ4HYCDWCPK6S.temp
|
data
|
dropped
|
||
|
\Device\ConDrv
|
Non-ISO extended-ASCII text, with very long lines (875), with CRLF line terminators, with escape sequences
|
dropped
|
There are 10 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Order0958490.vbe"
|
|
|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\AppData\Roaming\QIbTTutRfdLJtpX.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wermgr.exe
|
"C:\Windows\system32\wermgr.exe" "-outproc" "0" "7500" "2456" "1452" "2112" "0" "0" "2152" "0" "0" "0" "0" "0"
|
||
|
C:\Windows\System32\wermgr.exe
|
"C:\Windows\system32\wermgr.exe" "-outproc" "0" "7840" "2456" "2628" "2576" "0" "0" "2588" "0" "0" "0" "0" "0"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://api.ipify.org/
|
104.26.12.205
|
|
|
|
http://144.91.79.54/0210/s
|
unknown
|
||
|
http://144.91.79.54/dA
|
unknown
|
||
|
http://144.91.7
|
unknown
|
||
|
http://144.91.79.54/0210/v
|
unknown
|
||
|
http://144.91.79.54:80/0210/fileBQYA4EAN
|
unknown
|
||
|
https://api.ipify.org
|
unknown
|
||
|
http://144.91.79.54/0210/oWbIacqNnTGnBvjrXZmj.txt
|
unknown
|
||
|
http://144.91.79.54/f1$A
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
http://144.91.79.54/18A
|
unknown
|
||
|
http://144.91.79.54/0210/vAAAAA
|
unknown
|
||
|
http://144.91.79.54/
|
unknown
|
||
|
http://144.91.79.54:80/0210/vk-mH
|
unknown
|
||
|
http://144.91.79.54:80/0210/vr-TH
|
unknown
|
||
|
http://144.91.79.54/0210/oWbIacqNnTGnBvjrXZmj.txtr
|
unknown
|
||
|
https://api.ipify.org/t
|
unknown
|
||
|
http://144.91.79.54/0210/r4A
|
unknown
|
||
|
http://144.91.79.54/0210/file
|
unknown
|
||
|
http://144.91.79.54/t
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://144.91.79.54/XA
|
unknown
|
||
|
http://144.91.79.54/0210/r
|
unknown
|
There are 13 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
api.ipify.org
|
104.26.12.205
|
|
|
|
s-part-0023.t-0009.fb-t-msedge.net
|
13.107.253.51
|
||
|
fp2e7a.wpc.phicdn.net
|
192.229.221.95
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
144.91.79.54
|
unknown
|
Germany
|
|
|
|
104.26.12.205
|
api.ipify.org
|
United States
|
|
|
|
162.254.34.31
|
unknown
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\QIbTTutRfdLJtpX\donn
|
segment1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\QIbTTutRfdLJtpX\donn
|
segment2
|
||
|
HKEY_CURRENT_USER\SOFTWARE\QIbTTutRfdLJtpX\donn
|
segment3
|
||
|
HKEY_CURRENT_USER\SOFTWARE\QIbTTutRfdLJtpX\donn
|
segment4
|
||
|
HKEY_CURRENT_USER\SOFTWARE\QIbTTutRfdLJtpX\donn
|
segment5
|
||
|
HKEY_CURRENT_USER\SOFTWARE\QIbTTutRfdLJtpX\donn
|
segment6
|
||
|
HKEY_CURRENT_USER\SOFTWARE\QIbTTutRfdLJtpX\donn
|
segment7
|
||
|
HKEY_CURRENT_USER\SOFTWARE\QIbTTutRfdLJtpX\donn
|
segment8
|
||
|
HKEY_CURRENT_USER\SOFTWARE\QIbTTutRfdLJtpX\donn
|
segment9
|
||
|
HKEY_CURRENT_USER\SOFTWARE\QIbTTutRfdLJtpX\donn
|
segment10
|
||
|
HKEY_CURRENT_USER\SOFTWARE\QIbTTutRfdLJtpX\donn
|
segment11
|
||
|
HKEY_CURRENT_USER\SOFTWARE\QIbTTutRfdLJtpX\donn
|
segment12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\QIbTTutRfdLJtpX\donn
|
segment13
|
||
|
HKEY_CURRENT_USER\SOFTWARE\QIbTTutRfdLJtpX\donn
|
segment14
|
||
|
HKEY_CURRENT_USER\SOFTWARE\QIbTTutRfdLJtpX\donn
|
segment15
|
||
|
HKEY_CURRENT_USER\SOFTWARE\QIbTTutRfdLJtpX\donn
|
segment16
|
||
|
HKEY_CURRENT_USER\SOFTWARE\QIbTTutRfdLJtpX\donn
|
segment17
|
||
|
HKEY_CURRENT_USER\SOFTWARE\QIbTTutRfdLJtpX\donn
|
segment18
|
||
|
HKEY_CURRENT_USER\SOFTWARE\QIbTTutRfdLJtpX\donn
|
segment19
|
||
|
HKEY_CURRENT_USER\SOFTWARE\QIbTTutRfdLJtpX\donn
|
segment20
|
||
|
HKEY_CURRENT_USER\SOFTWARE\QIbTTutRfdLJtpX\donn
|
segment21
|
||
|
HKEY_CURRENT_USER\SOFTWARE\QIbTTutRfdLJtpX\donn
|
segment22
|
||
|
HKEY_CURRENT_USER\SOFTWARE\QIbTTutRfdLJtpX\donn
|
segment23
|
||
|
HKEY_CURRENT_USER\SOFTWARE\QIbTTutRfdLJtpX\donn
|
segment24
|
||
|
HKEY_CURRENT_USER\SOFTWARE\QIbTTutRfdLJtpX\donn
|
segment25
|
||
|
HKEY_CURRENT_USER\SOFTWARE\QIbTTutRfdLJtpX\donn
|
segment26
|
||
|
HKEY_CURRENT_USER\SOFTWARE\QIbTTutRfdLJtpX
|
cn
|
||
|
HKEY_CURRENT_USER\SOFTWARE\QIbTTutRfdLJtpX
|
i
|
||
|
HKEY_CURRENT_USER\SOFTWARE\QIbTTutRfdLJtpX
|
s
|
||
|
HKEY_CURRENT_USER\SOFTWARE\QIbTTutRfdLJtpX
|
r
|
||
|
HKEY_CURRENT_USER\SOFTWARE\QIbTTutRfdLJtpX
|
Path
|
||
|
HKEY_CURRENT_USER\SOFTWARE\QIbTTutRfdLJtpX
|
v
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
|
FileDirectory
|
There are 37 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2FEC000
|
trusted library allocation
|
page read and write
|
|
|
|
2FFA000
|
trusted library allocation
|
page read and write
|
|
|
|
2FC1000
|
trusted library allocation
|
page read and write
|
|
|
|
2FF4000
|
trusted library allocation
|
page read and write
|
|
|
|
F12000
|
remote allocation
|
page execute and read and write
|
|
|
|
203B579B000
|
heap
|
page read and write
|
||
|
1A57CF70000
|
remote allocation
|
page read and write
|
||
|
1A57B12A000
|
heap
|
page read and write
|
||
|
1A57B130000
|
heap
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
1578F763000
|
heap
|
page read and write
|
||
|
1A57B136000
|
heap
|
page read and write
|
||
|
1A57B132000
|
heap
|
page read and write
|
||
|
1A57D3BD000
|
heap
|
page read and write
|
||
|
1A57D2D1000
|
heap
|
page read and write
|
||
|
203B5760000
|
remote allocation
|
page read and write
|
||
|
1578F752000
|
heap
|
page read and write
|
||
|
AA3FEFE000
|
stack
|
page read and write
|
||
|
1A57B0D0000
|
heap
|
page read and write
|
||
|
1578F75C000
|
heap
|
page read and write
|
||
|
1A57CE6F000
|
heap
|
page read and write
|
||
|
1A57B164000
|
heap
|
page read and write
|
||
|
1A57B153000
|
heap
|
page read and write
|
||
|
1578F6A0000
|
heap
|
page read and write
|
||
|
6198000
|
heap
|
page read and write
|
||
|
1A57B130000
|
heap
|
page read and write
|
||
|
1578F763000
|
heap
|
page read and write
|
||
|
1A57B187000
|
heap
|
page read and write
|
||
|
203B3D61000
|
heap
|
page read and write
|
||
|
203B3D18000
|
heap
|
page read and write
|
||
|
1A57CE71000
|
heap
|
page read and write
|
||
|
6757000
|
trusted library allocation
|
page read and write
|
||
|
1A57D0F1000
|
heap
|
page read and write
|
||
|
1A57B10A000
|
heap
|
page read and write
|
||
|
1A57B10A000
|
heap
|
page read and write
|
||
|
6B00000
|
heap
|
page read and write
|
||
|
1A57B159000
|
heap
|
page read and write
|
||
|
2EBC000
|
stack
|
page read and write
|
||
|
1A57D252000
|
heap
|
page read and write
|
||
|
1A57D1E0000
|
heap
|
page read and write
|
||
|
1A57B0E1000
|
heap
|
page read and write
|
||
|
1A57D2AA000
|
heap
|
page read and write
|
||
|
1A57B0E0000
|
heap
|
page read and write
|
||
|
2C37000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A57CE68000
|
heap
|
page read and write
|
||
|
1A57B130000
|
heap
|
page read and write
|
||
|
3F99000
|
trusted library allocation
|
page read and write
|
||
|
118A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F30000
|
trusted library allocation
|
page read and write
|
||
|
1A57D149000
|
heap
|
page read and write
|
||
|
1A57D1E7000
|
heap
|
page read and write
|
||
|
1A57B13B000
|
heap
|
page read and write
|
||
|
1A57B170000
|
heap
|
page read and write
|
||
|
1A57B0FB000
|
heap
|
page read and write
|
||
|
1A57B0B2000
|
heap
|
page read and write
|
||
|
1A57D20E000
|
heap
|
page read and write
|
||
|
1A57D1DD000
|
heap
|
page read and write
|
||
|
1A57CE71000
|
heap
|
page read and write
|
||
|
203B3D18000
|
heap
|
page read and write
|
||
|
1A57CE71000
|
heap
|
page read and write
|
||
|
203B3D0B000
|
heap
|
page read and write
|
||
|
122F000
|
heap
|
page read and write
|
||
|
65D9000
|
trusted library allocation
|
page read and write
|
||
|
2C32000
|
trusted library allocation
|
page read and write
|
||
|
1A57B12A000
|
heap
|
page read and write
|
||
|
1198000
|
heap
|
page read and write
|
||
|
1A57CE6A000
|
heap
|
page read and write
|
||
|
638E000
|
stack
|
page read and write
|
||
|
1578F74B000
|
heap
|
page read and write
|
||
|
61A3000
|
heap
|
page read and write
|
||
|
1578F720000
|
heap
|
page read and write
|
||
|
1A57B187000
|
heap
|
page read and write
|
||
|
3BF90F9000
|
stack
|
page read and write
|
||
|
1A57CE71000
|
heap
|
page read and write
|
||
|
6AD0000
|
trusted library allocation
|
page read and write
|
||
|
1A57B10A000
|
heap
|
page read and write
|
||
|
1A57B17C000
|
heap
|
page read and write
|
||
|
1A57B104000
|
heap
|
page read and write
|
||
|
6730000
|
trusted library allocation
|
page execute and read and write
|
||
|
1140000
|
trusted library allocation
|
page read and write
|
||
|
1A57B359000
|
heap
|
page read and write
|
||
|
2FAF000
|
trusted library allocation
|
page read and write
|
||
|
1A57D103000
|
heap
|
page read and write
|
||
|
11C8000
|
heap
|
page read and write
|
||
|
1578F5D0000
|
heap
|
page read and write
|
||
|
54E0000
|
heap
|
page execute and read and write
|
||
|
682F000
|
stack
|
page read and write
|
||
|
1578F76A000
|
heap
|
page read and write
|
||
|
1A57CE71000
|
heap
|
page read and write
|
||
|
203B3D63000
|
heap
|
page read and write
|
||
|
1A57D0E6000
|
heap
|
page read and write
|
||
|
1578F752000
|
heap
|
page read and write
|
||
|
1578F752000
|
heap
|
page read and write
|
||
|
1A57B131000
|
heap
|
page read and write
|
||
|
1A57B13B000
|
heap
|
page read and write
|
||
|
1A57B12A000
|
heap
|
page read and write
|
||
|
661E000
|
stack
|
page read and write
|
||
|
1578F4D0000
|
heap
|
page read and write
|
||
|
1182000
|
trusted library allocation
|
page read and write
|
||
|
1A57B15B000
|
heap
|
page read and write
|
||
|
1A57CE65000
|
heap
|
page read and write
|
||
|
1A57B10A000
|
heap
|
page read and write
|
||
|
4FEAFE000
|
stack
|
page read and write
|
||
|
6AB7000
|
trusted library allocation
|
page read and write
|
||
|
203B3D63000
|
heap
|
page read and write
|
||
|
1100000
|
heap
|
page read and write
|
||
|
1A57B12A000
|
heap
|
page read and write
|
||
|
1A57D1E0000
|
heap
|
page read and write
|
||
|
1A57B148000
|
heap
|
page read and write
|
||
|
FF370000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A57D1C1000
|
heap
|
page read and write
|
||
|
3F71000
|
trusted library allocation
|
page read and write
|
||
|
BDA000
|
stack
|
page read and write
|
||
|
1A57CE66000
|
heap
|
page read and write
|
||
|
2DC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1578F75C000
|
heap
|
page read and write
|
||
|
1150000
|
heap
|
page read and write
|
||
|
1A57B0EA000
|
heap
|
page read and write
|
||
|
1578F763000
|
heap
|
page read and write
|
||
|
2F43000
|
heap
|
page read and write
|
||
|
1A57CE71000
|
heap
|
page read and write
|
||
|
6870000
|
trusted library allocation
|
page read and write
|
||
|
1205000
|
heap
|
page read and write
|
||
|
1A57B0CE000
|
heap
|
page read and write
|
||
|
2F0D000
|
trusted library allocation
|
page read and write
|
||
|
203B5760000
|
remote allocation
|
page read and write
|
||
|
203B3D61000
|
heap
|
page read and write
|
||
|
1A57B149000
|
heap
|
page read and write
|
||
|
6110000
|
heap
|
page read and write
|
||
|
1A57B14C000
|
heap
|
page read and write
|
||
|
AA3FBE6000
|
stack
|
page read and write
|
||
|
1A57B10A000
|
heap
|
page read and write
|
||
|
AA4027F000
|
stack
|
page read and write
|
||
|
1A57CE71000
|
heap
|
page read and write
|
||
|
1A57B130000
|
heap
|
page read and write
|
||
|
1A57CE60000
|
heap
|
page read and write
|
||
|
203B4010000
|
heap
|
page read and write
|
||
|
1A57B0E3000
|
heap
|
page read and write
|
||
|
1578F675000
|
heap
|
page read and write
|
||
|
1A57B0E0000
|
heap
|
page read and write
|
||
|
1A57CE71000
|
heap
|
page read and write
|
||
|
1A57CE71000
|
heap
|
page read and write
|
||
|
1A57B10A000
|
heap
|
page read and write
|
||
|
2DE8000
|
trusted library allocation
|
page read and write
|
||
|
1A57B098000
|
heap
|
page read and write
|
||
|
1A57B132000
|
heap
|
page read and write
|
||
|
203B3CF1000
|
heap
|
page read and write
|
||
|
1164000
|
trusted library allocation
|
page read and write
|
||
|
1A57B148000
|
heap
|
page read and write
|
||
|
1578F754000
|
heap
|
page read and write
|
||
|
1A57B35A000
|
heap
|
page read and write
|
||
|
1A57CE71000
|
heap
|
page read and write
|
||
|
1A57D0C0000
|
heap
|
page read and write
|
||
|
1A57B169000
|
heap
|
page read and write
|
||
|
11BB000
|
heap
|
page read and write
|
||
|
1A57CE71000
|
heap
|
page read and write
|
||
|
1A57B13B000
|
heap
|
page read and write
|
||
|
1A57B130000
|
heap
|
page read and write
|
||
|
EF8000
|
stack
|
page read and write
|
||
|
203B3D90000
|
heap
|
page read and write
|
||
|
203B3D25000
|
heap
|
page read and write
|
||
|
1A57D121000
|
heap
|
page read and write
|
||
|
1A57CE7A000
|
heap
|
page read and write
|
||
|
3BF93FD000
|
stack
|
page read and write
|
||
|
1578F754000
|
heap
|
page read and write
|
||
|
1A57B104000
|
heap
|
page read and write
|
||
|
1A57B14C000
|
heap
|
page read and write
|
||
|
203B3E60000
|
heap
|
page read and write
|
||
|
2C35000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A57B10A000
|
heap
|
page read and write
|
||
|
1A57B0AD000
|
heap
|
page read and write
|
||
|
1A57D149000
|
heap
|
page read and write
|
||
|
1A57D1C1000
|
heap
|
page read and write
|
||
|
AA400FC000
|
stack
|
page read and write
|
||
|
1A57CE71000
|
heap
|
page read and write
|
||
|
11C6000
|
heap
|
page read and write
|
||
|
6750000
|
trusted library allocation
|
page read and write
|
||
|
6AC0000
|
trusted library allocation
|
page read and write
|
||
|
1578F670000
|
heap
|
page read and write
|
||
|
1A57B12A000
|
heap
|
page read and write
|
||
|
674D000
|
trusted library allocation
|
page read and write
|
||
|
1A57B090000
|
heap
|
page read and write
|
||
|
1A57B0FB000
|
heap
|
page read and write
|
||
|
1A57D3B2000
|
heap
|
page read and write
|
||
|
1A57D172000
|
heap
|
page read and write
|
||
|
1A57D0D5000
|
heap
|
page read and write
|
||
|
1A57B0FB000
|
heap
|
page read and write
|
||
|
1A57B13B000
|
heap
|
page read and write
|
||
|
203B3CF0000
|
heap
|
page read and write
|
||
|
1A57B12A000
|
heap
|
page read and write
|
||
|
3BF97FD000
|
stack
|
page read and write
|
||
|
1A57CB10000
|
heap
|
page read and write
|
||
|
1A57B104000
|
heap
|
page read and write
|
||
|
1186000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A57B0CC000
|
heap
|
page read and write
|
||
|
203B5780000
|
heap
|
page read and write
|
||
|
1578F711000
|
heap
|
page read and write
|
||
|
203B3D33000
|
heap
|
page read and write
|
||
|
1578F756000
|
heap
|
page read and write
|
||
|
1A57B350000
|
heap
|
page read and write
|
||
|
1A57CE71000
|
heap
|
page read and write
|
||
|
2C50000
|
trusted library allocation
|
page read and write
|
||
|
1A57B0CB000
|
heap
|
page read and write
|
||
|
1170000
|
trusted library allocation
|
page read and write
|
||
|
1578F752000
|
heap
|
page read and write
|
||
|
1269000
|
heap
|
page read and write
|
||
|
1A57B10A000
|
heap
|
page read and write
|
||
|
1A57B187000
|
heap
|
page read and write
|
||
|
1156000
|
heap
|
page read and write
|
||
|
AA3FF7F000
|
stack
|
page read and write
|
||
|
1578F763000
|
heap
|
page read and write
|
||
|
1A57CE67000
|
heap
|
page read and write
|
||
|
1A57B13B000
|
heap
|
page read and write
|
||
|
2FEA000
|
trusted library allocation
|
page read and write
|
||
|
1578F763000
|
heap
|
page read and write
|
||
|
1A57D0D4000
|
heap
|
page read and write
|
||
|
2FBD000
|
trusted library allocation
|
page read and write
|
||
|
1A57B0C0000
|
heap
|
page read and write
|
||
|
671E000
|
stack
|
page read and write
|
||
|
1A57B104000
|
heap
|
page read and write
|
||
|
3BF96FE000
|
stack
|
page read and write
|
||
|
1578F75C000
|
heap
|
page read and write
|
||
|
679E000
|
stack
|
page read and write
|
||
|
1A57B159000
|
heap
|
page read and write
|
||
|
4FE3FE000
|
stack
|
page read and write
|
||
|
65D0000
|
trusted library allocation
|
page read and write
|
||
|
576E000
|
stack
|
page read and write
|
||
|
1A57B130000
|
heap
|
page read and write
|
||
|
5950000
|
heap
|
page read and write
|
||
|
1578F75C000
|
heap
|
page read and write
|
||
|
1A57D283000
|
heap
|
page read and write
|
||
|
1578F74C000
|
heap
|
page read and write
|
||
|
203B3C90000
|
heap
|
page read and write
|
||
|
1A57D1E1000
|
heap
|
page read and write
|
||
|
1A57D1E7000
|
heap
|
page read and write
|
||
|
2FE6000
|
trusted library allocation
|
page read and write
|
||
|
1A57B12A000
|
heap
|
page read and write
|
||
|
1A57D1D5000
|
heap
|
page read and write
|
||
|
F90000
|
heap
|
page read and write
|
||
|
1A57CE71000
|
heap
|
page read and write
|
||
|
1578F75C000
|
heap
|
page read and write
|
||
|
1A57CE71000
|
heap
|
page read and write
|
||
|
203B3DB0000
|
heap
|
page read and write
|
||
|
1578F6A8000
|
heap
|
page read and write
|
||
|
1A57CE71000
|
heap
|
page read and write
|
||
|
2D9E000
|
stack
|
page read and write
|
||
|
1A57B17A000
|
heap
|
page read and write
|
||
|
1A57B0BB000
|
heap
|
page read and write
|
||
|
AA401FB000
|
stack
|
page read and write
|
||
|
2FA7000
|
trusted library allocation
|
page read and write
|
||
|
203B3D25000
|
heap
|
page read and write
|
||
|
1A57B130000
|
heap
|
page read and write
|
||
|
2DD0000
|
heap
|
page read and write
|
||
|
2FE8000
|
trusted library allocation
|
page read and write
|
||
|
4FE2F2000
|
stack
|
page read and write
|
||
|
1A57CE71000
|
heap
|
page read and write
|
||
|
6B10000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A57B0FB000
|
heap
|
page read and write
|
||
|
4FE6FE000
|
stack
|
page read and write
|
||
|
1578F75C000
|
heap
|
page read and write
|
||
|
1A57D172000
|
heap
|
page read and write
|
||
|
15791370000
|
heap
|
page read and write
|
||
|
2F60000
|
heap
|
page execute and read and write
|
||
|
562C000
|
stack
|
page read and write
|
||
|
203B3D61000
|
heap
|
page read and write
|
||
|
2C3B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A57D3BE000
|
heap
|
page read and write
|
||
|
AA3FE7E000
|
unkown
|
page read and write
|
||
|
1578F752000
|
heap
|
page read and write
|
||
|
203B5D50000
|
heap
|
page read and write
|
||
|
123B000
|
heap
|
page read and write
|
||
|
1A57CE6A000
|
heap
|
page read and write
|
||
|
1A57D217000
|
heap
|
page read and write
|
||
|
203B3BB0000
|
heap
|
page read and write
|
||
|
58AF000
|
stack
|
page read and write
|
||
|
1A57B147000
|
heap
|
page read and write
|
||
|
2EEB000
|
trusted library allocation
|
page read and write
|
||
|
1A57B15B000
|
heap
|
page read and write
|
||
|
1578F754000
|
heap
|
page read and write
|
||
|
1578F76A000
|
heap
|
page read and write
|
||
|
1A57B358000
|
heap
|
page read and write
|
||
|
1180000
|
trusted library allocation
|
page read and write
|
||
|
FE5000
|
heap
|
page read and write
|
||
|
2EC0000
|
trusted library allocation
|
page read and write
|
||
|
1A57CE71000
|
heap
|
page read and write
|
||
|
1A57D395000
|
heap
|
page read and write
|
||
|
1A57B358000
|
heap
|
page read and write
|
||
|
1A57B15C000
|
heap
|
page read and write
|
||
|
600E000
|
stack
|
page read and write
|
||
|
58EE000
|
stack
|
page read and write
|
||
|
1578F75C000
|
heap
|
page read and write
|
||
|
1A57D172000
|
heap
|
page read and write
|
||
|
1A57B0EB000
|
heap
|
page read and write
|
||
|
1A57B13B000
|
heap
|
page read and write
|
||
|
6AB0000
|
trusted library allocation
|
page read and write
|
||
|
F10000
|
remote allocation
|
page execute and read and write
|
||
|
53C0000
|
heap
|
page read and write
|
||
|
1163000
|
trusted library allocation
|
page execute and read and write
|
||
|
2EE0000
|
trusted library allocation
|
page read and write
|
||
|
1A57D2AA000
|
heap
|
page read and write
|
||
|
1A57B16A000
|
heap
|
page read and write
|
||
|
1A57B130000
|
heap
|
page read and write
|
||
|
1A57B130000
|
heap
|
page read and write
|
||
|
203B3E10000
|
heap
|
page read and write
|
||
|
1578F763000
|
heap
|
page read and write
|
||
|
1160000
|
trusted library allocation
|
page read and write
|
||
|
1A57B12A000
|
heap
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
1A57CE67000
|
heap
|
page read and write
|
||
|
1A57D1C6000
|
heap
|
page read and write
|
||
|
4FE8FE000
|
stack
|
page read and write
|
||
|
1A57B0EC000
|
heap
|
page read and write
|
||
|
1578F75C000
|
heap
|
page read and write
|
||
|
1A57CE65000
|
heap
|
page read and write
|
||
|
3FDC000
|
trusted library allocation
|
page read and write
|
||
|
4FEBFD000
|
stack
|
page read and write
|
||
|
1578F620000
|
heap
|
page read and write
|
||
|
1A57B13B000
|
heap
|
page read and write
|
||
|
116D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2EFA000
|
trusted library allocation
|
page read and write
|
||
|
506E000
|
stack
|
page read and write
|
||
|
2F20000
|
trusted library allocation
|
page read and write
|
||
|
2DA0000
|
heap
|
page read and write
|
||
|
1578F756000
|
heap
|
page read and write
|
||
|
1A57D1E0000
|
heap
|
page read and write
|
||
|
AA3FFFC000
|
stack
|
page read and write
|
||
|
1A57CE61000
|
heap
|
page read and write
|
||
|
1A57CE71000
|
heap
|
page read and write
|
||
|
1578F763000
|
heap
|
page read and write
|
||
|
1A57B153000
|
heap
|
page read and write
|
||
|
203B5790000
|
heap
|
page read and write
|
||
|
203B3D05000
|
heap
|
page read and write
|
||
|
1A57B13B000
|
heap
|
page read and write
|
||
|
1A57B0EB000
|
heap
|
page read and write
|
||
|
203B3D63000
|
heap
|
page read and write
|
||
|
1A57B0EA000
|
heap
|
page read and write
|
||
|
1A57B13B000
|
heap
|
page read and write
|
||
|
1A57B0BC000
|
heap
|
page read and write
|
||
|
1578F75C000
|
heap
|
page read and write
|
||
|
1A57B35B000
|
heap
|
page read and write
|
||
|
2EEE000
|
trusted library allocation
|
page read and write
|
||
|
57AE000
|
stack
|
page read and write
|
||
|
566E000
|
stack
|
page read and write
|
||
|
1A57B0EB000
|
heap
|
page read and write
|
||
|
1578F75C000
|
heap
|
page read and write
|
||
|
122B000
|
heap
|
page read and write
|
||
|
1190000
|
heap
|
page read and write
|
||
|
203B3D7E000
|
heap
|
page read and write
|
||
|
117D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A57CF70000
|
remote allocation
|
page read and write
|
||
|
1A57B105000
|
heap
|
page read and write
|
||
|
203B3E65000
|
heap
|
page read and write
|
||
|
1A57CE71000
|
heap
|
page read and write
|
||
|
4FE7FF000
|
stack
|
page read and write
|
||
|
203B3D0B000
|
heap
|
page read and write
|
||
|
4FE9FC000
|
stack
|
page read and write
|
||
|
2ED0000
|
trusted library allocation
|
page read and write
|
||
|
1A57D1EF000
|
heap
|
page read and write
|
||
|
1A57D166000
|
heap
|
page read and write
|
||
|
1A57CE71000
|
heap
|
page read and write
|
||
|
1578F752000
|
heap
|
page read and write
|
||
|
1A57D1DE000
|
heap
|
page read and write
|
||
|
127F000
|
heap
|
page read and write
|
||
|
1578F752000
|
heap
|
page read and write
|
||
|
1A57B101000
|
heap
|
page read and write
|
||
|
1A57B166000
|
heap
|
page read and write
|
||
|
203B3CEC000
|
heap
|
page read and write
|
||
|
1A57B14A000
|
heap
|
page read and write
|
||
|
648E000
|
stack
|
page read and write
|
||
|
203B3D05000
|
heap
|
page read and write
|
||
|
6880000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A57D2AB000
|
heap
|
page read and write
|
||
|
1578F758000
|
heap
|
page read and write
|
||
|
1A57CE6F000
|
heap
|
page read and write
|
||
|
65CE000
|
stack
|
page read and write
|
||
|
1578F5B0000
|
heap
|
page read and write
|
||
|
1A57CE6A000
|
heap
|
page read and write
|
||
|
1A57B0ED000
|
heap
|
page read and write
|
||
|
203B3D33000
|
heap
|
page read and write
|
||
|
1A57B0BF000
|
heap
|
page read and write
|
||
|
2C30000
|
trusted library allocation
|
page read and write
|
||
|
1A57D12C000
|
heap
|
page read and write
|
||
|
1A57CE6A000
|
heap
|
page read and write
|
||
|
1A57B0DE000
|
heap
|
page read and write
|
||
|
1A57B0EF000
|
heap
|
page read and write
|
||
|
1A57D3BE000
|
heap
|
page read and write
|
||
|
1A57B0F1000
|
heap
|
page read and write
|
||
|
53B0000
|
heap
|
page read and write
|
||
|
552C000
|
stack
|
page read and write
|
||
|
2FB1000
|
trusted library allocation
|
page read and write
|
||
|
1A57B159000
|
heap
|
page read and write
|
||
|
6D40000
|
heap
|
page read and write
|
||
|
1578F76A000
|
heap
|
page read and write
|
||
|
1A57AF80000
|
heap
|
page read and write
|
||
|
1A57B14C000
|
heap
|
page read and write
|
||
|
1A57B101000
|
heap
|
page read and write
|
||
|
1578F754000
|
heap
|
page read and write
|
||
|
1A57B0D0000
|
heap
|
page read and write
|
||
|
203B4014000
|
heap
|
page read and write
|
||
|
1A57B106000
|
heap
|
page read and write
|
||
|
1A57B168000
|
heap
|
page read and write
|
||
|
1A57B12A000
|
heap
|
page read and write
|
||
|
1578F763000
|
heap
|
page read and write
|
||
|
1A57B161000
|
heap
|
page read and write
|
||
|
1A57B16A000
|
heap
|
page read and write
|
||
|
1A57B101000
|
heap
|
page read and write
|
||
|
6740000
|
trusted library allocation
|
page read and write
|
||
|
1A57B0E4000
|
heap
|
page read and write
|
||
|
1A57D1DD000
|
heap
|
page read and write
|
||
|
AA4007F000
|
stack
|
page read and write
|
||
|
1A57CE71000
|
heap
|
page read and write
|
||
|
1A57B10A000
|
heap
|
page read and write
|
||
|
1A57B145000
|
heap
|
page read and write
|
||
|
1A57B060000
|
heap
|
page read and write
|
||
|
203B3D33000
|
heap
|
page read and write
|
||
|
203B3D73000
|
heap
|
page read and write
|
||
|
203B5BD0000
|
heap
|
page read and write
|
||
|
4FE4FE000
|
stack
|
page read and write
|
||
|
2EF2000
|
trusted library allocation
|
page read and write
|
||
|
1A57D171000
|
heap
|
page read and write
|
||
|
1A57D1EE000
|
heap
|
page read and write
|
||
|
1A57D395000
|
heap
|
page read and write
|
||
|
2F71000
|
trusted library allocation
|
page read and write
|
||
|
64CE000
|
stack
|
page read and write
|
||
|
203B3CEC000
|
heap
|
page read and write
|
||
|
203B3CF0000
|
heap
|
page read and write
|
||
|
1A57B190000
|
heap
|
page read and write
|
||
|
1A57B13B000
|
heap
|
page read and write
|
||
|
1578F75C000
|
heap
|
page read and write
|
||
|
1A57CE71000
|
heap
|
page read and write
|
||
|
1A57D13E000
|
heap
|
page read and write
|
||
|
1A57B148000
|
heap
|
page read and write
|
||
|
1A57CE71000
|
heap
|
page read and write
|
||
|
1A57D0C1000
|
heap
|
page read and write
|
||
|
1A57CE71000
|
heap
|
page read and write
|
||
|
1A57D20B000
|
heap
|
page read and write
|
||
|
1A57D0D3000
|
heap
|
page read and write
|
||
|
203B3CEA000
|
heap
|
page read and write
|
||
|
1A57CF70000
|
remote allocation
|
page read and write
|
||
|
2C9E000
|
stack
|
page read and write
|
||
|
1A57D1C5000
|
heap
|
page read and write
|
||
|
2F40000
|
heap
|
page read and write
|
||
|
2EE6000
|
trusted library allocation
|
page read and write
|
||
|
1A57D2BE000
|
heap
|
page read and write
|
||
|
2F06000
|
trusted library allocation
|
page read and write
|
||
|
3BF94FE000
|
stack
|
page read and write
|
||
|
2F01000
|
trusted library allocation
|
page read and write
|
||
|
1A57D1C0000
|
heap
|
page read and write
|
||
|
203B5760000
|
remote allocation
|
page read and write
|
||
|
1A57B355000
|
heap
|
page read and write
|
||
|
3BF98FE000
|
stack
|
page read and write
|
||
|
1A57B14C000
|
heap
|
page read and write
|
||
|
1A57CE71000
|
heap
|
page read and write
|
||
|
1A57B15A000
|
heap
|
page read and write
|
||
|
2EFE000
|
trusted library allocation
|
page read and write
|
||
|
1A57B148000
|
heap
|
page read and write
|
||
|
1A57B159000
|
heap
|
page read and write
|
There are 447 hidden memdumps, click here to show them.