Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
BhT6NDfElu.exe
|
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
||
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\BhT6NDfElu.exe.log
|
CSV text
|
dropped
|
||
C:\Users\user\AppData\Roaming\d3d9.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\AppLaunch.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\BhT6NDfElu.exe
|
"C:\Users\user\Desktop\BhT6NDfElu.exe"
|
||
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://t.me/+J_Z1QGHfHko0MGZi
|
149.154.167.99
|
||
https://t.me/
|
unknown
|
||
https://t.me/+J_Z1QGHfHko0MGZi*https://steamcommunity.com/id/elcadillac
|
|||
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/02/sc/sct
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
|
unknown
|
||
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
|
unknown
|
||
http://tempuri.org/Contract/MSValue3ResponseD
|
unknown
|
||
http://tempuri.org/Contract/MSValue2Response
|
unknown
|
||
http://tempuri.org/
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
|
unknown
|
||
http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
|
unknown
|
||
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
|
unknown
|
||
http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/10/wsat
|
unknown
|
||
http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
|
unknown
|
||
https://api.ip.sb/ip
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/04/sc
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
|
unknown
|
||
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
|
unknown
|
||
http://tempuri.org/Contract/MSValue3Response
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
|
unknown
|
||
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/08/addressing
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/04/trust
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
|
unknown
|
||
http://tempuri.org/Contract/MSValue2ResponseD
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/08/addressing/faultD
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
|
unknown
|
||
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
|
unknown
|
||
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
|
unknown
|
||
http://schemas.xmlsoap.org/soap/envelope/
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
|
unknown
|
||
http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
|
unknown
|
||
http://tempuri.org/Contract/MSValue1
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/02/trust
|
unknown
|
||
http://tempuri.org/Contract/MSValue2
|
unknown
|
||
http://tempuri.org/Contract/MSValue3
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
|
unknown
|
||
http://tempuri.org/D
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/06/addressingex
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/10/wscoor
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
|
unknown
|
||
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
|
unknown
|
||
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
|
unknown
|
||
http://www.w3.o
|
unknown
|
||
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
|
unknown
|
||
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
|
unknown
|
||
http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
|
unknown
|
||
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
|
unknown
|
||
http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2002/12/policy
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/02/sc/dk
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
|
unknown
|
||
http://tempuri.org/Contract/MSValue1ResponseD
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
|
unknown
|
There are 90 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
t.me
|
149.154.167.99
|
||
sp.joger.top
|
95.217.245.123
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
95.217.245.123
|
sp.joger.top
|
Germany
|
||
149.154.167.99
|
t.me
|
United Kingdom
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AppLaunch_RASAPI32
|
EnableFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AppLaunch_RASAPI32
|
EnableAutoFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AppLaunch_RASAPI32
|
EnableConsoleTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AppLaunch_RASAPI32
|
FileTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AppLaunch_RASAPI32
|
ConsoleTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AppLaunch_RASAPI32
|
MaxFileSize
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AppLaunch_RASAPI32
|
FileDirectory
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AppLaunch_RASMANCS
|
EnableFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AppLaunch_RASMANCS
|
EnableAutoFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AppLaunch_RASMANCS
|
EnableConsoleTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AppLaunch_RASMANCS
|
FileTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AppLaunch_RASMANCS
|
ConsoleTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AppLaunch_RASMANCS
|
MaxFileSize
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AppLaunch_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
6E38C000
|
unkown
|
page read and write
|
||
402000
|
remote allocation
|
page execute and read and write
|
||
9ADE000
|
stack
|
page read and write
|
||
989E000
|
stack
|
page read and write
|
||
9DD0000
|
trusted library allocation
|
page read and write
|
||
AC13000
|
heap
|
page read and write
|
||
9D31000
|
heap
|
page read and write
|
||
54A7000
|
heap
|
page read and write
|
||
6E3A9000
|
unkown
|
page readonly
|
||
1870000
|
heap
|
page execute and read and write
|
||
15F0000
|
trusted library allocation
|
page read and write
|
||
3350000
|
trusted library allocation
|
page read and write
|
||
BBD0000
|
heap
|
page read and write
|
||
ADA0000
|
trusted library allocation
|
page read and write
|
||
AF5F000
|
trusted library allocation
|
page read and write
|
||
D7E9000
|
trusted library allocation
|
page read and write
|
||
AE08000
|
trusted library allocation
|
page read and write
|
||
93ED000
|
stack
|
page read and write
|
||
AF7D000
|
trusted library allocation
|
page read and write
|
||
ABC2000
|
heap
|
page read and write
|
||
AC39000
|
heap
|
page read and write
|
||
B470000
|
trusted library allocation
|
page execute and read and write
|
||
AC8D000
|
heap
|
page read and write
|
||
12F8000
|
stack
|
page read and write
|
||
9DA0000
|
trusted library allocation
|
page read and write
|
||
334E000
|
stack
|
page read and write
|
||
AB90000
|
heap
|
page read and write
|
||
AC1C000
|
heap
|
page read and write
|
||
ADB6000
|
trusted library allocation
|
page read and write
|
||
1860000
|
trusted library allocation
|
page execute and read and write
|
||
CB3E000
|
stack
|
page read and write
|
||
57B0000
|
heap
|
page read and write
|
||
AD48000
|
heap
|
page read and write
|
||
BBF4000
|
heap
|
page read and write
|
||
1501000
|
heap
|
page read and write
|
||
54FC000
|
heap
|
page read and write
|
||
9853000
|
heap
|
page execute and read and write
|
||
AF6E000
|
trusted library allocation
|
page read and write
|
||
5772000
|
trusted library allocation
|
page read and write
|
||
ADE8000
|
trusted library allocation
|
page read and write
|
||
9850000
|
heap
|
page execute and read and write
|
||
AD70000
|
heap
|
page read and write
|
||
9F30000
|
trusted library allocation
|
page read and write
|
||
576D000
|
trusted library allocation
|
page execute and read and write
|
||
53A0000
|
heap
|
page read and write
|
||
ADB0000
|
trusted library allocation
|
page read and write
|
||
15FD000
|
trusted library allocation
|
page execute and read and write
|
||
AF54000
|
trusted library allocation
|
page read and write
|
||
41E000
|
remote allocation
|
page execute and read and write
|
||
ABD3000
|
heap
|
page read and write
|
||
9DC1000
|
trusted library allocation
|
page read and write
|
||
1420000
|
heap
|
page read and write
|
||
5395000
|
heap
|
page read and write
|
||
AF50000
|
trusted library allocation
|
page read and write
|
||
575D000
|
trusted library allocation
|
page execute and read and write
|
||
9DDD000
|
trusted library allocation
|
page read and write
|
||
1490000
|
heap
|
page read and write
|
||
552C000
|
heap
|
page read and write
|
||
1850000
|
trusted library allocation
|
page read and write
|
||
ADFD000
|
trusted library allocation
|
page read and write
|
||
B290000
|
trusted library allocation
|
page read and write
|
||
15F4000
|
trusted library allocation
|
page read and write
|
||
15CE000
|
stack
|
page read and write
|
||
5780000
|
trusted library allocation
|
page read and write
|
||
AF0E000
|
stack
|
page read and write
|
||
9DB0000
|
trusted library allocation
|
page read and write
|
||
B540000
|
trusted library allocation
|
page execute and read and write
|
||
3371000
|
trusted library allocation
|
page read and write
|
||
18BE000
|
stack
|
page read and write
|
||
5776000
|
trusted library allocation
|
page execute and read and write
|
||
9DF1000
|
trusted library allocation
|
page read and write
|
||
B3E0000
|
trusted library allocation
|
page read and write
|
||
5539000
|
heap
|
page read and write
|
||
173E000
|
stack
|
page read and write
|
||
9D95000
|
trusted library allocation
|
page read and write
|
||
AC42000
|
heap
|
page read and write
|
||
1340000
|
heap
|
page read and write
|
||
CA3E000
|
stack
|
page read and write
|
||
ADB3000
|
trusted library allocation
|
page read and write
|
||
14BC000
|
heap
|
page read and write
|
||
B5A0000
|
trusted library allocation
|
page execute and read and write
|
||
A2C0000
|
trusted library allocation
|
page read and write
|
||
B280000
|
trusted library allocation
|
page read and write
|
||
543E000
|
stack
|
page read and write
|
||
B550000
|
trusted library allocation
|
page execute and read and write
|
||
5470000
|
heap
|
page read and write
|
||
AE15000
|
trusted library allocation
|
page read and write
|
||
B440000
|
trusted library allocation
|
page execute and read and write
|
||
999F000
|
stack
|
page read and write
|
||
5516000
|
heap
|
page read and write
|
||
5511000
|
heap
|
page read and write
|
||
5A06000
|
heap
|
page read and write
|
||
9C50000
|
heap
|
page read and write
|
||
B560000
|
trusted library allocation
|
page read and write
|
||
1627000
|
trusted library allocation
|
page execute and read and write
|
||
59D0000
|
heap
|
page execute and read and write
|
||
B580000
|
trusted library allocation
|
page read and write
|
||
ADF9000
|
trusted library allocation
|
page read and write
|
||
53F0000
|
heap
|
page read and write
|
||
AF9B000
|
trusted library allocation
|
page read and write
|
||
9D66000
|
trusted library allocation
|
page read and write
|
||
5390000
|
heap
|
page read and write
|
||
5740000
|
trusted library allocation
|
page read and write
|
||
9D5B000
|
trusted library allocation
|
page read and write
|
||
A2A0000
|
trusted library allocation
|
page read and write
|
||
B32E000
|
stack
|
page read and write
|
||
E60000
|
unkown
|
page readonly
|
||
AC77000
|
heap
|
page read and write
|
||
82C2000
|
trusted library allocation
|
page read and write
|
||
72B1000
|
trusted library allocation
|
page read and write
|
||
A2B0000
|
trusted library allocation
|
page execute and read and write
|
||
5753000
|
trusted library allocation
|
page execute and read and write
|
||
AF4E000
|
stack
|
page read and write
|
||
B437000
|
trusted library allocation
|
page read and write
|
||
ACAA000
|
heap
|
page read and write
|
||
B68B000
|
stack
|
page read and write
|
||
AD8E000
|
heap
|
page read and write
|
||
573E000
|
stack
|
page read and write
|
||
548E000
|
heap
|
page read and write
|
||
AF5B000
|
trusted library allocation
|
page read and write
|
||
AE20000
|
trusted library allocation
|
page read and write
|
||
ABBC000
|
heap
|
page read and write
|
||
AF68000
|
trusted library allocation
|
page read and write
|
||
ABCD000
|
heap
|
page read and write
|
||
1310000
|
heap
|
page read and write
|
||
F0C000
|
unkown
|
page readonly
|
||
C13E000
|
stack
|
page read and write
|
||
ABE1000
|
heap
|
page read and write
|
||
AB8F000
|
stack
|
page read and write
|
||
3360000
|
heap
|
page read and write
|
||
72EB000
|
trusted library allocation
|
page read and write
|
||
AD4C000
|
heap
|
page read and write
|
||
9D17000
|
heap
|
page read and write
|
||
A28E000
|
stack
|
page read and write
|
||
AD90000
|
trusted library allocation
|
page execute and read and write
|
||
7333000
|
trusted library allocation
|
page read and write
|
||
9D81000
|
trusted library allocation
|
page read and write
|
||
15E0000
|
trusted library allocation
|
page read and write
|
||
6E370000
|
unkown
|
page readonly
|
||
B690000
|
trusted library allocation
|
page read and write
|
||
9E00000
|
heap
|
page read and write
|
||
9B1D000
|
stack
|
page read and write
|
||
BBD8000
|
heap
|
page read and write
|
||
5820000
|
heap
|
page read and write
|
||
AE50000
|
trusted library allocation
|
page execute and read and write
|
||
72F3000
|
trusted library allocation
|
page read and write
|
||
FF580000
|
trusted library allocation
|
page execute and read and write
|
||
AD06000
|
heap
|
page read and write
|
||
5787000
|
trusted library allocation
|
page execute and read and write
|
||
D731000
|
trusted library allocation
|
page read and write
|
||
82CE000
|
trusted library allocation
|
page read and write
|
||
D630000
|
heap
|
page read and write
|
||
9D50000
|
trusted library allocation
|
page read and write
|
||
AF85000
|
trusted library allocation
|
page read and write
|
||
ADEB000
|
trusted library allocation
|
page read and write
|
||
5531000
|
heap
|
page read and write
|
||
B51E000
|
trusted library allocation
|
page read and write
|
||
56B0000
|
heap
|
page read and write
|
||
A340000
|
trusted library allocation
|
page read and write
|
||
AF64000
|
trusted library allocation
|
page read and write
|
||
19BF000
|
stack
|
page read and write
|
||
8324000
|
trusted library allocation
|
page read and write
|
||
C766000
|
trusted library allocation
|
page read and write
|
||
B430000
|
trusted library allocation
|
page read and write
|
||
ABFE000
|
heap
|
page read and write
|
||
57A0000
|
trusted library allocation
|
page read and write
|
||
AA8E000
|
stack
|
page read and write
|
||
B26E000
|
stack
|
page read and write
|
||
AE30000
|
trusted library allocation
|
page read and write
|
||
BC14000
|
heap
|
page read and write
|
||
9D9A000
|
trusted library allocation
|
page read and write
|
||
19C0000
|
heap
|
page read and write
|
||
82BB000
|
trusted library allocation
|
page read and write
|
||
AF79000
|
trusted library allocation
|
page read and write
|
||
B400000
|
trusted library allocation
|
page read and write
|
||
B570000
|
trusted library allocation
|
page execute and read and write
|
||
5754000
|
trusted library allocation
|
page read and write
|
||
1620000
|
trusted library allocation
|
page read and write
|
||
8317000
|
trusted library allocation
|
page read and write
|
||
5750000
|
trusted library allocation
|
page read and write
|
||
ABE9000
|
heap
|
page read and write
|
||
14AF000
|
heap
|
page read and write
|
||
AE1F000
|
trusted library allocation
|
page read and write
|
||
ADF5000
|
trusted library allocation
|
page read and write
|
||
5A00000
|
heap
|
page read and write
|
||
AECD000
|
stack
|
page read and write
|
||
5338000
|
stack
|
page read and write
|
||
82C8000
|
trusted library allocation
|
page read and write
|
||
5785000
|
trusted library allocation
|
page execute and read and write
|
||
B2A0000
|
trusted library allocation
|
page execute and read and write
|
||
B3EB000
|
trusted library allocation
|
page read and write
|
||
AE23000
|
trusted library allocation
|
page read and write
|
||
578B000
|
trusted library allocation
|
page execute and read and write
|
||
5760000
|
trusted library allocation
|
page read and write
|
||
9DD7000
|
trusted library allocation
|
page read and write
|
||
C030000
|
heap
|
page read and write
|
||
82D5000
|
trusted library allocation
|
page read and write
|
||
AF71000
|
trusted library allocation
|
page read and write
|
||
FCC000
|
stack
|
page read and write
|
||
A360000
|
trusted library allocation
|
page read and write
|
||
C74D000
|
trusted library allocation
|
page read and write
|
||
6E385000
|
unkown
|
page readonly
|
||
56F0000
|
trusted library allocation
|
page execute and read and write
|
||
5770000
|
trusted library allocation
|
page read and write
|
||
B410000
|
trusted library allocation
|
page read and write
|
||
5A0E000
|
heap
|
page read and write
|
||
B2EE000
|
stack
|
page read and write
|
||
A330000
|
trusted library allocation
|
page execute and read and write
|
||
6E371000
|
unkown
|
page execute read
|
||
9D7E000
|
trusted library allocation
|
page read and write
|
||
92EC000
|
stack
|
page read and write
|
||
5810000
|
trusted library allocation
|
page execute and read and write
|
||
AD7C000
|
heap
|
page read and write
|
||
E62000
|
unkown
|
page readonly
|
||
9D72000
|
trusted library allocation
|
page read and write
|
||
BC03000
|
heap
|
page read and write
|
||
146E000
|
stack
|
page read and write
|
||
ADF0000
|
trusted library allocation
|
page read and write
|
||
592E000
|
stack
|
page read and write
|
||
1600000
|
trusted library allocation
|
page read and write
|
||
ACEC000
|
heap
|
page read and write
|
||
1498000
|
heap
|
page read and write
|
||
57FE000
|
stack
|
page read and write
|
||
9D61000
|
trusted library allocation
|
page read and write
|
||
B296000
|
trusted library allocation
|
page read and write
|
||
ADD0000
|
heap
|
page execute and read and write
|
||
AC05000
|
heap
|
page read and write
|
||
B3F0000
|
heap
|
page read and write
|
||
5A0A000
|
heap
|
page read and write
|
||
149E000
|
heap
|
page read and write
|
||
A350000
|
trusted library allocation
|
page read and write
|
||
B420000
|
trusted library allocation
|
page read and write
|
||
B270000
|
trusted library allocation
|
page read and write
|
||
14D2000
|
heap
|
page read and write
|
||
4374000
|
trusted library allocation
|
page read and write
|
||
5544000
|
heap
|
page read and write
|
||
A310000
|
trusted library allocation
|
page read and write
|
||
A320000
|
trusted library allocation
|
page read and write
|
||
B3D0000
|
trusted library allocation
|
page read and write
|
||
AC5F000
|
heap
|
page read and write
|
||
9F20000
|
trusted library allocation
|
page read and write
|
||
B500000
|
trusted library allocation
|
page read and write
|
||
AC6F000
|
heap
|
page read and write
|
||
183F000
|
stack
|
page read and write
|
||
4371000
|
trusted library allocation
|
page read and write
|
||
AD60000
|
heap
|
page read and write
|
||
AF99000
|
trusted library allocation
|
page read and write
|
||
AF82000
|
trusted library allocation
|
page read and write
|
||
8326000
|
trusted library allocation
|
page read and write
|
||
AE0F000
|
trusted library allocation
|
page read and write
|
||
9760000
|
heap
|
page read and write
|
||
523C000
|
stack
|
page read and write
|
||
9F0D000
|
stack
|
page read and write
|
||
5549000
|
heap
|
page read and write
|
||
9CE4000
|
heap
|
page read and write
|
||
5800000
|
heap
|
page readonly
|
||
59AE000
|
stack
|
page read and write
|
||
59E0000
|
trusted library allocation
|
page read and write
|
||
9ECE000
|
stack
|
page read and write
|
||
AF90000
|
trusted library allocation
|
page read and write
|
||
5523000
|
heap
|
page read and write
|
||
A290000
|
trusted library allocation
|
page execute and read and write
|
||
53ED000
|
stack
|
page read and write
|
||
B5D0000
|
trusted library allocation
|
page read and write
|
||
AE1A000
|
trusted library allocation
|
page read and write
|
||
56D0000
|
trusted library allocation
|
page read and write
|
||
72E5000
|
trusted library allocation
|
page read and write
|
||
596E000
|
stack
|
page read and write
|
||
1630000
|
heap
|
page read and write
|
||
59F0000
|
trusted library allocation
|
page read and write
|
||
162B000
|
trusted library allocation
|
page execute and read and write
|
||
AE40000
|
trusted library allocation
|
page execute and read and write
|
||
324E000
|
stack
|
page read and write
|
||
5782000
|
trusted library allocation
|
page read and write
|
||
15F3000
|
trusted library allocation
|
page execute and read and write
|
||
8320000
|
trusted library allocation
|
page read and write
|
||
54F0000
|
heap
|
page read and write
|
||
14B7000
|
heap
|
page read and write
|
||
AC98000
|
heap
|
page read and write
|
||
1315000
|
heap
|
page read and write
|
||
B510000
|
trusted library allocation
|
page read and write
|
||
82B1000
|
trusted library allocation
|
page read and write
|
||
898C000
|
trusted library allocation
|
page read and write
|
||
400000
|
remote allocation
|
page execute and read and write
|
||
ADC0000
|
trusted library allocation
|
page execute and read and write
|
||
B590000
|
trusted library allocation
|
page execute and read and write
|
||
BC48000
|
heap
|
page read and write
|
||
1604000
|
trusted library allocation
|
page read and write
|
||
99DE000
|
stack
|
page read and write
|
||
D646000
|
heap
|
page read and write
|
||
550B000
|
heap
|
page read and write
|
||
ADE0000
|
trusted library allocation
|
page read and write
|
||
9C1E000
|
stack
|
page read and write
|
||
72AF000
|
stack
|
page read and write
|
||
AC83000
|
heap
|
page read and write
|
||
551E000
|
heap
|
page read and write
|
||
5559000
|
heap
|
page read and write
|
||
AC07000
|
heap
|
page read and write
|
||
9730000
|
heap
|
page read and write
|
||
9750000
|
heap
|
page read and write
|
||
549A000
|
heap
|
page read and write
|
||
9D90000
|
trusted library allocation
|
page read and write
|
||
9E8E000
|
stack
|
page read and write
|
||
AF76000
|
trusted library allocation
|
page read and write
|
||
AE60000
|
trusted library allocation
|
page read and write
|
||
5478000
|
heap
|
page read and write
|
||
9CAB000
|
heap
|
page read and write
|
There are 297 hidden memdumps, click here to show them.