Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
BNXCXCJSD.jse
|
C source, ASCII text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Temp\dddddd.ps1
|
ASCII text, with very long lines (65494), with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\x.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\x.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\1nl3hc[1].ps1
|
ASCII text, with very long lines (65494), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_40mec3sk.4kn.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tbifcua2.v3p.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\Documents\NOVA\Captured.png
|
PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\BNXCXCJSD.jse"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy RemoteSigned -File "C:\Temp\dddddd.ps1"
|
|
|
|
C:\Users\user\AppData\Local\Temp\x.exe
|
"C:\Users\user\AppData\Local\Temp\x.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
https://sectigo.com/CPS0
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/8.46.123.189
|
104.21.16.1
|
||
|
http://ocsp.sectigo.com0
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
https://api.telegram.org/bot
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
http://www.microsoft.co
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://files.catbox.moe/1nl3hc.ps1C
|
unknown
|
||
|
http://checkip.dyndns.org
|
unknown
|
||
|
https://files.catbox.moe/
|
unknown
|
||
|
https://files.catbox.moe/1nl3hc.ps1
|
108.181.20.35
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://checkip.dyndns.org/B&
|
unknown
|
||
|
https://files.catbox.moe;
|
unknown
|
||
|
https://files.catbox.moe/1nl3hc.ps1u
|
unknown
|
||
|
http://checkip.dyndns.org/
|
132.226.247.73
|
||
|
http://checkip.dyndns.org/:&
|
unknown
|
||
|
https://files.catbox.moe/1nl3hc.ps1q
|
unknown
|
||
|
http://checkip.dyndns.org/q
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://files.catbox.moe/:
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://oneget.orgX
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://files.catbox.moe
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://files.catbox.moe/1nl3hc.ps1l
|
unknown
|
||
|
https://api.telegram.org/bot-/sendDocument?chat_id=
|
unknown
|
||
|
https://files.catbox.moe/1nl3hc.ps1:CreateObject
|
unknown
|
||
|
https://oneget.org
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/
|
unknown
|
There are 26 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
webmail.justbumpersplus.com
|
50.87.249.44
|
|
|
|
files.catbox.moe
|
108.181.20.35
|
||
|
reallyfreegeoip.org
|
104.21.16.1
|
||
|
checkip.dyndns.com
|
132.226.247.73
|
||
|
checkip.dyndns.org
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
50.87.249.44
|
webmail.justbumpersplus.com
|
United States
|
|
|
|
104.21.16.1
|
reallyfreegeoip.org
|
United States
|
||
|
108.181.20.35
|
files.catbox.moe
|
Canada
|
||
|
132.226.247.73
|
checkip.dyndns.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\wscript.exe
|
JScriptSetScriptStateStarted
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
FileDirectory
|
There are 6 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
4046000
|
trusted library allocation
|
page read and write
|
|
|
|
680E000
|
stack
|
page read and write
|
||
|
35ACBDE000
|
stack
|
page read and write
|
||
|
18CD5FBC000
|
heap
|
page read and write
|
||
|
18CD3F02000
|
heap
|
page read and write
|
||
|
3193000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34224000
|
trusted library allocation
|
page read and write
|
||
|
1C85F600000
|
trusted library allocation
|
page read and write
|
||
|
18CD5F91000
|
heap
|
page read and write
|
||
|
145E000
|
stack
|
page read and write
|
||
|
31B4000
|
trusted library allocation
|
page read and write
|
||
|
1C8625A1000
|
trusted library allocation
|
page read and write
|
||
|
1C85F3CE000
|
heap
|
page read and write
|
||
|
26C0000
|
heap
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
1C861248000
|
trusted library allocation
|
page read and write
|
||
|
18CD67B6000
|
heap
|
page read and write
|
||
|
35ADF4E000
|
stack
|
page read and write
|
||
|
18CD5D20000
|
heap
|
page read and write
|
||
|
18CD5F8B000
|
heap
|
page read and write
|
||
|
62EF000
|
stack
|
page read and write
|
||
|
1C861F9E000
|
trusted library allocation
|
page read and write
|
||
|
1C87933B000
|
heap
|
page read and write
|
||
|
1C87122F000
|
trusted library allocation
|
page read and write
|
||
|
35AD47B000
|
stack
|
page read and write
|
||
|
740E000
|
stack
|
page read and write
|
||
|
12C4000
|
trusted library allocation
|
page read and write
|
||
|
1C85F650000
|
heap
|
page execute and read and write
|
||
|
18CD5FBA000
|
heap
|
page read and write
|
||
|
4D0E000
|
stack
|
page read and write
|
||
|
8C10000
|
heap
|
page read and write
|
||
|
4151000
|
trusted library allocation
|
page read and write
|
||
|
18CD3F2F000
|
heap
|
page read and write
|
||
|
2800000
|
heap
|
page execute and read and write
|
||
|
57F6000
|
trusted library allocation
|
page read and write
|
||
|
18CD5F7D000
|
heap
|
page read and write
|
||
|
1130000
|
heap
|
page read and write
|
||
|
1C8714AA000
|
trusted library allocation
|
page read and write
|
||
|
5A4E000
|
stack
|
page read and write
|
||
|
7FFD34440000
|
trusted library allocation
|
page read and write
|
||
|
18CD3F02000
|
heap
|
page read and write
|
||
|
18CD5D3E000
|
heap
|
page read and write
|
||
|
7FFD3422D000
|
trusted library allocation
|
page execute and read and write
|
||
|
18CD5FE8000
|
heap
|
page read and write
|
||
|
18CD3F69000
|
heap
|
page read and write
|
||
|
281F000
|
trusted library allocation
|
page read and write
|
||
|
13AE000
|
heap
|
page read and write
|
||
|
18CD3EE8000
|
heap
|
page read and write
|
||
|
7FFD34420000
|
trusted library allocation
|
page read and write
|
||
|
8C1C000
|
heap
|
page read and write
|
||
|
BED000
|
heap
|
page read and write
|
||
|
3151000
|
trusted library allocation
|
page read and write
|
||
|
18CD3EE2000
|
heap
|
page read and write
|
||
|
18CD60D0000
|
heap
|
page read and write
|
||
|
7140000
|
trusted library allocation
|
page execute and read and write
|
||
|
72FE000
|
stack
|
page read and write
|
||
|
18CD3DA0000
|
heap
|
page read and write
|
||
|
7FFD344B0000
|
trusted library allocation
|
page read and write
|
||
|
18CD3F04000
|
heap
|
page read and write
|
||
|
490E000
|
stack
|
page read and write
|
||
|
63ED000
|
stack
|
page read and write
|
||
|
7FFD34402000
|
trusted library allocation
|
page read and write
|
||
|
18CD3ED4000
|
heap
|
page read and write
|
||
|
155E000
|
stack
|
page read and write
|
||
|
6588000
|
heap
|
page read and write
|
||
|
18CD5FE8000
|
heap
|
page read and write
|
||
|
18CD67A2000
|
heap
|
page read and write
|
||
|
7FFD343DA000
|
trusted library allocation
|
page read and write
|
||
|
1C8794CC000
|
heap
|
page read and write
|
||
|
37048FE000
|
stack
|
page read and write
|
||
|
18CD5D44000
|
heap
|
page read and write
|
||
|
18CD5F73000
|
heap
|
page read and write
|
||
|
18CD3E9F000
|
heap
|
page read and write
|
||
|
BB0000
|
trusted library allocation
|
page read and write
|
||
|
12E0000
|
trusted library allocation
|
page read and write
|
||
|
13A8000
|
heap
|
page read and write
|
||
|
2819000
|
trusted library allocation
|
page read and write
|
||
|
18CD5D38000
|
heap
|
page read and write
|
||
|
55CD000
|
stack
|
page read and write
|
||
|
7FFD34430000
|
trusted library allocation
|
page read and write
|
||
|
7FFD344D0000
|
trusted library allocation
|
page read and write
|
||
|
1190000
|
heap
|
page read and write
|
||
|
3206000
|
trusted library allocation
|
page read and write
|
||
|
18CD40FA000
|
heap
|
page read and write
|
||
|
18CD6060000
|
heap
|
page read and write
|
||
|
7FFD34340000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C85F620000
|
trusted library allocation
|
page read and write
|
||
|
1359000
|
heap
|
page read and write
|
||
|
25DE000
|
stack
|
page read and write
|
||
|
7FFD34450000
|
trusted library allocation
|
page read and write
|
||
|
3811000
|
trusted library allocation
|
page read and write
|
||
|
1C8611C1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD342D0000
|
trusted library allocation
|
page read and write
|
||
|
1C85F46C000
|
heap
|
page read and write
|
||
|
1C862FC0000
|
trusted library allocation
|
page read and write
|
||
|
2811000
|
trusted library allocation
|
page read and write
|
||
|
1C8624F7000
|
trusted library allocation
|
page read and write
|
||
|
18CD5FBC000
|
heap
|
page read and write
|
||
|
9E7000
|
trusted library allocation
|
page execute and read and write
|
||
|
25E8000
|
trusted library allocation
|
page read and write
|
||
|
18CD5F67000
|
heap
|
page read and write
|
||
|
18CD6002000
|
heap
|
page read and write
|
||
|
7300000
|
trusted library allocation
|
page read and write
|
||
|
18CD6002000
|
heap
|
page read and write
|
||
|
452000
|
unkown
|
page readonly
|
||
|
18CD5F90000
|
heap
|
page read and write
|
||
|
18CD5F3C000
|
heap
|
page read and write
|
||
|
18CD5FE8000
|
heap
|
page read and write
|
||
|
18CD5F73000
|
heap
|
page read and write
|
||
|
1797000
|
heap
|
page read and write
|
||
|
7FFD34223000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E8E000
|
stack
|
page read and write
|
||
|
18CD5D4C000
|
heap
|
page read and write
|
||
|
71C0000
|
heap
|
page read and write
|
||
|
DBE000
|
stack
|
page read and write
|
||
|
18CD5FBA000
|
heap
|
page read and write
|
||
|
18CD6002000
|
heap
|
page read and write
|
||
|
50C000
|
stack
|
page read and write
|
||
|
7FFD34490000
|
trusted library allocation
|
page read and write
|
||
|
35AD37F000
|
stack
|
page read and write
|
||
|
18CD5D22000
|
heap
|
page read and write
|
||
|
18CD3F29000
|
heap
|
page read and write
|
||
|
1C87954A000
|
heap
|
page read and write
|
||
|
18CD5F8B000
|
heap
|
page read and write
|
||
|
7FFD34550000
|
trusted library allocation
|
page read and write
|
||
|
18CD5F49000
|
heap
|
page read and write
|
||
|
18CD5EA0000
|
remote allocation
|
page read and write
|
||
|
18CD3F2F000
|
heap
|
page read and write
|
||
|
18CD3F69000
|
heap
|
page read and write
|
||
|
18CD5FE8000
|
heap
|
page read and write
|
||
|
7FFD344E0000
|
trusted library allocation
|
page read and write
|
||
|
18CD3F04000
|
heap
|
page read and write
|
||
|
18CD6002000
|
heap
|
page read and write
|
||
|
57F0000
|
trusted library allocation
|
page read and write
|
||
|
1320000
|
heap
|
page read and write
|
||
|
3704BFF000
|
stack
|
page read and write
|
||
|
2F00000
|
trusted library allocation
|
page read and write
|
||
|
3704FFE000
|
stack
|
page read and write
|
||
|
2EF3000
|
heap
|
page read and write
|
||
|
1C85F370000
|
heap
|
page read and write
|
||
|
18CD5F87000
|
heap
|
page read and write
|
||
|
8C00000
|
heap
|
page read and write
|
||
|
3189000
|
trusted library allocation
|
page read and write
|
||
|
18CD3ED0000
|
heap
|
page read and write
|
||
|
1C85F640000
|
trusted library allocation
|
page read and write
|
||
|
35AD278000
|
stack
|
page read and write
|
||
|
37047FE000
|
stack
|
page read and write
|
||
|
7DF4269A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
71BB000
|
stack
|
page read and write
|
||
|
35ACEFE000
|
stack
|
page read and write
|
||
|
18CD5E70000
|
heap
|
page read and write
|
||
|
1C879373000
|
heap
|
page read and write
|
||
|
12C0000
|
trusted library allocation
|
page read and write
|
||
|
1C85F3B4000
|
heap
|
page read and write
|
||
|
1C862D3F000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34540000
|
trusted library allocation
|
page read and write
|
||
|
BCB000
|
heap
|
page read and write
|
||
|
18CD5EA0000
|
remote allocation
|
page read and write
|
||
|
1C879287000
|
heap
|
page execute and read and write
|
||
|
3010000
|
trusted library allocation
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
666D000
|
stack
|
page read and write
|
||
|
35ACB1E000
|
stack
|
page read and write
|
||
|
281B000
|
trusted library allocation
|
page read and write
|
||
|
4CCE000
|
stack
|
page read and write
|
||
|
18CD5F85000
|
heap
|
page read and write
|
||
|
159C000
|
stack
|
page read and write
|
||
|
2F2B000
|
trusted library allocation
|
page read and write
|
||
|
18CD3E70000
|
heap
|
page read and write
|
||
|
1C862CB8000
|
trusted library allocation
|
page read and write
|
||
|
18CD3F31000
|
heap
|
page read and write
|
||
|
18CD3EEF000
|
heap
|
page read and write
|
||
|
18CD5D2E000
|
heap
|
page read and write
|
||
|
7FFD342D6000
|
trusted library allocation
|
page read and write
|
||
|
18CD40F9000
|
heap
|
page read and write
|
||
|
883E000
|
stack
|
page read and write
|
||
|
3704EFA000
|
stack
|
page read and write
|
||
|
1310000
|
trusted library allocation
|
page read and write
|
||
|
35ACFFF000
|
stack
|
page read and write
|
||
|
2EBB000
|
trusted library allocation
|
page read and write
|
||
|
4D80000
|
heap
|
page execute and read and write
|
||
|
1C85F378000
|
heap
|
page read and write
|
||
|
1C85F2F0000
|
heap
|
page read and write
|
||
|
18CD5D37000
|
heap
|
page read and write
|
||
|
18CD3F29000
|
heap
|
page read and write
|
||
|
18CD3EF0000
|
heap
|
page read and write
|
||
|
7FFD344F0000
|
trusted library allocation
|
page read and write
|
||
|
18CD3EA0000
|
heap
|
page read and write
|
||
|
1C8711C1000
|
trusted library allocation
|
page read and write
|
||
|
1C879541000
|
heap
|
page read and write
|
||
|
18CD5FBC000
|
heap
|
page read and write
|
||
|
18CD3EEB000
|
heap
|
page read and write
|
||
|
18CD5D44000
|
heap
|
page read and write
|
||
|
18CD3ED9000
|
heap
|
page read and write
|
||
|
6D2A000
|
stack
|
page read and write
|
||
|
1C85F3F6000
|
heap
|
page read and write
|
||
|
18CD6290000
|
heap
|
page read and write
|
||
|
18CD40FB000
|
heap
|
page read and write
|
||
|
18CD3ED0000
|
heap
|
page read and write
|
||
|
81D9000
|
trusted library allocation
|
page read and write
|
||
|
18CD5D4B000
|
heap
|
page read and write
|
||
|
7FFD34306000
|
trusted library allocation
|
page execute and read and write
|
||
|
9EB000
|
trusted library allocation
|
page execute and read and write
|
||
|
12CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C8794A0000
|
heap
|
page execute and read and write
|
||
|
18CD5F67000
|
heap
|
page read and write
|
||
|
1C879290000
|
heap
|
page read and write
|
||
|
3020000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C879280000
|
heap
|
page execute and read and write
|
||
|
7160000
|
trusted library allocation
|
page read and write
|
||
|
5ACE000
|
stack
|
page read and write
|
||
|
18CD3F29000
|
heap
|
page read and write
|
||
|
7FFD343D1000
|
trusted library allocation
|
page read and write
|
||
|
65A2000
|
heap
|
page read and write
|
||
|
18CD3EC3000
|
heap
|
page read and write
|
||
|
18CD5D3F000
|
heap
|
page read and write
|
||
|
18CD5FE2000
|
heap
|
page read and write
|
||
|
18CD5D21000
|
heap
|
page read and write
|
||
|
2EDD000
|
trusted library allocation
|
page read and write
|
||
|
7FFD344C0000
|
trusted library allocation
|
page read and write
|
||
|
1C85F660000
|
heap
|
page read and write
|
||
|
7FFD343F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
18CD5D44000
|
heap
|
page read and write
|
||
|
35ACB9E000
|
stack
|
page read and write
|
||
|
18CD5FE8000
|
heap
|
page read and write
|
||
|
18CD5D23000
|
heap
|
page read and write
|
||
|
18CD5FE2000
|
heap
|
page read and write
|
||
|
2EBE000
|
trusted library allocation
|
page read and write
|
||
|
18CD40F5000
|
heap
|
page read and write
|
||
|
132B000
|
heap
|
page read and write
|
||
|
5B10000
|
trusted library allocation
|
page read and write
|
||
|
1780000
|
trusted library allocation
|
page read and write
|
||
|
71D0000
|
trusted library allocation
|
page read and write
|
||
|
18CD3EEB000
|
heap
|
page read and write
|
||
|
2F20000
|
trusted library allocation
|
page read and write
|
||
|
5E4000
|
trusted library allocation
|
page read and write
|
||
|
12B0000
|
trusted library allocation
|
page read and write
|
||
|
57CE000
|
stack
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
1C862CE4000
|
trusted library allocation
|
page read and write
|
||
|
12C3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34222000
|
trusted library allocation
|
page read and write
|
||
|
BCE000
|
heap
|
page read and write
|
||
|
35ACA93000
|
stack
|
page read and write
|
||
|
3202000
|
trusted library allocation
|
page read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
12F7000
|
trusted library allocation
|
page execute and read and write
|
||
|
81D6000
|
trusted library allocation
|
page read and write
|
||
|
18CD3F04000
|
heap
|
page read and write
|
||
|
2ECE000
|
trusted library allocation
|
page read and write
|
||
|
18CD5D4B000
|
heap
|
page read and write
|
||
|
1C8711D0000
|
trusted library allocation
|
page read and write
|
||
|
35ACE7E000
|
stack
|
page read and write
|
||
|
6990000
|
trusted library allocation
|
page read and write
|
||
|
35AD2F7000
|
stack
|
page read and write
|
||
|
7FFD34500000
|
trusted library allocation
|
page read and write
|
||
|
2EF0000
|
heap
|
page read and write
|
||
|
1C86159A000
|
trusted library allocation
|
page read and write
|
||
|
18CD5F88000
|
heap
|
page read and write
|
||
|
642E000
|
stack
|
page read and write
|
||
|
3704DFE000
|
stack
|
page read and write
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
18CD5F62000
|
heap
|
page read and write
|
||
|
12F5000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C8627E3000
|
trusted library allocation
|
page read and write
|
||
|
1C860CB0000
|
trusted library allocation
|
page read and write
|
||
|
18CD6050000
|
heap
|
page read and write
|
||
|
1C87952D000
|
heap
|
page read and write
|
||
|
1C85F630000
|
heap
|
page readonly
|
||
|
18CD3F04000
|
heap
|
page read and write
|
||
|
71F5000
|
heap
|
page read and write
|
||
|
4C8E000
|
stack
|
page read and write
|
||
|
450000
|
unkown
|
page readonly
|
||
|
580000
|
heap
|
page read and write
|
||
|
1C85F3FC000
|
heap
|
page read and write
|
||
|
2F58000
|
trusted library allocation
|
page read and write
|
||
|
35AD3FE000
|
stack
|
page read and write
|
||
|
18CD5F00000
|
heap
|
page read and write
|
||
|
18CD3EC7000
|
heap
|
page read and write
|
||
|
BA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
873E000
|
stack
|
page read and write
|
||
|
1C85F41E000
|
heap
|
page read and write
|
||
|
18CD5F8B000
|
heap
|
page read and write
|
||
|
1196000
|
heap
|
page read and write
|
||
|
35AD0FD000
|
stack
|
page read and write
|
||
|
31C4000
|
trusted library allocation
|
page read and write
|
||
|
1C862D04000
|
trusted library allocation
|
page read and write
|
||
|
2F40000
|
heap
|
page read and write
|
||
|
18CD3F2F000
|
heap
|
page read and write
|
||
|
3704AFF000
|
stack
|
page read and write
|
||
|
61EE000
|
stack
|
page read and write
|
||
|
31BD000
|
trusted library allocation
|
page read and write
|
||
|
18CD5E75000
|
heap
|
page read and write
|
||
|
1C85F2D0000
|
heap
|
page read and write
|
||
|
1363000
|
heap
|
page read and write
|
||
|
1C879525000
|
heap
|
page read and write
|
||
|
652F000
|
stack
|
page read and write
|
||
|
BEB000
|
heap
|
page read and write
|
||
|
C29000
|
heap
|
page read and write
|
||
|
37053FF000
|
stack
|
page read and write
|
||
|
41FF000
|
trusted library allocation
|
page read and write
|
||
|
12EA000
|
trusted library allocation
|
page execute and read and write
|
||
|
18CD6002000
|
heap
|
page read and write
|
||
|
2EAF000
|
stack
|
page read and write
|
||
|
694D000
|
stack
|
page read and write
|
||
|
6670000
|
trusted library allocation
|
page execute and read and write
|
||
|
18CD3EB5000
|
heap
|
page read and write
|
||
|
35AD07E000
|
stack
|
page read and write
|
||
|
18CD3F29000
|
heap
|
page read and write
|
||
|
18CD3ED9000
|
heap
|
page read and write
|
||
|
12DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
71F0000
|
heap
|
page read and write
|
||
|
1C8792E6000
|
heap
|
page read and write
|
||
|
18CD40F0000
|
heap
|
page read and write
|
||
|
5B0D000
|
stack
|
page read and write
|
||
|
18CD3F29000
|
heap
|
page read and write
|
||
|
3030000
|
trusted library allocation
|
page read and write
|
||
|
C02000
|
heap
|
page read and write
|
||
|
26BE000
|
stack
|
page read and write
|
||
|
35AD4FE000
|
stack
|
page read and write
|
||
|
1C8613F2000
|
trusted library allocation
|
page read and write
|
||
|
1C87123B000
|
trusted library allocation
|
page read and write
|
||
|
3040000
|
heap
|
page execute and read and write
|
||
|
31E9000
|
trusted library allocation
|
page read and write
|
||
|
18CD3EE1000
|
heap
|
page read and write
|
||
|
18CD3F02000
|
heap
|
page read and write
|
||
|
3197000
|
trusted library allocation
|
page read and write
|
||
|
18CD3F29000
|
heap
|
page read and write
|
||
|
31AD000
|
trusted library allocation
|
page read and write
|
||
|
18CD5D35000
|
heap
|
page read and write
|
||
|
18CD5F73000
|
heap
|
page read and write
|
||
|
5614000
|
trusted library allocation
|
page read and write
|
||
|
18CD5FBA000
|
heap
|
page read and write
|
||
|
2ED1000
|
trusted library allocation
|
page read and write
|
||
|
31CD000
|
trusted library allocation
|
page read and write
|
||
|
18CD5D35000
|
heap
|
page read and write
|
||
|
81DE000
|
trusted library allocation
|
page read and write
|
||
|
18CD5F49000
|
heap
|
page read and write
|
||
|
57D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6CEE000
|
stack
|
page read and write
|
||
|
1416000
|
heap
|
page read and write
|
||
|
18CD3ED9000
|
heap
|
page read and write
|
||
|
1790000
|
heap
|
page read and write
|
||
|
1760000
|
trusted library allocation
|
page execute and read and write
|
||
|
2EB0000
|
trusted library allocation
|
page read and write
|
||
|
B3E000
|
stack
|
page read and write
|
||
|
1C85F330000
|
heap
|
page read and write
|
||
|
71E0000
|
heap
|
page read and write
|
||
|
18CD5D2E000
|
heap
|
page read and write
|
||
|
DE0000
|
trusted library allocation
|
page read and write
|
||
|
12D0000
|
trusted library allocation
|
page read and write
|
||
|
12F0000
|
trusted library allocation
|
page read and write
|
||
|
35ACF7C000
|
stack
|
page read and write
|
||
|
1C85F3AE000
|
heap
|
page read and write
|
||
|
1C85F382000
|
heap
|
page read and write
|
||
|
7FFD34520000
|
trusted library allocation
|
page read and write
|
||
|
5D0000
|
trusted library allocation
|
page read and write
|
||
|
6F2C000
|
stack
|
page read and write
|
||
|
6530000
|
heap
|
page read and write
|
||
|
684C000
|
stack
|
page read and write
|
||
|
6579000
|
heap
|
page read and write
|
||
|
18CD6002000
|
heap
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
37052FB000
|
stack
|
page read and write
|
||
|
6BEE000
|
stack
|
page read and write
|
||
|
18CD5FBA000
|
heap
|
page read and write
|
||
|
27CF000
|
stack
|
page read and write
|
||
|
B7E000
|
stack
|
page read and write
|
||
|
7130000
|
heap
|
page read and write
|
||
|
10F7000
|
stack
|
page read and write
|
||
|
1C85F3B8000
|
heap
|
page read and write
|
||
|
7FFD34230000
|
trusted library allocation
|
page read and write
|
||
|
37046F2000
|
stack
|
page read and write
|
||
|
18CD3DD0000
|
heap
|
page read and write
|
||
|
524C000
|
stack
|
page read and write
|
||
|
18CD5FBC000
|
heap
|
page read and write
|
||
|
1C860E75000
|
heap
|
page read and write
|
||
|
1C8794C0000
|
heap
|
page read and write
|
||
|
9F5000
|
heap
|
page read and write
|
||
|
314F000
|
stack
|
page read and write
|
||
|
7FFD343E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD342DC000
|
trusted library allocation
|
page execute and read and write
|
||
|
18CD5EA0000
|
remote allocation
|
page read and write
|
||
|
7FFD34460000
|
trusted library allocation
|
page read and write
|
||
|
35AD179000
|
stack
|
page read and write
|
||
|
12E2000
|
trusted library allocation
|
page read and write
|
||
|
1770000
|
trusted library allocation
|
page read and write
|
||
|
7410000
|
heap
|
page read and write
|
||
|
18CD5F30000
|
heap
|
page read and write
|
||
|
1C879800000
|
heap
|
page read and write
|
||
|
18CD5FBC000
|
heap
|
page read and write
|
||
|
37050FD000
|
stack
|
page read and write
|
||
|
702D000
|
stack
|
page read and write
|
||
|
18CD5F62000
|
heap
|
page read and write
|
||
|
3704CFF000
|
stack
|
page read and write
|
||
|
18CD5D4F000
|
heap
|
page read and write
|
||
|
561A000
|
trusted library allocation
|
page read and write
|
||
|
18CD66A0000
|
heap
|
page read and write
|
||
|
18CD5F81000
|
heap
|
page read and write
|
||
|
1C85F1F0000
|
heap
|
page read and write
|
||
|
18CD5D44000
|
heap
|
page read and write
|
||
|
BF5000
|
heap
|
page read and write
|
||
|
66D0000
|
heap
|
page read and write
|
||
|
5B20000
|
trusted library allocation
|
page read and write
|
||
|
12F2000
|
trusted library allocation
|
page read and write
|
||
|
13EC000
|
heap
|
page read and write
|
||
|
18CD5F20000
|
heap
|
page read and write
|
||
|
18CD3F02000
|
heap
|
page read and write
|
||
|
1C879342000
|
heap
|
page read and write
|
||
|
1C85F665000
|
heap
|
page read and write
|
||
|
12E6000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34530000
|
trusted library allocation
|
page read and write
|
||
|
5A8D000
|
stack
|
page read and write
|
||
|
5E0000
|
trusted library allocation
|
page read and write
|
||
|
1C86159E000
|
trusted library allocation
|
page read and write
|
||
|
1C8793C0000
|
heap
|
page read and write
|
||
|
5E3000
|
trusted library allocation
|
page execute and read and write
|
||
|
18CD3EF4000
|
heap
|
page read and write
|
||
|
18CD3F2C000
|
heap
|
page read and write
|
||
|
7FFD34480000
|
trusted library allocation
|
page read and write
|
||
|
3184000
|
trusted library allocation
|
page read and write
|
||
|
D8A000
|
stack
|
page read and write
|
||
|
35AD57B000
|
stack
|
page read and write
|
||
|
18CD59D0000
|
heap
|
page read and write
|
||
|
18CD5F93000
|
heap
|
page read and write
|
||
|
5800000
|
heap
|
page execute and read and write
|
||
|
1C8792EC000
|
heap
|
page read and write
|
||
|
1100000
|
heap
|
page read and write
|
||
|
18CD5D44000
|
heap
|
page read and write
|
||
|
15A7000
|
heap
|
page read and write
|
||
|
7FFD34410000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD344A0000
|
trusted library allocation
|
page read and write
|
||
|
18CD5F47000
|
heap
|
page read and write
|
||
|
18CD5D2F000
|
heap
|
page read and write
|
||
|
18CD3F43000
|
heap
|
page read and write
|
||
|
5616000
|
trusted library allocation
|
page read and write
|
||
|
18CD3F69000
|
heap
|
page read and write
|
||
|
7FFD342E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7D00000
|
trusted library allocation
|
page read and write
|
||
|
5F4000
|
trusted library allocation
|
page read and write
|
||
|
BE8000
|
heap
|
page read and write
|
||
|
1C860E70000
|
heap
|
page read and write
|
||
|
7FFD343C0000
|
trusted library allocation
|
page read and write
|
||
|
18CD3F36000
|
heap
|
page read and write
|
||
|
7FFD3423B000
|
trusted library allocation
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
322C000
|
trusted library allocation
|
page read and write
|
||
|
18CD5F67000
|
heap
|
page read and write
|
||
|
730D000
|
stack
|
page read and write
|
||
|
18CD3DB0000
|
heap
|
page read and write
|
||
|
5F0000
|
trusted library allocation
|
page read and write
|
||
|
15A0000
|
heap
|
page read and write
|
||
|
5803000
|
heap
|
page execute and read and write
|
||
|
18CD3EB1000
|
heap
|
page read and write
|
||
|
5B30000
|
heap
|
page execute and read and write
|
||
|
1740000
|
heap
|
page read and write
|
||
|
560D000
|
stack
|
page read and write
|
||
|
7FFD34510000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34470000
|
trusted library allocation
|
page read and write
|
||
|
18CD40FC000
|
heap
|
page read and write
|
||
|
1C87951B000
|
heap
|
page read and write
|
||
|
18CD5FBA000
|
heap
|
page read and write
|
||
|
5ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
18CD3F3E000
|
heap
|
page read and write
|
||
|
7120000
|
heap
|
page read and write
|
||
|
18CD67A1000
|
heap
|
page read and write
|
||
|
1366000
|
heap
|
page read and write
|
||
|
18CD5D38000
|
heap
|
page read and write
|
||
|
18CD5FE8000
|
heap
|
page read and write
|
||
|
6D6C000
|
stack
|
page read and write
|
||
|
18CD62A0000
|
trusted library allocation
|
page read and write
|
||
|
18CD5F81000
|
heap
|
page read and write
|
||
|
18CD5F81000
|
heap
|
page read and write
|
||
|
18CD5F62000
|
heap
|
page read and write
|
||
|
1C860E00000
|
heap
|
page read and write
|
||
|
A3E000
|
stack
|
page read and write
|
||
|
8F9000
|
stack
|
page read and write
|
||
|
2ED6000
|
trusted library allocation
|
page read and write
|
||
|
35AD1F7000
|
stack
|
page read and write
|
||
|
1C879502000
|
heap
|
page read and write
|
||
|
12FB000
|
trusted library allocation
|
page execute and read and write
|
There are 473 hidden memdumps, click here to show them.