Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\bomgar-scc-0x6628c8bd\BF13227E-B446-4E12-913E-7E5FBBEE54F6
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\bomgar-scc-0x6628c8bd\app_icon.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\ProgramData\bomgar-scc-0x6628c8bd\bc-status-alert.png
|
PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\ProgramData\bomgar-scc-0x6628c8bd\bc-status-info.png
|
PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\ProgramData\bomgar-scc-0x6628c8bd\bc-status-success.png
|
PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\ProgramData\bomgar-scc-0x6628c8bd\bc-status-warn.png
|
PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\ProgramData\bomgar-scc-0x6628c8bd\bc-typing.png
|
PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
dropped
|
||
|
C:\ProgramData\bomgar-scc-0x6628c8bd\button_cb_access_key.png
|
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\ProgramData\bomgar-scc-0x6628c8bd\button_cb_private.png
|
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\ProgramData\bomgar-scc-0x6628c8bd\button_cb_survey.png
|
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\ProgramData\bomgar-scc-0x6628c8bd\button_cb_team.png
|
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\ProgramData\bomgar-scc-0x6628c8bd\cbhook-x64.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\ProgramData\bomgar-scc-0x6628c8bd\cbhook-x86.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\bomgar-scc-0x6628c8bd\chat.wav
|
RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 16000 Hz
|
dropped
|
||
|
C:\ProgramData\bomgar-scc-0x6628c8bd\cp.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\ProgramData\bomgar-scc-0x6628c8bd\embedhook-x64.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\ProgramData\bomgar-scc-0x6628c8bd\embedhook-x86.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\bomgar-scc-0x6628c8bd\icon_exclamation.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\ProgramData\bomgar-scc-0x6628c8bd\indicator_pinned_connected.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\ProgramData\bomgar-scc-0x6628c8bd\indicator_pinned_disconnected.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\ProgramData\bomgar-scc-0x6628c8bd\nudge.wav
|
RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 44100 Hz
|
dropped
|
||
|
C:\ProgramData\bomgar-scc-0x6628c8bd\pinuninstall.bat
|
ASCII text
|
dropped
|
||
|
C:\ProgramData\bomgar-scc-0x6628c8bd\preload-en-us.rdf
|
data
|
dropped
|
||
|
C:\ProgramData\bomgar-scc-0x6628c8bd\proxy-settings-cc.ini
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\bomgar-scc-0x6628c8bd\remove.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
dropped
|
||
|
C:\ProgramData\bomgar-scc-0x6628c8bd\sas.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\ProgramData\bomgar-scc-0x6628c8bd\scc-attach-hovered.png
|
PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\ProgramData\bomgar-scc-0x6628c8bd\scc-attach.png
|
PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\ProgramData\bomgar-scc-0x6628c8bd\scc-chat-flash.png
|
PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\ProgramData\bomgar-scc-0x6628c8bd\scc-chat-hovered.png
|
PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\ProgramData\bomgar-scc-0x6628c8bd\scc-chat.png
|
PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\ProgramData\bomgar-scc-0x6628c8bd\scc-disconnected-animation.png
|
PNG image data, 1500 x 200, 8-bit colormap, non-interlaced
|
dropped
|
||
|
C:\ProgramData\bomgar-scc-0x6628c8bd\scc-fontsize-hovered.png
|
PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\ProgramData\bomgar-scc-0x6628c8bd\scc-fontsize.png
|
PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\ProgramData\bomgar-scc-0x6628c8bd\secure.ini
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\bomgar-scc-0x6628c8bd\server.lic
|
data
|
dropped
|
||
|
C:\ProgramData\bomgar-scc-0x6628c8bd\settings-cc.ini
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\bomgar-scc-0x6628c8bd\settings-init.ini
|
Generic INItialization configuration [Reconnect]
|
dropped
|
||
|
C:\ProgramData\bomgar-scc-0x6628c8bd\settings.ini
|
Generic INItialization configuration [Pinned]
|
modified
|
||
|
C:\ProgramData\bomgar-scc-0x6628c8bd\spinner.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\ProgramData\bomgar-scc-0x6628c8bd\start-cb-hook.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\bomgar-scc-0x6628c8bd\startup_animation_1.bmp
|
PC bitmap, Windows 3.x format, 300 x 200 x 8, resolution 3780 x 3780 px/m, 256 important colors, cbSize 61078, bits offset
1078
|
dropped
|
||
|
C:\ProgramData\bomgar-scc-0x6628c8bd\startup_animation_2.bmp
|
PC bitmap, Windows 3.x format, 300 x 200 x 8, resolution 3780 x 3780 px/m, 256 important colors, cbSize 61078, bits offset
1078
|
dropped
|
||
|
C:\ProgramData\bomgar-scc-0x6628c8bd\startup_animation_3.bmp
|
PC bitmap, Windows 3.x format, 300 x 200 x 8, resolution 3780 x 3780 px/m, 256 important colors, cbSize 61078, bits offset
1078
|
dropped
|
||
|
C:\ProgramData\bomgar-scc-0x6628c8bd\startup_animation_4.bmp
|
PC bitmap, Windows 3.x format, 300 x 200 x 8, resolution 3780 x 3780 px/m, 256 important colors, cbSize 61078, bits offset
1078
|
dropped
|
||
|
C:\ProgramData\bomgar-scc-0x6628c8bd\startup_animation_5.bmp
|
PC bitmap, Windows 3.x format, 300 x 200 x 8, resolution 3780 x 3780 px/m, 256 important colors, cbSize 61078, bits offset
1078
|
dropped
|
||
|
C:\ProgramData\bomgar-scc-0x6628c8bd\stop-cb-hook.bat.template
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\bomgar-scc-0x6628c8bd\uninstall.bat
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD627.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmp\System.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\BF13227E-B446-4E12-913E-7E5FBBEE54F6
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\app_icon.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bc-status-alert.png
|
PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bc-status-info.png
|
PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bc-status-success.png
|
PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bc-status-warn.png
|
PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bc-typing.png
|
PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\button_cb_access_key.png
|
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\button_cb_private.png
|
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\button_cb_survey.png
|
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\button_cb_team.png
|
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\cbhook-x64.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\cbhook-x86.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\chat.wav
|
RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 16000 Hz
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\cp.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\embedhook-x64.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\embedhook-x86.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\icon_exclamation.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\indicator_pinned_connected.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\indicator_pinned_disconnected.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\nudge.wav
|
RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 44100 Hz
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\pinuninstall.bat
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\preload-en-us.rdf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\remove.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\sas.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\scc-attach-hovered.png
|
PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\scc-attach.png
|
PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\scc-chat-flash.png
|
PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\scc-chat-hovered.png
|
PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\scc-chat.png
|
PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\scc-disconnected-animation.png
|
PNG image data, 1500 x 200, 8-bit colormap, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\scc-fontsize-hovered.png
|
PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\scc-fontsize.png
|
PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\server.lic
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\settings-cc.ini
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\settings-init.ini
|
Generic INItialization configuration [Reconnect]
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\settings.ini
|
Generic INItialization configuration [Pinned]
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\spinner.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\start-cb-hook.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\startup_animation_1.bmp
|
PC bitmap, Windows 3.x format, 300 x 200 x 8, resolution 3780 x 3780 px/m, 256 important colors, cbSize 61078, bits offset
1078
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\startup_animation_2.bmp
|
PC bitmap, Windows 3.x format, 300 x 200 x 8, resolution 3780 x 3780 px/m, 256 important colors, cbSize 61078, bits offset
1078
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\startup_animation_3.bmp
|
PC bitmap, Windows 3.x format, 300 x 200 x 8, resolution 3780 x 3780 px/m, 256 important colors, cbSize 61078, bits offset
1078
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\startup_animation_4.bmp
|
PC bitmap, Windows 3.x format, 300 x 200 x 8, resolution 3780 x 3780 px/m, 256 important colors, cbSize 61078, bits offset
1078
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\startup_animation_5.bmp
|
PC bitmap, Windows 3.x format, 300 x 200 x 8, resolution 3780 x 3780 px/m, 256 important colors, cbSize 61078, bits offset
1078
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\stop-cb-hook.bat.template
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\uninstall.bat
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner-1.bmp
|
PC bitmap, Windows 3.x format, 300 x 200 x 8, resolution 3780 x 3780 px/m, 256 important colors, cbSize 61078, bits offset
1078
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner-2.bmp
|
PC bitmap, Windows 3.x format, 300 x 200 x 8, resolution 3780 x 3780 px/m, 256 important colors, cbSize 61078, bits offset
1078
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner-3.bmp
|
PC bitmap, Windows 3.x format, 300 x 200 x 8, resolution 3780 x 3780 px/m, 256 important colors, cbSize 61078, bits offset
1078
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner-4.bmp
|
PC bitmap, Windows 3.x format, 300 x 200 x 8, resolution 3780 x 3780 px/m, 256 important colors, cbSize 61078, bits offset
1078
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner-5.bmp
|
PC bitmap, Windows 3.x format, 300 x 200 x 8, resolution 3780 x 3780 px/m, 256 important colors, cbSize 61078, bits offset
1078
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\start.cmd
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
There are 97 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
|
"C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe"
|
|
|
|
C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe
|
C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe
-install2 C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\
C:\ProgramData\bomgar-scc-0x6628c8bd\ --installer-pwd C:\Users\user\Desktop
|
|
|
|
C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe
|
C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe -proxydetect
|
|
|
|
C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe
|
C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe -elevate silent
|
|
|
|
C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe
|
"C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe" -service:run
|
|
|
|
C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe
|
"C:\ProgramData\bomgar-scc-0x6628c8bd\bomgar-scc.exe" -drone
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\start.cmd" "
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner.exe
|
"C:\Users\user\AppData\Local\Temp\nsuD628.tmpspinner-$SPIN_INSTANCE\spinner.exe" --instance-id $SPIN_INSTANCE --icofile $SPIN_ICON
|
||
|
C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe
|
"C:\Users\user\AppData\Local\Temp\nsuD628.tmpb\bomgar-scc.exe" "C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe"
-install1 "C:\Users\user\Desktop\bomgar-scc-w0eec30gdg6gx6wy8y6j8ddehxi7i1x5fwfex5jc40jc90.exe" --installer-pwd "C:\Users\user\Desktop"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://www.beyondtrust.com/0
|
unknown
|
||
|
http://ocsp.entrust.net03
|
unknown
|
||
|
http://microsoft.co
|
unknown
|
||
|
http://ocsp.entrust.net02
|
unknown
|
||
|
http://www.entrust.net/rpa03
|
unknown
|
||
|
https://www.beyondtrust.com/s
|
unknown
|
||
|
https://www.beyondtrust.com/x
|
unknown
|
||
|
http://aia.entrust.net/ts1-chain256.cer01
|
unknown
|
||
|
http://ocsp.digicert.c
|
unknown
|
||
|
http://crl4.digicert.co
|
unknown
|
||
|
https://www.beyondtrust.com/4?
|
unknown
|
||
|
https://www.beyondtrust.com/YD
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
https://www.beyondtrust.com/b
|
unknown
|
||
|
https://license.bomgar.com/?c=isilog_fr&v=22.2.3&a=x86_64&g=54.38.11.197&i=scc&O=337118209&o=10.0.19045&r=ed09842299ecfc168285eed9c75148f559a689b3&s=1219600&t=Windows%2010%20Pro%20%2822H2%29
|
3.233.108.128
|
||
|
https://bomgar.iws-saas.fr:443
|
unknown
|
||
|
https://www.beyondtrust.com/C9
|
unknown
|
||
|
http://wpad/wpad.dats2_32
|
unknown
|
||
|
http://nsis.sf.net/NSIS_Error
|
unknown
|
||
|
https://bomgar.iws-saas.fr/
|
unknown
|
||
|
https://www.beyondtrust.com/U
|
unknown
|
||
|
http://wpad/wpad.dat
|
unknown
|
||
|
http://launchwinapp.exemicrosoft-edge:about:blank
|
unknown
|
||
|
https://www.beyondtrust.com/3?
|
unknown
|
||
|
https://www.beyondtrust.com/
|
unknown
|
||
|
http://crl.entrust.net/ts1ca.crl0
|
unknown
|
||
|
http://wpad/wpad.datAttempting
|
unknown
|
||
|
http://crl.entrust.net/2048ca.crl0
|
unknown
|
||
|
https://www.entrust.net/rpa0
|
unknown
|
There are 19 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
license.bt3ng.com
|
3.233.108.128
|
||
|
bomgar.iws-saas.fr
|
54.38.11.197
|
||
|
license.bomgar.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
3.233.108.128
|
license.bt3ng.com
|
United States
|
||
|
54.38.11.197
|
bomgar.iws-saas.fr
|
France
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
|
PendingFileRenameOperations
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
|
PendingFileRenameOperations
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
|
PendingFileRenameOperations
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\bomgar-scc-6628C8BD
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{48b0aa89-55d1-4609-993a-72383ad18ed2}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{48b0aa89-55d1-4609-993a-72383ad18ed2}
|
SiteName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48b0aa89-55d1-4609-993a-72383ad18ed2}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48b0aa89-55d1-4609-993a-72383ad18ed2}\InprocServer32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48b0aa89-55d1-4609-993a-72383ad18ed2}\InprocServer32
|
ThreadingModel
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{48b0aa89-55d1-4609-993a-72383ad18ed2}\Shared
|
6628C8BD
|
There are 2 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
49E000
|
stack
|
page read and write
|
||
|
7FF719626000
|
unkown
|
page read and write
|
||
|
1C6D41A2000
|
heap
|
page read and write
|
||
|
1C6D2480000
|
heap
|
page read and write
|
||
|
1C6D41A5000
|
heap
|
page read and write
|
||
|
21075780000
|
heap
|
page read and write
|
||
|
409000
|
unkown
|
page write copy
|
||
|
1B465543000
|
heap
|
page read and write
|
||
|
1B46558E000
|
heap
|
page read and write
|
||
|
7FF64F3C5000
|
unkown
|
page write copy
|
||
|
21075951000
|
heap
|
page read and write
|
||
|
7FF64B5C1000
|
unkown
|
page execute read
|
||
|
684C1FF000
|
stack
|
page read and write
|
||
|
21075955000
|
heap
|
page read and write
|
||
|
32E0000
|
trusted library allocation
|
page read and write
|
||
|
7FF719619000
|
unkown
|
page read and write
|
||
|
7FF71967B000
|
unkown
|
page write copy
|
||
|
24DB0365000
|
heap
|
page read and write
|
||
|
7FF64F3C2000
|
unkown
|
page read and write
|
||
|
24DAE850000
|
heap
|
page read and write
|
||
|
2107755C000
|
heap
|
page read and write
|
||
|
24DAE87F000
|
heap
|
page read and write
|
||
|
2832E7F3000
|
heap
|
page read and write
|
||
|
7FF64F396000
|
unkown
|
page read and write
|
||
|
21077731000
|
heap
|
page read and write
|
||
|
24DAE853000
|
heap
|
page read and write
|
||
|
2832E6B0000
|
heap
|
page read and write
|
||
|
1B465541000
|
heap
|
page read and write
|
||
|
1C6D41A8000
|
heap
|
page read and write
|
||
|
F3AF6FD000
|
stack
|
page read and write
|
||
|
7FF64B5C1000
|
unkown
|
page execute read
|
||
|
1C6D2544000
|
heap
|
page read and write
|
||
|
1C6D4391000
|
heap
|
page read and write
|
||
|
5A8000
|
heap
|
page read and write
|
||
|
9B178E9000
|
stack
|
page read and write
|
||
|
21075952000
|
heap
|
page read and write
|
||
|
7FF7193E1000
|
unkown
|
page readonly
|
||
|
7FF64F425000
|
unkown
|
page readonly
|
||
|
42A000
|
unkown
|
page read and write
|
||
|
2832E7EE000
|
heap
|
page read and write
|
||
|
D3613FE000
|
stack
|
page read and write
|
||
|
7FF64F1D1000
|
unkown
|
page readonly
|
||
|
24DB0B86000
|
heap
|
page read and write
|
||
|
24DB0170000
|
heap
|
page read and write
|
||
|
23E79665000
|
heap
|
page read and write
|
||
|
24DAE8BC000
|
heap
|
page read and write
|
||
|
2150000
|
heap
|
page read and write
|
||
|
7FF64B5D9000
|
unkown
|
page readonly
|
||
|
24DB078B000
|
heap
|
page read and write
|
||
|
21075955000
|
heap
|
page read and write
|
||
|
440000
|
heap
|
page read and write
|
||
|
1C6D24F3000
|
heap
|
page read and write
|
||
|
7FF64F425000
|
unkown
|
page readonly
|
||
|
7FF64F397000
|
unkown
|
page write copy
|
||
|
7FF64B5C0000
|
unkown
|
page readonly
|
||
|
CDB7CFF000
|
stack
|
page read and write
|
||
|
7FF64F416000
|
unkown
|
page read and write
|
||
|
7FF64F3C5000
|
unkown
|
page write copy
|
||
|
2832E7DF000
|
heap
|
page read and write
|
||
|
60C000
|
heap
|
page read and write
|
||
|
5F6000
|
heap
|
page read and write
|
||
|
5F4000
|
heap
|
page read and write
|
||
|
1B4672B0000
|
heap
|
page read and write
|
||
|
1FB9FE80000
|
heap
|
page read and write
|
||
|
D0915FE000
|
stack
|
page read and write
|
||
|
7FF64F411000
|
unkown
|
page read and write
|
||
|
7FF64B5CD000
|
unkown
|
page readonly
|
||
|
1C6D24E2000
|
heap
|
page read and write
|
||
|
7FF64F46C000
|
unkown
|
page readonly
|
||
|
2832E785000
|
heap
|
page read and write
|
||
|
2832E7FC000
|
heap
|
page read and write
|
||
|
24DB07AB000
|
heap
|
page read and write
|
||
|
5FD000
|
heap
|
page read and write
|
||
|
24DB07A9000
|
heap
|
page read and write
|
||
|
D0914FF000
|
stack
|
page read and write
|
||
|
7FF64F40A000
|
unkown
|
page write copy
|
||
|
7FF64EA31000
|
unkown
|
page execute read
|
||
|
1C6D253F000
|
heap
|
page read and write
|
||
|
24DB0781000
|
heap
|
page read and write
|
||
|
1C6D2450000
|
heap
|
page read and write
|
||
|
7FF64F46B000
|
unkown
|
page write copy
|
||
|
684C3FD000
|
stack
|
page read and write
|
||
|
2832F1C3000
|
heap
|
page read and write
|
||
|
1C6D2370000
|
heap
|
page read and write
|
||
|
21075951000
|
heap
|
page read and write
|
||
|
5E9000
|
heap
|
page read and write
|
||
|
7FF64F3C2000
|
unkown
|
page read and write
|
||
|
1C6D41A7000
|
heap
|
page read and write
|
||
|
2832E7FC000
|
heap
|
page read and write
|
||
|
24DB0323000
|
heap
|
page read and write
|
||
|
24DAE8C0000
|
heap
|
page read and write
|
||
|
7FF64F3C5000
|
unkown
|
page write copy
|
||
|
7FF64EA31000
|
unkown
|
page execute read
|
||
|
24DB06B0000
|
heap
|
page read and write
|
||
|
CDB757A000
|
stack
|
page read and write
|
||
|
23E79640000
|
heap
|
page read and write
|
||
|
2107755C000
|
heap
|
page read and write
|
||
|
CDB78FF000
|
stack
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
5E8000
|
heap
|
page read and write
|
||
|
1FB9FFC2000
|
heap
|
page read and write
|
||
|
7FF64F411000
|
unkown
|
page read and write
|
||
|
1B465430000
|
heap
|
page read and write
|
||
|
1B465420000
|
heap
|
page read and write
|
||
|
7FF64F40A000
|
unkown
|
page write copy
|
||
|
21075952000
|
heap
|
page read and write
|
||
|
1FB9FF71000
|
heap
|
page read and write
|
||
|
2832E7FB000
|
heap
|
page read and write
|
||
|
7FF64F46C000
|
unkown
|
page readonly
|
||
|
7FF64F396000
|
unkown
|
page write copy
|
||
|
2832E789000
|
heap
|
page read and write
|
||
|
7FF64F397000
|
unkown
|
page write copy
|
||
|
1C6D41B2000
|
heap
|
page read and write
|
||
|
21075952000
|
heap
|
page read and write
|
||
|
32E0000
|
trusted library allocation
|
page read and write
|
||
|
23E77A70000
|
heap
|
page read and write
|
||
|
21075955000
|
heap
|
page read and write
|
||
|
2107755C000
|
heap
|
page read and write
|
||
|
55A000
|
heap
|
page read and write
|
||
|
1C6D2542000
|
heap
|
page read and write
|
||
|
32E0000
|
trusted library allocation
|
page read and write
|
||
|
21075953000
|
heap
|
page read and write
|
||
|
7FF64B5DB000
|
unkown
|
page readonly
|
||
|
D0911F5000
|
stack
|
page read and write
|
||
|
2832F240000
|
heap
|
page read and write
|
||
|
21075955000
|
heap
|
page read and write
|
||
|
24DB07A7000
|
heap
|
page read and write
|
||
|
7FF64B5D9000
|
unkown
|
page readonly
|
||
|
24DB06EB000
|
heap
|
page read and write
|
||
|
24DB0796000
|
heap
|
page read and write
|
||
|
7FF7195D5000
|
unkown
|
page write copy
|
||
|
24DAE87F000
|
heap
|
page read and write
|
||
|
23E7966A000
|
heap
|
page read and write
|
||
|
1B4654E1000
|
heap
|
page read and write
|
||
|
684C0E9000
|
stack
|
page read and write
|
||
|
7FF64EA31000
|
unkown
|
page execute read
|
||
|
7FF64F46B000
|
unkown
|
page write copy
|
||
|
24DB0793000
|
heap
|
page read and write
|
||
|
21075955000
|
heap
|
page read and write
|
||
|
684C7FE000
|
stack
|
page read and write
|
||
|
7FF64EA30000
|
unkown
|
page readonly
|
||
|
210758C0000
|
heap
|
page read and write
|
||
|
1C6D41A7000
|
heap
|
page read and write
|
||
|
24DAE850000
|
heap
|
page read and write
|
||
|
430000
|
unkown
|
page readonly
|
||
|
5ED000
|
heap
|
page read and write
|
||
|
1FB9FF40000
|
heap
|
page read and write
|
||
|
D3612FD000
|
stack
|
page read and write
|
||
|
24DAE8A0000
|
heap
|
page read and write
|
||
|
F3AF5FE000
|
stack
|
page read and write
|
||
|
5F6000
|
heap
|
page read and write
|
||
|
20FC000
|
stack
|
page read and write
|
||
|
7FF7195A6000
|
unkown
|
page write copy
|
||
|
7FF64F1D1000
|
unkown
|
page readonly
|
||
|
D3614FF000
|
stack
|
page read and write
|
||
|
7FF64F1D1000
|
unkown
|
page readonly
|
||
|
9B17BFD000
|
stack
|
page read and write
|
||
|
21077556000
|
heap
|
page read and write
|
||
|
21075890000
|
heap
|
page read and write
|
||
|
1FB9FF8C000
|
heap
|
page read and write
|
||
|
F3AF168000
|
stack
|
page read and write
|
||
|
1FB9FE70000
|
heap
|
page read and write
|
||
|
21075952000
|
heap
|
page read and write
|
||
|
21075953000
|
heap
|
page read and write
|
||
|
24DB0890000
|
heap
|
page read and write
|
||
|
21075953000
|
heap
|
page read and write
|
||
|
F3AF4FE000
|
stack
|
page read and write
|
||
|
7FF64F46C000
|
unkown
|
page readonly
|
||
|
21075955000
|
heap
|
page read and write
|
||
|
1C6D41B3000
|
heap
|
page read and write
|
||
|
1C6D4390000
|
heap
|
page read and write
|
||
|
7FF64F411000
|
unkown
|
page read and write
|
||
|
D090FFE000
|
stack
|
page read and write
|
||
|
7FF64B5C0000
|
unkown
|
page readonly
|
||
|
7FF64F396000
|
unkown
|
page read and write
|
||
|
7FF64EA30000
|
unkown
|
page readonly
|
||
|
21075955000
|
heap
|
page read and write
|
||
|
24DAE8BB000
|
heap
|
page read and write
|
||
|
24DB0320000
|
heap
|
page read and write
|
||
|
7FF64F3C5000
|
unkown
|
page write copy
|
||
|
9B185FE000
|
stack
|
page read and write
|
||
|
7FF64EA30000
|
unkown
|
page readonly
|
||
|
21077620000
|
heap
|
page read and write
|
||
|
7FF64B5D7000
|
unkown
|
page write copy
|
||
|
F835FFC000
|
stack
|
page read and write
|
||
|
7FF64EA30000
|
unkown
|
page readonly
|
||
|
27D0000
|
heap
|
page read and write
|
||
|
7FF64EA31000
|
unkown
|
page execute read
|
||
|
7FF64F409000
|
unkown
|
page read and write
|
||
|
210758DB000
|
heap
|
page read and write
|
||
|
24DAE839000
|
heap
|
page read and write
|
||
|
7FF7193E1000
|
unkown
|
page readonly
|
||
|
7FF64F409000
|
unkown
|
page read and write
|
||
|
7FF64EA31000
|
unkown
|
page execute read
|
||
|
24DB0B87000
|
heap
|
page read and write
|
||
|
2832E78A000
|
heap
|
page read and write
|
||
|
1B46554D000
|
heap
|
page read and write
|
||
|
1B467410000
|
heap
|
page read and write
|
||
|
5F8000
|
heap
|
page read and write
|
||
|
1B465460000
|
heap
|
page read and write
|
||
|
9B17CFE000
|
stack
|
page read and write
|
||
|
7FF64F46B000
|
unkown
|
page write copy
|
||
|
24DAE8BB000
|
heap
|
page read and write
|
||
|
5FB000
|
heap
|
page read and write
|
||
|
24DB07AE000
|
heap
|
page read and write
|
||
|
7FF64F3C4000
|
unkown
|
page read and write
|
||
|
D0910FF000
|
stack
|
page read and write
|
||
|
24DB06FC000
|
heap
|
page read and write
|
||
|
1FB9FF89000
|
heap
|
page read and write
|
||
|
21075955000
|
heap
|
page read and write
|
||
|
21077730000
|
heap
|
page read and write
|
||
|
2107755E000
|
heap
|
page read and write
|
||
|
21077731000
|
heap
|
page read and write
|
||
|
2832E7D6000
|
heap
|
page read and write
|
||
|
2832F1E8000
|
heap
|
page read and write
|
||
|
2832E7E6000
|
heap
|
page read and write
|
||
|
60A000
|
heap
|
page read and write
|
||
|
7FF71967C000
|
unkown
|
page readonly
|
||
|
7FF64F3C2000
|
unkown
|
page read and write
|
||
|
7FF64F409000
|
unkown
|
page read and write
|
||
|
7FF64EA30000
|
unkown
|
page readonly
|
||
|
32E0000
|
trusted library allocation
|
page read and write
|
||
|
7FF64F3C4000
|
unkown
|
page read and write
|
||
|
CDB79FE000
|
stack
|
page read and write
|
||
|
2832F240000
|
heap
|
page read and write
|
||
|
9B186FE000
|
stack
|
page read and write
|
||
|
1C6D24B8000
|
heap
|
page read and write
|
||
|
24DB0B70000
|
heap
|
page read and write
|
||
|
D361BF7000
|
stack
|
page read and write
|
||
|
24DAE846000
|
heap
|
page read and write
|
||
|
2107755C000
|
heap
|
page read and write
|
||
|
1FB9FF6C000
|
heap
|
page read and write
|
||
|
7FF64F3C2000
|
unkown
|
page read and write
|
||
|
7FF64F46C000
|
unkown
|
page readonly
|
||
|
7FF64F409000
|
unkown
|
page read and write
|
||
|
7FF64F397000
|
unkown
|
page write copy
|
||
|
1C6D41A2000
|
heap
|
page read and write
|
||
|
21075953000
|
heap
|
page read and write
|
||
|
1C6D41A5000
|
heap
|
page read and write
|
||
|
1FB9FF8C000
|
heap
|
page read and write
|
||
|
7FF719635000
|
unkown
|
page readonly
|
||
|
607000
|
heap
|
page read and write
|
||
|
D3616FF000
|
stack
|
page read and write
|
||
|
2832E740000
|
heap
|
page read and write
|
||
|
2832F240000
|
heap
|
page read and write
|
||
|
9B17EFF000
|
stack
|
page read and write
|
||
|
21075860000
|
heap
|
page read and write
|
||
|
1FB9FED0000
|
heap
|
page read and write
|
||
|
7FF64F411000
|
unkown
|
page read and write
|
||
|
7FF64F46C000
|
unkown
|
page readonly
|
||
|
7FF64F416000
|
unkown
|
page read and write
|
||
|
7FF64EA31000
|
unkown
|
page execute read
|
||
|
7FF64F425000
|
unkown
|
page readonly
|
||
|
24DB0794000
|
heap
|
page read and write
|
||
|
7FF64F1D1000
|
unkown
|
page readonly
|
||
|
1FB9FED5000
|
heap
|
page read and write
|
||
|
2832E79D000
|
heap
|
page read and write
|
||
|
2832F240000
|
heap
|
page read and write
|
||
|
2230000
|
heap
|
page read and write
|
||
|
21077556000
|
heap
|
page read and write
|
||
|
430000
|
unkown
|
page readonly
|
||
|
24DB0360000
|
heap
|
page read and write
|
||
|
21075951000
|
heap
|
page read and write
|
||
|
7FF64F425000
|
unkown
|
page readonly
|
||
|
1B465533000
|
heap
|
page read and write
|
||
|
1B4654F9000
|
heap
|
page read and write
|
||
|
2832E7E6000
|
heap
|
page read and write
|
||
|
7FF718C40000
|
unkown
|
page readonly
|
||
|
5E1000
|
heap
|
page read and write
|
||
|
1C6D24F4000
|
heap
|
page read and write
|
||
|
21077556000
|
heap
|
page read and write
|
||
|
21077556000
|
heap
|
page read and write
|
||
|
21077556000
|
heap
|
page read and write
|
||
|
7FF64F3C3000
|
unkown
|
page write copy
|
||
|
5EC000
|
heap
|
page read and write
|
||
|
7FF64F3C4000
|
unkown
|
page read and write
|
||
|
2832F1E8000
|
heap
|
page read and write
|
||
|
7FF64EA30000
|
unkown
|
page readonly
|
||
|
32E0000
|
trusted library allocation
|
page read and write
|
||
|
D0913FF000
|
stack
|
page read and write
|
||
|
7FF64F396000
|
unkown
|
page write copy
|
||
|
684C6FE000
|
stack
|
page read and write
|
||
|
5F4000
|
heap
|
page read and write
|
||
|
7FF7195A6000
|
unkown
|
page read and write
|
||
|
1B4672B4000
|
heap
|
page read and write
|
||
|
1C6D2544000
|
heap
|
page read and write
|
||
|
1B466F60000
|
heap
|
page read and write
|
||
|
24DAE87D000
|
heap
|
page read and write
|
||
|
7FF64F46B000
|
unkown
|
page write copy
|
||
|
24DB07A9000
|
heap
|
page read and write
|
||
|
24DAE808000
|
heap
|
page read and write
|
||
|
1C6D41A9000
|
heap
|
page read and write
|
||
|
2280000
|
heap
|
page read and write
|
||
|
7FF64F3C3000
|
unkown
|
page write copy
|
||
|
24DB032C000
|
heap
|
page read and write
|
||
|
7FF64F425000
|
unkown
|
page readonly
|
||
|
7FF7195BD000
|
unkown
|
page write copy
|
||
|
1C6D3E20000
|
heap
|
page read and write
|
||
|
7FF64F3C3000
|
unkown
|
page write copy
|
||
|
7FF64EA31000
|
unkown
|
page execute read
|
||
|
7FF719621000
|
unkown
|
page read and write
|
||
|
1B4654B0000
|
heap
|
page read and write
|
||
|
421000
|
unkown
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
7FF64F416000
|
unkown
|
page read and write
|
||
|
1FB9FF71000
|
heap
|
page read and write
|
||
|
5E9000
|
heap
|
page read and write
|
||
|
7FF64F396000
|
unkown
|
page write copy
|
||
|
7FF64F1D1000
|
unkown
|
page readonly
|
||
|
24DB0782000
|
heap
|
page read and write
|
||
|
7FF71961A000
|
unkown
|
page write copy
|
||
|
2832E6C0000
|
heap
|
page read and write
|
||
|
1C6D41A6000
|
heap
|
page read and write
|
||
|
227E000
|
stack
|
page read and write
|
||
|
1FB9FFA2000
|
heap
|
page read and write
|
||
|
21077558000
|
heap
|
page read and write
|
||
|
D0911EC000
|
stack
|
page read and write
|
||
|
1C6D41A6000
|
heap
|
page read and write
|
||
|
24DB0775000
|
heap
|
page read and write
|
||
|
D09097A000
|
stack
|
page read and write
|
||
|
23E778A0000
|
heap
|
page read and write
|
||
|
D0918FF000
|
stack
|
page read and write
|
||
|
2832E7F5000
|
heap
|
page read and write
|
||
|
7FF64F411000
|
unkown
|
page read and write
|
||
|
24DB07A8000
|
heap
|
page read and write
|
||
|
24DB0894000
|
heap
|
page read and write
|
||
|
D090DFF000
|
stack
|
page read and write
|
||
|
1FB9FF7F000
|
heap
|
page read and write
|
||
|
210758D0000
|
heap
|
page read and write
|
||
|
7FF64F3C4000
|
unkown
|
page read and write
|
||
|
23E79F70000
|
heap
|
page read and write
|
||
|
1C6D2542000
|
heap
|
page read and write
|
||
|
24DB0745000
|
heap
|
page read and write
|
||
|
2832E7FC000
|
heap
|
page read and write
|
||
|
2107755C000
|
heap
|
page read and write
|
||
|
7FF64F3C3000
|
unkown
|
page write copy
|
||
|
7FF718C40000
|
unkown
|
page readonly
|
||
|
5FC000
|
heap
|
page read and write
|
||
|
1C6D24D9000
|
heap
|
page read and write
|
||
|
21077548000
|
heap
|
page read and write
|
||
|
24DB07A4000
|
heap
|
page read and write
|
||
|
2832F1C4000
|
heap
|
page read and write
|
||
|
D360DA0000
|
stack
|
page read and write
|
||
|
427000
|
unkown
|
page read and write
|
||
|
1C6D41A5000
|
heap
|
page read and write
|
||
|
23E79770000
|
trusted library allocation
|
page read and write
|
||
|
32BC000
|
stack
|
page read and write
|
||
|
7FF64F425000
|
unkown
|
page readonly
|
||
|
24DB078B000
|
heap
|
page read and write
|
||
|
21075955000
|
heap
|
page read and write
|
||
|
7FF64F397000
|
unkown
|
page write copy
|
||
|
32D0000
|
heap
|
page read and write
|
||
|
1FB9FEB0000
|
heap
|
page read and write
|
||
|
7FF64F396000
|
unkown
|
page write copy
|
||
|
F3AFBFF000
|
stack
|
page read and write
|
||
|
1B466F65000
|
heap
|
page read and write
|
||
|
24DB02F0000
|
heap
|
page read and write
|
||
|
7FF64F3C2000
|
unkown
|
page read and write
|
||
|
1FBA1CE0000
|
heap
|
page read and write
|
||
|
1B46552B000
|
heap
|
page read and write
|
||
|
91F000
|
stack
|
page read and write
|
||
|
1C6D41A6000
|
heap
|
page read and write
|
||
|
5FF000
|
heap
|
page read and write
|
||
|
1C6D2542000
|
heap
|
page read and write
|
||
|
24DB073D000
|
heap
|
page read and write
|
||
|
9B178F4000
|
stack
|
page read and write
|
||
|
32E0000
|
trusted library allocation
|
page read and write
|
||
|
81F000
|
stack
|
page read and write
|
||
|
9B17DFF000
|
stack
|
page read and write
|
||
|
24DAE7CB000
|
heap
|
page read and write
|
||
|
4FE000
|
stack
|
page read and write
|
||
|
7FF64F425000
|
unkown
|
page readonly
|
||
|
7FF64F40A000
|
unkown
|
page write copy
|
||
|
1FB9FF80000
|
heap
|
page read and write
|
||
|
21075952000
|
heap
|
page read and write
|
||
|
24DAE87D000
|
heap
|
page read and write
|
||
|
D361BFE000
|
stack
|
page read and write
|
||
|
9B180FE000
|
stack
|
page read and write
|
||
|
2832E7E5000
|
heap
|
page read and write
|
||
|
F835DFE000
|
stack
|
page read and write
|
||
|
23E795B0000
|
heap
|
page read and write
|
||
|
24DB0787000
|
heap
|
page read and write
|
||
|
1C6D2544000
|
heap
|
page read and write
|
||
|
7FF64F1D1000
|
unkown
|
page readonly
|
||
|
7FF64EA31000
|
unkown
|
page execute read
|
||
|
407000
|
unkown
|
page readonly
|
||
|
24DAE87D000
|
heap
|
page read and write
|
||
|
7FF64F3AD000
|
unkown
|
page write copy
|
||
|
24DAE8AF000
|
heap
|
page read and write
|
||
|
24DB06F3000
|
heap
|
page read and write
|
||
|
21075955000
|
heap
|
page read and write
|
||
|
59F000
|
heap
|
page read and write
|
||
|
24DB0A70000
|
heap
|
page read and write
|
||
|
7FF64F396000
|
unkown
|
page read and write
|
||
|
1C6D4196000
|
heap
|
page read and write
|
||
|
D361CFD000
|
stack
|
page read and write
|
||
|
7FF64F3AD000
|
unkown
|
page write copy
|
||
|
7FF64F416000
|
unkown
|
page read and write
|
||
|
2832F1E0000
|
heap
|
page read and write
|
||
|
684C5FE000
|
stack
|
page read and write
|
||
|
32E0000
|
trusted library allocation
|
page read and write
|
||
|
7FF64B5DB000
|
unkown
|
page readonly
|
||
|
27CF000
|
stack
|
page read and write
|
||
|
1C6D24E2000
|
heap
|
page read and write
|
||
|
F3AF8FF000
|
stack
|
page read and write
|
||
|
407000
|
unkown
|
page readonly
|
||
|
1FB9FFC6000
|
heap
|
page read and write
|
||
|
F3AF7FE000
|
stack
|
page read and write
|
||
|
24DB0711000
|
heap
|
page read and write
|
||
|
2107755C000
|
heap
|
page read and write
|
||
|
21075955000
|
heap
|
page read and write
|
||
|
24DB0793000
|
heap
|
page read and write
|
||
|
1C6D2544000
|
heap
|
page read and write
|
||
|
21077520000
|
heap
|
page read and write
|
||
|
7FF64F425000
|
unkown
|
page readonly
|
||
|
1C6D4172000
|
heap
|
page read and write
|
||
|
2107591B000
|
heap
|
page read and write
|
||
|
5E4000
|
heap
|
page read and write
|
||
|
1FBA1CE1000
|
heap
|
page read and write
|
||
|
CDB7AFD000
|
stack
|
page read and write
|
||
|
7FF7195D2000
|
unkown
|
page read and write
|
||
|
9B179FE000
|
stack
|
page read and write
|
||
|
1C6D41B2000
|
heap
|
page read and write
|
||
|
7FF719635000
|
unkown
|
page readonly
|
||
|
D3617FF000
|
stack
|
page read and write
|
||
|
1FB9FFA2000
|
heap
|
page read and write
|
||
|
7FF64F3A9000
|
unkown
|
page read and write
|
||
|
7FF64F425000
|
unkown
|
page readonly
|
||
|
7FF64F3AD000
|
unkown
|
page write copy
|
||
|
1FBA0006000
|
heap
|
page read and write
|
||
|
1FBA1CE1000
|
heap
|
page read and write
|
||
|
7FF64F41E000
|
unkown
|
page read and write
|
||
|
210758C5000
|
heap
|
page read and write
|
||
|
1C6D41B2000
|
heap
|
page read and write
|
||
|
24DAE8AF000
|
heap
|
page read and write
|
||
|
409000
|
unkown
|
page read and write
|
||
|
1FBA1CD0000
|
heap
|
page read and write
|
||
|
1B46554B000
|
heap
|
page read and write
|
||
|
7FF64F40A000
|
unkown
|
page write copy
|
||
|
D090CFE000
|
stack
|
page read and write
|
||
|
21077559000
|
heap
|
page read and write
|
||
|
7FF64F3AD000
|
unkown
|
page write copy
|
||
|
1FB9FFA2000
|
heap
|
page read and write
|
||
|
CDB7BFE000
|
stack
|
page read and write
|
||
|
2832E7C4000
|
heap
|
page read and write
|
||
|
24DAE857000
|
heap
|
page read and write
|
||
|
55E000
|
heap
|
page read and write
|
||
|
7FF64EA31000
|
unkown
|
page execute read
|
||
|
550000
|
heap
|
page read and write
|
||
|
1FB9FF69000
|
heap
|
page read and write
|
||
|
D361DFE000
|
stack
|
page read and write
|
||
|
21077556000
|
heap
|
page read and write
|
||
|
24DB06E1000
|
heap
|
page read and write
|
||
|
317F000
|
stack
|
page read and write
|
||
|
23E778B3000
|
heap
|
page read and write
|
||
|
2832EE75000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
24DB0730000
|
heap
|
page read and write
|
||
|
24DAE8BB000
|
heap
|
page read and write
|
||
|
D0916FF000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
23E79660000
|
heap
|
page read and write
|
||
|
7FF64EA30000
|
unkown
|
page readonly
|
||
|
21075952000
|
heap
|
page read and write
|
||
|
2832E7DB000
|
heap
|
page read and write
|
||
|
21075953000
|
heap
|
page read and write
|
||
|
7FF7195B9000
|
unkown
|
page read and write
|
||
|
7FF64EA30000
|
unkown
|
page readonly
|
||
|
7FF71962E000
|
unkown
|
page read and write
|
||
|
24DB0787000
|
heap
|
page read and write
|
||
|
4B0000
|
heap
|
page read and write
|
||
|
1C6D4290000
|
heap
|
page read and write
|
||
|
21077731000
|
heap
|
page read and write
|
||
|
7FF7195D3000
|
unkown
|
page write copy
|
||
|
684C4FE000
|
stack
|
page read and write
|
||
|
D360D92000
|
stack
|
page read and write
|
||
|
7FF64B5CD000
|
unkown
|
page readonly
|
||
|
1C6D41A5000
|
heap
|
page read and write
|
||
|
21075952000
|
heap
|
page read and write
|
||
|
24DAE9A0000
|
heap
|
page read and write
|
||
|
684C0F4000
|
stack
|
page read and write
|
||
|
2832F240000
|
heap
|
page read and write
|
||
|
7FF64F409000
|
unkown
|
page read and write
|
||
|
21075955000
|
heap
|
page read and write
|
||
|
7FF64F41E000
|
unkown
|
page read and write
|
||
|
24DB07AE000
|
heap
|
page read and write
|
||
|
21077566000
|
heap
|
page read and write
|
||
|
24DB07A7000
|
heap
|
page read and write
|
||
|
24DB0A60000
|
heap
|
page read and write
|
||
|
1C6D24DC000
|
heap
|
page read and write
|
||
|
1C6D2544000
|
heap
|
page read and write
|
||
|
21077556000
|
heap
|
page read and write
|
||
|
21077556000
|
heap
|
page read and write
|
||
|
1FB9FFA2000
|
heap
|
page read and write
|
||
|
7FF64F3A9000
|
unkown
|
page read and write
|
||
|
24DB0787000
|
heap
|
page read and write
|
||
|
F3AF9FE000
|
stack
|
page read and write
|
||
|
7FF64F3AD000
|
unkown
|
page write copy
|
||
|
24DB07AB000
|
heap
|
page read and write
|
||
|
213E000
|
stack
|
page read and write
|
||
|
5F5000
|
heap
|
page read and write
|
||
|
7FF64F1D1000
|
unkown
|
page readonly
|
||
|
21075952000
|
heap
|
page read and write
|
||
|
5EC000
|
heap
|
page read and write
|
||
|
1B4654B8000
|
heap
|
page read and write
|
||
|
21077630000
|
heap
|
page read and write
|
||
|
24DB0B87000
|
heap
|
page read and write
|
||
|
7FF64F3A9000
|
unkown
|
page read and write
|
||
|
7FF718C41000
|
unkown
|
page execute read
|
||
|
7FF64F41E000
|
unkown
|
page read and write
|
||
|
24DAE87F000
|
heap
|
page read and write
|
||
|
F3AFAFE000
|
stack
|
page read and write
|
||
|
1C6D4280000
|
heap
|
page read and write
|
||
|
7FF64F41E000
|
unkown
|
page read and write
|
||
|
F835EFE000
|
stack
|
page read and write
|
||
|
D3615FE000
|
stack
|
page read and write
|
||
|
23E778A6000
|
heap
|
page read and write
|
||
|
7FF64F425000
|
unkown
|
page readonly
|
||
|
7FF64F416000
|
unkown
|
page read and write
|
||
|
21077556000
|
heap
|
page read and write
|
||
|
D090984000
|
stack
|
page read and write
|
||
|
7FF64B5D7000
|
unkown
|
page read and write
|
||
|
7FF64F396000
|
unkown
|
page write copy
|
||
|
7FF64EA30000
|
unkown
|
page readonly
|
||
|
7FF64F396000
|
unkown
|
page read and write
|
||
|
7FF64F40A000
|
unkown
|
page write copy
|
||
|
1C6D4170000
|
heap
|
page read and write
|
||
|
1C6D3E25000
|
heap
|
page read and write
|
||
|
24DAE883000
|
heap
|
page read and write
|
||
|
7FF64F1D1000
|
unkown
|
page readonly
|
||
|
2832E6F0000
|
heap
|
page read and write
|
||
|
5FE000
|
heap
|
page read and write
|
||
|
5FD000
|
heap
|
page read and write
|
||
|
2107754C000
|
heap
|
page read and write
|
||
|
21075918000
|
heap
|
page read and write
|
||
|
2832E752000
|
heap
|
page read and write
|
||
|
7FF7195D4000
|
unkown
|
page read and write
|
||
|
7FF7195A7000
|
unkown
|
page write copy
|
||
|
1FB9FF8C000
|
heap
|
page read and write
|
||
|
D090EFD000
|
stack
|
page read and write
|
||
|
CDB7583000
|
stack
|
page read and write
|
||
|
24DAE7C0000
|
heap
|
page read and write
|
||
|
2832F1C0000
|
heap
|
page read and write
|
||
|
CDB7DFF000
|
stack
|
page read and write
|
||
|
24DAE87F000
|
heap
|
page read and write
|
||
|
7FF64F46B000
|
unkown
|
page write copy
|
||
|
19A000
|
stack
|
page read and write
|
||
|
1C6D4391000
|
heap
|
page read and write
|
||
|
425000
|
unkown
|
page read and write
|
||
|
2832E7E6000
|
heap
|
page read and write
|
||
|
1C6D41A5000
|
heap
|
page read and write
|
||
|
1C6D252A000
|
heap
|
page read and write
|
||
|
7FF64F1D1000
|
unkown
|
page readonly
|
||
|
684C2FE000
|
stack
|
page read and write
|
||
|
7FF64F1D1000
|
unkown
|
page readonly
|
||
|
23E77890000
|
heap
|
page read and write
|
||
|
31BC000
|
stack
|
page read and write
|
||
|
7FF64F397000
|
unkown
|
page write copy
|
||
|
1C6D24FA000
|
heap
|
page read and write
|
||
|
21077556000
|
heap
|
page read and write
|
||
|
2832EE70000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1FBA0006000
|
heap
|
page read and write
|
||
|
450000
|
heap
|
page read and write
|
||
|
7FF64F3A9000
|
unkown
|
page read and write
|
||
|
21075955000
|
heap
|
page read and write
|
||
|
21075953000
|
heap
|
page read and write
|
||
|
7FF64EA30000
|
unkown
|
page readonly
|
||
|
7FF64F396000
|
unkown
|
page read and write
|
||
|
7FF64F3C5000
|
unkown
|
page write copy
|
||
|
21075955000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
21075955000
|
heap
|
page read and write
|
||
|
F835CFA000
|
stack
|
page read and write
|
||
|
7FF718C41000
|
unkown
|
page execute read
|
||
|
1C6D24B0000
|
heap
|
page read and write
|
||
|
24DAE87D000
|
heap
|
page read and write
|
||
|
1C6D253E000
|
heap
|
page read and write
|
||
|
7FF64F3A9000
|
unkown
|
page read and write
|
||
|
2832E748000
|
heap
|
page read and write
|
||
|
21075955000
|
heap
|
page read and write
|
||
|
1B46555B000
|
heap
|
page read and write
|
||
|
1C6D41A1000
|
heap
|
page read and write
|
||
|
1C6D4194000
|
heap
|
page read and write
|
||
|
F3AF173000
|
stack
|
page read and write
|
||
|
7FF64F41E000
|
unkown
|
page read and write
|
||
|
24DB0B60000
|
heap
|
page read and write
|
||
|
1C6D2528000
|
heap
|
page read and write
|
||
|
24DB0787000
|
heap
|
page read and write
|
||
|
2832E7DC000
|
heap
|
page read and write
|
||
|
9B17FFE000
|
stack
|
page read and write
|
||
|
5EB000
|
heap
|
page read and write
|
||
|
D0917FF000
|
stack
|
page read and write
|
||
|
CDB7EFE000
|
stack
|
page read and write
|
||
|
1C6D41B3000
|
heap
|
page read and write
|
||
|
9B17AFF000
|
stack
|
page read and write
|
||
|
7FF64F3C3000
|
unkown
|
page write copy
|
||
|
26CC000
|
stack
|
page read and write
|
||
|
7FF64EA31000
|
unkown
|
page execute read
|
||
|
F3AF9EF000
|
stack
|
page read and write
|
||
|
7FF64F3C4000
|
unkown
|
page read and write
|
There are 591 hidden memdumps, click here to show them.