Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
BmLue8t2V7.exe
|
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\tmpB438.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\ffVsTPS.exe
|
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\BmLue8t2V7.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ffVsTPS.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kj2eusyt.qx5.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nyebbyir.n1o.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_obhwozox.xnq.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_oiskpibc.lbw.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmpBC08.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\ffVsTPS.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 2 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\BmLue8t2V7.exe
|
"C:\Users\user\Desktop\BmLue8t2V7.exe"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\ffVsTPS.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\ffVsTPS" /XML "C:\Users\user\AppData\Local\Temp\tmpB438.tmp"
|
|
|
|
C:\Users\user\Desktop\BmLue8t2V7.exe
|
C:\Users\user\Desktop\BmLue8t2V7.exe
|
|
|
|
C:\Users\user\AppData\Roaming\ffVsTPS.exe
|
C:\Users\user\AppData\Roaming\ffVsTPS.exe
|
|
|
|
C:\Windows\System32\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\ffVsTPS" /XML "C:\Users\user\AppData\Local\Temp\tmpBC08.tmp"
|
|
|
|
C:\Users\user\AppData\Roaming\ffVsTPS.exe
|
C:\Users\user\AppData\Roaming\ffVsTPS.exe
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\user\Desktop\BmLue8t2V7.exe"
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\user\AppData\Roaming\ffVsTPS.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\choice.exe
|
choice /C Y /N /D Y /T 3
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\choice.exe
|
choice /C Y /N /D Y /T 3
|
There are 7 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://checkip.dyndns.org0p
|
unknown
|
||
|
http://checkip.dyndns.orgp
|
unknown
|
||
|
http://checkip.dyndns.org/
|
132.226.247.73
|
||
|
http://checkip.dyndns.org/q
|
unknown
|
||
|
https://scratchdreams.tk
|
unknown
|
||
|
http://reallyfreegeoip.org
|
unknown
|
||
|
https://reallyfreegeoip.org
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/191.96.227.228
|
172.67.177.134
|
||
|
http://checkip.dyndns.org
|
unknown
|
||
|
http://checkip.dyndns.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/191.96.227.2280p
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/191.96.227.228p
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/
|
unknown
|
There are 4 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
checkip.dyndns.org
|
unknown
|
|
|
|
reallyfreegeoip.org
|
172.67.177.134
|
||
|
checkip.dyndns.com
|
132.226.247.73
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
172.67.177.134
|
reallyfreegeoip.org
|
United States
|
||
|
132.226.247.73
|
checkip.dyndns.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BmLue8t2V7_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BmLue8t2V7_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BmLue8t2V7_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BmLue8t2V7_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BmLue8t2V7_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BmLue8t2V7_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BmLue8t2V7_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BmLue8t2V7_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BmLue8t2V7_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BmLue8t2V7_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BmLue8t2V7_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BmLue8t2V7_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BmLue8t2V7_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BmLue8t2V7_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ffVsTPS_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ffVsTPS_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ffVsTPS_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ffVsTPS_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ffVsTPS_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ffVsTPS_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ffVsTPS_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ffVsTPS_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ffVsTPS_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ffVsTPS_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ffVsTPS_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ffVsTPS_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ffVsTPS_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ffVsTPS_RASMANCS
|
FileDirectory
|
There are 18 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
13FCB000
|
trusted library allocation
|
page read and write
|
|
|
|
140002000
|
remote allocation
|
page execute and read and write
|
|
|
|
33E1000
|
trusted library allocation
|
page read and write
|
|
|
|
1E1A1000
|
heap
|
page read and write
|
|
|
|
36D1000
|
trusted library allocation
|
page read and write
|
|
|
|
3C2C32C000
|
stack
|
page read and write
|
||
|
76D63C9000
|
stack
|
page read and write
|
||
|
1CF7A000
|
heap
|
page read and write
|
||
|
7FFB4B1F6000
|
trusted library allocation
|
page read and write
|
||
|
3E88000
|
trusted library allocation
|
page read and write
|
||
|
381D000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B168000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B200000
|
trusted library allocation
|
page execute and read and write
|
||
|
133ED000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B2F7000
|
trusted library allocation
|
page read and write
|
||
|
13DD1000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B16D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
27052017000
|
heap
|
page read and write
|
||
|
C90000
|
heap
|
page read and write
|
||
|
7FFB4B189000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B330000
|
trusted library allocation
|
page read and write
|
||
|
1D98E000
|
stack
|
page read and write
|
||
|
7FFB4B330000
|
trusted library allocation
|
page read and write
|
||
|
386D000
|
trusted library allocation
|
page read and write
|
||
|
2376C97B000
|
heap
|
page read and write
|
||
|
1E8A000
|
heap
|
page read and write
|
||
|
7FFB4B15D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1433000
|
stack
|
page read and write
|
||
|
1783000
|
heap
|
page read and write
|
||
|
1CB35000
|
heap
|
page read and write
|
||
|
DE8000
|
heap
|
page read and write
|
||
|
2031E000
|
stack
|
page read and write
|
||
|
3512000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B19B000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B320000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B17D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CA95000
|
heap
|
page read and write
|
||
|
1DFA0000
|
heap
|
page read and write
|
||
|
1A42F870000
|
heap
|
page read and write
|
||
|
12BB000
|
heap
|
page read and write
|
||
|
7FFB4B16B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E6ED000
|
stack
|
page read and write
|
||
|
389D000
|
trusted library allocation
|
page read and write
|
||
|
D2B000
|
heap
|
page read and write
|
||
|
7FFB4B20C000
|
trusted library allocation
|
page execute and read and write
|
||
|
14162000
|
trusted library allocation
|
page read and write
|
||
|
137E000
|
stack
|
page read and write
|
||
|
22AA8FD0000
|
heap
|
page read and write
|
||
|
D5E000
|
stack
|
page read and write
|
||
|
7FFB4B270000
|
trusted library allocation
|
page execute and read and write
|
||
|
381F000
|
trusted library allocation
|
page read and write
|
||
|
1F6EE000
|
stack
|
page read and write
|
||
|
7FFB4B150000
|
trusted library allocation
|
page read and write
|
||
|
3602000
|
trusted library allocation
|
page read and write
|
||
|
ED3BDFF000
|
stack
|
page read and write
|
||
|
1F71D000
|
stack
|
page read and write
|
||
|
2376C995000
|
heap
|
page read and write
|
||
|
1E0BB000
|
heap
|
page read and write
|
||
|
22AA8FF0000
|
heap
|
page read and write
|
||
|
1CEA0000
|
heap
|
page read and write
|
||
|
7FFB4B328000
|
trusted library allocation
|
page read and write
|
||
|
D58000
|
heap
|
page read and write
|
||
|
12DE000
|
stack
|
page read and write
|
||
|
7FFB4B143000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B194000
|
trusted library allocation
|
page read and write
|
||
|
1C890000
|
heap
|
page read and write
|
||
|
382B000
|
trusted library allocation
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
1E0A4000
|
heap
|
page read and write
|
||
|
1A42F8D8000
|
heap
|
page read and write
|
||
|
3805000
|
trusted library allocation
|
page read and write
|
||
|
E0A000
|
heap
|
page read and write
|
||
|
7FFB4B174000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B1F0000
|
trusted library allocation
|
page read and write
|
||
|
358E000
|
trusted library allocation
|
page read and write
|
||
|
17DF000
|
trusted library section
|
page readonly
|
||
|
387D000
|
trusted library allocation
|
page read and write
|
||
|
2376CBA0000
|
heap
|
page read and write
|
||
|
20B1B000
|
stack
|
page read and write
|
||
|
7FFB4B1F6000
|
trusted library allocation
|
page read and write
|
||
|
1400C000
|
trusted library allocation
|
page read and write
|
||
|
F75000
|
heap
|
page read and write
|
||
|
7FFB4B2E0000
|
trusted library allocation
|
page read and write
|
||
|
1F7E2C15000
|
heap
|
page read and write
|
||
|
37E5000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B154000
|
trusted library allocation
|
page read and write
|
||
|
22AA9275000
|
heap
|
page read and write
|
||
|
1870000
|
heap
|
page read and write
|
||
|
7FFB4B183000
|
trusted library allocation
|
page read and write
|
||
|
1F80000
|
trusted library section
|
page readonly
|
||
|
14096000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B173000
|
trusted library allocation
|
page execute and read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
1F38E000
|
stack
|
page read and write
|
||
|
1CECD000
|
stack
|
page read and write
|
||
|
E10000
|
trusted library allocation
|
page read and write
|
||
|
1220000
|
trusted library allocation
|
page read and write
|
||
|
162C000
|
heap
|
page read and write
|
||
|
1CF40000
|
heap
|
page read and write
|
||
|
3E38000
|
trusted library allocation
|
page read and write
|
||
|
3DCE000
|
stack
|
page read and write
|
||
|
3618000
|
trusted library allocation
|
page read and write
|
||
|
1409F000
|
trusted library allocation
|
page read and write
|
||
|
3DCE000
|
stack
|
page read and write
|
||
|
7FFB4B19C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B1F0000
|
trusted library allocation
|
page read and write
|
||
|
1EEEB000
|
stack
|
page read and write
|
||
|
1E0A0000
|
heap
|
page read and write
|
||
|
1DACE000
|
stack
|
page read and write
|
||
|
D18000
|
heap
|
page read and write
|
||
|
136D8000
|
trusted library allocation
|
page read and write
|
||
|
1780000
|
heap
|
page read and write
|
||
|
382F000
|
trusted library allocation
|
page read and write
|
||
|
15A0000
|
heap
|
page read and write
|
||
|
1835000
|
heap
|
page read and write
|
||
|
1FB8E000
|
stack
|
page read and write
|
||
|
1E98F000
|
stack
|
page read and write
|
||
|
7FFB4B150000
|
trusted library allocation
|
page read and write
|
||
|
1FAEE000
|
stack
|
page read and write
|
||
|
3881000
|
trusted library allocation
|
page read and write
|
||
|
1605000
|
heap
|
page read and write
|
||
|
3C2C3AF000
|
stack
|
page read and write
|
||
|
1D2CE000
|
stack
|
page read and write
|
||
|
1FF8B000
|
stack
|
page read and write
|
||
|
13DE1000
|
trusted library allocation
|
page read and write
|
||
|
3B297DC000
|
stack
|
page read and write
|
||
|
7FFB4B180000
|
trusted library allocation
|
page read and write
|
||
|
22AA9270000
|
heap
|
page read and write
|
||
|
390C000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B174000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B2EE000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B200000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E053000
|
heap
|
page read and write
|
||
|
7FFB4B19C000
|
trusted library allocation
|
page execute and read and write
|
||
|
38B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B210000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E040000
|
heap
|
page read and write
|
||
|
1BF40000
|
heap
|
page execute and read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
1C91B000
|
heap
|
page read and write
|
||
|
1CACE000
|
stack
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
1E140000
|
heap
|
page read and write
|
||
|
28B38565000
|
heap
|
page read and write
|
||
|
1689000
|
heap
|
page read and write
|
||
|
1F22E000
|
stack
|
page read and write
|
||
|
1895000
|
heap
|
page read and write
|
||
|
35D1000
|
trusted library allocation
|
page read and write
|
||
|
3E34000
|
trusted library allocation
|
page read and write
|
||
|
391F000
|
trusted library allocation
|
page read and write
|
||
|
1F7E2BA0000
|
heap
|
page read and write
|
||
|
39C0000
|
heap
|
page read and write
|
||
|
1626000
|
heap
|
page read and write
|
||
|
7FFB4B1FC000
|
trusted library allocation
|
page execute and read and write
|
||
|
3582000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B22C000
|
trusted library allocation
|
page execute and read and write
|
||
|
2376CCF5000
|
heap
|
page read and write
|
||
|
E46000
|
heap
|
page read and write
|
||
|
22BE000
|
stack
|
page read and write
|
||
|
7FFB4B2F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C980000
|
trusted library allocation
|
page read and write
|
||
|
12CF000
|
heap
|
page read and write
|
||
|
27052010000
|
heap
|
page read and write
|
||
|
1EF1D000
|
stack
|
page read and write
|
||
|
7FFB4B2FE000
|
trusted library allocation
|
page read and write
|
||
|
13FEC000
|
trusted library allocation
|
page read and write
|
||
|
1C8E0000
|
heap
|
page read and write
|
||
|
7FFB4B190000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B160000
|
trusted library allocation
|
page read and write
|
||
|
F0E000
|
stack
|
page read and write
|
||
|
1BE4D000
|
stack
|
page read and write
|
||
|
7FFB4B1CC000
|
trusted library allocation
|
page execute and read and write
|
||
|
12D2000
|
heap
|
page read and write
|
||
|
27052320000
|
heap
|
page read and write
|
||
|
7FFB4B310000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B340000
|
trusted library allocation
|
page read and write
|
||
|
3ED4000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B16B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F7E2C44000
|
heap
|
page read and write
|
||
|
15F0000
|
trusted library allocation
|
page read and write
|
||
|
1E20000
|
heap
|
page execute and read and write
|
||
|
1C54C000
|
stack
|
page read and write
|
||
|
1662000
|
heap
|
page read and write
|
||
|
1C6CE000
|
stack
|
page read and write
|
||
|
136B000
|
heap
|
page read and write
|
||
|
1382000
|
heap
|
page read and write
|
||
|
7FFB4B300000
|
trusted library allocation
|
page execute and read and write
|
||
|
1790000
|
heap
|
page read and write
|
||
|
1EAEE000
|
stack
|
page read and write
|
||
|
7FFB4B2F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B14D000
|
trusted library allocation
|
page execute and read and write
|
||
|
F4F000
|
stack
|
page read and write
|
||
|
3592000
|
trusted library allocation
|
page read and write
|
||
|
136D1000
|
trusted library allocation
|
page read and write
|
||
|
38C4000
|
trusted library allocation
|
page read and write
|
||
|
15F0000
|
heap
|
page read and write
|
||
|
1D41F9000
|
stack
|
page read and write
|
||
|
7FFB4B153000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B230000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CB30000
|
heap
|
page read and write
|
||
|
1F31E000
|
stack
|
page read and write
|
||
|
34DE000
|
trusted library allocation
|
page read and write
|
||
|
CA0000
|
trusted library allocation
|
page read and write
|
||
|
3596000
|
trusted library allocation
|
page read and write
|
||
|
362B000
|
trusted library allocation
|
page read and write
|
||
|
27051FF0000
|
heap
|
page read and write
|
||
|
1E2CE000
|
stack
|
page read and write
|
||
|
3E69000
|
trusted library allocation
|
page read and write
|
||
|
1665000
|
heap
|
page read and write
|
||
|
7FFB4B159000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B322000
|
trusted library allocation
|
page read and write
|
||
|
1378000
|
heap
|
page read and write
|
||
|
1A42F8B5000
|
heap
|
page read and write
|
||
|
34F2000
|
trusted library allocation
|
page read and write
|
||
|
2376CCF0000
|
heap
|
page read and write
|
||
|
1890000
|
heap
|
page read and write
|
||
|
7FFB4B164000
|
trusted library allocation
|
page read and write
|
||
|
1E50000
|
heap
|
page execute and read and write
|
||
|
C95000
|
heap
|
page read and write
|
||
|
E6D8F3C000
|
stack
|
page read and write
|
||
|
1E46000
|
heap
|
page read and write
|
||
|
1C916000
|
heap
|
page read and write
|
||
|
7FFB4B226000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B226000
|
trusted library allocation
|
page execute and read and write
|
||
|
13EE1000
|
trusted library allocation
|
page read and write
|
||
|
136E1000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B16D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B164000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B15D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1600000
|
heap
|
page read and write
|
||
|
1C8E0000
|
heap
|
page read and write
|
||
|
D1F000
|
heap
|
page read and write
|
||
|
3DD1000
|
trusted library allocation
|
page read and write
|
||
|
1E240000
|
trusted library section
|
page read and write
|
||
|
18F0000
|
heap
|
page execute and read and write
|
||
|
3538000
|
trusted library allocation
|
page read and write
|
||
|
1CA90000
|
heap
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
1EACE000
|
stack
|
page read and write
|
||
|
136DD000
|
trusted library allocation
|
page read and write
|
||
|
76D667E000
|
unkown
|
page read and write
|
||
|
357A000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B220000
|
trusted library allocation
|
page read and write
|
||
|
1C980000
|
heap
|
page read and write
|
||
|
140000000
|
remote allocation
|
page execute and read and write
|
||
|
1DFE000
|
stack
|
page read and write
|
||
|
E0E000
|
heap
|
page read and write
|
||
|
EC0000
|
heap
|
page read and write
|
||
|
13FCB000
|
trusted library allocation
|
page read and write
|
||
|
E1A000
|
heap
|
page read and write
|
||
|
164A000
|
heap
|
page read and write
|
||
|
38F9000
|
trusted library allocation
|
page read and write
|
||
|
BB0000
|
heap
|
page read and write
|
||
|
133E8000
|
trusted library allocation
|
page read and write
|
||
|
28B38328000
|
heap
|
page read and write
|
||
|
1E61000
|
heap
|
page read and write
|
||
|
270521E0000
|
heap
|
page read and write
|
||
|
13DE1000
|
trusted library allocation
|
page read and write
|
||
|
1CD8E000
|
stack
|
page read and write
|
||
|
CF8000
|
heap
|
page read and write
|
||
|
7FFB4B2F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3834000
|
trusted library allocation
|
page read and write
|
||
|
38F5000
|
trusted library allocation
|
page read and write
|
||
|
1D18E000
|
stack
|
page read and write
|
||
|
353C000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B300000
|
trusted library allocation
|
page read and write
|
||
|
D15000
|
heap
|
page read and write
|
||
|
1CEB0000
|
heap
|
page read and write
|
||
|
27051FE0000
|
heap
|
page read and write
|
||
|
13DD8000
|
trusted library allocation
|
page read and write
|
||
|
3DD1000
|
trusted library allocation
|
page read and write
|
||
|
1F7E2B90000
|
heap
|
page read and write
|
||
|
3B29BFF000
|
stack
|
page read and write
|
||
|
35A9000
|
trusted library allocation
|
page read and write
|
||
|
1F7E2BC0000
|
heap
|
page read and write
|
||
|
1FB5000
|
heap
|
page read and write
|
||
|
1E18E000
|
stack
|
page read and write
|
||
|
1F7E2C20000
|
heap
|
page read and write
|
||
|
17C0000
|
heap
|
page execute and read and write
|
||
|
7FFB4B310000
|
trusted library allocation
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
1800000
|
heap
|
page execute and read and write
|
||
|
12FC000
|
heap
|
page read and write
|
||
|
7FFB4B312000
|
trusted library allocation
|
page read and write
|
||
|
1A42F8D0000
|
heap
|
page read and write
|
||
|
1C8E3000
|
heap
|
page read and write
|
||
|
2071E000
|
stack
|
page read and write
|
||
|
7FFB4B170000
|
trusted library allocation
|
page read and write
|
||
|
28B38300000
|
heap
|
page read and write
|
||
|
136D3000
|
trusted library allocation
|
page read and write
|
||
|
1240000
|
trusted library allocation
|
page read and write
|
||
|
D2D000
|
heap
|
page read and write
|
||
|
1FF1F000
|
stack
|
page read and write
|
||
|
1E6CE000
|
stack
|
page read and write
|
||
|
1692000
|
heap
|
page read and write
|
||
|
1BE00000
|
trusted library allocation
|
page read and write
|
||
|
352A000
|
trusted library allocation
|
page read and write
|
||
|
22AA8EF0000
|
heap
|
page read and write
|
||
|
E6D93FF000
|
stack
|
page read and write
|
||
|
7FFB4B236000
|
trusted library allocation
|
page execute and read and write
|
||
|
1720000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B2E7000
|
trusted library allocation
|
page read and write
|
||
|
B80000
|
heap
|
page read and write
|
||
|
BF2000
|
stack
|
page read and write
|
||
|
168B000
|
heap
|
page read and write
|
||
|
2376C970000
|
heap
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
7FFB4B160000
|
trusted library allocation
|
page read and write
|
||
|
BF2000
|
stack
|
page read and write
|
||
|
28B382E0000
|
heap
|
page read and write
|
||
|
1FB1E000
|
stack
|
page read and write
|
||
|
35BD000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B1AC000
|
trusted library allocation
|
page execute and read and write
|
||
|
2376CA80000
|
heap
|
page read and write
|
||
|
7FFB4B320000
|
trusted library allocation
|
page read and write
|
||
|
37BF000
|
trusted library allocation
|
page read and write
|
||
|
34D7000
|
trusted library allocation
|
page read and write
|
||
|
A70000
|
unkown
|
page readonly
|
||
|
1F2EF000
|
stack
|
page read and write
|
||
|
1F90000
|
heap
|
page read and write
|
||
|
17B0000
|
heap
|
page read and write
|
||
|
1F7E2C10000
|
heap
|
page read and write
|
||
|
1E06000
|
heap
|
page read and write
|
||
|
1CF3D000
|
stack
|
page read and write
|
||
|
1580000
|
heap
|
page read and write
|
||
|
E30000
|
trusted library allocation
|
page read and write
|
||
|
13DD8000
|
trusted library allocation
|
page read and write
|
||
|
1CFF000
|
stack
|
page read and write
|
||
|
37D5000
|
trusted library allocation
|
page read and write
|
||
|
3586000
|
trusted library allocation
|
page read and write
|
||
|
1A42F890000
|
heap
|
page read and write
|
||
|
7FFB4B16D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A42F8B0000
|
heap
|
page read and write
|
||
|
7FFB4B140000
|
trusted library allocation
|
page read and write
|
||
|
3540000
|
trusted library allocation
|
page read and write
|
||
|
28B38200000
|
heap
|
page read and write
|
||
|
13EE1000
|
trusted library allocation
|
page read and write
|
||
|
3E21000
|
trusted library allocation
|
page read and write
|
||
|
22AA90B0000
|
heap
|
page read and write
|
||
|
3E21000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B15D000
|
trusted library allocation
|
page execute and read and write
|
||
|
141C3000
|
trusted library allocation
|
page read and write
|
||
|
17D0000
|
trusted library section
|
page readonly
|
||
|
34DA000
|
trusted library allocation
|
page read and write
|
||
|
1E30000
|
heap
|
page read and write
|
||
|
3B29AFE000
|
unkown
|
page read and write
|
||
|
16DE000
|
stack
|
page read and write
|
||
|
2038E000
|
stack
|
page read and write
|
||
|
35E4000
|
trusted library allocation
|
page read and write
|
||
|
1CE9D000
|
stack
|
page read and write
|
||
|
1830000
|
heap
|
page read and write
|
||
|
7FFB4B260000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E169000
|
heap
|
page read and write
|
||
|
3606000
|
trusted library allocation
|
page read and write
|
||
|
23BF000
|
stack
|
page read and write
|
||
|
1C54C000
|
stack
|
page read and write
|
||
|
D56000
|
heap
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
19FE000
|
stack
|
page read and write
|
||
|
3C2C67F000
|
stack
|
page read and write
|
||
|
C70000
|
trusted library allocation
|
page read and write
|
||
|
12F9000
|
heap
|
page read and write
|
||
|
C20000
|
heap
|
page read and write
|
||
|
1F70000
|
heap
|
page read and write
|
||
|
1E742000
|
trusted library allocation
|
page read and write
|
||
|
76D66FE000
|
stack
|
page read and write
|
||
|
3534000
|
trusted library allocation
|
page read and write
|
||
|
27052325000
|
heap
|
page read and write
|
||
|
DCF000
|
stack
|
page read and write
|
||
|
1C970000
|
trusted library section
|
page read and write
|
||
|
11F2000
|
stack
|
page read and write
|
||
|
7FFB4B1FC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1480000
|
heap
|
page read and write
|
||
|
2376CB60000
|
heap
|
page read and write
|
||
|
3E88000
|
trusted library allocation
|
page read and write
|
||
|
1F7E2DF0000
|
heap
|
page read and write
|
||
|
388A000
|
trusted library allocation
|
page read and write
|
||
|
1296000
|
heap
|
page read and write
|
||
|
1D6CE000
|
stack
|
page read and write
|
||
|
1EEEE000
|
stack
|
page read and write
|
||
|
1DC0000
|
heap
|
page read and write
|
||
|
7FF414B50000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A42F790000
|
heap
|
page read and write
|
||
|
1560000
|
heap
|
page read and write
|
||
|
1F7E2C48000
|
heap
|
page read and write
|
||
|
13DD1000
|
trusted library allocation
|
page read and write
|
||
|
165F000
|
heap
|
page read and write
|
||
|
28B3832F000
|
heap
|
page read and write
|
||
|
7FFB4B144000
|
trusted library allocation
|
page read and write
|
||
|
1C8E2000
|
heap
|
page read and write
|
||
|
133F1000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B260000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B17D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1DB0000
|
heap
|
page read and write
|
||
|
F70000
|
heap
|
page read and write
|
||
|
133E3000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B2E0000
|
trusted library allocation
|
page read and write
|
||
|
37CE000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B152000
|
trusted library allocation
|
page read and write
|
||
|
209F000
|
stack
|
page read and write
|
||
|
14101000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B14D000
|
trusted library allocation
|
page execute and read and write
|
||
|
357E000
|
trusted library allocation
|
page read and write
|
||
|
1402B000
|
trusted library allocation
|
page read and write
|
||
|
1E91000
|
heap
|
page read and write
|
||
|
7FFB4B200000
|
trusted library allocation
|
page read and write
|
||
|
1C8A0000
|
trusted library section
|
page read and write
|
||
|
1290000
|
heap
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
1CAF0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B17B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D447F000
|
unkown
|
page read and write
|
||
|
7FFB4B206000
|
trusted library allocation
|
page read and write
|
||
|
3875000
|
trusted library allocation
|
page read and write
|
||
|
1620000
|
heap
|
page read and write
|
||
|
1BB5D000
|
stack
|
page read and write
|
||
|
7FFB4B162000
|
trusted library allocation
|
page read and write
|
||
|
E06000
|
heap
|
page read and write
|
||
|
7FFB4B18D000
|
trusted library allocation
|
page execute and read and write
|
||
|
358A000
|
trusted library allocation
|
page read and write
|
||
|
14035000
|
trusted library allocation
|
page read and write
|
||
|
1CF50000
|
heap
|
page read and write
|
||
|
7FFB4B143000
|
trusted library allocation
|
page execute and read and write
|
||
|
4213000
|
trusted library allocation
|
page read and write
|
||
|
1C933000
|
heap
|
page read and write
|
||
|
1E173000
|
heap
|
page read and write
|
||
|
28B38320000
|
heap
|
page read and write
|
||
|
1C88E000
|
stack
|
page read and write
|
||
|
7FFB4B19D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FB0000
|
heap
|
page read and write
|
||
|
1BE00000
|
trusted library allocation
|
page read and write
|
||
|
1C9E000
|
stack
|
page read and write
|
||
|
A72000
|
unkown
|
page readonly
|
||
|
7FFB4B144000
|
trusted library allocation
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
3871000
|
trusted library allocation
|
page read and write
|
||
|
3ED4000
|
trusted library allocation
|
page read and write
|
||
|
E1C000
|
heap
|
page read and write
|
||
|
3879000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B256000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C8D0000
|
trusted library section
|
page read and write
|
||
|
1E58E000
|
stack
|
page read and write
|
||
|
7FFB4B153000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B160000
|
trusted library allocation
|
page read and write
|
||
|
ED3BD7F000
|
stack
|
page read and write
|
||
|
1C48F000
|
stack
|
page read and write
|
||
|
15F5000
|
heap
|
page read and write
|
||
|
1C990000
|
heap
|
page execute and read and write
|
||
|
7FFB4B226000
|
trusted library allocation
|
page read and write
|
||
|
22AA90B8000
|
heap
|
page read and write
|
||
|
1DD8D000
|
stack
|
page read and write
|
||
|
3885000
|
trusted library allocation
|
page read and write
|
||
|
E6D92FF000
|
unkown
|
page read and write
|
||
|
E80000
|
heap
|
page execute and read and write
|
||
|
1D44FF000
|
stack
|
page read and write
|
||
|
33DE000
|
stack
|
page read and write
|
||
|
7FFB4B290000
|
trusted library allocation
|
page execute and read and write
|
||
|
3827000
|
trusted library allocation
|
page read and write
|
||
|
CD0000
|
heap
|
page read and write
|
||
|
133E1000
|
trusted library allocation
|
page read and write
|
||
|
2376CB80000
|
heap
|
page read and write
|
||
|
1EE2B000
|
stack
|
page read and write
|
||
|
1D58D000
|
stack
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
28B38560000
|
heap
|
page read and write
|
||
|
1F78E000
|
stack
|
page read and write
|
||
|
34D4000
|
trusted library allocation
|
page read and write
|
||
|
3960000
|
heap
|
page read and write
|
||
|
7FFB4B150000
|
trusted library allocation
|
page read and write
|
||
|
1DECA000
|
stack
|
page read and write
|
||
|
34D2000
|
trusted library allocation
|
page read and write
|
||
|
1F7E2C2B000
|
heap
|
page read and write
|
||
|
ED3BCFC000
|
stack
|
page read and write
|
||
|
EC5000
|
heap
|
page read and write
|
||
|
E9B000
|
heap
|
page read and write
|
There are 466 hidden memdumps, click here to show them.