Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
F#U0130YAT TEKL#U0130F.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\directory\name.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbs
|
data
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Temp\Charley
|
ASCII text, with very long lines (29714), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\aut2DED.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\aut2E3D.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\aut5C12.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\aut5C51.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\autBC22.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\autBC81.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\vitraillist
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\F#U0130YAT TEKL#U0130F.exe
|
"C:\Users\user\Desktop\F#U0130YAT TEKL#U0130F.exe"
|
|
|
|
C:\Users\user\AppData\Local\directory\name.exe
|
"C:\Users\user\Desktop\F#U0130YAT TEKL#U0130F.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Users\user\Desktop\F#U0130YAT TEKL#U0130F.exe"
|
|
|
|
C:\Windows\System32\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbs"
|
|
|
|
C:\Users\user\AppData\Local\directory\name.exe
|
"C:\Users\user\AppData\Local\directory\name.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Users\user\AppData\Local\directory\name.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
mail.aquareklam.com
|
|
||
|
https://api.ipify.org/
|
104.26.12.205
|
||
|
https://api.ipify.org
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
https://api.ipify.org/t
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://mail.aquareklam.com
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
mail.aquareklam.com
|
37.247.115.2
|
|
|
|
api.ipify.org
|
104.26.12.205
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
37.247.115.2
|
mail.aquareklam.com
|
Turkey
|
|
|
|
104.26.12.205
|
api.ipify.org
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
400000
|
system
|
page execute and read and write
|
|
|
|
3694000
|
trusted library allocation
|
page read and write
|
|
|
|
3670000
|
direct allocation
|
page read and write
|
|
|
|
36CE000
|
trusted library allocation
|
page read and write
|
|
|
|
2BBF000
|
trusted library allocation
|
page read and write
|
|
|
|
36C7000
|
trusted library allocation
|
page read and write
|
|
|
|
3B41000
|
trusted library allocation
|
page read and write
|
|
|
|
12A0000
|
direct allocation
|
page read and write
|
|
|
|
270F000
|
heap
|
page read and write
|
|
|
|
36BF000
|
trusted library allocation
|
page read and write
|
|
|
|
2B94000
|
trusted library allocation
|
page read and write
|
|
|
|
2AE0000
|
trusted library section
|
page read and write
|
|
|
|
2BC7000
|
trusted library allocation
|
page read and write
|
|
|
|
5240000
|
trusted library section
|
page read and write
|
|
|
|
FA0000
|
direct allocation
|
page execute and read and write
|
||
|
75A000
|
stack
|
page read and write
|
||
|
3D9E000
|
direct allocation
|
page read and write
|
||
|
63A000
|
stack
|
page read and write
|
||
|
2904C712000
|
heap
|
page read and write
|
||
|
5A8A000
|
heap
|
page read and write
|
||
|
149A000
|
heap
|
page read and write
|
||
|
16A2000
|
heap
|
page read and write
|
||
|
729E000
|
direct allocation
|
page read and write
|
||
|
7630000
|
heap
|
page read and write
|
||
|
D273EFE000
|
stack
|
page read and write
|
||
|
3170000
|
heap
|
page read and write
|
||
|
3F80000
|
direct allocation
|
page read and write
|
||
|
1388000
|
stack
|
page read and write
|
||
|
BE4000
|
heap
|
page read and write
|
||
|
36C0000
|
direct allocation
|
page read and write
|
||
|
6554000
|
trusted library allocation
|
page read and write
|
||
|
5B8B000
|
trusted library allocation
|
page read and write
|
||
|
C78000
|
heap
|
page read and write
|
||
|
164F000
|
heap
|
page read and write
|
||
|
4704000
|
trusted library allocation
|
page read and write
|
||
|
26C0000
|
trusted library section
|
page read and write
|
||
|
2904C9C0000
|
heap
|
page read and write
|
||
|
A49E000
|
direct allocation
|
page read and write
|
||
|
3C00000
|
direct allocation
|
page read and write
|
||
|
D2743FE000
|
stack
|
page read and write
|
||
|
146F000
|
stack
|
page read and write
|
||
|
2F90000
|
trusted library allocation
|
page read and write
|
||
|
5A86000
|
heap
|
page read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
13B0000
|
heap
|
page read and write
|
||
|
5EBE000
|
stack
|
page read and write
|
||
|
607E000
|
stack
|
page read and write
|
||
|
36E0000
|
trusted library allocation
|
page read and write
|
||
|
4A9E000
|
direct allocation
|
page read and write
|
||
|
144B000
|
stack
|
page read and write
|
||
|
5C40000
|
trusted library allocation
|
page read and write
|
||
|
62CE000
|
stack
|
page read and write
|
||
|
66A0000
|
trusted library allocation
|
page read and write
|
||
|
5124000
|
heap
|
page read and write
|
||
|
3A60000
|
direct allocation
|
page read and write
|
||
|
3D2D000
|
direct allocation
|
page read and write
|
||
|
16B2000
|
heap
|
page read and write
|
||
|
FB0000
|
unkown
|
page readonly
|
||
|
5BAD000
|
trusted library allocation
|
page read and write
|
||
|
16FB000
|
heap
|
page read and write
|
||
|
15D0000
|
heap
|
page read and write
|
||
|
2BBD000
|
trusted library allocation
|
page read and write
|
||
|
5B92000
|
trusted library allocation
|
page read and write
|
||
|
2835000
|
trusted library allocation
|
page execute and read and write
|
||
|
39FE000
|
direct allocation
|
page read and write
|
||
|
A90000
|
trusted library section
|
page read and write
|
||
|
3610000
|
trusted library allocation
|
page read and write
|
||
|
BCB000
|
heap
|
page read and write
|
||
|
980000
|
unkown
|
page readonly
|
||
|
5220000
|
trusted library allocation
|
page read and write
|
||
|
FB1000
|
unkown
|
page execute read
|
||
|
16FA000
|
heap
|
page read and write
|
||
|
2AD0000
|
heap
|
page execute and read and write
|
||
|
3B83000
|
direct allocation
|
page read and write
|
||
|
2F8D000
|
trusted library allocation
|
page execute and read and write
|
||
|
13A7000
|
heap
|
page read and write
|
||
|
2904C6E0000
|
heap
|
page read and write
|
||
|
16B8000
|
heap
|
page read and write
|
||
|
164B000
|
heap
|
page read and write
|
||
|
149A000
|
heap
|
page read and write
|
||
|
BF2000
|
heap
|
page read and write
|
||
|
1380000
|
heap
|
page read and write
|
||
|
16FB000
|
heap
|
page read and write
|
||
|
13FB000
|
heap
|
page read and write
|
||
|
16B0000
|
heap
|
page read and write
|
||
|
6560000
|
trusted library allocation
|
page execute and read and write
|
||
|
3860000
|
direct allocation
|
page read and write
|
||
|
AFF000
|
heap
|
page read and write
|
||
|
2904C764000
|
heap
|
page read and write
|
||
|
2A92000
|
trusted library allocation
|
page read and write
|
||
|
65BE000
|
stack
|
page read and write
|
||
|
104C000
|
unkown
|
page readonly
|
||
|
869E000
|
direct allocation
|
page read and write
|
||
|
7010000
|
trusted library allocation
|
page execute and read and write
|
||
|
D2740FF000
|
stack
|
page read and write
|
||
|
283B000
|
trusted library allocation
|
page execute and read and write
|
||
|
28E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
319F000
|
heap
|
page read and write
|
||
|
13B4000
|
heap
|
page read and write
|
||
|
A4C000
|
unkown
|
page write copy
|
||
|
1452000
|
heap
|
page read and write
|
||
|
BD1000
|
heap
|
page read and write
|
||
|
2AC0000
|
heap
|
page execute and read and write
|
||
|
981000
|
unkown
|
page execute read
|
||
|
3D29000
|
direct allocation
|
page read and write
|
||
|
3D29000
|
direct allocation
|
page read and write
|
||
|
BE3000
|
heap
|
page read and write
|
||
|
3D2D000
|
direct allocation
|
page read and write
|
||
|
C78000
|
heap
|
page read and write
|
||
|
FB1000
|
unkown
|
page execute read
|
||
|
51B1000
|
heap
|
page read and write
|
||
|
2822000
|
trusted library allocation
|
page read and write
|
||
|
426000
|
system
|
page execute and read and write
|
||
|
BD1000
|
heap
|
page read and write
|
||
|
6F27000
|
trusted library allocation
|
page read and write
|
||
|
5C4E000
|
trusted library allocation
|
page read and write
|
||
|
13F0000
|
heap
|
page read and write
|
||
|
67DF000
|
stack
|
page read and write
|
||
|
26E7000
|
heap
|
page read and write
|
||
|
37E3000
|
direct allocation
|
page read and write
|
||
|
1388000
|
heap
|
page read and write
|
||
|
3710000
|
direct allocation
|
page read and write
|
||
|
603E000
|
stack
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
3A4E000
|
direct allocation
|
page read and write
|
||
|
33EE000
|
stack
|
page read and write
|
||
|
511E000
|
stack
|
page read and write
|
||
|
14D0000
|
heap
|
page read and write
|
||
|
13B2000
|
heap
|
page read and write
|
||
|
C01000
|
heap
|
page read and write
|
||
|
1B40000
|
direct allocation
|
page read and write
|
||
|
1600000
|
heap
|
page read and write
|
||
|
3989000
|
direct allocation
|
page read and write
|
||
|
3989000
|
direct allocation
|
page read and write
|
||
|
322D000
|
heap
|
page read and write
|
||
|
5AF4000
|
heap
|
page read and write
|
||
|
A2F000
|
stack
|
page read and write
|
||
|
6C60000
|
heap
|
page read and write
|
||
|
5D9C000
|
stack
|
page read and write
|
||
|
107C000
|
unkown
|
page write copy
|
||
|
1601000
|
heap
|
page read and write
|
||
|
13FB000
|
heap
|
page read and write
|
||
|
3297000
|
heap
|
page read and write
|
||
|
57AF000
|
stack
|
page read and write
|
||
|
1595000
|
heap
|
page read and write
|
||
|
3710000
|
direct allocation
|
page read and write
|
||
|
B3C000
|
heap
|
page read and write
|
||
|
36C0000
|
direct allocation
|
page read and write
|
||
|
13AC000
|
heap
|
page read and write
|
||
|
39D9000
|
direct allocation
|
page read and write
|
||
|
16EB000
|
heap
|
page read and write
|
||
|
107C000
|
unkown
|
page read and write
|
||
|
13B2000
|
heap
|
page read and write
|
||
|
39DD000
|
direct allocation
|
page read and write
|
||
|
3A60000
|
direct allocation
|
page read and write
|
||
|
3833000
|
direct allocation
|
page read and write
|
||
|
52B0000
|
trusted library allocation
|
page read and write
|
||
|
1481000
|
heap
|
page read and write
|
||
|
2904C9CE000
|
heap
|
page read and write
|
||
|
5AB0000
|
heap
|
page read and write
|
||
|
6F20000
|
trusted library allocation
|
page read and write
|
||
|
13FB000
|
heap
|
page read and write
|
||
|
C1B000
|
heap
|
page read and write
|
||
|
3860000
|
direct allocation
|
page read and write
|
||
|
5FFB000
|
stack
|
page read and write
|
||
|
6F09000
|
trusted library allocation
|
page read and write
|
||
|
DCF000
|
stack
|
page read and write
|
||
|
E1E000
|
stack
|
page read and write
|
||
|
5128000
|
heap
|
page read and write
|
||
|
39DD000
|
direct allocation
|
page read and write
|
||
|
16E9000
|
heap
|
page read and write
|
||
|
A70000
|
heap
|
page read and write
|
||
|
5230000
|
trusted library allocation
|
page read and write
|
||
|
2FA7000
|
trusted library allocation
|
page execute and read and write
|
||
|
1590000
|
heap
|
page read and write
|
||
|
282A000
|
trusted library allocation
|
page execute and read and write
|
||
|
5E9E000
|
direct allocation
|
page read and write
|
||
|
16B0000
|
heap
|
page read and write
|
||
|
2F73000
|
trusted library allocation
|
page execute and read and write
|
||
|
1072000
|
unkown
|
page readonly
|
||
|
15F4000
|
heap
|
page read and write
|
||
|
6110000
|
heap
|
page read and write
|
||
|
3D2D000
|
direct allocation
|
page read and write
|
||
|
980000
|
unkown
|
page readonly
|
||
|
16D1000
|
heap
|
page read and write
|
||
|
1602000
|
heap
|
page read and write
|
||
|
4CDE000
|
stack
|
page read and write
|
||
|
3400000
|
heap
|
page read and write
|
||
|
5B9E000
|
trusted library allocation
|
page read and write
|
||
|
A0E000
|
stack
|
page read and write
|
||
|
2904C737000
|
heap
|
page read and write
|
||
|
6F10000
|
heap
|
page read and write
|
||
|
664E000
|
stack
|
page read and write
|
||
|
9FE000
|
stack
|
page read and write
|
||
|
3230000
|
heap
|
page read and write
|
||
|
6C40000
|
trusted library allocation
|
page execute and read and write
|
||
|
1289000
|
stack
|
page read and write
|
||
|
6EE8000
|
trusted library allocation
|
page read and write
|
||
|
1080000
|
unkown
|
page write copy
|
||
|
1603000
|
heap
|
page read and write
|
||
|
143E000
|
stack
|
page read and write
|
||
|
158A000
|
heap
|
page read and write
|
||
|
6EC0000
|
heap
|
page read and write
|
||
|
398D000
|
direct allocation
|
page read and write
|
||
|
16E9000
|
heap
|
page read and write
|
||
|
688E000
|
stack
|
page read and write
|
||
|
FB0000
|
unkown
|
page readonly
|
||
|
33F0000
|
heap
|
page execute and read and write
|
||
|
3A60000
|
direct allocation
|
page read and write
|
||
|
BE4000
|
heap
|
page read and write
|
||
|
6EE0000
|
trusted library allocation
|
page read and write
|
||
|
3D9E000
|
direct allocation
|
page read and write
|
||
|
4693000
|
trusted library allocation
|
page read and write
|
||
|
15F7000
|
heap
|
page read and write
|
||
|
2B90000
|
trusted library allocation
|
page read and write
|
||
|
2F7D000
|
trusted library allocation
|
page execute and read and write
|
||
|
26E0000
|
heap
|
page read and write
|
||
|
1072000
|
unkown
|
page readonly
|
||
|
BE3000
|
heap
|
page read and write
|
||
|
BD4000
|
heap
|
page read and write
|
||
|
16E9000
|
heap
|
page read and write
|
||
|
2F80000
|
trusted library allocation
|
page read and write
|
||
|
315C000
|
stack
|
page read and write
|
||
|
1290000
|
heap
|
page read and write
|
||
|
C1B000
|
heap
|
page read and write
|
||
|
3626000
|
trusted library allocation
|
page read and write
|
||
|
2813000
|
trusted library allocation
|
page read and write
|
||
|
3B83000
|
direct allocation
|
page read and write
|
||
|
6C20000
|
trusted library allocation
|
page read and write
|
||
|
3290000
|
heap
|
page read and write
|
||
|
3D2D000
|
direct allocation
|
page read and write
|
||
|
13A4000
|
heap
|
page read and write
|
||
|
B2C000
|
heap
|
page read and write
|
||
|
5FFE000
|
stack
|
page read and write
|
||
|
13B0000
|
heap
|
page read and write
|
||
|
6A0F000
|
stack
|
page read and write
|
||
|
BE4000
|
heap
|
page read and write
|
||
|
142F000
|
stack
|
page read and write
|
||
|
1184000
|
heap
|
page read and write
|
||
|
613C000
|
stack
|
page read and write
|
||
|
39D9000
|
direct allocation
|
page read and write
|
||
|
16E9000
|
heap
|
page read and write
|
||
|
1160000
|
direct allocation
|
page execute and read and write
|
||
|
104C000
|
unkown
|
page readonly
|
||
|
339F000
|
stack
|
page read and write
|
||
|
107C000
|
unkown
|
page write copy
|
||
|
13B2000
|
heap
|
page read and write
|
||
|
6C10000
|
trusted library allocation
|
page read and write
|
||
|
2804000
|
trusted library allocation
|
page read and write
|
||
|
BD4000
|
heap
|
page read and write
|
||
|
3173000
|
heap
|
page read and write
|
||
|
689E000
|
direct allocation
|
page read and write
|
||
|
3C04000
|
trusted library allocation
|
page read and write
|
||
|
5C60000
|
heap
|
page read and write
|
||
|
A54000
|
unkown
|
page readonly
|
||
|
3710000
|
direct allocation
|
page read and write
|
||
|
D2741FE000
|
stack
|
page read and write
|
||
|
5A80000
|
heap
|
page read and write
|
||
|
DBF000
|
stack
|
page read and write
|
||
|
1B7E000
|
stack
|
page read and write
|
||
|
56AE000
|
stack
|
page read and write
|
||
|
3641000
|
trusted library allocation
|
page read and write
|
||
|
2FA0000
|
trusted library allocation
|
page read and write
|
||
|
6540000
|
trusted library allocation
|
page read and write
|
||
|
5BC0000
|
trusted library allocation
|
page read and write
|
||
|
473A000
|
trusted library allocation
|
page read and write
|
||
|
36BD000
|
trusted library allocation
|
page read and write
|
||
|
1072000
|
unkown
|
page readonly
|
||
|
73D0000
|
heap
|
page read and write
|
||
|
5DBD000
|
stack
|
page read and write
|
||
|
D2744FE000
|
stack
|
page read and write
|
||
|
13B2000
|
heap
|
page read and write
|
||
|
BE3000
|
heap
|
page read and write
|
||
|
A1C000
|
unkown
|
page readonly
|
||
|
153D000
|
heap
|
page read and write
|
||
|
149B000
|
heap
|
page read and write
|
||
|
2AAD000
|
trusted library allocation
|
page read and write
|
||
|
BE3000
|
heap
|
page read and write
|
||
|
7C9E000
|
direct allocation
|
page read and write
|
||
|
512C000
|
heap
|
page read and write
|
||
|
C1B000
|
heap
|
page read and write
|
||
|
3C00000
|
direct allocation
|
page read and write
|
||
|
5AB7000
|
heap
|
page read and write
|
||
|
5156000
|
heap
|
page read and write
|
||
|
DEF000
|
stack
|
page read and write
|
||
|
445000
|
system
|
page execute and read and write
|
||
|
F4D000
|
stack
|
page read and write
|
||
|
6120000
|
trusted library allocation
|
page execute and read and write
|
||
|
3478000
|
trusted library allocation
|
page read and write
|
||
|
281D000
|
trusted library allocation
|
page execute and read and write
|
||
|
3C39000
|
trusted library allocation
|
page read and write
|
||
|
5E9C000
|
stack
|
page read and write
|
||
|
2AA6000
|
trusted library allocation
|
page read and write
|
||
|
3B83000
|
direct allocation
|
page read and write
|
||
|
3683000
|
trusted library allocation
|
page read and write
|
||
|
B80000
|
heap
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
668E000
|
stack
|
page read and write
|
||
|
3860000
|
direct allocation
|
page read and write
|
||
|
5BA1000
|
trusted library allocation
|
page read and write
|
||
|
28DC000
|
stack
|
page read and write
|
||
|
2FA5000
|
trusted library allocation
|
page execute and read and write
|
||
|
36C0000
|
direct allocation
|
page read and write
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
2F74000
|
trusted library allocation
|
page read and write
|
||
|
5AA0000
|
heap
|
page read and write
|
||
|
1490000
|
heap
|
page read and write
|
||
|
5120000
|
heap
|
page read and write
|
||
|
6100000
|
trusted library allocation
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
3D9E000
|
direct allocation
|
page read and write
|
||
|
5BCF000
|
trusted library allocation
|
page read and write
|
||
|
57B0000
|
trusted library allocation
|
page read and write
|
||
|
2B7A000
|
trusted library allocation
|
page read and write
|
||
|
1498000
|
heap
|
page read and write
|
||
|
6D9E000
|
stack
|
page read and write
|
||
|
540C000
|
stack
|
page read and write
|
||
|
367A000
|
trusted library allocation
|
page read and write
|
||
|
46E0000
|
trusted library allocation
|
page read and write
|
||
|
15C0000
|
heap
|
page read and write
|
||
|
C1B000
|
heap
|
page read and write
|
||
|
A60000
|
heap
|
page read and write
|
||
|
39D9000
|
direct allocation
|
page read and write
|
||
|
AD8000
|
heap
|
page read and write
|
||
|
549E000
|
direct allocation
|
page read and write
|
||
|
A1B000
|
stack
|
page read and write
|
||
|
556E000
|
stack
|
page read and write
|
||
|
2910000
|
heap
|
page read and write
|
||
|
289E000
|
stack
|
page read and write
|
||
|
3D9E000
|
direct allocation
|
page read and write
|
||
|
B7B000
|
heap
|
page read and write
|
||
|
2370000
|
heap
|
page read and write
|
||
|
C1B000
|
heap
|
page read and write
|
||
|
2810000
|
trusted library allocation
|
page read and write
|
||
|
26D0000
|
trusted library allocation
|
page read and write
|
||
|
FB1000
|
unkown
|
page execute read
|
||
|
2B83000
|
trusted library allocation
|
page read and write
|
||
|
398D000
|
direct allocation
|
page read and write
|
||
|
700F000
|
stack
|
page read and write
|
||
|
B10000
|
heap
|
page read and write
|
||
|
3160000
|
trusted library allocation
|
page execute and read and write
|
||
|
6FCD000
|
stack
|
page read and write
|
||
|
3D29000
|
direct allocation
|
page read and write
|
||
|
2904C7B9000
|
heap
|
page read and write
|
||
|
377A000
|
trusted library allocation
|
page read and write
|
||
|
5140000
|
heap
|
page read and write
|
||
|
2A3E000
|
stack
|
page read and write
|
||
|
15D8000
|
heap
|
page read and write
|
||
|
2904C6B0000
|
heap
|
page read and write
|
||
|
149A000
|
heap
|
page read and write
|
||
|
4641000
|
trusted library allocation
|
page read and write
|
||
|
104C000
|
unkown
|
page readonly
|
||
|
2820000
|
trusted library allocation
|
page read and write
|
||
|
2330000
|
heap
|
page read and write
|
||
|
5B9A000
|
trusted library allocation
|
page read and write
|
||
|
2BCD000
|
trusted library allocation
|
page read and write
|
||
|
2A8B000
|
trusted library allocation
|
page read and write
|
||
|
981000
|
unkown
|
page execute read
|
||
|
1470000
|
heap
|
page read and write
|
||
|
52D0000
|
heap
|
page read and write
|
||
|
1080000
|
unkown
|
page write copy
|
||
|
DFF000
|
stack
|
page read and write
|
||
|
16FB000
|
heap
|
page read and write
|
||
|
4B48000
|
trusted library allocation
|
page read and write
|
||
|
6548000
|
trusted library allocation
|
page read and write
|
||
|
A42000
|
unkown
|
page readonly
|
||
|
3989000
|
direct allocation
|
page read and write
|
||
|
2904C9C5000
|
heap
|
page read and write
|
||
|
409E000
|
direct allocation
|
page read and write
|
||
|
A42000
|
unkown
|
page readonly
|
||
|
B00000
|
heap
|
page read and write
|
||
|
1460000
|
heap
|
page read and write
|
||
|
3280000
|
trusted library allocation
|
page read and write
|
||
|
3D9E000
|
direct allocation
|
page read and write
|
||
|
16A2000
|
heap
|
page read and write
|
||
|
164B000
|
heap
|
page read and write
|
||
|
6D5E000
|
stack
|
page read and write
|
||
|
2BDF000
|
trusted library allocation
|
page read and write
|
||
|
5A7E000
|
stack
|
page read and write
|
||
|
A70000
|
heap
|
page read and write
|
||
|
1069000
|
stack
|
page read and write
|
||
|
1603000
|
heap
|
page read and write
|
||
|
16FB000
|
heap
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
6570000
|
trusted library allocation
|
page read and write
|
||
|
640E000
|
stack
|
page read and write
|
||
|
68CE000
|
stack
|
page read and write
|
||
|
FB1000
|
unkown
|
page execute read
|
||
|
7F8000
|
stack
|
page read and write
|
||
|
14CD000
|
heap
|
page read and write
|
||
|
398D000
|
direct allocation
|
page read and write
|
||
|
A1C000
|
unkown
|
page readonly
|
||
|
2BD7000
|
trusted library allocation
|
page read and write
|
||
|
39FE000
|
direct allocation
|
page read and write
|
||
|
A54000
|
unkown
|
page readonly
|
||
|
36BB000
|
trusted library allocation
|
page read and write
|
||
|
3D29000
|
direct allocation
|
page read and write
|
||
|
1468000
|
heap
|
page read and write
|
||
|
F0E000
|
stack
|
page read and write
|
||
|
1084000
|
unkown
|
page readonly
|
||
|
3833000
|
direct allocation
|
page read and write
|
||
|
51E0000
|
heap
|
page read and write
|
||
|
AA0000
|
heap
|
page read and write
|
||
|
66A7000
|
trusted library allocation
|
page read and write
|
||
|
27F0000
|
heap
|
page read and write
|
||
|
13B4000
|
heap
|
page read and write
|
||
|
BE3000
|
heap
|
page read and write
|
||
|
F90000
|
heap
|
page read and write
|
||
|
5B72000
|
heap
|
page read and write
|
||
|
37E3000
|
direct allocation
|
page read and write
|
||
|
16FB000
|
heap
|
page read and write
|
||
|
C20000
|
heap
|
page read and write
|
||
|
DDB000
|
stack
|
page read and write
|
||
|
39DD000
|
direct allocation
|
page read and write
|
||
|
75F0000
|
heap
|
page read and write
|
||
|
3234000
|
heap
|
page read and write
|
||
|
16FB000
|
heap
|
page read and write
|
||
|
38B0000
|
direct allocation
|
page read and write
|
||
|
68DE000
|
stack
|
page read and write
|
||
|
1460000
|
heap
|
page read and write
|
||
|
3B83000
|
direct allocation
|
page read and write
|
||
|
A50000
|
unkown
|
page write copy
|
||
|
ABE000
|
stack
|
page read and write
|
||
|
2B30000
|
heap
|
page read and write
|
||
|
15B0000
|
heap
|
page read and write
|
||
|
3460000
|
heap
|
page read and write
|
||
|
5183000
|
heap
|
page read and write
|
||
|
3624000
|
trusted library allocation
|
page read and write
|
||
|
3B83000
|
direct allocation
|
page read and write
|
||
|
6F30000
|
trusted library allocation
|
page read and write
|
||
|
13B4000
|
heap
|
page read and write
|
||
|
16FB000
|
heap
|
page read and write
|
||
|
3C00000
|
direct allocation
|
page read and write
|
||
|
BC4000
|
heap
|
page read and write
|
||
|
16E9000
|
heap
|
page read and write
|
||
|
5209000
|
heap
|
page read and write
|
||
|
7F880000
|
trusted library allocation
|
page execute and read and write
|
||
|
2850000
|
trusted library allocation
|
page read and write
|
||
|
16FB000
|
heap
|
page read and write
|
||
|
3D2D000
|
direct allocation
|
page read and write
|
||
|
3620000
|
trusted library allocation
|
page read and write
|
||
|
360E000
|
stack
|
page read and write
|
||
|
2F92000
|
trusted library allocation
|
page read and write
|
||
|
2830000
|
trusted library allocation
|
page read and write
|
||
|
CDE000
|
stack
|
page read and write
|
||
|
422000
|
system
|
page execute and read and write
|
||
|
3A4E000
|
direct allocation
|
page read and write
|
||
|
31DF000
|
heap
|
page read and write
|
||
|
D273CFA000
|
stack
|
page read and write
|
||
|
AFD000
|
stack
|
page read and write
|
||
|
CC1000
|
heap
|
page read and write
|
||
|
1F7E000
|
stack
|
page read and write
|
||
|
3D2D000
|
direct allocation
|
page read and write
|
||
|
145F000
|
stack
|
page read and write
|
||
|
38B0000
|
direct allocation
|
page read and write
|
||
|
C1B000
|
heap
|
page read and write
|
||
|
14AA000
|
heap
|
page read and write
|
||
|
3FD0000
|
direct allocation
|
page read and write
|
||
|
650E000
|
stack
|
page read and write
|
||
|
C1B000
|
heap
|
page read and write
|
||
|
1440000
|
heap
|
page read and write
|
||
|
13B2000
|
heap
|
page read and write
|
||
|
2FD0000
|
heap
|
page read and write
|
||
|
909E000
|
direct allocation
|
page read and write
|
||
|
DDF000
|
stack
|
page read and write
|
||
|
2B41000
|
trusted library allocation
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
2803000
|
trusted library allocation
|
page execute and read and write
|
||
|
6F00000
|
trusted library allocation
|
page read and write
|
||
|
2904E350000
|
heap
|
page read and write
|
||
|
C03000
|
heap
|
page read and write
|
||
|
518E000
|
heap
|
page read and write
|
||
|
2F96000
|
trusted library allocation
|
page execute and read and write
|
||
|
A3F000
|
stack
|
page read and write
|
||
|
1452000
|
heap
|
page read and write
|
||
|
2C7A000
|
trusted library allocation
|
page read and write
|
||
|
3630000
|
heap
|
page execute and read and write
|
||
|
3A4E000
|
direct allocation
|
page read and write
|
||
|
2920000
|
trusted library allocation
|
page read and write
|
||
|
4091000
|
direct allocation
|
page read and write
|
||
|
BA8000
|
heap
|
page read and write
|
||
|
566F000
|
stack
|
page read and write
|
||
|
BD2000
|
heap
|
page read and write
|
||
|
63CE000
|
stack
|
page read and write
|
||
|
610D000
|
trusted library allocation
|
page read and write
|
||
|
149A000
|
heap
|
page read and write
|
||
|
6EF4000
|
trusted library allocation
|
page read and write
|
||
|
1613000
|
heap
|
page read and write
|
||
|
1492000
|
heap
|
page read and write
|
||
|
2F9A000
|
trusted library allocation
|
page execute and read and write
|
||
|
AD0000
|
heap
|
page read and write
|
||
|
6E9E000
|
stack
|
page read and write
|
||
|
7FD40000
|
trusted library allocation
|
page execute and read and write
|
||
|
6ED0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F50000
|
trusted library section
|
page read and write
|
||
|
16E2000
|
heap
|
page read and write
|
||
|
2904C79C000
|
heap
|
page read and write
|
||
|
1480000
|
trusted library section
|
page read and write
|
||
|
5B86000
|
trusted library allocation
|
page read and write
|
||
|
C01000
|
heap
|
page read and write
|
||
|
37E3000
|
direct allocation
|
page read and write
|
||
|
6550000
|
trusted library allocation
|
page read and write
|
||
|
550C000
|
stack
|
page read and write
|
||
|
2A9A000
|
trusted library allocation
|
page read and write
|
||
|
38B0000
|
direct allocation
|
page read and write
|
||
|
5B80000
|
trusted library allocation
|
page read and write
|
||
|
C03000
|
heap
|
page read and write
|
||
|
311E000
|
stack
|
page read and write
|
||
|
2A80000
|
trusted library allocation
|
page read and write
|
||
|
2350000
|
direct allocation
|
page execute and read and write
|
||
|
3D29000
|
direct allocation
|
page read and write
|
||
|
13B2000
|
heap
|
page read and write
|
||
|
6C5D000
|
stack
|
page read and write
|
||
|
23A0000
|
heap
|
page read and write
|
||
|
684E000
|
stack
|
page read and write
|
||
|
2837000
|
trusted library allocation
|
page execute and read and write
|
||
|
2FC0000
|
trusted library allocation
|
page read and write
|
||
|
FB0000
|
unkown
|
page readonly
|
||
|
2A8E000
|
trusted library allocation
|
page read and write
|
||
|
3C00000
|
direct allocation
|
page read and write
|
||
|
280D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1180000
|
heap
|
page read and write
|
||
|
16FB000
|
heap
|
page read and write
|
||
|
2F60000
|
trusted library allocation
|
page read and write
|
||
|
107C000
|
unkown
|
page read and write
|
||
|
1600000
|
heap
|
page read and write
|
||
|
3690000
|
trusted library allocation
|
page read and write
|
||
|
2374000
|
heap
|
page read and write
|
||
|
2A7E000
|
stack
|
page read and write
|
||
|
57BD000
|
trusted library allocation
|
page read and write
|
||
|
104C000
|
unkown
|
page readonly
|
||
|
B0A000
|
heap
|
page read and write
|
||
|
6EF0000
|
trusted library allocation
|
page read and write
|
||
|
3833000
|
direct allocation
|
page read and write
|
||
|
2826000
|
trusted library allocation
|
page execute and read and write
|
||
|
3A60000
|
direct allocation
|
page read and write
|
||
|
603E000
|
stack
|
page read and write
|
||
|
2904C9CC000
|
heap
|
page read and write
|
||
|
2A9E000
|
trusted library allocation
|
page read and write
|
||
|
14AA000
|
heap
|
page read and write
|
||
|
15AE000
|
stack
|
page read and write
|
||
|
2930000
|
heap
|
page read and write
|
||
|
FB0000
|
unkown
|
page readonly
|
||
|
1190000
|
heap
|
page read and write
|
||
|
BF2000
|
heap
|
page read and write
|
||
|
5EFD000
|
stack
|
page read and write
|
||
|
BE4000
|
heap
|
page read and write
|
||
|
3D29000
|
direct allocation
|
page read and write
|
||
|
2AA1000
|
trusted library allocation
|
page read and write
|
||
|
1460000
|
heap
|
page read and write
|
||
|
6140000
|
trusted library allocation
|
page execute and read and write
|
||
|
3D9E000
|
direct allocation
|
page read and write
|
||
|
2933000
|
heap
|
page read and write
|
||
|
13C4000
|
heap
|
page read and write
|
||
|
6A10000
|
heap
|
page read and write
|
||
|
2BD5000
|
trusted library allocation
|
page read and write
|
||
|
3C00000
|
direct allocation
|
page read and write
|
||
|
A4C000
|
unkown
|
page read and write
|
||
|
B0D000
|
heap
|
page read and write
|
||
|
AA5000
|
heap
|
page read and write
|
||
|
1084000
|
unkown
|
page readonly
|
||
|
14EE000
|
heap
|
page read and write
|
||
|
9A9E000
|
direct allocation
|
page read and write
|
||
|
16BF000
|
heap
|
page read and write
|
||
|
690E000
|
stack
|
page read and write
|
||
|
2F83000
|
trusted library allocation
|
page read and write
|
||
|
1084000
|
unkown
|
page readonly
|
||
|
39FE000
|
direct allocation
|
page read and write
|
||
|
13B2000
|
heap
|
page read and write
|
||
|
2800000
|
trusted library allocation
|
page read and write
|
||
|
BD4000
|
heap
|
page read and write
|
||
|
2832000
|
trusted library allocation
|
page read and write
|
||
|
3C00000
|
direct allocation
|
page read and write
|
||
|
2904C700000
|
heap
|
page read and write
|
||
|
D2745FF000
|
stack
|
page read and write
|
||
|
57C0000
|
heap
|
page read and write
|
||
|
2FA2000
|
trusted library allocation
|
page read and write
|
||
|
7020000
|
trusted library allocation
|
page read and write
|
||
|
1072000
|
unkown
|
page readonly
|
||
|
14CB000
|
heap
|
page read and write
|
||
|
3650000
|
trusted library allocation
|
page read and write
|
||
|
3A60000
|
direct allocation
|
page read and write
|
||
|
F1E000
|
stack
|
page read and write
|
||
|
C1B000
|
heap
|
page read and write
|
||
|
3B83000
|
direct allocation
|
page read and write
|
||
|
149A000
|
heap
|
page read and write
|
||
|
5B8E000
|
trusted library allocation
|
page read and write
|
||
|
D273DFE000
|
stack
|
page read and write
|
||
|
13FF000
|
heap
|
page read and write
|
||
|
28F0000
|
trusted library allocation
|
page read and write
|
||
|
16A2000
|
heap
|
page read and write
|
||
|
6EED000
|
trusted library allocation
|
page read and write
|
||
|
2BBB000
|
trusted library allocation
|
page read and write
|
||
|
6690000
|
heap
|
page read and write
|
||
|
1B70000
|
heap
|
page read and write
|
||
|
5EFE000
|
stack
|
page read and write
|
||
|
5BA6000
|
trusted library allocation
|
page read and write
|
||
|
1600000
|
heap
|
page read and write
|
||
|
1452000
|
heap
|
page read and write
|
||
|
2FAB000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F70000
|
trusted library allocation
|
page read and write
|
||
|
2B37000
|
heap
|
page read and write
|
||
|
1462000
|
heap
|
page read and write
|
||
|
6FA000
|
stack
|
page read and write
|
||
|
3A60000
|
direct allocation
|
page read and write
|
||
|
C1B000
|
heap
|
page read and write
|
||
|
19AF000
|
stack
|
page read and write
|
||
|
BE4000
|
heap
|
page read and write
|
||
|
D2746FB000
|
stack
|
page read and write
|
||
|
5BB2000
|
trusted library allocation
|
page read and write
|
||
|
2904C6C0000
|
heap
|
page read and write
|
||
|
BCC000
|
heap
|
page read and write
|
||
|
149A000
|
heap
|
page read and write
|
||
|
1084000
|
unkown
|
page readonly
|
There are 604 hidden memdumps, click here to show them.