Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
7Ql51TchBG.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\directory\name.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbs
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\atule
|
ASCII text, with very long lines (29744), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\aut2F77.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\aut2FC6.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\aut338C.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\aut33EB.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\autFF8D.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\autFFDC.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nonhazardousness
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\7Ql51TchBG.exe
|
"C:\Users\user\Desktop\7Ql51TchBG.exe"
|
|
|
|
C:\Users\user\AppData\Local\directory\name.exe
|
"C:\Users\user\Desktop\7Ql51TchBG.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Users\user\Desktop\7Ql51TchBG.exe"
|
|
|
|
C:\Windows\System32\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbs"
|
|
|
|
C:\Users\user\AppData\Local\directory\name.exe
|
"C:\Users\user\AppData\Local\directory\name.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Users\user\AppData\Local\directory\name.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://reallyfreegeoip.orgX
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/81.181.54.104
|
104.21.67.152
|
||
|
http://checkip.dyndns.org/
|
158.101.44.242
|
||
|
http://checkip.dyndns.org/q
|
unknown
|
||
|
https://scratchdreams.tk
|
unknown
|
||
|
http://reallyfreegeoip.org
|
unknown
|
||
|
https://reallyfreegeoip.org
|
unknown
|
||
|
https://scratchdreams.tk/_send_.php?TS
|
172.67.169.18
|
||
|
http://checkip.dyndns.org
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/81.181.54.104$
|
unknown
|
||
|
http://checkip.dyndns.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://scratchdreams.tk
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/
|
unknown
|
There are 4 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
checkip.dyndns.org
|
unknown
|
|
|
|
reallyfreegeoip.org
|
104.21.67.152
|
||
|
scratchdreams.tk
|
172.67.169.18
|
||
|
checkip.dyndns.com
|
158.101.44.242
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
104.21.67.152
|
reallyfreegeoip.org
|
United States
|
||
|
172.67.169.18
|
scratchdreams.tk
|
United States
|
||
|
158.101.44.242
|
checkip.dyndns.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1590000
|
direct allocation
|
page read and write
|
|
|
|
43F5000
|
trusted library allocation
|
page read and write
|
|
|
|
2AC5000
|
heap
|
page read and write
|
|
|
|
3001000
|
trusted library allocation
|
page read and write
|
|
|
|
3370000
|
trusted library section
|
page read and write
|
|
|
|
3459000
|
trusted library allocation
|
page read and write
|
|
|
|
2ED0000
|
trusted library section
|
page read and write
|
|
|
|
3440000
|
direct allocation
|
page read and write
|
|
|
|
13A4000
|
heap
|
page read and write
|
||
|
C36000
|
heap
|
page read and write
|
||
|
2FA8000
|
trusted library allocation
|
page read and write
|
||
|
303E000
|
stack
|
page read and write
|
||
|
3514000
|
trusted library allocation
|
page read and write
|
||
|
2A12000
|
trusted library allocation
|
page read and write
|
||
|
2A1A000
|
trusted library allocation
|
page execute and read and write
|
||
|
3490000
|
direct allocation
|
page read and write
|
||
|
B0E000
|
stack
|
page read and write
|
||
|
BDC000
|
heap
|
page read and write
|
||
|
3490000
|
direct allocation
|
page read and write
|
||
|
30A7000
|
trusted library allocation
|
page read and write
|
||
|
2D80000
|
heap
|
page read and write
|
||
|
3630000
|
direct allocation
|
page read and write
|
||
|
1273000
|
heap
|
page read and write
|
||
|
33FC000
|
trusted library allocation
|
page read and write
|
||
|
C56000
|
heap
|
page read and write
|
||
|
900000
|
heap
|
page read and write
|
||
|
CF5000
|
heap
|
page read and write
|
||
|
29F3000
|
trusted library allocation
|
page execute and read and write
|
||
|
4063000
|
direct allocation
|
page read and write
|
||
|
35D2000
|
trusted library allocation
|
page read and write
|
||
|
420D000
|
direct allocation
|
page read and write
|
||
|
401F000
|
trusted library allocation
|
page read and write
|
||
|
3438000
|
trusted library allocation
|
page read and write
|
||
|
3421000
|
trusted library allocation
|
page read and write
|
||
|
35A5000
|
trusted library allocation
|
page read and write
|
||
|
5960000
|
trusted library allocation
|
page read and write
|
||
|
2F13000
|
trusted library allocation
|
page read and write
|
||
|
1417000
|
heap
|
page read and write
|
||
|
2F20000
|
trusted library allocation
|
page read and write
|
||
|
2FFF000
|
trusted library allocation
|
page read and write
|
||
|
16EE000
|
stack
|
page read and write
|
||
|
3096000
|
trusted library allocation
|
page read and write
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
28C000
|
unkown
|
page read and write
|
||
|
30E1000
|
trusted library allocation
|
page read and write
|
||
|
427E000
|
direct allocation
|
page read and write
|
||
|
379D000
|
direct allocation
|
page read and write
|
||
|
1803000
|
heap
|
page read and write
|
||
|
3F40000
|
direct allocation
|
page read and write
|
||
|
DDE000
|
stack
|
page read and write
|
||
|
57BE000
|
heap
|
page read and write
|
||
|
5752000
|
heap
|
page read and write
|
||
|
5D92000
|
heap
|
page read and write
|
||
|
11E0000
|
heap
|
page read and write
|
||
|
181000
|
unkown
|
page execute read
|
||
|
6BEE000
|
stack
|
page read and write
|
||
|
21C000
|
unkown
|
page readonly
|
||
|
2F60000
|
trusted library allocation
|
page read and write
|
||
|
1833000
|
heap
|
page read and write
|
||
|
676E000
|
stack
|
page read and write
|
||
|
16D0000
|
heap
|
page read and write
|
||
|
380E000
|
direct allocation
|
page read and write
|
||
|
375D000
|
direct allocation
|
page read and write
|
||
|
242000
|
unkown
|
page readonly
|
||
|
9EF000
|
stack
|
page read and write
|
||
|
150D000
|
stack
|
page read and write
|
||
|
2F50000
|
trusted library allocation
|
page read and write
|
||
|
4209000
|
direct allocation
|
page read and write
|
||
|
C46000
|
heap
|
page read and write
|
||
|
1802000
|
heap
|
page read and write
|
||
|
3128000
|
trusted library allocation
|
page read and write
|
||
|
360D000
|
trusted library allocation
|
page read and write
|
||
|
13A0000
|
heap
|
page read and write
|
||
|
19C9000
|
heap
|
page read and write
|
||
|
3170000
|
trusted library allocation
|
page read and write
|
||
|
282000
|
unkown
|
page readonly
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
FDC000
|
stack
|
page read and write
|
||
|
FFF000
|
stack
|
page read and write
|
||
|
1348000
|
heap
|
page read and write
|
||
|
1446000
|
heap
|
page read and write
|
||
|
2F2A000
|
trusted library allocation
|
page execute and read and write
|
||
|
37CE000
|
direct allocation
|
page read and write
|
||
|
2FEB000
|
trusted library allocation
|
page read and write
|
||
|
BDB000
|
heap
|
page read and write
|
||
|
317E000
|
trusted library allocation
|
page read and write
|
||
|
24C000
|
unkown
|
page read and write
|
||
|
1271000
|
heap
|
page read and write
|
||
|
76AE000
|
direct allocation
|
page read and write
|
||
|
652D000
|
stack
|
page read and write
|
||
|
30F4000
|
trusted library allocation
|
page read and write
|
||
|
23297455000
|
heap
|
page read and write
|
||
|
250000
|
unkown
|
page write copy
|
||
|
343A000
|
trusted library allocation
|
page read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
2F70000
|
heap
|
page execute and read and write
|
||
|
1802000
|
heap
|
page read and write
|
||
|
427E000
|
direct allocation
|
page read and write
|
||
|
1966000
|
heap
|
page read and write
|
||
|
3670000
|
direct allocation
|
page read and write
|
||
|
2EF0000
|
trusted library allocation
|
page read and write
|
||
|
C82000
|
heap
|
page read and write
|
||
|
9FF000
|
stack
|
page read and write
|
||
|
43B000
|
system
|
page execute and read and write
|
||
|
3799000
|
direct allocation
|
page read and write
|
||
|
558E000
|
stack
|
page read and write
|
||
|
2FF5000
|
trusted library allocation
|
page read and write
|
||
|
1800000
|
heap
|
page read and write
|
||
|
344F000
|
trusted library allocation
|
page read and write
|
||
|
139F000
|
stack
|
page read and write
|
||
|
2FF7000
|
trusted library allocation
|
page read and write
|
||
|
19E8000
|
heap
|
page read and write
|
||
|
64EE000
|
stack
|
page read and write
|
||
|
19C8000
|
heap
|
page read and write
|
||
|
1800000
|
heap
|
page read and write
|
||
|
3490000
|
direct allocation
|
page read and write
|
||
|
3430000
|
direct allocation
|
page execute and read and write
|
||
|
FEF000
|
stack
|
page read and write
|
||
|
1457000
|
heap
|
page read and write
|
||
|
342B000
|
trusted library allocation
|
page read and write
|
||
|
3453000
|
trusted library allocation
|
page read and write
|
||
|
5A4F000
|
stack
|
page read and write
|
||
|
2FAA000
|
trusted library allocation
|
page read and write
|
||
|
2D0E000
|
stack
|
page read and write
|
||
|
19D7000
|
heap
|
page read and write
|
||
|
12A3000
|
heap
|
page read and write
|
||
|
FC0000
|
heap
|
page read and write
|
||
|
35B3000
|
direct allocation
|
page read and write
|
||
|
1778000
|
heap
|
page read and write
|
||
|
3F91000
|
trusted library allocation
|
page read and write
|
||
|
E55000
|
heap
|
page read and write
|
||
|
BA8000
|
heap
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
2F70000
|
heap
|
page execute and read and write
|
||
|
35F3000
|
direct allocation
|
page read and write
|
||
|
28C000
|
unkown
|
page write copy
|
||
|
23297735000
|
heap
|
page read and write
|
||
|
40E0000
|
direct allocation
|
page read and write
|
||
|
2E9E000
|
trusted library allocation
|
page read and write
|
||
|
C34000
|
heap
|
page read and write
|
||
|
2A20000
|
trusted library allocation
|
page read and write
|
||
|
11E8000
|
heap
|
page read and write
|
||
|
2F32000
|
trusted library allocation
|
page read and write
|
||
|
340C000
|
trusted library allocation
|
page read and write
|
||
|
4063000
|
direct allocation
|
page read and write
|
||
|
DF2000
|
heap
|
page read and write
|
||
|
132B000
|
heap
|
page read and write
|
||
|
9EAE000
|
direct allocation
|
page read and write
|
||
|
30A3000
|
trusted library allocation
|
page read and write
|
||
|
3799000
|
direct allocation
|
page read and write
|
||
|
13D5000
|
heap
|
page read and write
|
||
|
2F26000
|
trusted library allocation
|
page execute and read and write
|
||
|
E01000
|
heap
|
page read and write
|
||
|
4209000
|
direct allocation
|
page read and write
|
||
|
E9E000
|
stack
|
page read and write
|
||
|
1293000
|
heap
|
page read and write
|
||
|
341D000
|
trusted library allocation
|
page read and write
|
||
|
3542000
|
trusted library allocation
|
page read and write
|
||
|
C56000
|
heap
|
page read and write
|
||
|
2FD4000
|
trusted library allocation
|
page read and write
|
||
|
10E3000
|
heap
|
page read and write
|
||
|
24C000
|
unkown
|
page write copy
|
||
|
C62000
|
heap
|
page read and write
|
||
|
1C1000
|
unkown
|
page execute read
|
||
|
1190000
|
direct allocation
|
page execute and read and write
|
||
|
87AA1FD000
|
stack
|
page read and write
|
||
|
1180000
|
heap
|
page read and write
|
||
|
181000
|
unkown
|
page execute read
|
||
|
2FC3000
|
trusted library allocation
|
page read and write
|
||
|
35B3000
|
direct allocation
|
page read and write
|
||
|
2F30000
|
trusted library allocation
|
page read and write
|
||
|
25C000
|
unkown
|
page readonly
|
||
|
3F0000
|
heap
|
page read and write
|
||
|
427E000
|
direct allocation
|
page read and write
|
||
|
354D000
|
trusted library allocation
|
page read and write
|
||
|
21C000
|
unkown
|
page readonly
|
||
|
39E0000
|
direct allocation
|
page read and write
|
||
|
34D0000
|
direct allocation
|
page read and write
|
||
|
352E000
|
trusted library allocation
|
page read and write
|
||
|
68EE000
|
stack
|
page read and write
|
||
|
DDF000
|
heap
|
page read and write
|
||
|
31BA000
|
trusted library allocation
|
page read and write
|
||
|
33B0000
|
trusted library allocation
|
page read and write
|
||
|
3551000
|
trusted library allocation
|
page read and write
|
||
|
3040000
|
heap
|
page execute and read and write
|
||
|
3457000
|
trusted library allocation
|
page read and write
|
||
|
C63000
|
heap
|
page read and write
|
||
|
1510000
|
heap
|
page read and write
|
||
|
23297690000
|
heap
|
page read and write
|
||
|
3637000
|
trusted library allocation
|
page read and write
|
||
|
2FD6000
|
trusted library allocation
|
page read and write
|
||
|
3050000
|
trusted library allocation
|
page read and write
|
||
|
35F3000
|
direct allocation
|
page read and write
|
||
|
254000
|
unkown
|
page readonly
|
||
|
5710000
|
heap
|
page read and write
|
||
|
2FBF000
|
trusted library allocation
|
page read and write
|
||
|
5B4D000
|
stack
|
page read and write
|
||
|
2F80000
|
trusted library allocation
|
page read and write
|
||
|
30B4000
|
trusted library allocation
|
page read and write
|
||
|
E01000
|
heap
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
2FBD000
|
trusted library allocation
|
page read and write
|
||
|
3427000
|
trusted library allocation
|
page read and write
|
||
|
2C80000
|
heap
|
page read and write
|
||
|
5DC3000
|
heap
|
page read and write
|
||
|
30F8000
|
trusted library allocation
|
page read and write
|
||
|
5D50000
|
heap
|
page read and write
|
||
|
3FC9000
|
trusted library allocation
|
page read and write
|
||
|
3F40000
|
direct allocation
|
page read and write
|
||
|
2C50000
|
trusted library allocation
|
page read and write
|
||
|
35F3000
|
direct allocation
|
page read and write
|
||
|
5C50000
|
heap
|
page read and write
|
||
|
144C000
|
heap
|
page read and write
|
||
|
5A50000
|
trusted library allocation
|
page read and write
|
||
|
2F97000
|
trusted library allocation
|
page read and write
|
||
|
1515000
|
heap
|
page read and write
|
||
|
1446000
|
heap
|
page read and write
|
||
|
294000
|
unkown
|
page readonly
|
||
|
17A8000
|
heap
|
page read and write
|
||
|
19E8000
|
heap
|
page read and write
|
||
|
2329773E000
|
heap
|
page read and write
|
||
|
D29000
|
stack
|
page read and write
|
||
|
3420000
|
heap
|
page read and write
|
||
|
1057000
|
heap
|
page read and write
|
||
|
1446000
|
heap
|
page read and write
|
||
|
2FC7000
|
trusted library allocation
|
page read and write
|
||
|
2FA4000
|
trusted library allocation
|
page read and write
|
||
|
180000
|
unkown
|
page readonly
|
||
|
30CD000
|
trusted library allocation
|
page read and write
|
||
|
2F30000
|
trusted library allocation
|
page read and write
|
||
|
1282000
|
heap
|
page read and write
|
||
|
2AA0000
|
heap
|
page read and write
|
||
|
2ED0000
|
trusted library section
|
page read and write
|
||
|
612F000
|
stack
|
page read and write
|
||
|
3516000
|
trusted library allocation
|
page read and write
|
||
|
63AF000
|
stack
|
page read and write
|
||
|
17A7000
|
heap
|
page read and write
|
||
|
232973C0000
|
heap
|
page read and write
|
||
|
80AE000
|
direct allocation
|
page read and write
|
||
|
C34000
|
heap
|
page read and write
|
||
|
359D000
|
trusted library allocation
|
page read and write
|
||
|
C45000
|
heap
|
page read and write
|
||
|
2D70000
|
trusted library allocation
|
page read and write
|
||
|
2EC5000
|
trusted library allocation
|
page read and write
|
||
|
2A03000
|
trusted library allocation
|
page read and write
|
||
|
2FB7000
|
trusted library allocation
|
page read and write
|
||
|
10C9000
|
heap
|
page read and write
|
||
|
1437000
|
heap
|
page read and write
|
||
|
1437000
|
heap
|
page read and write
|
||
|
1271000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
676E000
|
stack
|
page read and write
|
||
|
313C000
|
trusted library allocation
|
page read and write
|
||
|
3440000
|
trusted library allocation
|
page read and write
|
||
|
427E000
|
direct allocation
|
page read and write
|
||
|
5B0E000
|
stack
|
page read and write
|
||
|
59B0000
|
trusted library allocation
|
page read and write
|
||
|
290000
|
unkown
|
page write copy
|
||
|
D92000
|
heap
|
page read and write
|
||
|
13EF000
|
stack
|
page read and write
|
||
|
21C000
|
unkown
|
page readonly
|
||
|
242000
|
unkown
|
page readonly
|
||
|
30EC000
|
trusted library allocation
|
page read and write
|
||
|
5714000
|
heap
|
page read and write
|
||
|
63EE000
|
stack
|
page read and write
|
||
|
3148000
|
trusted library allocation
|
page read and write
|
||
|
2F00000
|
trusted library allocation
|
page read and write
|
||
|
2F90000
|
heap
|
page read and write
|
||
|
2FA6000
|
trusted library allocation
|
page read and write
|
||
|
180000
|
unkown
|
page readonly
|
||
|
1580000
|
direct allocation
|
page execute and read and write
|
||
|
242000
|
unkown
|
page readonly
|
||
|
2F04000
|
trusted library allocation
|
page read and write
|
||
|
5DDD000
|
heap
|
page read and write
|
||
|
13DC000
|
stack
|
page read and write
|
||
|
3425000
|
trusted library allocation
|
page read and write
|
||
|
65AE000
|
stack
|
page read and write
|
||
|
62AE000
|
direct allocation
|
page read and write
|
||
|
3F40000
|
direct allocation
|
page read and write
|
||
|
3434000
|
trusted library allocation
|
page read and write
|
||
|
40E0000
|
direct allocation
|
page read and write
|
||
|
379D000
|
direct allocation
|
page read and write
|
||
|
1293000
|
heap
|
page read and write
|
||
|
3429000
|
trusted library allocation
|
page read and write
|
||
|
2FFE000
|
stack
|
page read and write
|
||
|
3559000
|
trusted library allocation
|
page read and write
|
||
|
447F000
|
trusted library allocation
|
page read and write
|
||
|
3759000
|
direct allocation
|
page read and write
|
||
|
2A2B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1811000
|
heap
|
page read and write
|
||
|
3144000
|
trusted library allocation
|
page read and write
|
||
|
2A27000
|
trusted library allocation
|
page execute and read and write
|
||
|
BDC000
|
heap
|
page read and write
|
||
|
58D4000
|
trusted library allocation
|
page read and write
|
||
|
3759000
|
direct allocation
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
3799000
|
direct allocation
|
page read and write
|
||
|
2FA2000
|
trusted library allocation
|
page read and write
|
||
|
3AAE000
|
direct allocation
|
page read and write
|
||
|
4063000
|
direct allocation
|
page read and write
|
||
|
9CF000
|
stack
|
page read and write
|
||
|
33B6000
|
trusted library allocation
|
page read and write
|
||
|
3134000
|
trusted library allocation
|
page read and write
|
||
|
12A4000
|
heap
|
page read and write
|
||
|
30B6000
|
trusted library allocation
|
page read and write
|
||
|
FE0000
|
trusted library section
|
page read and write
|
||
|
1554000
|
heap
|
page read and write
|
||
|
9FB000
|
stack
|
page read and write
|
||
|
C34000
|
heap
|
page read and write
|
||
|
87A9BFE000
|
stack
|
page read and write
|
||
|
1273000
|
heap
|
page read and write
|
||
|
1457000
|
heap
|
page read and write
|
||
|
13ED000
|
heap
|
page read and write
|
||
|
340A000
|
trusted library allocation
|
page read and write
|
||
|
380E000
|
direct allocation
|
page read and write
|
||
|
6CEF000
|
stack
|
page read and write
|
||
|
2FE2000
|
trusted library allocation
|
page read and write
|
||
|
35C4000
|
trusted library allocation
|
page read and write
|
||
|
2F80000
|
heap
|
page read and write
|
||
|
1832000
|
heap
|
page read and write
|
||
|
39C0000
|
heap
|
page read and write
|
||
|
309E000
|
trusted library allocation
|
page read and write
|
||
|
19DD000
|
heap
|
page read and write
|
||
|
2F54000
|
heap
|
page read and write
|
||
|
3444000
|
trusted library allocation
|
page read and write
|
||
|
59C0000
|
trusted library allocation
|
page read and write
|
||
|
1770000
|
heap
|
page read and write
|
||
|
4053000
|
trusted library allocation
|
page read and write
|
||
|
1380000
|
heap
|
page read and write
|
||
|
E50000
|
heap
|
page read and write
|
||
|
9BF000
|
stack
|
page read and write
|
||
|
656F000
|
stack
|
page read and write
|
||
|
31AC000
|
trusted library allocation
|
page read and write
|
||
|
1550000
|
heap
|
page read and write
|
||
|
94AE000
|
direct allocation
|
page read and write
|
||
|
FB0000
|
heap
|
page read and write
|
||
|
40E0000
|
direct allocation
|
page read and write
|
||
|
2F9C000
|
trusted library allocation
|
page read and write
|
||
|
BC3000
|
heap
|
page read and write
|
||
|
35FB000
|
trusted library allocation
|
page read and write
|
||
|
2C70000
|
trusted library allocation
|
page read and write
|
||
|
2F3B000
|
trusted library allocation
|
page execute and read and write
|
||
|
2FB0000
|
heap
|
page read and write
|
||
|
CF7000
|
stack
|
page read and write
|
||
|
1170000
|
heap
|
page read and write
|
||
|
4063000
|
direct allocation
|
page read and write
|
||
|
2A22000
|
trusted library allocation
|
page read and write
|
||
|
3595000
|
trusted library allocation
|
page read and write
|
||
|
369000
|
stack
|
page read and write
|
||
|
181000
|
unkown
|
page execute read
|
||
|
1F6E000
|
stack
|
page read and write
|
||
|
35A1000
|
trusted library allocation
|
page read and write
|
||
|
3630000
|
direct allocation
|
page read and write
|
||
|
1C0000
|
unkown
|
page readonly
|
||
|
1458000
|
heap
|
page read and write
|
||
|
312C000
|
trusted library allocation
|
page read and write
|
||
|
3163000
|
trusted library allocation
|
page read and write
|
||
|
3404000
|
trusted library allocation
|
page read and write
|
||
|
31D6000
|
trusted library allocation
|
page read and write
|
||
|
1910000
|
heap
|
page read and write
|
||
|
336E000
|
stack
|
page read and write
|
||
|
87AA4FE000
|
stack
|
page read and write
|
||
|
420D000
|
direct allocation
|
page read and write
|
||
|
556D000
|
stack
|
page read and write
|
||
|
33B4000
|
trusted library allocation
|
page read and write
|
||
|
1413000
|
heap
|
page read and write
|
||
|
DF2000
|
heap
|
page read and write
|
||
|
19C7000
|
heap
|
page read and write
|
||
|
2FD8000
|
trusted library allocation
|
page read and write
|
||
|
33F7000
|
trusted library allocation
|
page read and write
|
||
|
FCE000
|
stack
|
page read and write
|
||
|
1C1000
|
unkown
|
page execute read
|
||
|
5D6C000
|
heap
|
page read and write
|
||
|
341F000
|
trusted library allocation
|
page read and write
|
||
|
2FEF000
|
trusted library allocation
|
page read and write
|
||
|
3F40000
|
direct allocation
|
page read and write
|
||
|
E01000
|
heap
|
page read and write
|
||
|
3130000
|
trusted library allocation
|
page read and write
|
||
|
1811000
|
heap
|
page read and write
|
||
|
1020000
|
heap
|
page read and write
|
||
|
2F37000
|
trusted library allocation
|
page execute and read and write
|
||
|
616D000
|
stack
|
page read and write
|
||
|
2F40000
|
trusted library allocation
|
page execute and read and write
|
||
|
4209000
|
direct allocation
|
page read and write
|
||
|
43F1000
|
trusted library allocation
|
page read and write
|
||
|
2D20000
|
heap
|
page execute and read and write
|
||
|
420D000
|
direct allocation
|
page read and write
|
||
|
1217000
|
heap
|
page read and write
|
||
|
309B000
|
trusted library allocation
|
page read and write
|
||
|
C25000
|
heap
|
page read and write
|
||
|
2F3F000
|
stack
|
page read and write
|
||
|
3442000
|
trusted library allocation
|
page read and write
|
||
|
33F1000
|
trusted library allocation
|
page read and write
|
||
|
316F000
|
stack
|
page read and write
|
||
|
6CAE000
|
direct allocation
|
page read and write
|
||
|
2FDA000
|
trusted library allocation
|
page read and write
|
||
|
4063000
|
direct allocation
|
page read and write
|
||
|
C4C000
|
heap
|
page read and write
|
||
|
2A10000
|
trusted library allocation
|
page read and write
|
||
|
6B2E000
|
stack
|
page read and write
|
||
|
420D000
|
direct allocation
|
page read and write
|
||
|
2F0D000
|
trusted library allocation
|
page execute and read and write
|
||
|
282000
|
unkown
|
page readonly
|
||
|
1922000
|
heap
|
page read and write
|
||
|
5D54000
|
heap
|
page read and write
|
||
|
2A16000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F22000
|
trusted library allocation
|
page read and write
|
||
|
180000
|
unkown
|
page readonly
|
||
|
1950000
|
heap
|
page read and write
|
||
|
6BAE000
|
stack
|
page read and write
|
||
|
2FF3000
|
trusted library allocation
|
page read and write
|
||
|
1271000
|
heap
|
page read and write
|
||
|
3AA1000
|
direct allocation
|
page read and write
|
||
|
3759000
|
direct allocation
|
page read and write
|
||
|
C37000
|
heap
|
page read and write
|
||
|
2FAC000
|
trusted library allocation
|
page read and write
|
||
|
3449000
|
trusted library allocation
|
page read and write
|
||
|
552D000
|
stack
|
page read and write
|
||
|
29FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1370000
|
heap
|
page read and write
|
||
|
375D000
|
direct allocation
|
page read and write
|
||
|
D35000
|
heap
|
page read and write
|
||
|
344B000
|
trusted library allocation
|
page read and write
|
||
|
2D16000
|
trusted library allocation
|
page read and write
|
||
|
1458000
|
heap
|
page read and write
|
||
|
375D000
|
direct allocation
|
page read and write
|
||
|
3599000
|
trusted library allocation
|
page read and write
|
||
|
3504000
|
trusted library allocation
|
page read and write
|
||
|
C34000
|
heap
|
page read and write
|
||
|
13BF000
|
stack
|
page read and write
|
||
|
1822000
|
heap
|
page read and write
|
||
|
420D000
|
direct allocation
|
page read and write
|
||
|
54CE000
|
stack
|
page read and write
|
||
|
626E000
|
stack
|
page read and write
|
||
|
BDC000
|
heap
|
page read and write
|
||
|
294000
|
unkown
|
page readonly
|
||
|
254000
|
unkown
|
page readonly
|
||
|
19D7000
|
heap
|
page read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
58AE000
|
direct allocation
|
page read and write
|
||
|
37CE000
|
direct allocation
|
page read and write
|
||
|
87A9AFA000
|
stack
|
page read and write
|
||
|
87AA2FE000
|
stack
|
page read and write
|
||
|
18F3000
|
heap
|
page read and write
|
||
|
1204000
|
heap
|
page read and write
|
||
|
87AA3FF000
|
stack
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
250000
|
unkown
|
page write copy
|
||
|
2FC1000
|
trusted library allocation
|
page read and write
|
||
|
40E0000
|
direct allocation
|
page read and write
|
||
|
14EE000
|
stack
|
page read and write
|
||
|
3F40000
|
direct allocation
|
page read and write
|
||
|
1811000
|
heap
|
page read and write
|
||
|
FBE000
|
stack
|
page read and write
|
||
|
242000
|
unkown
|
page readonly
|
||
|
87A9EFF000
|
stack
|
page read and write
|
||
|
102C000
|
heap
|
page read and write
|
||
|
3F40000
|
direct allocation
|
page read and write
|
||
|
11A0000
|
direct allocation
|
page read and write
|
||
|
35B3000
|
direct allocation
|
page read and write
|
||
|
254000
|
unkown
|
page readonly
|
||
|
5610000
|
heap
|
page read and write
|
||
|
4209000
|
direct allocation
|
page read and write
|
||
|
5905000
|
trusted library allocation
|
page read and write
|
||
|
C56000
|
heap
|
page read and write
|
||
|
181000
|
unkown
|
page execute read
|
||
|
C45000
|
heap
|
page read and write
|
||
|
30F0000
|
trusted library allocation
|
page read and write
|
||
|
2ECE000
|
stack
|
page read and write
|
||
|
4209000
|
direct allocation
|
page read and write
|
||
|
FF0000
|
heap
|
page read and write
|
||
|
123B000
|
stack
|
page read and write
|
||
|
180000
|
unkown
|
page readonly
|
||
|
89A000
|
stack
|
page read and write
|
||
|
40E0000
|
direct allocation
|
page read and write
|
||
|
2F91000
|
trusted library allocation
|
page read and write
|
||
|
13E0000
|
heap
|
page read and write
|
||
|
343E000
|
trusted library allocation
|
page read and write
|
||
|
2A90000
|
trusted library allocation
|
page execute and read and write
|
||
|
35FF000
|
trusted library allocation
|
page read and write
|
||
|
44B4000
|
trusted library allocation
|
page read and write
|
||
|
236E000
|
stack
|
page read and write
|
||
|
C56000
|
heap
|
page read and write
|
||
|
34FC000
|
trusted library allocation
|
page read and write
|
||
|
3140000
|
trusted library allocation
|
page read and write
|
||
|
1218000
|
heap
|
page read and write
|
||
|
2FF9000
|
trusted library allocation
|
page read and write
|
||
|
1067000
|
heap
|
page read and write
|
||
|
686E000
|
stack
|
page read and write
|
||
|
23297730000
|
heap
|
page read and write
|
||
|
33E0000
|
heap
|
page read and write
|
||
|
29E0000
|
trusted library allocation
|
page read and write
|
||
|
3FFB000
|
trusted library allocation
|
page read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
2FC9000
|
trusted library allocation
|
page read and write
|
||
|
69EE000
|
stack
|
page read and write
|
||
|
33C0000
|
trusted library allocation
|
page read and write
|
||
|
35DF000
|
trusted library allocation
|
page read and write
|
||
|
6D6E000
|
stack
|
page read and write
|
||
|
422000
|
system
|
page execute and read and write
|
||
|
1441000
|
heap
|
page read and write
|
||
|
C37000
|
heap
|
page read and write
|
||
|
35A9000
|
trusted library allocation
|
page read and write
|
||
|
13B0000
|
heap
|
page read and write
|
||
|
1822000
|
heap
|
page read and write
|
||
|
58DE000
|
trusted library allocation
|
page read and write
|
||
|
BD3000
|
heap
|
page read and write
|
||
|
3138000
|
trusted library allocation
|
page read and write
|
||
|
1184000
|
heap
|
page read and write
|
||
|
12C3000
|
heap
|
page read and write
|
||
|
2F10000
|
trusted library allocation
|
page read and write
|
||
|
1C0000
|
unkown
|
page readonly
|
||
|
19C7000
|
heap
|
page read and write
|
||
|
2A40000
|
trusted library allocation
|
page read and write
|
||
|
40E0000
|
direct allocation
|
page read and write
|
||
|
361B000
|
trusted library allocation
|
page read and write
|
||
|
15D0000
|
heap
|
page read and write
|
||
|
34D0000
|
direct allocation
|
page read and write
|
||
|
23297414000
|
heap
|
page read and write
|
||
|
3199000
|
trusted library allocation
|
page read and write
|
||
|
232975C0000
|
heap
|
page read and write
|
||
|
380E000
|
direct allocation
|
page read and write
|
||
|
3545000
|
trusted library allocation
|
page read and write
|
||
|
232973F0000
|
heap
|
page read and write
|
||
|
23297420000
|
heap
|
page read and write
|
||
|
2E8F000
|
stack
|
page read and write
|
||
|
5A0E000
|
stack
|
page read and write
|
||
|
3E0000
|
heap
|
page read and write
|
||
|
13CF000
|
stack
|
page read and write
|
||
|
87A9CFE000
|
stack
|
page read and write
|
||
|
19B9000
|
heap
|
page read and write
|
||
|
19C8000
|
heap
|
page read and write
|
||
|
5DBF000
|
heap
|
page read and write
|
||
|
31C5000
|
heap
|
page read and write
|
||
|
5970000
|
trusted library allocation
|
page execute and read and write
|
||
|
3670000
|
direct allocation
|
page read and write
|
||
|
30E3000
|
trusted library allocation
|
page read and write
|
||
|
6DAE000
|
stack
|
page read and write
|
||
|
2FE4000
|
trusted library allocation
|
page read and write
|
||
|
3630000
|
direct allocation
|
page read and write
|
||
|
44AE000
|
direct allocation
|
page read and write
|
||
|
401000
|
system
|
page execute and read and write
|
||
|
2A00000
|
trusted library allocation
|
page read and write
|
||
|
1800000
|
heap
|
page read and write
|
||
|
402000
|
system
|
page execute and read and write
|
||
|
3F95000
|
trusted library allocation
|
page read and write
|
||
|
21C000
|
unkown
|
page readonly
|
||
|
1218000
|
heap
|
page read and write
|
||
|
6B6E000
|
stack
|
page read and write
|
||
|
1281000
|
heap
|
page read and write
|
||
|
2FE0000
|
trusted library allocation
|
page read and write
|
||
|
3408000
|
trusted library allocation
|
page read and write
|
||
|
2E94000
|
trusted library allocation
|
page read and write
|
||
|
33CE000
|
trusted library allocation
|
page read and write
|
||
|
3060000
|
heap
|
page read and write
|
||
|
17A8000
|
heap
|
page read and write
|
||
|
3417000
|
trusted library allocation
|
page read and write
|
||
|
1670000
|
direct allocation
|
page read and write
|
||
|
1436000
|
heap
|
page read and write
|
||
|
3591000
|
trusted library allocation
|
page read and write
|
||
|
1214000
|
heap
|
page read and write
|
||
|
4063000
|
direct allocation
|
page read and write
|
||
|
1852000
|
heap
|
page read and write
|
||
|
1282000
|
heap
|
page read and write
|
||
|
6D2E000
|
stack
|
page read and write
|
||
|
68AF000
|
stack
|
page read and write
|
||
|
3555000
|
trusted library allocation
|
page read and write
|
||
|
3406000
|
trusted library allocation
|
page read and write
|
||
|
1081000
|
heap
|
page read and write
|
||
|
4EAE000
|
direct allocation
|
page read and write
|
||
|
3455000
|
trusted library allocation
|
page read and write
|
||
|
427E000
|
direct allocation
|
page read and write
|
||
|
3402000
|
trusted library allocation
|
page read and write
|
||
|
1570000
|
heap
|
page read and write
|
||
|
10B7000
|
heap
|
page read and write
|
||
|
4209000
|
direct allocation
|
page read and write
|
||
|
9DC000
|
stack
|
page read and write
|
||
|
31F8000
|
heap
|
page read and write
|
||
|
420D000
|
direct allocation
|
page read and write
|
||
|
13BF000
|
heap
|
page read and write
|
||
|
5B8E000
|
stack
|
page read and write
|
||
|
1793000
|
heap
|
page read and write
|
||
|
1810000
|
heap
|
page read and write
|
||
|
358D000
|
trusted library allocation
|
page read and write
|
||
|
6A2E000
|
stack
|
page read and write
|
||
|
25C000
|
unkown
|
page readonly
|
||
|
254000
|
unkown
|
page readonly
|
||
|
24C000
|
unkown
|
page read and write
|
||
|
35B7000
|
trusted library allocation
|
page read and write
|
||
|
1436000
|
heap
|
page read and write
|
||
|
2FC5000
|
trusted library allocation
|
page read and write
|
||
|
2FE9000
|
trusted library allocation
|
page read and write
|
||
|
3423000
|
trusted library allocation
|
page read and write
|
||
|
427E000
|
direct allocation
|
page read and write
|
||
|
6EAE000
|
stack
|
page read and write
|
||
|
29F0000
|
trusted library allocation
|
page read and write
|
||
|
2CCE000
|
stack
|
page read and write
|
||
|
19D7000
|
heap
|
page read and write
|
||
|
23297427000
|
heap
|
page read and write
|
||
|
67AD000
|
stack
|
page read and write
|
||
|
2F60000
|
trusted library allocation
|
page execute and read and write
|
||
|
945000
|
heap
|
page read and write
|
||
|
C24000
|
heap
|
page read and write
|
||
|
14F0000
|
heap
|
page read and write
|
||
|
FF8000
|
heap
|
page read and write
|
||
|
E40000
|
heap
|
page read and write
|
||
|
62AE000
|
stack
|
page read and write
|
||
|
87AA5FB000
|
stack
|
page read and write
|
||
|
24C000
|
unkown
|
page write copy
|
||
|
319D000
|
trusted library allocation
|
page read and write
|
||
|
2D10000
|
trusted library allocation
|
page read and write
|
||
|
3639000
|
trusted library allocation
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
34D0000
|
direct allocation
|
page read and write
|
||
|
87A9FFF000
|
stack
|
page read and write
|
||
|
3670000
|
direct allocation
|
page read and write
|
||
|
13FF000
|
stack
|
page read and write
|
||
|
426000
|
system
|
page execute and read and write
|
||
|
232973B0000
|
heap
|
page read and write
|
||
|
1282000
|
heap
|
page read and write
|
||
|
17A3000
|
heap
|
page read and write
|
||
|
379D000
|
direct allocation
|
page read and write
|
||
|
608E000
|
stack
|
page read and write
|
||
|
2FCB000
|
trusted library allocation
|
page read and write
|
||
|
2FAF000
|
trusted library allocation
|
page read and write
|
||
|
66AE000
|
stack
|
page read and write
|
||
|
DC8000
|
heap
|
page read and write
|
||
|
910000
|
heap
|
page read and write
|
||
|
C56000
|
heap
|
page read and write
|
||
|
1337000
|
stack
|
page read and write
|
||
|
B5E000
|
stack
|
page read and write
|
||
|
8AAE000
|
direct allocation
|
page read and write
|
||
|
2FDE000
|
trusted library allocation
|
page read and write
|
||
|
C36000
|
heap
|
page read and write
|
||
|
508E000
|
stack
|
page read and write
|
||
|
2A8E000
|
stack
|
page read and write
|
||
|
29F4000
|
trusted library allocation
|
page read and write
|
||
|
EDE000
|
stack
|
page read and write
|
||
|
2F03000
|
trusted library allocation
|
page execute and read and write
|
||
|
340F000
|
trusted library allocation
|
page read and write
|
||
|
1274000
|
heap
|
page read and write
|
||
|
13B8000
|
heap
|
page read and write
|
||
|
37CE000
|
direct allocation
|
page read and write
|
||
|
13F9000
|
heap
|
page read and write
|
||
|
1438000
|
heap
|
page read and write
|
There are 635 hidden memdumps, click here to show them.