Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Arrival Notice.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\directory\name.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbs
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\autA3B6.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\autA405.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\autA6F2.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\autA731.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\autDC1B.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\autDC8A.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\brawlys
|
ASCII text, with very long lines (28756), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\misrun
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Arrival Notice.exe
|
"C:\Users\user\Desktop\Arrival Notice.exe"
|
|
|
|
C:\Users\user\AppData\Local\directory\name.exe
|
"C:\Users\user\Desktop\Arrival Notice.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Users\user\Desktop\Arrival Notice.exe"
|
|
|
|
C:\Windows\System32\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbs"
|
|
|
|
C:\Users\user\AppData\Local\directory\name.exe
|
"C:\Users\user\AppData\Local\directory\name.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Users\user\AppData\Local\directory\name.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://api.ipify.org/
|
104.26.12.205
|
||
|
http://mail.mahesh-ent.com
|
unknown
|
||
|
https://api.ipify.org
|
unknown
|
||
|
http://www.microsoft.c
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
https://api.ipify.org/t
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
mail.mahesh-ent.com
|
148.66.136.151
|
|
|
|
api.ipify.org
|
104.26.12.205
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
148.66.136.151
|
mail.mahesh-ent.com
|
Singapore
|
|
|
|
104.26.12.205
|
api.ipify.org
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2EA4000
|
trusted library allocation
|
page read and write
|
|
|
|
2E9C000
|
trusted library allocation
|
page read and write
|
|
|
|
15D0000
|
direct allocation
|
page read and write
|
|
|
|
3950000
|
direct allocation
|
page read and write
|
|
|
|
2E71000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
system
|
page execute and read and write
|
|
|
|
299B000
|
trusted library allocation
|
page read and write
|
|
|
|
14C4000
|
heap
|
page read and write
|
||
|
FD0000
|
trusted library allocation
|
page read and write
|
||
|
6720000
|
trusted library allocation
|
page execute and read and write
|
||
|
28ED000
|
stack
|
page read and write
|
||
|
1482000
|
heap
|
page read and write
|
||
|
39D8000
|
trusted library allocation
|
page read and write
|
||
|
2700000
|
trusted library allocation
|
page read and write
|
||
|
745C000
|
stack
|
page read and write
|
||
|
6167000
|
trusted library allocation
|
page read and write
|
||
|
6BA0000
|
trusted library allocation
|
page read and write
|
||
|
1590000
|
heap
|
page read and write
|
||
|
FB7000
|
trusted library allocation
|
page execute and read and write
|
||
|
2AFFBF50000
|
heap
|
page read and write
|
||
|
298B000
|
trusted library allocation
|
page read and write
|
||
|
98F000
|
unkown
|
page write copy
|
||
|
D6DF0FD000
|
stack
|
page read and write
|
||
|
1756000
|
heap
|
page read and write
|
||
|
84F4000
|
trusted library allocation
|
page read and write
|
||
|
1755000
|
heap
|
page read and write
|
||
|
2E56000
|
trusted library allocation
|
page read and write
|
||
|
28F0000
|
trusted library allocation
|
page read and write
|
||
|
5DDE000
|
heap
|
page read and write
|
||
|
1078000
|
heap
|
page read and write
|
||
|
291D000
|
trusted library allocation
|
page read and write
|
||
|
423E000
|
direct allocation
|
page read and write
|
||
|
9DB000
|
stack
|
page read and write
|
||
|
138E000
|
stack
|
page read and write
|
||
|
7F1E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3B98000
|
trusted library allocation
|
page read and write
|
||
|
BCA000
|
stack
|
page read and write
|
||
|
A7D000
|
heap
|
page read and write
|
||
|
1561000
|
heap
|
page read and write
|
||
|
14E0000
|
heap
|
page read and write
|
||
|
1661000
|
heap
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
4023000
|
direct allocation
|
page read and write
|
||
|
10A9000
|
heap
|
page read and write
|
||
|
11BF000
|
stack
|
page read and write
|
||
|
98F000
|
unkown
|
page read and write
|
||
|
66FD000
|
stack
|
page read and write
|
||
|
67BF000
|
stack
|
page read and write
|
||
|
136E000
|
stack
|
page read and write
|
||
|
C62000
|
trusted library allocation
|
page read and write
|
||
|
1587000
|
heap
|
page read and write
|
||
|
15A2000
|
heap
|
page read and write
|
||
|
41CD000
|
direct allocation
|
page read and write
|
||
|
2D00000
|
heap
|
page read and write
|
||
|
15C7000
|
heap
|
page read and write
|
||
|
1380000
|
heap
|
page read and write
|
||
|
7611000
|
heap
|
page read and write
|
||
|
2740000
|
heap
|
page read and write
|
||
|
A57000
|
heap
|
page read and write
|
||
|
3F83000
|
direct allocation
|
page read and write
|
||
|
2AFFBC62000
|
heap
|
page read and write
|
||
|
1530000
|
heap
|
page read and write
|
||
|
2C5E000
|
trusted library allocation
|
page read and write
|
||
|
15B2000
|
heap
|
page read and write
|
||
|
2EB6000
|
trusted library allocation
|
page read and write
|
||
|
14E0000
|
heap
|
page read and write
|
||
|
D6DEEFF000
|
stack
|
page read and write
|
||
|
C90000
|
trusted library allocation
|
page read and write
|
||
|
4129000
|
direct allocation
|
page read and write
|
||
|
16E8000
|
heap
|
page read and write
|
||
|
13D5000
|
heap
|
page read and write
|
||
|
131E000
|
stack
|
page read and write
|
||
|
1458000
|
heap
|
page read and write
|
||
|
66BE000
|
stack
|
page read and write
|
||
|
7584000
|
heap
|
page read and write
|
||
|
EA5000
|
heap
|
page read and write
|
||
|
75ED000
|
heap
|
page read and write
|
||
|
5320000
|
heap
|
page read and write
|
||
|
14C4000
|
heap
|
page read and write
|
||
|
D6DF2FF000
|
stack
|
page read and write
|
||
|
2AFFD8E0000
|
heap
|
page read and write
|
||
|
1755000
|
heap
|
page read and write
|
||
|
8D0000
|
unkown
|
page readonly
|
||
|
1D4D000
|
stack
|
page read and write
|
||
|
15A2000
|
heap
|
page read and write
|
||
|
158E000
|
heap
|
page read and write
|
||
|
1390000
|
heap
|
page read and write
|
||
|
2E30000
|
trusted library allocation
|
page read and write
|
||
|
412D000
|
direct allocation
|
page read and write
|
||
|
23F000
|
unkown
|
page readonly
|
||
|
14C4000
|
heap
|
page read and write
|
||
|
15C8000
|
heap
|
page read and write
|
||
|
14B3000
|
heap
|
page read and write
|
||
|
2C4D000
|
trusted library allocation
|
page read and write
|
||
|
3B38000
|
trusted library allocation
|
page read and write
|
||
|
1515000
|
heap
|
page read and write
|
||
|
8521000
|
trusted library allocation
|
page read and write
|
||
|
3EB0000
|
direct allocation
|
page read and write
|
||
|
1230000
|
heap
|
page read and write
|
||
|
1662000
|
heap
|
page read and write
|
||
|
1755000
|
heap
|
page read and write
|
||
|
14C4000
|
heap
|
page read and write
|
||
|
D6DEBFE000
|
stack
|
page read and write
|
||
|
62B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
1414000
|
heap
|
page read and write
|
||
|
C40000
|
trusted library allocation
|
page read and write
|
||
|
3A58000
|
trusted library allocation
|
page read and write
|
||
|
626E000
|
stack
|
page read and write
|
||
|
11CF000
|
stack
|
page read and write
|
||
|
41C9000
|
direct allocation
|
page read and write
|
||
|
6800000
|
trusted library allocation
|
page execute and read and write
|
||
|
6BB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3A78000
|
trusted library allocation
|
page read and write
|
||
|
84E5000
|
trusted library allocation
|
page read and write
|
||
|
2AFFBF55000
|
heap
|
page read and write
|
||
|
2C3E000
|
trusted library allocation
|
page read and write
|
||
|
2E9A000
|
trusted library allocation
|
page read and write
|
||
|
993000
|
unkown
|
page write copy
|
||
|
28FE000
|
trusted library allocation
|
page read and write
|
||
|
5ADD000
|
stack
|
page read and write
|
||
|
2916000
|
trusted library allocation
|
page read and write
|
||
|
8D1000
|
unkown
|
page execute read
|
||
|
C6A000
|
trusted library allocation
|
page execute and read and write
|
||
|
95F000
|
unkown
|
page readonly
|
||
|
278000
|
unkown
|
page readonly
|
||
|
7F800000
|
trusted library allocation
|
page execute and read and write
|
||
|
41EE000
|
direct allocation
|
page read and write
|
||
|
14C4000
|
heap
|
page read and write
|
||
|
2C2E000
|
trusted library allocation
|
page read and write
|
||
|
5370000
|
trusted library allocation
|
page read and write
|
||
|
2EB1000
|
trusted library allocation
|
page read and write
|
||
|
265000
|
unkown
|
page readonly
|
||
|
3DD5000
|
direct allocation
|
page read and write
|
||
|
2989000
|
trusted library allocation
|
page read and write
|
||
|
417D000
|
direct allocation
|
page read and write
|
||
|
15B0000
|
direct allocation
|
page execute and read and write
|
||
|
14C0000
|
direct allocation
|
page execute and read and write
|
||
|
FB5000
|
trusted library allocation
|
page execute and read and write
|
||
|
180F000
|
heap
|
page read and write
|
||
|
5DAE000
|
heap
|
page read and write
|
||
|
2B97000
|
trusted library allocation
|
page read and write
|
||
|
2997000
|
trusted library allocation
|
page read and write
|
||
|
3BB8000
|
trusted library allocation
|
page read and write
|
||
|
F60000
|
trusted library allocation
|
page read and write
|
||
|
419E000
|
direct allocation
|
page read and write
|
||
|
529E000
|
stack
|
page read and write
|
||
|
5F9000
|
stack
|
page read and write
|
||
|
C5D000
|
trusted library allocation
|
page execute and read and write
|
||
|
3F00000
|
direct allocation
|
page read and write
|
||
|
39F8000
|
trusted library allocation
|
page read and write
|
||
|
4CCC000
|
stack
|
page read and write
|
||
|
2AFFBF5C000
|
heap
|
page read and write
|
||
|
1121000
|
heap
|
page read and write
|
||
|
1593000
|
heap
|
page read and write
|
||
|
5300000
|
trusted library allocation
|
page read and write
|
||
|
1801000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
2E21000
|
trusted library allocation
|
page read and write
|
||
|
4E60000
|
heap
|
page read and write
|
||
|
845000
|
heap
|
page read and write
|
||
|
A4B000
|
heap
|
page read and write
|
||
|
2C20000
|
trusted library allocation
|
page read and write
|
||
|
75E3000
|
heap
|
page read and write
|
||
|
1581000
|
heap
|
page read and write
|
||
|
CC0000
|
trusted library allocation
|
page read and write
|
||
|
5D95000
|
heap
|
page read and write
|
||
|
F83000
|
trusted library allocation
|
page execute and read and write
|
||
|
41CD000
|
direct allocation
|
page read and write
|
||
|
5B60000
|
heap
|
page read and write
|
||
|
75C2000
|
heap
|
page read and write
|
||
|
1745000
|
heap
|
page read and write
|
||
|
14C4000
|
heap
|
page read and write
|
||
|
2CF2000
|
trusted library allocation
|
page read and write
|
||
|
C7B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1635000
|
heap
|
page read and write
|
||
|
412D000
|
direct allocation
|
page read and write
|
||
|
25BE000
|
stack
|
page read and write
|
||
|
652C000
|
stack
|
page read and write
|
||
|
2BFC000
|
trusted library allocation
|
page read and write
|
||
|
6F50000
|
heap
|
page read and write
|
||
|
3C18000
|
trusted library allocation
|
page read and write
|
||
|
40A0000
|
direct allocation
|
page read and write
|
||
|
C75000
|
trusted library allocation
|
page execute and read and write
|
||
|
11EF000
|
stack
|
page read and write
|
||
|
2B25000
|
trusted library allocation
|
page read and write
|
||
|
5FCA000
|
heap
|
page read and write
|
||
|
52DE000
|
stack
|
page read and write
|
||
|
17BF000
|
heap
|
page read and write
|
||
|
5409000
|
trusted library allocation
|
page read and write
|
||
|
1390000
|
heap
|
page read and write
|
||
|
148B000
|
heap
|
page read and write
|
||
|
4050000
|
direct allocation
|
page read and write
|
||
|
84FE000
|
trusted library allocation
|
page read and write
|
||
|
FAA000
|
trusted library allocation
|
page execute and read and write
|
||
|
3E60000
|
direct allocation
|
page read and write
|
||
|
8517000
|
trusted library allocation
|
page read and write
|
||
|
23F000
|
unkown
|
page readonly
|
||
|
11FD000
|
stack
|
page read and write
|
||
|
149D000
|
heap
|
page read and write
|
||
|
5FC0000
|
heap
|
page read and write
|
||
|
1755000
|
heap
|
page read and write
|
||
|
D6DF3FB000
|
stack
|
page read and write
|
||
|
26BE000
|
stack
|
page read and write
|
||
|
3A38000
|
trusted library allocation
|
page read and write
|
||
|
C50000
|
trusted library allocation
|
page read and write
|
||
|
3A98000
|
trusted library allocation
|
page read and write
|
||
|
4CF0000
|
heap
|
page execute and read and write
|
||
|
5B89000
|
heap
|
page read and write
|
||
|
1671000
|
heap
|
page read and write
|
||
|
3EB0000
|
direct allocation
|
page read and write
|
||
|
204F000
|
stack
|
page read and write
|
||
|
3C98000
|
trusted library allocation
|
page read and write
|
||
|
551C000
|
stack
|
page read and write
|
||
|
5DA6000
|
heap
|
page read and write
|
||
|
1B0000
|
unkown
|
page readonly
|
||
|
1EDE000
|
stack
|
page read and write
|
||
|
C77000
|
trusted library allocation
|
page execute and read and write
|
||
|
1755000
|
heap
|
page read and write
|
||
|
40A0000
|
direct allocation
|
page read and write
|
||
|
61AD000
|
stack
|
page read and write
|
||
|
4179000
|
direct allocation
|
page read and write
|
||
|
2CCC000
|
stack
|
page read and write
|
||
|
2AFFBCB5000
|
heap
|
page read and write
|
||
|
5FE0000
|
heap
|
page read and write
|
||
|
64AE000
|
stack
|
page read and write
|
||
|
3AB8000
|
trusted library allocation
|
page read and write
|
||
|
290E000
|
trusted library allocation
|
page read and write
|
||
|
1535000
|
heap
|
page read and write
|
||
|
2E94000
|
trusted library allocation
|
page read and write
|
||
|
1673000
|
heap
|
page read and write
|
||
|
15A4000
|
heap
|
page read and write
|
||
|
EEE000
|
stack
|
page read and write
|
||
|
3B78000
|
trusted library allocation
|
page read and write
|
||
|
14C4000
|
heap
|
page read and write
|
||
|
3F83000
|
direct allocation
|
page read and write
|
||
|
851C000
|
trusted library allocation
|
page read and write
|
||
|
4179000
|
direct allocation
|
page read and write
|
||
|
601E000
|
stack
|
page read and write
|
||
|
419E000
|
direct allocation
|
page read and write
|
||
|
F2E000
|
stack
|
page read and write
|
||
|
8D1000
|
unkown
|
page execute read
|
||
|
278000
|
unkown
|
page readonly
|
||
|
13CF000
|
stack
|
page read and write
|
||
|
1550000
|
heap
|
page read and write
|
||
|
9E8000
|
heap
|
page read and write
|
||
|
5360000
|
trusted library allocation
|
page read and write
|
||
|
5D74000
|
heap
|
page read and write
|
||
|
1610000
|
direct allocation
|
page read and write
|
||
|
95F000
|
unkown
|
page readonly
|
||
|
105C000
|
stack
|
page read and write
|
||
|
759C000
|
heap
|
page read and write
|
||
|
FB2000
|
trusted library allocation
|
page read and write
|
||
|
4129000
|
direct allocation
|
page read and write
|
||
|
53FE000
|
stack
|
page read and write
|
||
|
1573000
|
heap
|
page read and write
|
||
|
171B000
|
heap
|
page read and write
|
||
|
C30000
|
trusted library allocation
|
page read and write
|
||
|
4E3E000
|
stack
|
page read and write
|
||
|
26F000
|
unkown
|
page write copy
|
||
|
A17000
|
heap
|
page read and write
|
||
|
CA0000
|
heap
|
page read and write
|
||
|
417D000
|
direct allocation
|
page read and write
|
||
|
265000
|
unkown
|
page readonly
|
||
|
1720000
|
heap
|
page read and write
|
||
|
D6DE77A000
|
stack
|
page read and write
|
||
|
2E5F000
|
trusted library allocation
|
page read and write
|
||
|
A15000
|
heap
|
page read and write
|
||
|
2E1F000
|
stack
|
page read and write
|
||
|
2AFFBE60000
|
heap
|
page read and write
|
||
|
15C7000
|
heap
|
page read and write
|
||
|
171B000
|
heap
|
page read and write
|
||
|
26F000
|
unkown
|
page read and write
|
||
|
4FA000
|
stack
|
page read and write
|
||
|
DDD000
|
stack
|
page read and write
|
||
|
1755000
|
heap
|
page read and write
|
||
|
3F00000
|
direct allocation
|
page read and write
|
||
|
84F9000
|
trusted library allocation
|
page read and write
|
||
|
15B1000
|
heap
|
page read and write
|
||
|
3F00000
|
direct allocation
|
page read and write
|
||
|
278000
|
unkown
|
page readonly
|
||
|
101E000
|
stack
|
page read and write
|
||
|
3C58000
|
trusted library allocation
|
page read and write
|
||
|
D6DEDFE000
|
stack
|
page read and write
|
||
|
2AFFBC58000
|
heap
|
page read and write
|
||
|
4129000
|
direct allocation
|
page read and write
|
||
|
61B6000
|
trusted library allocation
|
page read and write
|
||
|
15C7000
|
heap
|
page read and write
|
||
|
5FBC000
|
stack
|
page read and write
|
||
|
273000
|
unkown
|
page write copy
|
||
|
2AFFBC50000
|
heap
|
page read and write
|
||
|
40A0000
|
direct allocation
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
14AC000
|
heap
|
page read and write
|
||
|
21A0000
|
heap
|
page read and write
|
||
|
10EB000
|
heap
|
page read and write
|
||
|
13BF000
|
stack
|
page read and write
|
||
|
134E000
|
stack
|
page read and write
|
||
|
2C2B000
|
trusted library allocation
|
page read and write
|
||
|
5D99000
|
heap
|
page read and write
|
||
|
2C41000
|
trusted library allocation
|
page read and write
|
||
|
14C4000
|
heap
|
page read and write
|
||
|
26FC000
|
stack
|
page read and write
|
||
|
14AD000
|
heap
|
page read and write
|
||
|
84D6000
|
trusted library allocation
|
page read and write
|
||
|
11CF000
|
stack
|
page read and write
|
||
|
5DC5000
|
heap
|
page read and write
|
||
|
41EE000
|
direct allocation
|
page read and write
|
||
|
8503000
|
trusted library allocation
|
page read and write
|
||
|
1635000
|
heap
|
page read and write
|
||
|
2170000
|
direct allocation
|
page execute and read and write
|
||
|
1720000
|
heap
|
page read and write
|
||
|
172F000
|
heap
|
page read and write
|
||
|
1714000
|
heap
|
page read and write
|
||
|
F8D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2EAA000
|
trusted library allocation
|
page read and write
|
||
|
172F000
|
heap
|
page read and write
|
||
|
13C0000
|
trusted library allocation
|
page read and write
|
||
|
14D0000
|
heap
|
page read and write
|
||
|
D6DF4FF000
|
stack
|
page read and write
|
||
|
840000
|
heap
|
page read and write
|
||
|
13FC000
|
stack
|
page read and write
|
||
|
272E000
|
trusted library allocation
|
page read and write
|
||
|
1B0000
|
unkown
|
page readonly
|
||
|
1060000
|
trusted library allocation
|
page execute and read and write
|
||
|
15A3000
|
heap
|
page read and write
|
||
|
2150000
|
heap
|
page read and write
|
||
|
158E000
|
heap
|
page read and write
|
||
|
84D1000
|
trusted library allocation
|
page read and write
|
||
|
149F000
|
heap
|
page read and write
|
||
|
149E000
|
heap
|
page read and write
|
||
|
26F000
|
unkown
|
page read and write
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
F90000
|
trusted library allocation
|
page read and write
|
||
|
985000
|
unkown
|
page readonly
|
||
|
B9A000
|
stack
|
page read and write
|
||
|
419E000
|
direct allocation
|
page read and write
|
||
|
5330000
|
heap
|
page read and write
|
||
|
3E21000
|
trusted library allocation
|
page read and write
|
||
|
3E87000
|
trusted library allocation
|
page read and write
|
||
|
3A18000
|
trusted library allocation
|
page read and write
|
||
|
412D000
|
direct allocation
|
page read and write
|
||
|
2720000
|
trusted library allocation
|
page read and write
|
||
|
2C70000
|
heap
|
page execute and read and write
|
||
|
39B7000
|
trusted library allocation
|
page read and write
|
||
|
2E96000
|
trusted library allocation
|
page read and write
|
||
|
17FF000
|
heap
|
page read and write
|
||
|
2E98000
|
trusted library allocation
|
page read and write
|
||
|
4F7B000
|
stack
|
page read and write
|
||
|
3979000
|
trusted library allocation
|
page read and write
|
||
|
13D0000
|
heap
|
page read and write
|
||
|
84CC000
|
trusted library allocation
|
page read and write
|
||
|
173E000
|
heap
|
page read and write
|
||
|
1662000
|
heap
|
page read and write
|
||
|
41C9000
|
direct allocation
|
page read and write
|
||
|
507E000
|
stack
|
page read and write
|
||
|
17C3000
|
heap
|
page read and write
|
||
|
643E000
|
stack
|
page read and write
|
||
|
605E000
|
stack
|
page read and write
|
||
|
D4A000
|
stack
|
page read and write
|
||
|
1644000
|
heap
|
page read and write
|
||
|
84EA000
|
trusted library allocation
|
page read and write
|
||
|
1562000
|
heap
|
page read and write
|
||
|
5CE0000
|
heap
|
page read and write
|
||
|
1562000
|
heap
|
page read and write
|
||
|
15C0000
|
heap
|
page read and write
|
||
|
11BF000
|
stack
|
page read and write
|
||
|
CA7000
|
heap
|
page read and write
|
||
|
3E60000
|
direct allocation
|
page read and write
|
||
|
419E000
|
direct allocation
|
page read and write
|
||
|
647E000
|
stack
|
page read and write
|
||
|
23F000
|
unkown
|
page readonly
|
||
|
57FD000
|
trusted library allocation
|
page read and write
|
||
|
3E60000
|
direct allocation
|
page read and write
|
||
|
998000
|
unkown
|
page readonly
|
||
|
2AFFBD60000
|
heap
|
page read and write
|
||
|
13DB000
|
stack
|
page read and write
|
||
|
1681000
|
heap
|
page read and write
|
||
|
2940000
|
heap
|
page execute and read and write
|
||
|
C72000
|
trusted library allocation
|
page read and write
|
||
|
5807000
|
trusted library allocation
|
page read and write
|
||
|
412D000
|
direct allocation
|
page read and write
|
||
|
148E000
|
heap
|
page read and write
|
||
|
1558000
|
heap
|
page read and write
|
||
|
5B1C000
|
stack
|
page read and write
|
||
|
998000
|
unkown
|
page readonly
|
||
|
16E0000
|
heap
|
page read and write
|
||
|
985000
|
unkown
|
page readonly
|
||
|
6089000
|
heap
|
page read and write
|
||
|
1535000
|
heap
|
page read and write
|
||
|
CD7000
|
heap
|
page read and write
|
||
|
1585000
|
heap
|
page read and write
|
||
|
2A0F000
|
trusted library allocation
|
page read and write
|
||
|
4000000
|
direct allocation
|
page read and write
|
||
|
3BD8000
|
trusted library allocation
|
page read and write
|
||
|
2714000
|
trusted library allocation
|
page read and write
|
||
|
13B0000
|
trusted library allocation
|
page read and write
|
||
|
41C9000
|
direct allocation
|
page read and write
|
||
|
3EB0000
|
direct allocation
|
page read and write
|
||
|
4F1E000
|
stack
|
page read and write
|
||
|
633D000
|
stack
|
page read and write
|
||
|
A9B000
|
heap
|
page read and write
|
||
|
662C000
|
stack
|
page read and write
|
||
|
6A3F000
|
stack
|
page read and write
|
||
|
542D000
|
trusted library allocation
|
page read and write
|
||
|
1640000
|
heap
|
page read and write
|
||
|
575D000
|
stack
|
page read and write
|
||
|
F80000
|
trusted library allocation
|
page read and write
|
||
|
1484000
|
heap
|
page read and write
|
||
|
1535000
|
heap
|
page read and write
|
||
|
5080000
|
heap
|
page read and write
|
||
|
3F83000
|
direct allocation
|
page read and write
|
||
|
412D000
|
direct allocation
|
page read and write
|
||
|
561E000
|
stack
|
page read and write
|
||
|
2C52000
|
trusted library allocation
|
page read and write
|
||
|
5FC2000
|
heap
|
page read and write
|
||
|
5DB5000
|
heap
|
page read and write
|
||
|
D6DF1FE000
|
stack
|
page read and write
|
||
|
5DA4000
|
heap
|
page read and write
|
||
|
7770000
|
heap
|
page read and write
|
||
|
850D000
|
trusted library allocation
|
page read and write
|
||
|
1535000
|
heap
|
page read and write
|
||
|
15C7000
|
heap
|
page read and write
|
||
|
14A0000
|
heap
|
page read and write
|
||
|
17F0000
|
heap
|
page read and write
|
||
|
61B0000
|
trusted library allocation
|
page read and write
|
||
|
FBB000
|
trusted library allocation
|
page execute and read and write
|
||
|
1450000
|
heap
|
page read and write
|
||
|
4050000
|
direct allocation
|
page read and write
|
||
|
3FD3000
|
direct allocation
|
page read and write
|
||
|
4D00000
|
heap
|
page read and write
|
||
|
2E6D000
|
trusted library allocation
|
page read and write
|
||
|
4050000
|
direct allocation
|
page read and write
|
||
|
5CDF000
|
stack
|
page read and write
|
||
|
5300000
|
trusted library allocation
|
page read and write
|
||
|
1635000
|
heap
|
page read and write
|
||
|
6660000
|
trusted library allocation
|
page execute and read and write
|
||
|
278000
|
unkown
|
page readonly
|
||
|
126E000
|
stack
|
page read and write
|
||
|
15C7000
|
heap
|
page read and write
|
||
|
2A92000
|
trusted library allocation
|
page read and write
|
||
|
4023000
|
direct allocation
|
page read and write
|
||
|
7560000
|
heap
|
page read and write
|
||
|
5DB8000
|
heap
|
page read and write
|
||
|
3FD3000
|
direct allocation
|
page read and write
|
||
|
7626000
|
heap
|
page read and write
|
||
|
8512000
|
trusted library allocation
|
page read and write
|
||
|
265000
|
unkown
|
page readonly
|
||
|
67FE000
|
stack
|
page read and write
|
||
|
1755000
|
heap
|
page read and write
|
||
|
10AB000
|
heap
|
page read and write
|
||
|
148B000
|
heap
|
page read and write
|
||
|
2C60000
|
trusted library allocation
|
page read and write
|
||
|
109A000
|
heap
|
page read and write
|
||
|
5B80000
|
heap
|
page read and write
|
||
|
6A7E000
|
stack
|
page read and write
|
||
|
2902000
|
trusted library allocation
|
page read and write
|
||
|
2B6C000
|
trusted library allocation
|
page read and write
|
||
|
273000
|
unkown
|
page write copy
|
||
|
6160000
|
trusted library allocation
|
page read and write
|
||
|
14C5000
|
heap
|
page read and write
|
||
|
2D10000
|
heap
|
page read and write
|
||
|
17F0000
|
heap
|
page read and write
|
||
|
5CF2000
|
heap
|
page read and write
|
||
|
3BF8000
|
trusted library allocation
|
page read and write
|
||
|
2A11000
|
trusted library allocation
|
page read and write
|
||
|
41CD000
|
direct allocation
|
page read and write
|
||
|
14B0000
|
heap
|
page read and write
|
||
|
2758000
|
trusted library allocation
|
page read and write
|
||
|
75AC000
|
heap
|
page read and write
|
||
|
657E000
|
stack
|
page read and write
|
||
|
4023000
|
direct allocation
|
page read and write
|
||
|
5FFF000
|
heap
|
page read and write
|
||
|
1320000
|
heap
|
page read and write
|
||
|
98C000
|
stack
|
page read and write
|
||
|
75FD000
|
heap
|
page read and write
|
||
|
3B10000
|
heap
|
page read and write
|
||
|
6860000
|
trusted library allocation
|
page read and write
|
||
|
5B5C000
|
stack
|
page read and write
|
||
|
C43000
|
trusted library allocation
|
page execute and read and write
|
||
|
5D6A000
|
heap
|
page read and write
|
||
|
1681000
|
heap
|
page read and write
|
||
|
3E60000
|
direct allocation
|
page read and write
|
||
|
417D000
|
direct allocation
|
page read and write
|
||
|
5D6E000
|
heap
|
page read and write
|
||
|
2D42000
|
trusted library allocation
|
page read and write
|
||
|
423E000
|
direct allocation
|
page read and write
|
||
|
52BE000
|
stack
|
page read and write
|
||
|
AAB000
|
heap
|
page read and write
|
||
|
6BC0000
|
heap
|
page read and write
|
||
|
6085000
|
heap
|
page read and write
|
||
|
2E04000
|
trusted library allocation
|
page read and write
|
||
|
2911000
|
trusted library allocation
|
page read and write
|
||
|
3F83000
|
direct allocation
|
page read and write
|
||
|
3DE3000
|
direct allocation
|
page read and write
|
||
|
3FD3000
|
direct allocation
|
page read and write
|
||
|
2951000
|
trusted library allocation
|
page read and write
|
||
|
2AFFBE40000
|
heap
|
page read and write
|
||
|
265000
|
unkown
|
page readonly
|
||
|
1755000
|
heap
|
page read and write
|
||
|
4000000
|
direct allocation
|
page read and write
|
||
|
3D20000
|
direct allocation
|
page read and write
|
||
|
84CA000
|
trusted library allocation
|
page read and write
|
||
|
1712000
|
heap
|
page read and write
|
||
|
3C38000
|
trusted library allocation
|
page read and write
|
||
|
17C3000
|
heap
|
page read and write
|
||
|
14C4000
|
heap
|
page read and write
|
||
|
3B14000
|
heap
|
page read and write
|
||
|
5420000
|
trusted library allocation
|
page read and write
|
||
|
2BBB000
|
trusted library allocation
|
page read and write
|
||
|
3B58000
|
trusted library allocation
|
page read and write
|
||
|
2AFFBF5E000
|
heap
|
page read and write
|
||
|
15C7000
|
heap
|
page read and write
|
||
|
2982000
|
trusted library allocation
|
page read and write
|
||
|
5800000
|
trusted library allocation
|
page read and write
|
||
|
53BD000
|
stack
|
page read and write
|
||
|
4000000
|
direct allocation
|
page read and write
|
||
|
5DB2000
|
heap
|
page read and write
|
||
|
423E000
|
direct allocation
|
page read and write
|
||
|
6707000
|
trusted library allocation
|
page read and write
|
||
|
22DE000
|
stack
|
page read and write
|
||
|
412D000
|
direct allocation
|
page read and write
|
||
|
4129000
|
direct allocation
|
page read and write
|
||
|
2C46000
|
trusted library allocation
|
page read and write
|
||
|
4E74000
|
heap
|
page read and write
|
||
|
1390000
|
heap
|
page read and write
|
||
|
15C7000
|
heap
|
page read and write
|
||
|
1410000
|
heap
|
page read and write
|
||
|
EA0000
|
heap
|
page read and write
|
||
|
1B0000
|
unkown
|
page readonly
|
||
|
1370000
|
trusted library allocation
|
page read and write
|
||
|
FA0000
|
trusted library allocation
|
page read and write
|
||
|
149D000
|
heap
|
page read and write
|
||
|
13D7000
|
heap
|
page read and write
|
||
|
84EF000
|
trusted library allocation
|
page read and write
|
||
|
8508000
|
trusted library allocation
|
page read and write
|
||
|
419E000
|
direct allocation
|
page read and write
|
||
|
1384000
|
heap
|
page read and write
|
||
|
419E000
|
direct allocation
|
page read and write
|
||
|
3F83000
|
direct allocation
|
page read and write
|
||
|
1B1000
|
unkown
|
page execute read
|
||
|
15B6000
|
heap
|
page read and write
|
||
|
14AD000
|
heap
|
page read and write
|
||
|
C5A000
|
stack
|
page read and write
|
||
|
E90000
|
heap
|
page read and write
|
||
|
1B1000
|
unkown
|
page execute read
|
||
|
28FB000
|
trusted library allocation
|
page read and write
|
||
|
6700000
|
trusted library allocation
|
page read and write
|
||
|
5309000
|
trusted library allocation
|
page read and write
|
||
|
61D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
D58000
|
stack
|
page read and write
|
||
|
1200000
|
heap
|
page read and write
|
||
|
DFE000
|
stack
|
page read and write
|
||
|
1671000
|
heap
|
page read and write
|
||
|
5D80000
|
heap
|
page read and write
|
||
|
C44000
|
trusted library allocation
|
page read and write
|
||
|
C60000
|
trusted library allocation
|
page read and write
|
||
|
84DB000
|
trusted library allocation
|
page read and write
|
||
|
5DBD000
|
heap
|
page read and write
|
||
|
FA6000
|
trusted library allocation
|
page execute and read and write
|
||
|
84E0000
|
trusted library allocation
|
page read and write
|
||
|
41EE000
|
direct allocation
|
page read and write
|
||
|
15C7000
|
heap
|
page read and write
|
||
|
1571000
|
heap
|
page read and write
|
||
|
5400000
|
trusted library allocation
|
page read and write
|
||
|
3B18000
|
trusted library allocation
|
page read and write
|
||
|
69FE000
|
stack
|
page read and write
|
||
|
15C7000
|
heap
|
page read and write
|
||
|
14F0000
|
direct allocation
|
page read and write
|
||
|
26F000
|
unkown
|
page write copy
|
||
|
295C000
|
trusted library allocation
|
page read and write
|
||
|
5D90000
|
heap
|
page read and write
|
||
|
1B1000
|
unkown
|
page execute read
|
||
|
1755000
|
heap
|
page read and write
|
||
|
66A0000
|
heap
|
page read and write
|
||
|
A0A000
|
heap
|
page read and write
|
||
|
173F000
|
heap
|
page read and write
|
||
|
2B29000
|
trusted library allocation
|
page read and write
|
||
|
6810000
|
trusted library allocation
|
page read and write
|
||
|
D6DEAFE000
|
stack
|
page read and write
|
||
|
7568000
|
heap
|
page read and write
|
||
|
15B2000
|
heap
|
page read and write
|
||
|
3B68000
|
trusted library allocation
|
page read and write
|
||
|
1B1000
|
unkown
|
page execute read
|
||
|
1671000
|
heap
|
page read and write
|
||
|
61BD000
|
stack
|
page read and write
|
||
|
CB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
136E000
|
stack
|
page read and write
|
||
|
2D1E000
|
trusted library allocation
|
page read and write
|
||
|
14C4000
|
heap
|
page read and write
|
||
|
F70000
|
heap
|
page read and write
|
||
|
15C7000
|
heap
|
page read and write
|
||
|
1C4E000
|
stack
|
page read and write
|
||
|
3F83000
|
direct allocation
|
page read and write
|
||
|
15B3000
|
heap
|
page read and write
|
||
|
5423000
|
trusted library allocation
|
page read and write
|
||
|
602E000
|
heap
|
page read and write
|
||
|
4179000
|
direct allocation
|
page read and write
|
||
|
57DE000
|
stack
|
page read and write
|
||
|
3E49000
|
trusted library allocation
|
page read and write
|
||
|
4000000
|
direct allocation
|
page read and write
|
||
|
1147000
|
heap
|
page read and write
|
||
|
F9D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1730000
|
heap
|
page read and write
|
||
|
2C32000
|
trusted library allocation
|
page read and write
|
||
|
4E70000
|
heap
|
page read and write
|
||
|
14AC000
|
heap
|
page read and write
|
||
|
F84000
|
trusted library allocation
|
page read and write
|
||
|
3C78000
|
trusted library allocation
|
page read and write
|
||
|
5310000
|
heap
|
page execute and read and write
|
||
|
BDC000
|
stack
|
page read and write
|
||
|
615E000
|
stack
|
page read and write
|
||
|
1671000
|
heap
|
page read and write
|
||
|
43E000
|
system
|
page execute and read and write
|
||
|
7760000
|
heap
|
page read and write
|
||
|
6670000
|
heap
|
page read and write
|
||
|
62C0000
|
trusted library allocation
|
page read and write
|
||
|
51BE000
|
stack
|
page read and write
|
||
|
5D84000
|
heap
|
page read and write
|
||
|
CD0000
|
heap
|
page read and write
|
||
|
5EBF000
|
stack
|
page read and write
|
||
|
5428000
|
trusted library allocation
|
page read and write
|
||
|
4000000
|
direct allocation
|
page read and write
|
||
|
152D000
|
stack
|
page read and write
|
||
|
FA2000
|
trusted library allocation
|
page read and write
|
||
|
3951000
|
trusted library allocation
|
page read and write
|
||
|
15C7000
|
heap
|
page read and write
|
||
|
148E000
|
heap
|
page read and write
|
||
|
8D0000
|
unkown
|
page readonly
|
||
|
735C000
|
stack
|
page read and write
|
||
|
2DC1000
|
trusted library allocation
|
page read and write
|
||
|
3E60000
|
direct allocation
|
page read and write
|
||
|
4129000
|
direct allocation
|
page read and write
|
||
|
C4D000
|
trusted library allocation
|
page execute and read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
61C0000
|
trusted library allocation
|
page read and write
|
||
|
2E54000
|
trusted library allocation
|
page read and write
|
||
|
1731000
|
heap
|
page read and write
|
||
|
214E000
|
stack
|
page read and write
|
||
|
535B000
|
stack
|
page read and write
|
||
|
75BC000
|
heap
|
page read and write
|
||
|
3E60000
|
direct allocation
|
page read and write
|
||
|
14C4000
|
heap
|
page read and write
|
||
|
1755000
|
heap
|
page read and write
|
||
|
579E000
|
stack
|
page read and write
|
||
|
2710000
|
trusted library allocation
|
page read and write
|
||
|
13D0000
|
heap
|
page read and write
|
||
|
2AD5000
|
trusted library allocation
|
page read and write
|
||
|
11DB000
|
stack
|
page read and write
|
||
|
C66000
|
trusted library allocation
|
page execute and read and write
|
||
|
17EF000
|
heap
|
page read and write
|
||
|
75B6000
|
heap
|
page read and write
|
||
|
2B88000
|
trusted library allocation
|
page read and write
|
||
|
6650000
|
trusted library allocation
|
page read and write
|
||
|
4000000
|
direct allocation
|
page read and write
|
||
|
173F000
|
heap
|
page read and write
|
||
|
69BE000
|
stack
|
page read and write
|
||
|
571E000
|
stack
|
page read and write
|
||
|
1740000
|
heap
|
page read and write
|
||
|
17C3000
|
heap
|
page read and write
|
||
|
7636000
|
heap
|
page read and write
|
||
|
57F0000
|
trusted library allocation
|
page read and write
|
||
|
6710000
|
trusted library allocation
|
page read and write
|
||
|
1B0000
|
unkown
|
page readonly
|
||
|
3AD8000
|
trusted library allocation
|
page read and write
|
||
|
1593000
|
heap
|
page read and write
|
||
|
7604000
|
heap
|
page read and write
|
||
|
3AF8000
|
trusted library allocation
|
page read and write
|
||
|
1070000
|
heap
|
page read and write
|
||
|
65BE000
|
stack
|
page read and write
|
||
|
5D8B000
|
heap
|
page read and write
|
||
|
64EE000
|
stack
|
page read and write
|
||
|
23F000
|
unkown
|
page readonly
|
||
|
11DB000
|
stack
|
page read and write
|
||
|
75A5000
|
heap
|
page read and write
|
||
|
870000
|
heap
|
page read and write
|
||
|
1755000
|
heap
|
page read and write
|
||
|
11FC000
|
stack
|
page read and write
|
||
|
4129000
|
direct allocation
|
page read and write
|
||
|
6B7F000
|
stack
|
page read and write
|
||
|
3A07000
|
trusted library allocation
|
page read and write
|
There are 671 hidden memdumps, click here to show them.