Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Bank TT slip.xlsx
|
CDFV2 Encrypted
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\SOA[1].exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
downloaded
|
|
|
|
C:\Users\user\Desktop\~$Bank TT slip.xlsx
|
data
|
dropped
|
|
|
|
C:\Users\Public\vbc.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Windows\System32\drivers\etc\hosts
|
ASCII text, with CRLF line terminators
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\18D80E7.png
|
PNG image data, 139 x 180, 8-bit colormap, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\194FA29.jpeg
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 160x160, frames
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3095CF2A.png
|
PNG image data, 458 x 211, 8-bit/color RGB, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\317DF694.png
|
PNG image data, 413 x 220, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\63404123.png
|
PNG image data, 413 x 220, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A240C8.png
|
PNG image data, 139 x 180, 8-bit colormap, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C1A95BC.jpeg
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 160x160, frames
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D45E828D.png
|
PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\DE3E0A16.png
|
PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\FD51471F.png
|
PNG image data, 458 x 211, 8-bit/color RGB, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF7445FC000D331A6E.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DFBAFAEA404D417564.TMP
|
CDFV2 Encrypted
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DFC691B0AA0E02487B.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DFDAC05FDF80BA3ECF.TMP
|
data
|
dropped
|
There are 9 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
|
|
|
|
C:\Users\Public\vbc.exe
|
"C:\Users\Public\vbc.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
{path}
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://172.245.27.27/SOA.exe
|
172.245.27.27
|
|
|
|
Http://172.245.27.27/SOA.exeK
|
unknown
|
|
|
|
http://172.245.27.27/SOA.exeX
|
unknown
|
|
|
|
http://172.245.27.27/SOA.exehhC:
|
unknown
|
|
|
|
Http://172.245.27.27/SOA.exej
|
unknown
|
|
|
|
http://172.245.27.27/SOA.exeB
|
unknown
|
|
|
|
http://127.0.0.1:HTTP/1.1
|
unknown
|
||
|
http://DynDns.comDynDNS
|
unknown
|
||
|
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
|
unknown
|
||
|
https://api.telegram.org/bot2134979594:AAFk4QkrlHlt2a-q-EhIoHZBbzxSH0QxiBI/
|
unknown
|
||
|
https://api.ipify.org%GETMozilla/5.0
|
unknown
|
||
|
http://bLHfhV.com
|
unknown
|
||
|
https://api.telegram.org/bot2134979594:AAFk4QkrlHlt2a-q-EhIoHZBbzxSH0QxiBI/sendDocumentdocument-----
|
unknown
|
||
|
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
|
unknown
|
There are 4 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
api.telegram.org
|
149.154.167.220
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
172.245.27.27
|
unknown
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
l>0
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\66D63
|
66D63
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
?j0
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\6BCAB
|
6BCAB
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\6DAF4
|
6DAF4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Item 1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 21
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\6BCAB
|
6BCAB
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
EquationEditorFilesIntl_1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus
|
FontCachePath
|
There are 31 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
27E1000
|
trusted library allocation
|
page read and write
|
|
|
|
341F000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
57BF000
|
stack
|
page read and write
|
||
|
493000
|
heap
|
page read and write
|
||
|
682F000
|
trusted library allocation
|
page read and write
|
||
|
67DE000
|
trusted library allocation
|
page read and write
|
||
|
545000
|
trusted library allocation
|
page read and write
|
||
|
F1F000
|
stack
|
page read and write
|
||
|
8D2000
|
unkown
|
page execute read
|
||
|
645B000
|
trusted library allocation
|
page read and write
|
||
|
4FA6000
|
trusted library allocation
|
page read and write
|
||
|
132000
|
trusted library allocation
|
page read and write
|
||
|
7090000
|
trusted library allocation
|
page read and write
|
||
|
12C0000
|
heap
|
page execute and read and write
|
||
|
37E9000
|
trusted library allocation
|
page read and write
|
||
|
57E000
|
stack
|
page read and write
|
||
|
395000
|
trusted library allocation
|
page read and write
|
||
|
536E000
|
stack
|
page read and write
|
||
|
4E0000
|
trusted library allocation
|
page read and write
|
||
|
5E0000
|
trusted library allocation
|
page read and write
|
||
|
5B3000
|
trusted library allocation
|
page read and write
|
||
|
4F92000
|
trusted library allocation
|
page read and write
|
||
|
646F000
|
trusted library allocation
|
page read and write
|
||
|
5030000
|
trusted library allocation
|
page read and write
|
||
|
57E0000
|
heap
|
page read and write
|
||
|
5390000
|
heap
|
page read and write
|
||
|
24DF000
|
stack
|
page read and write
|
||
|
390000
|
trusted library allocation
|
page read and write
|
||
|
390000
|
trusted library allocation
|
page read and write
|
||
|
11D000
|
trusted library allocation
|
page execute and read and write
|
||
|
6DB5000
|
trusted library allocation
|
page read and write
|
||
|
675E000
|
trusted library allocation
|
page read and write
|
||
|
23FE000
|
stack
|
page read and write | page guard
|
||
|
6B44000
|
trusted library allocation
|
page read and write
|
||
|
67A0000
|
trusted library allocation
|
page read and write
|
||
|
62BF000
|
trusted library allocation
|
page read and write
|
||
|
55FD000
|
stack
|
page read and write
|
||
|
6D2C000
|
trusted library allocation
|
page read and write
|
||
|
4F92000
|
trusted library allocation
|
page read and write
|
||
|
65D6000
|
trusted library allocation
|
page read and write
|
||
|
3B0000
|
trusted library allocation
|
page read and write
|
||
|
4FD6000
|
trusted library allocation
|
page read and write
|
||
|
390000
|
trusted library allocation
|
page read and write
|
||
|
110000
|
trusted library allocation
|
page read and write
|
||
|
390000
|
trusted library allocation
|
page read and write
|
||
|
390000
|
trusted library allocation
|
page read and write
|
||
|
64AA000
|
trusted library allocation
|
page read and write
|
||
|
626B000
|
trusted library allocation
|
page read and write
|
||
|
390000
|
trusted library allocation
|
page read and write
|
||
|
540000
|
trusted library allocation
|
page read and write
|
||
|
6090000
|
trusted library allocation
|
page read and write
|
||
|
67C6000
|
trusted library allocation
|
page read and write
|
||
|
69B8000
|
trusted library allocation
|
page read and write
|
||
|
8D2000
|
unkown
|
page execute read
|
||
|
710F000
|
trusted library allocation
|
page read and write
|
||
|
3C0000
|
trusted library allocation
|
page read and write
|
||
|
494000
|
heap
|
page read and write
|
||
|
3C0000
|
trusted library allocation
|
page read and write
|
||
|
173000
|
trusted library allocation
|
page read and write
|
||
|
CD0000
|
heap
|
page execute and read and write
|
||
|
6812000
|
trusted library allocation
|
page read and write
|
||
|
6938000
|
trusted library allocation
|
page read and write
|
||
|
395000
|
trusted library allocation
|
page read and write
|
||
|
63F0000
|
trusted library allocation
|
page read and write
|
||
|
310000
|
heap
|
page read and write
|
||
|
3DD000
|
stack
|
page read and write
|
||
|
DDE000
|
stack
|
page read and write
|
||
|
65A5000
|
trusted library allocation
|
page read and write
|
||
|
54B2000
|
heap
|
page read and write
|
||
|
F1E000
|
stack
|
page read and write | page guard
|
||
|
5A0000
|
trusted library allocation
|
page read and write
|
||
|
553F000
|
stack
|
page read and write
|
||
|
6B73000
|
trusted library allocation
|
page read and write
|
||
|
2C0000
|
heap
|
page read and write
|
||
|
182000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
6570000
|
trusted library allocation
|
page read and write
|
||
|
6BB5000
|
trusted library allocation
|
page read and write
|
||
|
110000
|
trusted library allocation
|
page read and write
|
||
|
4F69000
|
trusted library allocation
|
page read and write
|
||
|
395000
|
trusted library allocation
|
page read and write
|
||
|
4F90000
|
trusted library allocation
|
page read and write
|
||
|
6B7B000
|
trusted library allocation
|
page read and write
|
||
|
5A0000
|
trusted library allocation
|
page read and write
|
||
|
69FE000
|
trusted library allocation
|
page read and write
|
||
|
6A59000
|
trusted library allocation
|
page read and write
|
||
|
395000
|
trusted library allocation
|
page read and write
|
||
|
4B3F000
|
stack
|
page read and write
|
||
|
4F84000
|
trusted library allocation
|
page read and write
|
||
|
390000
|
trusted library allocation
|
page read and write
|
||
|
546E000
|
stack
|
page read and write
|
||
|
10B000
|
stack
|
page read and write
|
||
|
7C0000
|
heap
|
page execute and read and write
|
||
|
4D7000
|
heap
|
page read and write
|
||
|
45CE000
|
stack
|
page read and write
|
||
|
5110000
|
trusted library section
|
page read and write
|
||
|
76F0000
|
trusted library allocation
|
page read and write
|
||
|
18A000
|
stack
|
page read and write
|
||
|
395000
|
trusted library allocation
|
page read and write
|
||
|
192000
|
trusted library allocation
|
page read and write
|
||
|
390000
|
trusted library allocation
|
page read and write
|
||
|
395000
|
trusted library allocation
|
page read and write
|
||
|
531E000
|
stack
|
page read and write
|
||
|
390000
|
trusted library allocation
|
page read and write
|
||
|
673A000
|
trusted library allocation
|
page read and write
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
38B1000
|
trusted library allocation
|
page read and write
|
||
|
5D0000
|
trusted library allocation
|
page read and write
|
||
|
5DC000
|
heap
|
page read and write
|
||
|
4FAD000
|
trusted library allocation
|
page read and write
|
||
|
584E000
|
stack
|
page read and write
|
||
|
390000
|
trusted library allocation
|
page read and write
|
||
|
535000
|
heap
|
page read and write
|
||
|
3680000
|
trusted library allocation
|
page read and write
|
||
|
48E000
|
heap
|
page read and write
|
||
|
3566000
|
trusted library allocation
|
page read and write
|
||
|
7E0000
|
trusted library section
|
page read and write
|
||
|
C4000
|
trusted library allocation
|
page read and write
|
||
|
395000
|
trusted library allocation
|
page read and write
|
||
|
5A0000
|
trusted library allocation
|
page read and write
|
||
|
357E000
|
stack
|
page read and write
|
||
|
50C0000
|
heap
|
page read and write
|
||
|
540000
|
trusted library allocation
|
page read and write
|
||
|
525F000
|
stack
|
page read and write
|
||
|
820000
|
heap
|
page execute and read and write
|
||
|
7014000
|
trusted library allocation
|
page read and write
|
||
|
6C79000
|
trusted library allocation
|
page read and write
|
||
|
620E000
|
stack
|
page read and write
|
||
|
4FD6000
|
trusted library allocation
|
page read and write
|
||
|
6450000
|
trusted library allocation
|
page read and write
|
||
|
590000
|
trusted library allocation
|
page read and write
|
||
|
290000
|
trusted library allocation
|
page read and write
|
||
|
7702000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
395000
|
trusted library allocation
|
page read and write
|
||
|
540000
|
trusted library allocation
|
page read and write
|
||
|
6C4D000
|
trusted library allocation
|
page read and write
|
||
|
390000
|
trusted library allocation
|
page read and write
|
||
|
3401000
|
trusted library allocation
|
page read and write
|
||
|
67E5000
|
trusted library allocation
|
page read and write
|
||
|
F6E000
|
stack
|
page read and write
|
||
|
66AE000
|
trusted library allocation
|
page read and write
|
||
|
6781000
|
trusted library allocation
|
page read and write
|
||
|
600000
|
trusted library allocation
|
page read and write
|
||
|
70A1000
|
trusted library allocation
|
page read and write
|
||
|
573D000
|
stack
|
page read and write
|
||
|
367F000
|
stack
|
page read and write
|
||
|
5A0000
|
trusted library allocation
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
4C30000
|
heap
|
page read and write
|
||
|
68C0000
|
trusted library allocation
|
page read and write
|
||
|
390000
|
trusted library allocation
|
page read and write
|
||
|
4F83000
|
trusted library allocation
|
page read and write
|
||
|
4EFD000
|
trusted library allocation
|
page read and write
|
||
|
410000
|
heap
|
page read and write
|
||
|
5960000
|
heap
|
page read and write
|
||
|
6947000
|
trusted library allocation
|
page read and write
|
||
|
1DE0000
|
heap
|
page read and write
|
||
|
37E1000
|
trusted library allocation
|
page read and write
|
||
|
5580000
|
trusted library allocation
|
page read and write
|
||
|
62D3000
|
trusted library allocation
|
page read and write
|
||
|
122000
|
trusted library allocation
|
page read and write
|
||
|
703A000
|
trusted library allocation
|
page read and write
|
||
|
228C000
|
stack
|
page read and write
|
||
|
300000
|
trusted library allocation
|
page read and write
|
||
|
126E000
|
stack
|
page read and write
|
||
|
4F4D000
|
trusted library allocation
|
page read and write
|
||
|
7D9000
|
heap
|
page read and write
|
||
|
58EF000
|
stack
|
page read and write
|
||
|
197000
|
trusted library allocation
|
page execute and read and write
|
||
|
390000
|
trusted library allocation
|
page read and write
|
||
|
53BF000
|
stack
|
page read and write
|
||
|
6B85000
|
trusted library allocation
|
page read and write
|
||
|
2E4000
|
heap
|
page read and write
|
||
|
2AD0000
|
heap
|
page read and write
|
||
|
1FCE000
|
stack
|
page read and write
|
||
|
540000
|
trusted library allocation
|
page read and write
|
||
|
5E94000
|
trusted library allocation
|
page read and write
|
||
|
3B0000
|
trusted library allocation
|
page read and write
|
||
|
12A000
|
trusted library allocation
|
page execute and read and write
|
||
|
4BC4000
|
heap
|
page read and write
|
||
|
187000
|
trusted library allocation
|
page execute and read and write
|
||
|
6B92000
|
trusted library allocation
|
page read and write
|
||
|
69CC000
|
trusted library allocation
|
page read and write
|
||
|
2D1000
|
trusted library allocation
|
page read and write
|
||
|
609E000
|
stack
|
page read and write
|
||
|
395000
|
trusted library allocation
|
page read and write
|
||
|
49DF000
|
stack
|
page read and write
|
||
|
395000
|
trusted library allocation
|
page read and write
|
||
|
113000
|
trusted library allocation
|
page read and write
|
||
|
4FC2000
|
trusted library allocation
|
page read and write
|
||
|
2882000
|
trusted library allocation
|
page read and write
|
||
|
4F6D000
|
trusted library allocation
|
page read and write
|
||
|
653A000
|
trusted library allocation
|
page read and write
|
||
|
57DE000
|
stack
|
page read and write
|
||
|
B0000
|
trusted library allocation
|
page read and write
|
||
|
563E000
|
stack
|
page read and write
|
||
|
545000
|
heap
|
page read and write
|
||
|
99E000
|
unkown
|
page readonly
|
||
|
67D1000
|
trusted library allocation
|
page read and write
|
||
|
630E000
|
trusted library allocation
|
page read and write
|
||
|
5540000
|
heap
|
page read and write
|
||
|
4F67000
|
trusted library allocation
|
page read and write
|
||
|
3B0000
|
trusted library allocation
|
page read and write
|
||
|
23FF000
|
stack
|
page read and write
|
||
|
6D79000
|
trusted library allocation
|
page read and write
|
||
|
53C000
|
stack
|
page read and write
|
||
|
5E91000
|
trusted library allocation
|
page read and write
|
||
|
6C45000
|
trusted library allocation
|
page read and write
|
||
|
6541000
|
trusted library allocation
|
page read and write
|
||
|
25DF000
|
stack
|
page read and write
|
||
|
3E0000
|
trusted library allocation
|
page read and write
|
||
|
54BE000
|
stack
|
page read and write
|
||
|
68CE000
|
trusted library allocation
|
page read and write
|
||
|
6832000
|
trusted library allocation
|
page read and write
|
||
|
121F000
|
stack
|
page read and write
|
||
|
4FBF000
|
trusted library allocation
|
page read and write
|
||
|
4FF0000
|
heap
|
page execute and read and write
|
||
|
64FD000
|
trusted library allocation
|
page read and write
|
||
|
6C42000
|
trusted library allocation
|
page read and write
|
||
|
66C2000
|
trusted library allocation
|
page read and write
|
||
|
398000
|
trusted library allocation
|
page read and write
|
||
|
390000
|
trusted library allocation
|
page read and write
|
||
|
540000
|
trusted library allocation
|
page read and write
|
||
|
7050000
|
trusted library allocation
|
page read and write
|
||
|
2060000
|
heap
|
page read and write
|
||
|
666C000
|
trusted library allocation
|
page read and write
|
||
|
6A91000
|
trusted library allocation
|
page read and write
|
||
|
5E98000
|
trusted library allocation
|
page read and write
|
||
|
4FD4000
|
trusted library allocation
|
page read and write
|
||
|
52BD000
|
stack
|
page read and write
|
||
|
6C17000
|
trusted library allocation
|
page read and write
|
||
|
6C37000
|
trusted library allocation
|
page read and write
|
||
|
6759000
|
trusted library allocation
|
page read and write
|
||
|
395000
|
trusted library allocation
|
page read and write
|
||
|
390000
|
trusted library allocation
|
page read and write
|
||
|
6751000
|
trusted library allocation
|
page read and write
|
||
|
6BC8000
|
trusted library allocation
|
page read and write
|
||
|
3409000
|
trusted library allocation
|
page read and write
|
||
|
563C000
|
stack
|
page read and write
|
||
|
54FC000
|
stack
|
page read and write
|
||
|
395000
|
trusted library allocation
|
page read and write
|
||
|
137000
|
trusted library allocation
|
page execute and read and write
|
||
|
395000
|
trusted library allocation
|
page read and write
|
||
|
3FD000
|
stack
|
page read and write
|
||
|
540000
|
trusted library allocation
|
page read and write
|
||
|
2A0000
|
heap
|
page read and write
|
||
|
6BC0000
|
trusted library allocation
|
page read and write
|
||
|
3C0000
|
trusted library allocation
|
page read and write
|
||
|
4FCF000
|
trusted library allocation
|
page read and write
|
||
|
1CE0000
|
trusted library allocation
|
page read and write
|
||
|
659D000
|
trusted library allocation
|
page read and write
|
||
|
320000
|
heap
|
page read and write
|
||
|
62CE000
|
trusted library allocation
|
page read and write
|
||
|
51CD000
|
stack
|
page read and write
|
||
|
4400000
|
trusted library allocation
|
page read and write
|
||
|
765B000
|
trusted library allocation
|
page read and write
|
||
|
6B94000
|
trusted library allocation
|
page read and write
|
||
|
200000
|
heap
|
page read and write
|
||
|
64BE000
|
trusted library allocation
|
page read and write
|
||
|
4BC0000
|
heap
|
page read and write
|
||
|
3F4000
|
heap
|
page read and write
|
||
|
B5D000
|
stack
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
4FC2000
|
trusted library allocation
|
page read and write
|
||
|
540000
|
trusted library allocation
|
page read and write
|
||
|
67A5000
|
trusted library allocation
|
page read and write
|
||
|
8D0000
|
unkown
|
page readonly
|
||
|
99E000
|
unkown
|
page readonly
|
||
|
5E94000
|
trusted library allocation
|
page read and write
|
||
|
2C7000
|
heap
|
page read and write
|
||
|
6666000
|
trusted library allocation
|
page read and write
|
||
|
6BD6000
|
trusted library allocation
|
page read and write
|
||
|
540000
|
trusted library allocation
|
page read and write
|
||
|
52BE000
|
stack
|
page read and write
|
||
|
6819000
|
trusted library allocation
|
page read and write
|
||
|
7057000
|
trusted library allocation
|
page read and write
|
||
|
67E0000
|
trusted library allocation
|
page read and write
|
||
|
267000
|
stack
|
page read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
5F8D000
|
stack
|
page read and write
|
||
|
6746000
|
trusted library allocation
|
page read and write
|
||
|
577F000
|
stack
|
page read and write
|
||
|
665F000
|
trusted library allocation
|
page read and write
|
||
|
65DD000
|
trusted library allocation
|
page read and write
|
||
|
CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
6C0B000
|
trusted library allocation
|
page read and write
|
||
|
390000
|
trusted library allocation
|
page read and write
|
||
|
6C03000
|
trusted library allocation
|
page read and write
|
||
|
5F0000
|
trusted library allocation
|
page read and write
|
||
|
2ADB000
|
heap
|
page read and write
|
||
|
6C3D000
|
trusted library allocation
|
page read and write
|
||
|
6825000
|
trusted library allocation
|
page read and write
|
||
|
76E5000
|
trusted library allocation
|
page read and write
|
||
|
2AAF000
|
stack
|
page read and write
|
||
|
540000
|
trusted library allocation
|
page read and write
|
||
|
7706000
|
trusted library allocation
|
page read and write
|
||
|
395000
|
trusted library allocation
|
page read and write
|
||
|
6250000
|
trusted library allocation
|
page read and write
|
||
|
41C000
|
heap
|
page read and write
|
||
|
653C000
|
trusted library allocation
|
page read and write
|
||
|
4F92000
|
trusted library allocation
|
page read and write
|
||
|
366000
|
heap
|
page read and write
|
||
|
16D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5E98000
|
trusted library allocation
|
page read and write
|
||
|
6889000
|
trusted library allocation
|
page read and write
|
||
|
66C0000
|
trusted library allocation
|
page read and write
|
||
|
2872000
|
trusted library allocation
|
page read and write
|
||
|
518E000
|
stack
|
page read and write
|
||
|
5ADC000
|
stack
|
page read and write
|
||
|
1D9C000
|
stack
|
page read and write
|
||
|
540000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
687A000
|
trusted library allocation
|
page read and write
|
||
|
6975000
|
trusted library allocation
|
page read and write
|
||
|
679E000
|
trusted library allocation
|
page read and write
|
||
|
1DF0000
|
direct allocation
|
page read and write
|
||
|
6786000
|
trusted library allocation
|
page read and write
|
||
|
4BD000
|
heap
|
page read and write
|
||
|
5A76000
|
trusted library allocation
|
page read and write
|
||
|
6321000
|
trusted library allocation
|
page read and write
|
||
|
67D4000
|
trusted library allocation
|
page read and write
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
4F50000
|
heap
|
page read and write
|
||
|
6757000
|
trusted library allocation
|
page read and write
|
||
|
5E0000
|
trusted library allocation
|
page read and write
|
||
|
6AEB000
|
trusted library allocation
|
page read and write
|
||
|
6C58000
|
trusted library allocation
|
page read and write
|
||
|
35B000
|
heap
|
page read and write
|
||
|
2AD8000
|
heap
|
page read and write
|
||
|
5E0000
|
trusted library allocation
|
page read and write
|
||
|
164000
|
trusted library allocation
|
page read and write
|
||
|
390000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
6577000
|
trusted library allocation
|
page read and write
|
||
|
4F4C000
|
stack
|
page read and write
|
||
|
2837000
|
trusted library allocation
|
page read and write
|
||
|
570000
|
trusted library allocation
|
page execute and read and write
|
||
|
651A000
|
trusted library allocation
|
page read and write
|
||
|
495000
|
heap
|
page read and write
|
||
|
1F48000
|
trusted library allocation
|
page read and write
|
||
|
66AC000
|
trusted library allocation
|
page read and write
|
||
|
4F24000
|
trusted library allocation
|
page read and write
|
||
|
5A0000
|
trusted library allocation
|
page read and write
|
||
|
390000
|
trusted library allocation
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
390000
|
trusted library allocation
|
page read and write
|
||
|
6F66000
|
trusted library allocation
|
page read and write
|
||
|
58E000
|
stack
|
page read and write
|
||
|
7C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
300000
|
trusted library allocation
|
page read and write
|
||
|
1DB0000
|
heap
|
page read and write
|
||
|
7065000
|
trusted library allocation
|
page read and write
|
||
|
761D000
|
trusted library allocation
|
page read and write
|
||
|
6988000
|
trusted library allocation
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
2F0000
|
trusted library allocation
|
page read and write
|
||
|
3D7000
|
heap
|
page read and write
|
||
|
390000
|
trusted library allocation
|
page read and write
|
||
|
286A000
|
trusted library allocation
|
page read and write
|
||
|
4F4C000
|
trusted library allocation
|
page read and write
|
||
|
2401000
|
trusted library allocation
|
page read and write
|
||
|
361000
|
heap
|
page read and write
|
||
|
4D0000
|
trusted library allocation
|
page read and write
|
||
|
4B40000
|
trusted library allocation
|
page read and write
|
||
|
6BBE000
|
trusted library allocation
|
page read and write
|
||
|
4F83000
|
trusted library allocation
|
page read and write
|
||
|
5495000
|
heap
|
page read and write
|
||
|
395000
|
trusted library allocation
|
page read and write
|
||
|
590000
|
trusted library allocation
|
page read and write
|
||
|
C3000
|
trusted library allocation
|
page execute and read and write
|
||
|
395000
|
trusted library allocation
|
page read and write
|
||
|
BCE000
|
stack
|
page read and write
|
||
|
633E000
|
trusted library allocation
|
page read and write
|
||
|
6551000
|
trusted library allocation
|
page read and write
|
||
|
6C96000
|
trusted library allocation
|
page read and write
|
||
|
5E0000
|
trusted library allocation
|
page read and write
|
||
|
573E000
|
stack
|
page read and write
|
||
|
15A000
|
stack
|
page read and write
|
||
|
163000
|
trusted library allocation
|
page execute and read and write
|
||
|
3C0000
|
trusted library allocation
|
page read and write
|
||
|
3A0000
|
trusted library section
|
page read and write
|
||
|
7EF30000
|
trusted library allocation
|
page execute and read and write
|
||
|
6A12000
|
trusted library allocation
|
page read and write
|
||
|
673E000
|
trusted library allocation
|
page read and write
|
||
|
89000
|
stack
|
page read and write
|
||
|
53D0000
|
trusted library allocation
|
page read and write
|
||
|
675B000
|
trusted library allocation
|
page read and write
|
||
|
4C34000
|
heap
|
page read and write
|
||
|
39B000
|
trusted library allocation
|
page read and write
|
||
|
67EC000
|
trusted library allocation
|
page read and write
|
||
|
3E0000
|
trusted library allocation
|
page read and write
|
||
|
540000
|
trusted library allocation
|
page read and write
|
||
|
353D000
|
stack
|
page read and write
|
||
|
6090000
|
trusted library allocation
|
page read and write
|
||
|
470000
|
heap
|
page read and write
|
||
|
22C0000
|
heap
|
page read and write
|
||
|
513E000
|
stack
|
page read and write
|
||
|
6600000
|
trusted library allocation
|
page read and write
|
||
|
2BF000
|
stack
|
page read and write
|
||
|
6090000
|
trusted library allocation
|
page read and write
|
||
|
6548000
|
trusted library allocation
|
page read and write
|
||
|
4BE2000
|
heap
|
page read and write
|
||
|
390000
|
trusted library allocation
|
page read and write
|
||
|
67CC000
|
trusted library allocation
|
page read and write
|
||
|
390000
|
trusted library allocation
|
page read and write
|
||
|
6BF8000
|
trusted library allocation
|
page read and write
|
||
|
54ED000
|
trusted library allocation
|
page read and write
|
||
|
395000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
4FA6000
|
trusted library allocation
|
page read and write
|
||
|
17D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1DD0000
|
trusted library section
|
page readonly
|
||
|
6C7B000
|
trusted library allocation
|
page read and write
|
||
|
390000
|
trusted library allocation
|
page read and write
|
||
|
659F000
|
trusted library allocation
|
page read and write
|
||
|
2694000
|
trusted library allocation
|
page read and write
|
||
|
6743000
|
trusted library allocation
|
page read and write
|
||
|
4EE0000
|
trusted library allocation
|
page read and write
|
||
|
398000
|
trusted library allocation
|
page read and write
|
||
|
67C8000
|
trusted library allocation
|
page read and write
|
||
|
6797000
|
trusted library allocation
|
page read and write
|
||
|
395000
|
trusted library allocation
|
page read and write
|
||
|
D4E000
|
stack
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
127000
|
trusted library allocation
|
page execute and read and write
|
||
|
690B000
|
trusted library allocation
|
page read and write
|
||
|
639E000
|
trusted library allocation
|
page read and write
|
||
|
4B0000
|
heap
|
page read and write
|
||
|
5490000
|
heap
|
page read and write
|
||
|
21BE000
|
stack
|
page read and write
|
||
|
477000
|
heap
|
page read and write
|
||
|
4F48000
|
trusted library allocation
|
page read and write
|
||
|
4F67000
|
trusted library allocation
|
page read and write
|
||
|
D11E000
|
stack
|
page read and write
|
||
|
170000
|
trusted library allocation
|
page read and write
|
||
|
270000
|
trusted library allocation
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
6E1A000
|
trusted library allocation
|
page read and write
|
||
|
390000
|
trusted library allocation
|
page read and write
|
||
|
395000
|
trusted library allocation
|
page read and write
|
||
|
2AD4000
|
heap
|
page read and write
|
||
|
395000
|
trusted library allocation
|
page read and write
|
||
|
390000
|
trusted library allocation
|
page read and write
|
||
|
10FE000
|
stack
|
page read and write
|
||
|
4FD6000
|
trusted library allocation
|
page read and write
|
||
|
6C81000
|
trusted library allocation
|
page read and write
|
||
|
395000
|
trusted library allocation
|
page read and write
|
||
|
395000
|
trusted library allocation
|
page read and write
|
||
|
1F7E000
|
stack
|
page read and write
|
||
|
6545000
|
trusted library allocation
|
page read and write
|
||
|
66B9000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
13B000
|
trusted library allocation
|
page execute and read and write
|
||
|
6605000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
67E7000
|
trusted library allocation
|
page read and write
|
||
|
678D000
|
trusted library allocation
|
page read and write
|
||
|
5C0000
|
trusted library allocation
|
page read and write
|
||
|
390000
|
trusted library allocation
|
page read and write
|
||
|
5B0000
|
trusted library allocation
|
page read and write
|
||
|
39F000
|
heap
|
page read and write
|
||
|
6C83000
|
trusted library allocation
|
page read and write
|
||
|
390000
|
trusted library allocation
|
page read and write
|
||
|
4FC2000
|
trusted library allocation
|
page read and write
|
||
|
390000
|
trusted library allocation
|
page read and write
|
||
|
680F000
|
trusted library allocation
|
page read and write
|
||
|
22C4000
|
heap
|
page read and write
|
||
|
68FC000
|
trusted library allocation
|
page read and write
|
||
|
74FA000
|
trusted library allocation
|
page read and write
|
||
|
4F50000
|
trusted library allocation
|
page read and write
|
||
|
4F4C000
|
trusted library allocation
|
page read and write
|
||
|
53D000
|
stack
|
page read and write
|
||
|
8D0000
|
unkown
|
page readonly
|
||
|
6C8B000
|
trusted library allocation
|
page read and write
|
||
|
390000
|
trusted library allocation
|
page read and write
|
||
|
656A000
|
trusted library allocation
|
page read and write
|
||
|
678A000
|
trusted library allocation
|
page read and write
|
||
|
39B000
|
heap
|
page read and write
|
||
|
3E0000
|
trusted library allocation
|
page read and write
|
||
|
2C7000
|
stack
|
page read and write
|
||
|
64F9000
|
trusted library allocation
|
page read and write
|
||
|
63EE000
|
trusted library allocation
|
page read and write
|
||
|
5180000
|
heap
|
page read and write
|
||
|
6B7E000
|
trusted library allocation
|
page read and write
|
||
|
66C7000
|
trusted library allocation
|
page read and write
|
||
|
6432000
|
trusted library allocation
|
page read and write
|
||
|
6850000
|
trusted library allocation
|
page read and write
|
||
|
65DA000
|
trusted library allocation
|
page read and write
|
||
|
517E000
|
stack
|
page read and write
|
||
|
860000
|
trusted library allocation
|
page read and write
|
||
|
5E0000
|
trusted library allocation
|
page read and write
|
||
|
395000
|
trusted library allocation
|
page read and write
|
||
|
4C52000
|
heap
|
page read and write
|
||
|
2E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
8CE000
|
stack
|
page read and write
|
||
|
668F000
|
trusted library allocation
|
page read and write
|
||
|
297A000
|
trusted library allocation
|
page read and write
|
||
|
4FA6000
|
trusted library allocation
|
page read and write
|
||
|
540000
|
trusted library allocation
|
page read and write
|
||
|
48DE000
|
stack
|
page read and write
|
||
|
6C00000
|
trusted library allocation
|
page read and write
|
||
|
3B0000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
395000
|
trusted library allocation
|
page read and write
|
||
|
5B7000
|
heap
|
page read and write
|
||
|
5E90000
|
trusted library allocation
|
page read and write
|
||
|
4C1E000
|
stack
|
page read and write
|
||
|
62A7000
|
trusted library allocation
|
page read and write
|
||
|
63B2000
|
trusted library allocation
|
page read and write
|
||
|
280000
|
trusted library allocation
|
page execute and read and write
|
||
|
5C0000
|
trusted library allocation
|
page read and write
|
||
|
18A000
|
trusted library allocation
|
page execute and read and write
|
||
|
6515000
|
trusted library allocation
|
page read and write
|
||
|
2951000
|
trusted library allocation
|
page read and write
|
||
|
67CE000
|
trusted library allocation
|
page read and write
|
||
|
3C0000
|
trusted library allocation
|
page read and write
|
||
|
390000
|
trusted library allocation
|
page read and write
|
||
|
7EF40000
|
trusted library allocation
|
page execute and read and write
|
||
|
390000
|
trusted library allocation
|
page read and write
|
||
|
22E2000
|
heap
|
page read and write
|
||
|
54D0000
|
trusted library allocation
|
page read and write
|
||
|
19B000
|
trusted library allocation
|
page execute and read and write
|
||
|
65D0000
|
trusted library allocation
|
page read and write
|
||
|
6654000
|
trusted library allocation
|
page read and write
|
||
|
6BD4000
|
trusted library allocation
|
page read and write
|
||
|
63A0000
|
trusted library allocation
|
page read and write
|
||
|
6C3A000
|
trusted library allocation
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
3A0000
|
trusted library allocation
|
page read and write
|
||
|
6251000
|
trusted library allocation
|
page read and write
|
||
|
65A3000
|
trusted library allocation
|
page read and write
|
||
|
6817000
|
trusted library allocation
|
page read and write
|
||
|
682B000
|
trusted library allocation
|
page read and write
|
||
|
6DF5000
|
trusted library allocation
|
page read and write
|
||
|
395000
|
trusted library allocation
|
page read and write
|
||
|
29AF000
|
stack
|
page read and write
|
||
|
109E000
|
stack
|
page read and write
|
||
|
395000
|
trusted library allocation
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
601E000
|
stack
|
page read and write
|
||
|
390000
|
trusted library allocation
|
page read and write
|
||
|
5F7000
|
heap
|
page read and write
|
||
|
540000
|
trusted library allocation
|
page read and write
|
||
|
6574000
|
trusted library allocation
|
page read and write
|
||
|
6402000
|
trusted library allocation
|
page read and write
|
||
|
5E8F000
|
stack
|
page read and write
|
||
|
4F48000
|
trusted library allocation
|
page read and write
|
||
|
384000
|
heap
|
page read and write
|
||
|
1DD4000
|
trusted library section
|
page readonly
|
||
|
21C0000
|
heap
|
page execute and read and write
|
||
|
76EA000
|
trusted library allocation
|
page read and write
|
||
|
742E000
|
trusted library allocation
|
page read and write
|
There are 548 hidden memdumps, click here to show them.