Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
AGK-010522 MJEY-210522.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Dream, Last Saved
By: TYHRETH, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date:
Fri May 20 16:15:56 2022, Security: 0
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\klJrMZJhgldiJr6j0XWPeZOiGs[1].dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\RD05UTHGkitvIJt[1].dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\me435CErJsFGw1q[1].dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
downloaded
|
|
|
|
C:\Users\user\Desktop\AGK-010522 MJEY-210522.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Dream, Last Saved
By: TYHRETH, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date:
Fri May 20 16:15:56 2022, Security: 0
|
dropped
|
|
|
|
C:\Users\user\uxevr1.ocx
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\uxevr2.ocx
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\uxevr3.ocx
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\System32\MiFQSWNWaJxwEe\IpsJNE.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\System32\XpltPypW\hllulW.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\System32\YtTPe\fAqgggPvQZYEzIo.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, 61480 bytes, 1 file
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\lJWa95VlQ[1]
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Cab881.tmp
|
Microsoft Cabinet archive data, 61480 bytes, 1 file
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Tar882.tmp
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\~DFD493E3869BDA5390.TMP
|
data
|
dropped
|
There are 7 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\uxevr1.ocx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\XpltPypW\hllulW.dll"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\uxevr2.ocx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\MiFQSWNWaJxwEe\IpsJNE.dll"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\uxevr3.ocx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\YtTPe\fAqgggPvQZYEzIo.dll"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\uxevr4.ocx
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k WerSvcGroup
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://173.82.82.196:8080/
|
unknown
|
|
|
|
https://173.82.82.196:8080/4
|
unknown
|
|
|
|
https://173.82.82.196/#K
|
unknown
|
|
|
|
http://salledemode.com/tgroup.ge/x4bc2kL4BzGAeUsVi/
|
160.153.40.1
|
|
|
|
https://173.82.82.196/
|
unknown
|
|
|
|
https://vipteck.com/wp-admin/user/B8d6jr4pBND2HExAmI/lJWa95VlQ/
|
188.114.96.10
|
|
|
|
http://www.kabeonet.pl/wp-admin/VWlAz5vWJNHDb/
|
193.143.77.34
|
|
|
|
http://vipteck.com/wp-admin/user/B8d6jr4pBND2HExAmI/lJWa95VlQ/
|
188.114.96.10
|
|
|
|
http://kabeonet.pl/wp-admin/VWlAz5vWJNHDb/
|
193.143.77.34
|
|
|
|
https://173.82.82.196:8080/0
|
unknown
|
|
|
|
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
|
unknown
|
||
|
http://crl.entrust.net/server1.crl0
|
unknown
|
||
|
http://ocsp.entrust.net03
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
|
unknown
|
||
|
http://www.diginotar.nl/cps/pkioverheid0
|
unknown
|
||
|
http://ocsp.entrust.net0D
|
unknown
|
||
|
https://secure.comodo.com/CPS0
|
unknown
|
||
|
http://crl.entrust.net/2048ca.crl0
|
unknown
|
||
|
https://airliftlimo.com/wp-admin/iMc/
|
159.203.19.2
|
There are 9 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
salledemode.com
|
160.153.40.1
|
|
|
|
kabeonet.pl
|
193.143.77.34
|
||
|
vipteck.com
|
188.114.96.10
|
||
|
airliftlimo.com
|
159.203.19.2
|
||
|
windowsupdatebg.s.llnwi.net
|
178.79.225.128
|
||
|
www.kabeonet.pl
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
173.82.82.196
|
unknown
|
United States
|
|
|
|
160.153.40.1
|
salledemode.com
|
United States
|
|
|
|
159.203.19.2
|
airliftlimo.com
|
United States
|
||
|
188.114.96.10
|
vipteck.com
|
European Union
|
||
|
193.143.77.34
|
kabeonet.pl
|
Poland
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
?m,
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\66529
|
66529
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
!e,
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
There are 13 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
1C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
140000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
2C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
1C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
2D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
2D3000
|
heap
|
page read and write
|
||
|
20DB000
|
heap
|
page read and write
|
||
|
203000
|
heap
|
page read and write
|
||
|
2CFC000
|
stack
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
3650000
|
heap
|
page read and write
|
||
|
13C000
|
heap
|
page read and write
|
||
|
3391000
|
heap
|
page read and write
|
||
|
218B000
|
heap
|
page read and write
|
||
|
3699000
|
heap
|
page read and write
|
||
|
2A7B000
|
heap
|
page read and write
|
||
|
2B0000
|
direct allocation
|
page execute and read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
2EC0000
|
heap
|
page read and write
|
||
|
2BE000
|
heap
|
page read and write
|
||
|
62D000
|
heap
|
page read and write
|
||
|
2AD000
|
heap
|
page read and write
|
||
|
2A46000
|
heap
|
page read and write
|
||
|
2FE000
|
heap
|
page read and write
|
||
|
466000
|
heap
|
page read and write
|
||
|
2BE000
|
heap
|
page read and write
|
||
|
608000
|
heap
|
page read and write
|
||
|
2C8000
|
heap
|
page read and write
|
||
|
2980000
|
heap
|
page read and write
|
||
|
2A71000
|
heap
|
page read and write
|
||
|
2D0000
|
heap
|
page read and write
|
||
|
1A0000
|
heap
|
page read and write
|
||
|
3419000
|
heap
|
page read and write
|
||
|
2F1000
|
heap
|
page read and write
|
||
|
243F000
|
stack
|
page read and write
|
||
|
404000
|
heap
|
page read and write
|
||
|
2110000
|
heap
|
page read and write
|
||
|
2F1000
|
heap
|
page read and write
|
||
|
2DB000
|
heap
|
page read and write
|
||
|
2B0000
|
heap
|
page read and write
|
||
|
2A67000
|
heap
|
page read and write
|
||
|
325000
|
heap
|
page read and write
|
||
|
2DF000
|
heap
|
page read and write
|
||
|
1AA000
|
heap
|
page read and write
|
||
|
344000
|
heap
|
page read and write
|
||
|
7FEF9D4F000
|
unkown
|
page readonly
|
||
|
4D0000
|
heap
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
3AB000
|
heap
|
page read and write
|
||
|
130000
|
heap
|
page read and write
|
||
|
2DF000
|
heap
|
page read and write
|
||
|
2930000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
7FEF7530000
|
unkown
|
page readonly
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
460000
|
remote allocation
|
page read and write
|
||
|
7FEF74F2000
|
unkown
|
page readonly
|
||
|
3B8000
|
heap
|
page read and write
|
||
|
3DF000
|
heap
|
page read and write
|
||
|
20E0000
|
heap
|
page read and write
|
||
|
444000
|
heap
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
30C000
|
heap
|
page read and write
|
||
|
2C8000
|
heap
|
page read and write
|
||
|
7FEF74FF000
|
unkown
|
page readonly
|
||
|
560000
|
heap
|
page read and write
|
||
|
31E000
|
heap
|
page read and write
|
||
|
2DB000
|
heap
|
page read and write
|
||
|
296F000
|
heap
|
page read and write
|
||
|
2BE000
|
heap
|
page read and write
|
||
|
220000
|
heap
|
page read and write
|
||
|
108000
|
stack
|
page read and write
|
||
|
2BAE000
|
stack
|
page read and write
|
||
|
22CF000
|
stack
|
page read and write
|
||
|
7FEF9D4B000
|
unkown
|
page read and write
|
||
|
2A67000
|
heap
|
page read and write
|
||
|
4A8000
|
heap
|
page read and write
|
||
|
380000
|
heap
|
page read and write
|
||
|
2AB000
|
heap
|
page read and write
|
||
|
3393000
|
heap
|
page read and write
|
||
|
35BC000
|
heap
|
page read and write
|
||
|
2D4E000
|
heap
|
page read and write
|
||
|
2C5E000
|
stack
|
page read and write
|
||
|
2115000
|
heap
|
page read and write
|
||
|
228F000
|
stack
|
page read and write
|
||
|
324000
|
heap
|
page read and write
|
||
|
2F1E000
|
stack
|
page read and write
|
||
|
22DF000
|
stack
|
page read and write
|
||
|
7FEF74D0000
|
unkown
|
page readonly
|
||
|
279E000
|
stack
|
page read and write
|
||
|
FC000
|
stack
|
page read and write
|
||
|
570000
|
remote allocation
|
page read and write
|
||
|
460000
|
remote allocation
|
page read and write
|
||
|
2B0000
|
heap
|
page read and write
|
||
|
7FEF9D42000
|
unkown
|
page readonly
|
||
|
CE000
|
heap
|
page read and write
|
||
|
1C6000
|
heap
|
page read and write
|
||
|
2C0000
|
heap
|
page read and write
|
||
|
35C0000
|
heap
|
page read and write
|
||
|
35E000
|
heap
|
page read and write
|
||
|
22CF000
|
stack
|
page read and write
|
||
|
2C0000
|
heap
|
page read and write
|
||
|
27A000
|
heap
|
page read and write
|
||
|
29BA000
|
heap
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
3330000
|
heap
|
page read and write
|
||
|
2D3000
|
heap
|
page read and write
|
||
|
2E60000
|
heap
|
page read and write
|
||
|
7FEF755F000
|
unkown
|
page readonly
|
||
|
2D4C000
|
heap
|
page read and write
|
||
|
143000
|
heap
|
page read and write
|
||
|
22C2000
|
heap
|
page read and write
|
||
|
183000
|
heap
|
page read and write
|
||
|
35B1000
|
heap
|
page read and write
|
||
|
490000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
27D000
|
stack
|
page read and write
|
||
|
7FEF9D21000
|
unkown
|
page execute read
|
||
|
2C0000
|
heap
|
page read and write
|
||
|
3DD000
|
heap
|
page read and write
|
||
|
2D11000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
2B3C000
|
stack
|
page read and write
|
||
|
2BCE000
|
stack
|
page read and write
|
||
|
5C5000
|
heap
|
page read and write
|
||
|
2DD3000
|
heap
|
page read and write
|
||
|
407000
|
heap
|
page read and write
|
||
|
236D000
|
stack
|
page read and write
|
||
|
468000
|
heap
|
page read and write
|
||
|
3D1000
|
heap
|
page read and write
|
||
|
2C0000
|
direct allocation
|
page execute and read and write
|
||
|
3EC000
|
heap
|
page read and write
|
||
|
23A000
|
heap
|
page read and write
|
||
|
7FEF74F2000
|
unkown
|
page readonly
|
||
|
97000
|
heap
|
page read and write
|
||
|
18002C000
|
direct allocation
|
page readonly
|
||
|
3650000
|
heap
|
page read and write
|
||
|
282F000
|
stack
|
page read and write
|
||
|
2B0000
|
direct allocation
|
page execute and read and write
|
||
|
227000
|
heap
|
page read and write
|
||
|
2DF000
|
heap
|
page read and write
|
||
|
26BF000
|
stack
|
page read and write
|
||
|
2CBF000
|
stack
|
page read and write
|
||
|
488000
|
heap
|
page read and write
|
||
|
28C0000
|
heap
|
page read and write
|
||
|
2D10000
|
heap
|
page read and write
|
||
|
227F000
|
stack
|
page read and write
|
||
|
3CC000
|
heap
|
page read and write
|
||
|
35C0000
|
heap
|
page read and write
|
||
|
4C4000
|
heap
|
page read and write
|
||
|
23F000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
446000
|
heap
|
page read and write
|
||
|
606000
|
heap
|
page read and write
|
||
|
446000
|
heap
|
page read and write
|
||
|
161000
|
heap
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
2E0E000
|
stack
|
page read and write
|
||
|
23E000
|
heap
|
page read and write
|
||
|
4D0000
|
heap
|
page read and write
|
||
|
7FEF9D20000
|
unkown
|
page readonly
|
||
|
1B0000
|
direct allocation
|
page execute and read and write
|
||
|
366000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page read and write
|
||
|
130000
|
direct allocation
|
page execute and read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
2A7B000
|
heap
|
page read and write
|
||
|
7EFE0000
|
unkown
|
page readonly
|
||
|
35C5000
|
heap
|
page read and write
|
||
|
2D00000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
27AF000
|
stack
|
page read and write
|
||
|
226B000
|
heap
|
page read and write
|
||
|
3E2000
|
heap
|
page read and write
|
||
|
3B0000
|
heap
|
page read and write
|
||
|
3698000
|
heap
|
page read and write
|
||
|
2BFE000
|
stack
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page read and write
|
||
|
30C000
|
heap
|
page read and write
|
||
|
7FEF74D0000
|
unkown
|
page readonly
|
||
|
48D000
|
heap
|
page read and write
|
||
|
26AC000
|
stack
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
506000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
2D6000
|
heap
|
page read and write
|
||
|
E3000
|
heap
|
page read and write
|
||
|
18002C000
|
direct allocation
|
page readonly
|
||
|
2235000
|
heap
|
page read and write
|
||
|
360A000
|
heap
|
page read and write
|
||
|
18E000
|
heap
|
page read and write
|
||
|
18002C000
|
direct allocation
|
page readonly
|
||
|
214B000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
29C3000
|
heap
|
page read and write
|
||
|
327000
|
heap
|
page read and write
|
||
|
4AD000
|
heap
|
page read and write
|
||
|
7FEF7552000
|
unkown
|
page readonly
|
||
|
79F000
|
stack
|
page read and write
|
||
|
1A3000
|
heap
|
page read and write
|
||
|
224000
|
heap
|
page read and write
|
||
|
238F000
|
stack
|
page read and write
|
||
|
26F0000
|
heap
|
page read and write
|
||
|
2D1E000
|
stack
|
page read and write
|
||
|
400000
|
heap
|
page read and write
|
||
|
2C7000
|
heap
|
page read and write
|
||
|
3338000
|
heap
|
page read and write
|
||
|
7FEF755B000
|
unkown
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
18002C000
|
direct allocation
|
page readonly
|
||
|
534000
|
heap
|
page read and write
|
||
|
366000
|
heap
|
page read and write
|
||
|
30C000
|
heap
|
page read and write
|
||
|
488000
|
heap
|
page read and write
|
||
|
90000
|
heap
|
page read and write
|
||
|
190000
|
heap
|
page read and write
|
||
|
480000
|
heap
|
page read and write
|
||
|
280000
|
heap
|
page read and write
|
||
|
43D000
|
heap
|
page read and write
|
||
|
130000
|
heap
|
page read and write
|
||
|
25E000
|
heap
|
page read and write
|
||
|
150000
|
heap
|
page read and write
|
||
|
210000
|
trusted library allocation
|
page read and write
|
||
|
280000
|
heap
|
page read and write
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
34E000
|
heap
|
page read and write
|
||
|
7FEF9D4F000
|
unkown
|
page readonly
|
||
|
2B6000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
2080000
|
remote allocation
|
page read and write
|
||
|
363000
|
heap
|
page read and write
|
||
|
330000
|
heap
|
page read and write
|
||
|
138000
|
heap
|
page read and write
|
||
|
36B000
|
heap
|
page read and write
|
||
|
320000
|
heap
|
page read and write
|
||
|
7FEF7531000
|
unkown
|
page execute read
|
||
|
261C000
|
stack
|
page read and write
|
||
|
2A7B000
|
heap
|
page read and write
|
||
|
2D0E000
|
stack
|
page read and write
|
||
|
320000
|
heap
|
page read and write
|
||
|
2A7B000
|
heap
|
page read and write
|
||
|
492000
|
heap
|
page read and write
|
||
|
7FEF9D21000
|
unkown
|
page execute read
|
||
|
2CDD000
|
heap
|
page read and write
|
||
|
2880000
|
heap
|
page read and write
|
||
|
3699000
|
heap
|
page read and write
|
||
|
2D3000
|
heap
|
page read and write
|
||
|
20A0000
|
heap
|
page read and write
|
||
|
210000
|
heap
|
page read and write
|
||
|
20A5000
|
heap
|
page read and write
|
||
|
333E000
|
heap
|
page read and write
|
||
|
21C000
|
heap
|
page read and write
|
||
|
209000
|
stack
|
page read and write
|
||
|
36A000
|
heap
|
page read and write
|
||
|
26ED000
|
stack
|
page read and write
|
||
|
20A5000
|
heap
|
page read and write
|
||
|
31E000
|
heap
|
page read and write
|
||
|
2A67000
|
heap
|
page read and write
|
||
|
2840000
|
heap
|
page read and write
|
||
|
400000
|
heap
|
page read and write
|
||
|
157000
|
heap
|
page read and write
|
||
|
2A48000
|
heap
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
2A0B000
|
stack
|
page read and write
|
||
|
320000
|
heap
|
page read and write
|
||
|
333B000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
2F1000
|
heap
|
page read and write
|
||
|
35C1000
|
heap
|
page read and write
|
||
|
120000
|
heap
|
page read and write
|
||
|
246000
|
heap
|
page read and write
|
||
|
2B20000
|
heap
|
page read and write
|
||
|
466000
|
heap
|
page read and write
|
||
|
2190000
|
heap
|
page read and write
|
||
|
3B2000
|
heap
|
page read and write
|
||
|
21A000
|
heap
|
page read and write
|
||
|
2E5E000
|
stack
|
page read and write
|
||
|
228000
|
heap
|
page read and write
|
||
|
12E000
|
heap
|
page read and write
|
||
|
2C2B000
|
stack
|
page read and write
|
||
|
2D3000
|
heap
|
page read and write
|
||
|
2939000
|
heap
|
page read and write
|
||
|
7FEF74D1000
|
unkown
|
page execute read
|
||
|
324000
|
heap
|
page read and write
|
||
|
1D6000
|
heap
|
page read and write
|
||
|
1E6000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
478000
|
heap
|
page read and write
|
||
|
3651000
|
heap
|
page read and write
|
||
|
3C7000
|
heap
|
page read and write
|
||
|
31A000
|
heap
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
3EF000
|
heap
|
page read and write
|
||
|
320000
|
heap
|
page read and write
|
||
|
2D6000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
1FF000
|
stack
|
page read and write
|
||
|
7FEF755B000
|
unkown
|
page read and write
|
||
|
20FB000
|
heap
|
page read and write
|
||
|
2DB000
|
heap
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
2A40000
|
heap
|
page read and write
|
||
|
214000
|
heap
|
page read and write
|
||
|
564000
|
heap
|
page read and write
|
||
|
278000
|
stack
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2080000
|
remote allocation
|
page read and write
|
||
|
20DB000
|
heap
|
page read and write
|
||
|
330000
|
heap
|
page read and write
|
||
|
2D0000
|
heap
|
page read and write
|
||
|
3140000
|
heap
|
page read and write
|
||
|
2A71000
|
heap
|
page read and write
|
||
|
3651000
|
heap
|
page read and write
|
||
|
2B0000
|
heap
|
page read and write
|
||
|
198000
|
stack
|
page read and write
|
||
|
2C70000
|
heap
|
page read and write
|
||
|
7FEF74FB000
|
unkown
|
page read and write
|
||
|
3EC000
|
heap
|
page read and write
|
||
|
22C0000
|
heap
|
page read and write
|
||
|
3B6000
|
heap
|
page read and write
|
||
|
2FA0000
|
heap
|
page read and write
|
||
|
29AF000
|
heap
|
page read and write
|
||
|
3359000
|
heap
|
page read and write
|
||
|
356000
|
heap
|
page read and write
|
||
|
310000
|
heap
|
page read and write
|
||
|
570000
|
remote allocation
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
35B0000
|
heap
|
page read and write
|
||
|
618000
|
heap
|
page read and write
|
||
|
2CC1000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page read and write
|
||
|
7FEF9D42000
|
unkown
|
page readonly
|
||
|
130000
|
heap
|
page read and write
|
||
|
2A11000
|
heap
|
page read and write
|
||
|
2DA000
|
heap
|
page read and write
|
||
|
2140000
|
heap
|
page read and write
|
||
|
310000
|
trusted library allocation
|
page read and write
|
||
|
586000
|
heap
|
page read and write
|
||
|
440000
|
heap
|
page read and write
|
||
|
3E4000
|
heap
|
page read and write
|
||
|
61E000
|
stack
|
page read and write
|
||
|
29E4000
|
heap
|
page read and write
|
||
|
410000
|
heap
|
page read and write
|
||
|
7FEF9D20000
|
unkown
|
page readonly
|
||
|
35E2000
|
heap
|
page read and write
|
||
|
298F000
|
heap
|
page read and write
|
||
|
34A000
|
heap
|
page read and write
|
||
|
2C8000
|
heap
|
page read and write
|
||
|
7FEF74FF000
|
unkown
|
page readonly
|
||
|
2D14000
|
heap
|
page read and write
|
||
|
498000
|
heap
|
page read and write
|
||
|
2D04000
|
heap
|
page read and write
|
||
|
2A00000
|
heap
|
page read and write
|
||
|
401000
|
heap
|
page read and write
|
||
|
310000
|
trusted library allocation
|
page read and write
|
||
|
317000
|
heap
|
page read and write
|
||
|
4D4000
|
heap
|
page read and write
|
||
|
18C000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page read and write
|
||
|
198000
|
stack
|
page read and write
|
||
|
2D0000
|
heap
|
page read and write
|
||
|
2155000
|
heap
|
page read and write
|
||
|
7FEF74FB000
|
unkown
|
page read and write
|
||
|
3FD000
|
heap
|
page read and write
|
||
|
2A71000
|
heap
|
page read and write
|
||
|
2A71000
|
heap
|
page read and write
|
||
|
3D4000
|
heap
|
page read and write
|
||
|
2A73000
|
heap
|
page read and write
|
||
|
18002C000
|
direct allocation
|
page readonly
|
||
|
31E000
|
heap
|
page read and write
|
||
|
7FEF9D4B000
|
unkown
|
page read and write
|
||
|
35C0000
|
heap
|
page read and write
|
||
|
2A71000
|
heap
|
page read and write
|
||
|
22D000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page read and write
|
||
|
BEF000
|
stack
|
page read and write
|
||
|
2A74000
|
heap
|
page read and write
|
||
|
210000
|
heap
|
page read and write
|
||
|
273000
|
heap
|
page read and write
|
||
|
2BE000
|
heap
|
page read and write
|
||
|
2C0000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
28BE000
|
stack
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2105000
|
heap
|
page read and write
|
||
|
7FEF755F000
|
unkown
|
page readonly
|
||
|
2B0F000
|
stack
|
page read and write
|
||
|
2150000
|
heap
|
page read and write
|
||
|
20C5000
|
heap
|
page read and write
|
||
|
37A000
|
heap
|
page read and write
|
||
|
2D6000
|
heap
|
page read and write
|
||
|
450000
|
heap
|
page read and write
|
||
|
35B6000
|
heap
|
page read and write
|
||
|
373000
|
heap
|
page read and write
|
||
|
5F4000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
21DE000
|
stack
|
page read and write
|
||
|
486000
|
heap
|
page read and write
|
||
|
287000
|
heap
|
page read and write
|
||
|
168000
|
heap
|
page read and write
|
||
|
283F000
|
stack
|
page read and write
|
||
|
30A0000
|
heap
|
page read and write
|
||
|
2100000
|
heap
|
page read and write
|
||
|
2C0F000
|
stack
|
page read and write
|
||
|
2340000
|
heap
|
page read and write
|
||
|
35BC000
|
heap
|
page read and write
|
||
|
224C000
|
stack
|
page read and write
|
||
|
7FEF74D1000
|
unkown
|
page execute read
|
||
|
213B000
|
heap
|
page read and write
|
||
|
2D2D000
|
heap
|
page read and write
|
||
|
2CC0000
|
heap
|
page read and write
|
||
|
2230000
|
heap
|
page read and write
|
||
|
7FEF7531000
|
unkown
|
page execute read
|
||
|
44B000
|
heap
|
page read and write
|
||
|
7FEF7530000
|
unkown
|
page readonly
|
||
|
18002C000
|
direct allocation
|
page readonly
|
||
|
35BC000
|
heap
|
page read and write
|
||
|
5F4000
|
heap
|
page read and write
|
||
|
EA000
|
heap
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
628000
|
heap
|
page read and write
|
||
|
21CD000
|
stack
|
page read and write
|
||
|
1B0000
|
direct allocation
|
page execute and read and write
|
||
|
3D4000
|
heap
|
page read and write
|
||
|
11B000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page read and write
|
||
|
23B0000
|
heap
|
page read and write
|
||
|
20C0000
|
heap
|
page read and write
|
||
|
3E8000
|
heap
|
page read and write
|
||
|
313000
|
heap
|
page read and write
|
||
|
3DE000
|
heap
|
page read and write
|
||
|
23B2000
|
heap
|
page read and write
|
||
|
7FEF7552000
|
unkown
|
page readonly
|
||
|
2A46000
|
heap
|
page read and write
|
||
|
20A0000
|
heap
|
page read and write
|
||
|
C9000
|
stack
|
page read and write
|
There are 436 hidden memdumps, click here to show them.