Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Rechnung 2022.20.05_1440.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Dream, Last Saved
By: TYHRETH, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date:
Fri May 20 08:38:10 2022, Security: 0
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\LjSKxP[1].dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\CPZby9k8xhW2TaPgwsAagxTpGuhIkFrK[1].dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\F3DOS06hLF1rUq3s6XOB[1].dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
downloaded
|
|
|
|
C:\Users\user\Desktop\Rechnung 2022.20.05_1440.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Dream, Last Saved
By: TYHRETH, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date:
Fri May 20 08:38:10 2022, Security: 0
|
dropped
|
|
|
|
C:\Users\user\uxevr1.ocx
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\uxevr2.ocx
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\uxevr4.ocx
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\System32\JPKIhC\pliz.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\System32\QPbqQqVCSFtY\IUVkTKnlGjDR.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\System32\SDDrQciobIOh\PbiZVl.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, 61480 bytes, 1 file
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Cab4DDA.tmp
|
Microsoft Cabinet archive data, 61480 bytes, 1 file
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Tar4DDB.tmp
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\~DFAAB52B96F6C7763A.TMP
|
data
|
dropped
|
There are 6 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\uxevr1.ocx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\JPKIhC\pliz.dll"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\uxevr2.ocx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\uxevr3.ocx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\uxevr4.ocx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\SDDrQciobIOh\PbiZVl.dll"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\QPbqQqVCSFtY\IUVkTKnlGjDR.dll"
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k WerSvcGroup
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://173.82.82.196:8080/
|
unknown
|
|
|
|
https://www.melisetotoaksesuar.com/catalog/controller/account/dqfKI/
|
212.98.224.29
|
|
|
|
http://jr-software-web.net/aaabackupsqldb/11hYk3bHJ/
|
138.219.41.210
|
|
|
|
http://elamurray.com/athletics-carnival-2018/3UTZYr9D9f/
|
66.84.31.11
|
|
|
|
https://173.82.82.196/
|
unknown
|
|
|
|
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
|
unknown
|
||
|
http://crl.entrust.net/server1.crl0
|
unknown
|
||
|
http://ocsp.entrust.net03
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
|
unknown
|
||
|
http://www.diginotar.nl/cps/pkioverheid0
|
unknown
|
||
|
http://ocsp.entrust.net0D
|
unknown
|
||
|
https://secure.comodo.com/CPS0
|
unknown
|
||
|
http://crl.entrust.net/2048ca.crl0
|
unknown
|
There are 3 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
elamurray.com
|
66.84.31.11
|
||
|
jr-software-web.net
|
138.219.41.210
|
||
|
masyuk.com
|
128.199.252.32
|
||
|
melisetotoaksesuar.com
|
212.98.224.29
|
||
|
www.melisetotoaksesuar.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
173.82.82.196
|
unknown
|
United States
|
|
|
|
128.199.252.32
|
masyuk.com
|
United Kingdom
|
||
|
138.219.41.210
|
jr-software-web.net
|
Argentina
|
||
|
212.98.224.29
|
melisetotoaksesuar.com
|
Turkey
|
||
|
66.84.31.11
|
elamurray.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
x4)
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\6705F
|
6705F
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
m.)
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
There are 12 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
4C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
1C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
1C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
150000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
3C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
2BE000
|
heap
|
page read and write
|
||
|
2070000
|
heap
|
page read and write
|
||
|
7FEF91BB000
|
unkown
|
page read and write
|
||
|
370000
|
remote allocation
|
page read and write
|
||
|
407000
|
heap
|
page read and write
|
||
|
22AB000
|
heap
|
page read and write
|
||
|
2D3000
|
heap
|
page read and write
|
||
|
2F23000
|
heap
|
page read and write
|
||
|
5BE000
|
stack
|
page read and write
|
||
|
2C7000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
1C7000
|
heap
|
page read and write
|
||
|
230B000
|
heap
|
page read and write
|
||
|
18002C000
|
direct allocation
|
page readonly
|
||
|
480000
|
heap
|
page read and write
|
||
|
31C0000
|
heap
|
page read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
2065000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2B9F000
|
heap
|
page read and write
|
||
|
2C55000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
436000
|
heap
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
4AE000
|
heap
|
page read and write
|
||
|
2C0000
|
heap
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
209B000
|
heap
|
page read and write
|
||
|
29F0000
|
heap
|
page read and write
|
||
|
48B000
|
heap
|
page read and write
|
||
|
6F4000
|
heap
|
page read and write
|
||
|
4DC000
|
heap
|
page read and write
|
||
|
4B0000
|
direct allocation
|
page execute and read and write
|
||
|
224C000
|
stack
|
page read and write
|
||
|
2F94000
|
heap
|
page read and write
|
||
|
2C9C000
|
stack
|
page read and write
|
||
|
56F000
|
stack
|
page read and write
|
||
|
2E7000
|
heap
|
page read and write
|
||
|
22F0000
|
heap
|
page read and write
|
||
|
7FEF9D4F000
|
unkown
|
page readonly
|
||
|
26E000
|
heap
|
page read and write
|
||
|
7FEF7521000
|
unkown
|
page execute read
|
||
|
283000
|
heap
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
2F61000
|
heap
|
page read and write
|
||
|
45A000
|
heap
|
page read and write
|
||
|
2270000
|
heap
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
2AF1000
|
heap
|
page read and write
|
||
|
A8000
|
stack
|
page read and write
|
||
|
31E000
|
heap
|
page read and write
|
||
|
F8000
|
stack
|
page read and write
|
||
|
55D000
|
heap
|
page read and write
|
||
|
400000
|
heap
|
page read and write
|
||
|
370000
|
remote allocation
|
page read and write
|
||
|
144000
|
heap
|
page read and write
|
||
|
4B4000
|
heap
|
page read and write
|
||
|
230000
|
heap
|
page read and write
|
||
|
320000
|
heap
|
page read and write
|
||
|
7FEF7540000
|
unkown
|
page read and write
|
||
|
22D5000
|
heap
|
page read and write
|
||
|
35D1000
|
heap
|
page read and write
|
||
|
33E000
|
heap
|
page read and write
|
||
|
7FEF9D4B000
|
unkown
|
page read and write
|
||
|
33A000
|
heap
|
page read and write
|
||
|
558000
|
heap
|
page read and write
|
||
|
22BF000
|
stack
|
page read and write
|
||
|
1F2000
|
heap
|
page read and write
|
||
|
52F000
|
stack
|
page read and write
|
||
|
1A0000
|
trusted library allocation
|
page read and write
|
||
|
2BAF000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page read and write
|
||
|
2700000
|
heap
|
page read and write
|
||
|
2BCE000
|
stack
|
page read and write
|
||
|
1FD000
|
heap
|
page read and write
|
||
|
2F40000
|
heap
|
page read and write
|
||
|
274D000
|
stack
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
2AF9000
|
heap
|
page read and write
|
||
|
3B8000
|
heap
|
page read and write
|
||
|
2DA000
|
heap
|
page read and write
|
||
|
416000
|
heap
|
page read and write
|
||
|
2D3000
|
heap
|
page read and write
|
||
|
23B0000
|
heap
|
page read and write
|
||
|
7FEF91BB000
|
unkown
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
4B6000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
20CF000
|
stack
|
page read and write
|
||
|
3B0000
|
direct allocation
|
page execute and read and write
|
||
|
35C000
|
heap
|
page read and write
|
||
|
28A000
|
heap
|
page read and write
|
||
|
3D3000
|
heap
|
page read and write
|
||
|
1B6000
|
heap
|
page read and write
|
||
|
3A4000
|
heap
|
page read and write
|
||
|
7FEF9D21000
|
unkown
|
page execute read
|
||
|
500000
|
heap
|
page read and write
|
||
|
277D000
|
stack
|
page read and write
|
||
|
2CAF000
|
stack
|
page read and write
|
||
|
36AC000
|
heap
|
page read and write
|
||
|
7FEF9D20000
|
unkown
|
page readonly
|
||
|
230000
|
heap
|
page read and write
|
||
|
536000
|
heap
|
page read and write
|
||
|
4FC000
|
heap
|
page read and write
|
||
|
236F000
|
stack
|
page read and write
|
||
|
18002C000
|
direct allocation
|
page readonly
|
||
|
2BE000
|
heap
|
page read and write
|
||
|
7FEF9D20000
|
unkown
|
page readonly
|
||
|
10000
|
heap
|
page read and write
|
||
|
4B4000
|
heap
|
page read and write
|
||
|
4DC000
|
heap
|
page read and write
|
||
|
542000
|
heap
|
page read and write
|
||
|
374000
|
heap
|
page read and write
|
||
|
3A5000
|
heap
|
page read and write
|
||
|
7FEF7520000
|
unkown
|
page readonly
|
||
|
4AB000
|
heap
|
page read and write
|
||
|
7FEF91B2000
|
unkown
|
page readonly
|
||
|
18002C000
|
direct allocation
|
page readonly
|
||
|
2326000
|
heap
|
page read and write
|
||
|
248F000
|
stack
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
35A000
|
heap
|
page read and write
|
||
|
3640000
|
heap
|
page read and write
|
||
|
327000
|
heap
|
page read and write
|
||
|
2100000
|
remote allocation
|
page read and write
|
||
|
2260000
|
heap
|
page read and write
|
||
|
234000
|
heap
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
7FEF9D42000
|
unkown
|
page readonly
|
||
|
2830000
|
heap
|
page read and write
|
||
|
7FEF91BF000
|
unkown
|
page readonly
|
||
|
2BA5000
|
heap
|
page read and write
|
||
|
2BA5000
|
heap
|
page read and write
|
||
|
25DC000
|
stack
|
page read and write
|
||
|
3B6000
|
heap
|
page read and write
|
||
|
35D0000
|
heap
|
page read and write
|
||
|
237000
|
heap
|
page read and write
|
||
|
7FEF9190000
|
unkown
|
page readonly
|
||
|
228000
|
stack
|
page read and write
|
||
|
4AE000
|
heap
|
page read and write
|
||
|
206B000
|
heap
|
page read and write
|
||
|
224000
|
heap
|
page read and write
|
||
|
140000
|
heap
|
page read and write
|
||
|
2BAA000
|
heap
|
page read and write
|
||
|
363E000
|
heap
|
page read and write
|
||
|
180000
|
heap
|
page read and write
|
||
|
2C40000
|
heap
|
page read and write
|
||
|
3DA000
|
heap
|
page read and write
|
||
|
2D4E000
|
stack
|
page read and write
|
||
|
307000
|
heap
|
page read and write
|
||
|
7FEF9D42000
|
unkown
|
page readonly
|
||
|
28F0000
|
heap
|
page read and write
|
||
|
22B0000
|
heap
|
page read and write
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
2BCC000
|
heap
|
page read and write
|
||
|
154000
|
heap
|
page read and write
|
||
|
333000
|
heap
|
page read and write
|
||
|
3F0000
|
heap
|
page read and write
|
||
|
2BAF000
|
heap
|
page read and write
|
||
|
3F4000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2E0000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
2BB0000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
310000
|
heap
|
page read and write
|
||
|
2060000
|
heap
|
page read and write
|
||
|
7FEF7545000
|
unkown
|
page readonly
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
3AD000
|
heap
|
page read and write
|
||
|
230000
|
heap
|
page read and write
|
||
|
436000
|
heap
|
page read and write
|
||
|
2206000
|
heap
|
page read and write
|
||
|
2C6E000
|
stack
|
page read and write
|
||
|
272F000
|
stack
|
page read and write
|
||
|
3DD000
|
heap
|
page read and write
|
||
|
3686000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
18002C000
|
direct allocation
|
page readonly
|
||
|
2BA5000
|
heap
|
page read and write
|
||
|
7FEF9D4F000
|
unkown
|
page readonly
|
||
|
2BEC000
|
stack
|
page read and write
|
||
|
2120000
|
heap
|
page read and write
|
||
|
387000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page read and write
|
||
|
2B66000
|
heap
|
page read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
2275000
|
heap
|
page read and write
|
||
|
2F8A000
|
heap
|
page read and write
|
||
|
223F000
|
stack
|
page read and write
|
||
|
C8000
|
stack
|
page read and write
|
||
|
5E6000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
3D8000
|
heap
|
page read and write
|
||
|
380000
|
heap
|
page read and write
|
||
|
2E4F000
|
unkown
|
page read and write
|
||
|
2125000
|
heap
|
page read and write
|
||
|
7FEF7537000
|
unkown
|
page readonly
|
||
|
7EFE0000
|
unkown
|
page readonly
|
||
|
21D0000
|
heap
|
page read and write
|
||
|
389000
|
heap
|
page read and write
|
||
|
18002C000
|
direct allocation
|
page readonly
|
||
|
26BC000
|
stack
|
page read and write
|
||
|
23F6000
|
heap
|
page read and write
|
||
|
7FEF9D4B000
|
unkown
|
page read and write
|
||
|
297F000
|
stack
|
page read and write
|
||
|
363E000
|
heap
|
page read and write
|
||
|
215B000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
2A60000
|
heap
|
page read and write
|
||
|
178000
|
stack
|
page read and write
|
||
|
3630000
|
heap
|
page read and write
|
||
|
14C000
|
stack
|
page read and write
|
||
|
4AB000
|
heap
|
page read and write
|
||
|
150000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page read and write
|
||
|
35A000
|
heap
|
page read and write
|
||
|
23B6000
|
heap
|
page read and write
|
||
|
23F0000
|
heap
|
page read and write
|
||
|
3590000
|
heap
|
page read and write
|
||
|
7FEF7521000
|
unkown
|
page execute read
|
||
|
7FEF9191000
|
unkown
|
page execute read
|
||
|
370000
|
heap
|
page read and write
|
||
|
2EEE000
|
stack
|
page read and write
|
||
|
280000
|
heap
|
page read and write
|
||
|
5A4000
|
heap
|
page read and write
|
||
|
7FEF7545000
|
unkown
|
page readonly
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
1B0000
|
direct allocation
|
page execute and read and write
|
||
|
2BBB000
|
heap
|
page read and write
|
||
|
20AB000
|
heap
|
page read and write
|
||
|
220000
|
heap
|
page read and write
|
||
|
6B0000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
heap
|
page read and write
|
||
|
2DEE000
|
stack
|
page read and write
|
||
|
27DD000
|
stack
|
page read and write
|
||
|
2F27000
|
heap
|
page read and write
|
||
|
3F4000
|
heap
|
page read and write
|
||
|
7FEF9191000
|
unkown
|
page execute read
|
||
|
1B6000
|
heap
|
page read and write
|
||
|
A3F000
|
stack
|
page read and write
|
||
|
2B9F000
|
heap
|
page read and write
|
||
|
4FC000
|
heap
|
page read and write
|
||
|
3D2000
|
heap
|
page read and write
|
||
|
287000
|
heap
|
page read and write
|
||
|
446000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
3C8000
|
heap
|
page read and write
|
||
|
3A0000
|
heap
|
page read and write
|
||
|
548000
|
heap
|
page read and write
|
||
|
404000
|
heap
|
page read and write
|
||
|
2F82000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
3640000
|
heap
|
page read and write
|
||
|
208000
|
heap
|
page read and write
|
||
|
130000
|
direct allocation
|
page execute and read and write
|
||
|
319000
|
heap
|
page read and write
|
||
|
410000
|
heap
|
page read and write
|
||
|
2BBB000
|
heap
|
page read and write
|
||
|
28DE000
|
stack
|
page read and write
|
||
|
2100000
|
remote allocation
|
page read and write
|
||
|
2E3E000
|
stack
|
page read and write
|
||
|
2DD0000
|
heap
|
page read and write
|
||
|
18D000
|
stack
|
page read and write
|
||
|
27FB000
|
stack
|
page read and write
|
||
|
2D5E000
|
stack
|
page read and write
|
||
|
2030000
|
heap
|
page read and write
|
||
|
546000
|
heap
|
page read and write
|
||
|
B7F000
|
stack
|
page read and write
|
||
|
226000
|
heap
|
page read and write
|
||
|
22EB000
|
heap
|
page read and write
|
||
|
180000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
7FEF7540000
|
unkown
|
page read and write
|
||
|
2B69000
|
heap
|
page read and write
|
||
|
2F6000
|
heap
|
page read and write
|
||
|
2B47000
|
heap
|
page read and write
|
||
|
43E000
|
heap
|
page read and write
|
||
|
1B0000
|
direct allocation
|
page execute and read and write
|
||
|
7FEF9190000
|
unkown
|
page readonly
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
7FEF91B2000
|
unkown
|
page readonly
|
||
|
363E000
|
heap
|
page read and write
|
||
|
3000000
|
heap
|
page read and write
|
||
|
280000
|
heap
|
page read and write
|
||
|
3F0000
|
heap
|
page read and write
|
||
|
536000
|
heap
|
page read and write
|
||
|
453000
|
heap
|
page read and write
|
||
|
2F0000
|
heap
|
page read and write
|
||
|
380000
|
heap
|
page read and write
|
||
|
23DF000
|
stack
|
page read and write
|
||
|
6D4000
|
heap
|
page read and write
|
||
|
3BE000
|
heap
|
page read and write
|
||
|
2B39000
|
heap
|
page read and write
|
||
|
3E0000
|
heap
|
page read and write
|
||
|
7FEF91BF000
|
unkown
|
page readonly
|
||
|
2BA8000
|
heap
|
page read and write
|
||
|
2AE0000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page read and write
|
||
|
2F20000
|
heap
|
page read and write
|
||
|
1EC000
|
stack
|
page read and write
|
||
|
2DBF000
|
stack
|
page read and write
|
||
|
353000
|
heap
|
page read and write
|
||
|
490000
|
heap
|
page read and write
|
||
|
35F8000
|
heap
|
page read and write
|
||
|
400000
|
heap
|
page read and write
|
||
|
2350000
|
heap
|
page read and write
|
||
|
22D0000
|
heap
|
page read and write
|
||
|
3618000
|
heap
|
page read and write
|
||
|
300000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page read and write
|
||
|
398000
|
heap
|
page read and write
|
||
|
32E000
|
heap
|
page read and write
|
||
|
6F4000
|
heap
|
page read and write
|
||
|
206000
|
heap
|
page read and write
|
||
|
2BCB000
|
heap
|
page read and write
|
||
|
7FEF7520000
|
unkown
|
page readonly
|
||
|
400000
|
heap
|
page read and write
|
||
|
538000
|
heap
|
page read and write
|
||
|
266000
|
heap
|
page read and write
|
||
|
28EC000
|
stack
|
page read and write
|
||
|
2F49000
|
heap
|
page read and write
|
||
|
490000
|
heap
|
page read and write
|
||
|
287000
|
heap
|
page read and write
|
||
|
2F88000
|
heap
|
page read and write
|
||
|
2E0000
|
heap
|
page read and write
|
||
|
7FEF9D21000
|
unkown
|
page execute read
|
||
|
2075000
|
heap
|
page read and write
|
||
|
3640000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
234E000
|
stack
|
page read and write
|
||
|
2DA000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
325000
|
heap
|
page read and write
|
||
|
22B5000
|
heap
|
page read and write
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
515000
|
heap
|
page read and write
|
||
|
31E000
|
heap
|
page read and write
|
||
|
360000
|
heap
|
page read and write
|
||
|
2B37000
|
heap
|
page read and write
|
||
|
2BDE000
|
heap
|
page read and write
|
||
|
7FEF7537000
|
unkown
|
page readonly
|
||
|
350000
|
heap
|
page read and write
|
||
|
2035000
|
heap
|
page read and write
|
There are 346 hidden memdumps, click here to show them.