Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Rechnungskorrektur.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Dream, Last Saved
By: TYHRETH, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date:
Fri May 20 08:38:10 2022, Security: 0
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\LjSKxP[1].dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\CPZby9k8xhW2TaPgwsAagxTpGuhIkFrK[1].dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\F3DOS06hLF1rUq3s6XOB[1].dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
downloaded
|
|
|
|
C:\Users\user\Desktop\Rechnungskorrektur.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Dream, Last Saved
By: TYHRETH, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date:
Fri May 20 08:38:10 2022, Security: 0
|
dropped
|
|
|
|
C:\Users\user\uxevr1.ocx
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\uxevr2.ocx
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\uxevr4.ocx
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\System32\LBUWwhPPksdkbrI\fLFiVTKXFnmiKNO.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\System32\QqMjGTkR\OFOYbbONgl.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\System32\TyLOgnor\dcMKhPPDZlub.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, 61480 bytes, 1 file
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\CabD2E2.tmp
|
Microsoft Cabinet archive data, 61480 bytes, 1 file
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TarD312.tmp
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\~DF2E03B45BAF714017.TMP
|
data
|
dropped
|
There are 6 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\uxevr1.ocx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\LBUWwhPPksdkbrI\fLFiVTKXFnmiKNO.dll"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\uxevr2.ocx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\uxevr3.ocx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\uxevr4.ocx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\TyLOgnor\dcMKhPPDZlub.dll"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\QqMjGTkR\OFOYbbONgl.dll"
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k WerSvcGroup
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://173.82.82.196/5
|
unknown
|
|
|
|
https://173.82.82.196:8080/
|
unknown
|
|
|
|
https://173.82.82.196:8080/w
|
unknown
|
|
|
|
https://www.melisetotoaksesuar.com/catalog/controller/account/dqfKI/
|
212.98.224.29
|
|
|
|
http://jr-software-web.net/aaabackupsqldb/11hYk3bHJ/
|
138.219.41.210
|
|
|
|
http://elamurray.com/athletics-carnival-2018/3UTZYr9D9f/
|
66.84.31.11
|
|
|
|
https://173.82.82.196/
|
unknown
|
|
|
|
https://173.82.82.196/e
|
unknown
|
|
|
|
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
|
unknown
|
||
|
http://crl.entrust.net/server1.crl0
|
unknown
|
||
|
http://ocsp.entrust.net03
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
|
unknown
|
||
|
http://www.diginotar.nl/cps/pkioverheid0
|
unknown
|
||
|
http://ocsp.entrust.net0D
|
unknown
|
||
|
https://secure.comodo.com/CPS0
|
unknown
|
||
|
http://crl.entrust.net/2048ca.crl0
|
unknown
|
There are 6 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
jr-software-web.net
|
138.219.41.210
|
|
|
|
elamurray.com
|
66.84.31.11
|
||
|
masyuk.com
|
128.199.252.32
|
||
|
melisetotoaksesuar.com
|
212.98.224.29
|
||
|
windowsupdatebg.s.llnwi.net
|
95.140.236.128
|
||
|
www.melisetotoaksesuar.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
173.82.82.196
|
unknown
|
United States
|
|
|
|
138.219.41.210
|
jr-software-web.net
|
Argentina
|
|
|
|
128.199.252.32
|
masyuk.com
|
United Kingdom
|
||
|
212.98.224.29
|
melisetotoaksesuar.com
|
Turkey
|
||
|
66.84.31.11
|
elamurray.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
s3*
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\68150
|
68150
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
g2*
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
There are 12 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
140000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
1C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
200000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
1C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
140000
|
direct allocation
|
page execute and read and write
|
|
|
|
7FEF7545000
|
unkown
|
page readonly
|
||
|
36A6000
|
heap
|
page read and write
|
||
|
316000
|
heap
|
page read and write
|
||
|
2DD0000
|
heap
|
page read and write
|
||
|
2075000
|
heap
|
page read and write
|
||
|
2A4000
|
heap
|
page read and write
|
||
|
B6F000
|
stack
|
page read and write
|
||
|
410000
|
heap
|
page read and write
|
||
|
2D0000
|
heap
|
page read and write
|
||
|
2BA000
|
heap
|
page read and write
|
||
|
130000
|
direct allocation
|
page execute and read and write
|
||
|
440000
|
heap
|
page read and write
|
||
|
534000
|
heap
|
page read and write
|
||
|
2360000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
7FEF9D20000
|
unkown
|
page readonly
|
||
|
5F4000
|
heap
|
page read and write
|
||
|
7FEF7545000
|
unkown
|
page readonly
|
||
|
311000
|
heap
|
page read and write
|
||
|
21B6000
|
heap
|
page read and write
|
||
|
1CA000
|
heap
|
page read and write
|
||
|
2520000
|
heap
|
page read and write
|
||
|
2DBC000
|
heap
|
page read and write
|
||
|
273B000
|
stack
|
page read and write
|
||
|
2BE000
|
heap
|
page read and write
|
||
|
548000
|
heap
|
page read and write
|
||
|
20AB000
|
heap
|
page read and write
|
||
|
6AE000
|
stack
|
page read and write
|
||
|
498000
|
heap
|
page read and write
|
||
|
353000
|
heap
|
page read and write
|
||
|
2D45000
|
heap
|
page read and write
|
||
|
2DB7000
|
heap
|
page read and write
|
||
|
49D000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
26BF000
|
stack
|
page read and write
|
||
|
2DEE000
|
stack
|
page read and write
|
||
|
7FEF9D4B000
|
unkown
|
page read and write
|
||
|
7FEF7521000
|
unkown
|
page execute read
|
||
|
624000
|
heap
|
page read and write
|
||
|
20E0000
|
heap
|
page read and write
|
||
|
263E000
|
stack
|
page read and write
|
||
|
7FEF7521000
|
unkown
|
page execute read
|
||
|
2112000
|
heap
|
page read and write
|
||
|
470000
|
heap
|
page read and write
|
||
|
230000
|
heap
|
page read and write
|
||
|
287000
|
heap
|
page read and write
|
||
|
650000
|
heap
|
page read and write
|
||
|
436000
|
heap
|
page read and write
|
||
|
7FEF9D21000
|
unkown
|
page execute read
|
||
|
18002C000
|
direct allocation
|
page readonly
|
||
|
1F80000
|
heap
|
page read and write
|
||
|
29E000
|
heap
|
page read and write
|
||
|
55D000
|
heap
|
page read and write
|
||
|
454000
|
heap
|
page read and write
|
||
|
2BA0000
|
heap
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
377000
|
heap
|
page read and write
|
||
|
2140000
|
heap
|
page read and write
|
||
|
25C000
|
stack
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
C7000
|
heap
|
page read and write
|
||
|
2D5D000
|
heap
|
page read and write
|
||
|
2F30000
|
heap
|
page read and write
|
||
|
2B4E000
|
stack
|
page read and write
|
||
|
2EFE000
|
stack
|
page read and write
|
||
|
3734000
|
heap
|
page read and write
|
||
|
40A000
|
heap
|
page read and write
|
||
|
392000
|
heap
|
page read and write
|
||
|
198000
|
stack
|
page read and write
|
||
|
2C70000
|
heap
|
page read and write
|
||
|
2F4E000
|
stack
|
page read and write
|
||
|
2DAE000
|
heap
|
page read and write
|
||
|
293000
|
heap
|
page read and write
|
||
|
254000
|
heap
|
page read and write
|
||
|
478000
|
heap
|
page read and write
|
||
|
247000
|
heap
|
page read and write
|
||
|
306000
|
heap
|
page read and write
|
||
|
240000
|
heap
|
page read and write
|
||
|
2DDE000
|
heap
|
page read and write
|
||
|
2180000
|
heap
|
page read and write
|
||
|
113000
|
heap
|
page read and write
|
||
|
7FEF91BF000
|
unkown
|
page readonly
|
||
|
2E0000
|
heap
|
page read and write
|
||
|
214000
|
heap
|
page read and write
|
||
|
31E000
|
heap
|
page read and write
|
||
|
260000
|
heap
|
page read and write
|
||
|
2116000
|
heap
|
page read and write
|
||
|
23EF000
|
stack
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
38E000
|
heap
|
page read and write
|
||
|
2E7B000
|
stack
|
page read and write
|
||
|
376000
|
heap
|
page read and write
|
||
|
1D0000
|
direct allocation
|
page execute and read and write
|
||
|
296F000
|
stack
|
page read and write
|
||
|
3F9000
|
heap
|
page read and write
|
||
|
23C2000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
2BAE000
|
stack
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
2E7000
|
heap
|
page read and write
|
||
|
22D000
|
stack
|
page read and write
|
||
|
2E000
|
heap
|
page read and write
|
||
|
324000
|
heap
|
page read and write
|
||
|
2DB7000
|
heap
|
page read and write
|
||
|
2110000
|
remote allocation
|
page read and write
|
||
|
33C000
|
heap
|
page read and write
|
||
|
450000
|
heap
|
page read and write
|
||
|
696000
|
heap
|
page read and write
|
||
|
36EE000
|
heap
|
page read and write
|
||
|
170000
|
heap
|
page read and write
|
||
|
260000
|
remote allocation
|
page read and write
|
||
|
3200000
|
heap
|
page read and write
|
||
|
2E0000
|
heap
|
page read and write
|
||
|
210F000
|
stack
|
page read and write
|
||
|
480000
|
heap
|
page read and write
|
||
|
230B000
|
heap
|
page read and write
|
||
|
234F000
|
stack
|
page read and write
|
||
|
404000
|
heap
|
page read and write
|
||
|
1E8000
|
stack
|
page read and write
|
||
|
18002C000
|
direct allocation
|
page readonly
|
||
|
267000
|
heap
|
page read and write
|
||
|
43C000
|
heap
|
page read and write
|
||
|
496000
|
heap
|
page read and write
|
||
|
35D000
|
heap
|
page read and write
|
||
|
7FEF7540000
|
unkown
|
page read and write
|
||
|
7EFE0000
|
unkown
|
page readonly
|
||
|
2CC000
|
heap
|
page read and write
|
||
|
20EC000
|
stack
|
page read and write
|
||
|
311000
|
heap
|
page read and write
|
||
|
460000
|
heap
|
page read and write
|
||
|
327000
|
heap
|
page read and write
|
||
|
414000
|
heap
|
page read and write
|
||
|
231F000
|
stack
|
page read and write
|
||
|
20F5000
|
heap
|
page read and write
|
||
|
1F8000
|
stack
|
page read and write
|
||
|
3A7000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2BFC000
|
stack
|
page read and write
|
||
|
2A0000
|
heap
|
page read and write
|
||
|
324000
|
heap
|
page read and write
|
||
|
7FEF9190000
|
unkown
|
page readonly
|
||
|
18002C000
|
direct allocation
|
page readonly
|
||
|
367F000
|
heap
|
page read and write
|
||
|
2286000
|
heap
|
page read and write
|
||
|
2DCF000
|
heap
|
page read and write
|
||
|
357000
|
heap
|
page read and write
|
||
|
11A000
|
heap
|
page read and write
|
||
|
2DC2000
|
heap
|
page read and write
|
||
|
3D4000
|
heap
|
page read and write
|
||
|
7FEF9D20000
|
unkown
|
page readonly
|
||
|
2980000
|
heap
|
page read and write
|
||
|
2110000
|
heap
|
page read and write
|
||
|
7FEF7540000
|
unkown
|
page read and write
|
||
|
2F9000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
18002C000
|
direct allocation
|
page readonly
|
||
|
2DE000
|
heap
|
page read and write
|
||
|
3F0000
|
heap
|
page read and write
|
||
|
3D9000
|
heap
|
page read and write
|
||
|
2DB7000
|
heap
|
page read and write
|
||
|
350000
|
heap
|
page read and write
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
2DB8000
|
heap
|
page read and write
|
||
|
7FEF7520000
|
unkown
|
page readonly
|
||
|
280000
|
heap
|
page read and write
|
||
|
1B0000
|
direct allocation
|
page execute and read and write
|
||
|
2D57000
|
heap
|
page read and write
|
||
|
2110000
|
remote allocation
|
page read and write
|
||
|
2DBA000
|
heap
|
page read and write
|
||
|
2F5000
|
heap
|
page read and write
|
||
|
2E4000
|
heap
|
page read and write
|
||
|
2040000
|
trusted library allocation
|
page read and write
|
||
|
2526000
|
heap
|
page read and write
|
||
|
474000
|
heap
|
page read and write
|
||
|
4D0000
|
heap
|
page read and write
|
||
|
2245000
|
heap
|
page read and write
|
||
|
30C000
|
heap
|
page read and write
|
||
|
C0000
|
heap
|
page read and write
|
||
|
3A3000
|
heap
|
page read and write
|
||
|
76F000
|
stack
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
222B000
|
heap
|
page read and write
|
||
|
7FEF91BB000
|
unkown
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page read and write
|
||
|
516000
|
heap
|
page read and write
|
||
|
320000
|
heap
|
page read and write
|
||
|
12C000
|
stack
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
660000
|
heap
|
page read and write
|
||
|
1F85000
|
heap
|
page read and write
|
||
|
7FEF9D42000
|
unkown
|
page readonly
|
||
|
2DB0000
|
heap
|
page read and write
|
||
|
1B8000
|
stack
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page read and write
|
||
|
2D8D000
|
heap
|
page read and write
|
||
|
2DCF000
|
heap
|
page read and write
|
||
|
7FEF7520000
|
unkown
|
page readonly
|
||
|
7FEF9191000
|
unkown
|
page execute read
|
||
|
3A0000
|
heap
|
page read and write
|
||
|
3AD000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
558000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page read and write
|
||
|
7FEF91B2000
|
unkown
|
page readonly
|
||
|
340000
|
heap
|
page read and write
|
||
|
360000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
7FEF9D4F000
|
unkown
|
page readonly
|
||
|
2DAE000
|
heap
|
page read and write
|
||
|
22D0000
|
heap
|
page read and write
|
||
|
2DCF000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page read and write
|
||
|
7FEF9191000
|
unkown
|
page execute read
|
||
|
536000
|
heap
|
page read and write
|
||
|
3FE000
|
heap
|
page read and write
|
||
|
2D3C000
|
stack
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
26CF000
|
stack
|
page read and write
|
||
|
21BD000
|
stack
|
page read and write
|
||
|
3714000
|
heap
|
page read and write
|
||
|
18002C000
|
direct allocation
|
page readonly
|
||
|
7FEF9D4B000
|
unkown
|
page read and write
|
||
|
210000
|
trusted library allocation
|
page read and write
|
||
|
406000
|
heap
|
page read and write
|
||
|
2DC2000
|
heap
|
page read and write
|
||
|
24EF000
|
stack
|
page read and write
|
||
|
3AA000
|
heap
|
page read and write
|
||
|
2740000
|
heap
|
page read and write
|
||
|
7FEF9D42000
|
unkown
|
page readonly
|
||
|
654000
|
heap
|
page read and write
|
||
|
7FEF91BB000
|
unkown
|
page read and write
|
||
|
3A7000
|
heap
|
page read and write
|
||
|
2D3000
|
heap
|
page read and write
|
||
|
7FEF9D4F000
|
unkown
|
page readonly
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
35A000
|
heap
|
page read and write
|
||
|
20F0000
|
heap
|
page read and write
|
||
|
1F5000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2230000
|
heap
|
page read and write
|
||
|
3B6000
|
heap
|
page read and write
|
||
|
24000
|
heap
|
page read and write
|
||
|
39E000
|
heap
|
page read and write
|
||
|
3C2000
|
heap
|
page read and write
|
||
|
2145000
|
heap
|
page read and write
|
||
|
2DCF000
|
heap
|
page read and write
|
||
|
2D40000
|
heap
|
page read and write
|
||
|
288D000
|
stack
|
page read and write
|
||
|
29C0000
|
heap
|
page read and write
|
||
|
300000
|
heap
|
page read and write
|
||
|
291E000
|
stack
|
page read and write
|
||
|
22D5000
|
heap
|
page read and write
|
||
|
130000
|
direct allocation
|
page execute and read and write
|
||
|
3735000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
3F9000
|
heap
|
page read and write
|
||
|
4D4000
|
heap
|
page read and write
|
||
|
2E9000
|
heap
|
page read and write
|
||
|
FE000
|
heap
|
page read and write
|
||
|
36EE000
|
heap
|
page read and write
|
||
|
3BB000
|
heap
|
page read and write
|
||
|
43F000
|
stack
|
page read and write
|
||
|
2C4F000
|
stack
|
page read and write
|
||
|
217B000
|
heap
|
page read and write
|
||
|
2DB4000
|
heap
|
page read and write
|
||
|
2B3000
|
heap
|
page read and write
|
||
|
304000
|
heap
|
page read and write
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
2864000
|
heap
|
page read and write
|
||
|
2CFD000
|
heap
|
page read and write
|
||
|
345000
|
heap
|
page read and write
|
||
|
3A0000
|
heap
|
page read and write
|
||
|
2D11000
|
heap
|
page read and write
|
||
|
2D0000
|
heap
|
page read and write
|
||
|
2070000
|
heap
|
page read and write
|
||
|
250000
|
heap
|
page read and write
|
||
|
1C3000
|
heap
|
page read and write
|
||
|
260000
|
remote allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2CDF000
|
stack
|
page read and write
|
||
|
21F0000
|
heap
|
page read and write
|
||
|
2E4E000
|
stack
|
page read and write
|
||
|
178000
|
stack
|
page read and write
|
||
|
210000
|
heap
|
page read and write
|
||
|
2E0000
|
heap
|
page read and write
|
||
|
29A000
|
heap
|
page read and write
|
||
|
2280000
|
heap
|
page read and write
|
||
|
7FEF9D21000
|
unkown
|
page execute read
|
||
|
2DB7000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
7FEF91B2000
|
unkown
|
page readonly
|
||
|
7FEF7537000
|
unkown
|
page readonly
|
||
|
18002D000
|
direct allocation
|
page read and write
|
||
|
1AE000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
2DA000
|
heap
|
page read and write
|
||
|
3C2000
|
heap
|
page read and write
|
||
|
538000
|
heap
|
page read and write
|
||
|
38E000
|
heap
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
227B000
|
heap
|
page read and write
|
||
|
486000
|
heap
|
page read and write
|
||
|
23C0000
|
heap
|
page read and write
|
||
|
3735000
|
heap
|
page read and write
|
||
|
3D4000
|
heap
|
page read and write
|
||
|
586000
|
heap
|
page read and write
|
||
|
24000
|
heap
|
page read and write
|
||
|
212B000
|
heap
|
page read and write
|
||
|
396000
|
heap
|
page read and write
|
||
|
370000
|
heap
|
page read and write
|
||
|
2240000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
450000
|
heap
|
page read and write
|
||
|
33E000
|
heap
|
page read and write
|
||
|
7FEF9190000
|
unkown
|
page readonly
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
3671000
|
heap
|
page read and write
|
||
|
2DBA000
|
heap
|
page read and write
|
||
|
1FBB000
|
heap
|
page read and write
|
||
|
3F0000
|
heap
|
page read and write
|
||
|
177000
|
heap
|
page read and write
|
||
|
2DE0000
|
heap
|
page read and write
|
||
|
2CF0000
|
heap
|
page read and write
|
||
|
32F000
|
heap
|
page read and write
|
||
|
2D0E000
|
stack
|
page read and write
|
||
|
21F5000
|
heap
|
page read and write
|
||
|
414000
|
heap
|
page read and write
|
||
|
1C0000
|
direct allocation
|
page execute and read and write
|
||
|
22BE000
|
stack
|
page read and write
|
||
|
488000
|
heap
|
page read and write
|
||
|
7FEF91BF000
|
unkown
|
page readonly
|
||
|
2ACB000
|
stack
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
2860000
|
heap
|
page read and write
|
||
|
266000
|
heap
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
3D9000
|
heap
|
page read and write
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
27E000
|
heap
|
page read and write
|
||
|
36EC000
|
heap
|
page read and write
|
||
|
239C000
|
stack
|
page read and write
|
||
|
2D8F000
|
heap
|
page read and write
|
||
|
2D8D000
|
heap
|
page read and write
|
||
|
476000
|
heap
|
page read and write
|
||
|
7FEF7537000
|
unkown
|
page readonly
|
||
|
352000
|
heap
|
page read and write
|
||
|
4B6000
|
heap
|
page read and write
|
||
|
3670000
|
heap
|
page read and write
|
||
|
39E000
|
heap
|
page read and write
|
||
|
24F0000
|
heap
|
page read and write
|
||
|
2E05000
|
heap
|
page read and write
|
||
|
400000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
392000
|
heap
|
page read and write
|
||
|
130000
|
direct allocation
|
page execute and read and write
|
||
|
307000
|
heap
|
page read and write
|
There are 358 hidden memdumps, click here to show them.