Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
RechnungsDetails.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Dream, Last Saved
By: TYHRETH, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date:
Fri May 20 08:38:10 2022, Security: 0
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\LjSKxP[1].dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\CPZby9k8xhW2TaPgwsAagxTpGuhIkFrK[1].dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\F3DOS06hLF1rUq3s6XOB[1].dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
downloaded
|
|
|
|
C:\Users\user\Desktop\RechnungsDetails.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Dream, Last Saved
By: TYHRETH, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date:
Fri May 20 08:38:10 2022, Security: 0
|
dropped
|
|
|
|
C:\Users\user\uxevr1.ocx
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\uxevr2.ocx
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\uxevr4.ocx
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\System32\AQbqR\xhDhNsFFy.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\System32\FIdWcB\GulPp.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\System32\IWNForDwCavadlTU\oACuhBcYqGjSrI.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, 61480 bytes, 1 file
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Cab3C9B.tmp
|
Microsoft Cabinet archive data, 61480 bytes, 1 file
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Tar3C9C.tmp
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\~DFE4A10193AB5B5F72.TMP
|
data
|
dropped
|
There are 6 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\uxevr1.ocx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\FIdWcB\GulPp.dll"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\uxevr2.ocx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\uxevr3.ocx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\uxevr4.ocx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\AQbqR\xhDhNsFFy.dll"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\IWNForDwCavadlTU\oACuhBcYqGjSrI.dll"
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k WerSvcGroup
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://173.82.82.196:8080/
|
unknown
|
|
|
|
https://www.melisetotoaksesuar.com/catalog/controller/account/dqfKI/
|
212.98.224.29
|
|
|
|
http://jr-software-web.net/aaabackupsqldb/11hYk3bHJ/
|
138.219.41.210
|
|
|
|
http://elamurray.com/athletics-carnival-2018/3UTZYr9D9f/
|
66.84.31.11
|
|
|
|
https://173.82.82.196/
|
unknown
|
|
|
|
https://173.82.82.196/(
|
unknown
|
|
|
|
https://173.82.82.196/F
|
unknown
|
|
|
|
https://173.82.82.196/f
|
unknown
|
|
|
|
https://173.82.82.196:8080/J
|
unknown
|
|
|
|
https://173.82.82.196:8080/N
|
unknown
|
|
|
|
https://173.82.82.196:8080/0
|
unknown
|
|
|
|
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
|
unknown
|
||
|
http://crl.entrust.net/server1.crl0
|
unknown
|
||
|
http://ocsp.entrust.net03
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
|
unknown
|
||
|
http://www.diginotar.nl/cps/pkioverheid0
|
unknown
|
||
|
http://ocsp.entrust.net0D
|
unknown
|
||
|
https://secure.comodo.com/CPS0
|
unknown
|
||
|
http://crl.entrust.net/2048ca.crl0
|
unknown
|
There are 9 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
jr-software-web.net
|
138.219.41.210
|
|
|
|
elamurray.com
|
66.84.31.11
|
||
|
masyuk.com
|
128.199.252.32
|
||
|
melisetotoaksesuar.com
|
212.98.224.29
|
||
|
www.melisetotoaksesuar.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
173.82.82.196
|
unknown
|
United States
|
|
|
|
138.219.41.210
|
jr-software-web.net
|
Argentina
|
|
|
|
128.199.252.32
|
masyuk.com
|
United Kingdom
|
||
|
212.98.224.29
|
melisetotoaksesuar.com
|
Turkey
|
||
|
66.84.31.11
|
elamurray.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
(30
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\66BCD
|
66BCD
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
~-0
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
There are 12 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3F0000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
160000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
140000
|
direct allocation
|
page execute and read and write
|
|
|
|
2C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
140000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
26C5000
|
heap
|
page read and write
|
||
|
20B0000
|
heap
|
page read and write
|
||
|
3743000
|
heap
|
page read and write
|
||
|
313000
|
heap
|
page read and write
|
||
|
37E6000
|
heap
|
page read and write
|
||
|
2080000
|
remote allocation
|
page read and write
|
||
|
7FEF9D42000
|
unkown
|
page readonly
|
||
|
20B0000
|
heap
|
page read and write
|
||
|
373000
|
heap
|
page read and write
|
||
|
20E6000
|
heap
|
page read and write
|
||
|
7FEF9190000
|
unkown
|
page readonly
|
||
|
10000
|
heap
|
page read and write
|
||
|
2F3000
|
heap
|
page read and write
|
||
|
7FEF91BF000
|
unkown
|
page readonly
|
||
|
18002C000
|
direct allocation
|
page readonly
|
||
|
148000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
5AF000
|
stack
|
page read and write
|
||
|
2245000
|
heap
|
page read and write
|
||
|
32D0000
|
heap
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
314000
|
heap
|
page read and write
|
||
|
2FE000
|
heap
|
page read and write
|
||
|
438000
|
heap
|
page read and write
|
||
|
3BE000
|
heap
|
page read and write
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
2350000
|
heap
|
page read and write
|
||
|
7FEF9D21000
|
unkown
|
page execute read
|
||
|
524000
|
heap
|
page read and write
|
||
|
375B000
|
heap
|
page read and write
|
||
|
7EFE0000
|
unkown
|
page readonly
|
||
|
2496000
|
heap
|
page read and write
|
||
|
248000
|
stack
|
page read and write
|
||
|
27A0000
|
heap
|
page read and write
|
||
|
3753000
|
heap
|
page read and write
|
||
|
382F000
|
heap
|
page read and write
|
||
|
2E4000
|
heap
|
page read and write
|
||
|
238E000
|
stack
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
7FEF7521000
|
unkown
|
page execute read
|
||
|
2740000
|
heap
|
page read and write
|
||
|
1D6000
|
heap
|
page read and write
|
||
|
273E000
|
heap
|
page read and write
|
||
|
409000
|
heap
|
page read and write
|
||
|
357000
|
heap
|
page read and write
|
||
|
7FEF91B2000
|
unkown
|
page readonly
|
||
|
2490000
|
heap
|
page read and write
|
||
|
514000
|
heap
|
page read and write
|
||
|
113000
|
heap
|
page read and write
|
||
|
2CDE000
|
stack
|
page read and write
|
||
|
3753000
|
heap
|
page read and write
|
||
|
320000
|
heap
|
page read and write
|
||
|
21D5000
|
heap
|
page read and write
|
||
|
320000
|
heap
|
page read and write
|
||
|
3F6000
|
heap
|
page read and write
|
||
|
160000
|
heap
|
page read and write
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
684000
|
heap
|
page read and write
|
||
|
FE000
|
heap
|
page read and write
|
||
|
454000
|
heap
|
page read and write
|
||
|
2300000
|
heap
|
page read and write
|
||
|
130000
|
direct allocation
|
page execute and read and write
|
||
|
246000
|
heap
|
page read and write
|
||
|
7FEF91BB000
|
unkown
|
page read and write
|
||
|
2C7000
|
heap
|
page read and write
|
||
|
2850000
|
heap
|
page read and write
|
||
|
417000
|
heap
|
page read and write
|
||
|
2FA000
|
heap
|
page read and write
|
||
|
433000
|
heap
|
page read and write
|
||
|
EA000
|
heap
|
page read and write
|
||
|
44A000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2F0000
|
heap
|
page read and write
|
||
|
7FEF9D4B000
|
unkown
|
page read and write
|
||
|
26EF000
|
stack
|
page read and write
|
||
|
2DBD000
|
heap
|
page read and write
|
||
|
2302000
|
heap
|
page read and write
|
||
|
18002C000
|
direct allocation
|
page readonly
|
||
|
5EE000
|
stack
|
page read and write
|
||
|
7FEF7537000
|
unkown
|
page readonly
|
||
|
7FEF7545000
|
unkown
|
page readonly
|
||
|
468000
|
heap
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
2195000
|
heap
|
page read and write
|
||
|
130000
|
direct allocation
|
page execute and read and write
|
||
|
130000
|
direct allocation
|
page execute and read and write
|
||
|
2AED000
|
heap
|
page read and write
|
||
|
450000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
43A000
|
heap
|
page read and write
|
||
|
7FEF9D20000
|
unkown
|
page readonly
|
||
|
97000
|
heap
|
page read and write
|
||
|
125000
|
heap
|
page read and write
|
||
|
243F000
|
stack
|
page read and write
|
||
|
296000
|
heap
|
page read and write
|
||
|
7FEF7520000
|
unkown
|
page readonly
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
5D4000
|
heap
|
page read and write
|
||
|
219D000
|
stack
|
page read and write
|
||
|
5C4000
|
heap
|
page read and write
|
||
|
598000
|
heap
|
page read and write
|
||
|
7FEF91BB000
|
unkown
|
page read and write
|
||
|
154000
|
heap
|
page read and write
|
||
|
20BB000
|
heap
|
page read and write
|
||
|
1C0000
|
direct allocation
|
page execute and read and write
|
||
|
310000
|
heap
|
page read and write
|
||
|
2C20000
|
heap
|
page read and write
|
||
|
27CD000
|
stack
|
page read and write
|
||
|
37A0000
|
heap
|
page read and write
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
7FEF7540000
|
unkown
|
page read and write
|
||
|
2085000
|
heap
|
page read and write
|
||
|
456000
|
heap
|
page read and write
|
||
|
277B000
|
stack
|
page read and write
|
||
|
21D0000
|
heap
|
page read and write
|
||
|
3A0000
|
heap
|
page read and write
|
||
|
41E000
|
heap
|
page read and write
|
||
|
180000
|
heap
|
page read and write
|
||
|
490000
|
heap
|
page read and write
|
||
|
7FEF9191000
|
unkown
|
page execute read
|
||
|
4B7000
|
heap
|
page read and write
|
||
|
E3000
|
heap
|
page read and write
|
||
|
273E000
|
heap
|
page read and write
|
||
|
18002C000
|
direct allocation
|
page readonly
|
||
|
3F6000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page read and write
|
||
|
494000
|
heap
|
page read and write
|
||
|
182000
|
heap
|
page read and write
|
||
|
26BE000
|
heap
|
page read and write
|
||
|
374A000
|
heap
|
page read and write
|
||
|
7FEF9190000
|
unkown
|
page readonly
|
||
|
31A000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
680000
|
heap
|
page read and write
|
||
|
3778000
|
heap
|
page read and write
|
||
|
3D6000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
2135000
|
heap
|
page read and write
|
||
|
7FEF7545000
|
unkown
|
page readonly
|
||
|
550000
|
heap
|
page read and write
|
||
|
1D0000
|
heap
|
page read and write
|
||
|
2352000
|
heap
|
page read and write
|
||
|
446000
|
heap
|
page read and write
|
||
|
CE000
|
heap
|
page read and write
|
||
|
436000
|
heap
|
page read and write
|
||
|
3240000
|
heap
|
page read and write
|
||
|
3DB000
|
heap
|
page read and write
|
||
|
4D0000
|
heap
|
page read and write
|
||
|
2C5E000
|
stack
|
page read and write
|
||
|
20EB000
|
heap
|
page read and write
|
||
|
2C3D000
|
heap
|
page read and write
|
||
|
2680000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
226B000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
654000
|
heap
|
page read and write
|
||
|
3753000
|
heap
|
page read and write
|
||
|
7FEF7537000
|
unkown
|
page readonly
|
||
|
26F8000
|
heap
|
page read and write
|
||
|
14D000
|
heap
|
page read and write
|
||
|
3F6000
|
heap
|
page read and write
|
||
|
180000
|
heap
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
2DBE000
|
stack
|
page read and write
|
||
|
2A0000
|
heap
|
page read and write
|
||
|
44A000
|
heap
|
page read and write
|
||
|
2E0000
|
heap
|
page read and write
|
||
|
37E7000
|
heap
|
page read and write
|
||
|
2B30000
|
heap
|
page read and write
|
||
|
1E8000
|
stack
|
page read and write
|
||
|
2220000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page read and write
|
||
|
27AE000
|
stack
|
page read and write
|
||
|
2AEB000
|
heap
|
page read and write
|
||
|
15A000
|
heap
|
page read and write
|
||
|
49F000
|
heap
|
page read and write
|
||
|
3AA000
|
heap
|
page read and write
|
||
|
214E000
|
stack
|
page read and write
|
||
|
17A000
|
heap
|
page read and write
|
||
|
2210000
|
heap
|
page read and write
|
||
|
170000
|
heap
|
page read and write
|
||
|
18002C000
|
direct allocation
|
page readonly
|
||
|
3753000
|
heap
|
page read and write
|
||
|
40B000
|
heap
|
page read and write
|
||
|
7FEF9D20000
|
unkown
|
page readonly
|
||
|
11A000
|
heap
|
page read and write
|
||
|
2A8E000
|
stack
|
page read and write
|
||
|
299F000
|
stack
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
21CF000
|
stack
|
page read and write
|
||
|
7FEF9D42000
|
unkown
|
page readonly
|
||
|
290C000
|
stack
|
page read and write
|
||
|
43C000
|
heap
|
page read and write
|
||
|
2733000
|
heap
|
page read and write
|
||
|
374A000
|
heap
|
page read and write
|
||
|
2DE000
|
heap
|
page read and write
|
||
|
450000
|
heap
|
page read and write
|
||
|
227B000
|
heap
|
page read and write
|
||
|
180000
|
heap
|
page read and write
|
||
|
24000
|
heap
|
page read and write
|
||
|
4C5000
|
heap
|
page read and write
|
||
|
4AB000
|
heap
|
page read and write
|
||
|
446000
|
heap
|
page read and write
|
||
|
7FEF91B2000
|
unkown
|
page readonly
|
||
|
216B000
|
heap
|
page read and write
|
||
|
278000
|
stack
|
page read and write
|
||
|
406000
|
heap
|
page read and write
|
||
|
1A0000
|
heap
|
page read and write
|
||
|
3C5000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
26F6000
|
heap
|
page read and write
|
||
|
6C0000
|
heap
|
page read and write
|
||
|
15C000
|
heap
|
page read and write
|
||
|
3E1000
|
heap
|
page read and write
|
||
|
7FEF9D4B000
|
unkown
|
page read and write
|
||
|
327000
|
heap
|
page read and write
|
||
|
38E000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
3C7000
|
heap
|
page read and write
|
||
|
7FEF9191000
|
unkown
|
page execute read
|
||
|
2739000
|
heap
|
page read and write
|
||
|
3A3000
|
heap
|
page read and write
|
||
|
2ABD000
|
heap
|
page read and write
|
||
|
382E000
|
heap
|
page read and write
|
||
|
2A80000
|
heap
|
page read and write
|
||
|
1F8000
|
stack
|
page read and write
|
||
|
37E7000
|
heap
|
page read and write
|
||
|
456000
|
heap
|
page read and write
|
||
|
299C000
|
stack
|
page read and write
|
||
|
436000
|
heap
|
page read and write
|
||
|
2733000
|
heap
|
page read and write
|
||
|
183000
|
heap
|
page read and write
|
||
|
356000
|
heap
|
page read and write
|
||
|
13C000
|
stack
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
21CB000
|
heap
|
page read and write
|
||
|
35E000
|
heap
|
page read and write
|
||
|
20B5000
|
heap
|
page read and write
|
||
|
4C6000
|
heap
|
page read and write
|
||
|
2230000
|
heap
|
page read and write
|
||
|
1B6000
|
heap
|
page read and write
|
||
|
2235000
|
heap
|
page read and write
|
||
|
215D000
|
stack
|
page read and write
|
||
|
3E0000
|
heap
|
page read and write
|
||
|
23FF000
|
stack
|
page read and write
|
||
|
3E1000
|
heap
|
page read and write
|
||
|
2DA1000
|
heap
|
page read and write
|
||
|
516000
|
heap
|
page read and write
|
||
|
350000
|
heap
|
page read and write
|
||
|
3744000
|
heap
|
page read and write
|
||
|
520000
|
trusted library allocation
|
page read and write
|
||
|
C0000
|
heap
|
page read and write
|
||
|
2C1B000
|
stack
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
18F000
|
heap
|
page read and write
|
||
|
586000
|
heap
|
page read and write
|
||
|
DC000
|
stack
|
page read and write
|
||
|
2640000
|
heap
|
page read and write
|
||
|
3AC000
|
heap
|
page read and write
|
||
|
260000
|
heap
|
page read and write
|
||
|
210000
|
heap
|
page read and write
|
||
|
170000
|
heap
|
page read and write
|
||
|
3FD000
|
heap
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
438000
|
heap
|
page read and write
|
||
|
374A000
|
heap
|
page read and write
|
||
|
2739000
|
heap
|
page read and write
|
||
|
7FEF91BF000
|
unkown
|
page readonly
|
||
|
2D9E000
|
stack
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
174000
|
heap
|
page read and write
|
||
|
26F6000
|
heap
|
page read and write
|
||
|
200000
|
heap
|
page read and write
|
||
|
272D000
|
heap
|
page read and write
|
||
|
374A000
|
heap
|
page read and write
|
||
|
272D000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
2DA0000
|
heap
|
page read and write
|
||
|
286B000
|
stack
|
page read and write
|
||
|
300000
|
trusted library allocation
|
page read and write
|
||
|
2642000
|
heap
|
page read and write
|
||
|
7FEF9D4F000
|
unkown
|
page readonly
|
||
|
2EEE000
|
stack
|
page read and write
|
||
|
7FEF9D4F000
|
unkown
|
page readonly
|
||
|
2A7000
|
heap
|
page read and write
|
||
|
2000000
|
heap
|
page read and write
|
||
|
2733000
|
heap
|
page read and write
|
||
|
26D7000
|
heap
|
page read and write
|
||
|
3E7000
|
heap
|
page read and write
|
||
|
2A95000
|
heap
|
page read and write
|
||
|
588000
|
heap
|
page read and write
|
||
|
2660000
|
heap
|
page read and write
|
||
|
7FEF7520000
|
unkown
|
page readonly
|
||
|
4D4000
|
heap
|
page read and write
|
||
|
3090000
|
heap
|
page read and write
|
||
|
155000
|
heap
|
page read and write
|
||
|
150000
|
heap
|
page read and write
|
||
|
2C21000
|
heap
|
page read and write
|
||
|
4A7000
|
heap
|
page read and write
|
||
|
2A7C000
|
stack
|
page read and write
|
||
|
191000
|
heap
|
page read and write
|
||
|
5BC000
|
stack
|
page read and write
|
||
|
2246000
|
heap
|
page read and write
|
||
|
2F9E000
|
stack
|
page read and write
|
||
|
5A8000
|
heap
|
page read and write
|
||
|
18002C000
|
direct allocation
|
page readonly
|
||
|
236000
|
heap
|
page read and write
|
||
|
458000
|
heap
|
page read and write
|
||
|
C5F000
|
stack
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
273E000
|
heap
|
page read and write
|
||
|
2080000
|
heap
|
page read and write
|
||
|
209000
|
stack
|
page read and write
|
||
|
411000
|
heap
|
page read and write
|
||
|
37A000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page read and write
|
||
|
3B0000
|
heap
|
page read and write
|
||
|
6C4000
|
heap
|
page read and write
|
||
|
486000
|
heap
|
page read and write
|
||
|
2080000
|
remote allocation
|
page read and write
|
||
|
43C000
|
heap
|
page read and write
|
||
|
5AD000
|
heap
|
page read and write
|
||
|
2C7E000
|
stack
|
page read and write
|
||
|
7FEF7540000
|
unkown
|
page read and write
|
||
|
41A000
|
heap
|
page read and write
|
||
|
2C0000
|
heap
|
page read and write
|
||
|
2240000
|
heap
|
page read and write
|
||
|
2190000
|
heap
|
page read and write
|
||
|
7FEF7521000
|
unkown
|
page execute read
|
||
|
420000
|
heap
|
page read and write
|
||
|
47D000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
BBF000
|
stack
|
page read and write
|
||
|
2200000
|
remote allocation
|
page read and write
|
||
|
2340000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page read and write
|
||
|
478000
|
heap
|
page read and write
|
||
|
326000
|
heap
|
page read and write
|
||
|
2CAF000
|
stack
|
page read and write
|
||
|
12E000
|
heap
|
page read and write
|
||
|
556000
|
heap
|
page read and write
|
||
|
2736000
|
heap
|
page read and write
|
||
|
3740000
|
heap
|
page read and write
|
||
|
30E0000
|
heap
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
3743000
|
heap
|
page read and write
|
||
|
C7000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page read and write
|
||
|
1C0000
|
direct allocation
|
page execute and read and write
|
||
|
7FEF9D21000
|
unkown
|
page execute read
|
||
|
650000
|
heap
|
page read and write
|
||
|
2A90000
|
heap
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
2130000
|
heap
|
page read and write
|
||
|
23FF000
|
stack
|
page read and write
|
||
|
516000
|
heap
|
page read and write
|
||
|
25D000
|
stack
|
page read and write
|
||
|
220B000
|
heap
|
page read and write
|
||
|
2688000
|
heap
|
page read and write
|
||
|
90000
|
heap
|
page read and write
|
||
|
2200000
|
remote allocation
|
page read and write
|
||
|
184000
|
heap
|
page read and write
|
||
|
273E000
|
heap
|
page read and write
|
There are 365 hidden memdumps, click here to show them.