Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
DETAILS 25922194612.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Dream, Last Saved
By: TYHRETH, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date:
Fri May 20 07:48:11 2022, Security: 0
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\1Cb5zOjLgWGDemz55C5[1].dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\T35PENELLOsp[1].dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\4HWP0KQI[1].dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\Jf8[1].dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
downloaded
|
|
|
|
C:\Users\user\Desktop\DETAILS 25922194612.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Dream, Last Saved
By: TYHRETH, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date:
Fri May 20 07:48:11 2022, Security: 0
|
dropped
|
|
|
|
C:\Users\user\uxevr1.ocx
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\uxevr2.ocx
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\uxevr3.ocx
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\uxevr4.ocx
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\System32\Ejpzh\qlDqXeGagKnBKzd.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\System32\FiPeSYwmr\Wuiko.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\System32\KuSAkvGE\rWFJGQNl.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\System32\PLVmoWLosZJQb\bTjwWDTWvnC.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, 61480 bytes, 1 file
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\CabEE4E.tmp
|
Microsoft Cabinet archive data, 61480 bytes, 1 file
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TarEE4F.tmp
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\~DFFD13BCD3EE2F686F.TMP
|
data
|
dropped
|
There are 9 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\uxevr1.ocx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\KuSAkvGE\rWFJGQNl.dll"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\uxevr2.ocx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\Ejpzh\qlDqXeGagKnBKzd.dll"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\uxevr3.ocx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\FiPeSYwmr\Wuiko.dll"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\uxevr4.ocx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\PLVmoWLosZJQb\bTjwWDTWvnC.dll"
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k WerSvcGroup
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://learnviaonline.com/wp-admin/qGb/
|
103.171.181.223
|
|
|
|
http://milanstaffing.com/images/D4TRnDubF/
|
107.189.3.39
|
|
|
|
http://kolejleri.com/wp-admin/REvup/
|
85.114.142.153
|
|
|
|
https://165.22.73.229:8080/.t
|
unknown
|
||
|
https://165.22.73.229:8080/L
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
|
unknown
|
||
|
https://165.22.73.229:8080/h
|
unknown
|
||
|
http://crl.entrust.net/server1.crl0
|
unknown
|
||
|
https://165.22.73.229/l
|
unknown
|
||
|
http://ocsp.entrust.net03
|
unknown
|
||
|
https://165.22.73.229:8080/
|
unknown
|
||
|
https://165.22.73.229/
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
|
unknown
|
||
|
https://165.22.73.229/5v
|
unknown
|
||
|
http://www.diginotar.nl/cps/pkioverheid0
|
unknown
|
||
|
https://165.22.73.229/KP
|
unknown
|
||
|
http://ocsp.entrust.net0D
|
unknown
|
||
|
https://secure.comodo.com/CPS0
|
unknown
|
||
|
https://165.22.73.229/=v
|
unknown
|
||
|
https://165.22.73.229:8080/1o
|
unknown
|
||
|
http://crl.entrust.net/2048ca.crl0
|
unknown
|
There are 11 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
kolejleri.com
|
85.114.142.153
|
|
|
|
milanstaffing.com
|
107.189.3.39
|
||
|
learnviaonline.com
|
103.171.181.223
|
||
|
stainedglassexpress.com
|
66.71.247.68
|
||
|
windowsupdatebg.s.llnwi.net
|
95.140.230.192
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
85.114.142.153
|
kolejleri.com
|
Germany
|
|
|
|
165.22.73.229
|
unknown
|
United States
|
|
|
|
103.171.181.223
|
learnviaonline.com
|
unknown
|
||
|
107.189.3.39
|
milanstaffing.com
|
United States
|
||
|
66.71.247.68
|
stainedglassexpress.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
"|.
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\66C98
|
66C98
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
$4/
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
There are 12 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
2C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
3E0000
|
direct allocation
|
page execute and read and write
|
|
|
|
2C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
150000
|
direct allocation
|
page execute and read and write
|
|
|
|
1D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
300000
|
direct allocation
|
page execute and read and write
|
|
|
|
2D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
220000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
5D4000
|
heap
|
page read and write
|
||
|
476000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
339000
|
heap
|
page read and write
|
||
|
38A000
|
heap
|
page read and write
|
||
|
268E000
|
stack
|
page read and write
|
||
|
2FCE000
|
heap
|
page read and write
|
||
|
39A000
|
heap
|
page read and write
|
||
|
7FEF755F000
|
unkown
|
page readonly
|
||
|
A5F000
|
stack
|
page read and write
|
||
|
2BA0000
|
heap
|
page read and write
|
||
|
24E000
|
heap
|
page read and write
|
||
|
1B0000
|
direct allocation
|
page execute and read and write
|
||
|
464000
|
heap
|
page read and write
|
||
|
280000
|
remote allocation
|
page read and write
|
||
|
18E000
|
heap
|
page read and write
|
||
|
2BA9000
|
heap
|
page read and write
|
||
|
7FEF9D4F000
|
unkown
|
page readonly
|
||
|
3090000
|
heap
|
page read and write
|
||
|
3C8000
|
heap
|
page read and write
|
||
|
247000
|
heap
|
page read and write
|
||
|
3B6000
|
heap
|
page read and write
|
||
|
7FEF9D4B000
|
unkown
|
page read and write
|
||
|
7FEF70EB000
|
unkown
|
page read and write
|
||
|
118000
|
heap
|
page read and write
|
||
|
27F0000
|
heap
|
page read and write
|
||
|
3F4000
|
heap
|
page read and write
|
||
|
35B0000
|
heap
|
page read and write
|
||
|
2BAE000
|
stack
|
page read and write
|
||
|
3701000
|
heap
|
page read and write
|
||
|
41C000
|
heap
|
page read and write
|
||
|
538000
|
heap
|
page read and write
|
||
|
31E000
|
heap
|
page read and write
|
||
|
2E0000
|
heap
|
page read and write
|
||
|
37C5000
|
heap
|
page read and write
|
||
|
2130000
|
heap
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
7FEF70EF000
|
unkown
|
page readonly
|
||
|
21E5000
|
heap
|
page read and write
|
||
|
2EE4000
|
heap
|
page read and write
|
||
|
21A5000
|
heap
|
page read and write
|
||
|
2ACD000
|
heap
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
180030000
|
direct allocation
|
page readonly
|
||
|
4D0000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
7FEF9D20000
|
unkown
|
page readonly
|
||
|
7FEF9D42000
|
unkown
|
page readonly
|
||
|
42A000
|
heap
|
page read and write
|
||
|
29DE000
|
stack
|
page read and write
|
||
|
2B0B000
|
stack
|
page read and write
|
||
|
40E000
|
heap
|
page read and write
|
||
|
2C7B000
|
stack
|
page read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
3D6000
|
heap
|
page read and write
|
||
|
2F44000
|
heap
|
page read and write
|
||
|
4DB000
|
heap
|
page read and write
|
||
|
21DB000
|
heap
|
page read and write
|
||
|
128000
|
heap
|
page read and write
|
||
|
2C8E000
|
stack
|
page read and write
|
||
|
31C000
|
heap
|
page read and write
|
||
|
21CF000
|
stack
|
page read and write
|
||
|
2FB4000
|
heap
|
page read and write
|
||
|
2A60000
|
heap
|
page read and write
|
||
|
504000
|
heap
|
page read and write
|
||
|
343000
|
heap
|
page read and write
|
||
|
1B6000
|
heap
|
page read and write
|
||
|
662000
|
heap
|
page read and write
|
||
|
383000
|
heap
|
page read and write
|
||
|
37E000
|
heap
|
page read and write
|
||
|
2DCE000
|
stack
|
page read and write
|
||
|
28DE000
|
stack
|
page read and write
|
||
|
518000
|
heap
|
page read and write
|
||
|
26BF000
|
stack
|
page read and write
|
||
|
3DF000
|
heap
|
page read and write
|
||
|
291F000
|
heap
|
page read and write
|
||
|
440000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
44B000
|
heap
|
page read and write
|
||
|
2F9F000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2C6000
|
heap
|
page read and write
|
||
|
2D8F000
|
stack
|
page read and write
|
||
|
2FE000
|
heap
|
page read and write
|
||
|
2D3000
|
heap
|
page read and write
|
||
|
2135000
|
heap
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
2382000
|
heap
|
page read and write
|
||
|
399000
|
heap
|
page read and write
|
||
|
377C000
|
heap
|
page read and write
|
||
|
2F6B000
|
heap
|
page read and write
|
||
|
330000
|
heap
|
page read and write
|
||
|
1F0000
|
trusted library allocation
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
2380000
|
heap
|
page read and write
|
||
|
20C5000
|
heap
|
page read and write
|
||
|
354000
|
heap
|
page read and write
|
||
|
2FB4000
|
heap
|
page read and write
|
||
|
180030000
|
direct allocation
|
page readonly
|
||
|
3736000
|
heap
|
page read and write
|
||
|
2B60000
|
heap
|
page read and write
|
||
|
37C5000
|
heap
|
page read and write
|
||
|
22EF000
|
stack
|
page read and write
|
||
|
2C0000
|
heap
|
page read and write
|
||
|
7FEF74F2000
|
unkown
|
page readonly
|
||
|
7FEF9D21000
|
unkown
|
page execute read
|
||
|
2F31000
|
heap
|
page read and write
|
||
|
419000
|
heap
|
page read and write
|
||
|
350000
|
heap
|
page read and write
|
||
|
2D5E000
|
stack
|
page read and write
|
||
|
21E0000
|
heap
|
page read and write
|
||
|
2F99000
|
heap
|
page read and write
|
||
|
6D5000
|
heap
|
page read and write
|
||
|
4D1000
|
heap
|
page read and write
|
||
|
7FEF755F000
|
unkown
|
page readonly
|
||
|
393000
|
heap
|
page read and write
|
||
|
B8000
|
stack
|
page read and write
|
||
|
46C000
|
heap
|
page read and write
|
||
|
2130000
|
heap
|
page read and write
|
||
|
324000
|
heap
|
page read and write
|
||
|
2EEE000
|
stack
|
page read and write
|
||
|
16B000
|
heap
|
page read and write
|
||
|
2D92000
|
heap
|
page read and write
|
||
|
6B4000
|
heap
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
120000
|
heap
|
page read and write
|
||
|
220000
|
trusted library allocation
|
page read and write
|
||
|
180030000
|
direct allocation
|
page readonly
|
||
|
243F000
|
stack
|
page read and write
|
||
|
158000
|
stack
|
page read and write
|
||
|
157000
|
heap
|
page read and write
|
||
|
377E000
|
heap
|
page read and write
|
||
|
383000
|
heap
|
page read and write
|
||
|
2CDF000
|
unkown
|
page read and write
|
||
|
2D9F000
|
heap
|
page read and write
|
||
|
2D30000
|
heap
|
page read and write
|
||
|
246000
|
heap
|
page read and write
|
||
|
140000
|
direct allocation
|
page execute and read and write
|
||
|
22FB000
|
stack
|
page read and write
|
||
|
5F4000
|
heap
|
page read and write
|
||
|
2DA000
|
heap
|
page read and write
|
||
|
337000
|
heap
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
2F9F000
|
heap
|
page read and write
|
||
|
180030000
|
direct allocation
|
page readonly
|
||
|
2FA7000
|
heap
|
page read and write
|
||
|
466000
|
heap
|
page read and write
|
||
|
625000
|
heap
|
page read and write
|
||
|
2FCE000
|
heap
|
page read and write
|
||
|
640000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
534000
|
heap
|
page read and write
|
||
|
2135000
|
heap
|
page read and write
|
||
|
233E000
|
stack
|
page read and write
|
||
|
3ED000
|
heap
|
page read and write
|
||
|
E0000
|
heap
|
page read and write
|
||
|
7FEF70C0000
|
unkown
|
page readonly
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
2EF0000
|
heap
|
page read and write
|
||
|
3C5000
|
heap
|
page read and write
|
||
|
518000
|
heap
|
page read and write
|
||
|
7FEF70E2000
|
unkown
|
page readonly
|
||
|
3D8000
|
heap
|
page read and write
|
||
|
28E0000
|
heap
|
page read and write
|
||
|
7FEF755B000
|
unkown
|
page read and write
|
||
|
210000
|
heap
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page read and write
|
||
|
2DBB000
|
heap
|
page read and write
|
||
|
276D000
|
stack
|
page read and write
|
||
|
2F9F000
|
heap
|
page read and write
|
||
|
2FAA000
|
heap
|
page read and write
|
||
|
2CC0000
|
heap
|
page read and write
|
||
|
2B1C000
|
stack
|
page read and write
|
||
|
36F000
|
heap
|
page read and write
|
||
|
258000
|
heap
|
page read and write
|
||
|
2EE8000
|
heap
|
page read and write
|
||
|
215000
|
heap
|
page read and write
|
||
|
138000
|
stack
|
page read and write
|
||
|
2EE0000
|
heap
|
page read and write
|
||
|
225000
|
heap
|
page read and write
|
||
|
224F000
|
stack
|
page read and write
|
||
|
22FF000
|
stack
|
page read and write
|
||
|
27EE000
|
stack
|
page read and write
|
||
|
262000
|
heap
|
page read and write
|
||
|
7FEF70C1000
|
unkown
|
page execute read
|
||
|
7FEF7552000
|
unkown
|
page readonly
|
||
|
660000
|
heap
|
page read and write
|
||
|
130000
|
direct allocation
|
page execute and read and write
|
||
|
2EF9000
|
heap
|
page read and write
|
||
|
21F0000
|
heap
|
page read and write
|
||
|
170000
|
heap
|
page read and write
|
||
|
433000
|
heap
|
page read and write
|
||
|
2FB4000
|
heap
|
page read and write
|
||
|
198000
|
stack
|
page read and write
|
||
|
2A4B000
|
stack
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
280000
|
heap
|
page read and write
|
||
|
377C000
|
heap
|
page read and write
|
||
|
43B000
|
heap
|
page read and write
|
||
|
13D000
|
heap
|
page read and write
|
||
|
377E000
|
heap
|
page read and write
|
||
|
4B2000
|
heap
|
page read and write
|
||
|
144000
|
heap
|
page read and write
|
||
|
2BCC000
|
stack
|
page read and write
|
||
|
2B9E000
|
stack
|
page read and write
|
||
|
2F9F000
|
heap
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
7FEF7530000
|
unkown
|
page readonly
|
||
|
2FBD000
|
heap
|
page read and write
|
||
|
346000
|
heap
|
page read and write
|
||
|
7FEF7552000
|
unkown
|
page readonly
|
||
|
31C000
|
heap
|
page read and write
|
||
|
31E000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
576000
|
heap
|
page read and write
|
||
|
37C000
|
heap
|
page read and write
|
||
|
180030000
|
direct allocation
|
page readonly
|
||
|
7FEF7530000
|
unkown
|
page readonly
|
||
|
5F0000
|
remote allocation
|
page read and write
|
||
|
166000
|
heap
|
page read and write
|
||
|
35C0000
|
heap
|
page read and write
|
||
|
2310000
|
heap
|
page read and write
|
||
|
2E60000
|
heap
|
page read and write
|
||
|
3A0000
|
heap
|
page read and write
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
268000
|
stack
|
page read and write
|
||
|
339000
|
heap
|
page read and write
|
||
|
764000
|
heap
|
page read and write
|
||
|
7FEF74D1000
|
unkown
|
page execute read
|
||
|
2F0000
|
heap
|
page read and write
|
||
|
3E9000
|
heap
|
page read and write
|
||
|
3E0000
|
heap
|
page read and write
|
||
|
2A4C000
|
stack
|
page read and write
|
||
|
7FEF74D0000
|
unkown
|
page readonly
|
||
|
280000
|
remote allocation
|
page read and write
|
||
|
22FC000
|
stack
|
page read and write
|
||
|
7FEF9D21000
|
unkown
|
page execute read
|
||
|
10000
|
heap
|
page read and write
|
||
|
2C0000
|
direct allocation
|
page execute and read and write
|
||
|
210000
|
heap
|
page read and write
|
||
|
270000
|
remote allocation
|
page read and write
|
||
|
2F2000
|
heap
|
page read and write
|
||
|
516000
|
heap
|
page read and write
|
||
|
2B0000
|
direct allocation
|
page execute and read and write
|
||
|
5F0000
|
remote allocation
|
page read and write
|
||
|
1E5000
|
heap
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page read and write
|
||
|
2C0000
|
heap
|
page read and write
|
||
|
2809000
|
heap
|
page read and write
|
||
|
216B000
|
heap
|
page read and write
|
||
|
310000
|
heap
|
page read and write
|
||
|
CD000
|
stack
|
page read and write
|
||
|
470000
|
heap
|
page read and write
|
||
|
2710000
|
heap
|
page read and write
|
||
|
2D6B000
|
stack
|
page read and write
|
||
|
460000
|
heap
|
page read and write
|
||
|
6AE000
|
stack
|
page read and write
|
||
|
7FEF74FF000
|
unkown
|
page readonly
|
||
|
15D000
|
heap
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
2CE4000
|
heap
|
page read and write
|
||
|
40E000
|
heap
|
page read and write
|
||
|
7FEF70EF000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
270000
|
remote allocation
|
page read and write
|
||
|
32E000
|
heap
|
page read and write
|
||
|
27EE000
|
stack
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
394000
|
heap
|
page read and write
|
||
|
128000
|
stack
|
page read and write
|
||
|
29F9000
|
heap
|
page read and write
|
||
|
3F6000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
7FEF9D42000
|
unkown
|
page readonly
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
2FB4000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2E40000
|
heap
|
page read and write
|
||
|
216B000
|
heap
|
page read and write
|
||
|
346000
|
heap
|
page read and write
|
||
|
59D000
|
heap
|
page read and write
|
||
|
316000
|
heap
|
page read and write
|
||
|
324000
|
heap
|
page read and write
|
||
|
680000
|
heap
|
page read and write
|
||
|
7FEF7531000
|
unkown
|
page execute read
|
||
|
3700000
|
heap
|
page read and write
|
||
|
2B0000
|
heap
|
page read and write
|
||
|
272D000
|
stack
|
page read and write
|
||
|
528000
|
heap
|
page read and write
|
||
|
4C3000
|
heap
|
page read and write
|
||
|
2CF9000
|
heap
|
page read and write
|
||
|
127000
|
heap
|
page read and write
|
||
|
7FEF70EB000
|
unkown
|
page read and write
|
||
|
223F000
|
stack
|
page read and write
|
||
|
3EC000
|
heap
|
page read and write
|
||
|
1AA000
|
heap
|
page read and write
|
||
|
3FB000
|
heap
|
page read and write
|
||
|
7FEF755B000
|
unkown
|
page read and write
|
||
|
354000
|
heap
|
page read and write
|
||
|
140000
|
direct allocation
|
page execute and read and write
|
||
|
1A0000
|
heap
|
page read and write
|
||
|
2E5F000
|
stack
|
page read and write
|
||
|
21F5000
|
heap
|
page read and write
|
||
|
2D86000
|
heap
|
page read and write
|
||
|
41E000
|
heap
|
page read and write
|
||
|
3090000
|
heap
|
page read and write
|
||
|
180030000
|
direct allocation
|
page readonly
|
||
|
43A000
|
heap
|
page read and write
|
||
|
3757000
|
heap
|
page read and write
|
||
|
546000
|
heap
|
page read and write
|
||
|
36E000
|
heap
|
page read and write
|
||
|
3B9000
|
heap
|
page read and write
|
||
|
2FCF000
|
heap
|
page read and write
|
||
|
222D000
|
stack
|
page read and write
|
||
|
2CAF000
|
stack
|
page read and write
|
||
|
23B0000
|
heap
|
page read and write
|
||
|
2FAA000
|
heap
|
page read and write
|
||
|
2D8E000
|
stack
|
page read and write
|
||
|
23B000
|
heap
|
page read and write
|
||
|
33D000
|
heap
|
page read and write
|
||
|
7FEF70C1000
|
unkown
|
page execute read
|
||
|
222B000
|
heap
|
page read and write
|
||
|
2D32000
|
heap
|
page read and write
|
||
|
295F000
|
stack
|
page read and write
|
||
|
2D32000
|
heap
|
page read and write
|
||
|
2FA2000
|
heap
|
page read and write
|
||
|
180000
|
heap
|
page read and write
|
||
|
2B6C000
|
stack
|
page read and write
|
||
|
245000
|
heap
|
page read and write
|
||
|
3290000
|
heap
|
page read and write
|
||
|
3492000
|
heap
|
page read and write
|
||
|
348F000
|
unkown
|
page read and write
|
||
|
7FEF74F2000
|
unkown
|
page readonly
|
||
|
340000
|
heap
|
page read and write
|
||
|
1CA000
|
heap
|
page read and write
|
||
|
29F0000
|
heap
|
page read and write
|
||
|
3E7000
|
heap
|
page read and write
|
||
|
2780000
|
heap
|
page read and write
|
||
|
3F0000
|
heap
|
page read and write
|
||
|
343000
|
heap
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page read and write
|
||
|
27F9000
|
heap
|
page read and write
|
||
|
516000
|
heap
|
page read and write
|
||
|
29F0000
|
heap
|
page read and write
|
||
|
2360000
|
heap
|
page read and write
|
||
|
7FEF7531000
|
unkown
|
page execute read
|
||
|
36E000
|
heap
|
page read and write
|
||
|
385000
|
heap
|
page read and write
|
||
|
2FAA000
|
heap
|
page read and write
|
||
|
4F6000
|
heap
|
page read and write
|
||
|
320000
|
trusted library allocation
|
page read and write
|
||
|
180030000
|
direct allocation
|
page readonly
|
||
|
287000
|
heap
|
page read and write
|
||
|
2730000
|
heap
|
page read and write
|
||
|
4DC000
|
stack
|
page read and write
|
||
|
2FAE000
|
heap
|
page read and write
|
||
|
47C000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
3490000
|
heap
|
page read and write
|
||
|
1C3000
|
heap
|
page read and write
|
||
|
2AB1000
|
heap
|
page read and write
|
||
|
3E3000
|
heap
|
page read and write
|
||
|
7FEF74FF000
|
unkown
|
page readonly
|
||
|
2A2F000
|
heap
|
page read and write
|
||
|
37A5000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
25EE000
|
stack
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
598000
|
heap
|
page read and write
|
||
|
35C000
|
heap
|
page read and write
|
||
|
4A2000
|
heap
|
page read and write
|
||
|
33D000
|
heap
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
2F99000
|
heap
|
page read and write
|
||
|
150000
|
heap
|
page read and write
|
||
|
51D000
|
heap
|
page read and write
|
||
|
380000
|
heap
|
page read and write
|
||
|
208000
|
heap
|
page read and write
|
||
|
2CC8000
|
heap
|
page read and write
|
||
|
2FAA000
|
heap
|
page read and write
|
||
|
310000
|
trusted library allocation
|
page read and write
|
||
|
313000
|
heap
|
page read and write
|
||
|
34B0000
|
heap
|
page read and write
|
||
|
37A5000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
292E000
|
stack
|
page read and write
|
||
|
5EE000
|
stack
|
page read and write
|
||
|
2B4000
|
heap
|
page read and write
|
||
|
4F8000
|
heap
|
page read and write
|
||
|
3140000
|
heap
|
page read and write
|
||
|
3F8000
|
heap
|
page read and write
|
||
|
2D34000
|
heap
|
page read and write
|
||
|
588000
|
heap
|
page read and write
|
||
|
20FB000
|
heap
|
page read and write
|
||
|
7FEF70C0000
|
unkown
|
page readonly
|
||
|
7FEF70E2000
|
unkown
|
page readonly
|
||
|
310000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
4BF000
|
heap
|
page read and write
|
||
|
47E000
|
heap
|
page read and write
|
||
|
2D88000
|
heap
|
page read and write
|
||
|
4D6000
|
heap
|
page read and write
|
||
|
337000
|
heap
|
page read and write
|
||
|
22CF000
|
stack
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page read and write
|
||
|
2FAE000
|
heap
|
page read and write
|
||
|
2800000
|
heap
|
page read and write
|
||
|
7FEF74D0000
|
unkown
|
page readonly
|
||
|
138000
|
heap
|
page read and write
|
||
|
328000
|
heap
|
page read and write
|
||
|
2290000
|
heap
|
page read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
282F000
|
heap
|
page read and write
|
||
|
140000
|
heap
|
page read and write
|
||
|
31A000
|
heap
|
page read and write
|
||
|
370F000
|
heap
|
page read and write
|
||
|
361000
|
heap
|
page read and write
|
||
|
7EFE0000
|
unkown
|
page readonly
|
||
|
70B000
|
heap
|
page read and write
|
||
|
405000
|
heap
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page read and write
|
||
|
2AB0000
|
heap
|
page read and write
|
||
|
3F8000
|
heap
|
page read and write
|
||
|
67F000
|
stack
|
page read and write
|
||
|
7FEF74FB000
|
unkown
|
page read and write
|
||
|
2FAE000
|
heap
|
page read and write
|
||
|
7FEF9D20000
|
unkown
|
page readonly
|
||
|
4D4000
|
heap
|
page read and write
|
||
|
30C000
|
heap
|
page read and write
|
||
|
23AF000
|
stack
|
page read and write
|
||
|
410000
|
heap
|
page read and write
|
||
|
208000
|
stack
|
page read and write
|
||
|
2C7000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
10000
|
heap
|
page read and write
|
||
|
2BE000
|
heap
|
page read and write
|
||
|
221B000
|
heap
|
page read and write
|
||
|
7FEF9D4F000
|
unkown
|
page readonly
|
||
|
508000
|
heap
|
page read and write
|
||
|
3ED000
|
heap
|
page read and write
|
||
|
4A0000
|
heap
|
page read and write
|
||
|
7FEF74FB000
|
unkown
|
page read and write
|
||
|
650000
|
remote allocation
|
page read and write
|
||
|
1C0000
|
direct allocation
|
page execute and read and write
|
||
|
23A0000
|
heap
|
page read and write
|
||
|
177000
|
heap
|
page read and write
|
||
|
484000
|
heap
|
page read and write
|
||
|
2BC7000
|
heap
|
page read and write
|
||
|
271F000
|
stack
|
page read and write
|
||
|
347000
|
heap
|
page read and write
|
||
|
38A000
|
heap
|
page read and write
|
||
|
2B0000
|
direct allocation
|
page execute and read and write
|
||
|
1E5000
|
heap
|
page read and write
|
||
|
330000
|
heap
|
page read and write
|
||
|
415000
|
heap
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
7FEF74D1000
|
unkown
|
page execute read
|
||
|
228000
|
heap
|
page read and write
|
||
|
34E6000
|
heap
|
page read and write
|
||
|
578000
|
heap
|
page read and write
|
||
|
32E000
|
heap
|
page read and write
|
||
|
2FAE000
|
heap
|
page read and write
|
||
|
1D6000
|
heap
|
page read and write
|
||
|
36D000
|
heap
|
page read and write
|
||
|
28E9000
|
heap
|
page read and write
|
||
|
34E8000
|
heap
|
page read and write
|
||
|
283F000
|
heap
|
page read and write
|
||
|
53D000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
650000
|
remote allocation
|
page read and write
|
||
|
1A3000
|
heap
|
page read and write
|
||
|
2FCD000
|
heap
|
page read and write
|
||
|
290000
|
heap
|
page read and write
|
||
|
266000
|
heap
|
page read and write
|
||
|
D8000
|
stack
|
page read and write
|
||
|
60F000
|
stack
|
page read and write
|
||
|
94000
|
heap
|
page read and write
|
||
|
361000
|
heap
|
page read and write
|
||
|
7FEF9D4B000
|
unkown
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page read and write
|
||
|
2C9F000
|
stack
|
page read and write
|
||
|
2C4000
|
heap
|
page read and write
|
||
|
390000
|
heap
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page read and write
|
||
|
90000
|
heap
|
page read and write
|
||
|
2FAE000
|
heap
|
page read and write
|
||
|
2C40000
|
heap
|
page read and write
|
||
|
21A0000
|
heap
|
page read and write
|
||
|
2FB4000
|
heap
|
page read and write
|
||
|
2850000
|
heap
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
2D50000
|
heap
|
page read and write
|
||
|
2F99000
|
heap
|
page read and write
|
||
|
684000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
6B0000
|
heap
|
page read and write
|
||
|
180030000
|
direct allocation
|
page readonly
|
||
|
20C0000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
2362000
|
heap
|
page read and write
|
||
|
116000
|
heap
|
page read and write
|
||
|
368000
|
heap
|
page read and write
|
||
|
1AE000
|
heap
|
page read and write
|
||
|
2BCC000
|
heap
|
page read and write
|
There are 514 hidden memdumps, click here to show them.