Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Datei_26744565.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Dream, Last Saved
By: TYHRETH, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date:
Fri May 20 07:48:11 2022, Security: 0
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\1Cb5zOjLgWGDemz55C5[1].dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\T35PENELLOsp[1].dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\4HWP0KQI[1].dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\Jf8[1].dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
downloaded
|
|
|
|
C:\Users\user\Desktop\Datei_26744565.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Dream, Last Saved
By: TYHRETH, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date:
Fri May 20 07:48:11 2022, Security: 0
|
dropped
|
|
|
|
C:\Users\user\uxevr1.ocx
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\uxevr2.ocx
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\uxevr3.ocx
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\uxevr4.ocx
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\System32\AnDDvm\lwQjfM.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\System32\IvkabqgmpEJ\fEKh.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\System32\MreGm\Zazriwdkuo.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\System32\RrQZitdNyvCFEhe\pDnxsvRJXW.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, 61480 bytes, 1 file
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\CabE354.tmp
|
Microsoft Cabinet archive data, 61480 bytes, 1 file
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TarE355.tmp
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\~DF510C5EA216433379.TMP
|
data
|
dropped
|
There are 9 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\uxevr1.ocx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\RrQZitdNyvCFEhe\pDnxsvRJXW.dll"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\uxevr2.ocx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\MreGm\Zazriwdkuo.dll"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\uxevr3.ocx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\AnDDvm\lwQjfM.dll"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\uxevr4.ocx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\IvkabqgmpEJ\fEKh.dll"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://learnviaonline.com/wp-admin/qGb/
|
103.171.181.223
|
|
|
|
http://milanstaffing.com/images/D4TRnDubF/
|
107.189.3.39
|
|
|
|
http://kolejleri.com/wp-admin/REvup/
|
85.114.142.153
|
|
|
|
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
|
unknown
|
||
|
http://ocsp.comodoc
|
unknown
|
||
|
http://crl.entrust.net/server1.crl0
|
unknown
|
||
|
http://ocsp.entrust.net03
|
unknown
|
||
|
https://165.22.73.229:8080/
|
unknown
|
||
|
https://165.22.73.229/
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
|
unknown
|
||
|
https://165.22.73.229/E&
|
unknown
|
||
|
https://secure.comodo.co
|
unknown
|
||
|
http://www.diginotar.nl/cps/pkioverheid0
|
unknown
|
||
|
http://crl.com
|
unknown
|
||
|
http://ocsp.entrust.net0D
|
unknown
|
||
|
https://secure.comodo.com/CPS0
|
unknown
|
||
|
https://165.22.73.229:8080/4
|
unknown
|
||
|
http://crl.entrust.net/2048ca.crl0
|
unknown
|
||
|
https://165.22.73.229:8080/0
|
unknown
|
||
|
https://165.22.73.229/d
|
unknown
|
There are 10 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
kolejleri.com
|
85.114.142.153
|
|
|
|
milanstaffing.com
|
107.189.3.39
|
||
|
learnviaonline.com
|
103.171.181.223
|
||
|
stainedglassexpress.com
|
66.71.247.68
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
85.114.142.153
|
kolejleri.com
|
Germany
|
|
|
|
165.22.73.229
|
unknown
|
United States
|
|
|
|
103.171.181.223
|
learnviaonline.com
|
unknown
|
||
|
107.189.3.39
|
milanstaffing.com
|
United States
|
||
|
66.71.247.68
|
stainedglassexpress.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
;r,
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\65B2A
|
65B2A
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
lj,
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
There are 12 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1FE0000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
1C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
2E0000
|
direct allocation
|
page execute and read and write
|
|
|
|
3C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
4F0000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
450000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
3C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
3C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
2EF2000
|
heap
|
page read and write
|
||
|
160000
|
heap
|
page read and write
|
||
|
2E7E000
|
heap
|
page read and write
|
||
|
217B000
|
heap
|
page read and write
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
1F3000
|
heap
|
page read and write
|
||
|
2B3E000
|
stack
|
page read and write
|
||
|
2F30000
|
heap
|
page read and write
|
||
|
1B6000
|
heap
|
page read and write
|
||
|
7FEF70E2000
|
unkown
|
page readonly
|
||
|
353E000
|
heap
|
page read and write
|
||
|
478000
|
heap
|
page read and write
|
||
|
7FEF9D4F000
|
unkown
|
page readonly
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
430000
|
heap
|
page read and write
|
||
|
300F000
|
heap
|
page read and write
|
||
|
256000
|
heap
|
page read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
70000
|
heap
|
page read and write
|
||
|
232F000
|
stack
|
page read and write
|
||
|
7FEF9D21000
|
unkown
|
page execute read
|
||
|
1BA000
|
heap
|
page read and write
|
||
|
7FEF7082000
|
unkown
|
page readonly
|
||
|
23E000
|
heap
|
page read and write
|
||
|
270D000
|
stack
|
page read and write
|
||
|
21E000
|
heap
|
page read and write
|
||
|
450000
|
heap
|
page read and write
|
||
|
211B000
|
heap
|
page read and write
|
||
|
466000
|
heap
|
page read and write
|
||
|
20E0000
|
heap
|
page read and write
|
||
|
2F3A000
|
heap
|
page read and write
|
||
|
5CF000
|
stack
|
page read and write
|
||
|
1A8000
|
stack
|
page read and write
|
||
|
2F3A000
|
heap
|
page read and write
|
||
|
211B000
|
heap
|
page read and write
|
||
|
434000
|
heap
|
page read and write
|
||
|
2ACE000
|
stack
|
page read and write
|
||
|
2020000
|
remote allocation
|
page read and write
|
||
|
3F0000
|
heap
|
page read and write
|
||
|
2D2000
|
heap
|
page read and write
|
||
|
7FEF74F1000
|
unkown
|
page execute read
|
||
|
7FEF70EB000
|
unkown
|
page read and write
|
||
|
2CC000
|
heap
|
page read and write
|
||
|
2262000
|
heap
|
page read and write
|
||
|
314000
|
heap
|
page read and write
|
||
|
2080000
|
remote allocation
|
page read and write
|
||
|
2310000
|
heap
|
page read and write
|
||
|
2E10000
|
heap
|
page read and write
|
||
|
3B4000
|
heap
|
page read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
280000
|
heap
|
page read and write
|
||
|
353E000
|
heap
|
page read and write
|
||
|
34F6000
|
heap
|
page read and write
|
||
|
2F5B000
|
heap
|
page read and write
|
||
|
425000
|
heap
|
page read and write
|
||
|
416000
|
heap
|
page read and write
|
||
|
1A0000
|
heap
|
page read and write
|
||
|
1DE000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
1B0000
|
direct allocation
|
page execute and read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
320000
|
heap
|
page read and write
|
||
|
310000
|
heap
|
page read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
476000
|
heap
|
page read and write
|
||
|
2F2B000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
31D0000
|
heap
|
page read and write
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
4B0000
|
heap
|
page read and write
|
||
|
23BF000
|
stack
|
page read and write
|
||
|
3585000
|
heap
|
page read and write
|
||
|
277E000
|
stack
|
page read and write
|
||
|
77000
|
heap
|
page read and write
|
||
|
1D3000
|
heap
|
page read and write
|
||
|
23C000
|
heap
|
page read and write
|
||
|
360000
|
remote allocation
|
page read and write
|
||
|
2F60000
|
heap
|
page read and write
|
||
|
24B000
|
heap
|
page read and write
|
||
|
2F45000
|
heap
|
page read and write
|
||
|
283000
|
heap
|
page read and write
|
||
|
2F32000
|
heap
|
page read and write
|
||
|
22EF000
|
stack
|
page read and write
|
||
|
5D4000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
2EFA000
|
heap
|
page read and write
|
||
|
1FC000
|
heap
|
page read and write
|
||
|
2CE000
|
heap
|
page read and write
|
||
|
28EB000
|
stack
|
page read and write
|
||
|
230D000
|
stack
|
page read and write
|
||
|
2F40000
|
heap
|
page read and write
|
||
|
180030000
|
direct allocation
|
page readonly
|
||
|
3564000
|
heap
|
page read and write
|
||
|
20C5000
|
heap
|
page read and write
|
||
|
2F3A000
|
heap
|
page read and write
|
||
|
22E2000
|
heap
|
page read and write
|
||
|
4F8000
|
heap
|
page read and write
|
||
|
2F3C000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
2300000
|
heap
|
page read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
26E000
|
heap
|
page read and write
|
||
|
23A000
|
heap
|
page read and write
|
||
|
29FE000
|
stack
|
page read and write
|
||
|
20AF000
|
stack
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page read and write
|
||
|
2B4F000
|
stack
|
page read and write
|
||
|
AE000
|
heap
|
page read and write
|
||
|
7FEF70EF000
|
unkown
|
page readonly
|
||
|
277000
|
heap
|
page read and write
|
||
|
3B0000
|
direct allocation
|
page execute and read and write
|
||
|
2F3C000
|
heap
|
page read and write
|
||
|
316000
|
heap
|
page read and write
|
||
|
2F3B000
|
heap
|
page read and write
|
||
|
7FEF70C0000
|
unkown
|
page readonly
|
||
|
1A0000
|
heap
|
page read and write
|
||
|
24AF000
|
stack
|
page read and write
|
||
|
2F00000
|
heap
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
20E5000
|
heap
|
page read and write
|
||
|
27C000
|
heap
|
page read and write
|
||
|
2F0000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2E4000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
51D000
|
heap
|
page read and write
|
||
|
28D0000
|
heap
|
page read and write
|
||
|
30B000
|
heap
|
page read and write
|
||
|
410000
|
heap
|
page read and write
|
||
|
26FF000
|
stack
|
page read and write
|
||
|
28F000
|
heap
|
page read and write
|
||
|
518000
|
heap
|
page read and write
|
||
|
7FEF7060000
|
unkown
|
page readonly
|
||
|
18002F000
|
direct allocation
|
page read and write
|
||
|
360000
|
remote allocation
|
page read and write
|
||
|
2F07000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
2420000
|
heap
|
page read and write
|
||
|
225000
|
heap
|
page read and write
|
||
|
20E0000
|
heap
|
page read and write
|
||
|
1BE000
|
heap
|
page read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
55B000
|
heap
|
page read and write
|
||
|
2090000
|
remote allocation
|
page read and write
|
||
|
15A000
|
heap
|
page read and write
|
||
|
2F76000
|
heap
|
page read and write
|
||
|
2860000
|
heap
|
page read and write
|
||
|
3F6000
|
heap
|
page read and write
|
||
|
2B0000
|
direct allocation
|
page execute and read and write
|
||
|
2D0000
|
heap
|
page read and write
|
||
|
213000
|
heap
|
page read and write
|
||
|
167000
|
heap
|
page read and write
|
||
|
454000
|
heap
|
page read and write
|
||
|
210B000
|
heap
|
page read and write
|
||
|
7FEF9D20000
|
unkown
|
page readonly
|
||
|
220B000
|
stack
|
page read and write
|
||
|
2F3C000
|
heap
|
page read and write
|
||
|
23CF000
|
stack
|
page read and write
|
||
|
180030000
|
direct allocation
|
page readonly
|
||
|
2F40000
|
heap
|
page read and write
|
||
|
2EFF000
|
heap
|
page read and write
|
||
|
22C000
|
heap
|
page read and write
|
||
|
210000
|
trusted library allocation
|
page read and write
|
||
|
1B8000
|
stack
|
page read and write
|
||
|
2850000
|
heap
|
page read and write
|
||
|
28F0000
|
heap
|
page read and write
|
||
|
180030000
|
direct allocation
|
page readonly
|
||
|
10000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
440000
|
heap
|
page read and write
|
||
|
496000
|
heap
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page read and write
|
||
|
28A000
|
heap
|
page read and write
|
||
|
7FEF751F000
|
unkown
|
page readonly
|
||
|
2C0E000
|
stack
|
page read and write
|
||
|
2920000
|
heap
|
page read and write
|
||
|
2B6000
|
heap
|
page read and write
|
||
|
488000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
280000
|
heap
|
page read and write
|
||
|
110000
|
heap
|
page read and write
|
||
|
2C0000
|
direct allocation
|
page execute and read and write
|
||
|
2090000
|
remote allocation
|
page read and write
|
||
|
2CBF000
|
stack
|
page read and write
|
||
|
2EF2000
|
heap
|
page read and write
|
||
|
7FEF7061000
|
unkown
|
page execute read
|
||
|
A9000
|
stack
|
page read and write
|
||
|
32A000
|
heap
|
page read and write
|
||
|
3040000
|
heap
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
2F57000
|
heap
|
page read and write
|
||
|
254000
|
heap
|
page read and write
|
||
|
2C7E000
|
stack
|
page read and write
|
||
|
2145000
|
heap
|
page read and write
|
||
|
456000
|
heap
|
page read and write
|
||
|
20D5000
|
heap
|
page read and write
|
||
|
128000
|
stack
|
page read and write
|
||
|
225C000
|
stack
|
page read and write
|
||
|
2D6000
|
heap
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
2AF000
|
heap
|
page read and write
|
||
|
291000
|
heap
|
page read and write
|
||
|
1E9000
|
stack
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
49D000
|
heap
|
page read and write
|
||
|
2B20000
|
heap
|
page read and write
|
||
|
7FEF74F1000
|
unkown
|
page execute read
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
28F000
|
heap
|
page read and write
|
||
|
20FB000
|
heap
|
page read and write
|
||
|
14E000
|
heap
|
page read and write
|
||
|
245000
|
heap
|
page read and write
|
||
|
2EEB000
|
heap
|
page read and write
|
||
|
2F3C000
|
heap
|
page read and write
|
||
|
7FEF708B000
|
unkown
|
page read and write
|
||
|
5D4000
|
heap
|
page read and write
|
||
|
2BD000
|
heap
|
page read and write
|
||
|
180030000
|
direct allocation
|
page readonly
|
||
|
29A0000
|
heap
|
page read and write
|
||
|
7FEF70C1000
|
unkown
|
page execute read
|
||
|
10000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
2140000
|
heap
|
page read and write
|
||
|
34C1000
|
heap
|
page read and write
|
||
|
7FEF751B000
|
unkown
|
page read and write
|
||
|
3B0000
|
direct allocation
|
page execute and read and write
|
||
|
1A7000
|
heap
|
page read and write
|
||
|
4B8000
|
heap
|
page read and write
|
||
|
124000
|
heap
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
117000
|
heap
|
page read and write
|
||
|
2C3E000
|
stack
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
4A8000
|
heap
|
page read and write
|
||
|
249000
|
heap
|
page read and write
|
||
|
26CD000
|
stack
|
page read and write
|
||
|
10C000
|
heap
|
page read and write
|
||
|
2260000
|
heap
|
page read and write
|
||
|
1FE000
|
heap
|
page read and write
|
||
|
34B1000
|
heap
|
page read and write
|
||
|
187000
|
heap
|
page read and write
|
||
|
7FEF751B000
|
unkown
|
page read and write
|
||
|
2F40000
|
heap
|
page read and write
|
||
|
63E000
|
heap
|
page read and write
|
||
|
258F000
|
stack
|
page read and write
|
||
|
3D5000
|
heap
|
page read and write
|
||
|
22BE000
|
stack
|
page read and write
|
||
|
434000
|
heap
|
page read and write
|
||
|
7FEF9D42000
|
unkown
|
page readonly
|
||
|
286000
|
heap
|
page read and write
|
||
|
498000
|
heap
|
page read and write
|
||
|
7FEF708F000
|
unkown
|
page readonly
|
||
|
48D000
|
heap
|
page read and write
|
||
|
287000
|
heap
|
page read and write
|
||
|
21C5000
|
heap
|
page read and write
|
||
|
624000
|
heap
|
page read and write
|
||
|
525000
|
heap
|
page read and write
|
||
|
2DC000
|
heap
|
page read and write
|
||
|
2C00000
|
heap
|
page read and write
|
||
|
2D7E000
|
stack
|
page read and write
|
||
|
2EF2000
|
heap
|
page read and write
|
||
|
7FEF9D42000
|
unkown
|
page readonly
|
||
|
21B000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
353D000
|
heap
|
page read and write
|
||
|
3B0000
|
heap
|
page read and write
|
||
|
280000
|
heap
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
C3000
|
heap
|
page read and write
|
||
|
22FF000
|
stack
|
page read and write
|
||
|
21B2000
|
heap
|
page read and write
|
||
|
478000
|
heap
|
page read and write
|
||
|
3E0000
|
heap
|
page read and write
|
||
|
233000
|
heap
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
29F0000
|
heap
|
page read and write
|
||
|
3585000
|
heap
|
page read and write
|
||
|
524000
|
heap
|
page read and write
|
||
|
2EE0000
|
heap
|
page read and write
|
||
|
630000
|
heap
|
page read and write
|
||
|
2EBF000
|
heap
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page read and write
|
||
|
100000
|
heap
|
page read and write
|
||
|
130000
|
direct allocation
|
page execute and read and write
|
||
|
2F40000
|
heap
|
page read and write
|
||
|
20D0000
|
heap
|
page read and write
|
||
|
2F3C000
|
heap
|
page read and write
|
||
|
2E0000
|
heap
|
page read and write
|
||
|
2F57000
|
heap
|
page read and write
|
||
|
2F32000
|
heap
|
page read and write
|
||
|
180000
|
heap
|
page read and write
|
||
|
2080000
|
remote allocation
|
page read and write
|
||
|
278F000
|
stack
|
page read and write
|
||
|
283000
|
heap
|
page read and write
|
||
|
21C0000
|
heap
|
page read and write
|
||
|
2EF5000
|
heap
|
page read and write
|
||
|
410000
|
trusted library allocation
|
page read and write
|
||
|
2030000
|
heap
|
page read and write
|
||
|
22E0000
|
heap
|
page read and write
|
||
|
34B0000
|
heap
|
page read and write
|
||
|
252000
|
heap
|
page read and write
|
||
|
468000
|
heap
|
page read and write
|
||
|
4B4000
|
heap
|
page read and write
|
||
|
2312000
|
heap
|
page read and write
|
||
|
2ACB000
|
stack
|
page read and write
|
||
|
325000
|
heap
|
page read and write
|
||
|
2F51000
|
heap
|
page read and write
|
||
|
426000
|
heap
|
page read and write
|
||
|
180030000
|
direct allocation
|
page readonly
|
||
|
4F6000
|
heap
|
page read and write
|
||
|
7FEF708B000
|
unkown
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
34CF000
|
heap
|
page read and write
|
||
|
2869000
|
heap
|
page read and write
|
||
|
488000
|
heap
|
page read and write
|
||
|
289F000
|
heap
|
page read and write
|
||
|
1FC000
|
heap
|
page read and write
|
||
|
20E000
|
heap
|
page read and write
|
||
|
2F37000
|
heap
|
page read and write
|
||
|
20E5000
|
heap
|
page read and write
|
||
|
29DF000
|
stack
|
page read and write
|
||
|
2F47000
|
heap
|
page read and write
|
||
|
22DB000
|
stack
|
page read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
204000
|
heap
|
page read and write
|
||
|
7FEF70EF000
|
unkown
|
page readonly
|
||
|
1AC000
|
heap
|
page read and write
|
||
|
7FEF708F000
|
unkown
|
page readonly
|
||
|
7FEF7512000
|
unkown
|
page readonly
|
||
|
20FE000
|
stack
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
2B00000
|
heap
|
page read and write
|
||
|
2F3C000
|
heap
|
page read and write
|
||
|
213000
|
heap
|
page read and write
|
||
|
279000
|
heap
|
page read and write
|
||
|
22D000
|
heap
|
page read and write
|
||
|
2E60000
|
heap
|
page read and write
|
||
|
7FEF74F0000
|
unkown
|
page readonly
|
||
|
7FEF70EB000
|
unkown
|
page read and write
|
||
|
20C0000
|
heap
|
page read and write
|
||
|
16A000
|
heap
|
page read and write
|
||
|
3010000
|
heap
|
page read and write
|
||
|
2B3E000
|
heap
|
page read and write
|
||
|
2EE0000
|
heap
|
page read and write
|
||
|
167000
|
heap
|
page read and write
|
||
|
2F40000
|
heap
|
page read and write
|
||
|
2BF0000
|
heap
|
page read and write
|
||
|
1FA000
|
heap
|
page read and write
|
||
|
286B000
|
stack
|
page read and write
|
||
|
2F3C000
|
heap
|
page read and write
|
||
|
2F43000
|
heap
|
page read and write
|
||
|
2370000
|
heap
|
page read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
2F3B000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2D0E000
|
stack
|
page read and write
|
||
|
3B0000
|
direct allocation
|
page execute and read and write
|
||
|
2B1E000
|
stack
|
page read and write
|
||
|
178000
|
stack
|
page read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
2F2B000
|
heap
|
page read and write
|
||
|
2E9C000
|
stack
|
page read and write
|
||
|
2D4000
|
heap
|
page read and write
|
||
|
180030000
|
direct allocation
|
page readonly
|
||
|
18002F000
|
direct allocation
|
page read and write
|
||
|
7FEF7512000
|
unkown
|
page readonly
|
||
|
23DF000
|
stack
|
page read and write
|
||
|
34BF000
|
heap
|
page read and write
|
||
|
20E000
|
heap
|
page read and write
|
||
|
21AE000
|
stack
|
page read and write
|
||
|
230000
|
heap
|
page read and write
|
||
|
3584000
|
heap
|
page read and write
|
||
|
1B0000
|
direct allocation
|
page execute and read and write
|
||
|
26BF000
|
stack
|
page read and write
|
||
|
1C7000
|
heap
|
page read and write
|
||
|
1DA000
|
heap
|
page read and write
|
||
|
7FEF74F0000
|
unkown
|
page readonly
|
||
|
13C000
|
heap
|
page read and write
|
||
|
353D000
|
heap
|
page read and write
|
||
|
22E0000
|
heap
|
page read and write
|
||
|
7FEF7082000
|
unkown
|
page readonly
|
||
|
272000
|
heap
|
page read and write
|
||
|
21FB000
|
heap
|
page read and write
|
||
|
295000
|
heap
|
page read and write
|
||
|
2C0000
|
heap
|
page read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2F44000
|
heap
|
page read and write
|
||
|
1A8000
|
stack
|
page read and write
|
||
|
D8000
|
stack
|
page read and write
|
||
|
2F3C000
|
heap
|
page read and write
|
||
|
7FEF9D4B000
|
unkown
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page read and write
|
||
|
2F4B000
|
heap
|
page read and write
|
||
|
40B000
|
heap
|
page read and write
|
||
|
21BF000
|
stack
|
page read and write
|
||
|
230000
|
heap
|
page read and write
|
||
|
180030000
|
direct allocation
|
page readonly
|
||
|
27E000
|
heap
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
1B3000
|
heap
|
page read and write
|
||
|
237000
|
heap
|
page read and write
|
||
|
21B0000
|
heap
|
page read and write
|
||
|
F4000
|
heap
|
page read and write
|
||
|
254000
|
heap
|
page read and write
|
||
|
21A000
|
heap
|
page read and write
|
||
|
7FEF7060000
|
unkown
|
page readonly
|
||
|
520000
|
heap
|
page read and write
|
||
|
410000
|
trusted library allocation
|
page read and write
|
||
|
24F000
|
heap
|
page read and write
|
||
|
3150000
|
heap
|
page read and write
|
||
|
2A0000
|
heap
|
page read and write
|
||
|
180030000
|
direct allocation
|
page readonly
|
||
|
2D9000
|
heap
|
page read and write
|
||
|
280B000
|
stack
|
page read and write
|
||
|
CA000
|
heap
|
page read and write
|
||
|
2EF1000
|
heap
|
page read and write
|
||
|
2F40000
|
heap
|
page read and write
|
||
|
1A0000
|
heap
|
page read and write
|
||
|
7FEF7061000
|
unkown
|
page execute read
|
||
|
420000
|
heap
|
page read and write
|
||
|
2B7B000
|
stack
|
page read and write
|
||
|
498000
|
heap
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
27BE000
|
stack
|
page read and write
|
||
|
19E000
|
heap
|
page read and write
|
||
|
7FEF9D4B000
|
unkown
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page read and write
|
||
|
460000
|
heap
|
page read and write
|
||
|
634000
|
heap
|
page read and write
|
||
|
163000
|
heap
|
page read and write
|
||
|
2F43000
|
heap
|
page read and write
|
||
|
2F0F000
|
heap
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
7FEF751F000
|
unkown
|
page readonly
|
||
|
F0000
|
heap
|
page read and write
|
||
|
7FEF9D20000
|
unkown
|
page readonly
|
||
|
2ED4000
|
heap
|
page read and write
|
||
|
508000
|
heap
|
page read and write
|
||
|
1AC000
|
heap
|
page read and write
|
||
|
3040000
|
heap
|
page read and write
|
||
|
7FEF70E2000
|
unkown
|
page readonly
|
||
|
278D000
|
stack
|
page read and write
|
||
|
2D40000
|
heap
|
page read and write
|
||
|
2F6000
|
heap
|
page read and write
|
||
|
222F000
|
stack
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
281000
|
heap
|
page read and write
|
||
|
26D000
|
heap
|
page read and write
|
||
|
2BDE000
|
stack
|
page read and write
|
||
|
250000
|
heap
|
page read and write
|
||
|
4F6000
|
heap
|
page read and write
|
||
|
2F40000
|
heap
|
page read and write
|
||
|
7FEF9D4F000
|
unkown
|
page readonly
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
356000
|
heap
|
page read and write
|
||
|
2C00000
|
heap
|
page read and write
|
||
|
20E000
|
heap
|
page read and write
|
||
|
2F40000
|
heap
|
page read and write
|
||
|
2E0000
|
heap
|
page read and write
|
||
|
7FEF9D21000
|
unkown
|
page execute read
|
||
|
2F32000
|
heap
|
page read and write
|
||
|
2B6000
|
heap
|
page read and write
|
||
|
326000
|
heap
|
page read and write
|
||
|
1E7000
|
heap
|
page read and write
|
||
|
27A000
|
heap
|
page read and write
|
||
|
117000
|
heap
|
page read and write
|
||
|
2F43000
|
heap
|
page read and write
|
||
|
2020000
|
remote allocation
|
page read and write
|
||
|
7FEF70C0000
|
unkown
|
page readonly
|
||
|
24D000
|
heap
|
page read and write
|
||
|
4BD000
|
heap
|
page read and write
|
||
|
305000
|
heap
|
page read and write
|
||
|
2E9C000
|
heap
|
page read and write
|
||
|
2F8D000
|
heap
|
page read and write
|
||
|
2F40000
|
heap
|
page read and write
|
||
|
1DE000
|
heap
|
page read and write
|
||
|
1B6000
|
heap
|
page read and write
|
||
|
530000
|
trusted library allocation
|
page read and write
|
||
|
1DE000
|
heap
|
page read and write
|
||
|
2F08000
|
heap
|
page read and write
|
||
|
2EE4000
|
heap
|
page read and write
|
||
|
19C000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
2AF000
|
heap
|
page read and write
|
||
|
7FEF70C1000
|
unkown
|
page execute read
|
There are 498 hidden memdumps, click here to show them.