Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Scan 2022.20.05_0910.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Dream, Last Saved
By: TYHRETH, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date:
Thu May 19 22:08:10 2022, Security: 0
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\f6TC4C6PwMWzjYykKV327CT8vWcYjtGvLL[1].dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\Cmk1Nr[1].dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\xqJfpnc0wEmcroPdpB[1].dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
downloaded
|
|
|
|
C:\Users\user\Desktop\Scan 2022.20.05_0910.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Dream, Last Saved
By: TYHRETH, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date:
Thu May 19 22:08:10 2022, Security: 0
|
dropped
|
|
|
|
C:\Users\user\uxevr1.ocx
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\uxevr2.ocx
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\uxevr3.ocx
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\System32\AVQhDTOoTQ\JuebGslFXTeyRNG.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\System32\IWJyiUbrMYkKNab\HrQqTfHWMtY.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\System32\PlMfP\OpoHHoBHS.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, 61480 bytes, 1 file
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5F20.tmp
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Cab5CC9.tmp
|
Microsoft Cabinet archive data, 61480 bytes, 1 file
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Tar5CCA.tmp
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\~DFCBAF547270F146D3.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DFDB8800F55F6FFF92.TMP
|
data
|
dropped
|
There are 8 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\uxevr1.ocx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\PlMfP\OpoHHoBHS.dll"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\uxevr2.ocx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\AVQhDTOoTQ\JuebGslFXTeyRNG.dll"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\uxevr3.ocx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\IWJyiUbrMYkKNab\HrQqTfHWMtY.dll"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\uxevr4.ocx
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k WerSvcGroup
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://173.82.82.196:8080/
|
unknown
|
|
|
|
http://mcapublicschool.com/Achievements/r4psv/
|
103.133.214.149
|
|
|
|
https://173.82.82.196/q
|
unknown
|
|
|
|
http://kuluckaci.com/yarisma/cgi-bin/aIuI4Ukdtl730sP1F/
|
185.86.13.242
|
|
|
|
https://173.82.82.196:8080/D.
|
unknown
|
|
|
|
https://173.82.82.196:8080/bL
|
unknown
|
|
|
|
https://173.82.82.196:8080/H.
|
unknown
|
|
|
|
https://173.82.82.196/
|
unknown
|
|
|
|
https://173.82.82.196:8080/e
|
unknown
|
|
|
|
https://microlent.com/admin/3/
|
103.195.4.8
|
|
|
|
https://173.82.82.196/vL
|
unknown
|
|
|
|
https://173.82.82.196:8080/i
|
unknown
|
|
|
|
https://173.82.82.196/4.
|
unknown
|
|
|
|
https://173.82.82.196/nL
|
unknown
|
|
|
|
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
|
unknown
|
||
|
http://crl.entrust.net/server1.crl0
|
unknown
|
||
|
http://ocsp.entrust.net03
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
|
unknown
|
||
|
http://www.diginotar.nl/cps/pkioverheid0
|
unknown
|
||
|
http://ocsp.entrust.net0D
|
unknown
|
||
|
https://secure.comodo.com/CPS0
|
unknown
|
||
|
http://crl.entrust.net/2048ca.crl0
|
unknown
|
There are 12 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
kuluckaci.com
|
185.86.13.242
|
|
|
|
mcapublicschool.com
|
103.133.214.149
|
||
|
moorworld.com
|
211.149.139.157
|
||
|
microlent.com
|
103.195.4.8
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
173.82.82.196
|
unknown
|
United States
|
|
|
|
185.86.13.242
|
kuluckaci.com
|
Turkey
|
|
|
|
103.133.214.149
|
mcapublicschool.com
|
India
|
||
|
103.195.4.8
|
microlent.com
|
Hong Kong
|
||
|
211.149.139.157
|
moorworld.com
|
China
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
'&(
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\65A21
|
65A21
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
=;(
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\76661
|
76661
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\76CD6
|
76CD6
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
There are 59 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
160000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
140000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
510000
|
direct allocation
|
page execute and read and write
|
|
|
|
3E0000
|
direct allocation
|
page execute and read and write
|
|
|
|
3C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
140000
|
direct allocation
|
page execute and read and write
|
|
|
|
7FEF70EF000
|
unkown
|
page readonly
|
||
|
1D0000
|
heap
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
37A000
|
heap
|
page read and write
|
||
|
7FEF70C1000
|
unkown
|
page execute read
|
||
|
660000
|
heap
|
page read and write
|
||
|
494000
|
heap
|
page read and write
|
||
|
2242000
|
heap
|
page read and write
|
||
|
486000
|
heap
|
page read and write
|
||
|
195000
|
heap
|
page read and write
|
||
|
1A0000
|
trusted library allocation
|
page read and write
|
||
|
1F0000
|
trusted library allocation
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
2C7000
|
heap
|
page read and write
|
||
|
2DF2000
|
heap
|
page read and write
|
||
|
2E36000
|
heap
|
page read and write
|
||
|
B8000
|
stack
|
page read and write
|
||
|
4E8000
|
heap
|
page read and write
|
||
|
446000
|
heap
|
page read and write
|
||
|
4CE000
|
heap
|
page read and write
|
||
|
20DB000
|
heap
|
page read and write
|
||
|
7FEF9D42000
|
unkown
|
page readonly
|
||
|
210000
|
heap
|
page read and write
|
||
|
2180000
|
remote allocation
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
2E30000
|
heap
|
page read and write
|
||
|
2E1B000
|
heap
|
page read and write
|
||
|
380000
|
remote allocation
|
page read and write
|
||
|
26A000
|
heap
|
page read and write
|
||
|
58F000
|
stack
|
page read and write
|
||
|
31E0000
|
heap
|
page read and write
|
||
|
214F000
|
stack
|
page read and write
|
||
|
2940000
|
heap
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
3620000
|
heap
|
page read and write
|
||
|
282E000
|
stack
|
page read and write
|
||
|
484000
|
heap
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
458000
|
heap
|
page read and write
|
||
|
130000
|
direct allocation
|
page execute and read and write
|
||
|
2DAA000
|
heap
|
page read and write
|
||
|
228B000
|
heap
|
page read and write
|
||
|
232F000
|
stack
|
page read and write
|
||
|
2CC000
|
heap
|
page read and write
|
||
|
45E000
|
heap
|
page read and write
|
||
|
190000
|
heap
|
page read and write
|
||
|
2E6000
|
heap
|
page read and write
|
||
|
2B0000
|
heap
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
373000
|
heap
|
page read and write
|
||
|
235F000
|
stack
|
page read and write
|
||
|
7FEF751F000
|
unkown
|
page readonly
|
||
|
18002C000
|
direct allocation
|
page readonly
|
||
|
2E1B000
|
heap
|
page read and write
|
||
|
370000
|
remote allocation
|
page read and write
|
||
|
440000
|
heap
|
page read and write
|
||
|
7FEF751B000
|
unkown
|
page read and write
|
||
|
20E0000
|
heap
|
page read and write
|
||
|
2015000
|
heap
|
page read and write
|
||
|
29F0000
|
heap
|
page read and write
|
||
|
2E70000
|
heap
|
page read and write
|
||
|
664000
|
heap
|
page read and write
|
||
|
2F3D000
|
heap
|
page read and write
|
||
|
21CF000
|
stack
|
page read and write
|
||
|
2E13000
|
heap
|
page read and write
|
||
|
15A000
|
heap
|
page read and write
|
||
|
D0000
|
heap
|
page read and write
|
||
|
2EB5000
|
heap
|
page read and write
|
||
|
260000
|
heap
|
page read and write
|
||
|
28DE000
|
stack
|
page read and write
|
||
|
3FB000
|
heap
|
page read and write
|
||
|
226E000
|
stack
|
page read and write
|
||
|
474000
|
heap
|
page read and write
|
||
|
496000
|
heap
|
page read and write
|
||
|
2B0000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
6BF000
|
stack
|
page read and write
|
||
|
7EFE0000
|
unkown
|
page readonly
|
||
|
335000
|
heap
|
page read and write
|
||
|
670000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
154000
|
heap
|
page read and write
|
||
|
150000
|
heap
|
page read and write
|
||
|
2C6000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page read and write
|
||
|
2ACD000
|
heap
|
page read and write
|
||
|
29C000
|
heap
|
page read and write
|
||
|
45C000
|
heap
|
page read and write
|
||
|
3C4000
|
heap
|
page read and write
|
||
|
488000
|
heap
|
page read and write
|
||
|
2E0000
|
heap
|
page read and write
|
||
|
4D8000
|
heap
|
page read and write
|
||
|
1FD000
|
heap
|
page read and write
|
||
|
20A0000
|
heap
|
page read and write
|
||
|
2DF2000
|
heap
|
page read and write
|
||
|
508000
|
heap
|
page read and write
|
||
|
2BCE000
|
stack
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
7FEF9D42000
|
unkown
|
page readonly
|
||
|
7FEF9D20000
|
unkown
|
page readonly
|
||
|
2C3B000
|
stack
|
page read and write
|
||
|
44E000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
24000
|
heap
|
page read and write
|
||
|
2210000
|
heap
|
page read and write
|
||
|
7FEF70EB000
|
unkown
|
page read and write
|
||
|
448000
|
heap
|
page read and write
|
||
|
4C8000
|
heap
|
page read and write
|
||
|
30D0000
|
heap
|
page read and write
|
||
|
450000
|
heap
|
page read and write
|
||
|
237F000
|
stack
|
page read and write
|
||
|
556000
|
heap
|
page read and write
|
||
|
4AE000
|
stack
|
page read and write
|
||
|
2A2000
|
heap
|
page read and write
|
||
|
330000
|
heap
|
page read and write
|
||
|
46D000
|
heap
|
page read and write
|
||
|
40A000
|
heap
|
page read and write
|
||
|
1B0000
|
direct allocation
|
page execute and read and write
|
||
|
13E000
|
heap
|
page read and write
|
||
|
24E000
|
heap
|
page read and write
|
||
|
12A000
|
heap
|
page read and write
|
||
|
18002C000
|
direct allocation
|
page readonly
|
||
|
1D0000
|
direct allocation
|
page execute and read and write
|
||
|
42A000
|
heap
|
page read and write
|
||
|
469000
|
heap
|
page read and write
|
||
|
17B000
|
heap
|
page read and write
|
||
|
18002C000
|
direct allocation
|
page readonly
|
||
|
237F000
|
stack
|
page read and write
|
||
|
2A90000
|
heap
|
page read and write
|
||
|
1A0000
|
trusted library allocation
|
page read and write
|
||
|
270000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
558000
|
heap
|
page read and write
|
||
|
7FEF9D4F000
|
unkown
|
page readonly
|
||
|
2CEE000
|
stack
|
page read and write
|
||
|
2E39000
|
heap
|
page read and write
|
||
|
26BD000
|
stack
|
page read and write
|
||
|
4A0000
|
heap
|
page read and write
|
||
|
2AB0000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
40A000
|
heap
|
page read and write
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
2FD0000
|
heap
|
page read and write
|
||
|
1E5000
|
heap
|
page read and write
|
||
|
3270000
|
heap
|
page read and write
|
||
|
290000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
296000
|
heap
|
page read and write
|
||
|
4CC000
|
heap
|
page read and write
|
||
|
514000
|
heap
|
page read and write
|
||
|
2B8000
|
heap
|
page read and write
|
||
|
471000
|
heap
|
page read and write
|
||
|
1FF000
|
heap
|
page read and write
|
||
|
36D5000
|
heap
|
page read and write
|
||
|
153000
|
heap
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
2E1B000
|
heap
|
page read and write
|
||
|
2EB7000
|
heap
|
page read and write
|
||
|
310000
|
heap
|
page read and write
|
||
|
2F4A000
|
heap
|
page read and write
|
||
|
518000
|
heap
|
page read and write
|
||
|
78E000
|
stack
|
page read and write
|
||
|
268000
|
stack
|
page read and write
|
||
|
462000
|
heap
|
page read and write
|
||
|
4D0000
|
heap
|
page read and write
|
||
|
7FEF9D4F000
|
unkown
|
page readonly
|
||
|
468000
|
heap
|
page read and write
|
||
|
50D000
|
heap
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
228E000
|
stack
|
page read and write
|
||
|
189000
|
heap
|
page read and write
|
||
|
7FEF74F1000
|
unkown
|
page execute read
|
||
|
458000
|
heap
|
page read and write
|
||
|
4E6000
|
heap
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
2010000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
2BAF000
|
stack
|
page read and write
|
||
|
450000
|
heap
|
page read and write
|
||
|
7FEF70E2000
|
unkown
|
page readonly
|
||
|
44E000
|
heap
|
page read and write
|
||
|
198000
|
heap
|
page read and write
|
||
|
100000
|
heap
|
page read and write
|
||
|
7FEF751F000
|
unkown
|
page readonly
|
||
|
6D4000
|
heap
|
page read and write
|
||
|
36B000
|
heap
|
page read and write
|
||
|
2170000
|
heap
|
page read and write
|
||
|
411000
|
heap
|
page read and write
|
||
|
432000
|
heap
|
page read and write
|
||
|
3647000
|
heap
|
page read and write
|
||
|
403000
|
heap
|
page read and write
|
||
|
D8000
|
stack
|
page read and write
|
||
|
3D7000
|
heap
|
page read and write
|
||
|
464000
|
heap
|
page read and write
|
||
|
2C30000
|
heap
|
page read and write
|
||
|
2E23000
|
heap
|
page read and write
|
||
|
1B7000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page read and write
|
||
|
107000
|
heap
|
page read and write
|
||
|
46D000
|
heap
|
page read and write
|
||
|
2255000
|
heap
|
page read and write
|
||
|
1A0000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
474000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
57D000
|
heap
|
page read and write
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
204B000
|
heap
|
page read and write
|
||
|
473000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
2CC0000
|
heap
|
page read and write
|
||
|
277E000
|
stack
|
page read and write
|
||
|
410000
|
heap
|
page read and write
|
||
|
36D6000
|
heap
|
page read and write
|
||
|
35E000
|
heap
|
page read and write
|
||
|
4F8000
|
heap
|
page read and write
|
||
|
370000
|
remote allocation
|
page read and write
|
||
|
194000
|
heap
|
page read and write
|
||
|
556000
|
heap
|
page read and write
|
||
|
2E49000
|
heap
|
page read and write
|
||
|
5D4000
|
heap
|
page read and write
|
||
|
194000
|
heap
|
page read and write
|
||
|
283B000
|
stack
|
page read and write
|
||
|
2E1E000
|
heap
|
page read and write
|
||
|
1AD000
|
heap
|
page read and write
|
||
|
380000
|
remote allocation
|
page read and write
|
||
|
456000
|
heap
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
21F2000
|
heap
|
page read and write
|
||
|
4B0000
|
heap
|
page read and write
|
||
|
2FA6000
|
heap
|
page read and write
|
||
|
21F0000
|
heap
|
page read and write
|
||
|
2180000
|
remote allocation
|
page read and write
|
||
|
FD000
|
stack
|
page read and write
|
||
|
21CB000
|
heap
|
page read and write
|
||
|
3020000
|
heap
|
page read and write
|
||
|
1ED000
|
heap
|
page read and write
|
||
|
7FEF70EF000
|
unkown
|
page readonly
|
||
|
2C6B000
|
stack
|
page read and write
|
||
|
484000
|
heap
|
page read and write
|
||
|
1F6000
|
heap
|
page read and write
|
||
|
D7000
|
heap
|
page read and write
|
||
|
123000
|
heap
|
page read and write
|
||
|
2CCE000
|
stack
|
page read and write
|
||
|
268000
|
stack
|
page read and write
|
||
|
228000
|
stack
|
page read and write
|
||
|
320000
|
heap
|
page read and write
|
||
|
258000
|
stack
|
page read and write
|
||
|
2190000
|
heap
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
43B000
|
heap
|
page read and write
|
||
|
7FEF74F1000
|
unkown
|
page execute read
|
||
|
2E7A000
|
heap
|
page read and write
|
||
|
2E90000
|
heap
|
page read and write
|
||
|
2E57000
|
heap
|
page read and write
|
||
|
36D6000
|
heap
|
page read and write
|
||
|
2E26000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
2EC0000
|
heap
|
page read and write
|
||
|
46D000
|
heap
|
page read and write
|
||
|
7FEF9D20000
|
unkown
|
page readonly
|
||
|
190000
|
heap
|
page read and write
|
||
|
2175000
|
heap
|
page read and write
|
||
|
18002C000
|
direct allocation
|
page readonly
|
||
|
20A5000
|
heap
|
page read and write
|
||
|
2B3C000
|
stack
|
page read and write
|
||
|
2AFC000
|
stack
|
page read and write
|
||
|
1A0000
|
heap
|
page read and write
|
||
|
7FEF74F0000
|
unkown
|
page readonly
|
||
|
10000
|
heap
|
page read and write
|
||
|
7FEF9D4B000
|
unkown
|
page read and write
|
||
|
1EC000
|
stack
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
2195000
|
heap
|
page read and write
|
||
|
2215000
|
heap
|
page read and write
|
||
|
368E000
|
heap
|
page read and write
|
||
|
3E2000
|
heap
|
page read and write
|
||
|
496000
|
heap
|
page read and write
|
||
|
506000
|
heap
|
page read and write
|
||
|
3BB000
|
heap
|
page read and write
|
||
|
2F82000
|
heap
|
page read and write
|
||
|
2DBC000
|
heap
|
page read and write
|
||
|
226000
|
heap
|
page read and write
|
||
|
2A1B000
|
stack
|
page read and write
|
||
|
2D6F000
|
heap
|
page read and write
|
||
|
40E000
|
heap
|
page read and write
|
||
|
294E000
|
stack
|
page read and write
|
||
|
23A0000
|
heap
|
page read and write
|
||
|
1B0000
|
heap
|
page read and write
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
47A000
|
heap
|
page read and write
|
||
|
2EBE000
|
stack
|
page read and write
|
||
|
2A6000
|
heap
|
page read and write
|
||
|
450000
|
heap
|
page read and write
|
||
|
7FEF70E2000
|
unkown
|
page readonly
|
||
|
217000
|
heap
|
page read and write
|
||
|
10E000
|
heap
|
page read and write
|
||
|
2A4E000
|
stack
|
page read and write
|
||
|
2E58000
|
heap
|
page read and write
|
||
|
2DF4000
|
heap
|
page read and write
|
||
|
5D4000
|
heap
|
page read and write
|
||
|
3B0000
|
heap
|
page read and write
|
||
|
440000
|
heap
|
page read and write
|
||
|
223D000
|
stack
|
page read and write
|
||
|
3B7000
|
heap
|
page read and write
|
||
|
7FEF70C0000
|
unkown
|
page readonly
|
||
|
368D000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
7FEF9D21000
|
unkown
|
page execute read
|
||
|
4D4000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page read and write
|
||
|
327000
|
heap
|
page read and write
|
||
|
181000
|
heap
|
page read and write
|
||
|
7FEF9D21000
|
unkown
|
page execute read
|
||
|
2BD000
|
heap
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
464000
|
heap
|
page read and write
|
||
|
301000
|
heap
|
page read and write
|
||
|
130000
|
direct allocation
|
page execute and read and write
|
||
|
130000
|
direct allocation
|
page execute and read and write
|
||
|
18002C000
|
direct allocation
|
page readonly
|
||
|
7FEF7512000
|
unkown
|
page readonly
|
||
|
2C5000
|
heap
|
page read and write
|
||
|
594000
|
heap
|
page read and write
|
||
|
7FEF70C0000
|
unkown
|
page readonly
|
||
|
427000
|
heap
|
page read and write
|
||
|
462000
|
heap
|
page read and write
|
||
|
2E13000
|
heap
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
261B000
|
stack
|
page read and write
|
||
|
2E23000
|
heap
|
page read and write
|
||
|
2810000
|
heap
|
page read and write
|
||
|
7FEF751B000
|
unkown
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
7FEF70EB000
|
unkown
|
page read and write
|
||
|
346000
|
heap
|
page read and write
|
||
|
2F40000
|
heap
|
page read and write
|
||
|
3EE000
|
heap
|
page read and write
|
||
|
2C5F000
|
stack
|
page read and write
|
||
|
274E000
|
stack
|
page read and write
|
||
|
4E5000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page read and write
|
||
|
2FA0000
|
heap
|
page read and write
|
||
|
2BCE000
|
stack
|
page read and write
|
||
|
2E0E000
|
stack
|
page read and write
|
||
|
263000
|
heap
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
7FEF74F0000
|
unkown
|
page readonly
|
||
|
7FEF7512000
|
unkown
|
page readonly
|
||
|
471000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
440000
|
heap
|
page read and write
|
||
|
3621000
|
heap
|
page read and write
|
||
|
2E26000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
458000
|
heap
|
page read and write
|
||
|
2240000
|
heap
|
page read and write
|
||
|
7FEF70C1000
|
unkown
|
page execute read
|
||
|
490000
|
heap
|
page read and write
|
||
|
1B8000
|
heap
|
page read and write
|
||
|
578000
|
heap
|
page read and write
|
||
|
316000
|
heap
|
page read and write
|
||
|
2E0000
|
heap
|
page read and write
|
||
|
568000
|
heap
|
page read and write
|
||
|
4FB000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
423000
|
heap
|
page read and write
|
||
|
368E000
|
heap
|
page read and write
|
||
|
2FA4000
|
heap
|
page read and write
|
||
|
674000
|
heap
|
page read and write
|
||
|
2AE000
|
heap
|
page read and write
|
||
|
3EF000
|
heap
|
page read and write
|
||
|
21AB000
|
heap
|
page read and write
|
||
|
236E000
|
stack
|
page read and write
|
||
|
2E23000
|
heap
|
page read and write
|
||
|
3B0000
|
direct allocation
|
page execute and read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
224B000
|
heap
|
page read and write
|
||
|
40F000
|
stack
|
page read and write
|
||
|
1C5000
|
heap
|
page read and write
|
||
|
278D000
|
stack
|
page read and write
|
||
|
18002C000
|
direct allocation
|
page readonly
|
||
|
7FEF9D4B000
|
unkown
|
page read and write
|
||
|
2CBE000
|
stack
|
page read and write
|
||
|
2F4D000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page read and write
|
||
|
2E2C000
|
heap
|
page read and write
|
||
|
2460000
|
heap
|
page read and write
|
||
|
4BE000
|
heap
|
page read and write
|
||
|
4D6000
|
heap
|
page read and write
|
||
|
444000
|
heap
|
page read and write
|
||
|
2CDD000
|
heap
|
page read and write
|
||
|
2250000
|
heap
|
page read and write
|
||
|
1BD000
|
heap
|
page read and write
|
||
|
2D60000
|
heap
|
page read and write
|
||
|
469000
|
heap
|
page read and write
|
||
|
488000
|
heap
|
page read and write
|
||
|
2E1B000
|
heap
|
page read and write
|
||
|
2E47000
|
heap
|
page read and write
|
There are 406 hidden memdumps, click here to show them.