Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.Exploit.Siggen3.32567.15846.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Dream, Last Saved
By: TYHRETH, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date:
Fri May 20 08:38:10 2022, Security: 0
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\LjSKxP[1].dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\CPZby9k8xhW2TaPgwsAagxTpGuhIkFrK[1].dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\F3DOS06hLF1rUq3s6XOB[1].dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
downloaded
|
|
|
|
C:\Users\user\Desktop\SecuriteInfo.com.Exploit.Siggen3.32567.15846.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Dream, Last Saved
By: TYHRETH, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date:
Fri May 20 08:38:10 2022, Security: 0
|
dropped
|
|
|
|
C:\Users\user\uxevr1.ocx
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\uxevr2.ocx
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\uxevr4.ocx
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\System32\FUVVPG\TGCY.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\System32\JQSPcFGJSVOMPtFX\ZXsHFctgkSbxp.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\System32\VrLOhrB\szFRUu.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, 61480 bytes, 1 file
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Cab3444.tmp
|
Microsoft Cabinet archive data, 61480 bytes, 1 file
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Tar3445.tmp
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\~DFA61A33ED8C15AF6F.TMP
|
data
|
dropped
|
There are 6 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\uxevr1.ocx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\JQSPcFGJSVOMPtFX\ZXsHFctgkSbxp.dll"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\uxevr2.ocx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\uxevr3.ocx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\uxevr4.ocx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\VrLOhrB\szFRUu.dll"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\FUVVPG\TGCY.dll"
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k WerSvcGroup
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://173.82.82.196/t5
|
unknown
|
|
|
|
https://173.82.82.196:8080/
|
unknown
|
|
|
|
https://www.melisetotoaksesuar.com/catalog/controller/account/dqfKI/
|
212.98.224.29
|
|
|
|
http://jr-software-web.net/aaabackupsqldb/11hYk3bHJ/
|
138.219.41.210
|
|
|
|
https://173.82.82.196:8080/P5
|
unknown
|
|
|
|
http://elamurray.com/athletics-carnival-2018/3UTZYr9D9f/
|
66.84.31.11
|
|
|
|
https://173.82.82.196/
|
unknown
|
|
|
|
https://173.82.82.196:8080/;j
|
unknown
|
|
|
|
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
|
unknown
|
||
|
http://ocsp.comodoc
|
unknown
|
||
|
http://crl.entrust.net/server1.crl0
|
unknown
|
||
|
http://ocsp.entrust.net03
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
|
unknown
|
||
|
https://secure.comodo.co
|
unknown
|
||
|
http://www.diginotar.nl/cps/pkioverheid0
|
unknown
|
||
|
http://crl.com
|
unknown
|
||
|
http://ocsp.entrust.net0D
|
unknown
|
||
|
https://secure.comodo.com/CPS0
|
unknown
|
||
|
http://crl.entrust.net/2048ca.crl0
|
unknown
|
There are 9 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
jr-software-web.net
|
138.219.41.210
|
|
|
|
elamurray.com
|
66.84.31.11
|
||
|
masyuk.com
|
128.199.252.32
|
||
|
melisetotoaksesuar.com
|
212.98.224.29
|
||
|
www.melisetotoaksesuar.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
173.82.82.196
|
unknown
|
United States
|
|
|
|
138.219.41.210
|
jr-software-web.net
|
Argentina
|
|
|
|
128.199.252.32
|
masyuk.com
|
United Kingdom
|
||
|
212.98.224.29
|
melisetotoaksesuar.com
|
Turkey
|
||
|
66.84.31.11
|
elamurray.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
y#+
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\6581E
|
6581E
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
$=+
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
There are 12 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
2D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
1D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
4D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
1E0000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
7FEF74E1000
|
unkown
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
1C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
7FEF74E1000
|
unkown
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
7FEF7505000
|
unkown
|
page readonly
|
||
|
2B98000
|
heap
|
page read and write
|
||
|
20F5000
|
heap
|
page read and write
|
||
|
2245000
|
heap
|
page read and write
|
||
|
7FEF91BB000
|
unkown
|
page read and write
|
||
|
7FEF91BF000
|
unkown
|
page readonly
|
||
|
368E000
|
heap
|
page read and write
|
||
|
4C6000
|
heap
|
page read and write
|
||
|
1B8000
|
heap
|
page read and write
|
||
|
2462000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page read and write
|
||
|
23AF000
|
stack
|
page read and write
|
||
|
2CC3000
|
heap
|
page read and write
|
||
|
3E3000
|
heap
|
page read and write
|
||
|
2BCF000
|
heap
|
page read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
2BEC000
|
heap
|
page read and write
|
||
|
256000
|
heap
|
page read and write
|
||
|
7FEF9190000
|
unkown
|
page readonly
|
||
|
36D000
|
heap
|
page read and write
|
||
|
130000
|
direct allocation
|
page execute and read and write
|
||
|
4B0000
|
heap
|
page read and write
|
||
|
2D1A000
|
heap
|
page read and write
|
||
|
2BDA000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page read and write
|
||
|
5A6000
|
heap
|
page read and write
|
||
|
2B0000
|
heap
|
page read and write
|
||
|
30E000
|
heap
|
page read and write
|
||
|
370000
|
heap
|
page read and write
|
||
|
18002C000
|
direct allocation
|
page readonly
|
||
|
243000
|
heap
|
page read and write
|
||
|
358000
|
heap
|
page read and write
|
||
|
75E000
|
stack
|
page read and write
|
||
|
324000
|
heap
|
page read and write
|
||
|
3A6000
|
heap
|
page read and write
|
||
|
7FEF9191000
|
unkown
|
page execute read
|
||
|
1BD000
|
stack
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
351000
|
heap
|
page read and write
|
||
|
2CE000
|
heap
|
page read and write
|
||
|
280000
|
heap
|
page read and write
|
||
|
22A0000
|
heap
|
page read and write
|
||
|
7FEF74E0000
|
unkown
|
page readonly
|
||
|
2BEF000
|
heap
|
page read and write
|
||
|
298000
|
heap
|
page read and write
|
||
|
2115000
|
heap
|
page read and write
|
||
|
214B000
|
heap
|
page read and write
|
||
|
303000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
276000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
2C9E000
|
stack
|
page read and write
|
||
|
440000
|
heap
|
page read and write
|
||
|
2EBF000
|
stack
|
page read and write
|
||
|
26DE000
|
stack
|
page read and write
|
||
|
291F000
|
stack
|
page read and write
|
||
|
2AE000
|
heap
|
page read and write
|
||
|
2B7000
|
heap
|
page read and write
|
||
|
347000
|
heap
|
page read and write
|
||
|
2BCF000
|
heap
|
page read and write
|
||
|
21EB000
|
heap
|
page read and write
|
||
|
3A6000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
213B000
|
heap
|
page read and write
|
||
|
100000
|
heap
|
page read and write
|
||
|
1B4000
|
heap
|
page read and write
|
||
|
520000
|
trusted library allocation
|
page read and write
|
||
|
3AB000
|
heap
|
page read and write
|
||
|
F8000
|
stack
|
page read and write
|
||
|
2110000
|
heap
|
page read and write
|
||
|
23AB000
|
stack
|
page read and write
|
||
|
2C5000
|
heap
|
page read and write
|
||
|
130000
|
direct allocation
|
page execute and read and write
|
||
|
2BC8000
|
heap
|
page read and write
|
||
|
7FEF91B2000
|
unkown
|
page readonly
|
||
|
36D4000
|
heap
|
page read and write
|
||
|
35D000
|
heap
|
page read and write
|
||
|
33A000
|
heap
|
page read and write
|
||
|
1B0000
|
direct allocation
|
page execute and read and write
|
||
|
3E6000
|
heap
|
page read and write
|
||
|
490000
|
heap
|
page read and write
|
||
|
484000
|
heap
|
page read and write
|
||
|
138000
|
stack
|
page read and write
|
||
|
2E8F000
|
stack
|
page read and write
|
||
|
2EE000
|
heap
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
2460000
|
heap
|
page read and write
|
||
|
232F000
|
stack
|
page read and write
|
||
|
2B98000
|
heap
|
page read and write
|
||
|
7FEF91B2000
|
unkown
|
page readonly
|
||
|
2BCF000
|
heap
|
page read and write
|
||
|
2B1D000
|
heap
|
page read and write
|
||
|
2BDA000
|
heap
|
page read and write
|
||
|
368E000
|
heap
|
page read and write
|
||
|
2CE4000
|
heap
|
page read and write
|
||
|
2C3000
|
heap
|
page read and write
|
||
|
344000
|
heap
|
page read and write
|
||
|
2A4000
|
heap
|
page read and write
|
||
|
3E6000
|
heap
|
page read and write
|
||
|
36D5000
|
heap
|
page read and write
|
||
|
18002C000
|
direct allocation
|
page readonly
|
||
|
30A000
|
heap
|
page read and write
|
||
|
310000
|
heap
|
page read and write
|
||
|
528000
|
heap
|
page read and write
|
||
|
5F0000
|
remote allocation
|
page read and write
|
||
|
6C0000
|
heap
|
page read and write
|
||
|
2CBB000
|
stack
|
page read and write
|
||
|
389000
|
heap
|
page read and write
|
||
|
4B0000
|
heap
|
page read and write
|
||
|
39A000
|
heap
|
page read and write
|
||
|
2F0000
|
heap
|
page read and write
|
||
|
370000
|
heap
|
page read and write
|
||
|
290000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
2CA000
|
heap
|
page read and write
|
||
|
302000
|
heap
|
page read and write
|
||
|
456000
|
heap
|
page read and write
|
||
|
2AFB000
|
stack
|
page read and write
|
||
|
7EFE0000
|
unkown
|
page readonly
|
||
|
241F000
|
stack
|
page read and write
|
||
|
614000
|
heap
|
page read and write
|
||
|
564000
|
heap
|
page read and write
|
||
|
319000
|
heap
|
page read and write
|
||
|
282C000
|
stack
|
page read and write
|
||
|
278E000
|
stack
|
page read and write
|
||
|
3080000
|
heap
|
page read and write
|
||
|
545000
|
heap
|
page read and write
|
||
|
2830000
|
heap
|
page read and write
|
||
|
33A000
|
heap
|
page read and write
|
||
|
2D1F000
|
stack
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
2BCF000
|
heap
|
page read and write
|
||
|
2D7E000
|
stack
|
page read and write
|
||
|
36D000
|
heap
|
page read and write
|
||
|
7C4000
|
heap
|
page read and write
|
||
|
23C000
|
stack
|
page read and write
|
||
|
340000
|
heap
|
page read and write
|
||
|
7FEF74E0000
|
unkown
|
page readonly
|
||
|
340000
|
heap
|
page read and write
|
||
|
1F7000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
390000
|
heap
|
page read and write
|
||
|
338000
|
heap
|
page read and write
|
||
|
32E000
|
heap
|
page read and write
|
||
|
2B0000
|
heap
|
page read and write
|
||
|
37E000
|
heap
|
page read and write
|
||
|
319000
|
heap
|
page read and write
|
||
|
4E4000
|
heap
|
page read and write
|
||
|
247E000
|
stack
|
page read and write
|
||
|
2BDA000
|
heap
|
page read and write
|
||
|
7FEF9D20000
|
unkown
|
page readonly
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
485000
|
heap
|
page read and write
|
||
|
54D000
|
heap
|
page read and write
|
||
|
3646000
|
heap
|
page read and write
|
||
|
1F7000
|
heap
|
page read and write
|
||
|
1C0000
|
direct allocation
|
page execute and read and write
|
||
|
2BEC000
|
heap
|
page read and write
|
||
|
28E000
|
heap
|
page read and write
|
||
|
260E000
|
stack
|
page read and write
|
||
|
2296000
|
heap
|
page read and write
|
||
|
104000
|
heap
|
page read and write
|
||
|
21B0000
|
heap
|
page read and write
|
||
|
326000
|
heap
|
page read and write
|
||
|
6C4000
|
heap
|
page read and write
|
||
|
2290000
|
heap
|
page read and write
|
||
|
7FEF9D21000
|
unkown
|
page execute read
|
||
|
196000
|
heap
|
page read and write
|
||
|
18002C000
|
direct allocation
|
page readonly
|
||
|
2F0E000
|
stack
|
page read and write
|
||
|
7FEF9191000
|
unkown
|
page execute read
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
7FEF91BF000
|
unkown
|
page readonly
|
||
|
1D0000
|
heap
|
page read and write
|
||
|
2BDA000
|
heap
|
page read and write
|
||
|
360000
|
heap
|
page read and write
|
||
|
538000
|
heap
|
page read and write
|
||
|
368C000
|
heap
|
page read and write
|
||
|
240000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2B53000
|
heap
|
page read and write
|
||
|
2BCA000
|
heap
|
page read and write
|
||
|
2295000
|
heap
|
page read and write
|
||
|
1D8000
|
stack
|
page read and write
|
||
|
7FEF7500000
|
unkown
|
page read and write
|
||
|
3CE000
|
heap
|
page read and write
|
||
|
2100000
|
remote allocation
|
page read and write
|
||
|
1BD000
|
heap
|
page read and write
|
||
|
57B000
|
heap
|
page read and write
|
||
|
242F000
|
stack
|
page read and write
|
||
|
2BD0000
|
heap
|
page read and write
|
||
|
2BDB000
|
heap
|
page read and write
|
||
|
277000
|
heap
|
page read and write
|
||
|
358000
|
heap
|
page read and write
|
||
|
2CA000
|
heap
|
page read and write
|
||
|
22E000
|
heap
|
page read and write
|
||
|
2E4000
|
heap
|
page read and write
|
||
|
2DC000
|
heap
|
page read and write
|
||
|
42F000
|
heap
|
page read and write
|
||
|
2EE000
|
heap
|
page read and write
|
||
|
2B40000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
227B000
|
heap
|
page read and write
|
||
|
24C0000
|
heap
|
page read and write
|
||
|
480000
|
heap
|
page read and write
|
||
|
2CE0000
|
heap
|
page read and write
|
||
|
7FEF9D4B000
|
unkown
|
page read and write
|
||
|
22D000
|
heap
|
page read and write
|
||
|
364000
|
heap
|
page read and write
|
||
|
52F000
|
unkown
|
page read and write
|
||
|
7FEF9D4F000
|
unkown
|
page readonly
|
||
|
3B0000
|
heap
|
page read and write
|
||
|
227F000
|
stack
|
page read and write
|
||
|
2DAF000
|
stack
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
2C00000
|
heap
|
page read and write
|
||
|
21FD000
|
stack
|
page read and write
|
||
|
250000
|
heap
|
page read and write
|
||
|
206000
|
heap
|
page read and write
|
||
|
2240000
|
heap
|
page read and write
|
||
|
236000
|
heap
|
page read and write
|
||
|
2C3000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page read and write
|
||
|
351000
|
heap
|
page read and write
|
||
|
4C0000
|
direct allocation
|
page execute and read and write
|
||
|
310000
|
trusted library allocation
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
2BCF000
|
heap
|
page read and write
|
||
|
2BC5000
|
heap
|
page read and write
|
||
|
2CE0000
|
heap
|
page read and write
|
||
|
24C2000
|
heap
|
page read and write
|
||
|
2AE000
|
heap
|
page read and write
|
||
|
1BC000
|
stack
|
page read and write
|
||
|
2100000
|
remote allocation
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
624000
|
heap
|
page read and write
|
||
|
1C8000
|
stack
|
page read and write
|
||
|
4E6000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
22CB000
|
heap
|
page read and write
|
||
|
7FEF9D21000
|
unkown
|
page execute read
|
||
|
7FEF7505000
|
unkown
|
page readonly
|
||
|
18002C000
|
direct allocation
|
page readonly
|
||
|
303000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
35D000
|
heap
|
page read and write
|
||
|
7FEF74F7000
|
unkown
|
page readonly
|
||
|
560000
|
heap
|
page read and write
|
||
|
444000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page read and write
|
||
|
2B00000
|
heap
|
page read and write
|
||
|
277000
|
heap
|
page read and write
|
||
|
200000
|
heap
|
page read and write
|
||
|
2100000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
340000
|
heap
|
page read and write
|
||
|
2BEA000
|
heap
|
page read and write
|
||
|
2260000
|
heap
|
page read and write
|
||
|
27B000
|
heap
|
page read and write
|
||
|
2BDA000
|
heap
|
page read and write
|
||
|
A8000
|
stack
|
page read and write
|
||
|
310000
|
heap
|
page read and write
|
||
|
7FEF9D4B000
|
unkown
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
7FEF9190000
|
unkown
|
page readonly
|
||
|
2FB0000
|
heap
|
page read and write
|
||
|
2B62000
|
heap
|
page read and write
|
||
|
2610000
|
heap
|
page read and write
|
||
|
20F0000
|
heap
|
page read and write
|
||
|
2105000
|
heap
|
page read and write
|
||
|
3EA000
|
heap
|
page read and write
|
||
|
357000
|
heap
|
page read and write
|
||
|
21AF000
|
stack
|
page read and write
|
||
|
5C4000
|
heap
|
page read and write
|
||
|
7FEF7500000
|
unkown
|
page read and write
|
||
|
2EC000
|
heap
|
page read and write
|
||
|
2240000
|
heap
|
page read and write
|
||
|
24A000
|
heap
|
page read and write
|
||
|
2B9A000
|
heap
|
page read and write
|
||
|
212B000
|
heap
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
20B0000
|
heap
|
page read and write
|
||
|
2CC0000
|
heap
|
page read and write
|
||
|
414000
|
heap
|
page read and write
|
||
|
36D5000
|
heap
|
page read and write
|
||
|
340000
|
heap
|
page read and write
|
||
|
7FEF91BB000
|
unkown
|
page read and write
|
||
|
1A8000
|
heap
|
page read and write
|
||
|
302000
|
heap
|
page read and write
|
||
|
20E6000
|
heap
|
page read and write
|
||
|
23B000
|
heap
|
page read and write
|
||
|
198000
|
heap
|
page read and write
|
||
|
18002C000
|
direct allocation
|
page readonly
|
||
|
28E0000
|
heap
|
page read and write
|
||
|
3B0000
|
heap
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
2C2C000
|
stack
|
page read and write
|
||
|
2FE000
|
heap
|
page read and write
|
||
|
2B7000
|
heap
|
page read and write
|
||
|
7FEF74F7000
|
unkown
|
page readonly
|
||
|
424000
|
heap
|
page read and write
|
||
|
2BEC000
|
heap
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
358000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
393000
|
heap
|
page read and write
|
||
|
30C000
|
heap
|
page read and write
|
||
|
397000
|
heap
|
page read and write
|
||
|
29C0000
|
heap
|
page read and write
|
||
|
270000
|
heap
|
page read and write
|
||
|
338000
|
heap
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
362000
|
heap
|
page read and write
|
||
|
410000
|
heap
|
page read and write
|
||
|
2BB9000
|
heap
|
page read and write
|
||
|
36B4000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
2BDA000
|
heap
|
page read and write
|
||
|
21BD000
|
stack
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2BDA000
|
heap
|
page read and write
|
||
|
526000
|
heap
|
page read and write
|
||
|
2A0000
|
heap
|
page read and write
|
||
|
21B5000
|
heap
|
page read and write
|
||
|
2456000
|
heap
|
page read and write
|
||
|
2BEA000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
AAF000
|
stack
|
page read and write
|
||
|
7FEF9D42000
|
unkown
|
page readonly
|
||
|
29C0000
|
heap
|
page read and write
|
||
|
7FEF9D4F000
|
unkown
|
page readonly
|
||
|
2B0E000
|
heap
|
page read and write
|
||
|
27AD000
|
stack
|
page read and write
|
||
|
29C4000
|
heap
|
page read and write
|
||
|
5F0000
|
remote allocation
|
page read and write
|
||
|
2B51000
|
heap
|
page read and write
|
||
|
350000
|
heap
|
page read and write
|
||
|
7FEF9D20000
|
unkown
|
page readonly
|
||
|
2BC5000
|
heap
|
page read and write
|
||
|
2CDC000
|
stack
|
page read and write
|
||
|
4E6000
|
heap
|
page read and write
|
||
|
361F000
|
heap
|
page read and write
|
||
|
3611000
|
heap
|
page read and write
|
||
|
3610000
|
heap
|
page read and write
|
||
|
30A000
|
heap
|
page read and write
|
||
|
386000
|
heap
|
page read and write
|
||
|
270000
|
heap
|
page read and write
|
||
|
2450000
|
heap
|
page read and write
|
||
|
2D1C000
|
heap
|
page read and write
|
||
|
2B4000
|
heap
|
page read and write
|
||
|
30E000
|
heap
|
page read and write
|
||
|
1B0000
|
heap
|
page read and write
|
||
|
204000
|
heap
|
page read and write
|
||
|
2BEF000
|
heap
|
page read and write
|
||
|
548000
|
heap
|
page read and write
|
||
|
7FEF9D42000
|
unkown
|
page readonly
|
||
|
160000
|
heap
|
page read and write
|
||
|
2BC5000
|
heap
|
page read and write
|
||
|
2C1F000
|
stack
|
page read and write
|
||
|
476000
|
heap
|
page read and write
|
||
|
321000
|
heap
|
page read and write
|
There are 364 hidden memdumps, click here to show them.