Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
allegati_23052022.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Dream, Last Saved
By: TYHRETH, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date:
Mon May 23 10:04:20 2022, Security: 0
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\4bP[1].dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\nB5U[1].dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\LeBuXD3cUkeiPrfy[1].dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\QqHRFPCw2sMluT[1].dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
downloaded
|
|
|
|
C:\Users\user\Desktop\allegati_23052022.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Dream, Last Saved
By: TYHRETH, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date:
Mon May 23 10:04:20 2022, Security: 0
|
dropped
|
|
|
|
C:\Users\user\cusoa1.ocx
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\cusoa2.ocx
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\cusoa3.ocx
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\cusoa4.ocx
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, 61480 bytes, 1 file
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\CabF3F8.tmp
|
Microsoft Cabinet archive data, 61480 bytes, 1 file
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TarF3F9.tmp
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\~DF5B07AF81F1DC3940.TMP
|
data
|
dropped
|
||
|
C:\Windows\System32\IyXmToN\lzIgCVr.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Windows\System32\KIMRaXPqDerXJoZF\aRgQEkQ.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Windows\System32\TURzt\TXqeznNbFanh.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Windows\System32\TlAadbHyBMqq\YRFxrLtktkh.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
There are 9 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\cusoa1.ocx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\TURzt\TXqeznNbFanh.dll"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\cusoa2.ocx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\KIMRaXPqDerXJoZF\aRgQEkQ.dll"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\cusoa3.ocx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\IyXmToN\lzIgCVr.dll"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\cusoa4.ocx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\TlAadbHyBMqq\YRFxrLtktkh.dll"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://ocalogullari.com/inc/Wcm82enrs8/
|
188.132.217.108
|
|
|
|
https://newkano.com/wp-admin/66rIsrVwoPKUsjcAs/
|
103.45.230.202
|
|
|
|
https://myphamcuatui.com/assets/OPVeVSpO/
|
103.1.238.211
|
|
|
|
http://sieuthiphutungxenang.com/old_source/9boJQZpTSdQE/
|
112.213.89.85
|
|
|
|
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
|
unknown
|
||
|
https://165.22.73.229:8080/h
|
unknown
|
||
|
http://crl.entrust.net/server1.crl0
|
unknown
|
||
|
https://165.22.73.229/q
|
unknown
|
||
|
http://ocsp.entrust.net03
|
unknown
|
||
|
https://165.22.73.229/p
|
unknown
|
||
|
https://165.22.73.229:8080/
|
unknown
|
||
|
https://165.22.73.229/
|
unknown
|
||
|
https://165.22.73.229/y
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
|
unknown
|
||
|
http://www.diginotar.nl/cps/pkioverheid0
|
unknown
|
||
|
https://165.22.73.229:8080/x
|
unknown
|
||
|
http://ocsp.entrust.net0D
|
unknown
|
||
|
https://165.22.73.229:8080/Q
|
unknown
|
||
|
https://secure.comodo.com/CPS0
|
unknown
|
||
|
http://crl.entrust.net/2048ca.crl0
|
unknown
|
||
|
https://165.22.73.229/d
|
unknown
|
There are 11 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
newkano.com
|
103.45.230.202
|
|
|
|
myphamcuatui.com
|
103.1.238.211
|
||
|
ocalogullari.com
|
188.132.217.108
|
||
|
sieuthiphutungxenang.com
|
112.213.89.85
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
103.45.230.202
|
newkano.com
|
Viet Nam
|
|
|
|
165.22.73.229
|
unknown
|
United States
|
|
|
|
112.213.89.85
|
sieuthiphutungxenang.com
|
Viet Nam
|
||
|
103.1.238.211
|
myphamcuatui.com
|
Viet Nam
|
||
|
188.132.217.108
|
ocalogullari.com
|
Turkey
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
j$+
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\67E54
|
67E54
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
x?+
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
There are 14 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
1C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
3C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
170000
|
direct allocation
|
page execute and read and write
|
|
|
|
1D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
2C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
140000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
140000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
510000
|
heap
|
page read and write
|
||
|
3020000
|
heap
|
page read and write
|
||
|
10078000
|
unkown
|
page readonly
|
||
|
2F0E000
|
stack
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
3020000
|
heap
|
page read and write
|
||
|
260000
|
heap
|
page read and write
|
||
|
3857000
|
heap
|
page read and write
|
||
|
115000
|
heap
|
page read and write
|
||
|
229000
|
heap
|
page read and write
|
||
|
23A4000
|
heap
|
page read and write
|
||
|
10078000
|
unkown
|
page readonly
|
||
|
4E8000
|
heap
|
page read and write
|
||
|
2E0E000
|
stack
|
page read and write
|
||
|
3A7000
|
heap
|
page read and write
|
||
|
10054000
|
unkown
|
page readonly
|
||
|
506000
|
heap
|
page read and write
|
||
|
44D000
|
heap
|
page read and write
|
||
|
213000
|
heap
|
page read and write
|
||
|
70000
|
heap
|
page read and write
|
||
|
2A4C000
|
stack
|
page read and write
|
||
|
2E5B000
|
stack
|
page read and write
|
||
|
29E000
|
heap
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
3202000
|
heap
|
page read and write
|
||
|
302E000
|
stack
|
page read and write
|
||
|
2180000
|
remote allocation
|
page read and write
|
||
|
2F30000
|
heap
|
page read and write
|
||
|
10083000
|
unkown
|
page readonly
|
||
|
2FFE000
|
heap
|
page read and write
|
||
|
1AA000
|
heap
|
page read and write
|
||
|
30CE000
|
stack
|
page read and write
|
||
|
498000
|
heap
|
page read and write
|
||
|
47E000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
34A000
|
heap
|
page read and write
|
||
|
634000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
3020000
|
heap
|
page read and write
|
||
|
3F4000
|
heap
|
page read and write
|
||
|
2D60000
|
heap
|
page read and write
|
||
|
266000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
301A000
|
heap
|
page read and write
|
||
|
10083000
|
unkown
|
page readonly
|
||
|
3CE000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
400000
|
heap
|
page read and write
|
||
|
323E000
|
heap
|
page read and write
|
||
|
38A4000
|
heap
|
page read and write
|
||
|
38A4000
|
heap
|
page read and write
|
||
|
387E000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
2B4F000
|
heap
|
page read and write
|
||
|
30D0000
|
heap
|
page read and write
|
||
|
10054000
|
unkown
|
page readonly
|
||
|
3F0000
|
heap
|
page read and write
|
||
|
2F40000
|
heap
|
page read and write
|
||
|
376000
|
heap
|
page read and write
|
||
|
228000
|
stack
|
page read and write
|
||
|
585000
|
heap
|
page read and write
|
||
|
26DF000
|
stack
|
page read and write
|
||
|
190000
|
heap
|
page read and write
|
||
|
630000
|
heap
|
page read and write
|
||
|
4C8000
|
heap
|
page read and write
|
||
|
3B0000
|
direct allocation
|
page execute and read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
2B3000
|
heap
|
page read and write
|
||
|
404000
|
heap
|
page read and write
|
||
|
10078000
|
unkown
|
page readonly
|
||
|
2430000
|
heap
|
page read and write
|
||
|
300000
|
heap
|
page read and write
|
||
|
230000
|
heap
|
page read and write
|
||
|
489000
|
heap
|
page read and write
|
||
|
248000
|
stack
|
page read and write
|
||
|
2FAE000
|
stack
|
page read and write
|
||
|
28BE000
|
stack
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
1006E000
|
unkown
|
page read and write
|
||
|
4D8000
|
heap
|
page read and write
|
||
|
20DB000
|
heap
|
page read and write
|
||
|
3000000
|
heap
|
page read and write
|
||
|
3A3000
|
heap
|
page read and write
|
||
|
301D000
|
heap
|
page read and write
|
||
|
3070000
|
heap
|
page read and write
|
||
|
2FFE000
|
heap
|
page read and write
|
||
|
2A0E000
|
stack
|
page read and write
|
||
|
44A000
|
heap
|
page read and write
|
||
|
2D0000
|
heap
|
page read and write
|
||
|
463000
|
heap
|
page read and write
|
||
|
77000
|
heap
|
page read and write
|
||
|
41D000
|
heap
|
page read and write
|
||
|
2F5000
|
heap
|
page read and write
|
||
|
10074000
|
unkown
|
page read and write
|
||
|
458000
|
heap
|
page read and write
|
||
|
2E6E000
|
stack
|
page read and write
|
||
|
263000
|
heap
|
page read and write
|
||
|
4E4000
|
heap
|
page read and write
|
||
|
476000
|
heap
|
page read and write
|
||
|
410000
|
heap
|
page read and write
|
||
|
130000
|
direct allocation
|
page execute and read and write
|
||
|
10074000
|
unkown
|
page read and write
|
||
|
32A000
|
heap
|
page read and write
|
||
|
10078000
|
unkown
|
page readonly
|
||
|
292E000
|
stack
|
page read and write
|
||
|
375000
|
heap
|
page read and write
|
||
|
219B000
|
heap
|
page read and write
|
||
|
3023000
|
heap
|
page read and write
|
||
|
29FD000
|
stack
|
page read and write
|
||
|
3200000
|
heap
|
page read and write
|
||
|
2080000
|
heap
|
page read and write
|
||
|
263E000
|
stack
|
page read and write
|
||
|
3D3000
|
heap
|
page read and write
|
||
|
220000
|
heap
|
page read and write
|
||
|
2C0B000
|
stack
|
page read and write
|
||
|
10B000
|
heap
|
page read and write
|
||
|
2428000
|
heap
|
page read and write
|
||
|
3003000
|
heap
|
page read and write
|
||
|
570000
|
remote allocation
|
page read and write
|
||
|
2120000
|
heap
|
page read and write
|
||
|
210000
|
heap
|
page read and write
|
||
|
2B79000
|
heap
|
page read and write
|
||
|
21B0000
|
heap
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
4B8000
|
heap
|
page read and write
|
||
|
1B0000
|
direct allocation
|
page execute and read and write
|
||
|
2080000
|
remote allocation
|
page read and write
|
||
|
2F52000
|
heap
|
page read and write
|
||
|
442000
|
heap
|
page read and write
|
||
|
10078000
|
unkown
|
page readonly
|
||
|
29DD000
|
stack
|
page read and write
|
||
|
2134000
|
heap
|
page read and write
|
||
|
489000
|
heap
|
page read and write
|
||
|
15D000
|
heap
|
page read and write
|
||
|
1006E000
|
unkown
|
page read and write
|
||
|
4B8000
|
heap
|
page read and write
|
||
|
1006E000
|
unkown
|
page read and write
|
||
|
2C40000
|
heap
|
page read and write
|
||
|
2196000
|
heap
|
page read and write
|
||
|
2B10000
|
heap
|
page read and write
|
||
|
44D000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
225D000
|
stack
|
page read and write
|
||
|
2B09000
|
heap
|
page read and write
|
||
|
443000
|
heap
|
page read and write
|
||
|
31E0000
|
heap
|
page read and write
|
||
|
1006F000
|
unkown
|
page read and write
|
||
|
20A5000
|
heap
|
page read and write
|
||
|
190000
|
trusted library allocation
|
page read and write
|
||
|
30E000
|
heap
|
page read and write
|
||
|
2090000
|
heap
|
page read and write
|
||
|
242D000
|
stack
|
page read and write
|
||
|
334000
|
heap
|
page read and write
|
||
|
240000
|
heap
|
page read and write
|
||
|
3E3000
|
heap
|
page read and write
|
||
|
205000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
301A000
|
heap
|
page read and write
|
||
|
2330000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
2F70000
|
heap
|
page read and write
|
||
|
210000
|
heap
|
page read and write
|
||
|
2270000
|
heap
|
page read and write
|
||
|
C3000
|
heap
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page read and write
|
||
|
23A8000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
300D000
|
heap
|
page read and write
|
||
|
2294000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
440000
|
heap
|
page read and write
|
||
|
2F5E000
|
stack
|
page read and write
|
||
|
10074000
|
unkown
|
page read and write
|
||
|
2280000
|
heap
|
page read and write
|
||
|
310000
|
trusted library allocation
|
page read and write
|
||
|
465000
|
heap
|
page read and write
|
||
|
238000
|
stack
|
page read and write
|
||
|
397000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
255F000
|
stack
|
page read and write
|
||
|
3020000
|
heap
|
page read and write
|
||
|
548000
|
heap
|
page read and write
|
||
|
29EE000
|
stack
|
page read and write
|
||
|
3650000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
21A0000
|
heap
|
page read and write
|
||
|
2A50000
|
heap
|
page read and write
|
||
|
21E5000
|
heap
|
page read and write
|
||
|
22B6000
|
heap
|
page read and write
|
||
|
2165000
|
heap
|
page read and write
|
||
|
444000
|
heap
|
page read and write
|
||
|
2E3000
|
heap
|
page read and write
|
||
|
24F000
|
heap
|
page read and write
|
||
|
1E5000
|
heap
|
page read and write
|
||
|
415000
|
heap
|
page read and write
|
||
|
3020000
|
heap
|
page read and write
|
||
|
209000
|
heap
|
page read and write
|
||
|
2290000
|
heap
|
page read and write
|
||
|
300D000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
207000
|
heap
|
page read and write
|
||
|
25CF000
|
stack
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
10074000
|
unkown
|
page read and write
|
||
|
4A6000
|
heap
|
page read and write
|
||
|
3008000
|
heap
|
page read and write
|
||
|
469000
|
heap
|
page read and write
|
||
|
130000
|
heap
|
page read and write
|
||
|
24EF000
|
stack
|
page read and write
|
||
|
1A8000
|
stack
|
page read and write
|
||
|
120000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
26A000
|
heap
|
page read and write
|
||
|
480000
|
heap
|
page read and write
|
||
|
10054000
|
unkown
|
page readonly
|
||
|
463000
|
heap
|
page read and write
|
||
|
2B00000
|
heap
|
page read and write
|
||
|
245000
|
heap
|
page read and write
|
||
|
207000
|
heap
|
page read and write
|
||
|
446000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
2AD0000
|
heap
|
page read and write
|
||
|
1006E000
|
unkown
|
page write copy
|
||
|
2FCD000
|
heap
|
page read and write
|
||
|
290000
|
heap
|
page read and write
|
||
|
2260000
|
heap
|
page read and write
|
||
|
10083000
|
unkown
|
page readonly
|
||
|
2125000
|
heap
|
page read and write
|
||
|
2296000
|
heap
|
page read and write
|
||
|
387C000
|
heap
|
page read and write
|
||
|
377000
|
heap
|
page read and write
|
||
|
2080000
|
remote allocation
|
page read and write
|
||
|
2E8E000
|
stack
|
page read and write
|
||
|
2628000
|
heap
|
page read and write
|
||
|
1006E000
|
unkown
|
page write copy
|
||
|
28DC000
|
stack
|
page read and write
|
||
|
504000
|
heap
|
page read and write
|
||
|
12A000
|
heap
|
page read and write
|
||
|
2D7000
|
heap
|
page read and write
|
||
|
203000
|
heap
|
page read and write
|
||
|
323000
|
heap
|
page read and write
|
||
|
160000
|
heap
|
page read and write
|
||
|
1B0000
|
direct allocation
|
page execute and read and write
|
||
|
42B000
|
heap
|
page read and write
|
||
|
2080000
|
remote allocation
|
page read and write
|
||
|
245000
|
heap
|
page read and write
|
||
|
1FA000
|
heap
|
page read and write
|
||
|
2F98000
|
heap
|
page read and write
|
||
|
180030000
|
direct allocation
|
page readonly
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
3DA000
|
heap
|
page read and write
|
||
|
387C000
|
heap
|
page read and write
|
||
|
300F000
|
heap
|
page read and write
|
||
|
2B19000
|
heap
|
page read and write
|
||
|
300B000
|
heap
|
page read and write
|
||
|
568000
|
heap
|
page read and write
|
||
|
1B0000
|
direct allocation
|
page execute and read and write
|
||
|
2C0C000
|
stack
|
page read and write
|
||
|
293E000
|
stack
|
page read and write
|
||
|
AE000
|
heap
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
370000
|
heap
|
page read and write
|
||
|
392000
|
heap
|
page read and write
|
||
|
2C2E000
|
stack
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
3C3000
|
heap
|
page read and write
|
||
|
2C6000
|
heap
|
page read and write
|
||
|
10083000
|
unkown
|
page readonly
|
||
|
221B000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
3003000
|
heap
|
page read and write
|
||
|
22D0000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
4CD000
|
heap
|
page read and write
|
||
|
340000
|
heap
|
page read and write
|
||
|
4D0000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2DEC000
|
stack
|
page read and write
|
||
|
2236000
|
heap
|
page read and write
|
||
|
D8000
|
stack
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
10074000
|
unkown
|
page read and write
|
||
|
267000
|
heap
|
page read and write
|
||
|
1006F000
|
unkown
|
page read and write
|
||
|
21E0000
|
heap
|
page read and write
|
||
|
10078000
|
unkown
|
page readonly
|
||
|
130000
|
direct allocation
|
page execute and read and write
|
||
|
2FD0000
|
heap
|
page read and write
|
||
|
23A0000
|
heap
|
page read and write
|
||
|
22D6000
|
heap
|
page read and write
|
||
|
2E7000
|
heap
|
page read and write
|
||
|
2080000
|
remote allocation
|
page read and write
|
||
|
2FFE000
|
stack
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page read and write
|
||
|
180030000
|
direct allocation
|
page readonly
|
||
|
3206000
|
heap
|
page read and write
|
||
|
21E0000
|
heap
|
page read and write
|
||
|
30C1000
|
heap
|
page read and write
|
||
|
3020000
|
heap
|
page read and write
|
||
|
250000
|
heap
|
page read and write
|
||
|
180030000
|
direct allocation
|
page readonly
|
||
|
414000
|
heap
|
page read and write
|
||
|
1A0000
|
heap
|
page read and write
|
||
|
397000
|
heap
|
page read and write
|
||
|
4C6000
|
heap
|
page read and write
|
||
|
408000
|
heap
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page read and write
|
||
|
180030000
|
direct allocation
|
page readonly
|
||
|
263F000
|
stack
|
page read and write
|
||
|
254C000
|
stack
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
478000
|
heap
|
page read and write
|
||
|
1A3000
|
heap
|
page read and write
|
||
|
20B6000
|
heap
|
page read and write
|
||
|
2110000
|
heap
|
page read and write
|
||
|
3020000
|
heap
|
page read and write
|
||
|
20C000
|
heap
|
page read and write
|
||
|
3246000
|
heap
|
page read and write
|
||
|
20E0000
|
heap
|
page read and write
|
||
|
380000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
156000
|
heap
|
page read and write
|
||
|
2A40000
|
heap
|
page read and write
|
||
|
2CDE000
|
stack
|
page read and write
|
||
|
2BAF000
|
heap
|
page read and write
|
||
|
301A000
|
heap
|
page read and write
|
||
|
387000
|
heap
|
page read and write
|
||
|
43A000
|
heap
|
page read and write
|
||
|
300D000
|
heap
|
page read and write
|
||
|
390000
|
heap
|
page read and write
|
||
|
3244000
|
heap
|
page read and write
|
||
|
2298000
|
heap
|
page read and write
|
||
|
380F000
|
heap
|
page read and write
|
||
|
10083000
|
unkown
|
page readonly
|
||
|
10000
|
heap
|
page read and write
|
||
|
2424000
|
heap
|
page read and write
|
||
|
258F000
|
stack
|
page read and write
|
||
|
384000
|
heap
|
page read and write
|
||
|
1FA000
|
heap
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
140000
|
direct allocation
|
page execute and read and write
|
||
|
209000
|
heap
|
page read and write
|
||
|
10054000
|
unkown
|
page readonly
|
||
|
45D000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
24F000
|
heap
|
page read and write
|
||
|
2FFE000
|
heap
|
page read and write
|
||
|
2138000
|
heap
|
page read and write
|
||
|
205000
|
heap
|
page read and write
|
||
|
30DD000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
300F000
|
heap
|
page read and write
|
||
|
3801000
|
heap
|
page read and write
|
||
|
467000
|
heap
|
page read and write
|
||
|
10083000
|
unkown
|
page readonly
|
||
|
21F5000
|
heap
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page read and write
|
||
|
217000
|
heap
|
page read and write
|
||
|
10074000
|
unkown
|
page read and write
|
||
|
301A000
|
heap
|
page read and write
|
||
|
157000
|
heap
|
page read and write
|
||
|
1EE000
|
heap
|
page read and write
|
||
|
30C0000
|
heap
|
page read and write
|
||
|
10074000
|
unkown
|
page read and write
|
||
|
2FA8000
|
heap
|
page read and write
|
||
|
300A000
|
heap
|
page read and write
|
||
|
3CA000
|
heap
|
page read and write
|
||
|
18E000
|
heap
|
page read and write
|
||
|
38C5000
|
heap
|
page read and write
|
||
|
3800000
|
heap
|
page read and write
|
||
|
3836000
|
heap
|
page read and write
|
||
|
2F9A000
|
heap
|
page read and write
|
||
|
2EB0000
|
heap
|
page read and write
|
||
|
203000
|
heap
|
page read and write
|
||
|
3003000
|
heap
|
page read and write
|
||
|
3F0000
|
trusted library allocation
|
page read and write
|
||
|
2BA000
|
heap
|
page read and write
|
||
|
420000
|
trusted library allocation
|
page read and write
|
||
|
31E2000
|
heap
|
page read and write
|
||
|
558000
|
heap
|
page read and write
|
||
|
4B6000
|
heap
|
page read and write
|
||
|
2A9E000
|
stack
|
page read and write
|
||
|
224000
|
heap
|
page read and write
|
||
|
546000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
106000
|
heap
|
page read and write
|
||
|
3010000
|
heap
|
page read and write
|
||
|
570000
|
remote allocation
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
296E000
|
stack
|
page read and write
|
||
|
406000
|
heap
|
page read and write
|
||
|
460000
|
heap
|
page read and write
|
||
|
1006F000
|
unkown
|
page read and write
|
||
|
650000
|
heap
|
page read and write
|
||
|
49D000
|
heap
|
page read and write
|
||
|
276000
|
heap
|
page read and write
|
||
|
4C8000
|
heap
|
page read and write
|
||
|
3020000
|
heap
|
page read and write
|
||
|
25DF000
|
stack
|
page read and write
|
||
|
3130000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
2A4000
|
heap
|
page read and write
|
||
|
322000
|
heap
|
page read and write
|
||
|
2620000
|
heap
|
page read and write
|
||
|
218000
|
stack
|
page read and write
|
||
|
224000
|
heap
|
page read and write
|
||
|
38C5000
|
heap
|
page read and write
|
||
|
2F90000
|
heap
|
page read and write
|
||
|
360000
|
heap
|
page read and write
|
||
|
317E000
|
heap
|
page read and write
|
||
|
3144000
|
heap
|
page read and write
|
||
|
434000
|
heap
|
page read and write
|
||
|
CA000
|
heap
|
page read and write
|
||
|
2448000
|
heap
|
page read and write
|
||
|
10074000
|
unkown
|
page read and write
|
||
|
2290000
|
heap
|
page read and write
|
||
|
30C000
|
heap
|
page read and write
|
||
|
229000
|
heap
|
page read and write
|
||
|
2200000
|
heap
|
page read and write
|
||
|
1EE000
|
heap
|
page read and write
|
||
|
470000
|
heap
|
page read and write
|
||
|
3003000
|
heap
|
page read and write
|
||
|
2F40000
|
heap
|
page read and write
|
||
|
2216000
|
heap
|
page read and write
|
||
|
546000
|
heap
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page read and write
|
||
|
488000
|
heap
|
page read and write
|
||
|
10054000
|
unkown
|
page readonly
|
||
|
10000
|
heap
|
page read and write
|
||
|
180030000
|
direct allocation
|
page readonly
|
||
|
2160000
|
heap
|
page read and write
|
||
|
2160000
|
heap
|
page read and write
|
||
|
4DD000
|
heap
|
page read and write
|
||
|
2B50000
|
heap
|
page read and write
|
||
|
2624000
|
heap
|
page read and write
|
||
|
210000
|
heap
|
page read and write
|
||
|
10054000
|
unkown
|
page readonly
|
||
|
10083000
|
unkown
|
page readonly
|
||
|
2B3F000
|
heap
|
page read and write
|
||
|
330000
|
heap
|
page read and write
|
||
|
10078000
|
unkown
|
page readonly
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
10054000
|
unkown
|
page readonly
|
||
|
21F0000
|
heap
|
page read and write
|
||
|
32E0000
|
heap
|
page read and write
|
||
|
2AE000
|
heap
|
page read and write
|
||
|
368000
|
heap
|
page read and write
|
||
|
2DBC000
|
stack
|
page read and write
|
||
|
490000
|
heap
|
page read and write
|
||
|
20E5000
|
heap
|
page read and write
|
||
|
219B000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
18002F000
|
direct allocation
|
page read and write
|
||
|
213000
|
heap
|
page read and write
|
||
|
21D6000
|
heap
|
page read and write
|
||
|
180030000
|
direct allocation
|
page readonly
|
||
|
2180000
|
remote allocation
|
page read and write
|
||
|
301A000
|
heap
|
page read and write
|
||
|
20A0000
|
heap
|
page read and write
|
||
|
2160000
|
heap
|
page read and write
|
||
|
251F000
|
stack
|
page read and write
|
||
|
286000
|
heap
|
page read and write
|
||
|
2B70000
|
heap
|
page read and write
|
||
|
2165000
|
heap
|
page read and write
|
||
|
654000
|
heap
|
page read and write
|
||
|
4A6000
|
heap
|
page read and write
|
||
|
387E000
|
heap
|
page read and write
|
||
|
211B000
|
heap
|
page read and write
|
||
|
5F4000
|
heap
|
page read and write
|
||
|
308000
|
heap
|
page read and write
|
||
|
432000
|
heap
|
page read and write
|
||
|
2444000
|
heap
|
page read and write
|
||
|
10083000
|
unkown
|
page readonly
|
||
|
2CB0000
|
heap
|
page read and write
|
||
|
2E00000
|
heap
|
page read and write
|
||
|
1006F000
|
unkown
|
page read and write
|
||
|
4A8000
|
heap
|
page read and write
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
2B9000
|
heap
|
page read and write
|
||
|
2118000
|
heap
|
page read and write
|
||
|
2C5000
|
heap
|
page read and write
|
||
|
1006E000
|
unkown
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
5A4000
|
heap
|
page read and write
|
||
|
467000
|
heap
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page read and write
|
||
|
301A000
|
heap
|
page read and write
|
||
|
164000
|
heap
|
page read and write
|
||
|
194000
|
heap
|
page read and write
|
||
|
3BE000
|
heap
|
page read and write
|
||
|
1E1000
|
heap
|
page read and write
|
||
|
3180000
|
heap
|
page read and write
|
||
|
150000
|
heap
|
page read and write
|
||
|
1006E000
|
unkown
|
page write copy
|
||
|
300D000
|
heap
|
page read and write
|
||
|
1006E000
|
unkown
|
page write copy
|
||
|
299E000
|
stack
|
page read and write
|
||
|
247E000
|
stack
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
188000
|
stack
|
page read and write
|
||
|
109000
|
stack
|
page read and write
|
||
|
56D000
|
heap
|
page read and write
|
||
|
10078000
|
unkown
|
page readonly
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
22A0000
|
heap
|
page read and write
|
||
|
215B000
|
heap
|
page read and write
|
||
|
30B0000
|
heap
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
419000
|
heap
|
page read and write
|
||
|
2CAE000
|
stack
|
page read and write
|
||
|
180030000
|
direct allocation
|
page readonly
|
||
|
5D4000
|
heap
|
page read and write
|
||
|
3032000
|
heap
|
page read and write
|
||
|
2FCB000
|
heap
|
page read and write
|
||
|
5BB000
|
heap
|
page read and write
|
||
|
10054000
|
unkown
|
page readonly
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
2130000
|
heap
|
page read and write
|
||
|
24E000
|
heap
|
page read and write
|
||
|
370000
|
heap
|
page read and write
|
||
|
3EA000
|
heap
|
page read and write
|
||
|
2FC6000
|
heap
|
page read and write
|
||
|
180030000
|
direct allocation
|
page readonly
|
||
|
21DC000
|
stack
|
page read and write
|
||
|
2D4B000
|
stack
|
page read and write
|
||
|
301A000
|
heap
|
page read and write
|
||
|
396000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
283E000
|
stack
|
page read and write
|
||
|
2D70000
|
heap
|
page read and write
|
||
|
242E000
|
stack
|
page read and write
|
||
|
244000
|
heap
|
page read and write
|
||
|
2440000
|
heap
|
page read and write
|
||
|
222B000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
140000
|
direct allocation
|
page execute and read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
29AE000
|
stack
|
page read and write
|
||
|
16C000
|
heap
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
370000
|
heap
|
page read and write
|
||
|
20C000
|
heap
|
page read and write
|
||
|
2114000
|
heap
|
page read and write
|
||
|
3034000
|
heap
|
page read and write
|
||
|
444000
|
heap
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
3001000
|
heap
|
page read and write
|
||
|
30BE000
|
stack
|
page read and write
|
||
|
1E5000
|
heap
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page read and write
|
||
|
3AE000
|
heap
|
page read and write
|
||
|
31D0000
|
heap
|
page read and write
|
||
|
2420000
|
heap
|
page read and write
|
||
|
301A000
|
heap
|
page read and write
|
||
|
224000
|
heap
|
page read and write
|
||
|
470000
|
heap
|
page read and write
|
||
|
240000
|
heap
|
page read and write
|
There are 565 hidden memdumps, click here to show them.