Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
MG72133243812OR.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Dream, Last Saved
By: RHRSDJTJDGHT, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date:
Tue Jun 14 21:06:08 2022, Security: 0
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\BYH56Vb[1].dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\nQd2n6798wQuOjZR7TtNgQ[1].dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
downloaded
|
|
|
|
C:\Users\user\Desktop\MG72133243812OR.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Dream, Last Saved
By: RHRSDJTJDGHT, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date:
Tue Jun 14 21:06:08 2022, Security: 0
|
dropped
|
|
|
|
C:\Users\user\hhwe3.ocx
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\hhwe4.ocx
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\System32\HUWZaq\zHqsrrqpZcTdGFR.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\System32\OajQanYCSHcPg\quNy.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, 61712 bytes, 1 file
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\AA40.tmp
|
ASCII text, with CRLF line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\C984.tmp
|
ASCII text, with CRLF line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\Cab22B9.tmp
|
Microsoft Cabinet archive data, 61712 bytes, 1 file
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\D096.tmp
|
ASCII text, with CRLF line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\Tar22BA.tmp
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\~DF85E1850D91DB532C.TMP
|
data
|
dropped
|
There are 6 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\hhwe1.ocx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\hhwe2.ocx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\hhwe3.ocx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\OajQanYCSHcPg\quNy.dll"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\hhwe4.ocx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\HUWZaq\zHqsrrqpZcTdGFR.dll"
|
|
|
|
C:\Windows\System32\systeminfo.exe
|
systeminfo
|
|
|
|
C:\Windows\System32\ipconfig.exe
|
ipconfig /all
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k WerSvcGroup
|
||
|
C:\Windows\System32\nltest.exe
|
nltest /dclist:
|
There are 1 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://www.careofu.com/PHPExcel/sQ78BedribNJZbGYj/
|
175.98.167.163
|
|
|
|
https://172.105.226.75/=
|
unknown
|
|
|
|
https://139.162.113.169/ctiv
|
unknown
|
|
|
|
https://135.148.6.80/_:
|
unknown
|
|
|
|
https://172.105.226.75/
|
unknown
|
|
|
|
https://fikti.bem.gunadarma.ac.id/SDM/qNeMUe2RvxdvuRlf/
|
118.98.72.14
|
|
|
|
https://172.105.226.75:8080/
|
unknown
|
|
|
|
https://135.148.6.80/
|
unknown
|
|
|
|
https://172.105.226.75/A
|
unknown
|
|
|
|
https://139.162.113.169:8080/U
|
unknown
|
|
|
|
https://139.162.113.169/f
|
unknown
|
|
|
|
https://144.91.78.55/o
|
unknown
|
|
|
|
https://139.162.113.169:8080/R
|
unknown
|
|
|
|
http://balticcontrolbd.com/cgi-bin/Gu0xno0kIssGJF8/
|
216.219.81.50
|
|
|
|
https://172.105.226.75:8080/Z
|
unknown
|
|
|
|
http://crl.entrust.net/server1.crl0
|
unknown
|
||
|
http://ocsp.entrust.net03
|
unknown
|
||
|
https://144.91.78.55/
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
|
unknown
|
||
|
http://www.diginotar.nl/cps/pkioverheid0
|
unknown
|
||
|
https://138.197.68.35/080/Y
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
|
unknown
|
||
|
https://139.162.113.169:8080/
|
unknown
|
||
|
https://138.197.68.35/viderU
|
unknown
|
||
|
https://138.197.68.35:8080/
|
unknown
|
||
|
http://ocsp.entrust.net0D
|
unknown
|
||
|
https://secure.comodo.com/CPS0
|
unknown
|
||
|
https://139.162.113.169/
|
unknown
|
||
|
http://crl.entrust.net/2048ca.crl0
|
unknown
|
There are 19 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
cedeco.es
|
217.76.130.178
|
|
|
|
komunitas.blog.gunadarma.ac.id
|
118.98.72.14
|
||
|
balticcontrolbd.com
|
216.219.81.50
|
||
|
careofu.com
|
175.98.167.163
|
||
|
windowsupdatebg.s.llnwi.net
|
178.79.225.0
|
||
|
www.careofu.com
|
unknown
|
||
|
fikti.bem.gunadarma.ac.id
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
151.106.112.196
|
unknown
|
Germany
|
|
|
|
110.232.117.186
|
unknown
|
Australia
|
|
|
|
51.254.140.238
|
unknown
|
France
|
|
|
|
103.132.242.26
|
unknown
|
India
|
|
|
|
79.137.35.198
|
unknown
|
France
|
|
|
|
207.148.79.14
|
unknown
|
United States
|
|
|
|
45.118.115.99
|
unknown
|
Indonesia
|
|
|
|
172.104.251.154
|
unknown
|
United States
|
|
|
|
115.68.227.76
|
unknown
|
Korea Republic of
|
|
|
|
209.126.98.206
|
unknown
|
United States
|
|
|
|
163.44.196.120
|
unknown
|
Singapore
|
|
|
|
138.197.68.35
|
unknown
|
United States
|
|
|
|
37.187.115.122
|
unknown
|
France
|
|
|
|
206.189.28.199
|
unknown
|
United States
|
|
|
|
107.170.39.149
|
unknown
|
United States
|
|
|
|
185.4.135.165
|
unknown
|
Greece
|
|
|
|
197.242.150.244
|
unknown
|
South Africa
|
|
|
|
51.91.76.89
|
unknown
|
France
|
|
|
|
183.111.227.137
|
unknown
|
Korea Republic of
|
|
|
|
45.176.232.124
|
unknown
|
Colombia
|
|
|
|
164.68.99.3
|
unknown
|
Germany
|
|
|
|
167.172.253.162
|
unknown
|
United States
|
|
|
|
41.73.252.195
|
unknown
|
Nigeria
|
|
|
|
146.59.226.45
|
unknown
|
Norway
|
|
|
|
196.218.30.83
|
unknown
|
Egypt
|
|
|
|
158.69.222.101
|
unknown
|
Canada
|
|
|
|
159.65.140.115
|
unknown
|
United States
|
|
|
|
172.105.226.75
|
unknown
|
United States
|
|
|
|
159.65.88.10
|
unknown
|
United States
|
|
|
|
101.50.0.91
|
unknown
|
Indonesia
|
|
|
|
212.24.98.99
|
unknown
|
Lithuania
|
|
|
|
186.194.240.217
|
unknown
|
Brazil
|
|
|
|
159.89.202.34
|
unknown
|
United States
|
|
|
|
201.94.166.162
|
unknown
|
Brazil
|
|
|
|
160.16.142.56
|
unknown
|
Japan
|
|
|
|
103.75.201.2
|
unknown
|
Thailand
|
|
|
|
91.207.28.33
|
unknown
|
Kyrgyzstan
|
|
|
|
144.91.78.55
|
unknown
|
Germany
|
|
|
|
103.43.75.120
|
unknown
|
Japan
|
|
|
|
5.9.116.246
|
unknown
|
Germany
|
|
|
|
188.44.20.25
|
unknown
|
Macedonia
|
|
|
|
45.235.8.30
|
unknown
|
Brazil
|
|
|
|
135.148.6.80
|
unknown
|
United States
|
|
|
|
153.126.146.25
|
unknown
|
Japan
|
|
|
|
72.15.201.15
|
unknown
|
United States
|
|
|
|
217.76.130.178
|
cedeco.es
|
Spain
|
|
|
|
51.161.73.194
|
unknown
|
Canada
|
|
|
|
82.165.152.127
|
unknown
|
Germany
|
|
|
|
134.122.66.193
|
unknown
|
United States
|
|
|
|
150.95.66.124
|
unknown
|
Singapore
|
|
|
|
46.55.222.11
|
unknown
|
Bulgaria
|
|
|
|
82.223.21.224
|
unknown
|
Spain
|
|
|
|
173.212.193.249
|
unknown
|
Germany
|
|
|
|
103.70.28.102
|
unknown
|
Viet Nam
|
|
|
|
149.56.131.28
|
unknown
|
Canada
|
|
|
|
139.162.113.169
|
unknown
|
Netherlands
|
|
|
|
209.97.163.214
|
unknown
|
United States
|
|
|
|
45.186.16.18
|
unknown
|
unknown
|
|
|
|
1.234.2.232
|
unknown
|
Korea Republic of
|
|
|
|
119.193.124.41
|
unknown
|
Korea Republic of
|
|
|
|
129.232.188.93
|
unknown
|
South Africa
|
|
|
|
64.227.100.222
|
unknown
|
United States
|
|
|
|
94.23.45.86
|
unknown
|
France
|
|
|
|
213.241.20.155
|
unknown
|
Poland
|
|
|
|
216.219.81.50
|
balticcontrolbd.com
|
United States
|
||
|
175.98.167.163
|
careofu.com
|
Taiwan; Republic of China (ROC)
|
||
|
118.98.72.14
|
komunitas.blog.gunadarma.ac.id
|
Indonesia
|
There are 57 hidden IPs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
+#2
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\65763
|
65763
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
7:2
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common
|
QMSessionCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\General
|
LastAutoSavePurgeTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\system32\mlang.dll,-4386
|
There are 17 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
34D1000
|
heap
|
page read and write
|
|
|
|
21A000
|
heap
|
page read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
4D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
4E0000
|
direct allocation
|
page execute and read and write
|
|
|
|
3CA000
|
heap
|
page read and write
|
|
|
|
150000
|
direct allocation
|
page execute and read and write
|
|
|
|
1C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
2110000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
1EA5000
|
heap
|
page read and write
|
||
|
34BF000
|
heap
|
page read and write
|
||
|
3401000
|
heap
|
page read and write
|
||
|
3F8000
|
heap
|
page read and write
|
||
|
267C000
|
stack
|
page read and write
|
||
|
190000
|
trusted library allocation
|
page read and write
|
||
|
405000
|
heap
|
page read and write
|
||
|
33E000
|
heap
|
page read and write
|
||
|
28D000
|
heap
|
page read and write
|
||
|
7FEF74D0000
|
unkown
|
page readonly
|
||
|
7FEF91A7000
|
unkown
|
page readonly
|
||
|
30000
|
unkown
|
page readonly
|
||
|
1EA0000
|
heap
|
page read and write
|
||
|
1D10000
|
heap
|
page read and write
|
||
|
18002A000
|
direct allocation
|
page readonly
|
||
|
261000
|
heap
|
page read and write
|
||
|
333000
|
heap
|
page read and write
|
||
|
352000
|
heap
|
page read and write
|
||
|
34D0000
|
heap
|
page read and write
|
||
|
3C3000
|
heap
|
page read and write
|
||
|
405000
|
heap
|
page read and write
|
||
|
387000
|
heap
|
page read and write
|
||
|
7FEF91A4000
|
unkown
|
page read and write
|
||
|
2130000
|
direct allocation
|
page execute and read and write
|
||
|
12C000
|
stack
|
page read and write
|
||
|
7EFE0000
|
unkown
|
page readonly
|
||
|
326000
|
heap
|
page read and write
|
||
|
2D7000
|
heap
|
page read and write
|
||
|
180029000
|
direct allocation
|
page read and write
|
||
|
28F000
|
heap
|
page read and write
|
||
|
2095000
|
heap
|
page read and write
|
||
|
DA000
|
stack
|
page read and write
|
||
|
418000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
437000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
30000
|
unkown
|
page readonly
|
||
|
279B000
|
stack
|
page read and write
|
||
|
26C000
|
heap
|
page read and write
|
||
|
28D0000
|
heap
|
page read and write
|
||
|
416000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
180028000
|
direct allocation
|
page readonly
|
||
|
18002A000
|
direct allocation
|
page readonly
|
||
|
2080000
|
remote allocation
|
page read and write
|
||
|
2090000
|
heap
|
page read and write
|
||
|
28D000
|
heap
|
page read and write
|
||
|
D0000
|
heap
|
page read and write
|
||
|
286000
|
heap
|
page read and write
|
||
|
594000
|
heap
|
page read and write
|
||
|
228F000
|
stack
|
page read and write
|
||
|
24000
|
heap
|
page read and write
|
||
|
37E000
|
heap
|
page read and write
|
||
|
34BF000
|
heap
|
page read and write
|
||
|
2CF0000
|
heap
|
page read and write
|
||
|
3DF000
|
heap
|
page read and write
|
||
|
300000
|
heap
|
page read and write
|
||
|
212F000
|
stack
|
page read and write
|
||
|
2D3F000
|
heap
|
page read and write
|
||
|
150000
|
heap
|
page read and write
|
||
|
424000
|
heap
|
page read and write
|
||
|
2D56000
|
heap
|
page read and write
|
||
|
2DA6000
|
heap
|
page read and write
|
||
|
207000
|
heap
|
page read and write
|
||
|
2E70000
|
heap
|
page read and write
|
||
|
594000
|
heap
|
page read and write
|
||
|
2D8F000
|
heap
|
page read and write
|
||
|
2A3000
|
heap
|
page read and write
|
||
|
219C000
|
stack
|
page read and write
|
||
|
570000
|
remote allocation
|
page read and write
|
||
|
1A0000
|
trusted library allocation
|
page read and write
|
||
|
27E000
|
heap
|
page read and write
|
||
|
7FEF91A7000
|
unkown
|
page readonly
|
||
|
2DE5000
|
heap
|
page read and write
|
||
|
2DEF000
|
heap
|
page read and write
|
||
|
18002A000
|
direct allocation
|
page readonly
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
36C000
|
heap
|
page read and write
|
||
|
277C000
|
stack
|
page read and write
|
||
|
1F7000
|
heap
|
page read and write
|
||
|
28A000
|
heap
|
page read and write
|
||
|
2005000
|
heap
|
page read and write
|
||
|
1C7000
|
heap
|
page read and write
|
||
|
35E000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2CD0000
|
heap
|
page read and write
|
||
|
24C000
|
heap
|
page read and write
|
||
|
307000
|
heap
|
page read and write
|
||
|
220B000
|
stack
|
page read and write
|
||
|
2A3000
|
heap
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
564000
|
heap
|
page read and write
|
||
|
486000
|
heap
|
page read and write
|
||
|
7FEF7523000
|
unkown
|
page readonly
|
||
|
20000
|
heap
|
page read and write
|
||
|
2C70000
|
heap
|
page read and write
|
||
|
180029000
|
direct allocation
|
page read and write
|
||
|
387000
|
heap
|
page read and write
|
||
|
252000
|
heap
|
page read and write
|
||
|
4C0000
|
direct allocation
|
page execute and read and write
|
||
|
466000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
7FEF7547000
|
unkown
|
page readonly
|
||
|
FE000
|
heap
|
page read and write
|
||
|
2CB8000
|
heap
|
page read and write
|
||
|
36B000
|
heap
|
page read and write
|
||
|
26A1000
|
heap
|
page read and write
|
||
|
1EDB000
|
heap
|
page read and write
|
||
|
31E000
|
heap
|
page read and write
|
||
|
7FEF9131000
|
unkown
|
page execute read
|
||
|
28F000
|
heap
|
page read and write
|
||
|
43F000
|
heap
|
page read and write
|
||
|
2CB0000
|
heap
|
page read and write
|
||
|
D4000
|
heap
|
page read and write
|
||
|
214B000
|
heap
|
page read and write
|
||
|
2C5F000
|
stack
|
page read and write
|
||
|
3427000
|
heap
|
page read and write
|
||
|
264C000
|
stack
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
7FEF74D1000
|
unkown
|
page execute read
|
||
|
180029000
|
direct allocation
|
page read and write
|
||
|
2D8C000
|
heap
|
page read and write
|
||
|
326000
|
heap
|
page read and write
|
||
|
510000
|
trusted library allocation
|
page read and write
|
||
|
2165000
|
heap
|
page read and write
|
||
|
2911000
|
heap
|
page read and write
|
||
|
2000000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
2CCE000
|
heap
|
page read and write
|
||
|
BBE000
|
stack
|
page read and write
|
||
|
26F000
|
heap
|
page read and write
|
||
|
5CF000
|
stack
|
page read and write
|
||
|
4A8000
|
heap
|
page read and write
|
||
|
7FEF9131000
|
unkown
|
page execute read
|
||
|
EB000
|
heap
|
page read and write
|
||
|
180028000
|
direct allocation
|
page readonly
|
||
|
412000
|
heap
|
page read and write
|
||
|
41E000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
2115000
|
heap
|
page read and write
|
||
|
3E8000
|
heap
|
page read and write
|
||
|
377000
|
heap
|
page read and write
|
||
|
2080000
|
remote allocation
|
page read and write
|
||
|
31E000
|
heap
|
page read and write
|
||
|
2A7E000
|
stack
|
page read and write
|
||
|
2E7000
|
heap
|
page read and write
|
||
|
283E000
|
stack
|
page read and write
|
||
|
DD000
|
heap
|
page read and write
|
||
|
2DE5000
|
heap
|
page read and write
|
||
|
223F000
|
stack
|
page read and write
|
||
|
20CB000
|
heap
|
page read and write
|
||
|
2D95000
|
heap
|
page read and write
|
||
|
2C0000
|
direct allocation
|
page execute and read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
39B000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2160000
|
heap
|
page read and write
|
||
|
243000
|
heap
|
page read and write
|
||
|
255000
|
heap
|
page read and write
|
||
|
4C8000
|
heap
|
page read and write
|
||
|
22E000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
33A000
|
heap
|
page read and write
|
||
|
4D4000
|
heap
|
page read and write
|
||
|
4D0000
|
heap
|
page read and write
|
||
|
470000
|
heap
|
page read and write
|
||
|
28DA000
|
heap
|
page read and write
|
||
|
1E4F000
|
stack
|
page read and write
|
||
|
22BF000
|
stack
|
page read and write
|
||
|
7FEF9130000
|
unkown
|
page readonly
|
||
|
1F7000
|
heap
|
page read and write
|
||
|
3442000
|
heap
|
page read and write
|
||
|
34C4000
|
heap
|
page read and write
|
||
|
624000
|
heap
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
238E000
|
stack
|
page read and write
|
||
|
18002A000
|
direct allocation
|
page readonly
|
||
|
343A000
|
heap
|
page read and write
|
||
|
2D07000
|
heap
|
page read and write
|
||
|
2110000
|
heap
|
page read and write
|
||
|
41D000
|
heap
|
page read and write
|
||
|
277000
|
heap
|
page read and write
|
||
|
393000
|
heap
|
page read and write
|
||
|
3E6000
|
heap
|
page read and write
|
||
|
404000
|
heap
|
page read and write
|
||
|
210F000
|
stack
|
page read and write
|
||
|
7FEF9130000
|
unkown
|
page readonly
|
||
|
4CD000
|
heap
|
page read and write
|
||
|
40000
|
unkown
|
page readonly
|
||
|
2DD1000
|
heap
|
page read and write
|
||
|
380000
|
heap
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
440000
|
heap
|
page read and write
|
||
|
1BC000
|
stack
|
page read and write
|
||
|
2DED000
|
heap
|
page read and write
|
||
|
248E000
|
stack
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
20BF000
|
stack
|
page read and write
|
||
|
2165000
|
heap
|
page read and write
|
||
|
219B000
|
heap
|
page read and write
|
||
|
2460000
|
heap
|
page read and write
|
||
|
22D000
|
stack
|
page read and write
|
||
|
C8000
|
stack
|
page read and write
|
||
|
270000
|
heap
|
page read and write
|
||
|
2DE5000
|
heap
|
page read and write
|
||
|
25000
|
heap
|
page read and write
|
||
|
2E7000
|
heap
|
page read and write
|
||
|
2DEF000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
250000
|
heap
|
page read and write
|
||
|
2D96000
|
heap
|
page read and write
|
||
|
A7000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
2CCF000
|
stack
|
page read and write
|
||
|
2D96000
|
heap
|
page read and write
|
||
|
380000
|
heap
|
page read and write
|
||
|
1A8000
|
stack
|
page read and write
|
||
|
343A000
|
heap
|
page read and write
|
||
|
27C0000
|
heap
|
page read and write
|
||
|
2DE8000
|
heap
|
page read and write
|
||
|
277E000
|
stack
|
page read and write
|
||
|
570000
|
remote allocation
|
page read and write
|
||
|
400000
|
heap
|
page read and write
|
||
|
2F0000
|
heap
|
page read and write
|
||
|
249B000
|
heap
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
A0000
|
heap
|
page read and write
|
||
|
433000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
285000
|
heap
|
page read and write
|
||
|
3499000
|
heap
|
page read and write
|
||
|
2D09000
|
heap
|
page read and write
|
||
|
3427000
|
heap
|
page read and write
|
||
|
2A1C000
|
stack
|
page read and write
|
||
|
20EF000
|
stack
|
page read and write
|
||
|
180000
|
heap
|
page read and write
|
||
|
4AF000
|
stack
|
page read and write
|
||
|
7FEF7547000
|
unkown
|
page readonly
|
||
|
2080000
|
trusted library allocation
|
page read and write
|
||
|
43A000
|
heap
|
page read and write
|
||
|
380000
|
heap
|
page read and write
|
||
|
2CC1000
|
heap
|
page read and write
|
||
|
437000
|
heap
|
page read and write
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
510000
|
trusted library allocation
|
page read and write
|
||
|
3C9000
|
heap
|
page read and write
|
||
|
408000
|
heap
|
page read and write
|
||
|
412000
|
heap
|
page read and write
|
||
|
27E000
|
heap
|
page read and write
|
||
|
2160000
|
heap
|
page read and write
|
||
|
34C0000
|
heap
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
285000
|
heap
|
page read and write
|
||
|
DE000
|
stack
|
page read and write
|
||
|
342F000
|
heap
|
page read and write
|
||
|
433000
|
heap
|
page read and write
|
||
|
34D1000
|
heap
|
page read and write
|
||
|
203B000
|
heap
|
page read and write
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
2465000
|
heap
|
page read and write
|
||
|
3E0000
|
heap
|
page read and write
|
||
|
333000
|
heap
|
page read and write
|
||
|
25C0000
|
heap
|
page read and write
|
||
|
7FEF9183000
|
unkown
|
page readonly
|
||
|
430000
|
heap
|
page read and write
|
||
|
381000
|
heap
|
page read and write
|
||
|
1FE000
|
heap
|
page read and write
|
||
|
7FEF7544000
|
unkown
|
page read and write
|
||
|
400000
|
trusted library allocation
|
page read and write
|
||
|
28BF000
|
stack
|
page read and write
|
||
|
7FEF74D0000
|
unkown
|
page readonly
|
||
|
2C0000
|
heap
|
page read and write
|
||
|
2F20000
|
heap
|
page read and write
|
||
|
240F000
|
stack
|
page read and write
|
||
|
26F000
|
heap
|
page read and write
|
||
|
3BE000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
200000
|
heap
|
page read and write
|
||
|
2E3F000
|
stack
|
page read and write
|
||
|
34D000
|
heap
|
page read and write
|
||
|
26C000
|
heap
|
page read and write
|
||
|
383000
|
heap
|
page read and write
|
||
|
261000
|
heap
|
page read and write
|
||
|
34D1000
|
heap
|
page read and write
|
||
|
2F6000
|
heap
|
page read and write
|
||
|
33A000
|
heap
|
page read and write
|
||
|
7FEF7544000
|
unkown
|
page read and write
|
||
|
34C9000
|
heap
|
page read and write
|
||
|
2E0000
|
heap
|
page read and write
|
||
|
4B8000
|
heap
|
page read and write
|
||
|
455000
|
heap
|
page read and write
|
||
|
2D4D000
|
heap
|
page read and write
|
||
|
2D6000
|
heap
|
page read and write
|
||
|
2D37000
|
heap
|
page read and write
|
||
|
3400000
|
heap
|
page read and write
|
||
|
1FA0000
|
heap
|
page read and write
|
||
|
24000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
2D76000
|
heap
|
page read and write
|
||
|
266A000
|
heap
|
page read and write
|
||
|
1F9B000
|
heap
|
page read and write
|
||
|
3AE000
|
heap
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
24A000
|
heap
|
page read and write
|
||
|
274000
|
heap
|
page read and write
|
||
|
2D96000
|
heap
|
page read and write
|
||
|
180028000
|
direct allocation
|
page readonly
|
||
|
1B0000
|
direct allocation
|
page execute and read and write
|
||
|
3478000
|
heap
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
341E000
|
heap
|
page read and write
|
||
|
300000
|
heap
|
page read and write
|
||
|
520000
|
trusted library allocation
|
page read and write
|
||
|
2C1E000
|
stack
|
page read and write
|
||
|
29F0000
|
heap
|
page read and write
|
||
|
2DDC000
|
heap
|
page read and write
|
||
|
2DDC000
|
heap
|
page read and write
|
||
|
28A000
|
heap
|
page read and write
|
||
|
2A60000
|
heap
|
page read and write
|
||
|
A8000
|
stack
|
page read and write
|
||
|
3C4000
|
heap
|
page read and write
|
||
|
34B0000
|
heap
|
page read and write
|
||
|
3F6000
|
heap
|
page read and write
|
||
|
380000
|
heap
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
35D000
|
heap
|
page read and write
|
||
|
2A3000
|
heap
|
page read and write
|
||
|
336000
|
heap
|
page read and write
|
||
|
2D8C000
|
heap
|
page read and write
|
||
|
40000
|
unkown
|
page readonly
|
||
|
10000
|
heap
|
page read and write
|
||
|
2D96000
|
heap
|
page read and write
|
||
|
43F000
|
heap
|
page read and write
|
||
|
1C9F000
|
stack
|
page read and write
|
||
|
262B000
|
stack
|
page read and write
|
||
|
44D000
|
heap
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
3451000
|
heap
|
page read and write
|
||
|
E6000
|
heap
|
page read and write
|
||
|
2DDC000
|
heap
|
page read and write
|
||
|
1F65000
|
heap
|
page read and write
|
||
|
2DEF000
|
heap
|
page read and write
|
||
|
24A000
|
heap
|
page read and write
|
||
|
1F6000
|
heap
|
page read and write
|
||
|
450000
|
heap
|
page read and write
|
||
|
226000
|
heap
|
page read and write
|
||
|
213000
|
heap
|
page read and write
|
||
|
3441000
|
heap
|
page read and write
|
||
|
297000
|
heap
|
page read and write
|
||
|
140000
|
direct allocation
|
page execute and read and write
|
||
|
1F60000
|
heap
|
page read and write
|
||
|
4A6000
|
heap
|
page read and write
|
||
|
219B000
|
heap
|
page read and write
|
||
|
2E0E000
|
stack
|
page read and write
|
||
|
1B6000
|
heap
|
page read and write
|
||
|
2C1E000
|
stack
|
page read and write
|
||
|
231F000
|
stack
|
page read and write
|
||
|
3432000
|
heap
|
page read and write
|
||
|
7FEF74D1000
|
unkown
|
page execute read
|
||
|
22E000
|
heap
|
page read and write
|
||
|
380000
|
heap
|
page read and write
|
||
|
180029000
|
direct allocation
|
page read and write
|
||
|
243000
|
heap
|
page read and write
|
||
|
14B000
|
stack
|
page read and write
|
||
|
455000
|
heap
|
page read and write
|
||
|
2A0000
|
heap
|
page read and write
|
||
|
277000
|
heap
|
page read and write
|
||
|
2D8C000
|
heap
|
page read and write
|
||
|
41E000
|
heap
|
page read and write
|
||
|
F0000
|
heap
|
page read and write
|
||
|
34C9000
|
heap
|
page read and write
|
||
|
30000
|
unkown
|
page readonly
|
||
|
2B2000
|
heap
|
page read and write
|
||
|
40000
|
unkown
|
page readonly
|
||
|
180028000
|
direct allocation
|
page readonly
|
||
|
7FEF7523000
|
unkown
|
page readonly
|
||
|
2F90000
|
heap
|
page read and write
|
||
|
F4000
|
heap
|
page read and write
|
||
|
2660000
|
heap
|
page read and write
|
||
|
B2F000
|
stack
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
34C0000
|
heap
|
page read and write
|
||
|
416000
|
heap
|
page read and write
|
||
|
23E000
|
heap
|
page read and write
|
||
|
1EB000
|
stack
|
page read and write
|
||
|
2CF5000
|
heap
|
page read and write
|
||
|
2DE5000
|
heap
|
page read and write
|
||
|
2860000
|
heap
|
page read and write
|
||
|
44D000
|
heap
|
page read and write
|
||
|
3441000
|
heap
|
page read and write
|
||
|
34E6000
|
heap
|
page read and write
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
3E0000
|
heap
|
page read and write
|
||
|
2E0000
|
heap
|
page read and write
|
||
|
370000
|
heap
|
page read and write
|
||
|
248000
|
stack
|
page read and write
|
||
|
43A000
|
heap
|
page read and write
|
||
|
444000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
7FEF91A4000
|
unkown
|
page read and write
|
||
|
2DEF000
|
heap
|
page read and write
|
||
|
2F0000
|
heap
|
page read and write
|
||
|
7FEF9183000
|
unkown
|
page readonly
|
||
|
2AFE000
|
stack
|
page read and write
|
||
|
186000
|
heap
|
page read and write
|
||
|
2D8F000
|
heap
|
page read and write
|
||
|
504000
|
heap
|
page read and write
|
There are 414 hidden memdumps, click here to show them.