Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Quotation - Optical Eyeglasses.xlsx
|
CDFV2 Encrypted
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\mon[1].exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
downloaded
|
|
|
|
C:\Users\user\Desktop\~$Quotation - Optical Eyeglasses.xlsx
|
data
|
dropped
|
|
|
|
C:\Users\Public\Regasm_svchost.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\109ABFC7.wmf
|
ms-windows metafont .wmf
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1797FF2.wmf
|
ms-windows metafont .wmf
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3A41A35E.wmf
|
ms-windows metafont .wmf
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3AB4071C.wmf
|
ms-windows metafont .wmf
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\5E39D4D0.png
|
PNG image data, 114 x 111, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6044B544.wmf
|
ms-windows metafont .wmf
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\67B5846D.wmf
|
ms-windows metafont .wmf
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\755CFE03.wmf
|
ms-windows metafont .wmf
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\85A0278A.wmf
|
ms-windows metafont .wmf
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9C0AAE91.png
|
PNG image data, 577 x 201, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9FBCD146.wmf
|
ms-windows metafont .wmf
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\BB6E2A09.png
|
PNG image data, 577 x 201, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C7CE848F.wmf
|
ms-windows metafont .wmf
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D1391828.png
|
PNG image data, 114 x 111, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F75A4C75.wmf
|
ms-windows metafont .wmf
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\FAC7EB4B.wmf
|
ms-windows metafont .wmf
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF1E34B02C6542BFCB.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF2848124F9857A45C.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF411CBDC8CE3B6E4A.TMP
|
CDFV2 Encrypted
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF62A311AB9E677AE5.TMP
|
data
|
dropped
|
There are 14 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
|
|
|
|
C:\Users\Public\Regasm_svchost.exe
|
"C:\Users\Public\Regasm_svchost.exe"
|
|
|
|
C:\Users\Public\Regasm_svchost.exe
|
C:\Users\Public\Regasm_svchost.exe
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://198.12.89.152/mon/mon.exehhC:
|
unknown
|
|
|
|
ftp://ftp.alonsorojasmudanzasnacionales.com/okok
|
unknown
|
|
|
|
http://198.12.89.152/mon/mon.exe
|
198.12.89.152
|
|
|
|
http://127.0.0.1:HTTP/1.1
|
unknown
|
||
|
http://ZSkVPd.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://77qlBFDgeMeBhXCCMul.org
|
unknown
|
||
|
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.ziphttps://www
|
unknown
|
||
|
http://DynDns.comDynDNSnamejidpasswordPsi/Psi
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
198.12.89.152
|
unknown
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
-e+
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\66C79
|
66C79
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus
|
FontCachePath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
>q+
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\6BE21
|
6BE21
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\6FB40
|
6FB40
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Item 1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 21
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\6BE21
|
6BE21
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
EquationEditorFilesIntl_1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Regasm_svchost_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Regasm_svchost_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Regasm_svchost_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Regasm_svchost_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Regasm_svchost_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Regasm_svchost_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Regasm_svchost_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Regasm_svchost_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Regasm_svchost_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Regasm_svchost_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Regasm_svchost_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Regasm_svchost_RASMANCS
|
FileDirectory
|
There are 43 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3628000
|
trusted library allocation
|
page read and write
|
|
|
|
2588000
|
trusted library allocation
|
page read and write
|
|
|
|
2527000
|
trusted library allocation
|
page read and write
|
|
|
|
278B000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
255B000
|
trusted library allocation
|
page read and write
|
|
|
|
B90000
|
trusted library allocation
|
page read and write
|
||
|
9E0000
|
trusted library allocation
|
page read and write
|
||
|
3F0000
|
trusted library allocation
|
page read and write
|
||
|
4891000
|
trusted library allocation
|
page read and write
|
||
|
F40000
|
trusted library section
|
page read and write
|
||
|
1EEE000
|
stack
|
page read and write
|
||
|
8B0000
|
trusted library allocation
|
page read and write
|
||
|
660000
|
trusted library allocation
|
page read and write
|
||
|
440000
|
trusted library allocation
|
page read and write
|
||
|
4270000
|
heap
|
page read and write
|
||
|
509D000
|
trusted library allocation
|
page read and write
|
||
|
537000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
764000
|
heap
|
page read and write
|
||
|
4A4F000
|
stack
|
page read and write
|
||
|
66E0000
|
trusted library allocation
|
page read and write
|
||
|
635E000
|
stack
|
page read and write
|
||
|
163000
|
trusted library allocation
|
page execute and read and write
|
||
|
5430000
|
trusted library allocation
|
page read and write
|
||
|
A60000
|
trusted library allocation
|
page read and write
|
||
|
CA0000
|
trusted library allocation
|
page read and write
|
||
|
D50000
|
trusted library allocation
|
page read and write
|
||
|
5B64000
|
trusted library allocation
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
A30000
|
trusted library allocation
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
5B36000
|
trusted library allocation
|
page read and write
|
||
|
664000
|
trusted library allocation
|
page read and write
|
||
|
640000
|
trusted library allocation
|
page read and write
|
||
|
7A0000
|
trusted library allocation
|
page read and write
|
||
|
665000
|
trusted library allocation
|
page read and write
|
||
|
65CE000
|
stack
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
D00000
|
trusted library allocation
|
page read and write
|
||
|
8C0000
|
trusted library allocation
|
page read and write
|
||
|
4F5000
|
trusted library allocation
|
page read and write
|
||
|
B90000
|
trusted library allocation
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
462E000
|
stack
|
page read and write
|
||
|
60C000
|
heap
|
page read and write
|
||
|
280000
|
trusted library allocation
|
page read and write
|
||
|
4FFE000
|
stack
|
page read and write
|
||
|
C12000
|
heap
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
240000
|
heap
|
page execute and read and write
|
||
|
1A2000
|
trusted library allocation
|
page read and write
|
||
|
487D000
|
trusted library allocation
|
page read and write
|
||
|
B88000
|
trusted library allocation
|
page read and write
|
||
|
654000
|
trusted library allocation
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
170000
|
heap
|
page read and write
|
||
|
640000
|
trusted library allocation
|
page read and write
|
||
|
5E7000
|
heap
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
3F0000
|
trusted library allocation
|
page read and write
|
||
|
650000
|
trusted library allocation
|
page read and write
|
||
|
3B7000
|
heap
|
page read and write
|
||
|
19A000
|
trusted library allocation
|
page execute and read and write
|
||
|
660000
|
trusted library allocation
|
page read and write
|
||
|
7D4000
|
heap
|
page read and write
|
||
|
16D000
|
trusted library allocation
|
page execute and read and write
|
||
|
650000
|
trusted library allocation
|
page read and write
|
||
|
3F5000
|
trusted library allocation
|
page read and write
|
||
|
5459000
|
trusted library allocation
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
4856000
|
trusted library allocation
|
page read and write
|
||
|
7A0000
|
trusted library allocation
|
page read and write
|
||
|
4808000
|
trusted library allocation
|
page read and write
|
||
|
50AD000
|
trusted library allocation
|
page read and write
|
||
|
1EF0000
|
heap
|
page read and write
|
||
|
710000
|
trusted library allocation
|
page read and write
|
||
|
163000
|
trusted library allocation
|
page execute and read and write
|
||
|
1010000
|
unkown
|
page readonly
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
A30000
|
trusted library allocation
|
page read and write
|
||
|
650000
|
trusted library allocation
|
page read and write
|
||
|
7CF000
|
heap
|
page read and write
|
||
|
E5E000
|
stack
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
600000
|
trusted library allocation
|
page read and write
|
||
|
647000
|
trusted library allocation
|
page read and write
|
||
|
9E0000
|
trusted library allocation
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
388000
|
stack
|
page read and write
|
||
|
220000
|
trusted library allocation
|
page read and write
|
||
|
9E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
180000
|
trusted library allocation
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
9D8000
|
trusted library allocation
|
page read and write
|
||
|
3E0000
|
trusted library allocation
|
page read and write
|
||
|
49FF000
|
stack
|
page read and write
|
||
|
630000
|
trusted library allocation
|
page read and write
|
||
|
65AE000
|
stack
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
3F0000
|
trusted library allocation
|
page read and write
|
||
|
4A0000
|
trusted library allocation
|
page read and write
|
||
|
4F5000
|
trusted library allocation
|
page read and write
|
||
|
6520000
|
heap
|
page read and write
|
||
|
38000
|
heap
|
page read and write
|
||
|
660000
|
trusted library allocation
|
page read and write
|
||
|
280000
|
trusted library section
|
page read and write
|
||
|
3B0000
|
heap
|
page read and write
|
||
|
6B0000
|
trusted library allocation
|
page read and write
|
||
|
1010000
|
unkown
|
page readonly
|
||
|
48FD000
|
stack
|
page read and write
|
||
|
662000
|
trusted library allocation
|
page read and write
|
||
|
F70000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
4834000
|
trusted library allocation
|
page read and write
|
||
|
7FA000
|
heap
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
A40000
|
trusted library allocation
|
page execute and read and write
|
||
|
6B0000
|
trusted library allocation
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
1012000
|
unkown
|
page execute read
|
||
|
630000
|
trusted library allocation
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
25F9000
|
trusted library allocation
|
page read and write
|
||
|
63DE000
|
stack
|
page read and write
|
||
|
4F2000
|
trusted library allocation
|
page read and write
|
||
|
3F0000
|
trusted library allocation
|
page read and write
|
||
|
650000
|
trusted library allocation
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
630000
|
trusted library allocation
|
page read and write
|
||
|
3D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6D4000
|
heap
|
page read and write
|
||
|
289000
|
stack
|
page read and write
|
||
|
4F6000
|
trusted library allocation
|
page read and write
|
||
|
640000
|
trusted library allocation
|
page read and write
|
||
|
280000
|
trusted library allocation
|
page read and write
|
||
|
4859000
|
trusted library allocation
|
page read and write
|
||
|
9D0000
|
trusted library allocation
|
page read and write
|
||
|
660000
|
trusted library allocation
|
page read and write
|
||
|
150000
|
trusted library allocation
|
page read and write
|
||
|
630000
|
trusted library allocation
|
page read and write
|
||
|
650000
|
trusted library allocation
|
page read and write
|
||
|
630000
|
trusted library allocation
|
page read and write
|
||
|
4F5000
|
trusted library allocation
|
page read and write
|
||
|
489D000
|
trusted library allocation
|
page read and write
|
||
|
292000
|
trusted library allocation
|
page read and write
|
||
|
280000
|
trusted library allocation
|
page read and write
|
||
|
630000
|
trusted library allocation
|
page read and write
|
||
|
6B0000
|
trusted library allocation
|
page read and write
|
||
|
4F5000
|
trusted library allocation
|
page read and write
|
||
|
71B000
|
trusted library allocation
|
page read and write
|
||
|
3501000
|
trusted library allocation
|
page read and write
|
||
|
650000
|
trusted library allocation
|
page read and write
|
||
|
220000
|
trusted library allocation
|
page read and write
|
||
|
24C2000
|
heap
|
page read and write
|
||
|
5DC000
|
heap
|
page read and write
|
||
|
8D0000
|
trusted library allocation
|
page read and write
|
||
|
650000
|
trusted library allocation
|
page read and write
|
||
|
4F3000
|
trusted library allocation
|
page read and write
|
||
|
61B000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
402000
|
remote allocation
|
page execute and read and write
|
||
|
1E0000
|
trusted library allocation
|
page read and write
|
||
|
60A000
|
heap
|
page read and write
|
||
|
5A1000
|
heap
|
page read and write
|
||
|
1F90000
|
direct allocation
|
page read and write
|
||
|
600000
|
trusted library allocation
|
page read and write
|
||
|
2501000
|
trusted library allocation
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
656000
|
trusted library allocation
|
page read and write
|
||
|
A50000
|
trusted library allocation
|
page read and write
|
||
|
620000
|
trusted library allocation
|
page read and write
|
||
|
660000
|
trusted library allocation
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
861000
|
heap
|
page read and write
|
||
|
1A7000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F5000
|
trusted library allocation
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
640000
|
trusted library allocation
|
page read and write
|
||
|
F80000
|
trusted library allocation
|
page read and write
|
||
|
47FD000
|
stack
|
page read and write
|
||
|
78E000
|
heap
|
page read and write
|
||
|
660000
|
trusted library allocation
|
page read and write
|
||
|
42EF000
|
trusted library allocation
|
page read and write
|
||
|
9D0000
|
trusted library allocation
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
FD0000
|
trusted library allocation
|
page read and write
|
||
|
651000
|
trusted library allocation
|
page read and write
|
||
|
5B30000
|
trusted library allocation
|
page read and write
|
||
|
6B0000
|
remote allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
56BD000
|
stack
|
page read and write
|
||
|
63A0000
|
heap
|
page read and write
|
||
|
7EF30000
|
trusted library allocation
|
page execute and read and write
|
||
|
8B0000
|
trusted library section
|
page read and write
|
||
|
665000
|
trusted library allocation
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
12A000
|
stack
|
page read and write
|
||
|
4900000
|
heap
|
page read and write
|
||
|
28AF000
|
stack
|
page read and write
|
||
|
5110000
|
trusted library allocation
|
page read and write
|
||
|
610000
|
trusted library allocation
|
page read and write
|
||
|
42B0000
|
trusted library allocation
|
page read and write
|
||
|
CF0000
|
trusted library allocation
|
page read and write
|
||
|
3C0000
|
trusted library allocation
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
3F0000
|
trusted library allocation
|
page read and write
|
||
|
4ED000
|
stack
|
page read and write
|
||
|
295000
|
trusted library allocation
|
page execute and read and write
|
||
|
534E000
|
stack
|
page read and write | page guard
|
||
|
5A4000
|
heap
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
5D7C000
|
stack
|
page read and write
|
||
|
46AF000
|
stack
|
page read and write
|
||
|
5A9000
|
heap
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
33F0000
|
trusted library allocation
|
page read and write
|
||
|
F70000
|
trusted library allocation
|
page read and write
|
||
|
2A88000
|
heap
|
page read and write
|
||
|
83B000
|
heap
|
page read and write
|
||
|
280000
|
trusted library allocation
|
page read and write
|
||
|
660000
|
trusted library allocation
|
page execute and read and write
|
||
|
61EE000
|
stack
|
page read and write
|
||
|
42DF000
|
trusted library allocation
|
page read and write
|
||
|
B6E000
|
stack
|
page read and write | page guard
|
||
|
5FE000
|
heap
|
page read and write
|
||
|
4F5000
|
trusted library allocation
|
page read and write
|
||
|
F90000
|
heap
|
page execute and read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
297000
|
trusted library allocation
|
page execute and read and write
|
||
|
F50000
|
trusted library allocation
|
page read and write
|
||
|
262A000
|
trusted library allocation
|
page read and write
|
||
|
7A0000
|
trusted library allocation
|
page read and write
|
||
|
248F000
|
stack
|
page read and write
|
||
|
B70000
|
trusted library allocation
|
page read and write
|
||
|
A30000
|
trusted library allocation
|
page execute and read and write
|
||
|
F80000
|
trusted library allocation
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
5010000
|
trusted library allocation
|
page read and write
|
||
|
554000
|
heap
|
page read and write
|
||
|
6AE000
|
stack
|
page read and write
|
||
|
496D000
|
stack
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
5360000
|
trusted library section
|
page read and write
|
||
|
620000
|
trusted library allocation
|
page read and write
|
||
|
9E0000
|
heap
|
page execute and read and write
|
||
|
B70000
|
trusted library allocation
|
page read and write
|
||
|
5220000
|
heap
|
page read and write
|
||
|
25D0000
|
trusted library allocation
|
page read and write
|
||
|
5B3A000
|
trusted library allocation
|
page read and write
|
||
|
10EE000
|
unkown
|
page readonly
|
||
|
650000
|
trusted library allocation
|
page read and write
|
||
|
FE0000
|
trusted library allocation
|
page read and write
|
||
|
50E000
|
stack
|
page read and write
|
||
|
640000
|
trusted library allocation
|
page read and write
|
||
|
7ED000
|
heap
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
4F5000
|
trusted library allocation
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
17D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
466C000
|
stack
|
page read and write
|
||
|
42CD000
|
trusted library allocation
|
page read and write
|
||
|
621F000
|
stack
|
page read and write
|
||
|
192000
|
trusted library allocation
|
page read and write
|
||
|
660000
|
trusted library allocation
|
page read and write
|
||
|
A50000
|
trusted library allocation
|
page read and write
|
||
|
5B5E000
|
trusted library allocation
|
page read and write
|
||
|
4BDE000
|
stack
|
page read and write
|
||
|
370000
|
heap
|
page execute and read and write
|
||
|
24A4000
|
heap
|
page read and write
|
||
|
436000
|
remote allocation
|
page execute and read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
600000
|
trusted library allocation
|
page read and write
|
||
|
150000
|
trusted library allocation
|
page read and write
|
||
|
465E000
|
stack
|
page read and write
|
||
|
650000
|
trusted library allocation
|
page read and write
|
||
|
64DE000
|
stack
|
page read and write
|
||
|
BF4000
|
heap
|
page read and write
|
||
|
3F5000
|
trusted library allocation
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
3F5000
|
trusted library allocation
|
page read and write
|
||
|
406F000
|
stack
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
4C1F000
|
stack
|
page read and write
|
||
|
600000
|
trusted library allocation
|
page read and write
|
||
|
F40000
|
trusted library allocation
|
page read and write
|
||
|
5080000
|
trusted library allocation
|
page read and write
|
||
|
CA0000
|
trusted library allocation
|
page read and write
|
||
|
A30000
|
trusted library allocation
|
page read and write
|
||
|
6B0000
|
trusted library allocation
|
page read and write
|
||
|
5B3E000
|
trusted library allocation
|
page read and write
|
||
|
620000
|
trusted library allocation
|
page execute and read and write
|
||
|
A30000
|
trusted library allocation
|
page read and write
|
||
|
1F00000
|
trusted library allocation
|
page read and write
|
||
|
780000
|
trusted library allocation
|
page read and write
|
||
|
CEC000
|
stack
|
page read and write
|
||
|
5000000
|
trusted library allocation
|
page read and write
|
||
|
260000
|
heap
|
page read and write
|
||
|
18A000
|
trusted library allocation
|
page execute and read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
197000
|
trusted library allocation
|
page execute and read and write
|
||
|
A6A000
|
trusted library allocation
|
page read and write
|
||
|
7FE000
|
stack
|
page read and write
|
||
|
654000
|
trusted library allocation
|
page read and write
|
||
|
D4E000
|
stack
|
page read and write
|
||
|
534F000
|
stack
|
page read and write
|
||
|
B6F000
|
stack
|
page read and write
|
||
|
660000
|
trusted library allocation
|
page read and write
|
||
|
D70000
|
heap
|
page read and write
|
||
|
4D7C000
|
stack
|
page read and write
|
||
|
180000
|
trusted library allocation
|
page read and write
|
||
|
650000
|
trusted library allocation
|
page read and write
|
||
|
4F5000
|
trusted library allocation
|
page read and write
|
||
|
A60000
|
trusted library allocation
|
page read and write
|
||
|
630000
|
trusted library allocation
|
page read and write
|
||
|
4F9000
|
trusted library allocation
|
page read and write
|
||
|
5228000
|
heap
|
page read and write
|
||
|
6B0000
|
trusted library allocation
|
page read and write
|
||
|
4ADE000
|
stack
|
page read and write
|
||
|
57F000
|
stack
|
page read and write
|
||
|
770000
|
trusted library allocation
|
page read and write
|
||
|
7FD000
|
heap
|
page read and write
|
||
|
A50000
|
trusted library allocation
|
page read and write
|
||
|
25CE000
|
trusted library allocation
|
page read and write
|
||
|
3FF000
|
stack
|
page read and write
|
||
|
4F5000
|
trusted library allocation
|
page read and write
|
||
|
4897000
|
trusted library allocation
|
page read and write
|
||
|
F60000
|
trusted library allocation
|
page read and write
|
||
|
4A3F000
|
stack
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
29000
|
heap
|
page read and write
|
||
|
686E000
|
stack
|
page read and write
|
||
|
2A8B000
|
heap
|
page read and write
|
||
|
B7A000
|
trusted library allocation
|
page read and write
|
||
|
44C0000
|
trusted library section
|
page readonly
|
||
|
44C4000
|
trusted library section
|
page readonly
|
||
|
A30000
|
trusted library allocation
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
A50000
|
trusted library allocation
|
page read and write
|
||
|
2501000
|
trusted library allocation
|
page read and write
|
||
|
16D000
|
trusted library allocation
|
page execute and read and write
|
||
|
630000
|
trusted library allocation
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
641000
|
trusted library allocation
|
page read and write
|
||
|
600000
|
unkown
|
page read and write
|
||
|
605000
|
heap
|
page read and write
|
||
|
610000
|
trusted library allocation
|
page read and write
|
||
|
5090000
|
trusted library allocation
|
page read and write
|
||
|
3F0000
|
trusted library allocation
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
3F5000
|
trusted library allocation
|
page read and write
|
||
|
62B000
|
trusted library allocation
|
page read and write
|
||
|
4CD000
|
stack
|
page read and write
|
||
|
6B6E000
|
stack
|
page read and write
|
||
|
5224000
|
heap
|
page read and write
|
||
|
7B7000
|
heap
|
page read and write
|
||
|
44F0000
|
heap
|
page read and write
|
||
|
4F5000
|
trusted library allocation
|
page read and write
|
||
|
4F5000
|
trusted library allocation
|
page read and write
|
||
|
5110000
|
trusted library allocation
|
page read and write
|
||
|
3F5000
|
trusted library allocation
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
650000
|
trusted library allocation
|
page read and write
|
||
|
602E000
|
stack
|
page read and write
|
||
|
186000
|
trusted library allocation
|
page execute and read and write
|
||
|
520000
|
heap
|
page execute and read and write
|
||
|
D50000
|
trusted library allocation
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
650000
|
trusted library allocation
|
page read and write
|
||
|
200000
|
trusted library allocation
|
page read and write
|
||
|
52AF000
|
stack
|
page read and write
|
||
|
3F5000
|
trusted library allocation
|
page read and write
|
||
|
6B0000
|
trusted library allocation
|
page read and write
|
||
|
4930000
|
heap
|
page read and write
|
||
|
455D000
|
stack
|
page read and write
|
||
|
18A000
|
stack
|
page read and write
|
||
|
634E000
|
stack
|
page read and write
|
||
|
810000
|
heap
|
page read and write
|
||
|
2A84000
|
heap
|
page read and write
|
||
|
490000
|
trusted library allocation
|
page execute and read and write
|
||
|
5261000
|
trusted library allocation
|
page read and write
|
||
|
5011000
|
trusted library allocation
|
page read and write
|
||
|
AB000
|
stack
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
650000
|
trusted library allocation
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
18D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
608E000
|
stack
|
page read and write
|
||
|
29B000
|
trusted library allocation
|
page execute and read and write
|
||
|
40AD000
|
stack
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
24A0000
|
heap
|
page read and write
|
||
|
55F000
|
heap
|
page read and write
|
||
|
4F5000
|
trusted library allocation
|
page read and write
|
||
|
277C000
|
trusted library allocation
|
page read and write
|
||
|
CF0000
|
trusted library allocation
|
page read and write
|
||
|
A50000
|
trusted library allocation
|
page read and write
|
||
|
5570000
|
heap
|
page read and write
|
||
|
9D0000
|
trusted library allocation
|
page read and write
|
||
|
8D0000
|
trusted library allocation
|
page read and write
|
||
|
182000
|
trusted library allocation
|
page read and write
|
||
|
91E000
|
stack
|
page read and write
|
||
|
650000
|
trusted library allocation
|
page read and write
|
||
|
56F0000
|
heap
|
page read and write
|
||
|
660000
|
trusted library allocation
|
page read and write
|
||
|
5CE000
|
heap
|
page read and write
|
||
|
650000
|
trusted library allocation
|
page read and write
|
||
|
2A80000
|
heap
|
page read and write
|
||
|
3F5000
|
trusted library allocation
|
page read and write
|
||
|
6B0000
|
trusted library allocation
|
page read and write
|
||
|
4905000
|
heap
|
page read and write
|
||
|
B70000
|
trusted library allocation
|
page read and write
|
||
|
F60000
|
trusted library allocation
|
page read and write
|
||
|
D00000
|
trusted library allocation
|
page read and write
|
||
|
9E0000
|
trusted library allocation
|
page read and write
|
||
|
52CA000
|
trusted library allocation
|
page read and write
|
||
|
BDE000
|
stack
|
page read and write
|
||
|
600000
|
trusted library allocation
|
page read and write
|
||
|
620000
|
trusted library allocation
|
page read and write
|
||
|
59AE000
|
stack
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
780000
|
heap
|
page read and write
|
||
|
56F5000
|
heap
|
page read and write
|
||
|
660000
|
trusted library allocation
|
page read and write
|
||
|
600000
|
trusted library allocation
|
page read and write
|
||
|
4A50000
|
heap
|
page read and write
|
||
|
747000
|
heap
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
730000
|
trusted library allocation
|
page read and write
|
||
|
170000
|
trusted library allocation
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
5FD000
|
heap
|
page read and write
|
||
|
5260000
|
trusted library allocation
|
page read and write
|
||
|
263A000
|
trusted library allocation
|
page read and write
|
||
|
660000
|
trusted library allocation
|
page read and write
|
||
|
41AD000
|
stack
|
page read and write
|
||
|
5180000
|
trusted library allocation
|
page read and write
|
||
|
BE0000
|
trusted library allocation
|
page read and write
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
660000
|
trusted library allocation
|
page read and write
|
||
|
520F000
|
stack
|
page read and write
|
||
|
164000
|
trusted library allocation
|
page read and write
|
||
|
6B0000
|
trusted library allocation
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
4B10000
|
heap
|
page read and write
|
||
|
B94000
|
trusted library allocation
|
page read and write
|
||
|
46C0000
|
heap
|
page read and write
|
||
|
3F0000
|
trusted library allocation
|
page read and write
|
||
|
53E000
|
stack
|
page read and write
|
||
|
5110000
|
trusted library allocation
|
page read and write
|
||
|
720000
|
trusted library allocation
|
page read and write
|
||
|
4A30000
|
heap
|
page execute and read and write
|
||
|
817000
|
heap
|
page read and write
|
||
|
A60000
|
trusted library allocation
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
4E8E000
|
stack
|
page read and write
|
||
|
623000
|
trusted library allocation
|
page read and write
|
||
|
4F5000
|
trusted library allocation
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
9E0000
|
trusted library allocation
|
page read and write
|
||
|
9C0000
|
trusted library allocation
|
page read and write
|
||
|
698E000
|
stack
|
page read and write
|
||
|
1AB000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F5000
|
trusted library allocation
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
928000
|
trusted library allocation
|
page read and write
|
||
|
29AF000
|
stack
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
3F0000
|
trusted library allocation
|
page read and write
|
||
|
1EAF000
|
stack
|
page read and write
|
||
|
100F000
|
stack
|
page read and write
|
||
|
47D0000
|
trusted library allocation
|
page read and write
|
||
|
6F2000
|
heap
|
page read and write
|
||
|
89000
|
stack
|
page read and write
|
||
|
660000
|
trusted library allocation
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
F50000
|
trusted library allocation
|
page read and write
|
||
|
1F80000
|
heap
|
page read and write
|
||
|
1012000
|
unkown
|
page execute read
|
||
|
790000
|
trusted library allocation
|
page read and write
|
||
|
3F5000
|
trusted library allocation
|
page read and write
|
||
|
426C000
|
stack
|
page read and write
|
||
|
4F0000
|
trusted library allocation
|
page read and write
|
||
|
3F0000
|
trusted library allocation
|
page read and write
|
||
|
F40000
|
trusted library allocation
|
page read and write
|
||
|
5712000
|
heap
|
page read and write
|
||
|
6C0000
|
trusted library allocation
|
page read and write
|
||
|
1D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
48AC000
|
trusted library allocation
|
page read and write
|
||
|
624E000
|
stack
|
page read and write
|
||
|
3501000
|
trusted library allocation
|
page read and write
|
||
|
262C000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
EDF000
|
stack
|
page read and write
|
||
|
3F0000
|
trusted library allocation
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
42F4000
|
trusted library allocation
|
page read and write
|
||
|
164000
|
trusted library allocation
|
page read and write
|
||
|
5470000
|
trusted library allocation
|
page read and write
|
||
|
4866000
|
trusted library allocation
|
page read and write
|
||
|
4F5000
|
trusted library allocation
|
page read and write
|
||
|
4F2000
|
trusted library allocation
|
page read and write
|
||
|
BE0000
|
trusted library allocation
|
page read and write
|
||
|
579E000
|
stack
|
page read and write
|
||
|
422E000
|
stack
|
page read and write
|
||
|
6B0000
|
remote allocation
|
page read and write
|
There are 508 hidden memdumps, click here to show them.