Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Order Request1_5_24.xlam.xlsx
|
Microsoft Excel 2007+
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\OIU.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Esher
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\autCC64.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\autCC84.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\autCFBE.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\autD106.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\autD49E.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\autD4CE.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\autD7D9.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\autD818.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\autDB04.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\autDB34.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\reenlarge
|
ASCII text, with very long lines (29744), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~$imgs.xlsx
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\~$Order Request1_5_24.xlam.xls
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\~$Order Request1_5_24.xlam.xlsx
|
data
|
dropped
|
||
|
Chrome Cache Entry: 87
|
ASCII text, with very long lines (3253)
|
downloaded
|
There are 8 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
|
|
|
|
C:\Users\user\AppData\Roaming\OIU.exe
|
C:\Users\user\AppData\Roaming\OIU.exe
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
C:\Users\user\AppData\Roaming\OIU.exe
|
|
|
|
C:\Users\user\AppData\Roaming\OIU.exe
|
"C:\Users\user\AppData\Roaming\OIU.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Users\user\AppData\Roaming\OIU.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\OIU.exe
|
"C:\Users\user\AppData\Roaming\OIU.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Users\user\AppData\Roaming\OIU.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\OIU.exe
|
"C:\Users\user\AppData\Roaming\OIU.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Users\user\AppData\Roaming\OIU.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\OIU.exe
|
"C:\Users\user\AppData\Roaming\OIU.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Users\user\AppData\Roaming\OIU.exe"
|
|
|
|
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
|
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
|
||
|
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
|
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService
--lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1432 --field-trial-handle=1256,i,7674118080207217716,3458138178017285583,131072
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
|
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
|
||
|
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
|
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService
--lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1440 --field-trial-handle=1200,i,5669568352595894290,4267387126016238941,131072
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
There are 6 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://23.94.54.101/IZG.exe
|
23.94.54.101
|
|
|
|
https://api.ipify.org/
|
unknown
|
||
|
https://www.google.com/async/ddljson?async=ntp:2
|
172.217.1.4
|
||
|
https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgS_YJbhGKiDzLEGIjBAUeVDNkDlIZK5bJjKqxg5bm1WdYDjlLN5FTPlXAMxmGzLgqn1-pjmnO28YPm4sx4yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
|
172.217.1.4
|
||
|
https://api.ipify.org
|
unknown
|
||
|
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
|
172.217.1.4
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgS_YJbhGKeDzLEGIjBSLRpDP2VScdj7Wpd5SrmnrYLtq8Jxv8Ovu6XTpT1_vcDso1uPHungiEeAb9P6jnYyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
|
172.217.1.4
|
||
|
https://www.google.com/async/newtab_promos
|
172.217.1.4
|
||
|
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
|
172.217.1.4
|
||
|
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgS_YJbhGKeDzLEGIjDeDtf43edoX_DQr4xePeWIRj_Zk_cdJHjRaIqGGnjHhWEURD3S2dwEoI7xgpMRkzoyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
|
172.217.1.4
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://api.ipify.
|
unknown
|
||
|
https://www.google.com/chrome/whats-new/m109?internal=true
|
172.217.1.4
|
||
|
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgS_YJbhGKeDzLEGIjAngwEuuQDIFwKdm-Bs70gGjylYp6jr6gUkagUnxegoQxARWccq1LwEgBECfcL1PAAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
|
172.217.1.4
|
||
|
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgS_YJbhGKiDzLEGIjDtjnMJodbdiXF-HQ_fQDkAxnKugxL_IiaU5Bdf1yGe-xSVBDfYF_nK-idk43_IHf0yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
|
172.217.1.4
|
There are 6 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
www.google.com
|
172.217.1.4
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
23.94.54.101
|
unknown
|
United States
|
|
|
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
172.217.1.4
|
www.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
zx'
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Excel
|
Enabled
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
l|'
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
EquationEditorFilesIntl_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
EquationEditorFilesIntl_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
FileDirectory
|
There are 15 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
530000
|
trusted library section
|
page read and write
|
|
|
|
120000
|
direct allocation
|
page read and write
|
|
|
|
300000
|
trusted library section
|
page read and write
|
|
|
|
DE0000
|
direct allocation
|
page read and write
|
|
|
|
360000
|
direct allocation
|
page read and write
|
|
|
|
400000
|
system
|
page execute and read and write
|
|
|
|
A40000
|
direct allocation
|
page read and write
|
|
|
|
B2F000
|
heap
|
page read and write
|
|
|
|
6E0000
|
direct allocation
|
page read and write
|
|
|
|
3761000
|
trusted library allocation
|
page read and write
|
|
|
|
123000
|
trusted library allocation
|
page read and write
|
||
|
EBC000
|
heap
|
page read and write
|
||
|
BA0000
|
unkown
|
page readonly
|
||
|
EDD000
|
heap
|
page read and write
|
||
|
280B000
|
trusted library allocation
|
page read and write
|
||
|
200000
|
heap
|
page read and write
|
||
|
23BF000
|
stack
|
page read and write
|
||
|
2C17000
|
direct allocation
|
page read and write
|
||
|
C6C000
|
unkown
|
page read and write
|
||
|
29E0000
|
direct allocation
|
page read and write
|
||
|
1002000
|
heap
|
page read and write
|
||
|
7EF000
|
stack
|
page read and write
|
||
|
5A0F000
|
stack
|
page read and write
|
||
|
C74000
|
unkown
|
page readonly
|
||
|
2BE4000
|
direct allocation
|
page read and write
|
||
|
286E000
|
trusted library allocation
|
page read and write
|
||
|
E30000
|
heap
|
page read and write
|
||
|
1E6000
|
heap
|
page read and write
|
||
|
2B40000
|
direct allocation
|
page read and write
|
||
|
3B0000
|
heap
|
page read and write
|
||
|
BA0000
|
unkown
|
page readonly
|
||
|
C84000
|
unkown
|
page readonly
|
||
|
2E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
120000
|
trusted library allocation
|
page read and write
|
||
|
D0000
|
trusted library allocation
|
page read and write
|
||
|
BA0000
|
unkown
|
page readonly
|
||
|
1082000
|
heap
|
page read and write
|
||
|
2854000
|
trusted library allocation
|
page read and write
|
||
|
3520000
|
heap
|
page read and write
|
||
|
CE0000
|
heap
|
page read and write
|
||
|
2BC0000
|
direct allocation
|
page read and write
|
||
|
BA0000
|
unkown
|
page readonly
|
||
|
C6C000
|
unkown
|
page read and write
|
||
|
C84000
|
unkown
|
page readonly
|
||
|
332000
|
heap
|
page read and write
|
||
|
F60000
|
heap
|
page read and write
|
||
|
2B10000
|
direct allocation
|
page read and write
|
||
|
2885000
|
trusted library allocation
|
page read and write
|
||
|
F73000
|
heap
|
page read and write
|
||
|
2B8F000
|
stack
|
page read and write
|
||
|
8900000
|
heap
|
page read and write
|
||
|
2A8E000
|
stack
|
page read and write
|
||
|
F53000
|
heap
|
page read and write
|
||
|
75F000
|
stack
|
page read and write
|
||
|
2ABA000
|
direct allocation
|
page read and write
|
||
|
BA0000
|
unkown
|
page readonly
|
||
|
2C11000
|
direct allocation
|
page read and write
|
||
|
2882000
|
trusted library allocation
|
page read and write
|
||
|
C84000
|
unkown
|
page readonly
|
||
|
2B20000
|
direct allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2B60000
|
direct allocation
|
page read and write
|
||
|
3F0000
|
heap
|
page read and write
|
||
|
2ABD000
|
direct allocation
|
page read and write
|
||
|
3824000
|
trusted library allocation
|
page read and write
|
||
|
2BB000
|
trusted library allocation
|
page execute and read and write
|
||
|
F51000
|
heap
|
page read and write
|
||
|
2ABD000
|
direct allocation
|
page read and write
|
||
|
29E0000
|
direct allocation
|
page read and write
|
||
|
2950000
|
heap
|
page read and write
|
||
|
2A6D000
|
direct allocation
|
page read and write
|
||
|
5DC000
|
heap
|
page read and write
|
||
|
2C40000
|
direct allocation
|
page read and write
|
||
|
C62000
|
unkown
|
page readonly
|
||
|
2BB8000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2813000
|
trusted library allocation
|
page read and write
|
||
|
C74000
|
unkown
|
page readonly
|
||
|
854F000
|
stack
|
page read and write
|
||
|
BA1000
|
unkown
|
page execute read
|
||
|
2DD0000
|
direct allocation
|
page read and write
|
||
|
238000
|
stack
|
page read and write
|
||
|
5C7000
|
heap
|
page read and write
|
||
|
2AF0000
|
direct allocation
|
page read and write
|
||
|
1042000
|
heap
|
page read and write
|
||
|
621000
|
heap
|
page read and write
|
||
|
2B57000
|
direct allocation
|
page read and write
|
||
|
2B54000
|
direct allocation
|
page read and write
|
||
|
1DE0000
|
direct allocation
|
page read and write
|
||
|
3FD000
|
stack
|
page read and write
|
||
|
EBC000
|
heap
|
page read and write
|
||
|
2ABA000
|
direct allocation
|
page read and write
|
||
|
2ABD000
|
direct allocation
|
page read and write
|
||
|
2950000
|
direct allocation
|
page read and write
|
||
|
298F000
|
stack
|
page read and write
|
||
|
2B30000
|
direct allocation
|
page read and write
|
||
|
E3C000
|
heap
|
page read and write
|
||
|
2BBB000
|
heap
|
page read and write
|
||
|
2990000
|
direct allocation
|
page read and write
|
||
|
C3C000
|
unkown
|
page readonly
|
||
|
CE0000
|
heap
|
page read and write
|
||
|
82F000
|
stack
|
page read and write
|
||
|
2D64000
|
direct allocation
|
page read and write
|
||
|
F2C000
|
heap
|
page read and write
|
||
|
2B51000
|
direct allocation
|
page read and write
|
||
|
2AD0000
|
heap
|
page read and write
|
||
|
C3C000
|
unkown
|
page readonly
|
||
|
2B40000
|
direct allocation
|
page read and write
|
||
|
C3C000
|
unkown
|
page readonly
|
||
|
2C20000
|
direct allocation
|
page read and write
|
||
|
2C11000
|
direct allocation
|
page read and write
|
||
|
52D000
|
stack
|
page read and write
|
||
|
2822000
|
heap
|
page read and write
|
||
|
C84000
|
unkown
|
page readonly
|
||
|
1042000
|
heap
|
page read and write
|
||
|
2B2000
|
trusted library allocation
|
page read and write
|
||
|
51BE000
|
stack
|
page read and write
|
||
|
2C14000
|
direct allocation
|
page read and write
|
||
|
5FFE000
|
stack
|
page read and write
|
||
|
2C37000
|
direct allocation
|
page read and write
|
||
|
2BE7000
|
direct allocation
|
page read and write
|
||
|
190000
|
heap
|
page read and write
|
||
|
2762000
|
heap
|
page read and write
|
||
|
3F6000
|
heap
|
page read and write
|
||
|
C74000
|
unkown
|
page readonly
|
||
|
C6C000
|
unkown
|
page read and write
|
||
|
C62000
|
unkown
|
page readonly
|
||
|
2C31000
|
direct allocation
|
page read and write
|
||
|
E80000
|
heap
|
page read and write
|
||
|
C4D000
|
stack
|
page read and write
|
||
|
F54000
|
heap
|
page read and write
|
||
|
2C17000
|
direct allocation
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
2C20000
|
direct allocation
|
page read and write
|
||
|
1DD0000
|
heap
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
2BE4000
|
direct allocation
|
page read and write
|
||
|
2B40000
|
direct allocation
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
51DD000
|
heap
|
page read and write
|
||
|
376000
|
heap
|
page read and write
|
||
|
2C20000
|
direct allocation
|
page read and write
|
||
|
2BD0000
|
direct allocation
|
page read and write
|
||
|
F3C000
|
heap
|
page read and write
|
||
|
BA1000
|
unkown
|
page execute read
|
||
|
2BEA000
|
direct allocation
|
page read and write
|
||
|
EE3000
|
heap
|
page read and write
|
||
|
2990000
|
direct allocation
|
page read and write
|
||
|
1091000
|
heap
|
page read and write
|
||
|
1091000
|
heap
|
page read and write
|
||
|
C84000
|
unkown
|
page readonly
|
||
|
E6C000
|
heap
|
page read and write
|
||
|
2B30000
|
direct allocation
|
page read and write
|
||
|
E6C000
|
heap
|
page read and write
|
||
|
1CF0000
|
heap
|
page read and write
|
||
|
EDB000
|
heap
|
page read and write
|
||
|
ECB000
|
heap
|
page read and write
|
||
|
288F000
|
stack
|
page read and write
|
||
|
2B40000
|
direct allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
F04000
|
heap
|
page read and write
|
||
|
E7A000
|
heap
|
page read and write
|
||
|
C6C000
|
unkown
|
page read and write
|
||
|
BA1000
|
unkown
|
page execute read
|
||
|
5E6000
|
heap
|
page read and write
|
||
|
C6C000
|
unkown
|
page write copy
|
||
|
C74000
|
unkown
|
page readonly
|
||
|
4F4000
|
heap
|
page read and write
|
||
|
2ABD000
|
direct allocation
|
page read and write
|
||
|
2B60000
|
direct allocation
|
page read and write
|
||
|
C6C000
|
unkown
|
page write copy
|
||
|
1042000
|
heap
|
page read and write
|
||
|
ECC000
|
heap
|
page read and write
|
||
|
2C40000
|
direct allocation
|
page read and write
|
||
|
29E0000
|
direct allocation
|
page read and write
|
||
|
1D0000
|
direct allocation
|
page execute and read and write
|
||
|
E87000
|
heap
|
page read and write
|
||
|
862F000
|
stack
|
page read and write
|
||
|
2B10000
|
direct allocation
|
page read and write
|
||
|
B00000
|
heap
|
page read and write
|
||
|
C74000
|
unkown
|
page readonly
|
||
|
4FCE000
|
stack
|
page read and write
|
||
|
DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A6A000
|
direct allocation
|
page read and write
|
||
|
2C40000
|
direct allocation
|
page read and write
|
||
|
F01000
|
heap
|
page read and write
|
||
|
2C37000
|
direct allocation
|
page read and write
|
||
|
2740000
|
heap
|
page read and write
|
||
|
CE0000
|
heap
|
page read and write
|
||
|
C84000
|
unkown
|
page readonly
|
||
|
1032000
|
heap
|
page read and write
|
||
|
2C31000
|
direct allocation
|
page read and write
|
||
|
F02000
|
heap
|
page read and write
|
||
|
50F000
|
stack
|
page read and write
|
||
|
2C34000
|
direct allocation
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
A0000
|
trusted library section
|
page read and write
|
||
|
2D67000
|
direct allocation
|
page read and write
|
||
|
2D70000
|
direct allocation
|
page read and write
|
||
|
E3C000
|
heap
|
page read and write
|
||
|
C62000
|
unkown
|
page readonly
|
||
|
260000
|
heap
|
page read and write
|
||
|
E87000
|
heap
|
page read and write
|
||
|
360000
|
trusted library allocation
|
page read and write
|
||
|
136000
|
trusted library allocation
|
page execute and read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
12D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A2D000
|
direct allocation
|
page read and write
|
||
|
E7C000
|
heap
|
page read and write
|
||
|
F53000
|
heap
|
page read and write
|
||
|
E30000
|
heap
|
page read and write
|
||
|
7EF40000
|
trusted library allocation
|
page execute and read and write
|
||
|
E7A000
|
heap
|
page read and write
|
||
|
F2D000
|
heap
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
E7B000
|
heap
|
page read and write
|
||
|
C3C000
|
unkown
|
page readonly
|
||
|
C74000
|
unkown
|
page readonly
|
||
|
F53000
|
heap
|
page read and write
|
||
|
E4B000
|
heap
|
page read and write
|
||
|
26CD000
|
direct allocation
|
page read and write
|
||
|
2ABA000
|
direct allocation
|
page read and write
|
||
|
326000
|
heap
|
page read and write
|
||
|
BA1000
|
unkown
|
page execute read
|
||
|
C3C000
|
unkown
|
page readonly
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
54F000
|
stack
|
page read and write
|
||
|
2872000
|
trusted library allocation
|
page read and write
|
||
|
2B30000
|
direct allocation
|
page read and write
|
||
|
2B40000
|
direct allocation
|
page read and write
|
||
|
370000
|
heap
|
page read and write
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
130000
|
trusted library allocation
|
page read and write
|
||
|
BA0000
|
unkown
|
page readonly
|
||
|
C6C000
|
unkown
|
page write copy
|
||
|
1DB0000
|
heap
|
page read and write
|
||
|
329000
|
heap
|
page read and write
|
||
|
2C34000
|
direct allocation
|
page read and write
|
||
|
81F000
|
stack
|
page read and write
|
||
|
2C31000
|
direct allocation
|
page read and write
|
||
|
F02000
|
heap
|
page read and write
|
||
|
E3B000
|
heap
|
page read and write
|
||
|
2AF0000
|
direct allocation
|
page read and write
|
||
|
3F0000
|
trusted library allocation
|
page read and write
|
||
|
190000
|
heap
|
page read and write
|
||
|
1C7D000
|
stack
|
page read and write
|
||
|
1002000
|
heap
|
page read and write
|
||
|
ECC000
|
heap
|
page read and write
|
||
|
80D000
|
stack
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
EC4000
|
heap
|
page read and write
|
||
|
4B8F000
|
stack
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
59F000
|
stack
|
page read and write
|
||
|
F73000
|
heap
|
page read and write
|
||
|
930000
|
heap
|
page read and write
|
||
|
33E000
|
heap
|
page read and write
|
||
|
E2C000
|
heap
|
page read and write
|
||
|
280E000
|
trusted library allocation
|
page read and write
|
||
|
2D61000
|
direct allocation
|
page read and write
|
||
|
2C80000
|
direct allocation
|
page read and write
|
||
|
5A5000
|
heap
|
page read and write
|
||
|
D60000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C34000
|
direct allocation
|
page read and write
|
||
|
C62000
|
unkown
|
page readonly
|
||
|
2C20000
|
direct allocation
|
page read and write
|
||
|
2B30000
|
direct allocation
|
page read and write
|
||
|
2C31000
|
direct allocation
|
page read and write
|
||
|
2C34000
|
direct allocation
|
page read and write
|
||
|
18B000
|
stack
|
page read and write
|
||
|
7CE000
|
stack
|
page read and write
|
||
|
E7B000
|
heap
|
page read and write
|
||
|
C50000
|
trusted library allocation
|
page read and write
|
||
|
1091000
|
heap
|
page read and write
|
||
|
5DA000
|
heap
|
page read and write
|
||
|
24BF000
|
stack
|
page read and write
|
||
|
C62000
|
unkown
|
page readonly
|
||
|
2A50000
|
direct allocation
|
page read and write
|
||
|
74F000
|
stack
|
page read and write
|
||
|
1092000
|
heap
|
page read and write
|
||
|
2C60000
|
direct allocation
|
page read and write
|
||
|
AF9000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2A2A000
|
direct allocation
|
page read and write
|
||
|
2B54000
|
direct allocation
|
page read and write
|
||
|
C3C000
|
unkown
|
page readonly
|
||
|
57C000
|
stack
|
page read and write
|
||
|
56E000
|
stack
|
page read and write
|
||
|
647000
|
heap
|
page read and write
|
||
|
458000
|
trusted library allocation
|
page read and write
|
||
|
55E000
|
stack
|
page read and write
|
||
|
E8B000
|
heap
|
page read and write
|
||
|
E8B000
|
heap
|
page read and write
|
||
|
C84000
|
unkown
|
page readonly
|
||
|
E7C000
|
heap
|
page read and write
|
||
|
E3B000
|
heap
|
page read and write
|
||
|
2C31000
|
direct allocation
|
page read and write
|
||
|
F02000
|
heap
|
page read and write
|
||
|
1260000
|
heap
|
page execute and read and write
|
||
|
517C000
|
stack
|
page read and write
|
||
|
2ABA000
|
direct allocation
|
page read and write
|
||
|
2D50000
|
direct allocation
|
page read and write
|
||
|
E54000
|
heap
|
page read and write
|
||
|
5030000
|
heap
|
page read and write
|
||
|
E40000
|
heap
|
page read and write
|
||
|
8570000
|
heap
|
page read and write
|
||
|
5420000
|
heap
|
page read and write
|
||
|
E7B000
|
heap
|
page read and write
|
||
|
352E000
|
heap
|
page read and write
|
||
|
FF2000
|
heap
|
page read and write
|
||
|
ECA000
|
heap
|
page read and write
|
||
|
EA4000
|
heap
|
page read and write
|
||
|
2C40000
|
direct allocation
|
page read and write
|
||
|
2B6000
|
heap
|
page read and write
|
||
|
F03000
|
heap
|
page read and write
|
||
|
2BF0000
|
direct allocation
|
page read and write
|
||
|
C6C000
|
unkown
|
page read and write
|
||
|
2C0000
|
heap
|
page read and write
|
||
|
2B40000
|
direct allocation
|
page read and write
|
||
|
C62000
|
unkown
|
page readonly
|
||
|
E04000
|
heap
|
page read and write
|
||
|
2BE1000
|
direct allocation
|
page read and write
|
||
|
150000
|
direct allocation
|
page execute and read and write
|
||
|
1D12000
|
heap
|
page read and write
|
||
|
1AA000
|
stack
|
page read and write
|
||
|
2B30000
|
direct allocation
|
page read and write
|
||
|
1092000
|
heap
|
page read and write
|
||
|
58D0000
|
heap
|
page read and write
|
||
|
76C000
|
stack
|
page read and write
|
||
|
1032000
|
heap
|
page read and write
|
||
|
2C60000
|
direct allocation
|
page read and write
|
||
|
BA0000
|
unkown
|
page readonly
|
||
|
F53000
|
heap
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
F2D000
|
heap
|
page read and write
|
||
|
C70000
|
unkown
|
page write copy
|
||
|
F52000
|
heap
|
page read and write
|
||
|
C70000
|
unkown
|
page write copy
|
||
|
E14000
|
heap
|
page read and write
|
||
|
2744000
|
heap
|
page read and write
|
||
|
2BC0000
|
direct allocation
|
page read and write
|
||
|
2E4000
|
heap
|
page read and write
|
||
|
2BD0000
|
direct allocation
|
page read and write
|
||
|
1091000
|
heap
|
page read and write
|
||
|
13A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C70000
|
direct allocation
|
page read and write
|
||
|
AE2000
|
heap
|
page read and write
|
||
|
2C50000
|
direct allocation
|
page read and write
|
||
|
C6C000
|
unkown
|
page write copy
|
||
|
2ABD000
|
direct allocation
|
page read and write
|
||
|
2B10000
|
direct allocation
|
page read and write
|
||
|
87CF000
|
stack
|
page read and write
|
||
|
CA000
|
stack
|
page read and write
|
||
|
ECA000
|
heap
|
page read and write
|
||
|
BA0000
|
unkown
|
page readonly
|
||
|
2CA0000
|
direct allocation
|
page read and write
|
||
|
CB0000
|
heap
|
page execute and read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
2C70000
|
direct allocation
|
page read and write
|
||
|
27000
|
heap
|
page read and write
|
||
|
110000
|
direct allocation
|
page execute and read and write
|
||
|
CAE000
|
stack
|
page read and write
|
||
|
1F0000
|
remote allocation
|
page read and write
|
||
|
1041000
|
heap
|
page read and write
|
||
|
2A2A000
|
direct allocation
|
page read and write
|
||
|
2CA0000
|
direct allocation
|
page read and write
|
||
|
E7C000
|
heap
|
page read and write
|
||
|
2C20000
|
direct allocation
|
page read and write
|
||
|
C62000
|
unkown
|
page readonly
|
||
|
E37000
|
heap
|
page read and write
|
||
|
F03000
|
heap
|
page read and write
|
||
|
BA1000
|
unkown
|
page execute read
|
||
|
BA0000
|
unkown
|
page readonly
|
||
|
2C50000
|
direct allocation
|
page read and write
|
||
|
29E0000
|
direct allocation
|
page read and write
|
||
|
1092000
|
heap
|
page read and write
|
||
|
C3C000
|
unkown
|
page readonly
|
||
|
2800000
|
heap
|
page read and write
|
||
|
2D61000
|
direct allocation
|
page read and write
|
||
|
2B40000
|
direct allocation
|
page read and write
|
||
|
AC0000
|
heap
|
page read and write
|
||
|
ECB000
|
heap
|
page read and write
|
||
|
1F0000
|
remote allocation
|
page read and write
|
||
|
8AFF000
|
stack
|
page read and write
|
||
|
78F000
|
stack
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
3AD000
|
heap
|
page read and write
|
||
|
4F7E000
|
stack
|
page read and write
|
||
|
2BE1000
|
direct allocation
|
page read and write
|
||
|
5D1000
|
heap
|
page read and write
|
||
|
26CA000
|
direct allocation
|
page read and write
|
||
|
C84000
|
unkown
|
page readonly
|
||
|
ECB000
|
heap
|
page read and write
|
||
|
AF0000
|
trusted library allocation
|
page read and write
|
||
|
E37000
|
heap
|
page read and write
|
||
|
26CD000
|
direct allocation
|
page read and write
|
||
|
2761000
|
trusted library allocation
|
page read and write
|
||
|
E7B000
|
heap
|
page read and write
|
||
|
25F0000
|
direct allocation
|
page read and write
|
||
|
2C34000
|
direct allocation
|
page read and write
|
||
|
ECC000
|
heap
|
page read and write
|
||
|
EC1000
|
heap
|
page read and write
|
||
|
2804000
|
heap
|
page read and write
|
||
|
26CA000
|
direct allocation
|
page read and write
|
||
|
2C00000
|
direct allocation
|
page read and write
|
||
|
2C40000
|
direct allocation
|
page read and write
|
||
|
C0000
|
trusted library allocation
|
page read and write
|
||
|
2C20000
|
heap
|
page read and write
|
||
|
D4000
|
trusted library allocation
|
page read and write
|
||
|
426000
|
system
|
page execute and read and write
|
||
|
2950000
|
direct allocation
|
page read and write
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
2C14000
|
direct allocation
|
page read and write
|
||
|
1091000
|
heap
|
page read and write
|
||
|
2BED000
|
direct allocation
|
page read and write
|
||
|
2F0000
|
trusted library allocation
|
page read and write
|
||
|
BA000
|
stack
|
page read and write
|
||
|
2C37000
|
direct allocation
|
page read and write
|
||
|
132000
|
trusted library allocation
|
page read and write
|
||
|
2B10000
|
direct allocation
|
page read and write
|
||
|
904000
|
heap
|
page read and write
|
||
|
2DD0000
|
direct allocation
|
page read and write
|
||
|
2BB4000
|
heap
|
page read and write
|
||
|
2ABD000
|
direct allocation
|
page read and write
|
||
|
574E000
|
stack
|
page read and write
|
||
|
2B7000
|
trusted library allocation
|
page execute and read and write
|
||
|
C74000
|
unkown
|
page readonly
|
||
|
F23000
|
heap
|
page read and write
|
||
|
2B5000
|
trusted library allocation
|
page execute and read and write
|
||
|
C70000
|
unkown
|
page write copy
|
||
|
2BE7000
|
direct allocation
|
page read and write
|
||
|
2BF000
|
stack
|
page read and write
|
||
|
2C7000
|
heap
|
page read and write
|
||
|
F2C000
|
heap
|
page read and write
|
||
|
29E0000
|
direct allocation
|
page read and write
|
||
|
542F000
|
heap
|
page read and write
|
||
|
356000
|
heap
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
550000
|
direct allocation
|
page execute and read and write
|
||
|
58F000
|
stack
|
page read and write
|
||
|
C3C000
|
unkown
|
page readonly
|
||
|
10000
|
heap
|
page read and write
|
||
|
C70000
|
unkown
|
page write copy
|
||
|
2C37000
|
direct allocation
|
page read and write
|
||
|
541E000
|
stack
|
page read and write
|
||
|
587000
|
heap
|
page read and write
|
||
|
2CA0000
|
direct allocation
|
page read and write
|
||
|
1CBE000
|
stack
|
page read and write
|
||
|
2D67000
|
direct allocation
|
page read and write
|
||
|
F02000
|
heap
|
page read and write
|
||
|
AC4000
|
heap
|
page read and write
|
||
|
900000
|
heap
|
page read and write
|
||
|
1CF4000
|
heap
|
page read and write
|
||
|
DAE000
|
stack
|
page read and write
|
||
|
2C00000
|
direct allocation
|
page read and write
|
||
|
2D64000
|
direct allocation
|
page read and write
|
||
|
200000
|
heap
|
page read and write
|
||
|
D3000
|
trusted library allocation
|
page execute and read and write
|
||
|
ABD000
|
stack
|
page read and write
|
||
|
2BED000
|
direct allocation
|
page read and write
|
||
|
7EC000
|
stack
|
page read and write
|
||
|
B0000
|
trusted library section
|
page read and write
|
||
|
C62000
|
unkown
|
page readonly
|
||
|
2BB0000
|
heap
|
page read and write
|
||
|
922000
|
heap
|
page read and write
|
||
|
966000
|
heap
|
page read and write
|
||
|
2C37000
|
direct allocation
|
page read and write
|
||
|
8690000
|
heap
|
page read and write
|
||
|
ECB000
|
heap
|
page read and write
|
||
|
C3C000
|
unkown
|
page readonly
|
||
|
2C20000
|
direct allocation
|
page read and write
|
||
|
F01000
|
heap
|
page read and write
|
||
|
125D000
|
stack
|
page read and write
|
||
|
2A6A000
|
direct allocation
|
page read and write
|
||
|
F52000
|
heap
|
page read and write
|
||
|
2819000
|
trusted library allocation
|
page read and write
|
||
|
2D70000
|
direct allocation
|
page read and write
|
||
|
11A000
|
stack
|
page read and write
|
||
|
BA1000
|
unkown
|
page execute read
|
||
|
F04000
|
heap
|
page read and write
|
||
|
C6C000
|
unkown
|
page write copy
|
||
|
F10000
|
heap
|
page read and write
|
||
|
7DE000
|
stack
|
page read and write
|
||
|
2A2D000
|
direct allocation
|
page read and write
|
||
|
C74000
|
unkown
|
page readonly
|
||
|
F54000
|
heap
|
page read and write
|
||
|
2C20000
|
direct allocation
|
page read and write
|
||
|
445000
|
system
|
page execute and read and write
|
||
|
C84000
|
unkown
|
page readonly
|
||
|
960000
|
heap
|
page read and write
|
||
|
2B40000
|
direct allocation
|
page read and write
|
||
|
10BF000
|
stack
|
page read and write
|
||
|
EC3000
|
heap
|
page read and write
|
||
|
2ABA000
|
direct allocation
|
page read and write
|
||
|
E9D000
|
heap
|
page read and write
|
||
|
C74000
|
unkown
|
page readonly
|
||
|
2C37000
|
direct allocation
|
page read and write
|
||
|
512000
|
heap
|
page read and write
|
||
|
2A60000
|
direct allocation
|
page read and write
|
||
|
844E000
|
stack
|
page read and write
|
||
|
CF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
51E000
|
stack
|
page read and write
|
||
|
C3C000
|
unkown
|
page readonly
|
||
|
2C40000
|
direct allocation
|
page read and write
|
||
|
DF7000
|
heap
|
page read and write
|
||
|
88C0000
|
heap
|
page read and write
|
||
|
D00000
|
heap
|
page execute and read and write
|
||
|
2ABA000
|
direct allocation
|
page read and write
|
||
|
ECB000
|
heap
|
page read and write
|
||
|
210000
|
direct allocation
|
page execute and read and write
|
||
|
2AE0000
|
direct allocation
|
page read and write
|
||
|
EC2000
|
heap
|
page read and write
|
||
|
C70000
|
unkown
|
page write copy
|
||
|
EC2000
|
heap
|
page read and write
|
||
|
7FF000
|
stack
|
page read and write
|
||
|
10BE000
|
stack
|
page read and write | page guard
|
||
|
2AE0000
|
direct allocation
|
page read and write
|
||
|
E7C000
|
heap
|
page read and write
|
||
|
2A50000
|
direct allocation
|
page read and write
|
||
|
2C20000
|
direct allocation
|
page read and write
|
||
|
2CA0000
|
direct allocation
|
page read and write
|
||
|
281C000
|
trusted library allocation
|
page read and write
|
||
|
5D5E000
|
stack
|
page read and write
|
||
|
2C80000
|
direct allocation
|
page read and write
|
||
|
2BF0000
|
direct allocation
|
page read and write
|
||
|
F53000
|
heap
|
page read and write
|
||
|
F23000
|
heap
|
page read and write
|
||
|
EA4000
|
heap
|
page read and write
|
||
|
BA1000
|
unkown
|
page execute read
|
||
|
BA1000
|
unkown
|
page execute read
|
||
|
2B20000
|
direct allocation
|
page read and write
|
||
|
77F000
|
stack
|
page read and write
|
||
|
53F000
|
stack
|
page read and write
|
||
|
E80000
|
heap
|
page read and write
|
||
|
33A000
|
heap
|
page read and write
|
||
|
85EE000
|
stack
|
page read and write
|
||
|
2CA0000
|
direct allocation
|
page read and write
|
||
|
BA1000
|
unkown
|
page execute read
|
||
|
C62000
|
unkown
|
page readonly
|
||
|
80F000
|
stack
|
page read and write
|
||
|
6A7000
|
heap
|
page read and write
|
||
|
BA0000
|
unkown
|
page readonly
|
||
|
10000
|
heap
|
page read and write
|
||
|
2B57000
|
direct allocation
|
page read and write
|
||
|
2BEA000
|
direct allocation
|
page read and write
|
||
|
1002000
|
heap
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
960000
|
heap
|
page read and write
|
||
|
2A6D000
|
direct allocation
|
page read and write
|
||
|
C62000
|
unkown
|
page readonly
|
||
|
2B51000
|
direct allocation
|
page read and write
|
||
|
1042000
|
heap
|
page read and write
|
||
|
EFE000
|
stack
|
page read and write
|
||
|
C74000
|
unkown
|
page readonly
|
||
|
25A000
|
stack
|
page read and write
|
||
|
1092000
|
heap
|
page read and write
|
||
|
2B30000
|
direct allocation
|
page read and write
|
||
|
2CA0000
|
direct allocation
|
page read and write
|
||
|
E3A000
|
heap
|
page read and write
|
||
|
12EE000
|
stack
|
page read and write
|
||
|
2B0000
|
heap
|
page read and write
|
||
|
BA1000
|
unkown
|
page execute read
|
||
|
29E0000
|
direct allocation
|
page read and write
|
||
|
24A000
|
stack
|
page read and write
|
||
|
2EF000
|
heap
|
page read and write
|
||
|
EDD000
|
heap
|
page read and write
|
||
|
E22000
|
heap
|
page read and write
|
||
|
2D50000
|
direct allocation
|
page read and write
|
||
|
2C34000
|
direct allocation
|
page read and write
|
||
|
2A60000
|
direct allocation
|
page read and write
|
||
|
E54000
|
heap
|
page read and write
|
||
|
89000
|
stack
|
page read and write
|
||
|
51C0000
|
heap
|
page read and write
|
||
|
7FE000
|
stack
|
page read and write
|
||
|
25F0000
|
direct allocation
|
page read and write
|
||
|
2C31000
|
direct allocation
|
page read and write
|
||
|
1082000
|
heap
|
page read and write
|
||
|
2858000
|
trusted library allocation
|
page read and write
|
||
|
1042000
|
heap
|
page read and write
|
||
|
C84000
|
unkown
|
page readonly
|
There are 570 hidden memdumps, click here to show them.