Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
IND24072113_1.xlsx
|
Microsoft Excel 2007+
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\kontempt2.1[1].exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\sqlite3.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\word.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\~$IND24072113_1.xlsx
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\kontempt2.1[1].htm
|
HTML document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\sqlite-dll-win32-x86-3380000[1].zip
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\7yj1259-
|
SQLite 3.x database, last written using SQLite version 3032001, page size 2048, file counter 10, database pages 37, cookie
0x2f, schema 4, UTF-8, version-valid-for 10
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cyclop
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\jvetpvrp.zip
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sqlite3.def
|
ASCII text
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
|
|
|
|
C:\Users\user\AppData\Roaming\word.exe
|
C:\Users\user\AppData\Roaming\word.exe
|
|
|
|
C:\Windows\SysWOW64\svchost.exe
|
C:\Users\user\AppData\Roaming\word.exe
|
|
|
|
C:\Program Files (x86)\VOZtgxBxyGdAUEZvVwbwrTYrUzPcxRMLrHdkNbFxtliZLdHQCgXCuTeJXDKktVwKpQjyF\XAgFxCrXhYKjE.exe
|
"C:\Program Files (x86)\VOZtgxBxyGdAUEZvVwbwrTYrUzPcxRMLrHdkNbFxtliZLdHQCgXCuTeJXDKktVwKpQjyF\XAgFxCrXhYKjE.exe"
|
|
|
|
C:\Windows\SysWOW64\msinfo32.exe
|
"C:\Windows\SysWOW64\msinfo32.exe"
|
|
|
|
C:\Program Files (x86)\VOZtgxBxyGdAUEZvVwbwrTYrUzPcxRMLrHdkNbFxtliZLdHQCgXCuTeJXDKktVwKpQjyF\XAgFxCrXhYKjE.exe
|
"C:\Program Files (x86)\VOZtgxBxyGdAUEZvVwbwrTYrUzPcxRMLrHdkNbFxtliZLdHQCgXCuTeJXDKktVwKpQjyF\XAgFxCrXhYKjE.exe"
|
|
|
|
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
|
"C:\Program Files (x86)\Mozilla Firefox\Firefox.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://timurtrading.my/kontempt2.1.exe
|
192.3.255.145
|
|
|
|
http://timurtrading.my/kontempt2.1.exe
|
192.3.255.145
|
|
|
|
https://duckduckgo.com/chrome_newtab
|
unknown
|
||
|
https://duckduckgo.com/ac/?q=
|
unknown
|
||
|
http://crl.entrust.net/server1.crl0
|
unknown
|
||
|
http://ocsp.entrust.net03
|
unknown
|
||
|
http://www.omnibizlux.biz/8pmv/?eDZh=0pI0vDB&IDX46=o+HDgodiamRQHtDMpIt6QXV1yFQyIuHAMV1gOVYcjWmvuGh+h7IrtYfSQO/kpwxsxn8zwcxo4M/m/nbjbIRZpxhbjjpUXySeQkriE3Dek1xl8vaSGOlLDW237/Ca
|
167.172.133.32
|
||
|
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
|
unknown
|
||
|
https://timurtrading.my/kontempt2.1.exeppC:
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
|
unknown
|
||
|
http://www.75e296qdx.top/quvp/?IDX46=ZW1g+h73VjV8NmrD3A0IsvQAl9tCTvv5s7OxxnbN69qnRFmJveufixywo3eCJN9Bi9pNL2fgeIfBDTgJwEUErU/4IwV0Yt2V4k+CbVZpThcE8pzI6qgsTHE3GSfU&eDZh=0pI0vDB
|
185.196.10.234
|
||
|
http://www.diginotar.nl/cps/pkioverheid0
|
unknown
|
||
|
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
|
unknown
|
||
|
http://www.sqlite.org/2022/sqlite-dll-win32-x86-3380000.zip
|
45.33.6.223
|
||
|
https://www.google.com/favicon.ico
|
unknown
|
||
|
http://www.myprefpal.xyz/2xrt/?IDX46=t8QlsLf/hSao5OfTjGXyvO3SE3egRcZN/0WYGutq4Zw3gZ9pwtfqpd7Txie7AUKWMV3AhFtCGrZ0PcR2NtL0Erm7E7qQmCH1czZzhi0sD+dlnO4gaz+HrJe+v97h&eDZh=0pI0vDB
|
15.197.148.33
|
||
|
https://ac.ecosia.org/autocomplete?q=
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
|
unknown
|
||
|
http://timurtrading.my/kontempt2.1.exet
|
unknown
|
||
|
http://www.jilifish.win/to3j/
|
15.197.148.33
|
||
|
http://www.jilifish.win
|
unknown
|
||
|
http://www.75e296qdx.top/quvp/
|
185.196.10.234
|
||
|
https://timurtrading.my/
|
unknown
|
||
|
http://www.myprefpal.xyz/2xrt/
|
15.197.148.33
|
||
|
http://ocsp.entrust.net0D
|
unknown
|
||
|
https://secure.comodo.com/CPS0
|
unknown
|
||
|
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
|
unknown
|
||
|
http://crl.entrust.net/2048ca.crl0
|
unknown
|
||
|
http://www.sqlite.org/copyright.html.
|
unknown
|
||
|
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
|
unknown
|
There are 20 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
myprefpal.xyz
|
15.197.148.33
|
|
|
|
timurtrading.my
|
192.3.255.145
|
|
|
|
www.myprefpal.xyz
|
unknown
|
|
|
|
www.75e296qdx.top
|
185.196.10.234
|
||
|
www.sqlite.org
|
45.33.6.223
|
||
|
www.omnibizlux.biz
|
167.172.133.32
|
||
|
jilifish.win
|
15.197.148.33
|
||
|
www.jilifish.win
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
15.197.148.33
|
myprefpal.xyz
|
United States
|
|
|
|
192.3.255.145
|
timurtrading.my
|
United States
|
|
|
|
45.33.6.223
|
www.sqlite.org
|
United States
|
||
|
167.172.133.32
|
www.omnibizlux.biz
|
United States
|
||
|
185.196.10.234
|
www.75e296qdx.top
|
Switzerland
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
<w0
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Excel
|
Enabled
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\2E282
|
2E282
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
680
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
EquationEditorFilesIntl_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
EquationEditorFilesIntl_1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
|
Implementing
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
|
Implementing
|
There are 15 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
61ED1000
|
unkown
|
page write copy
|
||
|
750000
|
unkown
|
page readonly
|
||
|
61ECA000
|
unkown
|
page read and write
|
||
|
1D80000
|
remote allocation
|
page read and write
|
||
|
430000
|
trusted library allocation
|
page read and write
|
||
|
9B4000
|
heap
|
page read and write
|
||
|
8D5000
|
unkown
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
120000
|
system
|
page execute and read and write
|
||
|
8CE000
|
unkown
|
page readonly
|
||
|
5340000
|
trusted library allocation
|
page read and write
|
||
|
600000
|
unkown
|
page readonly
|
||
|
5AAD000
|
stack
|
page read and write
|
||
|
2F0000
|
heap
|
page read and write
|
||
|
3BAD000
|
direct allocation
|
page read and write
|
||
|
3330000
|
heap
|
page read and write
|
||
|
DA0000
|
unclassified section
|
page execute and read and write
|
||
|
1F80000
|
heap
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
6CED000
|
heap
|
page read and write
|
||
|
1E32000
|
heap
|
page read and write
|
||
|
5A6D000
|
stack
|
page read and write
|
||
|
12A4000
|
unclassified section
|
page execute and read and write
|
||
|
1D40000
|
heap
|
page read and write
|
||
|
255000
|
heap
|
page read and write
|
||
|
612D000
|
heap
|
page read and write
|
||
|
6133000
|
heap
|
page read and write
|
||
|
3D24000
|
direct allocation
|
page read and write
|
||
|
13E2000
|
system
|
page read and write
|
||
|
2107000
|
direct allocation
|
page execute and read and write
|
||
|
1F7D000
|
stack
|
page read and write
|
||
|
30F000
|
heap
|
page read and write
|
||
|
120000
|
heap
|
page read and write
|
||
|
D11000
|
direct allocation
|
page execute and read and write
|
||
|
2190000
|
direct allocation
|
page execute and read and write
|
||
|
1D48000
|
heap
|
page read and write
|
||
|
64C0000
|
heap
|
page read and write
|
||
|
711C000
|
stack
|
page read and write
|
||
|
2290000
|
direct allocation
|
page execute and read and write
|
||
|
13B000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2F5000
|
heap
|
page read and write
|
||
|
6110000
|
trusted library allocation
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
69D000
|
heap
|
page read and write
|
||
|
24A0000
|
heap
|
page read and write
|
||
|
31D000
|
stack
|
page read and write
|
||
|
2100000
|
direct allocation
|
page execute and read and write
|
||
|
36B7000
|
heap
|
page read and write
|
||
|
36D1000
|
heap
|
page read and write
|
||
|
3BAA000
|
direct allocation
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
A80000
|
unkown
|
page readonly
|
||
|
3C30000
|
direct allocation
|
page read and write
|
||
|
8C1000
|
unkown
|
page execute read
|
||
|
3A4000
|
heap
|
page read and write
|
||
|
B90000
|
direct allocation
|
page execute and read and write
|
||
|
5013000
|
trusted library allocation
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
3AD0000
|
direct allocation
|
page read and write
|
||
|
344D000
|
heap
|
page read and write
|
||
|
20000
|
unkown
|
page read and write
|
||
|
4F8000
|
heap
|
page read and write
|
||
|
5ADF000
|
stack
|
page read and write
|
||
|
1EB0000
|
heap
|
page read and write
|
||
|
6E9C000
|
stack
|
page read and write
|
||
|
3C30000
|
direct allocation
|
page read and write
|
||
|
5670000
|
heap
|
page read and write
|
||
|
3A4000
|
heap
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
2AAC000
|
unkown
|
page read and write
|
||
|
61E00000
|
unkown
|
page readonly
|
||
|
68E000
|
heap
|
page read and write
|
||
|
7A0000
|
unkown
|
page readonly
|
||
|
626E000
|
stack
|
page read and write
|
||
|
58CF000
|
stack
|
page read and write
|
||
|
276000
|
heap
|
page read and write
|
||
|
55C0000
|
heap
|
page read and write
|
||
|
3D21000
|
direct allocation
|
page read and write
|
||
|
6117000
|
heap
|
page read and write
|
||
|
4AB000
|
unkown
|
page readonly
|
||
|
8D7000
|
unkown
|
page readonly
|
||
|
246000
|
heap
|
page read and write
|
||
|
606F000
|
stack
|
page read and write
|
||
|
7720000
|
heap
|
page read and write
|
||
|
1D7C000
|
system
|
page execute and read and write
|
||
|
53E000
|
stack
|
page read and write
|
||
|
1D20000
|
heap
|
page read and write
|
||
|
2D0000
|
heap
|
page read and write
|
||
|
3D24000
|
direct allocation
|
page read and write
|
||
|
5019000
|
trusted library allocation
|
page read and write
|
||
|
6110000
|
trusted library allocation
|
page read and write
|
||
|
3425000
|
heap
|
page read and write
|
||
|
260000
|
system
|
page execute and read and write
|
||
|
740000
|
unkown
|
page readonly
|
||
|
2281000
|
direct allocation
|
page execute and read and write
|
||
|
D14000
|
direct allocation
|
page execute and read and write
|
||
|
217000
|
heap
|
page read and write
|
||
|
D90000
|
direct allocation
|
page execute and read and write
|
||
|
1B0000
|
heap
|
page read and write
|
||
|
3D30000
|
direct allocation
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
1D88000
|
system
|
page execute and read and write
|
||
|
2180000
|
direct allocation
|
page execute and read and write
|
||
|
2020000
|
heap
|
page read and write
|
||
|
3BAD000
|
direct allocation
|
page read and write
|
||
|
4F4000
|
heap
|
page read and write
|
||
|
4D0000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
3D90000
|
direct allocation
|
page read and write
|
||
|
B80000
|
direct allocation
|
page execute and read and write
|
||
|
5E3D000
|
stack
|
page read and write
|
||
|
8C1000
|
unkown
|
page execute read
|
||
|
3A4000
|
heap
|
page read and write
|
||
|
BB000
|
stack
|
page read and write
|
||
|
4D0000
|
trusted library allocation
|
page read and write
|
||
|
4FB000
|
heap
|
page read and write
|
||
|
2170000
|
direct allocation
|
page execute and read and write
|
||
|
8C0000
|
unkown
|
page readonly
|
||
|
561F000
|
heap
|
page read and write
|
||
|
547D000
|
unkown
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
1D8B000
|
system
|
page execute and read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
2C6C000
|
unkown
|
page read and write
|
||
|
3D90000
|
direct allocation
|
page read and write
|
||
|
1E70000
|
heap
|
page read and write
|
||
|
1DA4000
|
heap
|
page read and write
|
||
|
230000
|
system
|
page execute and read and write
|
||
|
6110000
|
heap
|
page read and write
|
||
|
6120000
|
heap
|
page read and write
|
||
|
2024000
|
heap
|
page read and write
|
||
|
6110000
|
trusted library allocation
|
page read and write
|
||
|
2287000
|
direct allocation
|
page execute and read and write
|
||
|
2E0000
|
heap
|
page read and write
|
||
|
552E000
|
stack
|
page read and write
|
||
|
1322000
|
system
|
page read and write
|
||
|
26A2000
|
unclassified section
|
page read and write
|
||
|
937000
|
heap
|
page read and write
|
||
|
2A6F000
|
stack
|
page read and write
|
||
|
1D80000
|
remote allocation
|
page read and write
|
||
|
5B3C000
|
stack
|
page read and write
|
||
|
D00000
|
direct allocation
|
page execute and read and write
|
||
|
180000
|
heap
|
page read and write
|
||
|
3FB000
|
unkown
|
page read and write
|
||
|
387000
|
heap
|
page read and write
|
||
|
3D10000
|
direct allocation
|
page read and write
|
||
|
25C000
|
stack
|
page read and write
|
||
|
482000
|
unkown
|
page readonly
|
||
|
3516000
|
heap
|
page read and write
|
||
|
258000
|
heap
|
page read and write
|
||
|
32D000
|
stack
|
page read and write
|
||
|
1DFD000
|
heap
|
page read and write
|
||
|
20000
|
unkown
|
page read and write
|
||
|
430000
|
trusted library allocation
|
page read and write
|
||
|
20000
|
direct allocation
|
page read and write
|
||
|
2F1000
|
heap
|
page read and write
|
||
|
600000
|
unkown
|
page readonly
|
||
|
1F60000
|
heap
|
page read and write
|
||
|
1E80000
|
heap
|
page read and write
|
||
|
2E0000
|
heap
|
page read and write
|
||
|
3CB000
|
heap
|
page read and write
|
||
|
296F000
|
stack
|
page read and write
|
||
|
5603000
|
heap
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
3D24000
|
direct allocation
|
page read and write
|
||
|
8E7000
|
heap
|
page read and write
|
||
|
130000
|
heap
|
page read and write
|
||
|
6110000
|
trusted library allocation
|
page read and write
|
||
|
68E000
|
heap
|
page read and write
|
||
|
56FD000
|
stack
|
page read and write
|
||
|
3C30000
|
direct allocation
|
page read and write
|
||
|
61ECE000
|
unkown
|
page read and write
|
||
|
4A7000
|
unkown
|
page read and write
|
||
|
3D5000
|
unkown
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
5900000
|
trusted library allocation
|
page read and write
|
||
|
6110000
|
trusted library allocation
|
page read and write
|
||
|
61EB5000
|
unkown
|
page readonly
|
||
|
750000
|
unkown
|
page readonly
|
||
|
772D000
|
heap
|
page read and write
|
||
|
24F000
|
heap
|
page read and write
|
||
|
6110000
|
trusted library allocation
|
page read and write
|
||
|
58FE000
|
stack
|
page read and write
|
||
|
6CF000
|
heap
|
page read and write
|
||
|
2A20000
|
unkown
|
page read and write
|
||
|
490000
|
unkown
|
page read and write
|
||
|
1E14000
|
heap
|
page read and write
|
||
|
201E000
|
stack
|
page read and write
|
||
|
997000
|
heap
|
page read and write
|
||
|
30F000
|
heap
|
page read and write
|
||
|
36E0000
|
heap
|
page read and write
|
||
|
C20000
|
direct allocation
|
page execute and read and write
|
||
|
6E5E000
|
stack
|
page read and write
|
||
|
2110000
|
direct allocation
|
page execute and read and write
|
||
|
6CF000
|
heap
|
page read and write
|
||
|
306000
|
heap
|
page read and write
|
||
|
6C4000
|
heap
|
page read and write
|
||
|
3D27000
|
direct allocation
|
page read and write
|
||
|
5D9000
|
heap
|
page read and write
|
||
|
557000
|
heap
|
page read and write
|
||
|
3D90000
|
direct allocation
|
page read and write
|
||
|
4F8000
|
heap
|
page read and write
|
||
|
57CF000
|
stack
|
page read and write
|
||
|
721D000
|
stack
|
page read and write
|
||
|
995000
|
heap
|
page read and write
|
||
|
4F4000
|
heap
|
page read and write
|
||
|
6115000
|
heap
|
page read and write
|
||
|
1FE0000
|
heap
|
page read and write
|
||
|
3AD0000
|
direct allocation
|
page read and write
|
||
|
255000
|
heap
|
page read and write
|
||
|
27F000
|
stack
|
page read and write
|
||
|
C00000
|
direct allocation
|
page execute and read and write
|
||
|
5629000
|
heap
|
page read and write
|
||
|
3358000
|
heap
|
page read and write
|
||
|
8CE000
|
unkown
|
page readonly
|
||
|
999000
|
heap
|
page read and write
|
||
|
30F000
|
heap
|
page read and write
|
||
|
6D14000
|
heap
|
page read and write
|
||
|
62A0000
|
heap
|
page read and write
|
||
|
F0000
|
direct allocation
|
page read and write
|
||
|
2A52000
|
unkown
|
page read and write
|
||
|
61E01000
|
unkown
|
page execute read
|
||
|
5F1F000
|
stack
|
page read and write
|
||
|
8C1000
|
unkown
|
page execute read
|
||
|
13B000
|
stack
|
page read and write
|
||
|
37C000
|
unkown
|
page read and write
|
||
|
1EC0000
|
direct allocation
|
page read and write
|
||
|
5C5000
|
heap
|
page read and write
|
||
|
3D10000
|
direct allocation
|
page read and write
|
||
|
73DE000
|
stack
|
page read and write
|
||
|
31D000
|
stack
|
page read and write
|
||
|
31D000
|
heap
|
page read and write
|
||
|
2028000
|
heap
|
page read and write
|
||
|
27B000
|
heap
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
6C7D000
|
stack
|
page read and write
|
||
|
554000
|
heap
|
page read and write
|
||
|
2F7000
|
heap
|
page read and write
|
||
|
684000
|
heap
|
page read and write
|
||
|
110000
|
heap
|
page read and write
|
||
|
6110000
|
trusted library allocation
|
page read and write
|
||
|
76E0000
|
heap
|
page read and write
|
||
|
5940000
|
heap
|
page read and write
|
||
|
13B0000
|
system
|
page read and write
|
||
|
7733000
|
heap
|
page read and write
|
||
|
562000
|
heap
|
page read and write
|
||
|
1FA0000
|
heap
|
page read and write
|
||
|
244000
|
heap
|
page read and write
|
||
|
61ECB000
|
unkown
|
page readonly
|
||
|
6EE0000
|
heap
|
page read and write
|
||
|
2300000
|
direct allocation
|
page execute and read and write
|
||
|
AA0000
|
direct allocation
|
page execute and read and write
|
||
|
3AD0000
|
direct allocation
|
page read and write
|
||
|
1E6D000
|
unkown
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
1F90000
|
heap
|
page read and write
|
||
|
3BAA000
|
direct allocation
|
page read and write
|
||
|
22F0000
|
direct allocation
|
page execute and read and write
|
||
|
270000
|
heap
|
page read and write
|
||
|
6110000
|
trusted library allocation
|
page read and write
|
||
|
2C6C000
|
unkown
|
page read and write
|
||
|
117000
|
stack
|
page read and write
|
||
|
480000
|
unkown
|
page readonly
|
||
|
4E34000
|
heap
|
page read and write
|
||
|
55F0000
|
heap
|
page read and write
|
||
|
342E000
|
heap
|
page read and write
|
||
|
24C2000
|
heap
|
page read and write
|
||
|
4D0000
|
trusted library allocation
|
page read and write
|
||
|
1D6C000
|
system
|
page execute and read and write
|
||
|
BA0000
|
direct allocation
|
page execute and read and write
|
||
|
1F0000
|
direct allocation
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
3C20000
|
direct allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
3530000
|
heap
|
page read and write
|
||
|
202B000
|
heap
|
page read and write
|
||
|
3756000
|
heap
|
page read and write
|
||
|
15FC000
|
system
|
page read and write
|
||
|
300000
|
heap
|
page read and write
|
||
|
69D000
|
heap
|
page read and write
|
||
|
930000
|
heap
|
page read and write
|
||
|
3C20000
|
direct allocation
|
page read and write
|
||
|
333000
|
system
|
page execute and read and write
|
||
|
20000
|
direct allocation
|
page read and write
|
||
|
8AF000
|
stack
|
page read and write
|
||
|
5FD000
|
heap
|
page read and write
|
||
|
3AD0000
|
direct allocation
|
page read and write
|
||
|
A80000
|
unkown
|
page readonly
|
||
|
3410000
|
heap
|
page read and write
|
||
|
7A0000
|
unkown
|
page readonly
|
||
|
3BAA000
|
direct allocation
|
page read and write
|
||
|
380000
|
heap
|
page read and write
|
||
|
20F0000
|
direct allocation
|
page execute and read and write
|
||
|
2670000
|
unclassified section
|
page read and write
|
||
|
89F000
|
stack
|
page read and write
|
||
|
6110000
|
trusted library allocation
|
page read and write
|
||
|
425000
|
unkown
|
page read and write
|
||
|
25E2000
|
unclassified section
|
page read and write
|
||
|
3D10000
|
direct allocation
|
page read and write
|
||
|
28BC000
|
unclassified section
|
page read and write
|
||
|
30F000
|
heap
|
page read and write
|
||
|
638F000
|
stack
|
page read and write
|
||
|
6DE0000
|
heap
|
page read and write
|
||
|
739F000
|
stack
|
page read and write
|
||
|
1CF0000
|
system
|
page execute and read and write
|
||
|
3BAD000
|
direct allocation
|
page read and write
|
||
|
B97000
|
direct allocation
|
page execute and read and write
|
||
|
C0000
|
unkown
|
page read and write
|
||
|
3D21000
|
direct allocation
|
page read and write
|
||
|
355F000
|
stack
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
2CE000
|
stack
|
page read and write
|
||
|
562000
|
heap
|
page read and write
|
||
|
6C90000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
99E000
|
heap
|
page read and write
|
||
|
24A4000
|
heap
|
page read and write
|
||
|
426000
|
heap
|
page read and write
|
||
|
1E10000
|
heap
|
page read and write
|
||
|
3C30000
|
direct allocation
|
page read and write
|
||
|
2F6000
|
heap
|
page read and write
|
||
|
6110000
|
trusted library allocation
|
page read and write
|
||
|
2CA4000
|
unclassified section
|
page read and write
|
||
|
C10000
|
direct allocation
|
page execute and read and write
|
||
|
8B4000
|
stack
|
page read and write
|
||
|
1E80000
|
heap
|
page read and write
|
||
|
993000
|
heap
|
page read and write
|
||
|
3D10000
|
direct allocation
|
page read and write
|
||
|
B94000
|
direct allocation
|
page execute and read and write
|
||
|
574E000
|
stack
|
page read and write
|
||
|
2E0000
|
heap
|
page read and write
|
||
|
534000
|
heap
|
page read and write
|
||
|
3D27000
|
direct allocation
|
page read and write
|
||
|
3D24000
|
direct allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
6110000
|
trusted library allocation
|
page read and write
|
||
|
3D10000
|
direct allocation
|
page read and write
|
||
|
3D10000
|
direct allocation
|
page read and write
|
||
|
60CE000
|
stack
|
page read and write
|
||
|
22B000
|
stack
|
page read and write
|
||
|
1D2E000
|
stack
|
page read and write
|
||
|
3C30000
|
direct allocation
|
page read and write
|
||
|
143C000
|
system
|
page read and write
|
||
|
6C8000
|
heap
|
page read and write
|
||
|
566E000
|
stack
|
page read and write
|
||
|
3D24000
|
direct allocation
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
5810000
|
heap
|
page read and write
|
||
|
3C20000
|
direct allocation
|
page read and write
|
||
|
6120000
|
heap
|
page read and write
|
||
|
8C1000
|
unkown
|
page execute read
|
||
|
420000
|
heap
|
page read and write
|
||
|
1D44000
|
heap
|
page read and write
|
||
|
3D27000
|
direct allocation
|
page read and write
|
||
|
8D5000
|
unkown
|
page read and write
|
||
|
36D1000
|
heap
|
page read and write
|
||
|
30D000
|
heap
|
page read and write
|
||
|
6300000
|
heap
|
page read and write
|
||
|
4F30000
|
trusted library allocation
|
page read and write
|
||
|
3D21000
|
direct allocation
|
page read and write
|
||
|
3D30000
|
direct allocation
|
page read and write
|
||
|
1E10000
|
heap
|
page read and write
|
||
|
244000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
482000
|
unkown
|
page readonly
|
||
|
28F000
|
heap
|
page read and write
|
||
|
3BAA000
|
direct allocation
|
page read and write
|
||
|
3C30000
|
direct allocation
|
page read and write
|
||
|
350000
|
heap
|
page read and write
|
||
|
2992000
|
unkown
|
page read and write
|
||
|
3D90000
|
direct allocation
|
page read and write
|
||
|
234000
|
heap
|
page read and write
|
||
|
1DD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3D21000
|
direct allocation
|
page read and write
|
||
|
318F000
|
stack
|
page read and write
|
||
|
1ED000
|
stack
|
page read and write
|
||
|
55DD000
|
heap
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
8D7000
|
unkown
|
page readonly
|
||
|
20000
|
unkown
|
page read and write
|
||
|
4F30000
|
trusted library allocation
|
page read and write
|
||
|
1F77000
|
heap
|
page read and write
|
||
|
8C0000
|
unkown
|
page readonly
|
||
|
900000
|
trusted library allocation
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
6B7E000
|
stack
|
page read and write
|
||
|
8D5000
|
unkown
|
page read and write
|
||
|
6B2000
|
heap
|
page read and write
|
||
|
9B9000
|
heap
|
page read and write
|
||
|
110000
|
heap
|
page read and write
|
||
|
6110000
|
trusted library allocation
|
page read and write
|
||
|
210000
|
heap
|
page read and write
|
||
|
57CD000
|
stack
|
page read and write
|
||
|
2BD000
|
stack
|
page read and write
|
||
|
27B0000
|
unkown
|
page execute and read and write
|
||
|
725F000
|
stack
|
page read and write
|
||
|
1DA0000
|
heap
|
page read and write
|
||
|
1DDF000
|
system
|
page execute and read and write
|
||
|
3D30000
|
direct allocation
|
page read and write
|
||
|
751F000
|
stack
|
page read and write
|
||
|
740000
|
unkown
|
page readonly
|
||
|
2FC8000
|
unclassified section
|
page read and write
|
||
|
3AD0000
|
direct allocation
|
page read and write
|
||
|
193000
|
heap
|
page read and write
|
||
|
1EA2000
|
heap
|
page read and write
|
||
|
761F000
|
stack
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
55FD000
|
heap
|
page read and write
|
||
|
5AFE000
|
stack
|
page read and write
|
||
|
3BAA000
|
direct allocation
|
page read and write
|
||
|
954000
|
heap
|
page read and write
|
||
|
20000
|
direct allocation
|
page read and write
|
||
|
6130000
|
heap
|
page read and write
|
||
|
551000
|
heap
|
page read and write
|
||
|
31E6000
|
unkown
|
page read and write
|
||
|
A90000
|
direct allocation
|
page execute and read and write
|
||
|
2020000
|
heap
|
page read and write
|
||
|
3BAD000
|
direct allocation
|
page read and write
|
||
|
8D7000
|
unkown
|
page readonly
|
||
|
3CE000
|
unkown
|
page read and write
|
||
|
8C0000
|
direct allocation
|
page read and write
|
||
|
594F000
|
stack
|
page read and write
|
||
|
387000
|
heap
|
page read and write
|
||
|
8CE000
|
unkown
|
page readonly
|
||
|
259F000
|
stack
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
6110000
|
heap
|
page read and write
|
||
|
5A7000
|
heap
|
page read and write
|
||
|
425000
|
unkown
|
page read and write
|
||
|
1E84000
|
heap
|
page read and write
|
||
|
6D0F000
|
heap
|
page read and write
|
||
|
1D4B000
|
heap
|
page read and write
|
||
|
3D27000
|
direct allocation
|
page read and write
|
||
|
5D0D000
|
stack
|
page read and write
|
||
|
305000
|
heap
|
page read and write
|
||
|
3D24000
|
direct allocation
|
page read and write
|
||
|
7736000
|
heap
|
page read and write
|
||
|
3C20000
|
direct allocation
|
page read and write
|
||
|
3D0000
|
unkown
|
page read and write
|
||
|
994000
|
heap
|
page read and write
|
||
|
3513000
|
heap
|
page read and write
|
||
|
3757000
|
heap
|
page read and write
|
||
|
4E37000
|
heap
|
page read and write
|
||
|
6CD0000
|
heap
|
page read and write
|
||
|
3AD0000
|
direct allocation
|
page read and write
|
||
|
387000
|
heap
|
page read and write
|
||
|
8C0000
|
unkown
|
page readonly
|
||
|
3190000
|
heap
|
page read and write
|
||
|
380000
|
heap
|
page read and write
|
||
|
5BE0000
|
heap
|
page read and write
|
||
|
3443000
|
heap
|
page read and write
|
||
|
58BF000
|
stack
|
page read and write
|
||
|
5C0000
|
unkown
|
page readonly
|
||
|
3D30000
|
direct allocation
|
page read and write
|
||
|
1F74000
|
heap
|
page read and write
|
||
|
10E000
|
stack
|
page read and write
|
||
|
8B000
|
stack
|
page read and write
|
||
|
8F0000
|
unkown
|
page readonly
|
||
|
306000
|
heap
|
page read and write
|
||
|
2B0000
|
heap
|
page read and write
|
||
|
3378000
|
unkown
|
page read and write
|
||
|
3757000
|
heap
|
page read and write
|
||
|
387000
|
heap
|
page read and write
|
||
|
306000
|
heap
|
page read and write
|
||
|
2C8E000
|
stack
|
page read and write
|
||
|
3D90000
|
direct allocation
|
page read and write
|
||
|
25E000
|
stack
|
page read and write
|
||
|
89000
|
stack
|
page read and write
|
||
|
7730000
|
heap
|
page read and write
|
||
|
293000
|
heap
|
page read and write
|
||
|
5C9C000
|
stack
|
page read and write
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
3D27000
|
direct allocation
|
page read and write
|
||
|
283000
|
heap
|
page read and write
|
||
|
6110000
|
trusted library allocation
|
page read and write
|
||
|
3330000
|
heap
|
page read and write
|
||
|
5F9E000
|
stack
|
page read and write
|
||
|
490000
|
unkown
|
page write copy
|
||
|
6110000
|
trusted library allocation
|
page read and write
|
||
|
36D0000
|
heap
|
page read and write
|
||
|
5DBF000
|
stack
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
3512000
|
heap
|
page execute and read and write
|
||
|
20000
|
unkown
|
page read and write
|
||
|
3D21000
|
direct allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2024000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
627000
|
heap
|
page read and write
|
||
|
19E4000
|
system
|
page read and write
|
||
|
8D7000
|
unkown
|
page readonly
|
||
|
61ED2000
|
unkown
|
page readonly
|
||
|
230000
|
heap
|
page read and write
|
||
|
26FC000
|
unclassified section
|
page read and write
|
||
|
1E14000
|
heap
|
page read and write
|
||
|
6110000
|
trusted library allocation
|
page read and write
|
||
|
20000
|
direct allocation
|
page read and write
|
||
|
1EE0000
|
heap
|
page read and write
|
||
|
99F000
|
heap
|
page read and write
|
||
|
6C4000
|
heap
|
page read and write
|
||
|
1E9E000
|
stack
|
page read and write
|
||
|
3D21000
|
direct allocation
|
page read and write
|
||
|
8C0000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
6110000
|
trusted library allocation
|
page read and write
|
||
|
450000
|
heap
|
page read and write
|
||
|
343B000
|
heap
|
page read and write
|
||
|
6110000
|
trusted library allocation
|
page read and write
|
||
|
380000
|
heap
|
page read and write
|
||
|
2E36000
|
unclassified section
|
page read and write
|
||
|
3560000
|
heap
|
page read and write
|
||
|
6CFF000
|
heap
|
page read and write
|
||
|
3BAD000
|
direct allocation
|
page read and write
|
||
|
460000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
5D90000
|
heap
|
page read and write
|
||
|
64F000
|
heap
|
page read and write
|
||
|
480000
|
unkown
|
page readonly
|
||
|
5000000
|
trusted library allocation
|
page read and write
|
||
|
340000
|
heap
|
page read and write
|
||
|
2270000
|
direct allocation
|
page execute and read and write
|
||
|
2284000
|
direct allocation
|
page execute and read and write
|
||
|
982000
|
heap
|
page read and write
|
||
|
1F71000
|
heap
|
page read and write
|
||
|
6122000
|
heap
|
page read and write
|
||
|
18A000
|
stack
|
page read and write
|
||
|
551000
|
heap
|
page read and write
|
||
|
2992000
|
unkown
|
page read and write
|
||
|
480000
|
trusted library allocation
|
page read and write
|
||
|
1DFA000
|
heap
|
page read and write
|
||
|
3BAD000
|
direct allocation
|
page read and write
|
||
|
6EDC000
|
stack
|
page read and write
|
||
|
D80000
|
direct allocation
|
page execute and read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
3D27000
|
direct allocation
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
2010000
|
direct allocation
|
page execute and read and write
|
||
|
1D20000
|
trusted library allocation
|
page read and write
|
||
|
701F000
|
stack
|
page read and write
|
||
|
3D90000
|
direct allocation
|
page read and write
|
||
|
2CB4000
|
unkown
|
page execute and read and write
|
||
|
380000
|
heap
|
page read and write
|
||
|
2104000
|
direct allocation
|
page execute and read and write
|
||
|
5C0000
|
unkown
|
page readonly
|
||
|
5BBF000
|
stack
|
page read and write
|
||
|
2CE000
|
stack
|
page read and write
|
||
|
3C20000
|
direct allocation
|
page read and write
|
||
|
61EB2000
|
unkown
|
page read and write
|
||
|
3054000
|
unkown
|
page read and write
|
||
|
3B8000
|
heap
|
page read and write
|
||
|
8CE000
|
unkown
|
page readonly
|
||
|
7410000
|
heap
|
page read and write
|
||
|
6100000
|
heap
|
page read and write
|
||
|
23F000
|
heap
|
page read and write
|
||
|
30A000
|
heap
|
page read and write
|
||
|
2BD000
|
stack
|
page read and write
|
||
|
4E30000
|
heap
|
page read and write
|
||
|
988000
|
heap
|
page read and write
|
||
|
735F000
|
stack
|
page read and write
|
||
|
6120000
|
heap
|
page read and write
|
||
|
5636000
|
heap
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
202B000
|
heap
|
page read and write
|
||
|
2B8000
|
system
|
page execute and read and write
|
||
|
8D5000
|
unkown
|
page read and write
|
||
|
985000
|
heap
|
page read and write
|
||
|
D20000
|
direct allocation
|
page execute and read and write
|
||
|
120000
|
heap
|
page read and write
|
||
|
6110000
|
trusted library allocation
|
page read and write
|
||
|
A2C000
|
heap
|
page read and write
|
||
|
3D30000
|
direct allocation
|
page read and write
|
||
|
3210000
|
heap
|
page read and write
|
||
|
746000
|
heap
|
page read and write
|
||
|
8F0000
|
unkown
|
page readonly
|
||
|
24F000
|
heap
|
page read and write
|
||
|
2028000
|
heap
|
page read and write
|
||
|
460000
|
heap
|
page read and write
|
||
|
BB000
|
stack
|
page read and write
|
||
|
2C90000
|
heap
|
page read and write
|
||
|
1DC2000
|
heap
|
page read and write
|
||
|
1E50000
|
unkown
|
page read and write
|
||
|
1E32000
|
heap
|
page read and write
|
||
|
1F80000
|
trusted library allocation
|
page read and write
|
||
|
249F000
|
stack
|
page read and write
|
||
|
4AB000
|
unkown
|
page readonly
|
||
|
36D1000
|
heap
|
page read and write
|
||
|
96D000
|
heap
|
page read and write
|
||
|
98D000
|
heap
|
page read and write
|
||
|
246000
|
heap
|
page read and write
|
||
|
3A4000
|
heap
|
page read and write
|
||
|
D17000
|
direct allocation
|
page execute and read and write
|
||
|
2000000
|
direct allocation
|
page execute and read and write
|
||
|
3513000
|
heap
|
page read and write
|
||
|
116000
|
heap
|
page read and write
|
||
|
3BAA000
|
direct allocation
|
page read and write
|
||
|
5B8E000
|
stack
|
page read and write
|
||
|
250000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
6B2000
|
heap
|
page read and write
|
||
|
4FB000
|
heap
|
page read and write
|
||
|
6127000
|
heap
|
page read and write
|
||
|
11AF000
|
stack
|
page read and write
|
||
|
6116000
|
heap
|
page read and write
|
||
|
3C20000
|
direct allocation
|
page read and write
|
||
|
3690000
|
heap
|
page read and write
|
||
|
1D63000
|
system
|
page execute and read and write
|
||
|
67F000
|
heap
|
page read and write
|
||
|
8E0000
|
heap
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
3C7000
|
unkown
|
page read and write
|
||
|
3D30000
|
direct allocation
|
page read and write
|
||
|
1DC000
|
stack
|
page read and write
|
There are 604 hidden memdumps, click here to show them.