IOC Report
Documento.xlsm

loading gif

Files

File Path
Type
Category
Malicious
Documento.xlsm
Microsoft Excel 2007+
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\BRqk58WkNweubruYwrLOt[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Desktop\~$Documento.xlsm
data
dropped
 malicious
C:\Users\user\xxw1.ocx
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Microsoft Cabinet archive data, 61414 bytes, 1 file
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3429A7BE.jpeg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 220x220, segment length 16, baseline, precision 8, 2418x1051, frames 3
dropped
C:\Users\user\AppData\Local\Temp\8833.tmp
Composite Document File V2 Document, Cannot read section info
dropped
C:\Users\user\AppData\Local\Temp\Cab38BB.tmp
Microsoft Cabinet archive data, 61414 bytes, 1 file
dropped
C:\Users\user\AppData\Local\Temp\Tar38BC.tmp
data
modified
C:\Users\user\AppData\Local\Temp\~DF214DADA29E525B4F.TMP
data
dropped
C:\Windows\SysWOW64\Lublsqnpkfxznyn\qzdpzpnlmhwmidn.sqj (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
There are 2 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
 malicious
C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\SysWow64\regsvr32.exe /s ..\xxw1.ocx
 malicious
C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Lublsqnpkfxznyn\qzdpzpnlmhwmidn.sqj"
 malicious
C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Akqqkkcyjpzjtkdl\yjsihfoifzocxh.bje"
 malicious
C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Jlwcmhlugcekbvod\wgwqcgkqco.zkn"
 malicious
C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Wjoyn\vwxqtwr.dtt"
 malicious
C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Fypgzmyquzzcde\otyatzrmngwq.ngt"
 malicious
C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Bwfagqlayjve\vhxv.yyo"
 malicious
C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Wajwuevzvdakzef\rsarmrhrfymvh.bdv"
 malicious
C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Qqnrprjtrrtdhqc\hwfqlqeqb.xee"
 malicious

URLs

Name
IP
Malicious
https://135.148.121.246/j
unknown
 malicious
https://135.148.121.246:8080/zPDHHDvtYQmewTlUqnNumfvSgAMeHhZGhBefDhmgdqyEKfqwiccH~A
unknown
 malicious
https://135.148.121.246:8080/zPDHHDvtYQmewTlUqnNumfvSgAMeHhZGhBefDhmgdqyEKfqwot~H
unknown
 malicious
https://135.148.121.246/b
unknown
 malicious
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
unknown
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
unknown
http://www.diginotar.nl/cps/pkioverheid0
unknown
http://crl.entrust.net/server1.crl0
unknown
http://ocsp.entrust.net0D
unknown
http://ocsp.entrust.net03
unknown
https://secure.comodo.com/CPS0
unknown
http://crl.entrust.net/2048ca.crl0
unknown
There are 2 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
www.swaong.com
unknown
 malicious

IPs

IP
Domain
Country
Malicious
195.154.133.20
unknown
France
malicious
185.157.82.211
unknown
Poland
malicious
79.172.212.216
unknown
Hungary
malicious
212.237.17.99
unknown
Italy
malicious
110.232.117.186
unknown
Australia
malicious
51.254.140.238
unknown
France
malicious
119.235.255.201
unknown
Indonesia
malicious
212.24.98.99
unknown
Lithuania
malicious
213.190.4.223
unknown
Germany
malicious
138.185.72.26
unknown
Brazil
malicious
153.126.203.229
unknown
Japan
malicious
81.0.236.90
unknown
Czech Republic
malicious
216.158.226.206
unknown
United States
malicious
45.118.115.99
unknown
Indonesia
malicious
103.75.201.2
unknown
Thailand
malicious
103.75.201.4
unknown
Thailand
malicious
209.126.98.206
unknown
United States
malicious
156.67.219.84
unknown
Cyprus
malicious
175.107.196.192
unknown
Pakistan
malicious
217.182.143.207
unknown
France
malicious
82.165.152.127
unknown
Germany
malicious
107.182.225.142
unknown
United States
malicious
45.118.135.203
unknown
Japan
malicious
50.116.54.215
unknown
United States
malicious
131.100.24.231
unknown
Brazil
malicious
135.148.121.246
unknown
United States
malicious
46.55.222.11
unknown
Bulgaria
malicious
173.212.193.249
unknown
Germany
malicious
178.79.147.66
unknown
United Kingdom
malicious
45.176.232.124
unknown
Colombia
malicious
162.243.175.63
unknown
United States
malicious
176.104.106.96
unknown
Serbia
malicious
31.24.158.56
unknown
Spain
malicious
50.30.40.196
unknown
United States
malicious
207.38.84.195
unknown
United States
malicious
164.68.99.3
unknown
Germany
malicious
103.134.85.85
unknown
Indonesia
malicious
212.237.56.116
unknown
Italy
malicious
45.142.114.231
unknown
Germany
malicious
203.114.109.124
unknown
Thailand
malicious
129.232.188.93
unknown
South Africa
malicious
159.8.59.82
unknown
United States
malicious
58.227.42.236
unknown
Korea Republic of
malicious
158.69.222.101
unknown
Canada
malicious
178.128.83.165
unknown
Netherlands
malicious
There are 35 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
3v,
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1040
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
MTTT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
ReviewToken
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\2E5EC
2E5EC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
VBAFiles
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
kr,
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
@%SystemRoot%\system32\qagentrt.dll,-10
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
@%SystemRoot%\System32\fveui.dll,-843
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
@%SystemRoot%\System32\fveui.dll,-844
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
@%SystemRoot%\System32\wuaueng.dll,-400
HKEY_CURRENT_USER\Software\Microsoft\IMEMIP\0x0410
Input
HKEY_CURRENT_USER\Software\Microsoft\IMEMIP\0x0410
TargetConverted
HKEY_CURRENT_USER\Software\Microsoft\IMEMIP\0x0410
Converted
HKEY_CURRENT_USER\Software\Microsoft\IMEMIP\0x0410
TargetNotConverted
HKEY_CURRENT_USER\Software\Microsoft\IMEMIP\0x0410
InputError
HKEY_CURRENT_USER\Software\Microsoft\IMEMIP\0x0410
FixedConverted
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 4
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 5
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 6
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 8
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 10
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 11
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 12
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 13
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 14
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 15
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 16
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 17
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 18
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 19
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\3928F
3928F
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 4
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 5
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 6
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 8
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 10
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 11
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 12
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 13
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 14
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 15
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 16
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 17
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 18
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 19
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\39904
39904
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
LastPurgeTime
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
EXCELFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
There are 68 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
1D0000
trusted library allocation
page execute and read and write
 malicious
301000
trusted library allocation
page execute read
 malicious
150000
trusted library allocation
page execute and read and write
 malicious
1C0000
trusted library allocation
page execute and read and write
 malicious
261000
trusted library allocation
page execute read
 malicious
201000
trusted library allocation
page execute read
 malicious
8D1000
trusted library allocation
page execute read
 malicious
231000
trusted library allocation
page execute read
 malicious
1E1000
trusted library allocation
page execute read
 malicious
241000
trusted library allocation
page execute read
 malicious
180000
trusted library allocation
page execute and read and write
 malicious
190000
trusted library allocation
page execute and read and write
 malicious
190000
trusted library allocation
page execute and read and write
 malicious
7E0000
trusted library allocation
page execute and read and write
 malicious
160000
trusted library allocation
page execute and read and write
 malicious
1A1000
trusted library allocation
page execute read
 malicious
230000
trusted library allocation
page execute and read and write
 malicious
1E1000
trusted library allocation
page execute read
 malicious
10B000
stack
page read and write
BCD000
stack
page read and write
331C000
trusted library allocation
page read and write
32B0000
trusted library allocation
page read and write
190000
heap
page read and write
E5E000
stack
page read and write
DAC000
stack
page read and write
63F000
heap
page read and write
B72000
heap
page read and write
D02000
heap
page read and write
10000
heap
page read and write
32F000
stack
page read and write
454000
heap
page read and write
387000
heap
page read and write
2BAC000
stack
page read and write
B94000
trusted library allocation
page read and write
30000
heap
page read and write
2D9000
stack
page read and write
D3D000
trusted library allocation
page read and write
2E0000
trusted library allocation
page read and write
4F7000
heap
page read and write
336C000
trusted library allocation
page read and write
2970000
trusted library allocation
page read and write
2C0C000
stack
page read and write
213000
heap
page read and write
4BE000
heap
page read and write
263000
heap
page read and write
2C2000
heap
page read and write
574000
heap
page read and write
10001000
unkown
page execute read
2D0F000
stack
page read and write
6FD000
trusted library allocation
page read and write
22C000
heap
page read and write
DEE000
stack
page read and write
6C0000
heap
page read and write
1006C000
unkown
page read and write
4B4000
heap
page read and write
850000
trusted library allocation
page read and write
2C7E000
stack
page read and write
180000
heap
page read and write
2EA000
stack
page read and write
723000
heap
page read and write
2EAE000
stack
page read and write
283E000
stack
page read and write
6C7000
heap
page read and write
2D6E000
stack
page read and write
6D5000
heap
page read and write
204000
trusted library allocation
page read and write
506000
heap
page read and write
A6E000
stack
page read and write
10001000
unkown
page execute read
340000
heap
page read and write
296D000
stack
page read and write
34D0000
trusted library allocation
page read and write
563000
heap
page read and write
1DF000
heap
page read and write
F80000
heap
page read and write
1D0000
heap
page read and write
27C0000
trusted library allocation
page read and write
3326000
trusted library allocation
page read and write
10000000
unkown
page readonly
390000
heap
page read and write
353000
heap
page read and write
B50000
trusted library allocation
page read and write
A40000
heap
page read and write
22A000
stack
page read and write
2AED000
stack
page read and write
CC0000
trusted library allocation
page read and write
2930000
heap
page read and write
2D1E000
stack
page read and write
10000
heap
page read and write
2C4E000
stack
page read and write
336C000
trusted library allocation
page read and write
2E0000
trusted library allocation
page read and write
65F000
stack
page read and write
10000
heap
page read and write
2B0E000
stack
page read and write
920000
heap
page read and write
25A000
stack
page read and write
28AC000
stack
page read and write
1E0000
trusted library allocation
page read and write
10073000
unkown
page readonly
34F8000
trusted library allocation
page read and write
430000
heap
page read and write
30000
heap
page read and write
547000
heap
page read and write
2DDE000
stack
page read and write
E2E000
stack
page read and write
3326000
trusted library allocation
page read and write
10000000
unkown
page readonly
10073000
unkown
page readonly
667000
heap
page read and write
2E6E000
stack
page read and write
334A000
trusted library allocation
page read and write
4D3000
heap
page read and write
260000
trusted library allocation
page read and write
9A000
stack
page read and write
3C0000
trusted library allocation
page read and write
290E000
stack
page read and write
D40000
remote allocation
page read and write
3326000
trusted library allocation
page read and write
10000
heap
page read and write
3CD000
trusted library allocation
page read and write
1C4000
trusted library allocation
page read and write
10001000
unkown
page execute read
564000
heap
page read and write
334A000
trusted library allocation
page read and write
6FF000
heap
page read and write
B6D000
trusted library allocation
page read and write
FAE000
stack
page read and write
1006C000
unkown
page read and write
1D0000
heap
page read and write
240000
trusted library allocation
page read and write
B4D000
stack
page read and write
1C0000
heap
page read and write
646000
heap
page read and write
1BA000
stack
page read and write
200000
heap
page read and write
F7E000
stack
page read and write
10056000
unkown
page readonly
BAD000
trusted library allocation
page read and write
540000
heap
page read and write
2C7E000
stack
page read and write
2CCE000
stack
page read and write
280E000
stack
page read and write
3C6000
heap
page read and write
30000
heap
page read and write
209000
stack
page read and write
28CE000
stack
page read and write
3326000
trusted library allocation
page read and write
F40000
heap
page read and write
260000
heap
page read and write
776000
heap
page read and write
4A3000
heap
page read and write
255000
trusted library allocation
page read and write
A84000
heap
page read and write
546000
heap
page read and write
10000000
unkown
page readonly
331E000
trusted library allocation
page read and write
225000
trusted library allocation
page read and write
265000
trusted library allocation
page read and write
57F000
heap
page read and write
490000
heap
page read and write
6AA000
heap
page read and write
2C5E000
stack
page read and write
27C0000
trusted library allocation
page read and write
335E000
trusted library allocation
page read and write
2B8E000
stack
page read and write
2BFE000
stack
page read and write
F3E000
stack
page read and write
282F000
stack
page read and write
460000
heap
page read and write
F9F000
stack
page read and write
10000
heap
page read and write
26A000
stack
page read and write
DF0000
heap
page read and write
F5F000
stack
page read and write
4B7000
heap
page read and write
1DA000
heap
page read and write
CE4000
heap
page read and write
ECE000
stack
page read and write
D20000
trusted library allocation
page read and write
3F0000
heap
page read and write
2D50000
heap
page read and write
3A4000
heap
page read and write
1C4000
heap
page read and write
2C5D000
stack
page read and write
230000
trusted library allocation
page read and write
E7F000
stack
page read and write
1006C000
unkown
page read and write
B6E000
stack
page read and write
437000
heap
page read and write
8D0000
trusted library allocation
page read and write
2940000
trusted library allocation
page read and write
4D4000
heap
page read and write
334A000
trusted library allocation
page read and write
5EE000
stack
page read and write
58E000
heap
page read and write
10000
heap
page read and write
240000
heap
page read and write
32FA000
trusted library allocation
page read and write
331C000
trusted library allocation
page read and write
10056000
unkown
page readonly
759000
heap
page read and write
F0C000
stack
page read and write
A80000
heap
page read and write
2F6000
heap
page read and write
B20000
heap
page read and write
DDD000
stack
page read and write
600000
heap
page read and write
6FA000
heap
page read and write
F2D000
stack
page read and write
27C0000
trusted library allocation
page read and write
27C0000
trusted library allocation
page read and write
3BF000
heap
page read and write
4F0000
heap
page read and write
1A0000
trusted library allocation
page read and write
D40000
remote allocation
page read and write
784000
heap
page read and write
325000
trusted library allocation
page read and write
514000
heap
page read and write
B50000
heap
page read and write
1D0000
heap
page read and write
BF0000
trusted library allocation
page read and write
890000
trusted library allocation
page read and write
334A000
trusted library allocation
page read and write
69A000
heap
page read and write
9FE000
stack
page read and write
60B000
heap
page read and write
3319000
trusted library allocation
page read and write
F0E000
stack
page read and write
850000
heap
page read and write
2BCF000
stack
page read and write
9F0000
trusted library allocation
page read and write
10056000
unkown
page readonly
EF3000
heap
page read and write
2A6000
heap
page read and write
B80000
heap
page read and write
AFE000
stack
page read and write
4EF000
heap
page read and write
34F8000
trusted library allocation
page read and write
871E000
trusted library allocation
page read and write
E90000
heap
page read and write
B0E000
stack
page read and write
5BB000
heap
page read and write
10000000
unkown
page readonly
DCE000
stack
page read and write
88CE000
trusted library allocation
page read and write
872000
heap
page read and write
32CF000
trusted library allocation
page read and write
52A000
heap
page read and write
4EA000
heap
page read and write
640000
heap
page read and write
4B2000
heap
page read and write
DEE000
stack
page read and write
2B4D000
stack
page read and write
28CC000
stack
page read and write
156000
heap
page read and write
3326000
trusted library allocation
page read and write
2C7E000
stack
page read and write
E3D000
stack
page read and write
3326000
trusted library allocation
page read and write
2EDE000
stack
page read and write
285C000
stack
page read and write
C9F000
stack
page read and write
204000
heap
page read and write
1F2000
heap
page read and write
5DF000
heap
page read and write
330000
heap
page read and write
F00000
heap
page read and write
814000
heap
page read and write
1CA000
stack
page read and write
10000000
unkown
page readonly
291E000
stack
page read and write
B7F000
trusted library allocation
page read and write
2D2E000
stack
page read and write
3326000
trusted library allocation
page read and write
D20000
trusted library allocation
page read and write
334A000
trusted library allocation
page read and write
1006C000
unkown
page read and write
331E000
trusted library allocation
page read and write
130000
heap
page read and write
205000
trusted library allocation
page read and write
10001000
unkown
page execute read
11A000
stack
page read and write
CE0000
heap
page read and write
10073000
unkown
page readonly
ECC000
stack
page read and write
10000
heap
page read and write
547000
heap
page read and write
2CBE000
stack
page read and write
3319000
trusted library allocation
page read and write
10001000
unkown
page execute read
1FA000
stack
page read and write
8F5000
trusted library allocation
page read and write
351E000
trusted library allocation
page read and write
2A0000
heap
page read and write
8AD000
trusted library allocation
page read and write
C10000
trusted library allocation
page read and write
6F9000
heap
page read and write
44F000
heap
page read and write
250000
heap
page read and write
EDE000
stack
page read and write
10056000
unkown
page readonly
222000
heap
page read and write
871E000
trusted library allocation
page read and write
C2D000
trusted library allocation
page read and write
854000
heap
page read and write
290000
trusted library allocation
page read and write
285000
trusted library allocation
page read and write
40B000
heap
page read and write
57F000
heap
page read and write
331C000
trusted library allocation
page read and write
140000
heap
page read and write
2CED000
stack
page read and write
10000000
unkown
page readonly
2900000
heap
page read and write
2D9000
stack
page read and write
2D3E000
stack
page read and write
205000
trusted library allocation
page read and write
FAF000
stack
page read and write
288E000
stack
page read and write
3F3000
heap
page read and write
2D4E000
stack
page read and write
3319000
trusted library allocation
page read and write
334A000
trusted library allocation
page read and write
D50000
heap
page read and write
324000
trusted library allocation
page read and write
BF0000
heap
page read and write
E6E000
stack
page read and write
EEE000
stack
page read and write
684000
heap
page read and write
1006C000
unkown
page read and write
336C000
trusted library allocation
page read and write
27D000
trusted library allocation
page read and write
F43000
heap
page read and write
2A4000
heap
page read and write
57A000
heap
page read and write
510000
heap
page read and write
E70000
heap
page read and write
10073000
unkown
page readonly
10073000
unkown
page readonly
34D1000
trusted library allocation
page read and write
2C0000
heap
page read and write
AC0000
trusted library allocation
page read and write
A03000
heap
page read and write
10001000
unkown
page execute read
B90000
trusted library allocation
page read and write
889E000
trusted library allocation
page read and write
6E4000
heap
page read and write
494000
heap
page read and write
10056000
unkown
page readonly
2BCE000
stack
page read and write
E9E000
stack
page read and write
150000
heap
page read and write
E9E000
stack
page read and write
10000000
unkown
page readonly
871E000
trusted library allocation
page read and write
B23000
heap
page read and write
32ED000
trusted library allocation
page read and write
2A0000
heap
page read and write
284E000
stack
page read and write
871E000
trusted library allocation
page read and write
2940000
heap
page read and write
264000
trusted library allocation
page read and write
FAF000
stack
page read and write
1C5000
trusted library allocation
page read and write
10001000
unkown
page execute read
32A0000
heap
page read and write
3326000
trusted library allocation
page read and write
1D6000
heap
page read and write
283E000
stack
page read and write
284000
trusted library allocation
page read and write
E6F000
stack
page read and write
770000
heap
page read and write
200000
trusted library allocation
page read and write
D5F000
stack
page read and write
334A000
trusted library allocation
page read and write
27E000
heap
page read and write
1A7000
heap
page read and write
1006C000
unkown
page read and write
A60000
heap
page read and write
1006C000
unkown
page read and write
10056000
unkown
page readonly
F4D000
stack
page read and write
523000
heap
page read and write
27A000
stack
page read and write
69F000
heap
page read and write
2F1E000
stack
page read and write
F43000
heap
page read and write
A00000
heap
page read and write
EF0000
heap
page read and write
2950000
trusted library allocation
page read and write
624000
heap
page read and write
540000
heap
page read and write
8F4000
trusted library allocation
page read and write
1A0000
heap
page read and write
10000
heap
page read and write
1006C000
unkown
page read and write
F40000
heap
page read and write
2C0000
heap
page read and write
E02000
heap
page read and write
B54000
heap
page read and write
2C9D000
stack
page read and write
4E0000
heap
page read and write
331C000
trusted library allocation
page read and write
2F0000
heap
page read and write
4D1000
heap
page read and write
2E6D000
stack
page read and write
120000
heap
page read and write
351E000
trusted library allocation
page read and write
2933000
heap
page read and write
10056000
unkown
page readonly
10001000
unkown
page execute read
300000
trusted library allocation
page read and write
419000
heap
page read and write
871E000
trusted library allocation
page read and write
2B8E000
stack
page read and write
88AE000
trusted library allocation
page read and write
6E0000
trusted library allocation
page read and write
10073000
unkown
page readonly
63A000
heap
page read and write
E90000
heap
page read and write
3490000
heap
page read and write
2AFE000
stack
page read and write
2C0E000
stack
page read and write
260000
trusted library allocation
page read and write
34F7000
trusted library allocation
page read and write
AA2000
heap
page read and write
810000
heap
page read and write
28EE000
stack
page read and write
204000
trusted library allocation
page read and write
2D1E000
stack
page read and write
36000
heap
page read and write
607000
heap
page read and write
E9E000
stack
page read and write
2FD000
trusted library allocation
page read and write
2ECE000
stack
page read and write
6A6000
heap
page read and write
3C0000
heap
page read and write
F3C000
stack
page read and write
6D3000
heap
page read and write
254000
trusted library allocation
page read and write
B8F000
trusted library allocation
page read and write
46F000
heap
page read and write
4B0000
heap
page read and write
2D7E000
stack
page read and write
2930000
heap
page read and write
AA000
stack
page read and write
2940000
trusted library allocation
page read and write
5B3000
heap
page read and write
352F000
trusted library allocation
page read and write
335E000
trusted library allocation
page read and write
52F000
heap
page read and write
10073000
unkown
page readonly
4C7000
heap
page read and write
10000000
unkown
page readonly
EFE000
stack
page read and write
52C000
stack
page read and write
22A000
stack
page read and write
33A3000
trusted library allocation
page read and write
224000
trusted library allocation
page read and write
27C0000
trusted library allocation
page read and write
889E000
trusted library allocation
page read and write
2C6D000
stack
page read and write
673000
heap
page read and write
D53000
heap
page read and write
3393000
trusted library allocation
page read and write
10073000
unkown
page readonly
960000
trusted library allocation
page read and write
832000
heap
page read and write
733000
heap
page read and write
10056000
unkown
page readonly
F7E000
stack
page read and write
3B0000
trusted library allocation
page read and write
2DBE000
stack
page read and write
F1E000
stack
page read and write
10A000
stack
page read and write
3319000
trusted library allocation
page read and write
46A000
heap
page read and write
1D4000
heap
page read and write
180000
heap
page read and write
660000
heap
page read and write
10056000
unkown
page readonly
33A8000
trusted library allocation
page read and write
1E0000
trusted library allocation
page read and write
DBE000
stack
page read and write
44A000
heap
page read and write
2B5E000
stack
page read and write
4B9000
heap
page read and write
331C000
trusted library allocation
page read and write
430000
heap
page read and write
10000000
unkown
page readonly
10001000
unkown
page execute read
CA0000
heap
page read and write
B9000
stack
page read and write
331C000
trusted library allocation
page read and write
10073000
unkown
page readonly
F9D000
stack
page read and write
EDC000
stack
page read and write
1006C000
unkown
page read and write
380000
heap
page read and write
F60000
heap
page read and write
334A000
trusted library allocation
page read and write
CB0000
heap
page read and write
DF0000
heap
page read and write
10000
heap
page read and write
3BA000
heap
page read and write
2943000
heap
page read and write
2ADE000
stack
page read and write
245000
heap
page read and write
There are 499 hidden memdumps, click here to show them.