Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
qd_34768.xlsm
|
Microsoft Excel 2007+
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\eVzUZ7dv5zBAXa5[1].dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
downloaded
|
|
|
|
C:\Users\user\Desktop\~$qd_34768.xlsm
|
data
|
dropped
|
|
|
|
C:\Users\user\xewn.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, 60992 bytes, 1 file
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6F230AC8.jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 2159x57, frames
3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Cab3198.tmp
|
Microsoft Cabinet archive data, 60992 bytes, 1 file
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Tar3199.tmp
|
data
|
modified
|
||
|
C:\Windows\SysWOW64\Onodwrlgmyciiaw\qayqfx.jrd (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
C:\Windows\SysWow64\regsvr32.exe -s ..\xewn.dll
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Onodwrlgmyciiaw\qayqfx.jrd"
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Yyhjz\waeusmddlxyznd.sfn"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://eles-tech.com/css/KzMysMqFMs/
|
185.46.40.47
|
|
|
|
https://68.183.94.239:80/DiyTlQGJuLlFIgtBpxSntEnJrcPFhzwChyUaMhMLcrifUxIxXlgWcSSxyKnurar
|
unknown
|
|
|
|
https://68.183.94.239/
|
unknown
|
|
|
|
https://68.183.94.239:80/DiyTlQGJuLlFIgtBpxSntEnJrcPFhzwChyUaMhMLcrifUxIxXlgWcSSxyKnural
|
unknown
|
|
|
|
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
|
unknown
|
||
|
http://www.diginotar.nl/cps/pkioverheid0
|
unknown
|
||
|
http://crl.entrust.net/server1.crl0
|
unknown
|
||
|
http://ocsp.entrust.net0D
|
unknown
|
||
|
http://ocsp.entrust.net03
|
unknown
|
||
|
https://secure.comodo.com/CPS0
|
unknown
|
||
|
http://crl.entrust.net/2048ca.crl0
|
unknown
|
There are 2 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
eles-tech.com
|
185.46.40.47
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
68.183.94.239
|
unknown
|
United States
|
|
|
|
185.46.40.47
|
eles-tech.com
|
Turkey
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
<2'
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\327AC
|
327AC
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
?j'
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
There are 9 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
231000
|
direct allocation
|
page execute read
|
|
|
|
250000
|
direct allocation
|
page execute and read and write
|
|
|
|
401000
|
direct allocation
|
page execute read
|
|
|
|
180000
|
direct allocation
|
page execute and read and write
|
|
|
|
1E0000
|
direct allocation
|
page execute and read and write
|
|
|
|
3C1000
|
direct allocation
|
page execute read
|
|
|
|
7A4000
|
trusted library allocation
|
page read and write
|
||
|
2C5E000
|
stack
|
page read and write
|
||
|
10096000
|
unkown
|
page read and write
|
||
|
10069000
|
unkown
|
page execute read
|
||
|
2B7D000
|
stack
|
page read and write
|
||
|
31D1000
|
trusted library allocation
|
page read and write
|
||
|
10052000
|
unkown
|
page execute read
|
||
|
31D9000
|
trusted library allocation
|
page read and write
|
||
|
270F000
|
stack
|
page read and write
|
||
|
3210000
|
trusted library allocation
|
page read and write
|
||
|
31FF000
|
trusted library allocation
|
page read and write
|
||
|
10069000
|
unkown
|
page execute read
|
||
|
1008F000
|
unkown
|
page read and write
|
||
|
232E000
|
stack
|
page read and write
|
||
|
10092000
|
unkown
|
page read and write
|
||
|
873E000
|
trusted library allocation
|
page read and write
|
||
|
10084000
|
unkown
|
page readonly
|
||
|
2730000
|
heap
|
page read and write
|
||
|
351D000
|
trusted library allocation
|
page read and write
|
||
|
3C0000
|
direct allocation
|
page read and write
|
||
|
12A000
|
stack
|
page read and write
|
||
|
8CE000
|
stack
|
page read and write
|
||
|
1008E000
|
unkown
|
page write copy
|
||
|
10091000
|
unkown
|
page write copy
|
||
|
31D9000
|
trusted library allocation
|
page read and write
|
||
|
10084000
|
unkown
|
page readonly
|
||
|
380000
|
heap
|
page read and write
|
||
|
100D0000
|
unkown
|
page readonly
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
31CF000
|
trusted library allocation
|
page read and write
|
||
|
2C6D000
|
stack
|
page read and write
|
||
|
31AB000
|
trusted library allocation
|
page read and write
|
||
|
1009A000
|
unkown
|
page write copy
|
||
|
8F4000
|
heap
|
page read and write
|
||
|
1D0000
|
heap
|
page read and write
|
||
|
31CA000
|
trusted library allocation
|
page read and write
|
||
|
10091000
|
unkown
|
page write copy
|
||
|
2CDD000
|
stack
|
page read and write
|
||
|
3210000
|
trusted library allocation
|
page read and write
|
||
|
10062000
|
unkown
|
page execute read
|
||
|
2770000
|
heap
|
page read and write
|
||
|
351D000
|
trusted library allocation
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
2EC0000
|
heap
|
page read and write
|
||
|
31CD000
|
trusted library allocation
|
page read and write
|
||
|
24F000
|
heap
|
page read and write
|
||
|
31FF000
|
trusted library allocation
|
page read and write
|
||
|
C0000
|
heap
|
page read and write
|
||
|
3E3000
|
direct allocation
|
page read and write
|
||
|
31FF000
|
trusted library allocation
|
page read and write
|
||
|
10098000
|
unkown
|
page read and write
|
||
|
350000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
290E000
|
stack
|
page read and write
|
||
|
2BDE000
|
stack
|
page read and write
|
||
|
1008E000
|
unkown
|
page write copy
|
||
|
2780000
|
trusted library allocation
|
page read and write
|
||
|
10098000
|
unkown
|
page read and write
|
||
|
31FF000
|
trusted library allocation
|
page read and write
|
||
|
3170000
|
trusted library allocation
|
page read and write
|
||
|
10098000
|
unkown
|
page read and write
|
||
|
283000
|
heap
|
page read and write
|
||
|
25C0000
|
trusted library allocation
|
page read and write
|
||
|
1008F000
|
unkown
|
page read and write
|
||
|
10094000
|
unkown
|
page read and write
|
||
|
1007A000
|
unkown
|
page readonly
|
||
|
1004C000
|
unkown
|
page execute read
|
||
|
10036000
|
unkown
|
page execute read
|
||
|
2CAC000
|
stack
|
page read and write
|
||
|
31D1000
|
trusted library allocation
|
page read and write
|
||
|
930000
|
heap
|
page read and write
|
||
|
10036000
|
unkown
|
page execute read
|
||
|
100D0000
|
unkown
|
page readonly
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
253000
|
direct allocation
|
page read and write
|
||
|
770000
|
trusted library allocation
|
page read and write
|
||
|
320A000
|
trusted library allocation
|
page read and write
|
||
|
31D9000
|
trusted library allocation
|
page read and write
|
||
|
23B4000
|
heap
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
2330000
|
heap
|
page read and write
|
||
|
2E3E000
|
stack
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
278E000
|
stack
|
page read and write
|
||
|
10084000
|
unkown
|
page readonly
|
||
|
77D000
|
trusted library allocation
|
page read and write
|
||
|
31FF000
|
trusted library allocation
|
page read and write
|
||
|
31FF000
|
trusted library allocation
|
page read and write
|
||
|
230000
|
direct allocation
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
10092000
|
unkown
|
page read and write
|
||
|
10092000
|
unkown
|
page read and write
|
||
|
3A2000
|
heap
|
page read and write
|
||
|
320D000
|
trusted library allocation
|
page read and write
|
||
|
D74000
|
heap
|
page read and write
|
||
|
2C8000
|
heap
|
page read and write
|
||
|
34F7000
|
trusted library allocation
|
page read and write
|
||
|
1006C000
|
unkown
|
page execute read
|
||
|
423000
|
direct allocation
|
page read and write
|
||
|
1006C000
|
unkown
|
page execute read
|
||
|
31D1000
|
trusted library allocation
|
page read and write
|
||
|
357000
|
heap
|
page read and write
|
||
|
1005C000
|
unkown
|
page execute read
|
||
|
8EE000
|
stack
|
page read and write
|
||
|
2D5E000
|
stack
|
page read and write
|
||
|
38F000
|
heap
|
page read and write
|
||
|
374000
|
heap
|
page read and write
|
||
|
1004C000
|
unkown
|
page execute read
|
||
|
3F0000
|
heap
|
page read and write
|
||
|
24A000
|
heap
|
page read and write
|
||
|
31CF000
|
trusted library allocation
|
page read and write
|
||
|
8F0000
|
heap
|
page read and write
|
||
|
1007A000
|
unkown
|
page readonly
|
||
|
41A000
|
heap
|
page read and write
|
||
|
352E000
|
trusted library allocation
|
page read and write
|
||
|
3210000
|
trusted library allocation
|
page read and write
|
||
|
10094000
|
unkown
|
page read and write
|
||
|
234000
|
heap
|
page read and write
|
||
|
410000
|
heap
|
page read and write
|
||
|
31CF000
|
trusted library allocation
|
page read and write
|
||
|
3210000
|
trusted library allocation
|
page read and write
|
||
|
2E6000
|
heap
|
page read and write
|
||
|
1009C000
|
unkown
|
page readonly
|
||
|
2C2E000
|
stack
|
page read and write
|
||
|
10062000
|
unkown
|
page execute read
|
||
|
2740000
|
trusted library allocation
|
page read and write
|
||
|
324F000
|
trusted library allocation
|
page read and write
|
||
|
23D2000
|
heap
|
page read and write
|
||
|
860000
|
trusted library allocation
|
page read and write
|
||
|
3210000
|
trusted library allocation
|
page read and write
|
||
|
10096000
|
unkown
|
page read and write
|
||
|
217000
|
heap
|
page read and write
|
||
|
1009C000
|
unkown
|
page readonly
|
||
|
2DEE000
|
stack
|
page read and write
|
||
|
3210000
|
trusted library allocation
|
page read and write
|
||
|
252000
|
direct allocation
|
page read and write
|
||
|
CA000
|
stack
|
page read and write
|
||
|
319F000
|
trusted library allocation
|
page read and write
|
||
|
2CBE000
|
stack
|
page read and write
|
||
|
3210000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
10036000
|
unkown
|
page execute read
|
||
|
2F3000
|
heap
|
page read and write
|
||
|
27E0000
|
trusted library allocation
|
page read and write
|
||
|
2B8E000
|
stack
|
page read and write
|
||
|
2734000
|
heap
|
page read and write
|
||
|
31CD000
|
trusted library allocation
|
page read and write
|
||
|
2ED2000
|
heap
|
page read and write
|
||
|
149000
|
stack
|
page read and write
|
||
|
912000
|
heap
|
page read and write
|
||
|
2DAE000
|
stack
|
page read and write
|
||
|
33F000
|
stack
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
34F7000
|
trusted library allocation
|
page read and write
|
||
|
D7E000
|
stack
|
page read and write
|
||
|
280000
|
heap
|
page read and write
|
||
|
2DEE000
|
stack
|
page read and write
|
||
|
10096000
|
unkown
|
page read and write
|
||
|
3210000
|
trusted library allocation
|
page read and write
|
||
|
1005C000
|
unkown
|
page execute read
|
||
|
31D9000
|
trusted library allocation
|
page read and write
|
||
|
287000
|
heap
|
page read and write
|
||
|
2D4D000
|
stack
|
page read and write
|
||
|
10062000
|
unkown
|
page execute read
|
||
|
C50000
|
direct allocation
|
page read and write
|
||
|
160000
|
heap
|
page read and write
|
||
|
285000
|
heap
|
page read and write
|
||
|
22A000
|
stack
|
page read and write
|
||
|
2B9000
|
heap
|
page read and write
|
||
|
2A4000
|
heap
|
page read and write
|
||
|
31D9000
|
trusted library allocation
|
page read and write
|
||
|
21D0000
|
direct allocation
|
page read and write
|
||
|
31FF000
|
trusted library allocation
|
page read and write
|
||
|
31D9000
|
trusted library allocation
|
page read and write
|
||
|
1009A000
|
unkown
|
page write copy
|
||
|
869E000
|
trusted library allocation
|
page read and write
|
||
|
31D9000
|
trusted library allocation
|
page read and write
|
||
|
1006C000
|
unkown
|
page execute read
|
||
|
1D6000
|
heap
|
page read and write
|
||
|
31D2000
|
trusted library allocation
|
page read and write
|
||
|
320C000
|
trusted library allocation
|
page read and write
|
||
|
2730000
|
heap
|
page read and write
|
||
|
10052000
|
unkown
|
page execute read
|
||
|
239C000
|
stack
|
page read and write
|
||
|
1005C000
|
unkown
|
page execute read
|
||
|
10000
|
heap
|
page read and write
|
||
|
1009C000
|
unkown
|
page readonly
|
||
|
3212000
|
trusted library allocation
|
page read and write
|
||
|
2A5000
|
heap
|
page read and write
|
||
|
10052000
|
unkown
|
page execute read
|
||
|
27CE000
|
stack
|
page read and write
|
||
|
3DA000
|
heap
|
page read and write
|
||
|
740000
|
trusted library allocation
|
page read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
31D9000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
direct allocation
|
page read and write
|
||
|
86DE000
|
trusted library allocation
|
page read and write
|
||
|
31CA000
|
trusted library allocation
|
page read and write
|
||
|
2BA000
|
heap
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
24A000
|
stack
|
page read and write
|
||
|
2720000
|
remote allocation
|
page read and write
|
||
|
31D1000
|
trusted library allocation
|
page read and write
|
||
|
354000
|
heap
|
page read and write
|
||
|
384000
|
heap
|
page read and write
|
||
|
32C0000
|
heap
|
page read and write
|
||
|
31CF000
|
trusted library allocation
|
page read and write
|
||
|
2BF000
|
heap
|
page read and write
|
||
|
2D9E000
|
stack
|
page read and write
|
||
|
31D9000
|
trusted library allocation
|
page read and write
|
||
|
78D000
|
trusted library allocation
|
page read and write
|
||
|
2720000
|
remote allocation
|
page read and write
|
||
|
31FF000
|
trusted library allocation
|
page read and write
|
||
|
436000
|
heap
|
page read and write
|
||
|
78F000
|
trusted library allocation
|
page read and write
|
||
|
2BCE000
|
stack
|
page read and write
|
||
|
1008F000
|
unkown
|
page read and write
|
||
|
8E0000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
10094000
|
unkown
|
page read and write
|
||
|
1007A000
|
unkown
|
page readonly
|
||
|
3E2000
|
direct allocation
|
page read and write
|
||
|
20B000
|
stack
|
page read and write
|
||
|
285F000
|
stack
|
page read and write
|
||
|
31CD000
|
trusted library allocation
|
page read and write
|
||
|
2CFE000
|
stack
|
page read and write
|
||
|
3490000
|
heap
|
page read and write
|
||
|
286F000
|
stack
|
page read and write
|
||
|
30FC000
|
stack
|
page read and write
|
||
|
31D9000
|
trusted library allocation
|
page read and write
|
||
|
25C0000
|
direct allocation
|
page read and write
|
||
|
D70000
|
heap
|
page read and write
|
||
|
79F000
|
trusted library allocation
|
page read and write
|
||
|
34F6000
|
trusted library allocation
|
page read and write
|
||
|
27A0000
|
heap
|
page read and write
|
||
|
10069000
|
unkown
|
page execute read
|
||
|
38A000
|
heap
|
page read and write
|
||
|
380000
|
trusted library allocation
|
page read and write
|
||
|
31CA000
|
trusted library allocation
|
page read and write
|
||
|
31FF000
|
trusted library allocation
|
page read and write
|
||
|
2C9C000
|
stack
|
page read and write
|
||
|
1009A000
|
unkown
|
page write copy
|
||
|
3C5000
|
heap
|
page read and write
|
||
|
760000
|
trusted library allocation
|
page read and write
|
||
|
2DEE000
|
stack
|
page read and write
|
||
|
3210000
|
trusted library allocation
|
page read and write
|
||
|
422000
|
direct allocation
|
page read and write
|
||
|
3180000
|
trusted library allocation
|
page read and write
|
||
|
31CF000
|
trusted library allocation
|
page read and write
|
||
|
31CD000
|
trusted library allocation
|
page read and write
|
||
|
DA0000
|
heap
|
page read and write
|
||
|
31FF000
|
trusted library allocation
|
page read and write
|
||
|
75D000
|
trusted library allocation
|
page read and write
|
||
|
3220000
|
trusted library allocation
|
page read and write
|
||
|
34D0000
|
trusted library allocation
|
page read and write
|
||
|
100D0000
|
unkown
|
page readonly
|
||
|
3C3000
|
heap
|
page read and write
|
||
|
10091000
|
unkown
|
page write copy
|
||
|
416000
|
heap
|
page read and write
|
||
|
2F8E000
|
stack
|
page read and write
|
||
|
23B0000
|
heap
|
page read and write
|
||
|
31CD000
|
trusted library allocation
|
page read and write
|
||
|
280000
|
heap
|
page read and write
|
||
|
CD0000
|
trusted library allocation
|
page read and write
|
||
|
210000
|
heap
|
page read and write
|
||
|
30A000
|
heap
|
page read and write
|
||
|
31CD000
|
trusted library allocation
|
page read and write
|
||
|
31CA000
|
trusted library allocation
|
page read and write
|
||
|
31CF000
|
trusted library allocation
|
page read and write
|
||
|
34D1000
|
trusted library allocation
|
page read and write
|
||
|
89E000
|
stack
|
page read and write
|
||
|
3229000
|
trusted library allocation
|
page read and write
|
||
|
270D000
|
stack
|
page read and write
|
||
|
311000
|
heap
|
page read and write
|
||
|
2F5000
|
heap
|
page read and write
|
||
|
1008E000
|
unkown
|
page write copy
|
||
|
1004C000
|
unkown
|
page execute read
|
There are 273 hidden memdumps, click here to show them.