Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
#confirmaci#U00f3n+y+correcci#U00f3n+de+la+direccion.xls
|
Microsoft Excel 2007+
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\droidttrre[1].exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
downloaded
|
|
|
|
C:\Users\user\AppData\Roaming\venxajlddf.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
dropped
|
|
|
|
C:\Users\user\Desktop\~$#confirmaci#U00f3n+y+correcci#U00f3n+de+la+direccion.xls
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\869A5E80.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\91FDCC81.png
|
PNG image data, 731 x 391, 8-bit/color RGB, interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\APPEASINGLY.ned
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\ARMOURY CRATE eGPU Product.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\BD3.tmp
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Fecundify.lnk
|
MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun
Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\MsMpLics.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\REPREHENSION.Deb
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\System.IO.FileSystem.Watcher.dll
|
PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Undergangsstemningen.ini
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\avutil-54.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\folder-publicshare.png
|
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\krista.ini
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\lang-1045.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\multimedia-volume-control-symbolic.symbolic.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsoF8F7.tmp\System.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\p11-kit-trust.dll
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF483FEDB67C914879.TMP
|
data
|
dropped
|
There are 12 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
|
|
|
|
C:\Users\user\AppData\Roaming\venxajlddf.exe
|
C:\Users\user\AppData\Roaming\venxajlddf.exe
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://2.56.57.22/yendexoriginwithoutfilter_rctcon218.bin
|
|
||
|
http://2.56.57.22/droidttrre.exej
|
unknown
|
|
|
|
http://2.56.57.22/droidttrre.exeooC:
|
unknown
|
|
|
|
http://2.56.57.22/droidttrre.exe
|
2.56.57.22
|
|
|
|
http://2.56.57.22/droidttrre.exeP
|
unknown
|
|
|
|
http://crl.certum.pl/ctsca2021.crl0o
|
unknown
|
||
|
http://creativecommons.org/licenses/by-sa/4.0/
|
unknown
|
||
|
http://repository.certum.pl/ctnca.cer09
|
unknown
|
||
|
http://crl.thawte.com/ThawteTimestampingCA.crl0
|
unknown
|
||
|
http://repository.certum.pl/ctsca2021.cer0
|
unknown
|
||
|
http://crl.certum.pl/ctnca.crl0k
|
unknown
|
||
|
http://subca.ocsp-certum.com05
|
unknown
|
||
|
http://www.symauth.com/rpa00
|
unknown
|
||
|
http://ocsp.thawte.com0
|
unknown
|
||
|
http://subca.ocsp-certum.com02
|
unknown
|
||
|
http://www.nero.com
|
unknown
|
||
|
http://subca.ocsp-certum.com01
|
unknown
|
||
|
http://crl.certum.pl/ctnca2.crl0l
|
unknown
|
||
|
http://repository.certum.pl/ctnca2.cer09
|
unknown
|
||
|
http://www.avast.com0/
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
http://www.symauth.com/cps0(
|
unknown
|
||
|
http://www.certum.pl/CPS0
|
unknown
|
||
|
https://github.com/dotnet/runtime
|
unknown
|
There are 14 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
2.56.57.22
|
unknown
|
Netherlands
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
>o0
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\67C32
|
67C32
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus
|
FontCachePath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
uz0
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\71AB1
|
71AB1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\72701
|
72701
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
EquationEditorFilesIntl_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
EquationEditorFilesIntl_1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Glycerose112\ADVERTENCY
|
Balsamo11
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Cynology204\MORTIFICEREDE
|
Expand String Value
|
||
|
HKEY_CURRENT_USER\Software\Pezizaceae207\anticapital
|
Forsikringsaftalelovenes242
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\FAMILIEFORSIKRING\inditch
|
CAMPINGPLADS
|
||
|
HKEY_CURRENT_USER\Software\NONESUCHES\Nugatoriness
|
Nopredes
|
||
|
HKEY_CURRENT_USER\Software\Botanicas\Antilapse
|
Expand String Value
|
There are 57 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3F30000
|
direct allocation
|
page execute and read and write
|
|
|
|
40A000
|
unkown
|
page write copy
|
||
|
70B0000
|
trusted library allocation
|
page read and write
|
||
|
35CE000
|
stack
|
page read and write
|
||
|
3F2B000
|
stack
|
page read and write
|
||
|
46B000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
612000
|
heap
|
page read and write
|
||
|
589000
|
heap
|
page read and write
|
||
|
5DF000
|
heap
|
page read and write
|
||
|
73A0000
|
heap
|
page read and write
|
||
|
7410000
|
heap
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
774E000
|
stack
|
page read and write
|
||
|
784D000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1E80000
|
direct allocation
|
page read and write
|
||
|
5E1000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
23F2000
|
heap
|
page read and write
|
||
|
23CF000
|
trusted library section
|
page readonly
|
||
|
2870000
|
trusted library allocation
|
page read and write
|
||
|
2AF9000
|
trusted library allocation
|
page read and write
|
||
|
45B000
|
unkown
|
page readonly
|
||
|
27DF000
|
stack
|
page read and write
|
||
|
21C0000
|
trusted library allocation
|
page read and write
|
||
|
435000
|
unkown
|
page read and write
|
||
|
4A0000
|
trusted library allocation
|
page read and write
|
||
|
45B000
|
unkown
|
page readonly
|
||
|
566000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
240000
|
heap
|
page read and write
|
||
|
72EC000
|
stack
|
page read and write
|
||
|
628000
|
heap
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
7F10000
|
trusted library allocation
|
page read and write
|
||
|
5B5000
|
heap
|
page read and write
|
||
|
300000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
18C000
|
stack
|
page read and write
|
||
|
2B60000
|
heap
|
page read and write
|
||
|
30EB000
|
heap
|
page read and write
|
||
|
72F0000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
46B000
|
unkown
|
page readonly
|
||
|
601000
|
heap
|
page read and write
|
||
|
36E0000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
4CF000
|
stack
|
page read and write
|
||
|
754F000
|
stack
|
page read and write
|
||
|
5D4000
|
heap
|
page read and write
|
||
|
700E000
|
stack
|
page read and write
|
||
|
2ADE000
|
stack
|
page read and write
|
||
|
2B68000
|
heap
|
page read and write
|
||
|
21DD000
|
trusted library allocation
|
page read and write
|
||
|
7F0F000
|
stack
|
page read and write
|
||
|
46B000
|
unkown
|
page readonly
|
||
|
56C000
|
heap
|
page read and write
|
||
|
2920000
|
trusted library allocation
|
page read and write
|
||
|
2870000
|
trusted library allocation
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
45B000
|
unkown
|
page readonly
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
704C000
|
stack
|
page read and write
|
||
|
427000
|
unkown
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
459000
|
unkown
|
page read and write
|
||
|
30E8000
|
heap
|
page read and write
|
||
|
757000
|
heap
|
page read and write
|
||
|
552000
|
heap
|
page read and write
|
||
|
30E0000
|
heap
|
page read and write
|
||
|
46B000
|
unkown
|
page readonly
|
||
|
400000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
89000
|
stack
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
70CD000
|
trusted library allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
5AD000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
30E4000
|
heap
|
page read and write
|
||
|
2870000
|
trusted library allocation
|
page read and write
|
||
|
72AD000
|
stack
|
page read and write
|
||
|
291F000
|
stack
|
page read and write
|
||
|
45B000
|
unkown
|
page readonly
|
||
|
408000
|
unkown
|
page readonly
|
||
|
36D0000
|
trusted library allocation
|
page read and write
|
||
|
764D000
|
stack
|
page read and write
|
||
|
603000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
593000
|
heap
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
73A3000
|
heap
|
page read and write
|
||
|
2B1E000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
400000
|
unkown
|
page readonly
|
||
|
46B000
|
unkown
|
page readonly
|
||
|
50D000
|
stack
|
page read and write
|
||
|
6FCC000
|
stack
|
page read and write
|
||
|
2B6B000
|
heap
|
page read and write
|
||
|
7850000
|
trusted library allocation
|
page read and write
|
||
|
281E000
|
stack
|
page read and write
|
||
|
46B000
|
unkown
|
page readonly
|
||
|
36000
|
heap
|
page read and write
|
||
|
36CF000
|
stack
|
page read and write
|
||
|
64C000
|
heap
|
page read and write
|
||
|
2B64000
|
heap
|
page read and write
|
||
|
2A9E000
|
stack
|
page read and write
|
||
|
2ABD000
|
trusted library allocation
|
page read and write
|
||
|
70DF000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
739D000
|
stack
|
page read and write
|
||
|
2B23000
|
trusted library allocation
|
page read and write
|
||
|
73BF4000
|
unkown
|
page readonly
|
||
|
594000
|
heap
|
page read and write
|
||
|
7A1D000
|
stack
|
page read and write
|
||
|
5B7000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
250000
|
heap
|
page read and write
|
||
|
7070000
|
heap
|
page read and write
|
||
|
2B5E000
|
stack
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
750000
|
heap
|
page read and write
|
||
|
71F000
|
stack
|
page read and write
|
||
|
70F4000
|
trusted library allocation
|
page read and write
|
||
|
588000
|
heap
|
page read and write
|
||
|
7910000
|
heap
|
page read and write
|
||
|
58D000
|
heap
|
page read and write
|
||
|
45B000
|
unkown
|
page readonly
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
18A000
|
stack
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
23C4000
|
trusted library section
|
page readonly
|
||
|
3F0000
|
heap
|
page read and write
|
||
|
527000
|
heap
|
page read and write
|
||
|
23D0000
|
heap
|
page read and write
|
||
|
23C0000
|
trusted library section
|
page readonly
|
||
|
45B000
|
unkown
|
page readonly
|
||
|
2870000
|
trusted library allocation
|
page read and write
|
||
|
534000
|
heap
|
page read and write
|
||
|
89000
|
stack
|
page read and write
|
||
|
237F000
|
stack
|
page read and write
|
||
|
633000
|
heap
|
page read and write
|
||
|
23D4000
|
heap
|
page read and write
|
||
|
54F000
|
heap
|
page read and write
|
||
|
2F0000
|
heap
|
page read and write
|
||
|
73BF6000
|
unkown
|
page readonly
|
||
|
544000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
23BD000
|
stack
|
page read and write
|
||
|
73BF0000
|
unkown
|
page readonly
|
||
|
70EF000
|
trusted library allocation
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
73BF1000
|
unkown
|
page execute read
|
There are 146 hidden memdumps, click here to show them.