Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Bericht 6581.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Dream, Last Saved
By: RGSGK, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date:
Wed Jul 13 08:31:28 2022, Security: 0
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\I7IggNeBzEXeF5[1].dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\8WkzZvRZPr2gVDdMW[1].dll
|
data
|
downloaded
|
|
|
|
C:\Users\user\Desktop\Bericht 6581.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Dream, Last Saved
By: RGSGK, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date:
Wed Jul 13 08:31:28 2022, Security: 0
|
dropped
|
|
|
|
C:\Users\user\soci4.ocx
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\System32\NfgWijQQRQpENoq\gUYUkALTAiOgx.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, 61712 bytes, 1 file
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\CabCCDB.tmp
|
Microsoft Cabinet archive data, 61712 bytes, 1 file
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TarCCDC.tmp
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\~DF1E4410AE8F56E453.TMP
|
data
|
dropped
|
||
|
C:\Users\user\soci3.ocx
|
data
|
dropped
|
There are 2 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\soci1.ocx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\soci2.ocx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\soci3.ocx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\soci4.ocx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\NfgWijQQRQpENoq\gUYUkALTAiOgx.dll"
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k WerSvcGroup
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://atperson.com/campusvirtual/EOgFGo17w/
|
51.38.169.114
|
|
|
|
https://174.138.33.49:7080/$
|
unknown
|
|
|
|
https://js.cofounderspecials.com/splash.js?v=1.1.1
|
unknown
|
|
|
|
https://174.138.33.49:7080/(
|
unknown
|
|
|
|
http://atici.net/c/JDFDBMIz/
|
185.15.196.157
|
|
|
|
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
|
unknown
|
||
|
http://crl.entrust.net/server1.crl0
|
unknown
|
||
|
http://domesticuif.co.za/libraries/nbnH9dpd/
|
196.22.142.203
|
||
|
http://ocsp.entrust.net03
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
|
unknown
|
||
|
http://www.diginotar.nl/cps/pkioverheid0
|
unknown
|
||
|
http://ocsp.entrust.net0D
|
unknown
|
||
|
https://secure.comodo.com/CPS0
|
unknown
|
||
|
http://crl.entrust.net/2048ca.crl0
|
unknown
|
||
|
https://174.138.33.49/
|
unknown
|
There are 5 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
atperson.com
|
51.38.169.114
|
|
|
|
domesticuif.co.za
|
196.22.142.203
|
||
|
atici.net
|
185.15.196.157
|
||
|
eliteturismo.com
|
44.194.33.146
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
157.230.99.206
|
unknown
|
United States
|
|
|
|
188.165.79.151
|
unknown
|
France
|
|
|
|
196.44.98.190
|
unknown
|
Ghana
|
|
|
|
174.138.33.49
|
unknown
|
United States
|
|
|
|
43.129.209.178
|
unknown
|
Japan
|
|
|
|
103.41.204.169
|
unknown
|
Indonesia
|
|
|
|
36.67.23.59
|
unknown
|
Indonesia
|
|
|
|
5.253.30.17
|
unknown
|
Latvia
|
|
|
|
85.214.67.203
|
unknown
|
Germany
|
|
|
|
83.229.80.93
|
unknown
|
United Kingdom
|
|
|
|
198.199.70.22
|
unknown
|
United States
|
|
|
|
93.104.209.107
|
unknown
|
Germany
|
|
|
|
188.225.32.231
|
unknown
|
Russian Federation
|
|
|
|
175.126.176.79
|
unknown
|
Korea Republic of
|
|
|
|
128.199.242.164
|
unknown
|
United Kingdom
|
|
|
|
104.248.225.227
|
unknown
|
United States
|
|
|
|
178.238.225.252
|
unknown
|
Germany
|
|
|
|
190.145.8.4
|
unknown
|
Colombia
|
|
|
|
46.101.98.60
|
unknown
|
Netherlands
|
|
|
|
103.71.99.57
|
unknown
|
India
|
|
|
|
87.106.97.83
|
unknown
|
Germany
|
|
|
|
103.85.95.4
|
unknown
|
Indonesia
|
|
|
|
202.134.4.210
|
unknown
|
Indonesia
|
|
|
|
88.217.172.165
|
unknown
|
Germany
|
|
|
|
165.22.254.236
|
unknown
|
United States
|
|
|
|
118.98.72.86
|
unknown
|
Indonesia
|
|
|
|
139.59.80.108
|
unknown
|
Singapore
|
|
|
|
37.44.244.177
|
unknown
|
Germany
|
|
|
|
104.244.79.94
|
unknown
|
United States
|
|
|
|
157.245.111.0
|
unknown
|
United States
|
|
|
|
54.37.106.167
|
unknown
|
France
|
|
|
|
202.29.239.162
|
unknown
|
Thailand
|
|
|
|
103.56.149.105
|
unknown
|
Indonesia
|
|
|
|
85.25.120.45
|
unknown
|
Germany
|
|
|
|
37.187.114.15
|
unknown
|
France
|
|
|
|
51.38.169.114
|
atperson.com
|
France
|
|
|
|
139.196.72.155
|
unknown
|
China
|
|
|
|
165.232.185.110
|
unknown
|
United States
|
|
|
|
128.199.217.206
|
unknown
|
United Kingdom
|
|
|
|
103.224.241.74
|
unknown
|
India
|
|
|
|
210.57.209.142
|
unknown
|
Indonesia
|
|
|
|
190.107.19.179
|
unknown
|
Colombia
|
|
|
|
202.28.34.99
|
unknown
|
Thailand
|
|
|
|
54.37.228.122
|
unknown
|
France
|
|
|
|
195.77.239.39
|
unknown
|
Spain
|
|
|
|
178.62.112.199
|
unknown
|
European Union
|
|
|
|
62.171.178.147
|
unknown
|
United Kingdom
|
|
|
|
64.227.55.231
|
unknown
|
United States
|
|
|
|
44.194.33.146
|
eliteturismo.com
|
United States
|
||
|
196.22.142.203
|
domesticuif.co.za
|
South Africa
|
||
|
185.15.196.157
|
atici.net
|
Turkey
|
There are 41 hidden IPs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
i6+
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\65A50
|
65A50
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
m+
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common
|
QMSessionCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\General
|
LastAutoSavePurgeTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
There are 15 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2020000
|
direct allocation
|
page execute and read and write
|
|
|
|
1F40000
|
direct allocation
|
page execute and read and write
|
|
|
|
2131000
|
direct allocation
|
page execute read
|
|
|
|
2141000
|
direct allocation
|
page execute read
|
|
|
|
2F26000
|
heap
|
page read and write
|
||
|
400000
|
heap
|
page read and write
|
||
|
215E000
|
direct allocation
|
page read and write
|
||
|
180070000
|
unkown
|
page read and write
|
||
|
DE000
|
heap
|
page read and write
|
||
|
446000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
1800D5000
|
unkown
|
page readonly
|
||
|
163000
|
heap
|
page read and write
|
||
|
3B0000
|
direct allocation
|
page execute and read and write
|
||
|
158000
|
heap
|
page read and write
|
||
|
2FC2000
|
heap
|
page read and write
|
||
|
20B0000
|
heap
|
page read and write
|
||
|
A0000
|
heap
|
page read and write
|
||
|
300000
|
heap
|
page read and write
|
||
|
2190000
|
remote allocation
|
page read and write
|
||
|
514000
|
heap
|
page read and write
|
||
|
264B000
|
stack
|
page read and write
|
||
|
16E000
|
heap
|
page read and write
|
||
|
188000
|
heap
|
page read and write
|
||
|
3EA000
|
heap
|
page read and write
|
||
|
3E0000
|
trusted library allocation
|
page read and write
|
||
|
1A3000
|
heap
|
page read and write
|
||
|
2190000
|
remote allocation
|
page read and write
|
||
|
3B0000
|
direct allocation
|
page execute and read and write
|
||
|
2F65000
|
heap
|
page read and write
|
||
|
14E000
|
heap
|
page read and write
|
||
|
456000
|
heap
|
page read and write
|
||
|
476000
|
heap
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
18005D000
|
unkown
|
page readonly
|
||
|
468000
|
heap
|
page read and write
|
||
|
FA000
|
heap
|
page read and write
|
||
|
3ED000
|
heap
|
page read and write
|
||
|
F8000
|
stack
|
page read and write
|
||
|
3D0000
|
trusted library allocation
|
page read and write
|
||
|
180073000
|
unkown
|
page readonly
|
||
|
3B7000
|
heap
|
page read and write
|
||
|
215F000
|
direct allocation
|
page readonly
|
||
|
226000
|
heap
|
page read and write
|
||
|
2ED0000
|
heap
|
page read and write
|
||
|
3070000
|
heap
|
page read and write
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
376000
|
heap
|
page read and write
|
||
|
57E000
|
stack
|
page read and write
|
||
|
205000
|
heap
|
page read and write
|
||
|
2BB0000
|
heap
|
page read and write
|
||
|
20F000
|
heap
|
page read and write
|
||
|
5C6000
|
heap
|
page read and write
|
||
|
137000
|
heap
|
page read and write
|
||
|
2E7E000
|
stack
|
page read and write
|
||
|
2FBF000
|
heap
|
page read and write
|
||
|
35A0000
|
heap
|
page read and write
|
||
|
201B000
|
heap
|
page read and write
|
||
|
446000
|
heap
|
page read and write
|
||
|
2220000
|
heap
|
page read and write
|
||
|
100000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
594000
|
heap
|
page read and write
|
||
|
1FF000
|
heap
|
page read and write
|
||
|
3514000
|
heap
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
20B5000
|
heap
|
page read and write
|
||
|
2FBF000
|
heap
|
page read and write
|
||
|
20B5000
|
heap
|
page read and write
|
||
|
2A0000
|
heap
|
page read and write
|
||
|
2F63000
|
heap
|
page read and write
|
||
|
3FD000
|
heap
|
page read and write
|
||
|
20EB000
|
heap
|
page read and write
|
||
|
28B0000
|
heap
|
page read and write
|
||
|
180073000
|
unkown
|
page readonly
|
||
|
2F7A000
|
heap
|
page read and write
|
||
|
2B6B000
|
stack
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2C7F000
|
stack
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
346000
|
heap
|
page read and write
|
||
|
2A0000
|
heap
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
2290000
|
heap
|
page read and write
|
||
|
16A000
|
heap
|
page read and write
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
232F000
|
stack
|
page read and write
|
||
|
2FB1000
|
heap
|
page read and write
|
||
|
1CB000
|
heap
|
page read and write
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
164000
|
heap
|
page read and write
|
||
|
390000
|
heap
|
page read and write
|
||
|
2D6000
|
heap
|
page read and write
|
||
|
267E000
|
stack
|
page read and write
|
||
|
20F000
|
heap
|
page read and write
|
||
|
1BB000
|
heap
|
page read and write
|
||
|
34FE000
|
heap
|
page read and write
|
||
|
2F1B000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
298000
|
stack
|
page read and write
|
||
|
20B5000
|
heap
|
page read and write
|
||
|
1A3000
|
heap
|
page read and write
|
||
|
1FE5000
|
heap
|
page read and write
|
||
|
2130000
|
direct allocation
|
page read and write
|
||
|
151000
|
heap
|
page read and write
|
||
|
117000
|
heap
|
page read and write
|
||
|
18005D000
|
unkown
|
page readonly
|
||
|
2FB1000
|
heap
|
page read and write
|
||
|
34E1000
|
heap
|
page read and write
|
||
|
7EFE0000
|
unkown
|
page readonly
|
||
|
A7000
|
heap
|
page read and write
|
||
|
410000
|
heap
|
page read and write
|
||
|
1800D5000
|
unkown
|
page readonly
|
||
|
334000
|
heap
|
page read and write
|
||
|
F3000
|
heap
|
page read and write
|
||
|
2FBF000
|
heap
|
page read and write
|
||
|
404000
|
heap
|
page read and write
|
||
|
216D000
|
direct allocation
|
page readonly
|
||
|
3CE000
|
heap
|
page read and write
|
||
|
180070000
|
unkown
|
page read and write
|
||
|
29C000
|
stack
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
350B000
|
heap
|
page read and write
|
||
|
1FA000
|
heap
|
page read and write
|
||
|
1FA000
|
heap
|
page read and write
|
||
|
1FE0000
|
heap
|
page read and write
|
||
|
809E000
|
heap
|
page read and write
|
||
|
3E3000
|
heap
|
page read and write
|
||
|
107000
|
heap
|
page read and write
|
||
|
3F0000
|
trusted library allocation
|
page read and write
|
||
|
197000
|
heap
|
page read and write
|
||
|
3C5000
|
heap
|
page read and write
|
||
|
13E000
|
heap
|
page read and write
|
||
|
1FF000
|
heap
|
page read and write
|
||
|
153000
|
heap
|
page read and write
|
||
|
3B0000
|
heap
|
page read and write
|
||
|
146000
|
heap
|
page read and write
|
||
|
160000
|
heap
|
page read and write
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
1ED000
|
stack
|
page read and write
|
||
|
330000
|
heap
|
page read and write
|
||
|
18A000
|
heap
|
page read and write
|
||
|
12C000
|
stack
|
page read and write
|
||
|
39E000
|
stack
|
page read and write
|
||
|
410000
|
heap
|
page read and write
|
||
|
3502000
|
heap
|
page read and write
|
||
|
414000
|
heap
|
page read and write
|
||
|
215D000
|
direct allocation
|
page readonly
|
||
|
216F000
|
direct allocation
|
page readonly
|
||
|
29EE000
|
stack
|
page read and write
|
||
|
2140000
|
heap
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
2130000
|
heap
|
page read and write
|
||
|
3F6000
|
heap
|
page read and write
|
||
|
22FF000
|
stack
|
page read and write
|
||
|
22CB000
|
heap
|
page read and write
|
||
|
205000
|
heap
|
page read and write
|
||
|
20B0000
|
heap
|
page read and write
|
||
|
27C0000
|
heap
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
350B000
|
heap
|
page read and write
|
||
|
2D6000
|
heap
|
page read and write
|
||
|
27CC000
|
stack
|
page read and write
|
||
|
397000
|
heap
|
page read and write
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
15A000
|
heap
|
page read and write
|
||
|
20B0000
|
heap
|
page read and write
|
||
|
27BF000
|
stack
|
page read and write
|
||
|
2295000
|
heap
|
page read and write
|
||
|
1BB000
|
heap
|
page read and write
|
||
|
808E000
|
heap
|
page read and write
|
||
|
216E000
|
direct allocation
|
page read and write
|
||
|
458000
|
heap
|
page read and write
|
||
|
3531000
|
heap
|
page read and write
|
||
|
1B1000
|
heap
|
page read and write
|
||
|
110000
|
heap
|
page read and write
|
||
|
47D000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
304000
|
heap
|
page read and write
|
||
|
183000
|
heap
|
page read and write
|
||
|
440000
|
heap
|
page read and write
|
||
|
490000
|
heap
|
page read and write
|
||
|
2ECE000
|
stack
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
20EB000
|
heap
|
page read and write
|
||
|
359F000
|
heap
|
page read and write
|
||
|
130000
|
heap
|
page read and write
|
||
|
2140000
|
direct allocation
|
page read and write
|
||
|
3558000
|
heap
|
page read and write
|
||
|
1F4000
|
heap
|
page read and write
|
||
|
20EB000
|
heap
|
page read and write
|
||
|
3502000
|
heap
|
page read and write
|
||
|
554000
|
heap
|
page read and write
|
||
|
15F000
|
stack
|
page read and write
|
||
|
35A0000
|
heap
|
page read and write
|
||
|
340000
|
heap
|
page read and write
|
||
|
410000
|
heap
|
page read and write
|
||
|
183000
|
heap
|
page read and write
|
||
|
34E0000
|
heap
|
page read and write
|
||
|
4C6000
|
heap
|
page read and write
|
||
|
35E7000
|
heap
|
page read and write
|
||
|
29C000
|
stack
|
page read and write
|
||
|
35E6000
|
heap
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
478000
|
heap
|
page read and write
|
||
|
310000
|
heap
|
page read and write
|
||
|
1B1000
|
heap
|
page read and write
|
There are 198 hidden memdumps, click here to show them.