Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
H 05072022.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Dream, Last Saved
By: RGSGK, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date:
Mon Jul 4 19:02:55 2022, Security: 0
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\yXlTTXSuSsUlL[1].dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\H 05072022.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Dream, Last Saved
By: RGSGK, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date:
Mon Jul 4 19:02:55 2022, Security: 0
|
dropped
|
|
|
|
C:\Users\user\hhdt1.ocx
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\System32\IBmjgOoh\HPiQbOm.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, 61712 bytes, 1 file
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\CabFD8B.tmp
|
Microsoft Cabinet archive data, 61712 bytes, 1 file
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TarFD8C.tmp
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\~DFA0671C06642878FC.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\0YFQWFX4.txt
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\EFJ0ZBQX.txt
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\FXDAJZ6O.txt
|
ASCII text
|
downloaded
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\K835MCGT.txt
|
ASCII text
|
downloaded
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\WSZS7JSI.txt
|
ASCII text
|
dropped
|
There are 5 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\hhdt1.ocx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\IBmjgOoh\HPiQbOm.dll"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\hhdt2.ocx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\hhdt3.ocx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\hhdt4.ocx
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.fundaciontheoz.cl/pensamientooccidental/tilKftYVgHoCu4pp/
|
162.240.65.124
|
|
|
|
http://www.clinicaportalpsicologia.com.br/wp-content/rknwta6Ncgt9xnXu7S/
|
187.1.136.16
|
|
|
|
https://174.138.33.49/F
|
unknown
|
|
|
|
https://flywithme.dk/wp-includes/xFbL/
|
94.231.103.133
|
|
|
|
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
|
unknown
|
||
|
https://greenlizard.co.za/amanah/HJErj/
|
41.204.199.147
|
||
|
http://crl.entrust.net/server1.crl0
|
unknown
|
||
|
http://ocsp.entrust.net03
|
unknown
|
||
|
https://174.138.33.49:7080/
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
|
unknown
|
||
|
http://www.diginotar.nl/cps/pkioverheid0
|
unknown
|
||
|
http://ocsp.entrust.net0D
|
unknown
|
||
|
https://secure.comodo.com/CPS0
|
unknown
|
||
|
http://crl.entrust.net/2048ca.crl0
|
unknown
|
||
|
https://174.138.33.49/
|
unknown
|
There are 5 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
flywithme.dk
|
94.231.103.133
|
|
|
|
greenlizard.co.za
|
41.204.199.147
|
||
|
web15f04.uni5.net
|
187.1.136.16
|
||
|
fundaciontheoz.cl
|
162.240.65.124
|
||
|
www.fundaciontheoz.cl
|
unknown
|
||
|
www.clinicaportalpsicologia.com.br
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
157.230.99.206
|
unknown
|
United States
|
|
|
|
94.231.103.133
|
flywithme.dk
|
Denmark
|
|
|
|
188.165.79.151
|
unknown
|
France
|
|
|
|
196.44.98.190
|
unknown
|
Ghana
|
|
|
|
174.138.33.49
|
unknown
|
United States
|
|
|
|
43.129.209.178
|
unknown
|
Japan
|
|
|
|
103.41.204.169
|
unknown
|
Indonesia
|
|
|
|
36.67.23.59
|
unknown
|
Indonesia
|
|
|
|
5.253.30.17
|
unknown
|
Latvia
|
|
|
|
85.214.67.203
|
unknown
|
Germany
|
|
|
|
83.229.80.93
|
unknown
|
United Kingdom
|
|
|
|
198.199.70.22
|
unknown
|
United States
|
|
|
|
93.104.209.107
|
unknown
|
Germany
|
|
|
|
188.225.32.231
|
unknown
|
Russian Federation
|
|
|
|
175.126.176.79
|
unknown
|
Korea Republic of
|
|
|
|
128.199.242.164
|
unknown
|
United Kingdom
|
|
|
|
104.248.225.227
|
unknown
|
United States
|
|
|
|
178.238.225.252
|
unknown
|
Germany
|
|
|
|
190.145.8.4
|
unknown
|
Colombia
|
|
|
|
46.101.98.60
|
unknown
|
Netherlands
|
|
|
|
103.71.99.57
|
unknown
|
India
|
|
|
|
87.106.97.83
|
unknown
|
Germany
|
|
|
|
103.85.95.4
|
unknown
|
Indonesia
|
|
|
|
202.134.4.210
|
unknown
|
Indonesia
|
|
|
|
88.217.172.165
|
unknown
|
Germany
|
|
|
|
165.22.254.236
|
unknown
|
United States
|
|
|
|
118.98.72.86
|
unknown
|
Indonesia
|
|
|
|
139.59.80.108
|
unknown
|
Singapore
|
|
|
|
37.44.244.177
|
unknown
|
Germany
|
|
|
|
104.244.79.94
|
unknown
|
United States
|
|
|
|
157.245.111.0
|
unknown
|
United States
|
|
|
|
54.37.106.167
|
unknown
|
France
|
|
|
|
202.29.239.162
|
unknown
|
Thailand
|
|
|
|
103.56.149.105
|
unknown
|
Indonesia
|
|
|
|
85.25.120.45
|
unknown
|
Germany
|
|
|
|
37.187.114.15
|
unknown
|
France
|
|
|
|
139.196.72.155
|
unknown
|
China
|
|
|
|
165.232.185.110
|
unknown
|
United States
|
|
|
|
103.126.216.86
|
unknown
|
Bangladesh
|
|
|
|
128.199.217.206
|
unknown
|
United Kingdom
|
|
|
|
103.224.241.74
|
unknown
|
India
|
|
|
|
210.57.209.142
|
unknown
|
Indonesia
|
|
|
|
190.107.19.179
|
unknown
|
Colombia
|
|
|
|
202.28.34.99
|
unknown
|
Thailand
|
|
|
|
54.37.228.122
|
unknown
|
France
|
|
|
|
195.77.239.39
|
unknown
|
Spain
|
|
|
|
178.62.112.199
|
unknown
|
European Union
|
|
|
|
62.171.178.147
|
unknown
|
United Kingdom
|
|
|
|
64.227.55.231
|
unknown
|
United States
|
|
|
|
187.1.136.16
|
web15f04.uni5.net
|
Brazil
|
||
|
41.204.199.147
|
greenlizard.co.za
|
South Africa
|
||
|
162.240.65.124
|
fundaciontheoz.cl
|
United States
|
There are 42 hidden IPs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
f +
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\657E0
|
657E0
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
(6+
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
There are 11 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
160000
|
direct allocation
|
page execute and read and write
|
|
|
|
150000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
2FA000
|
heap
|
page read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
2D90000
|
heap
|
page read and write
|
||
|
20A0000
|
heap
|
page read and write
|
||
|
2E59000
|
heap
|
page read and write
|
||
|
57D000
|
heap
|
page read and write
|
||
|
2070000
|
heap
|
page read and write
|
||
|
34BF000
|
heap
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
150000
|
heap
|
page read and write
|
||
|
3555000
|
heap
|
page read and write
|
||
|
362000
|
heap
|
page read and write
|
||
|
7FEF70E4000
|
unkown
|
page read and write
|
||
|
2B0B000
|
stack
|
page read and write
|
||
|
24A000
|
heap
|
page read and write
|
||
|
17A000
|
heap
|
page read and write
|
||
|
333000
|
heap
|
page read and write
|
||
|
22E000
|
heap
|
page read and write
|
||
|
2E6A000
|
heap
|
page read and write
|
||
|
7FEF70C3000
|
unkown
|
page readonly
|
||
|
7FEF70E7000
|
unkown
|
page readonly
|
||
|
578000
|
heap
|
page read and write
|
||
|
7FEF7046000
|
unkown
|
page execute read
|
||
|
2E4E000
|
heap
|
page read and write
|
||
|
326000
|
heap
|
page read and write
|
||
|
358000
|
heap
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page readonly
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
3555000
|
heap
|
page read and write
|
||
|
2075000
|
heap
|
page read and write
|
||
|
387000
|
heap
|
page read and write
|
||
|
36B000
|
heap
|
page read and write
|
||
|
2E3A000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
4B6000
|
heap
|
page read and write
|
||
|
7FEF70D8000
|
unkown
|
page read and write
|
||
|
29EF000
|
stack
|
page read and write
|
||
|
7FEF7040000
|
unkown
|
page readonly
|
||
|
7FEF70E6000
|
unkown
|
page write copy
|
||
|
2075000
|
heap
|
page read and write
|
||
|
21D0000
|
heap
|
page read and write
|
||
|
7FEF70C3000
|
unkown
|
page readonly
|
||
|
544000
|
heap
|
page read and write
|
||
|
558000
|
heap
|
page read and write
|
||
|
7FEF70D8000
|
unkown
|
page read and write
|
||
|
2F0000
|
heap
|
page read and write
|
||
|
2E66000
|
heap
|
page read and write
|
||
|
362000
|
heap
|
page read and write
|
||
|
1FAB000
|
heap
|
page read and write
|
||
|
7FEF70AD000
|
unkown
|
page execute read
|
||
|
130000
|
heap
|
page read and write
|
||
|
2200000
|
heap
|
page read and write
|
||
|
15E000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
20AB000
|
heap
|
page read and write
|
||
|
20AB000
|
heap
|
page read and write
|
||
|
2DAF000
|
stack
|
page read and write
|
||
|
514000
|
heap
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
2DE000
|
heap
|
page read and write
|
||
|
25F9000
|
heap
|
page read and write
|
||
|
3B4000
|
heap
|
page read and write
|
||
|
39D000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
7FEF70AD000
|
unkown
|
page execute read
|
||
|
364000
|
heap
|
page read and write
|
||
|
434000
|
heap
|
page read and write
|
||
|
347000
|
heap
|
page read and write
|
||
|
230000
|
heap
|
page read and write
|
||
|
33C000
|
heap
|
page read and write
|
||
|
7FEF70D7000
|
unkown
|
page write copy
|
||
|
347000
|
heap
|
page read and write
|
||
|
290000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
7FEF70AF000
|
unkown
|
page readonly
|
||
|
815E000
|
heap
|
page read and write
|
||
|
34C000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page readonly
|
||
|
2A7000
|
heap
|
page read and write
|
||
|
228000
|
stack
|
page read and write
|
||
|
568000
|
heap
|
page read and write
|
||
|
3508000
|
heap
|
page read and write
|
||
|
410000
|
heap
|
page read and write
|
||
|
358000
|
heap
|
page read and write
|
||
|
7FEF70E4000
|
unkown
|
page read and write
|
||
|
34B1000
|
heap
|
page read and write
|
||
|
2070000
|
heap
|
page read and write
|
||
|
3B0000
|
heap
|
page read and write
|
||
|
3576000
|
heap
|
page read and write
|
||
|
2EF0000
|
heap
|
page read and write
|
||
|
270000
|
remote allocation
|
page read and write
|
||
|
2E4E000
|
heap
|
page read and write
|
||
|
427000
|
heap
|
page read and write
|
||
|
3F6000
|
heap
|
page read and write
|
||
|
2E51000
|
heap
|
page read and write
|
||
|
2E4E000
|
heap
|
page read and write
|
||
|
2A0000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
7FEF70E6000
|
unkown
|
page write copy
|
||
|
3DA000
|
heap
|
page read and write
|
||
|
3A0000
|
heap
|
page read and write
|
||
|
2DF2000
|
heap
|
page read and write
|
||
|
243000
|
heap
|
page read and write
|
||
|
2CDF000
|
unkown
|
page read and write
|
||
|
2840000
|
heap
|
page read and write
|
||
|
604000
|
heap
|
page read and write
|
||
|
1F70000
|
heap
|
page read and write
|
||
|
287000
|
heap
|
page read and write
|
||
|
266000
|
heap
|
page read and write
|
||
|
1F7000
|
heap
|
page read and write
|
||
|
7FEF7046000
|
unkown
|
page execute read
|
||
|
190000
|
trusted library allocation
|
page read and write
|
||
|
2145000
|
heap
|
page read and write
|
||
|
2E48000
|
heap
|
page read and write
|
||
|
2D3000
|
heap
|
page read and write
|
||
|
42B000
|
heap
|
page read and write
|
||
|
2BE000
|
heap
|
page read and write
|
||
|
22EF000
|
stack
|
page read and write
|
||
|
3D6000
|
heap
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page readonly
|
||
|
380000
|
heap
|
page read and write
|
||
|
812E000
|
heap
|
page read and write
|
||
|
45D000
|
heap
|
page read and write
|
||
|
11C000
|
stack
|
page read and write
|
||
|
36B000
|
heap
|
page read and write
|
||
|
462000
|
heap
|
page read and write
|
||
|
3B6000
|
heap
|
page read and write
|
||
|
480000
|
heap
|
page read and write
|
||
|
2E66000
|
heap
|
page read and write
|
||
|
7FEF70A8000
|
unkown
|
page execute read
|
||
|
3D3000
|
heap
|
page read and write
|
||
|
2140000
|
heap
|
page read and write
|
||
|
173000
|
heap
|
page read and write
|
||
|
262F000
|
heap
|
page read and write
|
||
|
130000
|
direct allocation
|
page execute and read and write
|
||
|
2DE5000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page read and write
|
||
|
352F000
|
heap
|
page read and write
|
||
|
279C000
|
stack
|
page read and write
|
||
|
400000
|
heap
|
page read and write
|
||
|
359C000
|
heap
|
page read and write
|
||
|
7FEF7041000
|
unkown
|
page execute read
|
||
|
514000
|
heap
|
page read and write
|
||
|
36F000
|
heap
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
351000
|
heap
|
page read and write
|
||
|
333000
|
heap
|
page read and write
|
||
|
352F000
|
heap
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
2DA8000
|
heap
|
page read and write
|
||
|
24000
|
heap
|
page read and write
|
||
|
214000
|
heap
|
page read and write
|
||
|
556000
|
heap
|
page read and write
|
||
|
7FEF70A8000
|
unkown
|
page execute read
|
||
|
359C000
|
heap
|
page read and write
|
||
|
7FEF70DE000
|
unkown
|
page readonly
|
||
|
2E58000
|
heap
|
page read and write
|
||
|
1A0000
|
trusted library allocation
|
page read and write
|
||
|
7FEF70E7000
|
unkown
|
page readonly
|
||
|
446000
|
heap
|
page read and write
|
||
|
2DDE000
|
heap
|
page read and write
|
||
|
20A5000
|
heap
|
page read and write
|
||
|
140000
|
direct allocation
|
page execute and read and write
|
||
|
7FEF70D7000
|
unkown
|
page write copy
|
||
|
27A0000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page readonly
|
||
|
210000
|
heap
|
page read and write
|
||
|
586000
|
heap
|
page read and write
|
||
|
2E66000
|
heap
|
page read and write
|
||
|
225F000
|
stack
|
page read and write
|
||
|
2E66000
|
heap
|
page read and write
|
||
|
270000
|
remote allocation
|
page read and write
|
||
|
39D000
|
heap
|
page read and write
|
||
|
25F0000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page read and write
|
||
|
25BE000
|
stack
|
page read and write
|
||
|
7FEF7040000
|
unkown
|
page readonly
|
||
|
3BE000
|
heap
|
page read and write
|
||
|
36E000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
3576000
|
heap
|
page read and write
|
||
|
34E7000
|
heap
|
page read and write
|
||
|
1DC000
|
stack
|
page read and write
|
||
|
7FEF70AF000
|
unkown
|
page readonly
|
||
|
37E000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2F3000
|
heap
|
page read and write
|
||
|
154000
|
heap
|
page read and write
|
||
|
26EC000
|
stack
|
page read and write
|
||
|
380000
|
heap
|
page read and write
|
||
|
34C000
|
heap
|
page read and write
|
||
|
352E000
|
heap
|
page read and write
|
||
|
33C000
|
heap
|
page read and write
|
||
|
7FEF7041000
|
unkown
|
page execute read
|
||
|
127000
|
heap
|
page read and write
|
||
|
34B0000
|
heap
|
page read and write
|
||
|
2950000
|
heap
|
page read and write
|
||
|
228000
|
stack
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
404000
|
heap
|
page read and write
|
||
|
1F75000
|
heap
|
page read and write
|
||
|
2DA000
|
heap
|
page read and write
|
||
|
352E000
|
heap
|
page read and write
|
||
|
120000
|
heap
|
page read and write
|
||
|
217B000
|
heap
|
page read and write
|
||
|
20DB000
|
heap
|
page read and write
|
||
|
DC000
|
stack
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
2C6000
|
heap
|
page read and write
|
||
|
280000
|
heap
|
page read and write
|
||
|
190000
|
trusted library allocation
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
7FEF70DE000
|
unkown
|
page readonly
|
||
|
2E3E000
|
stack
|
page read and write
|
||
|
2E66000
|
heap
|
page read and write
|
||
|
34C1000
|
heap
|
page read and write
|
||
|
2E48000
|
heap
|
page read and write
|
||
|
2DDC000
|
heap
|
page read and write
|
||
|
37E000
|
heap
|
page read and write
|
||
|
364000
|
heap
|
page read and write
|
There are 215 hidden memdumps, click here to show them.