Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
4470_02112022.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Gydar, Last Saved
By: Gydar, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date:
Wed Nov 2 06:43:53 2022, Security: 0
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\40hd04O0[1].dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\4470_02112022.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Gydar, Last Saved
By: Gydar, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date:
Wed Nov 2 06:43:53 2022, Security: 0
|
dropped
|
|
|
|
C:\Users\user\oxnv4.ooccxx
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\System32\XXKTOC\CASBb.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF73B80FE68F2FEB1E.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\9X79YCCF.txt
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\D3A8EJJ9.txt
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\FJW3SUUT.txt
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\JZYF2U5D.txt
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\RLNYM7EL.txt
|
ASCII text
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe ..\oxnv1.ooccxx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe ..\oxnv2.ooccxx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe ..\oxnv3.ooccxx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe ..\oxnv4.ooccxx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\XXKTOC\CASBb.dll"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe" "C:\Windows\system32\XXKTOC\CASBb.dll
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://www.3d-stickers.com/Content/Afa1PcRuxh/
|
163.172.108.69
|
|
|
|
https://218.38.121.17/
|
218.38.121.17
|
|
|
|
https://www.3d-stickers.com/page-non-trouvee
|
163.172.108.69
|
|
|
|
http://www.3d-stickers.com/Content/Afa1PcRuxh/
|
163.172.108.69
|
|
|
|
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
|
unknown
|
||
|
http://crl.entrust.net/server1.crl0
|
unknown
|
||
|
http://ocsp.entrust.net03
|
unknown
|
||
|
https://www.spinbalence.com/Adapter/moycMR/
|
163.172.115.127
|
||
|
https://www.spinbalence.com/index.php?controller=404
|
163.172.115.127
|
||
|
http://navylin.com/bsavxiv/axHQYKl/
|
47.92.133.65
|
||
|
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
|
unknown
|
||
|
http://www.diginotar.nl/cps/pkioverheid0
|
unknown
|
||
|
http://www.spinbalence.com/Adapter/moycMR/
|
163.172.115.127
|
||
|
https://secure.comodo.coh
|
unknown
|
||
|
http://ocsp.entrust.net0D
|
unknown
|
||
|
https://secure.comodo.com/CPS0
|
unknown
|
||
|
http://crl.entrust.net/2048ca.crl0
|
unknown
|
There are 7 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
sat7ate.com
|
unknown
|
|
|
|
www.3d-stickers.com
|
163.172.108.69
|
||
|
www.spinbalence.com
|
163.172.115.127
|
||
|
navylin.com
|
47.92.133.65
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
188.165.79.151
|
unknown
|
France
|
|
|
|
196.44.98.190
|
unknown
|
Ghana
|
|
|
|
174.138.33.49
|
unknown
|
United States
|
|
|
|
36.67.23.59
|
unknown
|
Indonesia
|
|
|
|
103.41.204.169
|
unknown
|
Indonesia
|
|
|
|
85.214.67.203
|
unknown
|
Germany
|
|
|
|
83.229.80.93
|
unknown
|
United Kingdom
|
|
|
|
198.199.70.22
|
unknown
|
United States
|
|
|
|
93.104.209.107
|
unknown
|
Germany
|
|
|
|
186.250.48.5
|
unknown
|
Brazil
|
|
|
|
175.126.176.79
|
unknown
|
Korea Republic of
|
|
|
|
128.199.242.164
|
unknown
|
United Kingdom
|
|
|
|
178.238.225.252
|
unknown
|
Germany
|
|
|
|
190.145.8.4
|
unknown
|
Colombia
|
|
|
|
46.101.98.60
|
unknown
|
Netherlands
|
|
|
|
82.98.180.154
|
unknown
|
Spain
|
|
|
|
103.71.99.57
|
unknown
|
India
|
|
|
|
87.106.97.83
|
unknown
|
Germany
|
|
|
|
103.254.12.236
|
unknown
|
Viet Nam
|
|
|
|
103.85.95.4
|
unknown
|
Indonesia
|
|
|
|
202.134.4.210
|
unknown
|
Indonesia
|
|
|
|
165.22.254.236
|
unknown
|
United States
|
|
|
|
78.47.204.80
|
unknown
|
Germany
|
|
|
|
118.98.72.86
|
unknown
|
Indonesia
|
|
|
|
139.59.80.108
|
unknown
|
Singapore
|
|
|
|
104.244.79.94
|
unknown
|
United States
|
|
|
|
37.44.244.177
|
unknown
|
Germany
|
|
|
|
51.75.33.122
|
unknown
|
France
|
|
|
|
160.16.143.191
|
unknown
|
Japan
|
|
|
|
103.56.149.105
|
unknown
|
Indonesia
|
|
|
|
85.25.120.45
|
unknown
|
Germany
|
|
|
|
139.196.72.155
|
unknown
|
China
|
|
|
|
103.126.216.86
|
unknown
|
Bangladesh
|
|
|
|
128.199.217.206
|
unknown
|
United Kingdom
|
|
|
|
114.79.130.68
|
unknown
|
India
|
|
|
|
103.224.241.74
|
unknown
|
India
|
|
|
|
210.57.209.142
|
unknown
|
Indonesia
|
|
|
|
202.28.34.99
|
unknown
|
Thailand
|
|
|
|
80.211.107.116
|
unknown
|
Italy
|
|
|
|
54.37.228.122
|
unknown
|
France
|
|
|
|
218.38.121.17
|
unknown
|
Korea Republic of
|
|
|
|
185.148.169.10
|
unknown
|
Germany
|
|
|
|
195.77.239.39
|
unknown
|
Spain
|
|
|
|
178.62.112.199
|
unknown
|
European Union
|
|
|
|
62.171.178.147
|
unknown
|
United Kingdom
|
|
|
|
64.227.55.231
|
unknown
|
United States
|
|
|
|
163.172.115.127
|
www.spinbalence.com
|
United Kingdom
|
||
|
47.92.133.65
|
navylin.com
|
China
|
||
|
163.172.108.69
|
www.3d-stickers.com
|
United Kingdom
|
||
|
192.168.2.255
|
unknown
|
unknown
|
There are 40 hidden IPs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
CASBb.dll
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
5c(
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\667C8
|
667C8
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
:}(
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
There are 10 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
1C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
17A000
|
heap
|
page read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
21A000
|
heap
|
page read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
2B0000
|
direct allocation
|
page execute and read and write
|
|
|
|
22F7000
|
heap
|
page read and write
|
||
|
36AE000
|
stack
|
page read and write
|
||
|
496000
|
heap
|
page read and write
|
||
|
2278000
|
heap
|
page read and write
|
||
|
3F49000
|
heap
|
page read and write
|
||
|
21F9000
|
heap
|
page read and write
|
||
|
25E000
|
heap
|
page read and write
|
||
|
321E000
|
stack
|
page read and write
|
||
|
2314000
|
heap
|
page read and write
|
||
|
2480000
|
heap
|
page read and write
|
||
|
3F55000
|
heap
|
page read and write
|
||
|
12D000
|
heap
|
page read and write
|
||
|
47A000
|
heap
|
page read and write
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
218B000
|
heap
|
page read and write
|
||
|
2354000
|
heap
|
page read and write
|
||
|
126000
|
heap
|
page read and write
|
||
|
16C000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2398000
|
heap
|
page read and write
|
||
|
22A4000
|
heap
|
page read and write
|
||
|
435000
|
heap
|
page read and write
|
||
|
450000
|
heap
|
page read and write
|
||
|
3AE000
|
heap
|
page read and write
|
||
|
372B000
|
heap
|
page read and write
|
||
|
3AA000
|
heap
|
page read and write
|
||
|
132000
|
heap
|
page read and write
|
||
|
3EA000
|
heap
|
page read and write
|
||
|
473000
|
heap
|
page read and write
|
||
|
390000
|
trusted library allocation
|
page execute and read and write
|
||
|
18002F000
|
direct allocation
|
page readonly
|
||
|
2296000
|
heap
|
page read and write
|
||
|
FA000
|
heap
|
page read and write
|
||
|
3F45000
|
heap
|
page read and write
|
||
|
4C4000
|
heap
|
page read and write
|
||
|
347000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
22FB000
|
heap
|
page read and write
|
||
|
3C4000
|
heap
|
page read and write
|
||
|
21BF000
|
stack
|
page read and write
|
||
|
1FA5000
|
heap
|
page read and write
|
||
|
27EC000
|
stack
|
page read and write
|
||
|
12A000
|
heap
|
page read and write
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
80000
|
heap
|
page read and write
|
||
|
2358000
|
heap
|
page read and write
|
||
|
336000
|
heap
|
page read and write
|
||
|
22EE000
|
heap
|
page read and write
|
||
|
2278000
|
heap
|
page read and write
|
||
|
2155000
|
heap
|
page read and write
|
||
|
F3000
|
heap
|
page read and write
|
||
|
2314000
|
heap
|
page read and write
|
||
|
39A000
|
heap
|
page read and write
|
||
|
283D000
|
stack
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
2336000
|
heap
|
page read and write
|
||
|
3524000
|
heap
|
page read and write
|
||
|
340000
|
heap
|
page read and write
|
||
|
2314000
|
heap
|
page read and write
|
||
|
210000
|
heap
|
page read and write
|
||
|
410000
|
remote allocation
|
page read and write
|
||
|
252000
|
heap
|
page read and write
|
||
|
460000
|
heap
|
page read and write
|
||
|
3710000
|
heap
|
page read and write
|
||
|
386000
|
heap
|
page read and write
|
||
|
2481000
|
heap
|
page read and write
|
||
|
3528000
|
heap
|
page read and write
|
||
|
340000
|
heap
|
page read and write
|
||
|
3C2000
|
heap
|
page read and write
|
||
|
24F1000
|
heap
|
page read and write
|
||
|
2326000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
23AB000
|
heap
|
page read and write
|
||
|
3F4E000
|
stack
|
page read and write
|
||
|
199000
|
stack
|
page read and write
|
||
|
22E8000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
2B9000
|
heap
|
page read and write
|
||
|
22E8000
|
heap
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
48E000
|
heap
|
page read and write
|
||
|
2306000
|
heap
|
page read and write
|
||
|
AC000
|
stack
|
page read and write
|
||
|
2150000
|
heap
|
page read and write
|
||
|
100BA000
|
unkown
|
page readonly
|
||
|
2F4000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
110000
|
trusted library allocation
|
page execute and read and write
|
||
|
268000
|
heap
|
page read and write
|
||
|
390000
|
heap
|
page read and write
|
||
|
31CE000
|
stack
|
page read and write
|
||
|
454000
|
heap
|
page read and write
|
||
|
3F4000
|
heap
|
page read and write
|
||
|
3512000
|
heap
|
page read and write
|
||
|
22FB000
|
heap
|
page read and write
|
||
|
2354000
|
heap
|
page read and write
|
||
|
22E8000
|
heap
|
page read and write
|
||
|
4C6000
|
heap
|
page read and write
|
||
|
240000
|
heap
|
page read and write
|
||
|
3AA000
|
heap
|
page read and write
|
||
|
22A0000
|
heap
|
page read and write
|
||
|
440000
|
heap
|
page read and write
|
||
|
604000
|
heap
|
page read and write
|
||
|
3EE000
|
heap
|
page read and write
|
||
|
2358000
|
heap
|
page read and write
|
||
|
232E000
|
heap
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
22A9000
|
heap
|
page read and write
|
||
|
514000
|
heap
|
page read and write
|
||
|
370000
|
heap
|
page read and write
|
||
|
276000
|
heap
|
page read and write
|
||
|
18D000
|
stack
|
page read and write
|
||
|
3F59000
|
heap
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
2CC0000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page read and write
|
||
|
175000
|
heap
|
page read and write
|
||
|
2234000
|
heap
|
page read and write
|
||
|
1FA0000
|
heap
|
page read and write
|
||
|
21F000
|
stack
|
page read and write
|
||
|
121000
|
heap
|
page read and write
|
||
|
42F000
|
heap
|
page read and write
|
||
|
22F7000
|
heap
|
page read and write
|
||
|
4A2000
|
heap
|
page read and write
|
||
|
236B000
|
heap
|
page read and write
|
||
|
289C000
|
stack
|
page read and write
|
||
|
2230000
|
heap
|
page read and write
|
||
|
25D000
|
heap
|
page read and write
|
||
|
4AE000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page readonly
|
||
|
3D5000
|
heap
|
page read and write
|
||
|
2286000
|
heap
|
page read and write
|
||
|
22E8000
|
heap
|
page read and write
|
||
|
4D4000
|
heap
|
page read and write
|
||
|
264000
|
heap
|
page read and write
|
||
|
2080000
|
heap
|
page read and write
|
||
|
2328000
|
heap
|
page read and write
|
||
|
3610000
|
heap
|
page read and write
|
||
|
2287000
|
heap
|
page read and write
|
||
|
3F2000
|
heap
|
page read and write
|
||
|
3A0000
|
heap
|
page read and write
|
||
|
227E000
|
heap
|
page read and write
|
||
|
300000
|
heap
|
page read and write
|
||
|
2294000
|
heap
|
page read and write
|
||
|
3F40000
|
heap
|
page read and write
|
||
|
50D000
|
heap
|
page read and write
|
||
|
50F000
|
heap
|
page read and write
|
||
|
4000000
|
heap
|
page read and write
|
||
|
1F0000
|
direct allocation
|
page execute and read and write
|
||
|
2344000
|
heap
|
page read and write
|
||
|
2358000
|
heap
|
page read and write
|
||
|
252000
|
heap
|
page read and write
|
||
|
3715000
|
heap
|
page read and write
|
||
|
4CA000
|
heap
|
page read and write
|
||
|
3514000
|
heap
|
page read and write
|
||
|
2287000
|
heap
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
100B0000
|
unkown
|
page read and write
|
||
|
2398000
|
heap
|
page read and write
|
||
|
3E9000
|
heap
|
page read and write
|
||
|
2354000
|
heap
|
page read and write
|
||
|
370E000
|
stack
|
page read and write
|
||
|
120000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
DA000
|
heap
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page readonly
|
||
|
14A000
|
heap
|
page read and write
|
||
|
4005000
|
heap
|
page read and write
|
||
|
2370000
|
heap
|
page read and write
|
||
|
2B9000
|
heap
|
page read and write
|
||
|
A0000
|
heap
|
page read and write
|
||
|
2481000
|
heap
|
page read and write
|
||
|
DE000
|
heap
|
page read and write
|
||
|
7EFE0000
|
unkown
|
page readonly
|
||
|
21D5000
|
heap
|
page read and write
|
||
|
223B000
|
heap
|
page read and write
|
||
|
3C5000
|
heap
|
page read and write
|
||
|
266000
|
heap
|
page read and write
|
||
|
21A000
|
heap
|
page read and write
|
||
|
22E8000
|
heap
|
page read and write
|
||
|
4ED000
|
stack
|
page read and write
|
||
|
220B000
|
heap
|
page read and write
|
||
|
4A0000
|
heap
|
page read and write
|
||
|
117000
|
heap
|
page read and write
|
||
|
21F8000
|
heap
|
page read and write
|
||
|
2C6000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
22A8000
|
heap
|
page read and write
|
||
|
3D4000
|
heap
|
page read and write
|
||
|
200000
|
heap
|
page read and write
|
||
|
2358000
|
heap
|
page read and write
|
||
|
22E8000
|
heap
|
page read and write
|
||
|
3C5000
|
heap
|
page read and write
|
||
|
344000
|
heap
|
page read and write
|
||
|
213B000
|
heap
|
page read and write
|
||
|
100B0000
|
unkown
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
2358000
|
heap
|
page read and write
|
||
|
EE000
|
heap
|
page read and write
|
||
|
4C9000
|
heap
|
page read and write
|
||
|
129000
|
heap
|
page read and write
|
||
|
20BB000
|
heap
|
page read and write
|
||
|
87000
|
heap
|
page read and write
|
||
|
37D000
|
heap
|
page read and write
|
||
|
27AE000
|
stack
|
page read and write
|
||
|
1BC000
|
heap
|
page read and write
|
||
|
268000
|
heap
|
page read and write
|
||
|
37E000
|
heap
|
page read and write
|
||
|
2085000
|
heap
|
page read and write
|
||
|
2F90000
|
heap
|
page read and write
|
||
|
2398000
|
heap
|
page read and write
|
||
|
26A000
|
heap
|
page read and write
|
||
|
400000
|
trusted library allocation
|
page read and write
|
||
|
4B7000
|
heap
|
page read and write
|
||
|
24F1000
|
heap
|
page read and write
|
||
|
3D6000
|
heap
|
page read and write
|
||
|
1B2000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
4CD000
|
heap
|
page read and write
|
||
|
4D6000
|
heap
|
page read and write
|
||
|
646000
|
heap
|
page read and write
|
||
|
326E000
|
stack
|
page read and write
|
||
|
23B0000
|
heap
|
page read and write
|
||
|
2304000
|
heap
|
page read and write
|
||
|
410000
|
remote allocation
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
D3000
|
heap
|
page read and write
|
||
|
23AC000
|
heap
|
page read and write
|
||
|
2E40000
|
heap
|
page read and write
|
||
|
100B0000
|
unkown
|
page read and write
|
||
|
239000
|
stack
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
1B0000
|
direct allocation
|
page execute and read and write
|
||
|
105000
|
heap
|
page read and write
|
||
|
12E000
|
heap
|
page read and write
|
||
|
300000
|
remote allocation
|
page read and write
|
||
|
10057000
|
unkown
|
page readonly
|
||
|
20AB000
|
heap
|
page read and write
|
||
|
22F6000
|
heap
|
page read and write
|
||
|
260000
|
heap
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
3E6000
|
heap
|
page read and write
|
||
|
2F0000
|
heap
|
page read and write
|
||
|
50C000
|
heap
|
page read and write
|
||
|
2481000
|
heap
|
page read and write
|
||
|
204000
|
heap
|
page read and write
|
||
|
2314000
|
heap
|
page read and write
|
||
|
22AB000
|
heap
|
page read and write
|
||
|
236C000
|
heap
|
page read and write
|
||
|
2346000
|
heap
|
page read and write
|
||
|
22A4000
|
heap
|
page read and write
|
||
|
24C1000
|
heap
|
page read and write
|
||
|
290000
|
heap
|
page read and write
|
||
|
2238000
|
heap
|
page read and write
|
||
|
22A4000
|
heap
|
page read and write
|
||
|
42C000
|
heap
|
page read and write
|
||
|
2328000
|
heap
|
page read and write
|
||
|
105000
|
heap
|
page read and write
|
||
|
115000
|
heap
|
page read and write
|
||
|
3F50000
|
heap
|
page read and write
|
||
|
2C7C000
|
stack
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
10057000
|
unkown
|
page readonly
|
||
|
350000
|
heap
|
page read and write
|
||
|
127000
|
heap
|
page read and write
|
||
|
374000
|
heap
|
page read and write
|
||
|
2278000
|
heap
|
page read and write
|
||
|
2B9000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
4D0000
|
heap
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page readonly
|
||
|
22DF000
|
stack
|
page read and write
|
||
|
4D2000
|
heap
|
page read and write
|
||
|
213000
|
heap
|
page read and write
|
||
|
24F1000
|
heap
|
page read and write
|
||
|
2314000
|
heap
|
page read and write
|
||
|
100B7000
|
unkown
|
page read and write
|
||
|
A7000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
22B0000
|
heap
|
page read and write
|
||
|
21FB000
|
heap
|
page read and write
|
||
|
2328000
|
heap
|
page read and write
|
||
|
1FE000
|
heap
|
page read and write
|
||
|
98F000
|
stack
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
10057000
|
unkown
|
page readonly
|
||
|
3090000
|
heap
|
page read and write
|
||
|
22F7000
|
heap
|
page read and write
|
||
|
222E000
|
stack
|
page read and write
|
||
|
4A5000
|
heap
|
page read and write
|
||
|
3810000
|
heap
|
page read and write
|
||
|
10C000
|
heap
|
page read and write
|
||
|
4CE000
|
heap
|
page read and write
|
||
|
268000
|
heap
|
page read and write
|
||
|
2239000
|
heap
|
page read and write
|
||
|
410000
|
trusted library allocation
|
page read and write
|
||
|
24C0000
|
heap
|
page read and write
|
||
|
2238000
|
heap
|
page read and write
|
||
|
100BA000
|
unkown
|
page readonly
|
||
|
18002D000
|
direct allocation
|
page readonly
|
||
|
2398000
|
heap
|
page read and write
|
||
|
300000
|
remote allocation
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page read and write
|
||
|
4C1000
|
heap
|
page read and write
|
||
|
2287000
|
heap
|
page read and write
|
||
|
2F0000
|
trusted library allocation
|
page read and write
|
||
|
48A000
|
heap
|
page read and write
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
3E1000
|
heap
|
page read and write
|
||
|
394000
|
heap
|
page read and write
|
||
|
100BA000
|
unkown
|
page readonly
|
||
|
386000
|
heap
|
page read and write
|
||
|
393000
|
heap
|
page read and write
|
||
|
265000
|
heap
|
page read and write
|
||
|
45E000
|
heap
|
page read and write
|
||
|
1C7000
|
heap
|
page read and write
|
||
|
272F000
|
stack
|
page read and write
|
||
|
2276000
|
heap
|
page read and write
|
||
|
22FC000
|
heap
|
page read and write
|
||
|
27C000
|
stack
|
page read and write
|
||
|
4A5000
|
heap
|
page read and write
|
||
|
170000
|
heap
|
page read and write
|
||
|
304C000
|
stack
|
page read and write
|
||
|
29E9000
|
stack
|
page read and write
|
||
|
30A0000
|
heap
|
page read and write
|
||
|
22A8000
|
heap
|
page read and write
|
||
|
22A4000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
246000
|
heap
|
page read and write
|
||
|
2354000
|
heap
|
page read and write
|
||
|
157000
|
heap
|
page read and write
|
||
|
556000
|
heap
|
page read and write
|
||
|
22A8000
|
heap
|
page read and write
|
||
|
24C1000
|
heap
|
page read and write
|
||
|
1F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
22A4000
|
heap
|
page read and write
|
||
|
21D0000
|
heap
|
page read and write
|
||
|
EA000
|
heap
|
page read and write
|
||
|
2F8E000
|
stack
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
3F1F000
|
stack
|
page read and write
|
||
|
21F4000
|
heap
|
page read and write
|
||
|
504000
|
heap
|
page read and write
|
||
|
2E0000
|
direct allocation
|
page execute and read and write
|
||
|
10E000
|
heap
|
page read and write
|
||
|
2105000
|
heap
|
page read and write
|
||
|
38BE000
|
stack
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
3D7000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
2100000
|
heap
|
page read and write
|
||
|
22E0000
|
heap
|
page read and write
|
||
|
22A4000
|
heap
|
page read and write
|
||
|
2240000
|
heap
|
page read and write
|
||
|
476000
|
heap
|
page read and write
|
||
|
24C1000
|
heap
|
page read and write
|
||
|
3CC000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
172000
|
heap
|
page read and write
|
||
|
2354000
|
heap
|
page read and write
|
||
|
3ED000
|
heap
|
page read and write
|
||
|
BE000
|
heap
|
page read and write
|
||
|
22F0000
|
heap
|
page read and write
|
||
|
236B000
|
heap
|
page read and write
|
||
|
289E000
|
stack
|
page read and write
|
||
|
23AB000
|
heap
|
page read and write
|
||
|
2358000
|
heap
|
page read and write
|
||
|
260000
|
heap
|
page read and write
|
||
|
2278000
|
heap
|
page read and write
|
||
|
4AC000
|
heap
|
page read and write
|
||
|
100B7000
|
unkown
|
page read and write
|
||
|
15F000
|
heap
|
page read and write
|
||
|
2398000
|
heap
|
page read and write
|
||
|
2354000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page read and write
|
||
|
2318000
|
heap
|
page read and write
|
||
|
427000
|
heap
|
page read and write
|
||
|
16D000
|
heap
|
page read and write
|
||
|
506000
|
heap
|
page read and write
|
||
|
219000
|
stack
|
page read and write
|
||
|
2337000
|
heap
|
page read and write
|
||
|
22E8000
|
heap
|
page read and write
|
||
|
173000
|
heap
|
page read and write
|
||
|
3717000
|
heap
|
page read and write
|
||
|
2F0000
|
trusted library allocation
|
page read and write
|
||
|
300000
|
trusted library allocation
|
page read and write
|
||
|
224F000
|
stack
|
page read and write
|
||
|
2DFE000
|
stack
|
page read and write
|
||
|
2328000
|
heap
|
page read and write
|
||
|
22E8000
|
heap
|
page read and write
|
||
|
16F000
|
heap
|
page read and write
|
||
|
406000
|
heap
|
page read and write
|
||
|
22A4000
|
heap
|
page read and write
|
||
|
1FDB000
|
heap
|
page read and write
|
||
|
21F0000
|
heap
|
page read and write
|
||
|
2278000
|
heap
|
page read and write
|
||
|
22E8000
|
heap
|
page read and write
|
||
|
2EE000
|
stack
|
page read and write
|
||
|
2075000
|
heap
|
page read and write
|
||
|
3CE000
|
heap
|
page read and write
|
||
|
22E8000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
102000
|
heap
|
page read and write
|
||
|
2337000
|
heap
|
page read and write
|
||
|
15E000
|
heap
|
page read and write
|
||
|
515000
|
heap
|
page read and write
|
||
|
42D000
|
heap
|
page read and write
|
||
|
347000
|
heap
|
page read and write
|
||
|
26F000
|
heap
|
page read and write
|
||
|
2070000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page readonly
|
||
|
2337000
|
heap
|
page read and write
|
||
|
2E60000
|
heap
|
page read and write
|
||
|
24F0000
|
heap
|
page read and write
|
||
|
100B7000
|
unkown
|
page read and write
|
||
|
22E6000
|
heap
|
page read and write
|
||
|
4B5000
|
heap
|
page read and write
|
||
|
2314000
|
heap
|
page read and write
|
||
|
2328000
|
heap
|
page read and write
|
||
|
21F8000
|
heap
|
page read and write
|
||
|
4009000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
340000
|
heap
|
page read and write
|
There are 421 hidden memdumps, click here to show them.