Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Untitled-09112022.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Gydar, Last Saved
By: Gydar, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date:
Tue Nov 8 19:22:48 2022, Security: 0
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\Ji8QgmpX3lS3yT[1].dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\Untitled-09112022.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Gydar, Last Saved
By: Gydar, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date:
Tue Nov 8 19:22:48 2022, Security: 0
|
dropped
|
|
|
|
C:\Users\user\elv1.ooocccxxx
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\System32\FgEHLIiiJRN\xoEOackyxDExhQ.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF4B3CBD39C4A4F2CA.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF68E42B49200ACDE5.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\3H9RKW7J.txt
|
ASCII text
|
dropped
|
||
|
C:\Users\user\Desktop\41778653.tmp (copy)
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Gydar, Last Saved
By: Gydar, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date:
Tue Nov 8 19:22:48 2022, Security: 0
|
dropped
|
||
|
C:\Users\user\Desktop\4DF60000
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: Gydar, Last Saved By:
user, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date: Wed
Nov 16 13:43:55 2022, Security: 0
|
dropped
|
||
|
C:\Users\user\Desktop\4DF60000:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
modified
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\elv1.ooocccxxx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\FgEHLIiiJRN\xoEOackyxDExhQ.dll"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\elv2.ooocccxxx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\elv3.ooocccxxx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe /S ..\elv4.ooocccxxx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe" "C:\Windows\system32\FgEHLIiiJRN\xoEOackyxDExhQ.dll
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.cecambrils.cat/wp-content/cXEhHssszV/
|
185.23.117.132
|
|
|
|
https://218.38.121.17/kwxkonang/
|
218.38.121.17
|
|
|
|
https://218.38.121.17/tfvz/aazuhijovhmgjyf/frsdlxdmvshfvd/
|
218.38.121.17
|
|
|
|
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
|
unknown
|
||
|
http://www.clinicaportalpsicologia.com.br/wp-includes/d6tkyFFBNwY/
|
187.1.136.16
|
||
|
https://172.105.115.71:8080/kwxkonang/
|
unknown
|
||
|
http://crl.entrust.net/server1.crl0
|
unknown
|
||
|
http://ocsp.entrust.net03
|
unknown
|
||
|
https://115.178.55.22:80/kwxkonang/
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
|
unknown
|
||
|
http://www.diginotar.nl/cps/pkioverheid0
|
unknown
|
||
|
http://hsweixintp.com/wp-admin/4m1WxDxza6D8SVrfF/
|
45.207.116.88
|
||
|
https://172.105.115.71:8080/tfvz/aazuhijovhmgjyf/frsdlxdmvshfvd/
|
unknown
|
||
|
http://www.stickers-et-deco.com/admin002vqimbe/hRFZkkzLIl/
|
163.172.108.69
|
||
|
http://ocsp.entrust.net0D
|
unknown
|
||
|
https://secure.comodo.com/CPS0
|
unknown
|
||
|
http://crl.entrust.net/2048ca.crl0
|
unknown
|
||
|
https://115.178.55.22:80/tfvz/aazuhijovhmgjyf/frsdlxdmvshfvd/
|
unknown
|
There are 8 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
www.cecambrils.cat
|
unknown
|
|
|
|
www.hsweixintp.com
|
45.207.116.88
|
||
|
cecambrils.cat
|
185.23.117.132
|
||
|
www.stickers-et-deco.com
|
163.172.108.69
|
||
|
web15f04.uni5.net
|
187.1.136.16
|
||
|
www.clinicaportalpsicologia.com.br
|
unknown
|
||
|
hsweixintp.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
172.105.115.71
|
unknown
|
United States
|
|
|
|
188.165.79.151
|
unknown
|
France
|
|
|
|
196.44.98.190
|
unknown
|
Ghana
|
|
|
|
174.138.33.49
|
unknown
|
United States
|
|
|
|
36.67.23.59
|
unknown
|
Indonesia
|
|
|
|
103.41.204.169
|
unknown
|
Indonesia
|
|
|
|
85.214.67.203
|
unknown
|
Germany
|
|
|
|
83.229.80.93
|
unknown
|
United Kingdom
|
|
|
|
198.199.70.22
|
unknown
|
United States
|
|
|
|
93.104.209.107
|
unknown
|
Germany
|
|
|
|
186.250.48.5
|
unknown
|
Brazil
|
|
|
|
209.239.112.82
|
unknown
|
United States
|
|
|
|
175.126.176.79
|
unknown
|
Korea Republic of
|
|
|
|
128.199.242.164
|
unknown
|
United Kingdom
|
|
|
|
178.238.225.252
|
unknown
|
Germany
|
|
|
|
46.101.98.60
|
unknown
|
Netherlands
|
|
|
|
190.145.8.4
|
unknown
|
Colombia
|
|
|
|
82.98.180.154
|
unknown
|
Spain
|
|
|
|
103.71.99.57
|
unknown
|
India
|
|
|
|
87.106.97.83
|
unknown
|
Germany
|
|
|
|
103.254.12.236
|
unknown
|
Viet Nam
|
|
|
|
103.85.95.4
|
unknown
|
Indonesia
|
|
|
|
202.134.4.210
|
unknown
|
Indonesia
|
|
|
|
165.22.254.236
|
unknown
|
United States
|
|
|
|
78.47.204.80
|
unknown
|
Germany
|
|
|
|
118.98.72.86
|
unknown
|
Indonesia
|
|
|
|
139.59.80.108
|
unknown
|
Singapore
|
|
|
|
104.244.79.94
|
unknown
|
United States
|
|
|
|
37.44.244.177
|
unknown
|
Germany
|
|
|
|
51.75.33.122
|
unknown
|
France
|
|
|
|
160.16.143.191
|
unknown
|
Japan
|
|
|
|
103.56.149.105
|
unknown
|
Indonesia
|
|
|
|
85.25.120.45
|
unknown
|
Germany
|
|
|
|
139.196.72.155
|
unknown
|
China
|
|
|
|
115.178.55.22
|
unknown
|
Indonesia
|
|
|
|
103.126.216.86
|
unknown
|
Bangladesh
|
|
|
|
128.199.217.206
|
unknown
|
United Kingdom
|
|
|
|
114.79.130.68
|
unknown
|
India
|
|
|
|
103.224.241.74
|
unknown
|
India
|
|
|
|
210.57.209.142
|
unknown
|
Indonesia
|
|
|
|
202.28.34.99
|
unknown
|
Thailand
|
|
|
|
80.211.107.116
|
unknown
|
Italy
|
|
|
|
54.37.228.122
|
unknown
|
France
|
|
|
|
218.38.121.17
|
unknown
|
Korea Republic of
|
|
|
|
185.148.169.10
|
unknown
|
Germany
|
|
|
|
195.77.239.39
|
unknown
|
Spain
|
|
|
|
178.62.112.199
|
unknown
|
European Union
|
|
|
|
62.171.178.147
|
unknown
|
United Kingdom
|
|
|
|
64.227.55.231
|
unknown
|
United States
|
|
|
|
187.1.136.16
|
web15f04.uni5.net
|
Brazil
|
||
|
45.207.116.88
|
www.hsweixintp.com
|
Seychelles
|
||
|
163.172.108.69
|
www.stickers-et-deco.com
|
United Kingdom
|
||
|
185.23.117.132
|
cecambrils.cat
|
United Kingdom
|
There are 43 hidden IPs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
xoEOackyxDExhQ.dll
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
5v1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\64DA3
|
64DA3
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
g.1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\6FE6B
|
6FE6B
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
There are 33 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
4D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
2011000
|
direct allocation
|
page execute read
|
|
|
|
1EA000
|
heap
|
page read and write
|
|
|
|
211000
|
direct allocation
|
page execute read
|
|
|
|
160000
|
direct allocation
|
page execute and read and write
|
|
|
|
2031000
|
direct allocation
|
page execute read
|
|
|
|
2B0000
|
direct allocation
|
page execute and read and write
|
|
|
|
2FA000
|
heap
|
page read and write
|
|
|
|
23D000
|
heap
|
page read and write
|
||
|
20EB000
|
heap
|
page read and write
|
||
|
BE000
|
heap
|
page read and write
|
||
|
287E000
|
stack
|
page read and write
|
||
|
29A0000
|
heap
|
page read and write
|
||
|
325000
|
heap
|
page read and write
|
||
|
18004C000
|
unkown
|
page readonly
|
||
|
1B6000
|
heap
|
page read and write
|
||
|
390000
|
heap
|
page read and write
|
||
|
2E3000
|
heap
|
page read and write
|
||
|
205C000
|
direct allocation
|
page read and write
|
||
|
3D6000
|
heap
|
page read and write
|
||
|
37F000
|
stack
|
page read and write
|
||
|
203C000
|
direct allocation
|
page read and write
|
||
|
3280000
|
heap
|
page read and write
|
||
|
381000
|
heap
|
page read and write
|
||
|
366000
|
heap
|
page read and write
|
||
|
20FB000
|
heap
|
page read and write
|
||
|
1B4000
|
heap
|
page read and write
|
||
|
17A000
|
heap
|
page read and write
|
||
|
216B000
|
heap
|
page read and write
|
||
|
37C000
|
heap
|
page read and write
|
||
|
27C000
|
stack
|
page read and write
|
||
|
203B000
|
direct allocation
|
page readonly
|
||
|
211B000
|
heap
|
page read and write
|
||
|
291C000
|
stack
|
page read and write
|
||
|
2F5F000
|
stack
|
page read and write
|
||
|
3C4000
|
heap
|
page read and write
|
||
|
20E5000
|
heap
|
page read and write
|
||
|
FD000
|
stack
|
page read and write
|
||
|
233C000
|
stack
|
page read and write
|
||
|
2EDE000
|
stack
|
page read and write
|
||
|
216B000
|
heap
|
page read and write
|
||
|
240000
|
remote allocation
|
page read and write
|
||
|
3C6000
|
heap
|
page read and write
|
||
|
369000
|
heap
|
page read and write
|
||
|
26D000
|
heap
|
page read and write
|
||
|
269000
|
heap
|
page read and write
|
||
|
1E3000
|
heap
|
page read and write
|
||
|
2C0000
|
heap
|
page read and write
|
||
|
190000
|
heap
|
page read and write
|
||
|
D3000
|
heap
|
page read and write
|
||
|
28E0000
|
heap
|
page read and write
|
||
|
173000
|
heap
|
page read and write
|
||
|
2DDE000
|
stack
|
page read and write
|
||
|
2235000
|
heap
|
page read and write
|
||
|
246000
|
heap
|
page read and write
|
||
|
2509000
|
stack
|
page read and write
|
||
|
255000
|
heap
|
page read and write
|
||
|
20FB000
|
heap
|
page read and write
|
||
|
2A60000
|
heap
|
page read and write
|
||
|
205B000
|
direct allocation
|
page readonly
|
||
|
406000
|
heap
|
page read and write
|
||
|
2C2E000
|
stack
|
page read and write
|
||
|
28AC000
|
stack
|
page read and write
|
||
|
240000
|
trusted library allocation
|
page read and write
|
||
|
240000
|
remote allocation
|
page read and write
|
||
|
2065000
|
heap
|
page read and write
|
||
|
214B000
|
heap
|
page read and write
|
||
|
216B000
|
heap
|
page read and write
|
||
|
2111000
|
heap
|
page read and write
|
||
|
2A0000
|
heap
|
page read and write
|
||
|
20E0000
|
heap
|
page read and write
|
||
|
210000
|
direct allocation
|
page read and write
|
||
|
23D000
|
direct allocation
|
page readonly
|
||
|
6F4000
|
heap
|
page read and write
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
1FF000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
A2F000
|
stack
|
page read and write
|
||
|
214B000
|
heap
|
page read and write
|
||
|
23B000
|
direct allocation
|
page readonly
|
||
|
300000
|
trusted library allocation
|
page read and write
|
||
|
322F000
|
stack
|
page read and write
|
||
|
18009B000
|
unkown
|
page readonly
|
||
|
2010000
|
direct allocation
|
page read and write
|
||
|
37C000
|
heap
|
page read and write
|
||
|
2DE000
|
heap
|
page read and write
|
||
|
4BA000
|
heap
|
page read and write
|
||
|
20CC000
|
heap
|
page read and write
|
||
|
2F0000
|
heap
|
page read and write
|
||
|
DA000
|
heap
|
page read and write
|
||
|
380000
|
heap
|
page read and write
|
||
|
217A000
|
heap
|
page read and write
|
||
|
444000
|
heap
|
page read and write
|
||
|
2C3D000
|
stack
|
page read and write
|
||
|
32EF000
|
stack
|
page read and write
|
||
|
214B000
|
heap
|
page read and write
|
||
|
240E000
|
stack
|
page read and write
|
||
|
2F4000
|
heap
|
page read and write
|
||
|
214B000
|
heap
|
page read and write
|
||
|
26E000
|
heap
|
page read and write
|
||
|
310000
|
remote allocation
|
page read and write
|
||
|
259000
|
heap
|
page read and write
|
||
|
49E000
|
heap
|
page read and write
|
||
|
120000
|
heap
|
page read and write
|
||
|
80000
|
heap
|
page read and write
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
2230000
|
heap
|
page read and write
|
||
|
130000
|
direct allocation
|
page execute and read and write
|
||
|
2189000
|
heap
|
page read and write
|
||
|
20C0000
|
heap
|
page read and write
|
||
|
2D5E000
|
stack
|
page read and write
|
||
|
209B000
|
heap
|
page read and write
|
||
|
180098000
|
unkown
|
page read and write
|
||
|
197000
|
heap
|
page read and write
|
||
|
2EA000
|
heap
|
page read and write
|
||
|
2095000
|
heap
|
page read and write
|
||
|
2C70000
|
heap
|
page read and write
|
||
|
270000
|
heap
|
page read and write
|
||
|
3E4000
|
heap
|
page read and write
|
||
|
216B000
|
heap
|
page read and write
|
||
|
467000
|
heap
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
220B000
|
heap
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
290000
|
heap
|
page read and write
|
||
|
376000
|
heap
|
page read and write
|
||
|
380000
|
heap
|
page read and write
|
||
|
20C1000
|
heap
|
page read and write
|
||
|
2B6000
|
heap
|
page read and write
|
||
|
1F9000
|
heap
|
page read and write
|
||
|
180000
|
heap
|
page read and write
|
||
|
2114000
|
heap
|
page read and write
|
||
|
381000
|
heap
|
page read and write
|
||
|
3E0000
|
heap
|
page read and write
|
||
|
15E000
|
heap
|
page read and write
|
||
|
3230000
|
heap
|
page read and write
|
||
|
3F0000
|
heap
|
page read and write
|
||
|
25A000
|
heap
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
20CB000
|
heap
|
page read and write
|
||
|
1CE000
|
heap
|
page read and write
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
486000
|
heap
|
page read and write
|
||
|
211000
|
heap
|
page read and write
|
||
|
20C000
|
stack
|
page read and write
|
||
|
20D1000
|
heap
|
page read and write
|
||
|
426000
|
heap
|
page read and write
|
||
|
2C4000
|
heap
|
page read and write
|
||
|
596000
|
heap
|
page read and write
|
||
|
18009B000
|
unkown
|
page readonly
|
||
|
211000
|
heap
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
306000
|
heap
|
page read and write
|
||
|
3A0000
|
heap
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
365000
|
heap
|
page read and write
|
||
|
155000
|
heap
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2060000
|
heap
|
page read and write
|
||
|
87000
|
heap
|
page read and write
|
||
|
20B5000
|
heap
|
page read and write
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
127000
|
heap
|
page read and write
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
460000
|
heap
|
page read and write
|
||
|
320000
|
heap
|
page read and write
|
||
|
2114000
|
heap
|
page read and write
|
||
|
211D000
|
heap
|
page read and write
|
||
|
280000
|
heap
|
page read and write
|
||
|
310000
|
trusted library allocation
|
page read and write
|
||
|
23EC000
|
stack
|
page read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
450000
|
heap
|
page read and write
|
||
|
211D000
|
heap
|
page read and write
|
||
|
440000
|
heap
|
page read and write
|
||
|
1A0000
|
heap
|
page read and write
|
||
|
205D000
|
direct allocation
|
page readonly
|
||
|
2030000
|
direct allocation
|
page read and write
|
||
|
20D1000
|
heap
|
page read and write
|
||
|
2A0000
|
heap
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
36A000
|
heap
|
page read and write
|
||
|
321000
|
heap
|
page read and write
|
||
|
20CC000
|
heap
|
page read and write
|
||
|
251E000
|
stack
|
page read and write
|
||
|
200000
|
heap
|
page read and write
|
||
|
2171000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
6CE000
|
stack
|
page read and write
|
||
|
23C000
|
direct allocation
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
4B3000
|
heap
|
page read and write
|
||
|
2F3000
|
heap
|
page read and write
|
||
|
2090000
|
heap
|
page read and write
|
||
|
29FC000
|
stack
|
page read and write
|
||
|
2E0000
|
direct allocation
|
page execute and read and write
|
||
|
269000
|
heap
|
page read and write
|
||
|
2114000
|
heap
|
page read and write
|
||
|
180098000
|
unkown
|
page read and write
|
||
|
297000
|
heap
|
page read and write
|
||
|
18004C000
|
unkown
|
page readonly
|
||
|
234F000
|
stack
|
page read and write
|
||
|
22CF000
|
stack
|
page read and write
|
||
|
21D0000
|
heap
|
page read and write
|
||
|
20C000
|
stack
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2130000
|
heap
|
page read and write
|
||
|
2D6000
|
heap
|
page read and write
|
||
|
1B0000
|
heap
|
page read and write
|
||
|
266000
|
heap
|
page read and write
|
||
|
2E10000
|
heap
|
page read and write
|
||
|
504000
|
heap
|
page read and write
|
||
|
379000
|
heap
|
page read and write
|
||
|
207000
|
heap
|
page read and write
|
||
|
5D6000
|
heap
|
page read and write
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
310000
|
remote allocation
|
page read and write
|
||
|
2B0000
|
direct allocation
|
page execute and read and write
|
||
|
2D0000
|
heap
|
page read and write
|
||
|
321000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
20B0000
|
heap
|
page read and write
|
||
|
18004C000
|
unkown
|
page readonly
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2CE000
|
heap
|
page read and write
|
||
|
203D000
|
direct allocation
|
page readonly
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
180098000
|
unkown
|
page read and write
|
||
|
369000
|
heap
|
page read and write
|
||
|
271000
|
heap
|
page read and write
|
||
|
226B000
|
heap
|
page read and write
|
||
|
2D8C000
|
stack
|
page read and write
|
||
|
7EFE0000
|
unkown
|
page readonly
|
||
|
248C000
|
stack
|
page read and write
|
||
|
594000
|
heap
|
page read and write
|
||
|
18009B000
|
unkown
|
page readonly
|
||
|
2A7000
|
heap
|
page read and write
|
||
|
20FB000
|
heap
|
page read and write
|
||
|
379000
|
heap
|
page read and write
|
||
|
212C000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
249F000
|
stack
|
page read and write
|
||
|
DC000
|
stack
|
page read and write
|
||
|
270000
|
heap
|
page read and write
|
||
|
2131000
|
heap
|
page read and write
|
||
|
2040000
|
trusted library allocation
|
page read and write
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
338F000
|
stack
|
page read and write
|
||
|
20FB000
|
heap
|
page read and write
|
||
|
466000
|
heap
|
page read and write
|
||
|
2167000
|
heap
|
page read and write
|
||
|
330000
|
heap
|
page read and write
|
||
|
10C000
|
stack
|
page read and write
|
||
|
21D5000
|
heap
|
page read and write
|
||
|
24B000
|
heap
|
page read and write
|
||
|
2A80000
|
heap
|
page read and write
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
1A0000
|
heap
|
page read and write
|
||
|
271000
|
heap
|
page read and write
|
||
|
150000
|
heap
|
page read and write
|
||
|
10C000
|
stack
|
page read and write
|
||
|
2130000
|
heap
|
page read and write
|
||
|
376000
|
heap
|
page read and write
|
||
|
213B000
|
heap
|
page read and write
|
There are 256 hidden memdumps, click here to show them.