IOC Report
marzo.txt.url

loading gif

Files

File Path
Type
Category
Malicious
marzo.txt.url
MS Windows 95 Internet shortcut text (URL=<file://46.8.19.120/Agenzia/server.exe>), ASCII text, with CRLF line terminators
initial sample
malicious
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_13929_20386-20230315T1230440507-6104.etl
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.xml
XML 1.0 document, ASCII text, with very long lines (424), with CRLF line terminators
modified
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
data
dropped

Processes

Path
Cmdline
Malicious
\Device\Mup\46.8.19.120\Agenzia\server.exe
"\\46.8.19.120\Agenzia\server.exe"
malicious
\Device\Mup\46.8.19.120\Agenzia\server.exe
"\\46.8.19.120\Agenzia\server.exe"
malicious
C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
"C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE" /PIM NoEmail

URLs

Name
IP
Malicious
http://5.44.43.17/
unknown
http://5.44.43.17/drew/ZSasVN0fLMcptc05TEVCa/mWgPW7Eo_2Fhz8Y6/Fz7ovUnPPN6ieZv/4FY_2FkRwgHKarRxmu/cK8
unknown
http://5.44.43.17/~
unknown
http://5.44.43.17/b2c5-fe065076e0a1
unknown
http://checklist.skype.com/drew/XaKJ910OZ6OkzOiEp1j_2/BGdUIBHp_2FM8Z2X/fEGunvRWGFrRGJ9/FM827N5CFAo37
unknown
http://checklist.skype.com/drew/p8a6EJ5vt4U/NrIUl_2BZrXy6_/2BoMtuVkg7FYSQnXs7vFZ/T_2BtMhNb_2F_2Bq/Vr
unknown

Domains

Name
IP
Malicious
checklist.skype.com
unknown

IPs

IP
Domain
Country
Malicious
5.44.43.17
unknown
Russian Federation
malicious
192.229.221.95
unknown
United States

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\Settings\Data
global_Accessibility_ReminderType
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\9207f3e0a3b11019908b08002b2a56c2
11023d05
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{AA8FA310-0939-4CE3-B9BB-AE05B2695110}
5
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{AA8FA310-0939-4CE3-B9BB-AE05B2695110}
Categories
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{691E1C12-2693-4D4A-852C-7478657BBE6E}
255
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{691E1C12-2693-4D4A-852C-7478657BBE6E}
Categories
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{287BF315-5A11-4B2F-B069-B761ADE25A49}
4
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{287BF315-5A11-4B2F-B069-B761ADE25A49}
Categories
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{6B6B571B-F4E3-4FBB-A83F-0790D11D19AB}
255
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{6B6B571B-F4E3-4FBB-A83F-0790D11D19AB}
Categories
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{284B8D30-4AA6-4A0F-9143-CE2E8E1F10F0}
255
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{284B8D30-4AA6-4A0F-9143-CE2E8E1F10F0}
Categories
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{F762CE39-AC6C-4E1C-B55F-0E11586E6D07}
5
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{F762CE39-AC6C-4E1C-B55F-0E11586E6D07}
Categories
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{02CAC15F-D4BE-400E-9127-D54982AA4AE9}
5
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{02CAC15F-D4BE-400E-9127-D54982AA4AE9}
Categories
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{11ADBD74-7DF2-4E8E-802B-B3BCBFD04A78}
5
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{11ADBD74-7DF2-4E8E-802B-B3BCBFD04A78}
Categories
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{02FD33DF-F746-4A10-93A0-2BC6273BC8E4}
4
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{02FD33DF-F746-4A10-93A0-2BC6273BC8E4}
Categories
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{13967EE5-6B23-4BCD-A496-1D788449A8CF}
4
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{13967EE5-6B23-4BCD-A496-1D788449A8CF}
Categories
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ULSMonitor
ULSTagIds0
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ULSMonitor
ULSCategoriesSeverities
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{AA8FA310-0939-4CE3-B9BB-AE05B2695110}
5
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{AA8FA310-0939-4CE3-B9BB-AE05B2695110}
Categories
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{691E1C12-2693-4D4A-852C-7478657BBE6E}
255
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{691E1C12-2693-4D4A-852C-7478657BBE6E}
Categories
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{287BF315-5A11-4B2F-B069-B761ADE25A49}
4
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{287BF315-5A11-4B2F-B069-B761ADE25A49}
Categories
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{6B6B571B-F4E3-4FBB-A83F-0790D11D19AB}
255
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{6B6B571B-F4E3-4FBB-A83F-0790D11D19AB}
Categories
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{284B8D30-4AA6-4A0F-9143-CE2E8E1F10F0}
255
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{284B8D30-4AA6-4A0F-9143-CE2E8E1F10F0}
Categories
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{F762CE39-AC6C-4E1C-B55F-0E11586E6D07}
5
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{F762CE39-AC6C-4E1C-B55F-0E11586E6D07}
Categories
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{02CAC15F-D4BE-400E-9127-D54982AA4AE9}
5
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{02CAC15F-D4BE-400E-9127-D54982AA4AE9}
Categories
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{11ADBD74-7DF2-4E8E-802B-B3BCBFD04A78}
5
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{11ADBD74-7DF2-4E8E-802B-B3BCBFD04A78}
Categories
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{02FD33DF-F746-4A10-93A0-2BC6273BC8E4}
4
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{02FD33DF-F746-4A10-93A0-2BC6273BC8E4}
Categories
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{13967EE5-6B23-4BCD-A496-1D788449A8CF}
4
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ETWMonitor\{13967EE5-6B23-4BCD-A496-1D788449A8CF}
Categories
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ULSMonitor
ULSTagIds0
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\outlook.exe\ULSMonitor
ULSCategoriesSeverities
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
000b046b
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Office Explorer
Frame
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
1102039b
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\NoEmail\0a0d020000000000c000000000000046
000b0415
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Toolbars\Settings
Microsoft Outlook
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\GracefulExit\OUTLOOK\6104
0
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook
PreviousSessionData
HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\Settings
Accounts
HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\Settings\Data
global_AccountsNeedResyncing
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Search\Catalog
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst
There are 46 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
5588000
heap
page read and write
malicious
5458000
heap
page read and write
malicious
5588000
heap
page read and write
malicious
6E9B4FE000
stack
page read and write
48E0000
heap
page read and write
4A80000
heap
page read and write
2344B24B000
heap
page read and write
2344B262000
heap
page read and write
2344B26F000
heap
page read and write
2AE9000
unkown
page readonly
2344B259000
heap
page read and write
2344B283000
heap
page read and write
2344B23A000
heap
page read and write
2344B299000
heap
page read and write
2344BD82000
heap
page read and write
5060000
heap
page read and write
2344B259000
heap
page read and write
2344B2B8000
heap
page read and write
2344BED9000
heap
page read and write
2AFBE700000
heap
page read and write
2344B24F000
heap
page read and write
2344B26F000
heap
page read and write
2344B1F2000
heap
page read and write
2344B274000
heap
page read and write
2344B2A7000
heap
page read and write
2344BD87000
heap
page read and write
2344B2AD000
heap
page read and write
2344B2B7000
heap
page read and write
2D30000
heap
page read and write
2344B2B3000
heap
page read and write
2344B263000
heap
page read and write
2AFBE702000
heap
page read and write
2B63000
direct allocation
page execute and read and write
2344B241000
heap
page read and write
2344B2BD000
heap
page read and write
2344B2A5000
heap
page read and write
4FCE000
stack
page read and write
2344B2A5000
heap
page read and write
2344B2AA000
heap
page read and write
2344B24B000
heap
page read and write
2B70000
direct allocation
page read and write
2344B1C0000
heap
page read and write
2344B2AC000
heap
page read and write
2344B257000
heap
page read and write
2344B2BC000
heap
page read and write
2344BD00000
heap
page read and write
2344B23B000
heap
page read and write
2B85000
heap
page read and write
2344BBEA000
heap
page read and write
20000
heap
page read and write
2B90000
heap
page read and write
2AFBEE02000
heap
page read and write
2344B1E1000
heap
page read and write
4F80000
heap
page read and write
2344B27B000
heap
page read and write
2344B23D000
heap
page read and write
2344B298000
heap
page read and write
2344B29D000
heap
page read and write
427000
unkown
page read and write
49B0000
heap
page read and write
2344B2BA000
heap
page read and write
D18537B000
stack
page read and write
2344B2A3000
heap
page read and write
4EA0000
heap
page read and write
2344B205000
heap
page read and write
2344B259000
heap
page read and write
2344BBE0000
heap
page read and write
2344B298000
heap
page read and write
2344B28D000
heap
page read and write
2344B245000
heap
page read and write
2344B1E8000
heap
page read and write
2344B27A000
heap
page read and write
2344B242000
heap
page read and write
2B67000
direct allocation
page execute and read and write
48AC000
stack
page read and write
2344BEE1000
heap
page read and write
4F98000
heap
page read and write
2344B26F000
heap
page read and write
2AFBE640000
heap
page read and write
2B70000
heap
page read and write
19C000
stack
page read and write
6E9B47E000
stack
page read and write
2344B251000
heap
page read and write
40A000
unkown
page execute and read and write
2344BEDC000
heap
page read and write
4F0E000
stack
page read and write
2AFBE62A000
heap
page read and write
2344B237000
heap
page read and write
40D000
unkown
page execute and read and write
2F0F000
stack
page read and write
4DF9000
heap
page read and write
2344B24F000
heap
page read and write
2344B247000
heap
page read and write
2AFBE64B000
heap
page read and write
2B64000
direct allocation
page execute and read and write
2344B26C000
heap
page read and write
2344B251000
heap
page read and write
4A20000
heap
page read and write
2344B265000
heap
page read and write
2344B274000
heap
page read and write
2344B25D000
heap
page read and write
D185476000
stack
page read and write
2344B292000
heap
page read and write
2C47000
heap
page read and write
2344B251000
heap
page read and write
2344BD8A000
heap
page read and write
5BAB000
stack
page read and write
2344B28E000
heap
page read and write
2AFBE688000
heap
page read and write
2AFBE659000
heap
page read and write
2344B251000
heap
page read and write
2344BD8A000
heap
page read and write
2C8D000
heap
page read and write
2344B280000
heap
page read and write
9D000
stack
page read and write
427000
unkown
page read and write
2344B2A3000
heap
page read and write
2344BD83000
heap
page read and write
2B8C000
unclassified section
page readonly
2344B254000
heap
page read and write
2344B238000
heap
page read and write
2BE1000
unclassified section
page execute read
D18527F000
stack
page read and write
2344BD8B000
heap
page read and write
2344BD8E000
heap
page read and write
4E78000
heap
page read and write
2344B289000
heap
page read and write
2344B292000
heap
page read and write
2344B24B000
heap
page read and write
2344B2A7000
heap
page read and write
2CB4000
heap
page read and write
2344BBF0000
heap
page read and write
2344B27E000
heap
page read and write
2344B298000
heap
page read and write
50EE000
stack
page read and write
2344B2B5000
heap
page read and write
2344BD85000
heap
page read and write
2344B265000
heap
page read and write
D18507E000
stack
page read and write
2344B222000
heap
page read and write
2344B24C000
heap
page read and write
2344B20E000
heap
page read and write
2344B28B000
heap
page read and write
2B80000
unclassified section
page read and write
40B000
unkown
page execute and read and write
2344B2B2000
heap
page read and write
2AFBE600000
heap
page read and write
2344B27F000
heap
page read and write
4F19000
heap
page read and write
2B81000
unclassified section
page execute read
2344B265000
heap
page read and write
2344B26F000
heap
page read and write
6E9B5FE000
stack
page read and write
2344B2BC000
heap
page read and write
2344B222000
heap
page read and write
2344B2AC000
heap
page read and write
2344B23A000
heap
page read and write
2344B22F000
heap
page read and write
2C51000
heap
page execute and read and write
410000
unkown
page read and write
2344B200000
heap
page read and write
2344B2AC000
heap
page read and write
47AE000
stack
page read and write
500E000
stack
page read and write
2344B24C000
heap
page read and write
2DA6000
heap
page read and write
2344B204000
heap
page read and write
2344B28E000
heap
page read and write
2B95000
heap
page read and write
2344B27A000
heap
page read and write
4A7E000
stack
page read and write
558B000
heap
page read and write
2CCB000
heap
page read and write
2344B288000
heap
page read and write
2344B2AA000
heap
page read and write
2CAE000
heap
page read and write
2344B29C000
heap
page read and write
2AFBE4C0000
heap
page read and write
4E78000
heap
page read and write
2D87000
heap
page read and write
2AFBE664000
heap
page read and write
2344B262000
heap
page read and write
4A0E000
stack
page read and write
20000
heap
page read and write
59DF000
stack
page read and write
D18557E000
stack
page read and write
2344BD87000
heap
page read and write
50AF000
stack
page read and write
2344B4A0000
heap
page read and write
2344B265000
heap
page read and write
2BCC000
stack
page read and write
2344B290000
heap
page read and write
2344B26B000
heap
page read and write
2BE9000
unclassified section
page readonly
2344B1DA000
heap
page read and write
2344B25D000
heap
page read and write
2344B29D000
heap
page read and write
1FE000
stack
page read and write
2D4C000
heap
page execute and read and write
2344B243000
heap
page read and write
2344B259000
heap
page read and write
2344B27B000
heap
page read and write
2344BD8A000
heap
page read and write
2344BEDE000
heap
page read and write
2CAC000
stack
page read and write
2344B262000
heap
page read and write
2344B262000
heap
page read and write
5190000
heap
page read and write
6E9B57C000
stack
page read and write
2344B288000
heap
page read and write
2AFBE681000
heap
page read and write
2344B24E000
heap
page read and write
2344B267000
heap
page read and write
2344B259000
heap
page read and write
2344B238000
heap
page read and write
2CC4000
heap
page read and write
2B8A000
unclassified section
page read and write
2344B26F000
heap
page read and write
4F24000
heap
page read and write
2B5E000
stack
page read and write
2344BED0000
heap
page read and write
2344B29B000
heap
page read and write
2344B235000
heap
page read and write
403000
unkown
page execute and read and write
4F4E000
stack
page read and write
2344BBEC000
heap
page read and write
496E000
stack
page read and write
2344B288000
heap
page read and write
2344B1A0000
heap
page read and write
2344B257000
heap
page read and write
2AFBE63A000
heap
page read and write
5AAD000
stack
page read and write
2344B274000
heap
page read and write
2AFBE713000
heap
page read and write
2344B283000
heap
page read and write
2344B25C000
heap
page read and write
D1851FB000
stack
page read and write
2344B213000
heap
page read and write
2344B20B000
heap
page read and write
2344B257000
heap
page read and write
2344B267000
heap
page read and write
2B89000
unclassified section
page readonly
2344B2A5000
heap
page read and write
2AFBE613000
heap
page read and write
2344B27B000
heap
page read and write
2DBB000
heap
page read and write
2344B1F6000
heap
page read and write
2344B245000
heap
page read and write
D184DDB000
stack
page read and write
2D62000
heap
page read and write
2344B2AA000
heap
page read and write
2344BD84000
heap
page read and write
2AFBEE15000
heap
page read and write
2344B212000
heap
page read and write
492E000
stack
page read and write
10000
heap
page read and write
2344B23B000
heap
page read and write
2344BEE4000
heap
page read and write
9D000
stack
page read and write
2344B24E000
heap
page read and write
5CAF000
stack
page read and write
2344BD80000
heap
page read and write
2BEA000
unclassified section
page read and write
2344B241000
heap
page read and write
400000
unkown
page readonly
4930000
heap
page read and write
2344B28B000
heap
page read and write
2344B27B000
heap
page read and write
2344B24E000
heap
page read and write
2344B26C000
heap
page read and write
2344B274000
heap
page read and write
5BDB000
stack
page read and write
401000
unkown
page execute read
2D3D000
heap
page read and write
58AF000
stack
page read and write
410000
unkown
page read and write
2344B259000
heap
page read and write
2344B280000
heap
page read and write
2344B4A5000
heap
page read and write
2344BBEA000
heap
page read and write
D1850FF000
stack
page read and write
2344B238000
heap
page read and write
D18577E000
stack
page read and write
48CC000
stack
page read and write
4B2F000
stack
page read and write
2344B2AC000
heap
page read and write
2344B28E000
heap
page read and write
2CF0000
heap
page read and write
2344B22F000
heap
page read and write
6E9B6FE000
stack
page read and write
2344BBFC000
heap
page read and write
2C66000
heap
page read and write
2344B2A7000
heap
page read and write
2344B257000
heap
page read and write
49AE000
stack
page read and write
2344B282000
heap
page read and write
2344B29E000
heap
page read and write
2C40000
heap
page read and write
2344B217000
heap
page read and write
2344B2AA000
heap
page read and write
5ADD000
stack
page read and write
2AFBE450000
heap
page read and write
2344B21C000
heap
page read and write
2344B274000
heap
page read and write
2344BC04000
heap
page read and write
D18567E000
stack
page read and write
2B80000
heap
page read and write
6E9B67B000
stack
page read and write
2344B24C000
heap
page read and write
2344B21A000
heap
page read and write
2344B25D000
heap
page read and write
5CDF000
stack
page read and write
2344B2BE000
heap
page read and write
2344BBFD000
heap
page read and write
2344BED7000
heap
page read and write
2344B1C8000
heap
page read and write
2344B262000
heap
page read and write
4B6E000
stack
page read and write
410000
unkown
page write copy
2344BEDB000
heap
page read and write
2344B274000
heap
page read and write
2344B2A7000
heap
page read and write
2344B1DF000
heap
page read and write
2344BEE6000
heap
page read and write
19C000
stack
page read and write
2344B130000
heap
page read and write
490E000
stack
page read and write
407000
unkown
page execute and read and write
2344B296000
heap
page read and write
2344B20C000
heap
page read and write
59AF000
stack
page read and write
2344B21B000
heap
page read and write
2AFBE5C0000
trusted library allocation
page read and write
2344B298000
heap
page read and write
5DAE000
stack
page read and write
2344B288000
heap
page read and write
2344B22A000
heap
page read and write
2D3A000
heap
page read and write
400000
unkown
page execute and read and write
2344B295000
heap
page read and write
2344B27B000
heap
page read and write
2344B229000
heap
page read and write
6E9B1D7000
stack
page read and write
2344B2B3000
heap
page read and write
6E9B77F000
stack
page read and write
2AFBE460000
heap
page read and write
2344B259000
heap
page read and write
2344B251000
heap
page read and write
4BA0000
heap
page read and write
2B60000
direct allocation
page execute and read and write
2B66000
direct allocation
page execute and read and write
2344B25D000
heap
page read and write
2344BBF0000
heap
page read and write
2344B2BA000
heap
page read and write
2344BBF5000
heap
page read and write
2344B287000
heap
page read and write
2344B24C000
heap
page read and write
4A3F000
stack
page read and write
2C2E000
stack
page read and write
2344B27F000
heap
page read and write
2344B27D000
heap
page read and write
405000
unkown
page execute and read and write
2AFBEE00000
heap
page read and write
40E000
unkown
page execute and read and write
558B000
heap
page read and write
10000
heap
page read and write
408000
unkown
page execute and read and write
2344B180000
heap
page read and write
2344B240000
heap
page read and write
There are 359 hidden memdumps, click here to show them.