Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
4470_02112022.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Gydar, Last Saved
By: Gydar, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date:
Wed Nov 2 06:43:53 2022, Security: 0
|
initial sample
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\40hd04O0[1].dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\Desktop\4470_02112022.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Gydar, Last Saved
By: Gydar, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date:
Wed Nov 2 06:43:53 2022, Security: 0
|
dropped
|
||
C:\Users\user\oxnv4.ooccxx
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Windows\System32\SnILCOTnpOOFucYhP\FatGkw.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\~DFF4CE5664A8A889FE.TMP
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\8PWG8A6W.txt
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\BZQ2JIWJ.txt
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\CKTKLCSO.txt
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\FBMK8V7A.txt
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\HC8X1KC5.txt
|
ASCII text
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
|
||
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe ..\oxnv1.ooccxx
|
||
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe ..\oxnv2.ooccxx
|
||
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe ..\oxnv3.ooccxx
|
||
C:\Windows\System32\regsvr32.exe
|
C:\Windows\System32\regsvr32.exe ..\oxnv4.ooccxx
|
||
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\SnILCOTnpOOFucYhP\FatGkw.dll"
|
||
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe" "C:\Windows\system32\SnILCOTnpOOFucYhP\FatGkw.dll
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://www.3d-stickers.com/Content/Afa1PcRuxh/
|
163.172.108.69
|
||
https://218.38.121.17/
|
218.38.121.17
|
||
https://www.3d-stickers.com/page-non-trouvee
|
163.172.108.69
|
||
http://www.3d-stickers.com/Content/Afa1PcRuxh/
|
163.172.108.69
|
||
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
|
unknown
|
||
http://crl.entrust.net/server1.crl0
|
unknown
|
||
http://ocsp.entrust.net03
|
unknown
|
||
https://www.spinbalence.com/Adapter/moycMR/
|
163.172.115.127
|
||
https://www.spinbalence.com/index.php?controller=404
|
163.172.115.127
|
||
http://navylin.com/bsavxiv/axHQYKl/
|
47.92.133.65
|
||
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
|
unknown
|
||
https://secure.comodo.co
|
unknown
|
||
http://www.diginotar.nl/cps/pkioverheid0
|
unknown
|
||
http://www.spinbalence.com/Adapter/moycMR/
|
163.172.115.127
|
||
http://ocsp.entrust.net0D
|
unknown
|
||
https://secure.comodo.com/CPS0
|
unknown
|
||
http://crl.entrust.net/2048ca.crl0
|
unknown
|
There are 7 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
sat7ate.com
|
unknown
|
||
www.3d-stickers.com
|
163.172.108.69
|
||
www.spinbalence.com
|
163.172.115.127
|
||
navylin.com
|
47.92.133.65
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
188.165.79.151
|
unknown
|
France
|
||
196.44.98.190
|
unknown
|
Ghana
|
||
174.138.33.49
|
unknown
|
United States
|
||
36.67.23.59
|
unknown
|
Indonesia
|
||
103.41.204.169
|
unknown
|
Indonesia
|
||
85.214.67.203
|
unknown
|
Germany
|
||
83.229.80.93
|
unknown
|
United Kingdom
|
||
198.199.70.22
|
unknown
|
United States
|
||
93.104.209.107
|
unknown
|
Germany
|
||
186.250.48.5
|
unknown
|
Brazil
|
||
175.126.176.79
|
unknown
|
Korea Republic of
|
||
128.199.242.164
|
unknown
|
United Kingdom
|
||
178.238.225.252
|
unknown
|
Germany
|
||
190.145.8.4
|
unknown
|
Colombia
|
||
46.101.98.60
|
unknown
|
Netherlands
|
||
82.98.180.154
|
unknown
|
Spain
|
||
103.71.99.57
|
unknown
|
India
|
||
87.106.97.83
|
unknown
|
Germany
|
||
103.254.12.236
|
unknown
|
Viet Nam
|
||
103.85.95.4
|
unknown
|
Indonesia
|
||
202.134.4.210
|
unknown
|
Indonesia
|
||
165.22.254.236
|
unknown
|
United States
|
||
78.47.204.80
|
unknown
|
Germany
|
||
118.98.72.86
|
unknown
|
Indonesia
|
||
139.59.80.108
|
unknown
|
Singapore
|
||
104.244.79.94
|
unknown
|
United States
|
||
37.44.244.177
|
unknown
|
Germany
|
||
51.75.33.122
|
unknown
|
France
|
||
160.16.143.191
|
unknown
|
Japan
|
||
103.56.149.105
|
unknown
|
Indonesia
|
||
85.25.120.45
|
unknown
|
Germany
|
||
139.196.72.155
|
unknown
|
China
|
||
103.126.216.86
|
unknown
|
Bangladesh
|
||
128.199.217.206
|
unknown
|
United Kingdom
|
||
114.79.130.68
|
unknown
|
India
|
||
103.224.241.74
|
unknown
|
India
|
||
210.57.209.142
|
unknown
|
Indonesia
|
||
202.28.34.99
|
unknown
|
Thailand
|
||
80.211.107.116
|
unknown
|
Italy
|
||
54.37.228.122
|
unknown
|
France
|
||
218.38.121.17
|
unknown
|
Korea Republic of
|
||
185.148.169.10
|
unknown
|
Germany
|
||
195.77.239.39
|
unknown
|
Spain
|
||
178.62.112.199
|
unknown
|
European Union
|
||
62.171.178.147
|
unknown
|
United Kingdom
|
||
64.227.55.231
|
unknown
|
United States
|
||
163.172.115.127
|
www.spinbalence.com
|
United Kingdom
|
||
47.92.133.65
|
navylin.com
|
China
|
||
163.172.108.69
|
www.3d-stickers.com
|
United Kingdom
|
||
192.168.2.255
|
unknown
|
unknown
|
There are 40 hidden IPs, click here to show them.
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
FatGkw.dll
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
')/
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\65E08
|
65E08
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
%f/
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
There are 10 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
180001000
|
direct allocation
|
page execute read
|
||
1D0000
|
direct allocation
|
page execute and read and write
|
||
39A000
|
heap
|
page read and write
|
||
180001000
|
direct allocation
|
page execute read
|
||
180001000
|
direct allocation
|
page execute read
|
||
2010000
|
direct allocation
|
page execute and read and write
|
||
2BA000
|
heap
|
page read and write
|
||
2B0000
|
direct allocation
|
page execute and read and write
|
||
22C6000
|
heap
|
page read and write
|
||
22D4000
|
heap
|
page read and write
|
||
3F40000
|
heap
|
page read and write
|
||
18002F000
|
direct allocation
|
page readonly
|
||
16D000
|
heap
|
page read and write
|
||
207000
|
heap
|
page read and write
|
||
10000
|
heap
|
page read and write
|
||
21D6000
|
heap
|
page read and write
|
||
30A000
|
heap
|
page read and write
|
||
5A0000
|
heap
|
page read and write
|
||
225B000
|
heap
|
page read and write
|
||
338000
|
heap
|
page read and write
|
||
362000
|
heap
|
page read and write
|
||
2288000
|
heap
|
page read and write
|
||
10C000
|
heap
|
page read and write
|
||
259000
|
stack
|
page read and write
|
||
3B0000
|
heap
|
page read and write
|
||
364000
|
heap
|
page read and write
|
||
360000
|
heap
|
page read and write
|
||
29E000
|
heap
|
page read and write
|
||
10001000
|
unkown
|
page execute read
|
||
2E0000
|
heap
|
page read and write
|
||
2F0000
|
heap
|
page read and write
|
||
2FC8000
|
heap
|
page read and write
|
||
310000
|
trusted library allocation
|
page read and write
|
||
1C0000
|
direct allocation
|
page execute and read and write
|
||
253000
|
heap
|
page read and write
|
||
229C000
|
heap
|
page read and write
|
||
2248000
|
heap
|
page read and write
|
||
18002D000
|
direct allocation
|
page readonly
|
||
2175000
|
heap
|
page read and write
|
||
2204000
|
heap
|
page read and write
|
||
21E7000
|
heap
|
page read and write
|
||
2204000
|
heap
|
page read and write
|
||
4005000
|
heap
|
page read and write
|
||
200000
|
trusted library allocation
|
page read and write
|
||
12A000
|
heap
|
page read and write
|
||
10057000
|
unkown
|
page readonly
|
||
100BA000
|
unkown
|
page readonly
|
||
100B0000
|
unkown
|
page read and write
|
||
2227000
|
heap
|
page read and write
|
||
229B000
|
heap
|
page read and write
|
||
35A000
|
heap
|
page read and write
|
||
3F9F000
|
stack
|
page read and write
|
||
180000000
|
direct allocation
|
page read and write
|
||
165000
|
heap
|
page read and write
|
||
2F0000
|
direct allocation
|
page execute and read and write
|
||
117000
|
heap
|
page read and write
|
||
2226000
|
heap
|
page read and write
|
||
175000
|
heap
|
page read and write
|
||
2227000
|
heap
|
page read and write
|
||
436000
|
heap
|
page read and write
|
||
554000
|
heap
|
page read and write
|
||
2216000
|
heap
|
page read and write
|
||
22C4000
|
heap
|
page read and write
|
||
21DE000
|
heap
|
page read and write
|
||
2D9E000
|
stack
|
page read and write
|
||
2227000
|
heap
|
page read and write
|
||
21F6000
|
heap
|
page read and write
|
||
31A000
|
heap
|
page read and write
|
||
4E6000
|
heap
|
page read and write
|
||
100B0000
|
unkown
|
page read and write
|
||
22B6000
|
heap
|
page read and write
|
||
21D8000
|
heap
|
page read and write
|
||
2288000
|
heap
|
page read and write
|
||
22D8000
|
heap
|
page read and write
|
||
33E000
|
heap
|
page read and write
|
||
2FC0000
|
heap
|
page read and write
|
||
22A8000
|
heap
|
page read and write
|
||
D3000
|
heap
|
page read and write
|
||
359000
|
heap
|
page read and write
|
||
2561000
|
heap
|
page read and write
|
||
3A5000
|
heap
|
page read and write
|
||
1D0000
|
heap
|
page read and write
|
||
3E7000
|
heap
|
page read and write
|
||
134000
|
heap
|
page read and write
|
||
105000
|
heap
|
page read and write
|
||
2FE2000
|
heap
|
page read and write
|
||
26EF000
|
stack
|
page read and write
|
||
4009000
|
heap
|
page read and write
|
||
2D0000
|
heap
|
page read and write
|
||
2560000
|
heap
|
page read and write
|
||
1CF000
|
heap
|
page read and write
|
||
2160000
|
heap
|
page read and write
|
||
10000000
|
unkown
|
page readonly
|
||
100BA000
|
unkown
|
page readonly
|
||
3E5000
|
heap
|
page read and write
|
||
2B7000
|
heap
|
page read and write
|
||
300000
|
heap
|
page read and write
|
||
2218000
|
heap
|
page read and write
|
||
22D4000
|
heap
|
page read and write
|
||
300000
|
trusted library allocation
|
page read and write
|
||
2318000
|
heap
|
page read and write
|
||
306000
|
heap
|
page read and write
|
||
2318000
|
heap
|
page read and write
|
||
3EB000
|
heap
|
page read and write
|
||
250000
|
heap
|
page read and write
|
||
332000
|
heap
|
page read and write
|
||
10000000
|
unkown
|
page readonly
|
||
21D8000
|
heap
|
page read and write
|
||
2FDA000
|
heap
|
page read and write
|
||
2244000
|
heap
|
page read and write
|
||
21E7000
|
heap
|
page read and write
|
||
3610000
|
heap
|
page read and write
|
||
326000
|
heap
|
page read and write
|
||
214B000
|
heap
|
page read and write
|
||
3F1E000
|
stack
|
page read and write
|
||
219B000
|
heap
|
page read and write
|
||
10000
|
heap
|
page read and write
|
||
165000
|
heap
|
page read and write
|
||
2949000
|
stack
|
page read and write
|
||
2288000
|
heap
|
page read and write
|
||
4B0000
|
heap
|
page read and write
|
||
3F69000
|
heap
|
page read and write
|
||
180000
|
heap
|
page read and write
|
||
189000
|
heap
|
page read and write
|
||
16C000
|
heap
|
page read and write
|
||
7EFE0000
|
unkown
|
page readonly
|
||
352E000
|
stack
|
page read and write
|
||
2FC000
|
heap
|
page read and write
|
||
37E000
|
heap
|
page read and write
|
||
200000
|
remote allocation
|
page read and write
|
||
18A000
|
heap
|
page read and write
|
||
10000
|
heap
|
page read and write
|
||
2318000
|
heap
|
page read and write
|
||
290000
|
trusted library allocation
|
page execute and read and write
|
||
14A000
|
heap
|
page read and write
|
||
2E50000
|
heap
|
page read and write
|
||
2E6A000
|
heap
|
page read and write
|
||
2218000
|
heap
|
page read and write
|
||
3F60000
|
heap
|
page read and write
|
||
2A2E000
|
stack
|
page read and write
|
||
225B000
|
heap
|
page read and write
|
||
175000
|
heap
|
page read and write
|
||
2B4000
|
heap
|
page read and write
|
||
162000
|
heap
|
page read and write
|
||
2E4000
|
heap
|
page read and write
|
||
EE000
|
heap
|
page read and write
|
||
C9000
|
stack
|
page read and write
|
||
129000
|
heap
|
page read and write
|
||
2288000
|
heap
|
page read and write
|
||
126000
|
heap
|
page read and write
|
||
105000
|
heap
|
page read and write
|
||
250000
|
heap
|
page read and write
|
||
4E4000
|
heap
|
page read and write
|
||
2110000
|
heap
|
page read and write
|
||
347000
|
heap
|
page read and write
|
||
310000
|
remote allocation
|
page read and write
|
||
23A0000
|
heap
|
page read and write
|
||
300000
|
heap
|
page read and write
|
||
3B0000
|
heap
|
page read and write
|
||
2A6000
|
heap
|
page read and write
|
||
200000
|
remote allocation
|
page read and write
|
||
18002F000
|
direct allocation
|
page readonly
|
||
526000
|
heap
|
page read and write
|
||
DA000
|
heap
|
page read and write
|
||
1D0000
|
heap
|
page read and write
|
||
21E0000
|
heap
|
page read and write
|
||
2204000
|
heap
|
page read and write
|
||
21F4000
|
heap
|
page read and write
|
||
1CC000
|
stack
|
page read and write
|
||
194000
|
heap
|
page read and write
|
||
10E000
|
heap
|
page read and write
|
||
23A1000
|
heap
|
page read and write
|
||
2244000
|
heap
|
page read and write
|
||
2389000
|
heap
|
page read and write
|
||
244D000
|
stack
|
page read and write
|
||
10057000
|
unkown
|
page readonly
|
||
2B0000
|
heap
|
page read and write
|
||
1CD000
|
heap
|
page read and write
|
||
254000
|
heap
|
page read and write
|
||
338000
|
heap
|
page read and write
|
||
2236000
|
heap
|
page read and write
|
||
276C000
|
stack
|
page read and write
|
||
334000
|
heap
|
page read and write
|
||
340000
|
heap
|
page read and write
|
||
80000
|
heap
|
page read and write
|
||
2218000
|
heap
|
page read and write
|
||
2F40000
|
heap
|
page read and write
|
||
2244000
|
heap
|
page read and write
|
||
3F5000
|
heap
|
page read and write
|
||
140000
|
trusted library allocation
|
page read and write
|
||
100BA000
|
unkown
|
page readonly
|
||
24A1000
|
heap
|
page read and write
|
||
2390000
|
heap
|
page read and write
|
||
180000000
|
direct allocation
|
page read and write
|
||
3DC000
|
heap
|
page read and write
|
||
2EE000
|
heap
|
page read and write
|
||
2218000
|
heap
|
page read and write
|
||
35EE000
|
stack
|
page read and write
|
||
314E000
|
stack
|
page read and write
|
||
177000
|
heap
|
page read and write
|
||
1B6000
|
heap
|
page read and write
|
||
33B000
|
heap
|
page read and write
|
||
23A1000
|
heap
|
page read and write
|
||
22B7000
|
heap
|
page read and write
|
||
21D8000
|
heap
|
page read and write
|
||
3D1000
|
heap
|
page read and write
|
||
BE000
|
heap
|
page read and write
|
||
470000
|
heap
|
page read and write
|
||
27DC000
|
stack
|
page read and write
|
||
13A000
|
heap
|
page read and write
|
||
181000
|
heap
|
page read and write
|
||
2B3000
|
heap
|
page read and write
|
||
221E000
|
heap
|
page read and write
|
||
17C000
|
stack
|
page read and write
|
||
10057000
|
unkown
|
page readonly
|
||
BCF000
|
stack
|
page read and write
|
||
373E000
|
stack
|
page read and write
|
||
2288000
|
heap
|
page read and write
|
||
E7000
|
heap
|
page read and write
|
||
121000
|
heap
|
page read and write
|
||
33C000
|
heap
|
page read and write
|
||
39C000
|
heap
|
page read and write
|
||
3ED000
|
heap
|
page read and write
|
||
21E6000
|
heap
|
page read and write
|
||
2AB000
|
heap
|
page read and write
|
||
4000000
|
heap
|
page read and write
|
||
23A1000
|
heap
|
page read and write
|
||
1DB000
|
heap
|
page read and write
|
||
22A8000
|
heap
|
page read and write
|
||
238E000
|
stack
|
page read and write
|
||
180000000
|
direct allocation
|
page read and write
|
||
24A1000
|
heap
|
page read and write
|
||
10000
|
heap
|
page read and write
|
||
2FDE000
|
heap
|
page read and write
|
||
E0000
|
heap
|
page read and write
|
||
1D5000
|
heap
|
page read and write
|
||
22D4000
|
heap
|
page read and write
|
||
4A0000
|
heap
|
page read and write
|
||
12E000
|
heap
|
page read and write
|
||
460000
|
heap
|
page read and write
|
||
396000
|
heap
|
page read and write
|
||
496000
|
heap
|
page read and write
|
||
180000
|
heap
|
page read and write
|
||
3F4000
|
heap
|
page read and write
|
||
232C000
|
heap
|
page read and write
|
||
232B000
|
heap
|
page read and write
|
||
5FE000
|
stack
|
page read and write
|
||
3A0000
|
heap
|
page read and write
|
||
426000
|
heap
|
page read and write
|
||
2204000
|
heap
|
page read and write
|
||
347000
|
heap
|
page read and write
|
||
10000
|
heap
|
page read and write
|
||
80F000
|
stack
|
page read and write
|
||
24A1000
|
heap
|
page read and write
|
||
170000
|
heap
|
page read and write
|
||
2ED000
|
heap
|
page read and write
|
||
14E000
|
heap
|
page read and write
|
||
2095000
|
heap
|
page read and write
|
||
21AB000
|
heap
|
page read and write
|
||
22A8000
|
heap
|
page read and write
|
||
21A0000
|
heap
|
page read and write
|
||
345000
|
heap
|
page read and write
|
||
2244000
|
heap
|
page read and write
|
||
10000
|
heap
|
page read and write
|
||
3F0000
|
heap
|
page read and write
|
||
293C000
|
stack
|
page read and write
|
||
2F8000
|
heap
|
page read and write
|
||
18002D000
|
direct allocation
|
page readonly
|
||
23E000
|
heap
|
page read and write
|
||
100B7000
|
unkown
|
page read and write
|
||
351000
|
heap
|
page read and write
|
||
2561000
|
heap
|
page read and write
|
||
35E000
|
heap
|
page read and write
|
||
550000
|
heap
|
page read and write
|
||
2F1000
|
heap
|
page read and write
|
||
2248000
|
heap
|
page read and write
|
||
2E52000
|
heap
|
page read and write
|
||
16C000
|
heap
|
page read and write
|
||
3DD000
|
heap
|
page read and write
|
||
2170000
|
heap
|
page read and write
|
||
22D4000
|
heap
|
page read and write
|
||
EA000
|
heap
|
page read and write
|
||
16F000
|
heap
|
page read and write
|
||
2E5000
|
heap
|
page read and write
|
||
18002E000
|
direct allocation
|
page read and write
|
||
25A000
|
heap
|
page read and write
|
||
2380000
|
heap
|
page read and write
|
||
400000
|
heap
|
page read and write
|
||
21D8000
|
heap
|
page read and write
|
||
10000000
|
unkown
|
page readonly
|
||
22A6000
|
heap
|
page read and write
|
||
22AE000
|
heap
|
page read and write
|
||
28CE000
|
stack
|
page read and write
|
||
2450000
|
heap
|
page read and write
|
||
634000
|
heap
|
page read and write
|
||
3DC000
|
heap
|
page read and write
|
||
200000
|
heap
|
page read and write
|
||
303C000
|
stack
|
page read and write
|
||
1E0000
|
trusted library allocation
|
page read and write
|
||
2318000
|
heap
|
page read and write
|
||
102000
|
heap
|
page read and write
|
||
2234000
|
heap
|
page read and write
|
||
4A6000
|
heap
|
page read and write
|
||
186000
|
heap
|
page read and write
|
||
2FCA000
|
heap
|
page read and write
|
||
31E000
|
heap
|
page read and write
|
||
28BF000
|
stack
|
page read and write
|
||
2185000
|
heap
|
page read and write
|
||
22A8000
|
heap
|
page read and write
|
||
267000
|
heap
|
page read and write
|
||
393000
|
heap
|
page read and write
|
||
4F0000
|
heap
|
page read and write
|
||
3530000
|
heap
|
page read and write
|
||
460000
|
heap
|
page read and write
|
||
2B0000
|
heap
|
page read and write
|
||
1D8000
|
heap
|
page read and write
|
||
11E000
|
heap
|
page read and write
|
||
330000
|
heap
|
page read and write
|
||
115000
|
heap
|
page read and write
|
||
2080000
|
heap
|
page read and write
|
||
254000
|
heap
|
page read and write
|
||
16C000
|
stack
|
page read and write
|
||
18002F000
|
direct allocation
|
page readonly
|
||
336000
|
heap
|
page read and write
|
||
2248000
|
heap
|
page read and write
|
||
132000
|
heap
|
page read and write
|
||
3EDF000
|
stack
|
page read and write
|
||
10000
|
heap
|
page read and write
|
||
2218000
|
heap
|
page read and write
|
||
339000
|
heap
|
page read and write
|
||
1D9000
|
heap
|
page read and write
|
||
238B000
|
heap
|
page read and write
|
||
24A1000
|
heap
|
page read and write
|
||
3E4000
|
heap
|
page read and write
|
||
215E000
|
stack
|
page read and write
|
||
3F49000
|
heap
|
page read and write
|
||
3E6000
|
heap
|
page read and write
|
||
1D4000
|
heap
|
page read and write
|
||
2E58000
|
heap
|
page read and write
|
||
20CB000
|
heap
|
page read and write
|
||
18002E000
|
direct allocation
|
page read and write
|
||
2384000
|
heap
|
page read and write
|
||
2248000
|
heap
|
page read and write
|
||
335000
|
heap
|
page read and write
|
||
39D000
|
heap
|
page read and write
|
||
22B5000
|
heap
|
page read and write
|
||
5B0000
|
heap
|
page read and write
|
||
2090000
|
heap
|
page read and write
|
||
21BB000
|
heap
|
page read and write
|
||
2204000
|
heap
|
page read and write
|
||
1A0000
|
trusted library allocation
|
page execute and read and write
|
||
2D1C000
|
stack
|
page read and write
|
||
100B0000
|
unkown
|
page read and write
|
||
335000
|
heap
|
page read and write
|
||
630000
|
heap
|
page read and write
|
||
2115000
|
heap
|
page read and write
|
||
22B7000
|
heap
|
page read and write
|
||
2218000
|
heap
|
page read and write
|
||
22B7000
|
heap
|
page read and write
|
||
2180000
|
heap
|
page read and write
|
||
2190000
|
heap
|
page read and write
|
||
2248000
|
heap
|
page read and write
|
||
323E000
|
stack
|
page read and write
|
||
2388000
|
heap
|
page read and write
|
||
100B7000
|
unkown
|
page read and write
|
||
5A4000
|
heap
|
page read and write
|
||
356000
|
heap
|
page read and write
|
||
225C000
|
heap
|
page read and write
|
||
87000
|
heap
|
page read and write
|
||
39F000
|
heap
|
page read and write
|
||
2165000
|
heap
|
page read and write
|
||
2E0000
|
heap
|
page read and write
|
||
2287000
|
heap
|
page read and write
|
||
1B6000
|
heap
|
page read and write
|
||
18E000
|
heap
|
page read and write
|
||
2244000
|
heap
|
page read and write
|
||
464000
|
heap
|
page read and write
|
||
22D4000
|
heap
|
page read and write
|
||
10001000
|
unkown
|
page execute read
|
||
18002E000
|
direct allocation
|
page read and write
|
||
130000
|
direct allocation
|
page execute and read and write
|
||
5B4000
|
heap
|
page read and write
|
||
3ED000
|
heap
|
page read and write
|
||
184000
|
heap
|
page read and write
|
||
2204000
|
heap
|
page read and write
|
||
269000
|
stack
|
page read and write
|
||
100B7000
|
unkown
|
page read and write
|
||
430000
|
trusted library allocation
|
page execute and read and write
|
||
12D000
|
heap
|
page read and write
|
||
232B000
|
heap
|
page read and write
|
||
2244000
|
heap
|
page read and write
|
||
24A0000
|
heap
|
page read and write
|
||
2270000
|
heap
|
page read and write
|
||
2248000
|
heap
|
page read and write
|
||
180000
|
heap
|
page read and write
|
||
2DD0000
|
heap
|
page read and write
|
||
3F0000
|
heap
|
page read and write
|
||
2208000
|
heap
|
page read and write
|
||
21D8000
|
heap
|
page read and write
|
||
4E0000
|
heap
|
page read and write
|
||
2388000
|
heap
|
page read and write
|
||
2B7000
|
heap
|
page read and write
|
||
1D8000
|
heap
|
page read and write
|
||
3B5000
|
heap
|
page read and write
|
||
3F65000
|
heap
|
page read and write
|
||
2D60000
|
heap
|
page read and write
|
||
2561000
|
heap
|
page read and write
|
||
21E7000
|
heap
|
page read and write
|
||
2C3000
|
heap
|
page read and write
|
||
5B0000
|
heap
|
page read and write
|
||
35D000
|
heap
|
page read and write
|
||
4A4000
|
heap
|
page read and write
|
||
3ED000
|
heap
|
page read and write
|
||
310000
|
remote allocation
|
page read and write
|
||
303000
|
heap
|
page read and write
|
||
229B000
|
heap
|
page read and write
|
||
18D000
|
heap
|
page read and write
|
||
18002D000
|
direct allocation
|
page readonly
|
||
3F1000
|
heap
|
page read and write
|
||
2318000
|
heap
|
page read and write
|
||
192000
|
heap
|
page read and write
|
||
3F45000
|
heap
|
page read and write
|
||
3D1000
|
heap
|
page read and write
|
||
1CC000
|
heap
|
page read and write
|
||
ED000
|
stack
|
page read and write
|
||
22A8000
|
heap
|
page read and write
|
||
281F000
|
stack
|
page read and write
|
||
260000
|
heap
|
page read and write
|
||
22D4000
|
heap
|
page read and write
|
||
133000
|
heap
|
page read and write
|
||
10001000
|
unkown
|
page execute read
|
||
30E0000
|
heap
|
page read and write
|
||
16E000
|
heap
|
page read and write
|
||
2F6000
|
heap
|
page read and write
|
There are 424 hidden memdumps, click here to show them.