IOC Report
stealc.exe

FilesProcessesURLsDomainsIPsRegistryMemdumps108642010010Label

Files

File Path
Type
Category
Malicious
Download
stealc.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\ProgramData\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\ProgramData\AAFIIJDAAAAKFHIDAAAK
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\BAKKEGCAAECAAAKFBGIE
ASCII text, with very long lines (1769), with CRLF line terminators
dropped
C:\ProgramData\DHJEBGIEBFIJKEBFBFHIJJKEHD
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\EBGIDGCAFCBKECAAKJJK
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\JJECGCBG
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
dropped
C:\ProgramData\KFIDBAFH
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\KJDGDBFBGIDGIEBGHCGIECGIEC
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\ProgramData\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2697cd3c-2761-417b-8be7-f1314138e7a8.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\45b912c7-6c7f-4e85-86f1-c7bb6210fdd1.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\89ec39bc-1618-4f45-82b6-cf0305daf1df.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\98bd1d10-a3ae-45dd-99f7-aac69ce846e7.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67927116-1184.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67927117-92C.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2716d.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2717d.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF27ecb.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF27eda.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ce1dd0f8-2b30-4071-baf4-48086af9f398.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\freebl3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\mozglue[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\msvcp140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\nss3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\softokn3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\vcruntime140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\json[1].json
JSON data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite-shm
data
dropped
Chrome Cache Entry: 88
ASCII text, with very long lines (881)
downloaded
Chrome Cache Entry: 89
ASCII text, with very long lines (2410)
downloaded
Chrome Cache Entry: 90
ASCII text
downloaded
Chrome Cache Entry: 91
ASCII text, with very long lines (65531)
downloaded
Chrome Cache Entry: 92
ASCII text, with very long lines (1395)
downloaded
Chrome Cache Entry: 93
ASCII text, with very long lines (5162), with no line terminators
downloaded
Chrome Cache Entry: 94
SVG Scalable Vector Graphics image
downloaded
There are 35 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\stealc.exe
"C:\Users\user\Desktop\stealc.exe"
malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 --field-trial-handle=2120,i,712041766712867269,16720389069040149745,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=""
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2592 --field-trial-handle=2196,i,9538881808703018127,2029094337250757078,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=2044,i,13794491626622212872,2979911544646662699,262144 /prefetch:3
malicious
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\user\Desktop\stealc.exe" & del "C:\ProgramData\*.dll"" & exit
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\timeout.exe
timeout /t 5

URLs

Name
IP
Malicious
https://blackangel.dev/
64.95.13.166
malicious
https://blackangel.dev/c262c2557c712ca5/msvcp140.dll
64.95.13.166
malicious
https://blackangel.dev/c262c2557c712ca5/nss3.dll
64.95.13.166
malicious
https://blackangel.dev/c262c2557c712ca5/mozglue.dll
64.95.13.166
malicious
https://blackangel.dev/c262c2557c712ca5/sqlite3.dll
64.95.13.166
malicious
https://blackangel.dev/4c0eeee3a4b86b26.php
64.95.13.166
malicious
https://blackangel.dev/c262c2557c712ca5/softokn3.dll
64.95.13.166
malicious
https://blackangel.dev/c262c2557c712ca5/freebl3.dll
64.95.13.166
malicious
https://blackangel.dev
unknown
malicious
https://blackangel.dev/c262c2557c712ca5/vcruntime140.dll
64.95.13.166
malicious
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0
unknown
https://duckduckgo.com/chrome_newtab
unknown
https://duckduckgo.com/ac/?q=
unknown
http://www.broofa.com
unknown
https://blackangel.dev/4c0eeee3a4b86b26.phpP
unknown
https://blackangel.dev/f
unknown
https://blackangel.dev/4c0eeee3a4b86b26.phpV
unknown
https://blackangel.dev/4c0eeee3a4b86b26.phpW
unknown
https://blackangel.dev/X
unknown
https://blackangel.dev/ography
unknown
https://blackangel.devata
unknown
https://blackangel.dev/c262c2557c712ca5/vcruntime140.dllJ
unknown
https://blackangel.dev/q
unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
unknown
https://blackangel.dev/eJ-
unknown
https://blackangel.dev/4c0eeee3a4b86b26.phpk
unknown
https://blackangel.dev/E
unknown
https://blackangel.dev/c262c2557c712ca5/nss3.dllVfA
unknown
https://blackangel.dev/he?
unknown
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.l2ZUC8FxqV8.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9xAAkaXO7Lqf7-9uTpZLtrkpWaXQ/cb=gapi.loaded_0
142.250.185.78
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
unknown
https://blackangel.dev/c262c2557c712ca5/nss3.dllV
unknown
https://blackangel.dev/c262c2557c712ca5/sqlite3.dll.ey
unknown
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
216.58.212.132
https://apis.google.com
unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLK
unknown
https://domains.google.com/suggest/flow
unknown
http://www.sqlite.org/copyright.html.
unknown
https://blackangel.dev/allowedCert_OS_1
unknown
https://blackangel.dev/c262c2557c712ca5/softokn3.dllPd
unknown
http://www.mozilla.com/en-US/blocklist/
unknown
https://blackangel.dev/#
unknown
https://mozilla.org0/
unknown
https://blackangel.dev/%
unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
unknown
https://blackangel.dev/OG
unknown
https://blackangel.dev/c262c2557c712ca5/sqlite3.dll2fe
unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.
unknown
https://blackangel.dev/c262c2557c712ca5/nss3.dlldll
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
https://www.google.com/async/newtab_promos
216.58.212.132
https://blackangel.dev/3
unknown
https://blackangel.dev/4c0eeee3a4b86b26.php733f412223041e9f7d0961784c98
unknown
https://blackangel.dev/ws
unknown
https://www.ecosia.org/newtab/
unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
unknown
https://blackangel.dev/-
unknown
https://plus.google.com
unknown
https://ac.ecosia.org/autocomplete?q=
unknown
https://www.google.com/async/ddljson?async=ntp:2
216.58.212.132
https://blackangel.dev/4c0eeee3a4b86b26.php/
unknown
https://blackangel.dev/c262c2557c712ca5/nss3.dlldll.
unknown
https://play.google.com/log?format=json&hasfast=true
unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
216.58.212.132
https://blackangel.dev/4c0eeee3a4b86b26.phpdge
unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
unknown
https://blackangel.dev/c262c2557c712ca5/msvcp140.dllKEA
unknown
https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqWfpl%2B4pbW4pbWfpbW7ReNxR3UIG8zInwYIFIVs9e
unknown
https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
unknown
https://blackangel.dev/4c0eeee3a4b86b26.php1jj
unknown
https://support.mozilla.org
unknown
https://blackangel.dev4c0eeee3a4b86b26.phpdge
unknown
https://blackangel.dev/c262c2557c712ca5/mozglue.dllDeS
unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
unknown
https://clients6.google.com
unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&cta
unknown
There are 68 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
blackangel.dev
64.95.13.166
malicious
plus.l.google.com
142.250.185.78
play.google.com
142.250.185.206
www.google.com
216.58.212.132
apis.google.com
unknown

IPs

IP
Domain
Country
Malicious
192.168.2.7
unknown
unknown
malicious
64.95.13.166
blackangel.dev
United States
malicious
142.250.185.78
plus.l.google.com
United States
216.58.212.132
www.google.com
United States
239.255.255.250
unknown
Reserved
127.0.0.1
unknown
unknown

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Left
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Top
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
There are 3 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
Download
86E000
heap
page read and write
malicious
BEB000
unkown
page readonly
malicious
BEB000
unkown
page readonly
malicious
33B0000
heap
page read and write
9B4A000
heap
page read and write
95E9000
heap
page read and write
95DF000
heap
page read and write
8E8000
heap
page read and write
9603000
heap
page read and write
8E2000
heap
page read and write
95E7000
heap
page read and write
BF7000
unkown
page write copy
95DF000
heap
page read and write
9603000
heap
page read and write
95E8000
heap
page read and write
9BD7000
heap
page read and write
61EB4000
direct allocation
page read and write
31C0000
heap
page read and write
2BFE000
stack
page read and write
3270000
remote allocation
page read and write
9777000
heap
page read and write
88C000
heap
page read and write
6CD50000
unkown
page readonly
95F4000
heap
page read and write
2BBF000
stack
page read and write
9772000
heap
page read and write
95F4000
heap
page read and write
95DA000
heap
page read and write
8D2000
heap
page read and write
987E000
heap
page read and write
9760000
heap
page read and write
95DF000
heap
page read and write
95E8000
heap
page read and write
9BCF000
heap
page read and write
96D0000
heap
page read and write
9D7000
heap
page read and write
95E8000
heap
page read and write
95DF000
heap
page read and write
6CF2E000
unkown
page read and write
97E2000
heap
page read and write
30CC000
stack
page read and write
924000
heap
page read and write
9A1E000
stack
page read and write
8E1000
heap
page read and write
9603000
heap
page read and write
95F5000
heap
page read and write
925000
heap
page read and write
9B7C000
stack
page read and write
95E7000
heap
page read and write
6CF35000
unkown
page readonly
F50000
heap
page read and write
97E5000
heap
page read and write
61ED4000
direct allocation
page readonly
9606000
heap
page read and write
8D2000
heap
page read and write
E0A000
unkown
page readonly
9B1E000
stack
page read and write
3551000
heap
page read and write
95E8000
heap
page read and write
96C0000
heap
page read and write
5EE000
stack
page read and write
95E7000
heap
page read and write
9600000
heap
page read and write
946000
heap
page read and write
95DF000
heap
page read and write
61E01000
direct allocation
page execute read
2D3E000
stack
page read and write
97C0000
heap
page read and write
9603000
heap
page read and write
5E7000
stack
page read and write
BAE000
stack
page read and write
107AB000
stack
page read and write
70172000
unkown
page readonly
9603000
heap
page read and write
95DF000
heap
page read and write
C75000
unkown
page read and write
95E8000
heap
page read and write
BC0000
unkown
page readonly
9606000
heap
page read and write
95F1000
heap
page read and write
2E8E000
stack
page read and write
FAE000
stack
page read and write
BC1000
unkown
page execute read
95CE000
heap
page read and write
95E7000
heap
page read and write
9BDF000
heap
page read and write
6CF30000
unkown
page read and write
850000
heap
page read and write
5E2000
stack
page read and write
9603000
heap
page read and write
95F1000
heap
page read and write
95C5000
heap
page read and write
8E2000
heap
page read and write
95E8000
heap
page read and write
95E2000
heap
page read and write
3270000
remote allocation
page read and write
4B0E000
stack
page read and write
95DF000
heap
page read and write
975B000
heap
page read and write
7015D000
unkown
page readonly
9683000
heap
page read and write
95F1000
heap
page read and write
61E00000
direct allocation
page execute and read and write
340E000
stack
page read and write
95D7000
heap
page read and write
92C000
heap
page read and write
2DEC000
stack
page read and write
8E1000
heap
page read and write
95E7000
heap
page read and write
FD0000
heap
page read and write
927000
heap
page read and write
3270000
remote allocation
page read and write
95E7000
heap
page read and write
95C0000
trusted library allocation
page read and write
33B7000
heap
page read and write
321E000
stack
page read and write
9603000
heap
page read and write
9848000
heap
page read and write
9603000
heap
page read and write
95E7000
heap
page read and write
95E2000
heap
page read and write
C44000
unkown
page read and write
840000
heap
page read and write
95DF000
heap
page read and write
9671000
heap
page read and write
E0A000
unkown
page readonly
9D7000
heap
page read and write
33AF000
stack
page read and write
3540000
heap
page read and write
108AC000
stack
page read and write
95FC000
heap
page read and write
95F5000
heap
page read and write
9BDD000
heap
page read and write
95F5000
heap
page read and write
6CF2F000
unkown
page write copy
9766000
heap
page read and write
95E7000
heap
page read and write
4C10000
heap
page read and write
95F7000
heap
page read and write
320F000
stack
page read and write
9B40000
heap
page read and write
95FE000
heap
page read and write
8C5000
heap
page read and write
95E3000
heap
page read and write
4EB000
stack
page read and write
92C000
heap
page read and write
9606000
heap
page read and write
86A000
heap
page read and write
106BC000
heap
page read and write
8E2000
heap
page read and write
95C0000
heap
page read and write
94D000
heap
page read and write
4B4F000
stack
page read and write
303C000
stack
page read and write
9880000
heap
page read and write
9674000
heap
page read and write
95FF000
heap
page read and write
95F1000
heap
page read and write
95CC000
heap
page read and write
F4E000
stack
page read and write
9882000
heap
page read and write
31B0000
heap
page read and write
95FB000
heap
page read and write
95F5000
heap
page read and write
8E8000
heap
page read and write
97E0000
heap
page read and write
61EB7000
direct allocation
page readonly
2FCE000
stack
page read and write
3551000
heap
page read and write
8E8000
heap
page read and write
9710000
heap
page read and write
860000
heap
page read and write
31AE000
stack
page read and write
95CE000
heap
page read and write
BC1000
unkown
page execute read
8C4000
heap
page read and write
922000
heap
page read and write
3652000
heap
page read and write
94D000
heap
page read and write
9D7000
heap
page read and write
8E1000
heap
page read and write
61ECC000
direct allocation
page read and write
9603000
heap
page read and write
975D000
heap
page read and write
960B000
heap
page read and write
9D0000
heap
page read and write
9730000
heap
page read and write
95E8000
heap
page read and write
2F8F000
stack
page read and write
8E8000
heap
page read and write
3550000
heap
page read and write
6CD51000
unkown
page execute read
95E7000
heap
page read and write
FDC000
heap
page read and write
BC0000
unkown
page readonly
D27000
unkown
page read and write
95E7000
heap
page read and write
8D2000
heap
page read and write
8E5000
heap
page read and write
7016E000
unkown
page read and write
94B000
heap
page read and write
95E8000
heap
page read and write
95DD000
heap
page read and write
9B30000
trusted library allocation
page read and write
700E0000
unkown
page readonly
3090000
heap
page read and write
3551000
heap
page read and write
61ECD000
direct allocation
page readonly
2CFF000
stack
page read and write
95F4000
heap
page read and write
E4D000
stack
page read and write
95C0000
trusted library allocation
page read and write
105FB000
stack
page read and write
3551000
heap
page read and write
61ED3000
direct allocation
page read and write
924000
heap
page read and write
61ED0000
direct allocation
page read and write
32AE000
stack
page read and write
350E000
stack
page read and write
8DB000
heap
page read and write
6CEEF000
unkown
page readonly
97C0000
trusted library allocation
page read and write
95DC000
heap
page read and write
DF8000
unkown
page read and write
700E1000
unkown
page execute read
C8C000
unkown
page read and write
9D5000
heap
page read and write
8E2000
heap
page read and write
9603000
heap
page read and write
9BD7000
heap
page read and write
8E5000
heap
page read and write
97CD000
heap
page read and write
95FF000
heap
page read and write
3650000
trusted library allocation
page read and write
95F4000
heap
page read and write
99D000
stack
page read and write
FD3000
heap
page read and write
2E3F000
stack
page read and write
96F0000
heap
page read and write
9D7000
heap
page read and write
311D000
stack
page read and write
8B2000
heap
page read and write
106A0000
heap
page read and write
976E000
heap
page read and write
92F000
heap
page read and write
8C4000
heap
page read and write
95CC000
heap
page read and write
8D2000
heap
page read and write
BF7000
unkown
page write copy
95F5000
heap
page read and write
95E4000
heap
page read and write
8E2000
heap
page read and write
There are 242 hidden memdumps, click here to show them.