IOC Report
random.exe

loading gifFilesProcessesURLsDomainsIPsRegistryMemdumps642010010Label

Files

File Path
Type
Category
Malicious
Download
random.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\ProgramData\AFBKKFBAEGDHJJJJKFBK
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\CFIECFIJDAAKEBGCGHIEBAKFBK
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\DGDBFBFCBFBKECAAKJKF
ASCII text, with very long lines (1717), with CRLF line terminators
modified
C:\ProgramData\FIJDGIJJ
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\GIJJKFCGDGHDHIECGCBKEBFIEG
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\IIEHJKJJ
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
dropped
C:\ProgramData\KKECFIEBGCAKJKECGCFI
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\ProgramData\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\415bd236-7eea-40d0-8e04-37189ac951ca.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\5672b977-f4d3-49b7-9323-106ed9405839.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\74654764-9f81-423f-a681-4192eaf5ff6b.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67928E7F-1FD4.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF38f70.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF38f7f.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF39ee1.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF39ef0.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c6955fed-b9cf-41f8-ae1e-0c5299d18af5.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c8354923-3c10-430f-b75e-fb5f4abe4cb1.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\freebl3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\mozglue[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\msvcp140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\nss3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\softokn3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\vcruntime140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\json[1].json
JSON data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm
data
dropped
Chrome Cache Entry: 90
ASCII text, with very long lines (869)
downloaded
Chrome Cache Entry: 91
ASCII text
downloaded
Chrome Cache Entry: 92
ASCII text, with very long lines (65531)
downloaded
Chrome Cache Entry: 93
ASCII text, with very long lines (65531)
downloaded
There are 31 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\random.exe
"C:\Users\user\Desktop\random.exe"
malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 --field-trial-handle=2000,i,4050168269701777740,16737877777387184251,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=""
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2500 --field-trial-handle=2232,i,7956878243946744101,2440705188154104413,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=2004,i,12831764087461894123,4261452385602701126,262144 /prefetch:3
malicious

URLs

Name
IP
Malicious
http://185.215.113.206/68b591d6548ec281/freebl3.dllN
unknown
malicious
http://185.215.113.206/c4becf79229cb002.php$B
unknown
malicious
http://185.215.113.206/68b591d6548ec281/nss3.dll&
unknown
malicious
http://185.215.113.206/68b591d6548ec281/freebl3.dlln
unknown
malicious
http://185.215.113.206/68b591d6548ec281/softokn3.dll
185.215.113.206
https://duckduckgo.com/chrome_newtab
unknown
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
185.215.113.206
http://185.215.113.206/c4becf79229cb002.phpY
unknown
https://duckduckgo.com/ac/?q=
unknown
http://185.215.113.206/
185.215.113.206
http://185.215.113.206/68b591d6548ec281/msvcp140.dll=
unknown
http://185.215.113.206/c4becf79229cb002.phpb
unknown
http://185.215.113.206/c4becf79229cb002.phpe
unknown
http://185.215.113.206/68b591d6548ec281/msvcp140.dll.
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dllll
unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dll.
unknown
http://185.215.113.206/c4becf79229cb002.phpm
unknown
http://185.215.113.206/68b591d6548ec281/sqlite3.dll
185.215.113.206
https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
unknown
http://185.215.113.206/c4becf79229cb002.phpJkBL
unknown
http://185.215.113.206/c4becf79229cb002.phpation
unknown
http://185.215.113.206/68b591d6548ec281/freebl3.dll
185.215.113.206
http://185.215.113.206/c4becf79229cb002.phpware
unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dll
185.215.113.206
http://185.215.113.206/68b591d6548ec281/mozglue.dll
185.215.113.206
http://185.215.113.206/68b591d6548ec281/mozglue.dllB
unknown
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
142.250.181.228
http://185.215.113.206ta
unknown
http://185.215.113.206/lIL
unknown
http://www.sqlite.org/copyright.html.
unknown
http://www.mozilla.com/en-US/blocklist/
unknown
https://mozilla.org0/
unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
unknown
http://185.215.113.206/68b591d6548ec281/msvcp140.dll
185.215.113.206
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
unknown
http://185.215.113.206/c4becf79229cb002.php
185.215.113.206
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
https://www.google.com/async/newtab_promos
142.250.181.228
http://185.215.113.206/c4becf79229cb002.php-
unknown
http://185.215.113.206/c4becf79229cb002.php3
unknown
https://www.ecosia.org/newtab/
unknown
http://185.215.113.206/c4becf79229cb002.php1
unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
unknown
https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
unknown
http://185.215.113.206/c4becf79229cb002.php8B1
unknown
http://185.215.113.206/c4becf79229cb002.php5
unknown
https://ac.ecosia.org/autocomplete?q=
unknown
https://www.google.com/async/ddljson?async=ntp:2
142.250.181.228
http://185.215.113.206/68b591d6548ec281/sqlite3.dllP
unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
142.250.181.228
http://185.215.113.206/c4becf79229cb002.phpata
unknown
http://185.215.113.206/c4becf79229cb002.phpoge
unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
unknown
http://185.215.113.206AKK
unknown
https://support.mozilla.org
unknown
http://185.215.113.206
unknown
http://185.215.113.206/c4becf79229cb002.phpion:
unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
unknown
http://185.215.113.206/c4becf79229cb002.phpU
unknown
There are 55 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
www.google.com
142.250.181.228
206.23.85.13.in-addr.arpa
unknown

IPs

IP
Domain
Country
Malicious
185.215.113.206
unknown
Portugal
malicious
192.168.2.6
unknown
unknown
malicious
239.255.255.250
unknown
Reserved
142.250.181.228
www.google.com
United States
127.0.0.1
unknown
unknown

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Left
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Top
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
There are 3 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
Download
150E000
heap
page read and write
malicious
52C0000
direct allocation
page read and write
malicious
7A1000
unkown
page execute and read and write
malicious
C123000
heap
page read and write
32DE000
stack
page read and write
4E31000
heap
page read and write
4BDE000
stack
page read and write
5DA4000
heap
page read and write
61ED0000
direct allocation
page read and write
4E31000
heap
page read and write
6C971000
unkown
page execute read
5DBC000
heap
page read and write
5D81000
heap
page read and write
5D9B000
heap
page read and write
4E31000
heap
page read and write
6CBAF000
unkown
page readonly
7A0000
unkown
page readonly
123C000
stack
page read and write
C8A000
unkown
page execute and write copy
4E31000
heap
page read and write
15D6000
heap
page read and write
5D8B000
heap
page read and write
5D9A000
heap
page read and write
BEED000
heap
page read and write
4E31000
heap
page read and write
6C970000
unkown
page readonly
1460000
heap
page read and write
5DC0000
heap
page read and write
86C000
unkown
page execute and read and write
5D97000
heap
page read and write
1586000
heap
page read and write
6C9ED000
unkown
page readonly
5DC0000
heap
page read and write
3090000
heap
page read and write
5DC0000
heap
page read and write
33DF000
stack
page read and write
4E31000
heap
page read and write
4E31000
heap
page read and write
15F8000
heap
page read and write
5DC0000
heap
page read and write
6CA02000
unkown
page readonly
855000
unkown
page execute and read and write
5D9F000
heap
page read and write
4E31000
heap
page read and write
5DA1000
heap
page read and write
4E31000
heap
page read and write
61EB4000
direct allocation
page read and write
5D6D000
stack
page read and write
4E1F000
stack
page read and write
5D8B000
heap
page read and write
4E20000
direct allocation
page read and write
5270000
trusted library allocation
page read and write
5DA5000
heap
page read and write
5DA4000
heap
page read and write
5DA5000
heap
page read and write
4E20000
direct allocation
page read and write
4E31000
heap
page read and write
5D92000
heap
page read and write
4E31000
heap
page read and write
5DBC000
heap
page read and write
4E31000
heap
page read and write
365F000
stack
page read and write
61ECD000
direct allocation
page readonly
3DDF000
stack
page read and write
369E000
stack
page read and write
301E000
stack
page read and write
4E31000
heap
page read and write
4E20000
direct allocation
page read and write
4E20000
direct allocation
page read and write
5D8B000
heap
page read and write
BEAD000
heap
page read and write
329F000
stack
page read and write
6CBEE000
unkown
page read and write
5DB2000
heap
page read and write
5DBC000
heap
page read and write
4E31000
heap
page read and write
4E20000
direct allocation
page read and write
5DC0000
heap
page read and write
455E000
stack
page read and write
5D70000
heap
page read and write
BE11000
heap
page read and write
5DBC000
heap
page read and write
5DB8000
heap
page read and write
5D8C000
heap
page read and write
4E50000
heap
page read and write
1380000
heap
page read and write
BE1B000
heap
page read and write
4E31000
heap
page read and write
4E20000
direct allocation
page read and write
7A0000
unkown
page read and write
41DE000
stack
page read and write
391E000
stack
page read and write
4E31000
heap
page read and write
3CDE000
stack
page read and write
4E31000
heap
page read and write
5D8B000
heap
page read and write
319F000
stack
page read and write
5D7F000
heap
page read and write
56BF000
stack
page read and write
4E31000
heap
page read and write
5D9D000
heap
page read and write
5DBB000
heap
page read and write
540F000
stack
page read and write
BE40000
heap
page read and write
4E31000
heap
page read and write
4E31000
heap
page read and write
4E31000
heap
page read and write
5DA5000
heap
page read and write
355E000
stack
page read and write
4E31000
heap
page read and write
9EA000
unkown
page write copy
4E31000
heap
page read and write
4E31000
heap
page read and write
5D9F000
heap
page read and write
5D9D000
heap
page read and write
5DA5000
heap
page read and write
61ECC000
direct allocation
page read and write
C8A000
unkown
page execute and read and write
557F000
stack
page read and write
C134000
heap
page read and write
4E20000
direct allocation
page read and write
341E000
stack
page read and write
38DF000
stack
page read and write
4A9E000
stack
page read and write
1569000
heap
page read and write
4E31000
heap
page read and write
5DA2000
heap
page read and write
4E31000
heap
page read and write
4E31000
heap
page read and write
4E31000
heap
page read and write
4E20000
direct allocation
page read and write
6CBF5000
unkown
page readonly
5DBC000
heap
page read and write
5D9D000
heap
page read and write
5DA5000
heap
page read and write
5DBC000
heap
page read and write
5DA5000
heap
page read and write
173D000
stack
page read and write
4E31000
heap
page read and write
5DA9000
heap
page read and write
4E31000
heap
page read and write
4E31000
heap
page read and write
4B9F000
stack
page read and write
5DA4000
heap
page read and write
3B5F000
stack
page read and write
4E31000
heap
page read and write
409E000
stack
page read and write
5DC0000
heap
page read and write
1597000
heap
page read and write
5DB2000
heap
page read and write
5D8B000
heap
page read and write
5D9F000
heap
page read and write
4E31000
heap
page read and write
15D2000
heap
page read and write
4E31000
heap
page read and write
5420000
direct allocation
page execute and read and write
4E31000
heap
page read and write
4E31000
heap
page read and write
4E31000
heap
page read and write
5D9F000
heap
page read and write
C8B000
unkown
page execute and write copy
419F000
stack
page read and write
7A1000
unkown
page execute and write copy
4E31000
heap
page read and write
5DBC000
heap
page read and write
5D9F000
heap
page read and write
61EB7000
direct allocation
page readonly
5D81000
heap
page read and write
61E00000
direct allocation
page execute and read and write
5D9D000
heap
page read and write
469F000
stack
page read and write
5DC0000
heap
page read and write
4E31000
heap
page read and write
5D99000
heap
page read and write
5DA1000
heap
page read and write
5DA3000
heap
page read and write
5DA5000
heap
page read and write
3B9E000
stack
page read and write
BE16000
heap
page read and write
5D8B000
heap
page read and write
3F5E000
stack
page read and write
42DF000
stack
page read and write
598D000
stack
page read and write
1500000
heap
page read and write
4E31000
heap
page read and write
3097000
heap
page read and write
4E31000
heap
page read and write
4E8B000
heap
page read and write
4E20000
direct allocation
page read and write
4E31000
heap
page read and write
183E000
stack
page read and write
4E31000
heap
page read and write
BEF7000
heap
page read and write
5D9A000
heap
page read and write
C13C000
heap
page read and write
BE28000
heap
page read and write
5DA8000
heap
page read and write
584E000
stack
page read and write
4E31000
heap
page read and write
305C000
stack
page read and write
4D1E000
stack
page read and write
5D82000
heap
page read and write
379F000
stack
page read and write
4E20000
direct allocation
page read and write
6CBF0000
unkown
page read and write
4E31000
heap
page read and write
5D9D000
heap
page read and write
5DC0000
heap
page read and write
5BCD000
stack
page read and write
3E1E000
stack
page read and write
56FE000
stack
page read and write
C7C000
unkown
page execute and read and write
5DC0000
heap
page read and write
5460000
direct allocation
page execute and read and write
BE10000
trusted library allocation
page read and write
5D89000
heap
page read and write
4E31000
heap
page read and write
BE60000
heap
page read and write
5D8B000
heap
page read and write
1338000
stack
page read and write
4E31000
heap
page read and write
4E31000
heap
page read and write
4E31000
heap
page read and write
4E31000
heap
page read and write
46DE000
stack
page read and write
4E31000
heap
page read and write
5D9F000
heap
page read and write
14DE000
stack
page read and write
BF7D000
stack
page read and write
4E31000
heap
page read and write
6CBEF000
unkown
page write copy
5DC0000
heap
page read and write
BE10000
trusted library allocation
page read and write
1555000
heap
page read and write
C131000
heap
page read and write
5DB2000
heap
page read and write
5DC0000
heap
page read and write
4E31000
heap
page read and write
5450000
direct allocation
page execute and read and write
5DA1000
heap
page read and write
5A8C000
stack
page read and write
824000
unkown
page execute and read and write
61E01000
direct allocation
page execute read
1509000
heap
page read and write
4E31000
heap
page read and write
1470000
heap
page read and write
491F000
stack
page read and write
594F000
stack
page read and write
BE80000
heap
page read and write
309B000
heap
page read and write
4E31000
heap
page read and write
5D9F000
heap
page read and write
5DA5000
heap
page read and write
9EA000
unkown
page read and write
BE10000
heap
page read and write
47DF000
stack
page read and write
5DBB000
heap
page read and write
3060000
heap
page read and write
16FF000
stack
page read and write
530B000
stack
page read and write
5DC0000
heap
page read and write
4E31000
heap
page read and write
9D8000
unkown
page execute and read and write
52C0000
direct allocation
page read and write
4A5F000
stack
page read and write
5D8B000
heap
page read and write
5D82000
heap
page read and write
5DC0000
heap
page read and write
5DA5000
heap
page read and write
4E31000
heap
page read and write
445D000
stack
page read and write
61ED3000
direct allocation
page read and write
C090000
trusted library allocation
page read and write
BECD000
heap
page read and write
1333000
stack
page read and write
5440000
direct allocation
page execute and read and write
5DB2000
heap
page read and write
5EA0000
trusted library allocation
page read and write
4E31000
heap
page read and write
3C9F000
stack
page read and write
5DC0000
heap
page read and write
5DC0000
heap
page read and write
5D9F000
heap
page read and write
4E31000
heap
page read and write
5D76000
heap
page read and write
52C0000
direct allocation
page read and write
5430000
direct allocation
page execute and read and write
9EC000
unkown
page execute and read and write
57FF000
stack
page read and write
5DC0000
heap
page read and write
5D9C000
heap
page read and write
5DC0000
heap
page read and write
5DBD000
heap
page read and write
3F1F000
stack
page read and write
5DA5000
heap
page read and write
5D93000
heap
page read and write
61ED4000
direct allocation
page readonly
4E31000
heap
page read and write
5DA7000
heap
page read and write
BE22000
heap
page read and write
4E20000
direct allocation
page read and write
459E000
stack
page read and write
3A1F000
stack
page read and write
405F000
stack
page read and write
E26000
unkown
page execute and write copy
5DBD000
heap
page read and write
BF10000
trusted library allocation
page read and write
5DA1000
heap
page read and write
5450000
direct allocation
page execute and read and write
5DC0000
heap
page read and write
4E31000
heap
page read and write
4E31000
heap
page read and write
5DB2000
heap
page read and write
4E20000
direct allocation
page read and write
441F000
stack
page read and write
3070000
heap
page read and write
4E30000
heap
page read and write
309E000
heap
page read and write
5C6D000
stack
page read and write
C07F000
stack
page read and write
3A5E000
stack
page read and write
5DB2000
heap
page read and write
4E31000
heap
page read and write
495E000
stack
page read and write
5D8B000
heap
page read and write
5DA7000
heap
page read and write
5D93000
heap
page read and write
5DC0000
heap
page read and write
5D9F000
heap
page read and write
4E31000
heap
page read and write
5D97000
heap
page read and write
5DB2000
heap
page read and write
4E31000
heap
page read and write
5DC0000
heap
page read and write
C72000
unkown
page execute and read and write
5D92000
heap
page read and write
37DE000
stack
page read and write
5DA5000
heap
page read and write
52C0000
direct allocation
page read and write
BE20000
heap
page read and write
545E000
stack
page read and write
5D9C000
heap
page read and write
1475000
heap
page read and write
4E31000
heap
page read and write
4E31000
heap
page read and write
5D9F000
heap
page read and write
5DA5000
heap
page read and write
5D9F000
heap
page read and write
5DBC000
heap
page read and write
4E31000
heap
page read and write
C4B000
unkown
page execute and read and write
5EA5000
heap
page read and write
4E31000
heap
page read and write
15DB000
heap
page read and write
4E36000
heap
page read and write
907000
unkown
page execute and read and write
E25000
unkown
page execute and read and write
5DA4000
heap
page read and write
4E31000
heap
page read and write
6CA10000
unkown
page readonly
55BE000
stack
page read and write
5ACE000
stack
page read and write
4E40000
heap
page read and write
B62000
unkown
page execute and read and write
4E31000
heap
page read and write
5470000
direct allocation
page execute and read and write
C12B000
heap
page read and write
4E31000
heap
page read and write
5DA5000
heap
page read and write
6C9FE000
unkown
page read and write
4CDF000
stack
page read and write
431E000
stack
page read and write
5D81000
heap
page read and write
4E20000
direct allocation
page read and write
351F000
stack
page read and write
6CA11000
unkown
page execute read
481E000
stack
page read and write
5D97000
heap
page read and write
4E20000
direct allocation
page read and write
5DA5000
heap
page read and write
5D89000
heap
page read and write
There are 371 hidden memdumps, click here to show them.