IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
initial sample
 malicious
C:\ProgramData\ECBKKKFHCF.exe
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\ProgramData\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
CSV text
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\66fe13d251bbf_lsod[1].exe
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\ProgramData\IJJKKJJDAAAA\AAAAKJ
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\IJJKKJJDAAAA\AFCBFI
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\IJJKKJJDAAAA\BAKEBA
ASCII text, with very long lines (1717), with CRLF line terminators
dropped
C:\ProgramData\IJJKKJJDAAAA\CAAKFI
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\IJJKKJJDAAAA\DAKJDH
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\IJJKKJJDAAAA\DAKJDH-shm
data
dropped
C:\ProgramData\IJJKKJJDAAAA\DHIDHI
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\IJJKKJJDAAAA\DHIDHI-shm
data
dropped
C:\ProgramData\IJJKKJJDAAAA\EBKKKE
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\ProgramData\IJJKKJJDAAAA\EGDGIE
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
dropped
C:\ProgramData\IJJKKJJDAAAA\FCAAEB
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\IJJKKJJDAAAA\GHDHDG
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\ProgramData\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ECBKKKFHCF.exe.log
CSV text
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\76561199780418869[1].htm
HTML document, Unicode text, UTF-8 text, with very long lines (3070), with CRLF, LF line terminators
dropped
C:\Users\user\AppData\Local\Temp\delays.tmp
ISO-8859 text, with very long lines (65536), with no line terminators
dropped
There are 15 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
 malicious
C:\ProgramData\ECBKKKFHCF.exe
"C:\ProgramData\ECBKKKFHCF.exe"
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\IJJKKJJDAAAA" & exit
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\timeout.exe
timeout /t 10

URLs

Name
IP
Malicious
https://mysterisop.site/api
104.21.21.3
 malicious
https://49.12.197.9/
49.12.197.9
 malicious
https://abnomalrkmu.site/api
172.67.152.190
 malicious
abnomalrkmu.site
malicious
https://steamcommunity.com/profiles/76561199724331900085;
unknown
 malicious
https://soldiefieop.site/api
188.114.96.3
 malicious
https://49.12.197.9/freebl3.dll
49.12.197.9
 malicious
https://49.12.197.9/sqlp.dll
49.12.197.9
 malicious
https://49.12.197.9/softokn3.dll
49.12.197.9
 malicious
absorptioniw.site
malicious
treatynreit.site
malicious
https://steamcommunity.com/profiles/76561199724331900
104.102.49.254
 malicious
questionsmw.stor
malicious
https://49.12.197.9/vcruntime140.dll
49.12.197.9
 malicious
https://49.12.197.9/nss3.dll
49.12.197.9
 malicious
https://49.12.197.9/mozglue.dll
49.12.197.9
 malicious
https://duckduckgo.com/chrome_newtab
unknown
https://duckduckgo.com/ac/?q=
unknown
https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp
unknown
https://steamcommunity.com/?subsection=broadcasts
unknown
http://cowod.hopto.org
unknown
https://store.steampowered.com/subscriber_agreement/
unknown
https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
unknown
https://steamcommunity.com/profiles/76561199780418869/badges
unknown
http://www.valvesoftware.com/legal.htm
unknown
https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
unknown
https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
unknown
https://gravvitywio.store/
unknown
http://cowod.hopto.org_DEBUG.zip/c
unknown
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
unknown
https://49.12.197.9
unknown
https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=HeLxjRDbQrcV&l=e
unknown
https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
unknown
http://cowod.hopto.
unknown
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
unknown
https://49.12.197.9/mozglue.dlli
unknown
https://steamcommunity.com/profiles/76561199780418869u55uhttps://t.me/ae5edMozilla/5.0
unknown
https://gravvitywio.store/apij
unknown
http://cowod.hopto
unknown
https://49.12.197.9/freebl3.dllN
unknown
http://cowod.hopto.orgBAE
unknown
https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=2ZRoxzol
unknown
https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
unknown
https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a
unknown
http://cowod.BFIIDGDGDBAE
unknown
https://t.me/ae5ed
unknown
http://www.mozilla.com/en-US/blocklist/
unknown
https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
unknown
https://mozilla.org0/
unknown
https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=fWwP
unknown
http://www.entrust.net/rpa03
unknown
http://store.steampowered.com/privacy_agreement/
unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
unknown
https://store.steampowered.com/points/shop/
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
https://www.ecosia.org/newtab/
unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
unknown
https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&a
unknown
https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
unknown
https://store.steampowered.com/privacy_agreement/
unknown
http://cowod.hopto.DGDBAE
unknown
https://absorptioniw.site/1o
unknown
https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
unknown
https://49.12.197.9FIECGD
unknown
https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
unknown
https://mysterisop.site/pi
unknown
http://cowod.hoptoGDGDBAE
unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
unknown
https://49.12.197.9/freebl3.dll#
unknown
https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
unknown
https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
unknown
https://49.12.197.9/vcruntime140.dll~
unknown
https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
unknown
https://gravvitywio.store/#
unknown
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
unknown
https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
unknown
http://crl.entrust.net/2048ca.crl0
unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
unknown
https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
unknown
https://www.entrust.net/rpa0
unknown
https://store.steampowered.com/about/
unknown
https://steamcommunity.com/my/wishlist/
unknown
https://49.12.197.9/nss3.dllp
unknown
https://49.12.197.9/sqlp.dlli
unknown
https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
unknown
http://ocsp.entrust.net03
unknown
http://ocsp.entrust.net02
unknown
https://help.steampowered.com/en/
unknown
https://steamcommunity.com/market/
unknown
https://store.steampowered.com/news/
unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
http://store.steampowered.com/subscriber_agreement/
unknown
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
unknown
https://steamcommunity.com/M:
unknown
https://treatynreit.site/apiG
unknown
https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
unknown
https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
unknown
https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
unknown
https://steamcommunity.com/profiles/76561199780418869/inventory/
unknown
https://steamcommunity.com/discussions/
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
treatynreit.site
104.21.84.18
 malicious
snarlypagowo.site
104.21.18.193
 malicious
steamcommunity.com
104.102.49.254
 malicious
questionsmw.store
172.67.208.141
 malicious
mysterisop.site
104.21.21.3
 malicious
absorptioniw.site
104.21.17.174
 malicious
abnomalrkmu.site
172.67.152.190
 malicious
cowod.hopto.org
45.132.206.251
 malicious
gravvitywio.store
104.21.16.12
 malicious
soldiefieop.site
188.114.96.3
 malicious
chorusarorp.site
unknown
 malicious
There are 1 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
49.12.197.9
unknown
Germany
malicious
104.21.84.18
treatynreit.site
United States
malicious
104.21.18.193
snarlypagowo.site
United States
malicious
104.21.17.174
absorptioniw.site
United States
malicious
104.21.21.3
mysterisop.site
United States
malicious
188.114.96.3
soldiefieop.site
European Union
malicious
104.102.49.254
steamcommunity.com
United States
malicious
172.67.208.141
questionsmw.store
United States
malicious
172.67.152.190
abnomalrkmu.site
United States
malicious
104.21.16.12
gravvitywio.store
United States
malicious
45.132.206.251
cowod.hopto.org
Russian Federation
malicious
147.45.44.104
unknown
Russian Federation
There are 2 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
{40DD6E20-7C17-11CE-A804-00AA003CA9F6} {000214EF-0000-0000-C000-000000000046} 0xFFFF

Memdumps

Base Address
Regiontype
Protect
Malicious
4195000
trusted library allocation
page read and write
 malicious
400000
remote allocation
page execute and read and write
 malicious
12A3000
heap
page read and write
 malicious
400000
remote allocation
page execute and read and write
 malicious
5D4B000
stack
page read and write
141C000
heap
page read and write
10FC000
stack
page read and write
59FE000
stack
page read and write
BD2000
heap
page read and write
19E81000
heap
page read and write
17AE000
stack
page read and write
6C885000
unkown
page readonly
56E0000
heap
page execute and read and write
1510C000
stack
page read and write
5ECE000
stack
page read and write
2032F000
direct allocation
page readonly
13F8000
heap
page read and write
58FE000
stack
page read and write
45E000
remote allocation
page execute and read and write
577E000
stack
page read and write
4A8ED000
stack
page read and write
526C000
stack
page read and write
55D000
remote allocation
page execute and read and write
59AE000
stack
page read and write
BAE000
heap
page read and write
5C7E000
stack
page read and write
1447000
heap
page read and write
1428000
heap
page read and write
1050E000
stack
page read and write
5CFE000
stack
page read and write
2A8E000
stack
page read and write
1614000
trusted library allocation
page read and write
56C0000
trusted library allocation
page read and write
181B000
trusted library allocation
page execute and read and write
CBE000
stack
page read and write
5D8E000
stack
page read and write
19FFA000
stack
page read and write
4A5AC000
stack
page read and write
9E0000
heap
page read and write
6C692000
unkown
page readonly
202EF000
direct allocation
page readonly
146B000
heap
page read and write
6C880000
unkown
page read and write
1416000
heap
page read and write
13FE000
heap
page read and write
1170000
heap
page read and write
2058B000
stack
page read and write
1840000
trusted library allocation
page read and write
17ED000
trusted library allocation
page execute and read and write
11D0000
heap
page read and write
4121000
trusted library allocation
page read and write
97C000
stack
page read and write
19DAC000
heap
page read and write
311E000
stack
page read and write
6C6A1000
unkown
page execute read
1880000
trusted library allocation
page execute and read and write
3150000
heap
page read and write
1830000
heap
page read and write
5BCE000
stack
page read and write
1810000
trusted library allocation
page read and write
1604000
trusted library allocation
page read and write
FAC000
stack
page read and write
12D0000
heap
page read and write
EBC000
stack
page read and write
5B89000
stack
page read and write
1620000
heap
page read and write
2C9E000
stack
page read and write
2A40000
heap
page read and write
20883000
heap
page read and write
1A2C7000
heap
page read and write
271F000
stack
page read and write
6C600000
unkown
page readonly
1A180000
heap
page read and write
200E0000
direct allocation
page execute and read and write
1524F000
stack
page read and write
13F2000
heap
page read and write
A60000
heap
page read and write
13CE000
stack
page read and write
147F000
heap
page read and write
1230000
heap
page read and write
13B0000
heap
page read and write
202ED000
direct allocation
page execute read
A0D0000
unclassified section
page read and write
1830000
trusted library allocation
page read and write
1220000
heap
page read and write
14C6000
heap
page read and write
2B4F000
stack
page read and write
6C67D000
unkown
page readonly
BBE000
heap
page read and write
28CC000
stack
page read and write
2B0E000
stack
page read and write
12B8D000
stack
page read and write
2032D000
direct allocation
page readonly
19EA0000
heap
page read and write
1A38C000
heap
page read and write
FE5000
heap
page read and write
3191000
trusted library allocation
page execute and read and write
10EC000
stack
page read and write
607E000
stack
page read and write
2EDE000
stack
page read and write
4191000
trusted library allocation
page read and write
6C83F000
unkown
page readonly
3123000
trusted library allocation
page read and write
180A000
trusted library allocation
page execute and read and write
1230000
heap
page read and write
1603000
trusted library allocation
page execute and read and write
4125000
trusted library allocation
page read and write
1A2E5000
heap
page read and write
63A000
remote allocation
page execute and read and write
17F0000
trusted library allocation
page read and write
CFD000
stack
page read and write
DF0000
heap
page read and write
670000
remote allocation
page execute and read and write
20246000
direct allocation
page execute read
141B000
heap
page read and write
A65000
heap
page read and write
1730000
trusted library allocation
page read and write
5FCF000
stack
page read and write
9A9E000
stack
page read and write
6C601000
unkown
page execute read
2C764000
heap
page read and write
18A0000
heap
page read and write
C5A000
heap
page read and write
12D5000
heap
page read and write
5A1000
remote allocation
page execute and read and write
267FC000
heap
page read and write
5CBE000
stack
page read and write
2BF0000
heap
page read and write
1800000
trusted library allocation
page read and write
160D000
trusted library allocation
page execute and read and write
13F0000
heap
page read and write
BE5000
heap
page read and write
1528B000
stack
page read and write
2ACF000
stack
page read and write
6C6A0000
unkown
page readonly
DD0000
unkown
page readonly
19E94000
heap
page read and write
172F000
stack
page read and write
138C000
heap
page read and write
EB2000
unkown
page readonly
1435000
heap
page read and write
5F7E000
stack
page read and write
3E5BC000
heap
page read and write
14A0000
heap
page read and write
87C000
stack
page read and write
1890000
trusted library allocation
page read and write
5E3E000
stack
page read and write
16BF000
stack
page read and write
302F000
stack
page read and write
314F000
stack
page read and write
145A000
heap
page read and write
13DD000
heap
page read and write
19D8F000
stack
page read and write
C39000
heap
page read and write
1482000
heap
page read and write
15F0000
trusted library allocation
page read and write
3A06000
heap
page read and write
1330000
heap
page read and write
1064D000
stack
page read and write
4A6AC000
stack
page read and write
1354000
heap
page read and write
200E1000
direct allocation
page execute read
D3D000
stack
page read and write
5E8F000
stack
page read and write
463000
remote allocation
page execute and read and write
173A000
trusted library allocation
page execute and read and write
B8A000
heap
page read and write
9FD0000
heap
page read and write
19E0D000
heap
page read and write
BA6000
heap
page read and write
A016000
heap
page read and write
142F000
heap
page read and write
572E000
stack
page read and write
12BCD000
stack
page read and write
3A0D000
heap
page read and write
123A000
heap
page read and write
1810000
trusted library allocation
page read and write
596F000
stack
page read and write
5DFC000
stack
page read and write
5F3F000
stack
page read and write
2930000
heap
page read and write
573E000
stack
page read and write
17EC000
stack
page read and write
17E0000
trusted library allocation
page read and write
3170000
heap
page execute and read and write
5C39000
stack
page read and write
1498000
heap
page read and write
582000
remote allocation
page execute and read and write
10EE000
stack
page read and write
15AE000
stack
page read and write
17E3000
trusted library allocation
page execute and read and write
1060F000
stack
page read and write
D70000
heap
page read and write
17D0000
trusted library allocation
page read and write
A5E000
stack
page read and write
12F8000
stack
page read and write
10F1000
stack
page read and write
1747000
trusted library allocation
page execute and read and write
1285000
heap
page read and write
1760000
trusted library allocation
page read and write
DE0000
heap
page read and write
1817000
trusted library allocation
page execute and read and write
FE0000
heap
page read and write
1800000
trusted library allocation
page execute and read and write
19EFB000
stack
page read and write
115E000
stack
page read and write
1A045000
heap
page read and write
6C87F000
unkown
page write copy
19DA0000
heap
page read and write
200E8000
direct allocation
page execute read
261E000
stack
page read and write
13B8000
heap
page read and write
15B0000
heap
page read and write
3180000
heap
page read and write
EB0000
unkown
page readonly
1514E000
stack
page read and write
536E000
stack
page read and write
1422000
heap
page read and write
3121000
trusted library allocation
page execute and read and write
87C000
stack
page read and write
582F000
stack
page read and write
2F2E000
stack
page read and write
563000
remote allocation
page execute and read and write
B40000
heap
page read and write
1600000
trusted library allocation
page read and write
5C4E000
stack
page read and write
14DA000
heap
page read and write
11BE000
stack
page read and write
C2E000
heap
page read and write
2A10000
heap
page read and write
B80000
heap
page read and write
57B0000
heap
page execute and read and write
12BE000
stack
page read and write
3193000
trusted library allocation
page read and write
17F0000
heap
page execute and read and write
17F4000
trusted library allocation
page read and write
3864F000
heap
page read and write
FB8000
stack
page read and write
5C0E000
stack
page read and write
202F8000
direct allocation
page readonly
5B3D000
stack
page read and write
19E16000
heap
page read and write
1870000
heap
page read and write
17E4000
trusted library allocation
page read and write
9F0000
heap
page read and write
19E1D000
heap
page read and write
3A00000
heap
page read and write
BEE000
heap
page read and write
14D1000
heap
page read and write
6C87E000
unkown
page read and write
17BE000
stack
page read and write
5AAF000
stack
page read and write
DD2000
unkown
page readonly
1A010000
heap
page read and write
563E000
stack
page read and write
D7C000
stack
page read and write
1610000
trusted library allocation
page read and write
20322000
direct allocation
page read and write
2C17000
heap
page read and write
1740000
trusted library allocation
page read and write
2C10000
heap
page read and write
2032A000
direct allocation
page readonly
1423000
heap
page read and write
9FE2000
heap
page read and write
174B000
trusted library allocation
page execute and read and write
6C68E000
unkown
page read and write
281D000
stack
page read and write
33DC000
trusted library allocation
page read and write
586E000
stack
page read and write
177CC000
stack
page read and write
19DCE000
heap
page read and write
2D9F000
stack
page read and write
1431000
heap
page read and write
467000
remote allocation
page execute and read and write
1A38E000
heap
page read and write
55A000
remote allocation
page execute and read and write
1320000
heap
page read and write
58BE000
stack
page read and write
1A187000
heap
page read and write
2DDD000
stack
page read and write
127E000
stack
page read and write
52BE000
stack
page read and write
1380000
heap
page read and write
1784E000
stack
page read and write
13BE000
heap
page read and write
BB9000
heap
page read and write
755E000
stack
page read and write
19DA2000
heap
page read and write
354E000
trusted library allocation
page read and write
137E000
stack
page read and write
1450000
heap
page read and write
46B000
remote allocation
page execute and read and write
187E000
stack
page read and write
5A8E000
stack
page read and write
19DBC000
heap
page read and write
291E000
stack
page read and write
326DC000
heap
page read and write
There are 287 hidden memdumps, click here to show them.