IOC Report
zR4aIjCuRs.exe

loading gif

Files

File Path
Type
Category
Malicious
zR4aIjCuRs.exe
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
initial sample
 malicious
C:\ProgramData\remcos\logs.dat
data
dropped
 malicious
C:\Users\user\AppData\Roaming\determinationens\Wanderlustful\svageliges\Falkespors.Var
ASCII text, with very long lines (3209), with CRLF, LF line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\determinationens\Wanderlustful\svageliges\zR4aIjCuRs.exe
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
dropped
 malicious
C:\Users\user\AppData\Roaming\determinationens\Wanderlustful\svageliges\zR4aIjCuRs.exe:Zone.Identifier
ASCII text, with CRLF line terminators
dropped
 malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_msiexec.exe_6cf0e4ec34412705f7c7679452dd618a68a4ad_6bd5dc59_60d14e17-1202-42d6-adc8-8c198509b060\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_msiexec.exe_7999b5829bb6649a4591b7178c861d362cefd5f_6bd5dc59_c269668f-8d0f-4b43-9053-87429be6c60a\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6A76.tmp.dmp
Mini DuMP crash report, 14 streams, Sun Oct 6 09:47:46 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6B13.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6B33.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREB82.tmp.dmp
Mini DuMP crash report, 14 streams, Sun Oct 6 09:47:13 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREC8C.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERECCC.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
modified
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0sffczvd.ngz.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_edvwaufn.oq1.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hshqsjft.zq2.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xcnbu3an.5pv.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Roaming\determinationens\Wanderlustful\svageliges\Ensuable47.haa
data
dropped
C:\Users\user\AppData\Roaming\determinationens\Wanderlustful\svageliges\Kastepils.paa
data
dropped
C:\Users\user\AppData\Roaming\determinationens\Wanderlustful\svageliges\Klitoriser51.adm
data
dropped
C:\Users\user\AppData\Roaming\determinationens\Wanderlustful\svageliges\Loquaciousness.Acc
data
dropped
C:\Users\user\AppData\Roaming\determinationens\Wanderlustful\svageliges\gangsterfilmen.sky
data
dropped
C:\Users\user\AppData\Roaming\determinationens\Wanderlustful\svageliges\stoejdelen.aud
data
dropped
There are 14 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\zR4aIjCuRs.exe
"C:\Users\user\Desktop\zR4aIjCuRs.exe"
 malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" -windowstyle hidden "$Sudadero=Get-Content -Raw 'C:\Users\user\AppData\Roaming\determinationens\Wanderlustful\svageliges\Falkespors.Var';$Maalkastets=$Sudadero.SubString(54266,3);.$Maalkastets($Sudadero) "
malicious
C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\syswow64\msiexec.exe"
 malicious
C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\syswow64\msiexec.exe"
 malicious
C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\syswow64\msiexec.exe"
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Tragacanth" /t REG_EXPAND_SZ /d "%forenamed% -windowstyle 1 $Rico36=(gp -Path 'HKCU:\Software\Bistratose\').Funklet114;%forenamed% ($Rico36)"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Tragacanth" /t REG_EXPAND_SZ /d "%forenamed% -windowstyle 1 $Rico36=(gp -Path 'HKCU:\Software\Bistratose\').Funklet114;%forenamed% ($Rico36)"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 2324
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 1068
There are 1 hidden processes, click here to show them.

URLs

Name
IP
Malicious
q92harbu03.duckdns.org
malicious
http://pesterbdd.com/images/Pester.png4
unknown
https://github.com/Pester/Pester4
unknown
https://simonastolerciuc.ro/M
unknown
https://simonastolerciuc.ro/images/vnlXriHFWaBU97.binqH
unknown
http://nuget.org/NuGet.exe
unknown
https://simonastolerciuc.ro/images/vnlXriHFWaBU97.bin
85.120.16.93
http://pesterbdd.com/images/Pester.png
unknown
https://aka.ms/pscore6lB
unknown
http://www.apache.org/licenses/LICENSE-2.0.html
unknown
http://crl.microsof
unknown
https://contoso.com/
unknown
https://nuget.org/nuget.exe
unknown
https://contoso.com/License
unknown
https://simonastolerciuc.ro/images/vnlXriHFWaBU97.binreinsEsrblog.ervadegato.com.br/vnlXriHFWaBU97.b
unknown
https://contoso.com/Icon
unknown
http://www.quovadis.bm0
unknown
http://nsis.sf.net/NSIS_ErrorError
unknown
https://ocsp.quovadisoffshore.com0
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://simonastolerciuc.ro/
unknown
http://www.apache.org/licenses/LICENSE-2.0.html4
unknown
https://github.com/Pester/Pester
unknown
There are 13 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
janbours92harbu04.duckdns.org
45.74.58.7
 malicious
janbours92harbu03.duckdns.org
192.169.69.26
 malicious
janbours92harbu007.duckdns.org
unknown
 malicious
simonastolerciuc.ro
85.120.16.93

IPs

IP
Domain
Country
Malicious
192.169.69.26
janbours92harbu03.duckdns.org
United States
malicious
45.74.58.7
janbours92harbu04.duckdns.org
United States
malicious
85.120.16.93
simonastolerciuc.ro
Romania

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Bistratose
Funklet114
HKEY_CURRENT_USER\Environment
forenamed
HKEY_CURRENT_USER\SOFTWARE\Rmc-MK0QHY
exepath
HKEY_CURRENT_USER\SOFTWARE\Rmc-MK0QHY
licence
HKEY_CURRENT_USER\SOFTWARE\Rmc-MK0QHY
time
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Tragacanth
\REGISTRY\A\{fa7cea42-2a1b-3455-61c0-84033543b2c1}\Root\InventoryApplicationFile\msiexec.exe|3f28dab03ad0bd04
ProgramId
\REGISTRY\A\{fa7cea42-2a1b-3455-61c0-84033543b2c1}\Root\InventoryApplicationFile\msiexec.exe|3f28dab03ad0bd04
FileId
\REGISTRY\A\{fa7cea42-2a1b-3455-61c0-84033543b2c1}\Root\InventoryApplicationFile\msiexec.exe|3f28dab03ad0bd04
LowerCaseLongPath
\REGISTRY\A\{fa7cea42-2a1b-3455-61c0-84033543b2c1}\Root\InventoryApplicationFile\msiexec.exe|3f28dab03ad0bd04
LongPathHash
\REGISTRY\A\{fa7cea42-2a1b-3455-61c0-84033543b2c1}\Root\InventoryApplicationFile\msiexec.exe|3f28dab03ad0bd04
Name
\REGISTRY\A\{fa7cea42-2a1b-3455-61c0-84033543b2c1}\Root\InventoryApplicationFile\msiexec.exe|3f28dab03ad0bd04
OriginalFileName
\REGISTRY\A\{fa7cea42-2a1b-3455-61c0-84033543b2c1}\Root\InventoryApplicationFile\msiexec.exe|3f28dab03ad0bd04
Publisher
\REGISTRY\A\{fa7cea42-2a1b-3455-61c0-84033543b2c1}\Root\InventoryApplicationFile\msiexec.exe|3f28dab03ad0bd04
Version
\REGISTRY\A\{fa7cea42-2a1b-3455-61c0-84033543b2c1}\Root\InventoryApplicationFile\msiexec.exe|3f28dab03ad0bd04
BinFileVersion
\REGISTRY\A\{fa7cea42-2a1b-3455-61c0-84033543b2c1}\Root\InventoryApplicationFile\msiexec.exe|3f28dab03ad0bd04
BinaryType
\REGISTRY\A\{fa7cea42-2a1b-3455-61c0-84033543b2c1}\Root\InventoryApplicationFile\msiexec.exe|3f28dab03ad0bd04
ProductName
\REGISTRY\A\{fa7cea42-2a1b-3455-61c0-84033543b2c1}\Root\InventoryApplicationFile\msiexec.exe|3f28dab03ad0bd04
ProductVersion
\REGISTRY\A\{fa7cea42-2a1b-3455-61c0-84033543b2c1}\Root\InventoryApplicationFile\msiexec.exe|3f28dab03ad0bd04
LinkDate
\REGISTRY\A\{fa7cea42-2a1b-3455-61c0-84033543b2c1}\Root\InventoryApplicationFile\msiexec.exe|3f28dab03ad0bd04
BinProductVersion
\REGISTRY\A\{fa7cea42-2a1b-3455-61c0-84033543b2c1}\Root\InventoryApplicationFile\msiexec.exe|3f28dab03ad0bd04
AppxPackageFullName
\REGISTRY\A\{fa7cea42-2a1b-3455-61c0-84033543b2c1}\Root\InventoryApplicationFile\msiexec.exe|3f28dab03ad0bd04
AppxPackageRelativeId
\REGISTRY\A\{fa7cea42-2a1b-3455-61c0-84033543b2c1}\Root\InventoryApplicationFile\msiexec.exe|3f28dab03ad0bd04
Size
\REGISTRY\A\{fa7cea42-2a1b-3455-61c0-84033543b2c1}\Root\InventoryApplicationFile\msiexec.exe|3f28dab03ad0bd04
Language
\REGISTRY\A\{fa7cea42-2a1b-3455-61c0-84033543b2c1}\Root\InventoryApplicationFile\msiexec.exe|3f28dab03ad0bd04
IsOsComponent
\REGISTRY\A\{fa7cea42-2a1b-3455-61c0-84033543b2c1}\Root\InventoryApplicationFile\msiexec.exe|3f28dab03ad0bd04
Usn
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
0018C00E24D2A1F0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
DeviceTicket
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
DeviceId
There are 21 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
A9BD000
direct allocation
page execute and read and write
 malicious
6A22000
heap
page read and write
 malicious
6A07000
heap
page read and write
 malicious
6A11000
heap
page read and write
 malicious
6A5C000
heap
page read and write
 malicious
6AD000
stack
page read and write
8D70000
trusted library allocation
page read and write
8D80000
trusted library allocation
page read and write
21C00000
direct allocation
page read and write
222F0000
unkown
page readonly
95000
stack
page read and write
4D01000
trusted library allocation
page read and write
7417000
heap
page read and write
742000
heap
page read and write
7C10000
trusted library allocation
page read and write
578B000
trusted library allocation
page read and write
21A11000
heap
page read and write
224A0000
direct allocation
page read and write
2D47000
heap
page read and write
88EC000
heap
page read and write
400000
unkown
page readonly
408000
unkown
page readonly
228EB000
stack
page read and write
47A000
unkown
page readonly
462000
unkown
page readonly
7395000
heap
page read and write
6940000
direct allocation
page read and write
5F1D000
trusted library allocation
page read and write
7B80000
heap
page read and write
66D000
stack
page read and write
21B40000
direct allocation
page read and write
82D0000
direct allocation
page read and write
88DF000
heap
page read and write
69A8000
heap
page read and write
8944000
heap
page read and write
22620000
remote allocation
page read and write
567D000
remote allocation
page execute and read and write
6774000
heap
page read and write
6770000
heap
page read and write
73A0000
heap
page read and write
401000
unkown
page execute read
2258E000
stack
page read and write
2C70000
heap
page read and write
21B90000
direct allocation
page read and write
76E000
stack
page read and write
8C11000
trusted library allocation
page read and write
70D0000
heap
page read and write
6A5000
heap
page read and write
5DE000
stack
page read and write
408000
unkown
page readonly
2265E000
stack
page read and write
7C40000
trusted library allocation
page read and write
5478000
trusted library allocation
page read and write
828E000
stack
page read and write
21A11000
heap
page read and write
21C40000
direct allocation
page read and write
8C15000
trusted library allocation
page read and write
8A5A000
heap
page read and write
7C00000
trusted library allocation
page read and write
6F90000
direct allocation
page read and write
43F000
unkown
page read and write
401000
unkown
page execute read
2CF0000
remote allocation
page execute and read and write
6A67000
heap
page read and write
6FE0000
direct allocation
page read and write
6DFE000
stack
page read and write
74B000
heap
page read and write
8820000
trusted library allocation
page read and write
8BE0000
direct allocation
page read and write
743000
heap
page read and write
2FC0000
trusted library section
page read and write
3010000
trusted library allocation
page read and write
BDBD000
direct allocation
page execute and read and write
3050000
trusted library allocation
page execute and read and write
2A60000
heap
page read and write
431000
unkown
page read and write
8FC0000
trusted library allocation
page execute and read and write
2FF0000
heap
page read and write
893B000
heap
page read and write
2292E000
stack
page read and write
2296C000
stack
page read and write
8FF000
stack
page read and write
455000
unkown
page readonly
6774000
heap
page read and write
86F4000
stack
page read and write
22490000
direct allocation
page read and write
3260000
trusted library allocation
page read and write
87E0000
trusted library allocation
page execute and read and write
300A000
trusted library allocation
page execute and read and write
69EA000
heap
page read and write
4818000
trusted library allocation
page read and write
8EE0000
trusted library allocation
page read and write
221F0000
heap
page read and write
6FA0000
direct allocation
page read and write
777D000
stack
page read and write
7D20000
trusted library allocation
page read and write
620000
heap
page read and write
2269F000
stack
page read and write
21FDE000
stack
page read and write
25E0000
heap
page read and write
600000
heap
page read and write
8810000
trusted library allocation
page read and write
CEB0000
trusted library allocation
page read and write
693E000
unkown
page read and write
6950000
heap
page read and write
4840000
trusted library allocation
page read and write
6B4000
heap
page read and write
C7BD000
direct allocation
page execute and read and write
5D01000
trusted library allocation
page read and write
780000
heap
page read and write
708000
heap
page read and write
40A000
unkown
page write copy
6EC5000
heap
page execute and read and write
AFE000
stack
page read and write
6DBB000
stack
page read and write
584B000
trusted library allocation
page read and write
6FC0000
direct allocation
page read and write
5861000
trusted library allocation
page read and write
2216E000
stack
page read and write
6F70000
direct allocation
page read and write
7000000
direct allocation
page read and write
5877000
trusted library allocation
page read and write
3067000
heap
page read and write
2960000
heap
page read and write
697A000
heap
page read and write
8AB7000
heap
page read and write
295F000
stack
page read and write
8BD0000
direct allocation
page read and write
8A94000
heap
page read and write
6A26000
heap
page read and write
8D60000
trusted library allocation
page execute and read and write
47F000
unkown
page readonly
49AE000
stack
page read and write
8923000
heap
page read and write
3012000
trusted library allocation
page read and write
76D0000
trusted library allocation
page read and write
2FD0000
trusted library allocation
page read and write
7C70000
trusted library allocation
page read and write
30000
heap
page read and write
4839000
heap
page read and write
625000
heap
page read and write
3030000
trusted library allocation
page read and write
6A1B000
heap
page read and write
49B0000
heap
page read and write
893F000
heap
page read and write
21C30000
direct allocation
page read and write
452000
unkown
page readonly
3760000
heap
page read and write
6F60000
direct allocation
page read and write
21B50000
direct allocation
page read and write
879D000
stack
page read and write
73C5000
heap
page read and write
6F20000
direct allocation
page read and write
7483000
heap
page read and write
2F60000
heap
page read and write
225CF000
stack
page read and write
21BD0000
direct allocation
page read and write
4580000
trusted library allocation
page read and write
768F000
stack
page read and write
7CBC000
stack
page read and write
894C000
heap
page read and write
2FE4000
trusted library allocation
page read and write
46B000
unkown
page readonly
427D000
remote allocation
page execute and read and write
2253F000
stack
page read and write
2239F000
stack
page read and write
9FBD000
direct allocation
page execute and read and write
3363000
heap
page read and write
360F000
unkown
page read and write
228AE000
stack
page read and write
21A20000
heap
page read and write
73E000
heap
page read and write
268E000
stack
page read and write
2FED000
trusted library allocation
page execute and read and write
462000
unkown
page readonly
824F000
unkown
page read and write
2FF0000
trusted library allocation
page read and write
6F40000
direct allocation
page read and write
2B70000
heap
page read and write
46B000
unkown
page readonly
3886000
heap
page read and write
73D5000
heap
page read and write
3300000
heap
page read and write
22020000
heap
page read and write
730E000
stack
page read and write
27CE000
stack
page read and write
69F9000
heap
page read and write
7BD0000
trusted library allocation
page read and write
6F50000
direct allocation
page read and write
93F0000
heap
page read and write
224B0000
direct allocation
page read and write
6F00000
direct allocation
page read and write
850000
heap
page read and write
492C000
stack
page read and write
226B0000
heap
page read and write
69ED000
heap
page read and write
22A6D000
stack
page read and write
47F000
unkown
page readonly
436000
unkown
page read and write
7471000
heap
page read and write
32FD000
stack
page read and write
6860000
heap
page read and write
22A2F000
stack
page read and write
22AAF000
stack
page read and write
21A00000
direct allocation
page read and write
8A62000
heap
page read and write
224FE000
stack
page read and write
3771000
heap
page read and write
6A26000
heap
page read and write
88B0000
direct allocation
page execute and read and write
740E000
heap
page read and write
6FF0000
direct allocation
page read and write
8BCD000
stack
page read and write
7C20000
trusted library allocation
page read and write
733000
heap
page read and write
8EF0000
trusted library allocation
page read and write
21C20000
direct allocation
page read and write
4E57000
trusted library allocation
page read and write
3882000
heap
page read and write
8D50000
trusted library allocation
page read and write
2D3A000
heap
page read and write
897E000
heap
page read and write
452000
unkown
page readonly
7CC0000
trusted library allocation
page execute and read and write
21B70000
direct allocation
page read and write
2201E000
stack
page read and write
59E000
stack
page read and write
6A22000
heap
page read and write
3340000
heap
page read and write
75D0000
heap
page execute and read and write
7C30000
trusted library allocation
page read and write
741B000
heap
page read and write
8ED0000
trusted library allocation
page read and write
7BC0000
trusted library allocation
page read and write
22620000
remote allocation
page read and write
2286D000
stack
page read and write
3060000
heap
page read and write
21BF0000
direct allocation
page read and write
7F200000
trusted library allocation
page execute and read and write
69E7000
heap
page read and write
7402000
heap
page read and write
19A000
stack
page read and write
748D000
heap
page read and write
2968000
stack
page read and write
6EE0000
direct allocation
page read and write
28F1000
unkown
page readonly
227EC000
stack
page read and write
76F0000
trusted library allocation
page read and write
464000
unkown
page readonly
5EF0000
trusted library allocation
page read and write
5856000
trusted library allocation
page read and write
6A5C000
heap
page read and write
6B0000
heap
page read and write
7BF0000
trusted library allocation
page read and write
21B60000
direct allocation
page read and write
226B1000
heap
page read and write
74A1000
heap
page read and write
291E000
stack
page read and write
7370000
trusted library allocation
page read and write
4860000
heap
page execute and read and write
607D000
remote allocation
page execute and read and write
3886000
heap
page read and write
66E000
stack
page read and write
742D000
heap
page read and write
7399000
heap
page read and write
891D000
heap
page read and write
95BD000
direct allocation
page execute and read and write
2EE0000
heap
page read and write
6960000
direct allocation
page read and write
29F0000
heap
page read and write
229ED000
stack
page read and write
21B10000
direct allocation
page read and write
2D18000
heap
page read and write
8A21000
heap
page read and write
73DD000
heap
page read and write
3040000
heap
page readonly
2FE3000
trusted library allocation
page execute and read and write
2968000
heap
page read and write
700000
heap
page read and write
6F30000
direct allocation
page read and write
764E000
stack
page read and write
455000
unkown
page readonly
2235E000
stack
page read and write
6FD0000
direct allocation
page read and write
6A9000
heap
page read and write
22480000
direct allocation
page read and write
3771000
heap
page read and write
40A000
unkown
page read and write
87DE000
stack
page read and write
8FF0000
heap
page read and write
6D7D000
stack
page read and write
438000
unkown
page read and write
69BB000
heap
page read and write
2D10000
heap
page read and write
8F6E000
stack
page read and write
7390000
heap
page read and write
4540000
heap
page read and write
76E0000
trusted library allocation
page execute and read and write
6956000
heap
page read and write
6D3F000
stack
page read and write
5490000
trusted library allocation
page read and write
5D29000
trusted library allocation
page read and write
7CD0000
trusted library allocation
page read and write
6A0000
heap
page read and write
9430000
direct allocation
page execute and read and write
548E000
trusted library allocation
page read and write
2E7D000
remote allocation
page execute and read and write
9FF000
stack
page read and write
88D0000
heap
page read and write
4D63000
trusted library allocation
page read and write
48EE000
stack
page read and write
2282C000
stack
page read and write
2FF9000
trusted library allocation
page read and write
B3BD000
direct allocation
page execute and read and write
6A67000
heap
page read and write
73E1000
heap
page read and write
22620000
remote allocation
page read and write
6F80000
direct allocation
page read and write
7C60000
trusted library allocation
page read and write
229AF000
stack
page read and write
75F000
heap
page read and write
22301000
unkown
page readonly
2FB0000
trusted library section
page read and write
82E0000
direct allocation
page read and write
6FB0000
direct allocation
page read and write
6ED0000
direct allocation
page read and write
21B30000
direct allocation
page read and write
2C7B000
stack
page read and write
2212C000
stack
page read and write
21C10000
direct allocation
page read and write
6850000
heap
page readonly
7F218000
trusted library allocation
page execute and read and write
28CF000
stack
page read and write
3347000
heap
page read and write
364E000
stack
page read and write
49B7000
heap
page read and write
278F000
stack
page read and write
8D40000
trusted library allocation
page read and write
6A5C000
heap
page read and write
8958000
heap
page read and write
73F000
heap
page read and write
4830000
heap
page read and write
7590000
heap
page read and write
7C50000
trusted library allocation
page read and write
72E000
stack
page read and write
8B8E000
stack
page read and write
7404000
heap
page read and write
8A3E000
heap
page read and write
3886000
heap
page read and write
2A30000
heap
page read and write
3890000
heap
page read and write
6A67000
heap
page read and write
586C000
trusted library allocation
page read and write
3015000
trusted library allocation
page execute and read and write
4C7D000
remote allocation
page execute and read and write
22440000
heap
page read and write
475000
unkown
page readonly
400000
unkown
page readonly
496E000
stack
page read and write
21B80000
direct allocation
page read and write
76CE000
stack
page read and write
387D000
remote allocation
page execute and read and write
2F4D000
stack
page read and write
6E3D000
stack
page read and write
7419000
heap
page read and write
21BE0000
direct allocation
page read and write
6EC0000
heap
page execute and read and write
292C000
stack
page read and write
7BE0000
trusted library allocation
page read and write
3367000
heap
page read and write
464000
unkown
page readonly
89A7000
heap
page read and write
8954000
heap
page read and write
2FE0000
trusted library allocation
page read and write
47A000
unkown
page readonly
69C2000
heap
page read and write
21BA0000
direct allocation
page read and write
2CBA000
stack
page read and write
5E0000
heap
page read and write
21A10000
heap
page read and write
2FCE000
unkown
page read and write
374F000
stack
page read and write
220EE000
stack
page read and write
48AE000
stack
page read and write
734F000
stack
page read and write
475000
unkown
page readonly
6970000
heap
page read and write
21BB0000
direct allocation
page read and write
44F000
unkown
page read and write
221AE000
stack
page read and write
28E0000
unkown
page readonly
82CE000
stack
page read and write
21BC0000
direct allocation
page read and write
8C20000
trusted library allocation
page execute and read and write
88C0000
heap
page read and write
6F10000
direct allocation
page read and write
89F7000
trusted library allocation
page read and write
CEE9000
trusted library allocation
page read and write
8A11000
heap
page read and write
5D6E000
trusted library allocation
page read and write
3880000
heap
page read and write
8FAD000
stack
page read and write
There are 392 hidden memdumps, click here to show them.