IOC Report
b4s45TboUL.exe

loading gif

Files

File Path
Type
Category
Malicious
b4s45TboUL.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\ProgramData\Google\Chrome\updater.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\ProgramData\HIIDGCGCBF.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_b4s45TboUL.exe_a589bf60d6b7d122a21ee24c88f3e8c47bc93e3_7b0b69e2_79af984d-a0ed-4b6e-97d7-779edc4d5bb2\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
 malicious
C:\ProgramData\chrome.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\chrome_131[1].exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Windows\System32\drivers\etc\hosts
ASCII text, with CRLF line terminators
dropped
 malicious
C:\ProgramData\CFIEGDAE
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\CGIEGHJEGHJKFIEBFHJK
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7631.tmp.dmp
Mini DuMP crash report, 14 streams, Wed Oct 30 18:47:23 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER778A.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER77BA.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER77D7.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7826.tmp.txt
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_btz1cm3s.gov.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hicgsr5n.sig.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mni3cizy.z3i.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xcsmj2lc.25h.psm1
ASCII text, with no line terminators
dropped
C:\Windows\appcompat\Programs\Amcache.hve
MS Windows registry file, NT/2000 or above
dropped
There are 10 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\b4s45TboUL.exe
"C:\Users\user\Desktop\b4s45TboUL.exe"
 malicious
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\ProgramData\HIIDGCGCBF.exe"
 malicious
C:\ProgramData\HIIDGCGCBF.exe
"C:\ProgramData\HIIDGCGCBF.exe"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
malicious
C:\Windows\System32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
 malicious
C:\Windows\System32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
 malicious
C:\Windows\System32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
 malicious
C:\Windows\System32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
 malicious
C:\Windows\System32\sc.exe
C:\Windows\system32\sc.exe stop bits
 malicious
C:\Windows\System32\sc.exe
C:\Windows\system32\sc.exe stop dosvc
 malicious
C:\Windows\System32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
 malicious
C:\Windows\System32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
 malicious
C:\Windows\System32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
 malicious
C:\Windows\System32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
 malicious
C:\Windows\System32\sc.exe
C:\Windows\system32\sc.exe delete "GoogleUpdateTaskMachineQC"
 malicious
C:\Windows\System32\sc.exe
C:\Windows\system32\sc.exe create "GoogleUpdateTaskMachineQC" binpath= "C:\ProgramData\Google\Chrome\updater.exe" start= "auto"
 malicious
C:\Windows\System32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
 malicious
C:\Windows\System32\sc.exe
C:\Windows\system32\sc.exe start "GoogleUpdateTaskMachineQC"
 malicious
C:\ProgramData\Google\Chrome\updater.exe
C:\ProgramData\Google\Chrome\updater.exe
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 6556 -ip 6556
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6556 -s 2568
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 30 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://45.91.200.39/cb9cc10e175e1537/sqlite3.dll
45.91.200.39
 malicious
http://45.91.200.39/eaa194fa594ff9c2.php
45.91.200.39
 malicious
http://45.91.200.39/
45.91.200.39
 malicious
http://45.91.200.39
unknown
 malicious
https://duckduckgo.com/chrome_newtab
unknown
http://45.91.200.39/eaa194fa594ff9c2.phpp
unknown
https://duckduckgo.com/ac/?q=
unknown
https://gosp.clinicavertigen.com/-
unknown
https://gosp.clinicavertigen.com/tmpp/chrome_131.exe
87.106.236.48
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
unknown
http://45.91.200.39/eaa194fa594ff9c2.php4
unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Ed1aWxkV
unknown
https://docs.rs/getrandom#nodejs-es-module-support
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
http://45.91.200.39/eaa194fa594ff9c2.php1f9a9c4a2f8b514.cdf-ms
unknown
http://45.91.200.396
unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17mluIFdhbGxldHxmbmpobWtoaG1rYm
unknown
https://www.ecosia.org/newtab/
unknown
http://45.91.200.39/eaa194fa594ff9c2.php~1.d
unknown
http://45.91.200.39/4e
unknown
https://gosp.clinicavertigen.com/tmpp/chrome_131.exeac
unknown
https://ac.ecosia.org/autocomplete?q=
unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
unknown
https://gosp.clinicavertigen.com/#
unknown
http://45.91.200.39/eaa194fa594ff9c2.phpsition:
unknown
https://gosp.clinicavertigen.com/pData
unknown
https://gosp.clinicavertigen.com/tmpp/chrome_131.exen
unknown
http://45.91.200.39/cb9cc10e175e1537/sqlite3.dllqKo
unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
unknown
http://www.sqlite.org/copyright.html.
unknown
https://gosp.clinicavertigen.com/
unknown
http://45.91.200.39FHDHDA
unknown
There are 25 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
198.187.3.20.in-addr.arpa
unknown
 malicious
gosp.clinicavertigen.com
87.106.236.48

IPs

IP
Domain
Country
Malicious
45.91.200.39
unknown
Netherlands
malicious
87.106.236.48
gosp.clinicavertigen.com
Germany

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT
DontOfferThroughWUAU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\6556
Terminator
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\6556
Reason
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\6556
CreationTime
\REGISTRY\A\{efbdb663-780a-45b7-fe92-86be7852bddb}\Root\InventoryApplicationFile\b4s45tboul.exe|25af72beca59b0d2
ProgramId
\REGISTRY\A\{efbdb663-780a-45b7-fe92-86be7852bddb}\Root\InventoryApplicationFile\b4s45tboul.exe|25af72beca59b0d2
FileId
\REGISTRY\A\{efbdb663-780a-45b7-fe92-86be7852bddb}\Root\InventoryApplicationFile\b4s45tboul.exe|25af72beca59b0d2
LowerCaseLongPath
\REGISTRY\A\{efbdb663-780a-45b7-fe92-86be7852bddb}\Root\InventoryApplicationFile\b4s45tboul.exe|25af72beca59b0d2
LongPathHash
\REGISTRY\A\{efbdb663-780a-45b7-fe92-86be7852bddb}\Root\InventoryApplicationFile\b4s45tboul.exe|25af72beca59b0d2
Name
\REGISTRY\A\{efbdb663-780a-45b7-fe92-86be7852bddb}\Root\InventoryApplicationFile\b4s45tboul.exe|25af72beca59b0d2
OriginalFileName
\REGISTRY\A\{efbdb663-780a-45b7-fe92-86be7852bddb}\Root\InventoryApplicationFile\b4s45tboul.exe|25af72beca59b0d2
Publisher
\REGISTRY\A\{efbdb663-780a-45b7-fe92-86be7852bddb}\Root\InventoryApplicationFile\b4s45tboul.exe|25af72beca59b0d2
Version
\REGISTRY\A\{efbdb663-780a-45b7-fe92-86be7852bddb}\Root\InventoryApplicationFile\b4s45tboul.exe|25af72beca59b0d2
BinFileVersion
\REGISTRY\A\{efbdb663-780a-45b7-fe92-86be7852bddb}\Root\InventoryApplicationFile\b4s45tboul.exe|25af72beca59b0d2
BinaryType
\REGISTRY\A\{efbdb663-780a-45b7-fe92-86be7852bddb}\Root\InventoryApplicationFile\b4s45tboul.exe|25af72beca59b0d2
ProductName
\REGISTRY\A\{efbdb663-780a-45b7-fe92-86be7852bddb}\Root\InventoryApplicationFile\b4s45tboul.exe|25af72beca59b0d2
ProductVersion
\REGISTRY\A\{efbdb663-780a-45b7-fe92-86be7852bddb}\Root\InventoryApplicationFile\b4s45tboul.exe|25af72beca59b0d2
LinkDate
\REGISTRY\A\{efbdb663-780a-45b7-fe92-86be7852bddb}\Root\InventoryApplicationFile\b4s45tboul.exe|25af72beca59b0d2
BinProductVersion
\REGISTRY\A\{efbdb663-780a-45b7-fe92-86be7852bddb}\Root\InventoryApplicationFile\b4s45tboul.exe|25af72beca59b0d2
AppxPackageFullName
\REGISTRY\A\{efbdb663-780a-45b7-fe92-86be7852bddb}\Root\InventoryApplicationFile\b4s45tboul.exe|25af72beca59b0d2
AppxPackageRelativeId
\REGISTRY\A\{efbdb663-780a-45b7-fe92-86be7852bddb}\Root\InventoryApplicationFile\b4s45tboul.exe|25af72beca59b0d2
Size
\REGISTRY\A\{efbdb663-780a-45b7-fe92-86be7852bddb}\Root\InventoryApplicationFile\b4s45tboul.exe|25af72beca59b0d2
Language
\REGISTRY\A\{efbdb663-780a-45b7-fe92-86be7852bddb}\Root\InventoryApplicationFile\b4s45tboul.exe|25af72beca59b0d2
Usn
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
TickCount
There are 15 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
95E000
heap
page read and write
 malicious
2490000
direct allocation
page execute and read and write
 malicious
2570000
direct allocation
page read and write
 malicious
400000
unkown
page execute and read and write
 malicious
25999B70000
heap
page read and write
199B32E0000
direct allocation
page read and write
D72F27F000
stack
page read and write
199B32E0000
direct allocation
page read and write
22C3EAE0000
heap
page read and write
20EF5000
heap
page read and write
4C40B7D000
stack
page read and write
2480000
heap
page read and write
1751E090000
heap
page read and write
BBA3BFF000
stack
page read and write
1751DD48000
heap
page read and write
199B3320000
heap
page read and write
1874B6D0000
heap
page read and write
950000
heap
page read and write
22C3EF02000
heap
page read and write
22C3EC73000
heap
page read and write
1AF60000
trusted library allocation
page read and write
21ACE000
stack
page read and write
840B8ED000
stack
page read and write
25999BA0000
heap
page read and write
2206C000
stack
page read and write
22C3EF13000
heap
page read and write
7FF757D10000
unkown
page readonly
199B32E0000
direct allocation
page read and write
21AA5E30000
heap
page read and write
20EDA000
heap
page read and write
7FF7583F3000
unkown
page read and write
22C3EC2B000
heap
page read and write
29830160000
heap
page read and write
20EEC000
heap
page read and write
1751DCF0000
heap
page read and write
1B000C90000
heap
page read and write
1AE60000
heap
page read and write
199B30C0000
heap
page read and write
B9373FF000
stack
page read and write
29830167000
heap
page read and write
7FF68DB1B000
unkown
page readonly
7FF68CBB5000
unkown
page write copy
22C3ED15000
trusted library allocation
page read and write
192000
stack
page read and write
1AE61000
heap
page read and write
22C3EF02000
heap
page read and write
22C3ED00000
trusted library allocation
page read and write
199B32E0000
direct allocation
page read and write
7745CDD000
stack
page read and write
7FF758738000
unkown
page execute and read and write
22C3EE00000
heap
page read and write
199B30F0000
heap
page read and write
631000
unkown
page execute and read and write
1B6767D0000
heap
page read and write
26AE000
stack
page read and write
A096E7F000
stack
page read and write
1ED23800000
heap
page read and write
2330000
direct allocation
page execute and read and write
1874B6D8000
heap
page read and write
61EB4000
direct allocation
page read and write
BBA3B7D000
stack
page read and write
22C3EC11000
unkown
page read and write
1B676BC5000
heap
page read and write
1751DD20000
heap
page read and write
7FF68CBA1000
unkown
page execute read
272D000
heap
page read and write
7FF68CBB2000
unkown
page readonly
BADF3FF000
stack
page read and write
25999B80000
heap
page read and write
21A90000
remote allocation
page read and write
7FF757D22000
unkown
page readonly
FE8957F000
stack
page read and write
6D047000
unkown
page read and write
22C3EC38000
heap
page read and write
400000
unkown
page readonly
21668EA5000
heap
page read and write
1A759840000
heap
page read and write
5AA000
unkown
page execute and read and write
5A7000
unkown
page execute and read and write
7FF757D22000
unkown
page readonly
20EF5000
heap
page read and write
22C3EC02000
unkown
page read and write
21AA6170000
heap
page read and write
29CD4FC0000
direct allocation
page read and write
266F000
stack
page read and write
22C3EC00000
unkown
page read and write
95A000
heap
page read and write
199B30FC000
heap
page read and write
22C3EBE0000
trusted library allocation
page read and write
1ED23720000
heap
page read and write
9CE000
heap
page read and write
29830020000
heap
page read and write
7FF7583EE000
unkown
page readonly
BADF2FC000
stack
page read and write
29CD4FC0000
direct allocation
page read and write
20FFC000
heap
page read and write
61ECC000
direct allocation
page read and write
20F60000
heap
page read and write
A71F57E000
stack
page read and write
25999BC0000
heap
page read and write
9FD000
heap
page read and write
1ED23AB5000
heap
page read and write
B936FFD000
stack
page read and write
6CFA0000
unkown
page readonly
F3AA6FF000
stack
page read and write
21AA5E39000
heap
page read and write
4C40E7E000
stack
page read and write
221FE000
heap
page read and write
1D25CE08000
heap
page read and write
6EB000
unkown
page readonly
22C3EC13000
unkown
page read and write
1F0000
heap
page read and write
7FF757D11000
unkown
page execute read
A08000
heap
page read and write
243E000
stack
page read and write
9C2000
heap
page read and write
157777F000
stack
page read and write
22C3EF13000
heap
page read and write
8DF4EFF000
stack
page read and write
1AF68000
heap
page read and write
20EF1000
heap
page read and write
21668E80000
heap
page read and write
57B000
unkown
page execute and read and write
21AA5D70000
heap
page read and write
21668C80000
heap
page read and write
1E938B20000
heap
page read and write
210D0000
trusted library allocation
page read and write
7FF75896E000
unkown
page execute read
770000
heap
page read and write
1751DD00000
heap
page read and write
1ED23920000
heap
page read and write
22C3EF00000
heap
page read and write
9A4000
heap
page read and write
7FF758770000
unkown
page execute and read and write
61E00000
direct allocation
page execute and read and write
53D000
unkown
page execute and read and write
7FF68D283000
unkown
page write copy
29CD506C000
heap
page read and write
2B7036F0000
heap
page read and write
271E000
stack
page read and write
49E000
unkown
page readonly
20EEA000
heap
page read and write
2C1BD9D0000
heap
page read and write
1B6768D0000
heap
page read and write
7FF68D281000
unkown
page readonly
20ED0000
heap
page read and write
7FF757D25000
unkown
page write copy
61EB7000
direct allocation
page readonly
7FF68D606000
unkown
page execute and read and write
1B6768B0000
heap
page read and write
21AA5DA0000
heap
page read and write
29830450000
heap
page read and write
840B9FE000
stack
page read and write
29CD52C0000
heap
page read and write
1A759AC5000
heap
page read and write
199B30F9000
heap
page read and write
7FF68CBB2000
unkown
page readonly
1AA4E000
stack
page read and write
A096C7D000
stack
page read and write
199B32E0000
direct allocation
page read and write
CD039CD000
stack
page read and write
1D25D1C0000
heap
page read and write
199B32E0000
direct allocation
page read and write
29CD4FC0000
direct allocation
page read and write
199B3310000
unkown
page read and write
46B98F9000
stack
page read and write
FE8918C000
stack
page read and write
1751DD40000
heap
page read and write
7FF68D283000
unkown
page read and write
46B957B000
stack
page read and write
6D001000
unkown
page readonly
1A759810000
heap
page read and write
20F61000
heap
page read and write
199B32E0000
direct allocation
page read and write
7FF68CBB5000
unkown
page read and write
21668EA0000
heap
page read and write
A02000
heap
page read and write
22070000
heap
page read and write
775000
heap
page read and write
21A90000
remote allocation
page read and write
61E01000
direct allocation
page execute read
21668CB8000
heap
page read and write
1874B8D5000
heap
page read and write
2C1BD9E0000
heap
page read and write
7FF7583F1000
unkown
page readonly
FE8947E000
stack
page read and write
6F0000
heap
page read and write
79B477E000
stack
page read and write
1D25CDE0000
heap
page read and write
20ED2000
heap
page read and write
7FF75896E000
unkown
page execute read
15776FF000
stack
page read and write
199B30B0000
heap
page read and write
7FF7583EE000
unkown
page readonly
8DF4F7F000
stack
page read and write
21AA5D80000
heap
page read and write
1E938910000
heap
page read and write
D72EFAD000
stack
page read and write
1B001115000
heap
page read and write
1A8FF000
stack
page read and write
46B912D000
stack
page read and write
199B32E0000
direct allocation
page read and write
9FA000
heap
page read and write
2C1BD9D5000
heap
page read and write
1A7FF000
stack
page read and write
7FF68D548000
unkown
page execute and read and write
22C3EB00000
heap
page read and write
22C3EF00000
heap
page read and write
F3AA5FE000
stack
page read and write
1874B7D0000
heap
page read and write
199B3325000
heap
page read and write
61F277E000
stack
page read and write
79B467E000
stack
page read and write
1B000D58000
heap
page read and write
199B3300000
unkown
page read and write
1D25CFD0000
heap
page read and write
777000
heap
page read and write
514000
unkown
page execute and read and write
8DF4E7D000
stack
page read and write
2720000
heap
page read and write
21011000
heap
page read and write
1B000D50000
heap
page read and write
21AA6175000
heap
page read and write
199B32E0000
direct allocation
page read and write
A096D7E000
stack
page read and write
1D25CDD0000
heap
page read and write
59B000
unkown
page execute and read and write
29CD5060000
heap
page read and write
199B32E0000
direct allocation
page read and write
29831C40000
heap
page read and write
19C000
stack
page read and write
1A9FF000
stack
page read and write
41C000
unkown
page execute read
20EEA000
heap
page read and write
2C1BDAA8000
heap
page read and write
1A759848000
heap
page read and write
840BAFF000
stack
page read and write
21F6C000
stack
page read and write
26B0000
heap
page read and write
20EF1000
heap
page read and write
FE894FF000
stack
page read and write
A14000
heap
page read and write
F3AA1ED000
stack
page read and write
2B703430000
heap
page read and write
1E9388B0000
heap
page read and write
2B703450000
heap
page read and write
1874B8E0000
heap
page read and write
25999EE5000
heap
page read and write
6CFA1000
unkown
page execute read
25999BC8000
heap
page read and write
1AE61000
heap
page read and write
2C1BD9A0000
heap
page read and write
199B4E10000
direct allocation
page read and write
7FF68D7FE000
unkown
page execute read
21BEA000
heap
page read and write
29830120000
heap
page read and write
199B32C0000
heap
page read and write
61F267F000
stack
page read and write
777000
heap
page read and write
7FF7583F1000
unkown
page readonly
549000
unkown
page execute and read and write
23E0000
heap
page read and write
7FF68D285000
unkown
page readonly
BADF6FE000
stack
page read and write
1B676BC0000
heap
page read and write
7FF757D10000
unkown
page readonly
199B32E0000
direct allocation
page read and write
4C40F7E000
stack
page read and write
29CD4E90000
heap
page read and write
7FF758776000
unkown
page execute and read and write
2B7036F5000
heap
page read and write
22C3ED02000
trusted library allocation
page read and write
94F000
stack
page read and write
2B7034A8000
heap
page read and write
20EEC000
heap
page read and write
1ED23828000
heap
page read and write
7745DDE000
stack
page read and write
7FF7586B8000
unkown
page execute and read and write
29CD4FC0000
direct allocation
page read and write
1A759AC0000
heap
page read and write
29CD4FC0000
direct allocation
page read and write
2723000
heap
page read and write
22071000
heap
page read and write
7FF68CBA1000
unkown
page execute read
46B97FE000
stack
page read and write
9B000
stack
page read and write
657000
unkown
page execute and read and write
7FF68D546000
unkown
page execute and read and write
1E9387B0000
heap
page read and write
1E938890000
heap
page read and write
21C6F000
stack
page read and write
7FF68D5C8000
unkown
page execute and read and write
21AE0000
heap
page read and write
29CD4FC0000
direct allocation
page read and write
A8E000
stack
page read and write
401000
unkown
page execute read
B8F000
stack
page read and write
199B4E10000
unkown
page read and write
197000
stack
page read and write
61ECD000
direct allocation
page readonly
21668CB0000
heap
page read and write
840B8FE000
stack
page read and write
272C000
heap
page read and write
1D25CE00000
heap
page read and write
199B32E0000
direct allocation
page read and write
22C3EE13000
heap
page read and write
29CD59A0000
direct allocation
page read and write
7FF68D285000
unkown
page readonly
21668C90000
heap
page read and write
79B430D000
stack
page read and write
199B5652000
unkown
page read and write
1B001110000
heap
page read and write
1AC9D000
stack
page read and write
B9372FE000
stack
page read and write
20FD0000
heap
page read and write
20ED8000
heap
page read and write
7FF68D286000
unkown
page execute and read and write
7FF758C8B000
unkown
page readonly
1B676980000
heap
page read and write
7FF68D27E000
unkown
page readonly
22C3ED24000
heap
page read and write
7FF7583F6000
unkown
page execute and read and write
7FF757D11000
unkown
page execute read
157767D000
stack
page read and write
D72F2FF000
stack
page read and write
1A7597F0000
heap
page read and write
29CD4FC0000
direct allocation
page read and write
29CD4FC0000
direct allocation
page read and write
73E000
stack
page read and write
56E000
unkown
page execute and read and write
7FF68D281000
unkown
page readonly
29CD4FC0000
direct allocation
page read and write
1D25D1C5000
heap
page read and write
A71F16C000
stack
page read and write
7FF7583F3000
unkown
page write copy
BBA3E7F000
stack
page read and write
F3AA4FF000
stack
page read and write
1E938B25000
heap
page read and write
29830455000
heap
page read and write
A71F47E000
stack
page read and write
20EE7000
heap
page read and write
7FF68D7FE000
unkown
page execute read
7FF68D27E000
unkown
page readonly
61F236D000
stack
page read and write
20FF0000
heap
page read and write
29CD4FC0000
direct allocation
page read and write
CD03DFF000
stack
page read and write
7FF7583F5000
unkown
page readonly
61ED3000
direct allocation
page read and write
20EF3000
heap
page read and write
1ACEE000
stack
page read and write
7FF68DB1B000
unkown
page readonly
29CD52C5000
heap
page read and write
29CD4FC0000
direct allocation
page read and write
7FF758C8B000
unkown
page readonly
22C3EE02000
heap
page read and write
199B32E0000
direct allocation
page read and write
1B000CA0000
heap
page read and write
651000
unkown
page execute and read and write
46B96FF000
stack
page read and write
20EDD000
heap
page read and write
1AE50000
heap
page read and write
29830100000
heap
page read and write
20ED0000
trusted library allocation
page read and write
29CD4F90000
heap
page read and write
A0F000
heap
page read and write
1ADEE000
stack
page read and write
1B000CC0000
heap
page read and write
1874B8B0000
heap
page read and write
7FF757D25000
unkown
page read and write
2C1BD8C0000
heap
page read and write
2C1BDAA0000
heap
page read and write
6D049000
unkown
page readonly
25999EE0000
heap
page read and write
7FF7586B6000
unkown
page execute and read and write
2B7034A0000
heap
page read and write
20EE9000
heap
page read and write
21A90000
remote allocation
page read and write
7FF68CBA0000
unkown
page readonly
CD03CFF000
stack
page read and write
1874B8D0000
heap
page read and write
247E000
stack
page read and write
4E6000
unkown
page execute and read and write
77460FE000
stack
page read and write
1AB4E000
stack
page read and write
61ED0000
direct allocation
page read and write
1ED23AB0000
heap
page read and write
1E938918000
heap
page read and write
1A7597E0000
heap
page read and write
7FF68CBA0000
unkown
page readonly
21BE0000
heap
page read and write
1751E095000
heap
page read and write
6E8000
unkown
page execute and read and write
1AB9E000
stack
page read and write
29CD4FC0000
direct allocation
page read and write
1B676988000
heap
page read and write
20EEC000
heap
page read and write
840BBFE000
stack
page read and write
29CD4F70000
heap
page read and write
7FF7583F5000
unkown
page readonly
1ED23820000
heap
page read and write
61ED4000
direct allocation
page readonly
493000
unkown
page write copy
7FF68D600000
unkown
page execute and read and write
20F70000
heap
page read and write
A37000
heap
page read and write
2B703420000
heap
page read and write
There are 397 hidden memdumps, click here to show them.