IOC Report
SecuriteInfo.com.Trojan.Siggen23.13161.15240.4676.exe

FilesProcessesURLsIPsRegistryMemdumps1010010Label

Files

File Path
Type
Category
Malicious
Download
SecuriteInfo.com.Trojan.Siggen23.13161.15240.4676.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\ProgramData\Kingsoft\KIS\hg.dat
ASCII text, with CRLF line terminators
dropped
C:\ProgramData\dbazdk03.dat
Non-ISO extended-ASCII text, with very long lines (36115), with no line terminators
dropped
C:\ProgramData\installrename03.dat
Non-ISO extended-ASCII text, with very long lines (6738), with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\7LE4YNMI\dbazdk03[1].dat
Non-ISO extended-ASCII text, with very long lines (36115), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\downloaddaycfg.ini
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\install_res\100.png
PNG image data, 458 x 224, 8-bit/color RGB, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\install_res\110.png
PNG image data, 602 x 402, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\install_res\6000.xml
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\install_res\6001.xml
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\install_res\6002.xml
HTML document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\install_res\backup_0307\6000.xml
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\install_res\backup_0307\6001.xml
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\install_res\backup_0307\6002.xml
HTML document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\install_res\backup_0317\100.png
PNG image data, 458 x 224, 8-bit/color RGB, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\install_res\backup_0317\110.png
PNG image data, 602 x 402, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\install_res\backup_0317\6000.xml
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\install_res\backup_0317\6001.xml
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\install_res\backup_0317\6002.xml
HTML document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\install_res\backup_0317\installconfig.ini
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\install_res\backup_0317\soft.ico
MS Windows icon resource - 6 icons, 256x256, 32 bits/pixel, -128x-128, 32 bits/pixel
dropped
C:\Users\user\AppData\Local\Temp\install_res\backup_0317\soft.ico_
MS Windows icon resource - 2 icons, 32x32 with PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced, 32 bits/pixel, 48x48 with PNG image data, 48 x 48, 8-bit/color RGB, non-interlaced, 32 bits/pixel
dropped
C:\Users\user\AppData\Local\Temp\install_res\installconfig.ini
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\install_res\soft.ico
MS Windows icon resource - 6 icons, 256x256, 32 bits/pixel, -128x-128, 32 bits/pixel
dropped
C:\Users\user\AppData\Local\Temp\install_res\soft.ico_
MS Windows icon resource - 2 icons, 32x32 with PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced, 32 bits/pixel, 48x48 with PNG image data, 48 x 48, 8-bit/color RGB, non-interlaced, 32 bits/pixel
dropped
C:\Users\user\AppData\Local\Temp\jcqgx.ini
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\kantivirus\InstallHelper.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\kantivirus\kavsetup.log
ASCII text, with CRLF line terminators
modified
C:\Users\user\AppData\Local\Temp\kantivirus\ksapi.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\kantivirus\semPacketDllLog.log
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\kantivirus\~ced7a9\clear_i.xml
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\kantivirus\~ced7a9\install.xml
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\kantivirus\~ced7a9\install_res\1.jpg
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 500x350, components 3
dropped
C:\Users\user\AppData\Local\Temp\kantivirus\~ced7a9\install_res\110.png
PNG image data, 800 x 30, 8-bit/color RGB, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\kantivirus\~ced7a9\install_res\2.jpg
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 140x187, components 3
dropped
C:\Users\user\AppData\Local\Temp\kantivirus\~ced7a9\install_res\200.bmp
PC bitmap, Windows 3.x format, 16 x 57 x 24, image size 2736, resolution 3778 x 3778 px/m, cbSize 2790, bits offset 54
dropped
C:\Users\user\AppData\Local\Temp\kantivirus\~ced7a9\install_res\201.bmp
PC bitmap, Windows 3.x format, 16 x 57 x 24, image size 2738, resolution 3779 x 3779 px/m, cbSize 2792, bits offset 54
dropped
C:\Users\user\AppData\Local\Temp\kantivirus\~ced7a9\install_res\3.jpg
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 233x43, components 3
dropped
C:\Users\user\AppData\Local\Temp\kantivirus\~ced7a9\install_res\4.png
PNG image data, 60 x 15, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\kantivirus\~ced7a9\install_res\5.png
PNG image data, 60 x 15, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\kantivirus\~ced7a9\install_res\501.png
PNG image data, 260 x 210, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\kantivirus\~ced7a9\install_res\502.png
PNG image data, 260 x 210, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\kantivirus\~ced7a9\install_res\503.png
PNG image data, 114 x 38, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\kantivirus\~ced7a9\install_res\504.png
PNG image data, 260 x 285, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\kantivirus\~ced7a9\install_res\506.png
PNG image data, 260 x 285, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\kantivirus\~ced7a9\install_res\507.png
PNG image data, 390 x 40, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\kantivirus\~ced7a9\install_res\508.png
PNG image data, 274 x 39, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\kantivirus\~ced7a9\install_res\509.png
PNG image data, 207 x 39, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\kantivirus\~ced7a9\install_res\510.png
PNG image data, 20 x 20, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\kantivirus\~ced7a9\install_res\511.png
PNG image data, 20 x 20, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\kantivirus\~ced7a9\install_res\512.png
PNG image data, 20 x 20, 4-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\kantivirus\~ced7a9\install_res\514.png
PNG image data, 22 x 22, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\kantivirus\~ced7a9\install_res\515.png
PNG image data, 22 x 22, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\kantivirus\~ced7a9\install_res\516.png
PNG image data, 22 x 22, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\kantivirus\~ced7a9\install_res\517.png
PNG image data, 5400 x 450, 8-bit colormap, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\kantivirus\~ced7a9\install_res\518.png
PNG image data, 260 x 285, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\kantivirus\~ced7a9\installrename_def.dat
Non-ISO extended-ASCII text, with very long lines (1017), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\kantivirus\~ced7a9\ksoft.xml
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\kantivirus\~ced7a9\product.xml
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\kantivirus\~ced7a9\ressrc\chs\kismain.ini
Generic INItialization configuration [DisplayVersions]
dropped
C:\Users\user\AppData\Local\Temp\kantivirus\~ced7a9\setup.xml
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\kdb_semrjgj.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
dropped
C:\Users\user\AppData\Local\Temp\kinst.log
ISO-8859 text, with CRLF line terminators
dropped
C:\Windows\System32\drivers\neorkbsep.sys
PE32+ executable (DLL) (native) x86-64, for MS Windows
dropped
There are 54 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.13161.15240.4676.exe
"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen23.13161.15240.4676.exe"
 malicious
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc
C:\Users\user\AppData\Local\Temp\kantivirus\InstallHelper.exe
"C:\Users\user\AppData\Local\Temp\kantivirus\InstallHelper.exe" -Pid:"8164" -LogFileName:"C:\Users\user\AppData\Local\Temp\kantivirus\semPacketDllLog.log" -InstallPath:"C:\Users\user\AppData\Local\Temp\kantivirus" -Tid1:"10" -Tid2:"166" -Tod1:"718" -Tod2:"1" -IId:"210464360" -UUID:"0947BEFD7C7CA35ACEDFFC1E2AE55DC7" -TryNo:"1335" -SvrId:"2024.SP1.9" -StrategyList:"0;1;2;3;4|0;2;3;4" -Version:"3" -ProductInstalled:"0" -CompetitorMask:"0" -CompetitorInstalled:"0"

URLs

Name
IP
Malicious
http://www.duba.com/i
unknown
http://dubacdn.cmcmcdn.com/sem/installer/ald_%d.png
unknown
http://cd001.www.duba.net/duba/install/packages/ever/kavsetupin
unknown
http://did.ijinshan.com/db/?v=2&p=db&u=0947BEFD7C7CA35ACEDFFC1E2AE55DC7&m=d05099db23970000&ip=336308
unknown
http://www.baidu.com/duty/
unknown
http://purl.dc/elements/1.1/
unknown
http://dubacdn.cmcmcdn.com/sem/installer/ald2_%d.png
unknown
http://2398.35go.net/defend/o1/jcqgx.ini
unknown
http://curl.haxx.se/rfc/cookie_spec.html#
unknown
http://infoc0.duba.net/c/-1-0
unknown
http://infoc0.duba.net/c/ba.ne
unknown
http://softmgr.duba.net/softmgr_v2/softdetail/60038320.json?ver=1LMEM
unknown
https://newvip.duba.net/api/v2/ocpc/un_install
unknown
http://cd001.www.duba.net/duba
unknown
http://v.baidu.com
unknown
http://www.openssl.org/support/faq.html
unknown
http://cd001.www.duba.net/duba/install/packages/ever/kavsetuprcmd_sem_20240516.datrewalX
unknown
https://softmgr-softsem-srv.jinshanapi.com/sem/lenovomm/get_software_sem_info
unknown
http://www.baidu.com/bdorz/login.gif?login&tpl=mn&u=http%3A%2F%2Fwww.baidu.com%2f%3fbdorz_co
unknown
http://2398.35go.net/defend/o1/dbazdk03.dat
unknown
http://2398.35go.net/defend/o1/dbazdk03.datM
unknown
http://ir.baidu.com
unknown
http://crl.thawte.com/ThawteTimestampingCA.crl0
unknown
https://www.ijinshan.com/privacy/dubaPrivacy.html
unknown
http://map.baidu.com
unknown
http://mydown.yesky.comhttps://www.ijinshan.com/privacy/duba-enduserlicenseandsevice-agreement.html
unknown
http://config.i.duba.net/seminstall/%d/%s.xml?time=%dvariableinstallrununinstall_timeand&or%d_%droot
unknown
http://ct.duba.net/itidP
unknown
http://www.baidu.com/bdorz/login.gif?login&tpl=mn&u=
unknown
http://infoc0.duba.net/nep/v1/$
unknown
http://config.i.duba.net/
unknown
http://curl.haxx.se/rfc/cookie_spec.html
unknown
http://config.i.duba.net/seminstall/%d/%s.xml?time=%d
unknown
http://weather2db.cmcm.com/ip/cityiduniqid:
unknown
https://wpa1.qq.com/5ciKQjBf?_type=wpa&qidian=trueMarketQQLinkhttps://wpa1.qq.com/FDdK6y0s?_type=wpa
unknown
https://pc-store.lenovomm.cn/advertappservice/api/adAppCheckhttps://softmgr-softsem-srv.jinshanapi.c
unknown
http://infoc0.duba.net/nep/v1/u
unknown
http://2398.35go.net/defend/o1/jcqgx.inijcqgx.iniurlmd5dirprobability.bak
unknown
https://newvip.duba.net/api/v2/ocpc/report_install_success
unknown
http://softmgr.duba.net/softmgr_v2/softdetail/%s.json?ver=1
unknown
http://config.i.duba.net/aldconfig/resource.png
unknown
http://infoc0.duba.net/c/ba.nek
unknown
http://infoc0.duba.net/nep/v1/o
unknown
http://www.baidu.comP
unknown
http://config.i.duba.net/aldconfig/area.dat
unknown
http://infoc0.duba.net/c/lll
unknown
http://infoc0.duba.net/nep/v1/p
unknown
http://www.ijinshan.com//help/2/2/20200311.shtmlSb_Q
unknown
http://ns.adobe.c
unknown
http://curl.haxx.se/docs/http-cookies.html#
unknown
http://ocsp.thawte.com0
unknown
http://infoc0.duba.net/c/LL
unknown
http://config.i.duba.net/seminstall/166/718.xml?time=1717581745u
unknown
http://news.baidu.com
unknown
http://cd001.www.duba.net/duba/install/packages/ever/kavsetuprcmd_sem_20240516.dat
unknown
http://www.hao123.com
unknown
http://home.baidu.com
unknown
http://config.i.duba.net/seminstall/166/718.xml?time=1717581745wm
unknown
https://softmgr-softsem-srv.jinshanapi.com/sem/lenovomm/get_software_sem_infoa
unknown
http://infoc0.duba.net/nep/v1/
unknown
http://dubacdn.cmcmcdn.com/sem/installer/%d.png
unknown
http://infoc0.duba.net/c/)
unknown
http://curl.haxx.se/docs/http-cookies.html
unknown
http://dubacdn.cmcmcdn.com/sem/installer/ald_%d.pnghttp://dubacdn.cmcmcdn.com/sem/installer/ald2_%d.
unknown
http://infoc0.duba.net/c/KMain::_Init
unknown
http://config.i.duba.net/seminstall/166/718.xml?time=1717581745
unknown
http://www.openssl.org/support/faq.html....................
unknown
http://jianyi.baidu.com/
unknown
http://tieba.baidu.com
unknown
http://cd001.www.duba.net/duba/install/packages/ever/kavsetuprcmd_sem_20240516.datll%
unknown
http://www.duba.com
unknown
http://infoc0.duba.net/c/evice
unknown
http://infoc0.duba.net/nep/v1/W
unknown
http://www.duba.com/
unknown
http://dubacdn.cmcmcdn.com/sem/installer/%s.png
unknown
https://newvip.duba.net/api/v2/ocpc/report_install_successhttps://newvip.duba.net/api/v2/ocpc/un_ins
unknown
https://pc-store.lenovomm.cn/advertappservice/api/adAppCheck
unknown
http://soft-dl.v78q.com/softmgr/package/E593CA50-643E-48BE-8A17
unknown
http://infoc0.duba.net/c/
unknown
http://cd001.www.duba.net/duba/install/packages/ever/kavsetupinLma
unknown
http://config.i.duba.net/aldconfig/resource.pngrs%s
unknown
http://weather2db.cmcm.com/ip/cityid
unknown
http://cu003.www.duba.net/duba/tools/dubatools/softmgricon/60038320.png
unknown
http://config.i.duba.net/aldconfig/area.datpopstylearea_smedrivergeniushttp://dubacdn.cmcmcdn.com/se
unknown
http://infoc0.duba.net/c/x-www
unknown
http://soft-dl.v78q.com/softmgr/package/E593CA50-643E-48BE-8A17-0CD5890AA11E/ZhiZhuZhiPai0529.exe.pa
unknown
http://www.globalsign.net/repository/03
unknown
https://www.ijinshan.com/privacy/dubaPrivacy.htmlsoguo_mainbg_newsofttemprory.png
unknown
http://infoc0.duba.net/c/dlllC
unknown
There are 79 hidden URLs, click here to show them.

IPs

IP
Domain
Country
Malicious
114.132.191.224
unknown
China
139.9.45.227
unknown
China
183.240.99.202
unknown
China
175.6.254.65
unknown
China
218.60.21.6
unknown
China
221.194.141.169
unknown
China
1.193.210.6
unknown
China
139.9.43.42
unknown
China
139.9.44.129
unknown
China
139.199.215.55
unknown
China
218.12.76.159
unknown
China
139.9.43.12
unknown
China
183.61.168.1
unknown
China
218.12.76.156
unknown
China
42.56.77.10
unknown
China
218.12.76.155
unknown
China
118.112.233.9
unknown
China
113.16.211.3
unknown
China
183.61.243.1
unknown
China
139.199.218.80
unknown
China
There are 10 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9B7A98EC-7EF9-468c-ACC8-37C793DBD7E0}\Implemented Categories\{A5F7140E-4311-4ef9-AABC-F55941B5EBE5}
idex
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9B7A98EC-7EF9-468c-ACC8-37C793DBD7E0}\Implemented Categories\{A5F7140E-4311-4ef9-AABC-F55941B5EBE5}
idno
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\f\52C64B7E
@%systemroot%\system32\FirewallControlPanel.dll,-12122
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79B5BC47-CEA1-4772-B433-7D1B3139F278}\Implemented Categories\{607568DD-B059-434b-B7E7-38EC51998F8E}
did
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79B5BC47-CEA1-4772-B433-7D1B3139F278}\Implemented Categories\{607568DD-B059-434b-B7E7-38EC51998F8E}
PacketPath_166_718_1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9B7A98EC-7EF9-468c-ACC8-37C793DBD7E0}\Implemented Categories\{A5F7140E-4311-4ef9-AABC-F55941B5EBE5}
svrid
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\kingsoft\installfail
calltime
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\kingsoft\KISCommon
beginInstallTime
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9B7A98EC-7EF9-468c-ACC8-37C793DBD7E0}\Implemented Categories\{A5F7140E-4311-4ef9-AABC-F55941B5EBE5}
svrid

Memdumps

Base Address
Regiontype
Protect
Malicious
Download
2E80000
trusted library allocation
page read and write
262F000
heap
page read and write
617000
unkown
page write copy
A3E000
heap
page read and write
33B1000
heap
page read and write
A3B000
heap
page read and write
A50000
heap
page read and write
9D4000
heap
page read and write
32CF000
stack
page read and write
2421000
heap
page read and write
2637000
heap
page read and write
264B000
heap
page read and write
3040000
heap
page read and write
98C000
heap
page read and write
9E8000
heap
page read and write
2655000
heap
page read and write
2961000
heap
page read and write
2637000
heap
page read and write
2645000
heap
page read and write
6CE000
heap
page read and write
988000
heap
page read and write
2655000
heap
page read and write
2645000
heap
page read and write
2648000
heap
page read and write
2645000
heap
page read and write
2400000
heap
page read and write
A28000
heap
page read and write
25A0000
heap
page read and write
2655000
heap
page read and write
2260000
heap
page read and write
2645000
heap
page read and write
262F000
heap
page read and write
2637000
heap
page read and write
19A000
stack
page read and write
2645000
heap
page read and write
2999000
heap
page read and write
5599000
trusted library allocation
page read and write
262F000
heap
page read and write
A7B6779000
stack
page read and write
9C1000
heap
page read and write
9D6000
heap
page read and write
C47D000
stack
page read and write
2E80000
trusted library allocation
page read and write
401000
unkown
page execute read
2930000
heap
page read and write
29CF000
heap
page read and write
A28000
heap
page read and write
9C1000
heap
page read and write
9D4000
heap
page read and write
1D90AA41000
heap
page read and write
2633000
heap
page read and write
290E000
stack
page read and write
1D90A990000
heap
page read and write
2645000
heap
page read and write
5832000
heap
page read and write
57CF000
heap
page read and write
A30000
heap
page read and write
9A0000
heap
page read and write
9C3000
heap
page read and write
264C000
heap
page read and write
262F000
heap
page read and write
97E000
heap
page read and write
5842000
heap
page read and write
2655000
heap
page read and write
9E3000
heap
page read and write
59B000
unkown
page readonly
A38000
heap
page read and write
2645000
heap
page read and write
2655000
heap
page read and write
9E0000
heap
page read and write
BDD8000
unkown
page read and write
264C000
heap
page read and write
A3B000
heap
page read and write
57F3000
heap
page read and write
264B000
heap
page read and write
99D000
heap
page read and write
9EB000
heap
page read and write
296A000
heap
page read and write
2633000
heap
page read and write
9D0000
heap
page read and write
5843000
heap
page read and write
9C2000
heap
page read and write
2655000
heap
page read and write
2637000
heap
page read and write
57F3000
heap
page read and write
A28000
heap
page read and write
2655000
heap
page read and write
2637000
heap
page read and write
97E000
heap
page read and write
9E2000
heap
page read and write
29A2000
heap
page read and write
2655000
heap
page read and write
2648000
heap
page read and write
BE1A000
heap
page read and write
2648000
heap
page read and write
264B000
heap
page read and write
BE00000
heap
page read and write
6A0000
heap
page read and write
2A1E000
heap
page read and write
296C000
heap
page read and write
25F0000
heap
page read and write
568F000
stack
page read and write
A37000
heap
page read and write
2655000
heap
page read and write
5842000
heap
page read and write
609000
unkown
page read and write
264C000
heap
page read and write
2645000
heap
page read and write
2655000
heap
page read and write
2637000
heap
page read and write
97C000
heap
page read and write
A37000
heap
page read and write
975000
heap
page read and write
2645000
heap
page read and write
9E9000
heap
page read and write
22C0000
heap
page read and write
C120000
remote allocation
page read and write
4EDE000
heap
page read and write
296C000
heap
page read and write
330E000
stack
page read and write
2A1D000
heap
page read and write
5804000
heap
page read and write
550000
heap
page read and write
816000
heap
page read and write
2645000
heap
page read and write
262F000
heap
page read and write
1D90A980000
unclassified section
page readonly
29B6000
heap
page read and write
2655000
heap
page read and write
A34000
heap
page read and write
57F3000
heap
page read and write
9E9000
heap
page read and write
299C000
heap
page read and write
45D000
unkown
page readonly
52B1000
trusted library allocation
page read and write
2655000
heap
page read and write
9E4000
heap
page read and write
C5FE000
stack
page read and write
9C5000
heap
page read and write
5D70000
stack
page readonly
31CE000
stack
page read and write
262B000
heap
page read and write
2655000
heap
page read and write
A28000
heap
page read and write
264B000
heap
page read and write
2648000
heap
page read and write
A37000
heap
page read and write
A31000
heap
page read and write
57B0000
heap
page read and write
2A0A000
heap
page read and write
BE4E000
stack
page read and write
A28000
heap
page read and write
99D000
heap
page read and write
329B000
heap
page read and write
458000
unkown
page write copy
2655000
heap
page read and write
982000
heap
page read and write
3050000
trusted library allocation
page read and write
5842000
heap
page read and write
9C5000
heap
page read and write
985000
heap
page read and write
98B000
heap
page read and write
A37000
heap
page read and write
2637000
heap
page read and write
5842000
heap
page read and write
3050000
trusted library allocation
page read and write
44A000
unkown
page readonly
975000
heap
page read and write
57C8000
heap
page read and write
C4BE000
stack
page read and write
9E5000
heap
page read and write
2645000
heap
page read and write
9D0000
heap
page read and write
4EA0000
heap
page read and write
2655000
heap
page read and write
29A0000
heap
page read and write
99000
stack
page read and write
264B000
heap
page read and write
9CE000
heap
page read and write
9C6000
heap
page read and write
5C6E000
stack
page read and write
8570000
stack
page readonly
10000000
unkown
page readonly
262F000
heap
page read and write
5832000
heap
page read and write
5842000
heap
page read and write
22B5000
heap
page read and write
2645000
heap
page read and write
9D6000
heap
page read and write
2637000
heap
page read and write
2648000
heap
page read and write
C25A000
stack
page read and write
264B000
heap
page read and write
29A0000
heap
page read and write
262F000
heap
page read and write
2648000
heap
page read and write
60E000
stack
page read and write
30000
heap
page read and write
8F70000
stack
page readonly
810000
heap
page read and write
262F000
heap
page read and write
28CF000
stack
page read and write
304A000
heap
page read and write
9E0000
heap
page read and write
651000
unkown
page readonly
2637000
heap
page read and write
262F000
heap
page read and write
358D000
stack
page read and write
A3B000
heap
page read and write
400000
unkown
page readonly
9E4000
heap
page read and write
2920000
direct allocation
page execute and read and write
99D000
heap
page read and write
2648000
heap
page read and write
5842000
heap
page read and write
30000
heap
page read and write
A3E000
heap
page read and write
5C2F000
stack
page read and write
5832000
heap
page read and write
5A1F000
stack
page read and write
2648000
heap
page read and write
400000
unkown
page readonly
8BF000
stack
page read and write
296C000
heap
page read and write
57CF000
heap
page read and write
989000
heap
page read and write
9D0000
heap
page read and write
264B000
heap
page read and write
1D90AA3D000
heap
page read and write
4DA1000
heap
page read and write
A7B657E000
stack
page read and write
9D7000
heap
page read and write
22B0000
heap
page read and write
3050000
trusted library allocation
page read and write
1D90AA6C000
heap
page read and write
629000
unkown
page readonly
584A000
heap
page read and write
2655000
heap
page read and write
57CF000
heap
page read and write
2648000
heap
page read and write
1D90AB02000
heap
page read and write
9D3000
heap
page read and write
2637000
heap
page read and write
B770000
stack
page readonly
2655000
heap
page read and write
25FE000
heap
page read and write
2418000
heap
page read and write
1D90AA00000
heap
page read and write
5910000
heap
page read and write
2648000
heap
page read and write
333C000
heap
page read and write
5D6F000
stack
page read and write
262F000
heap
page read and write
57CF000
heap
page read and write
616000
unkown
page read and write
57F3000
heap
page read and write
6C0000
heap
page read and write
9E7000
heap
page read and write
9D7000
heap
page read and write
5842000
heap
page read and write
2645000
heap
page read and write
9EB000
heap
page read and write
19D000
stack
page read and write
2716000
heap
page read and write
A2E000
heap
page read and write
2645000
heap
page read and write
9D9000
heap
page read and write
584A000
heap
page read and write
458000
unkown
page read and write
2A0A000
heap
page read and write
9D6000
heap
page read and write
9E3000
heap
page read and write
308C000
stack
page read and write
9DE000
heap
page read and write
9D4000
heap
page read and write
5916000
heap
page read and write
9D0000
heap
page read and write
5832000
heap
page read and write
32E2000
heap
page read and write
7C7000
unkown
page readonly
2614000
heap
page read and write
A51000
heap
page read and write
236E000
stack
page read and write
A09000
heap
page read and write
1D90AA13000
heap
page read and write
2648000
heap
page read and write
262F000
heap
page read and write
2934000
heap
page read and write
1D90A8D0000
heap
page read and write
2648000
heap
page read and write
8F0000
heap
page read and write
2645000
heap
page read and write
2EBC000
stack
page read and write
2645000
heap
page read and write
980000
heap
page read and write
296C000
heap
page read and write
2613000
heap
page read and write
9C2000
heap
page read and write
45D000
unkown
page readonly
5842000
heap
page read and write
57CA000
heap
page read and write
A28000
heap
page read and write
9C2000
heap
page read and write
262F000
heap
page read and write
7B70000
stack
page readonly
5832000
heap
page read and write
1D90B402000
trusted library allocation
page read and write
5B2E000
stack
page read and write
2637000
heap
page read and write
263F000
heap
page read and write
9C9000
heap
page read and write
BDB0000
unkown
page readonly
2655000
heap
page read and write
9D2000
heap
page read and write
1D90AA2A000
heap
page read and write
A28000
heap
page read and write
401000
unkown
page execute read
296D000
heap
page read and write
6CA000
heap
page read and write
9D3000
heap
page read and write
817000
heap
page read and write
329F000
heap
page read and write
788000
unkown
page readonly
264B000
heap
page read and write
9D9000
heap
page read and write
2633000
heap
page read and write
2648000
heap
page read and write
2655000
heap
page read and write
9D7000
heap
page read and write
C120000
remote allocation
page read and write
262F000
heap
page read and write
2655000
heap
page read and write
2637000
heap
page read and write
2655000
heap
page read and write
97C000
heap
page read and write
2655000
heap
page read and write
2645000
heap
page read and write
262F000
heap
page read and write
57D1000
heap
page read and write
A37000
heap
page read and write
2637000
heap
page read and write
BF9E000
stack
page read and write
9D0000
heap
page read and write
35A1000
heap
page read and write
3185000
stack
page read and write
4C10000
heap
page read and write
9BF000
stack
page read and write
AD70000
stack
page readonly
2656000
heap
page read and write
5832000
heap
page read and write
72D000
unkown
page readonly
57DA000
heap
page read and write
9CD000
heap
page read and write
5832000
heap
page read and write
57F3000
heap
page read and write
2983000
heap
page read and write
51B0000
trusted library allocation
page read and write
609000
unkown
page write copy
262F000
heap
page read and write
4CA0000
heap
page read and write
2645000
heap
page read and write
2637000
heap
page read and write
9CB000
heap
page read and write
263B000
heap
page read and write
29AE000
heap
page read and write
9C1000
heap
page read and write
29A2000
heap
page read and write
2A25000
heap
page read and write
262F000
heap
page read and write
A2D000
heap
page read and write
A28000
heap
page read and write
2FBE000
stack
page read and write
9C5000
heap
page read and write
540000
heap
page read and write
2637000
heap
page read and write
9E7000
heap
page read and write
2410000
heap
page read and write
4DA1000
heap
page read and write
584A000
heap
page read and write
A2E000
heap
page read and write
9E0000
heap
page read and write
9E6000
heap
page read and write
262F000
heap
page read and write
A32000
heap
page read and write
264B000
heap
page read and write
9D7000
heap
page read and write
9CD000
heap
page read and write
978000
heap
page read and write
584A000
heap
page read and write
2637000
heap
page read and write
2999000
heap
page read and write
9CE000
heap
page read and write
2A07000
heap
page read and write
2720000
heap
page read and write
1D90A970000
unclassified section
page readonly
99D000
heap
page read and write
2648000
heap
page read and write
94A000
heap
page read and write
9CE000
heap
page read and write
618000
unkown
page read and write
2655000
heap
page read and write
1D90B270000
trusted library allocation
page read and write
1D90AA02000
heap
page read and write
9A1000
heap
page read and write
940000
heap
page read and write
400000
unkown
page readonly
2645000
heap
page read and write
BE15000
heap
page read and write
584A000
heap
page read and write
98C000
heap
page read and write
2E80000
trusted library allocation
page read and write
262F000
heap
page read and write
2648000
heap
page read and write
59B000
unkown
page readonly
264C000
heap
page read and write
27CE000
stack
page read and write
400000
unkown
page readonly
5832000
heap
page read and write
94E000
heap
page read and write
97F000
heap
page read and write
2A0A000
heap
page read and write
36A0000
trusted library allocation
page read and write
299C000
heap
page read and write
2648000
heap
page read and write
9D7000
heap
page read and write
A3B000
heap
page read and write
BDDC000
unkown
page readonly
97C000
heap
page read and write
9D6000
heap
page read and write
9E8000
heap
page read and write
C5BF000
stack
page read and write
D8E000
stack
page read and write
788000
unkown
page readonly
2645000
heap
page read and write
629000
unkown
page readonly
2710000
heap
page read and write
3047000
heap
page read and write
9EC000
heap
page read and write
9D7000
heap
page read and write
2940000
heap
page read and write
401000
unkown
page execute read
2645000
heap
page read and write
262B000
heap
page read and write
9D9000
heap
page read and write
621000
unkown
page readonly
2655000
heap
page read and write
2637000
heap
page read and write
2655000
heap
page read and write
9E7000
heap
page read and write
C15C000
stack
page read and write
1D90AA3A000
heap
page read and write
98C000
heap
page read and write
2637000
heap
page read and write
29D4000
heap
page read and write
260F000
stack
page read and write
A37000
heap
page read and write
2962000
heap
page read and write
2614000
heap
page read and write
9E7000
heap
page read and write
C8E000
stack
page read and write
57CF000
heap
page read and write
3321000
heap
page read and write
25F6000
heap
page read and write
2655000
heap
page read and write
98B000
heap
page read and write
2A0C000
heap
page read and write
2645000
heap
page read and write
2971000
heap
page read and write
A3A000
heap
page read and write
2637000
heap
page read and write
9C4000
heap
page read and write
262F000
heap
page read and write
98C000
heap
page read and write
9D9000
heap
page read and write
9D7000
heap
page read and write
C37C000
stack
page read and write
5803000
heap
page read and write
5CE000
stack
page read and write
2655000
heap
page read and write
2637000
heap
page read and write
984000
heap
page read and write
331E000
heap
page read and write
264C000
heap
page read and write
D10000
heap
page read and write
7C4000
unkown
page readonly
264B000
heap
page read and write
262F000
heap
page read and write
6770000
stack
page readonly
2645000
heap
page read and write
57D0000
heap
page read and write
2638000
heap
page read and write
270F000
stack
page read and write
2645000
heap
page read and write
2648000
heap
page read and write
44A000
unkown
page readonly
A7B5FAB000
stack
page read and write
4DBC000
heap
page read and write
262F000
heap
page read and write
2645000
heap
page read and write
2655000
heap
page read and write
60C000
unkown
page write copy
651000
unkown
page readonly
2E7F000
stack
page read and write
1D90AA46000
heap
page read and write
2FD0000
heap
page read and write
621000
unkown
page readonly
BDD2000
unkown
page readonly
2E80000
trusted library allocation
page read and write
64E000
stack
page read and write
985000
heap
page read and write
A2B000
heap
page read and write
296A000
heap
page read and write
A0E000
heap
page read and write
2648000
heap
page read and write
5832000
heap
page read and write
262F000
heap
page read and write
57F2000
heap
page read and write
9E7000
heap
page read and write
ABF000
stack
page read and write
979000
heap
page read and write
2637000
heap
page read and write
35A0000
heap
page read and write
2637000
heap
page read and write
2614000
heap
page read and write
2600000
heap
page read and write
4DA1000
heap
page read and write
C6FF000
stack
page read and write
9CE000
heap
page read and write
584A000
heap
page read and write
2972000
heap
page read and write
2645000
heap
page read and write
98B000
heap
page read and write
1D90A8E0000
unclassified section
page readonly
98C000
heap
page read and write
7170000
stack
page readonly
262F000
heap
page read and write
29D3000
heap
page read and write
2637000
heap
page read and write
BF4F000
stack
page read and write
2645000
heap
page read and write
9EB000
heap
page read and write
262F000
heap
page read and write
2613000
heap
page read and write
985000
heap
page read and write
2655000
heap
page read and write
5832000
heap
page read and write
57CF000
heap
page read and write
262F000
heap
page read and write
263F000
heap
page read and write
2645000
heap
page read and write
2645000
heap
page read and write
A3E000
heap
page read and write
2961000
heap
page read and write
98C000
heap
page read and write
76A000
unkown
page readonly
A370000
stack
page readonly
9C6000
heap
page read and write
2645000
heap
page read and write
2655000
heap
page read and write
98C000
heap
page read and write
9D9000
heap
page read and write
263F000
heap
page read and write
9EF000
heap
page read and write
2637000
heap
page read and write
296A000
heap
page read and write
3044000
heap
page read and write
2A07000
heap
page read and write
BDB1000
unkown
page execute read
1D90AA27000
heap
page read and write
2A11000
heap
page read and write
2655000
heap
page read and write
2648000
heap
page read and write
C120000
trusted library allocation
page read and write
2645000
heap
page read and write
2965000
heap
page read and write
3378000
heap
page read and write
401000
unkown
page execute read
5842000
heap
page read and write
5832000
heap
page read and write
1D90AA56000
heap
page read and write
A34000
heap
page read and write
986000
heap
page read and write
2964000
heap
page read and write
57CF000
heap
page read and write
9E6000
heap
page read and write
2637000
heap
page read and write
5842000
heap
page read and write
A29000
heap
page read and write
9970000
stack
page readonly
76A000
unkown
page readonly
7C4000
unkown
page readonly
9D4000
heap
page read and write
2648000
heap
page read and write
C09F000
stack
page read and write
9CB000
heap
page read and write
57D3000
heap
page read and write
9D6000
heap
page read and write
9B000
stack
page read and write
2637000
heap
page read and write
546000
heap
page read and write
2645000
heap
page read and write
2640000
heap
page read and write
29C2000
heap
page read and write
A39000
heap
page read and write
3410000
heap
page read and write
340E000
stack
page read and write
A3E000
heap
page read and write
2637000
heap
page read and write
5842000
heap
page read and write
2648000
heap
page read and write
A3E000
heap
page read and write
C120000
remote allocation
page read and write
262F000
heap
page read and write
23AE000
stack
page read and write
29C7000
heap
page read and write
97F000
heap
page read and write
57E2000
heap
page read and write
A2C000
heap
page read and write
1D90A940000
heap
page read and write
2655000
heap
page read and write
7C7000
unkown
page readonly
348C000
stack
page read and write
9CD000
heap
page read and write
72D000
unkown
page readonly
There are 614 hidden memdumps, click here to show them.