IOC Report
file.exe

FilesProcessesURLsIPsRegistryMemdumps2015105010010Label

Files

File Path
Type
Category
Malicious
Download
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\ProgramData\OfficeTrackerNMP2663\OfficeTrackerNMP2663.exe
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\MaxLoonaFest2663\MaxLoonaFest2663.exe
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\FANBooster2663.exe.log
ASCII text, with CRLF line terminators
modified
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MaxLoonaFest2663.exe.log
ASCII text, with CRLF line terminators
modified
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\OfficeTrackerNMP2663.exe.log
ASCII text, with CRLF line terminators
modified
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
modified
C:\Users\user\AppData\Local\Temp\FANBooster2663\FANBooster2663.exe
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0glaokhr.30r.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1aga23cs.pjf.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1w2sfdkc.gvm.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_23dmljal.dbl.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2br1ukrl.ql3.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4czbpl1u.2fz.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4va2ro5t.2u3.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4xa0om4w.eht.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_51zdcgil.0tq.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5dg45pi2.dqz.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_a3wj4rmo.al5.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bhaabn42.5b1.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_buaxntsg.43e.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ejlvv503.usn.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ew2cj0xd.2sr.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ezjmxwhs.sgc.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_iitlzu0l.ofp.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_j01zpbfn.p5i.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jefzcpkj.wpv.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jo2jmpcw.zcy.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jyiygxxj.55e.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_khvhtcyk.5nn.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kofrvwje.dxu.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kpdeefvc.dfg.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l0ncuatr.hkn.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l1qz2ehr.xql.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l2nuatuv.acq.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mcvmaxwy.aop.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mtmva3vi.oyv.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_n0bprkgz.ydw.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_o4csvh0y.njf.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_omuvxrkx.zsq.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pcbnlsf2.p3o.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_peuj2bi2.f2v.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rj4eeeug.nxd.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rju0ouis.pic.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ru0xvhov.bae.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sfsvdss3.rjc.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_svfl5xqn.l1d.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uqnejpd4.jp2.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uv1knh4j.m1m.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_widja2cw.1b0.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wj2xl5vs.zfn.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wv4nlc3s.hs0.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xwuim123.fzn.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_za55xzna.hea.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zfhyf0zw.emd.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zxze2yic.s2k.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\rise2663M9Asphalt.tmp
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FANBooster2663.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Archive, ctime=Sat Sep 21 14:33:26 2024, mtime=Sat Sep 21 14:33:26 2024, atime=Sat Dec 7 08:10:47 2019, length=65440, window=hide
dropped
\Device\ConDrv
ASCII text, with CRLF line terminators
dropped
There are 49 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
 malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell" Get-MpPreference -verbose
 malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableArchiveScanning $true
 malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableBlockAtFirstSeen $true
 malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisablePrivacyMode $true
 malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableScriptScanning $true
 malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -HighThreatDefaultAction 6 -Force
 malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -LowThreatDefaultAction 6
 malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -MAPSReporting 0
 malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -ModerateThreatDefaultAction 6
 malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -SevereThreatDefaultAction 6
 malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -SignatureDisableUpdateOnStartupWithoutEngine $true
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -SubmitSamplesConsent 2
 malicious
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c schtasks /create /f /RU "user" /tr "C:\ProgramData\OfficeTrackerNMP2663\OfficeTrackerNMP2663.exe" /tn "OfficeTrackerNMP2663 HR" /sc HOURLY /rl HIGHEST
malicious
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "user" /tr "C:\ProgramData\OfficeTrackerNMP2663\OfficeTrackerNMP2663.exe" /tn "OfficeTrackerNMP2663 HR" /sc HOURLY /rl HIGHEST
malicious
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c schtasks /create /f /RU "user" /tr "C:\ProgramData\OfficeTrackerNMP2663\OfficeTrackerNMP2663.exe" /tn "OfficeTrackerNMP2663 LG" /sc ONLOGON /rl HIGHEST
malicious
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "user" /tr "C:\ProgramData\OfficeTrackerNMP2663\OfficeTrackerNMP2663.exe" /tn "OfficeTrackerNMP2663 LG" /sc ONLOGON /rl HIGHEST
malicious
C:\ProgramData\OfficeTrackerNMP2663\OfficeTrackerNMP2663.exe
C:\ProgramData\OfficeTrackerNMP2663\OfficeTrackerNMP2663.exe
 malicious
C:\ProgramData\OfficeTrackerNMP2663\OfficeTrackerNMP2663.exe
C:\ProgramData\OfficeTrackerNMP2663\OfficeTrackerNMP2663.exe
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\user\AppData\Local\MaxLoonaFest2663\MaxLoonaFest2663.exe
"C:\Users\user\AppData\Local\MaxLoonaFest2663\MaxLoonaFest2663.exe"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\user\AppData\Local\MaxLoonaFest2663\MaxLoonaFest2663.exe
"C:\Users\user\AppData\Local\MaxLoonaFest2663\MaxLoonaFest2663.exe"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\user\AppData\Local\Temp\FANBooster2663\FANBooster2663.exe
"C:\Users\user\AppData\Local\Temp\FANBooster2663\FANBooster2663.exe"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 31 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://nuget.org/NuGet.exe
unknown
http://pesterbdd.com/images/Pester.png
unknown
https://ipinfo.io/
unknown
http://schemas.xmlsoap.org/soap/encoding/
unknown
https://aka.ms/pscore6lB
unknown
https://api.myip.com/
unknown
http://www.apache.org/licenses/LICENSE-2.0.html
unknown
https://ion=v4.5
unknown
https://www.maxmind.com/en/locate-my-ip-address
unknown
https://api64.ipify.org/?format=json
unknown
http://schemas.xmlsoap.org/wsdl/
unknown
https://contoso.com/
unknown
https://nuget.org/nuget.exe
unknown
https://contoso.com/License
unknown
https://discord.com/api/v9/users/
unknown
https://contoso.com/Icon
unknown
https://db-ip.com/demo/home.php?s=
unknown
https://maxmind.com/geoip/v2.1/city/me
unknown
https://t.me/RiseProSUPPORT
unknown
https://ipinfo.io/widget/demo/
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://go.L
unknown
https://github.com/Pester/Pester
unknown
https://maxmind.com/geoip/v2.1/city/me/https://www.maxmind.com/en/locate-my-ip-address
unknown
There are 14 hidden URLs, click here to show them.

IPs

IP
Domain
Country
Malicious
118.194.235.187
unknown
China
malicious

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender
DisableRoutinelyTakingAction
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableRealtimeMonitoring
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableIOAVProtection
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableRawWriteNotification
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
TamperProtection
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MaxLoonaFest2663

Memdumps

Base Address
Regiontype
Protect
Malicious
Download
2BF5000
trusted library allocation
page read and write
 malicious
9392000
trusted library allocation
page read and write
4BFE000
stack
page read and write
61AB000
trusted library allocation
page read and write
11E0000
trusted library allocation
page read and write
7B20000
trusted library allocation
page read and write
5B9B000
stack
page read and write
384F000
stack
page read and write
2D4B000
trusted library allocation
page execute and read and write
558A000
stack
page read and write
5199000
trusted library allocation
page read and write
50DD000
stack
page read and write
BBC000
stack
page read and write
891E000
heap
page read and write
8DCE000
stack
page read and write
7B30000
trusted library allocation
page execute and read and write
757A000
stack
page read and write
10BD000
trusted library allocation
page execute and read and write
8912000
heap
page read and write
EC5000
trusted library allocation
page execute and read and write
F76000
heap
page read and write
78EF000
stack
page read and write
CC9000
heap
page read and write
5180000
trusted library section
page read and write
5810000
heap
page read and write
4F8B000
stack
page read and write
12F3000
trusted library allocation
page execute and read and write
5140000
trusted library allocation
page read and write
CD6000
heap
page read and write
2A20000
heap
page read and write
C66000
heap
page read and write
4F1D000
stack
page read and write
8900000
heap
page read and write
3340000
heap
page read and write
56F0000
heap
page execute and read and write
75BE000
stack
page read and write
79CE000
heap
page read and write
64FE000
stack
page read and write
33FB000
heap
page read and write
11F2000
heap
page read and write
1050000
heap
page read and write
8D80000
trusted library allocation
page execute and read and write
D01000
heap
page read and write
10B4000
trusted library allocation
page read and write
4D2E000
stack
page read and write
3673000
trusted library allocation
page execute and read and write
11E7000
trusted library allocation
page execute and read and write
F3B000
heap
page read and write
799F000
heap
page read and write
7B2D000
trusted library allocation
page read and write
1360000
heap
page read and write
AF9000
stack
page read and write
63EE000
stack
page read and write
EB2000
trusted library allocation
page read and write
11ED000
heap
page read and write
BDD000
trusted library allocation
page execute and read and write
EAD000
trusted library allocation
page execute and read and write
E90000
trusted library allocation
page read and write
8EBD000
stack
page read and write
EAA000
trusted library allocation
page read and write
8926000
heap
page read and write
10C0000
trusted library allocation
page read and write
1320000
trusted library allocation
page read and write
8830000
heap
page read and write
68F0000
heap
page read and write
2C50000
heap
page execute and read and write
7CF0000
trusted library allocation
page read and write
7CD0000
trusted library allocation
page read and write
2CF0000
trusted library allocation
page execute and read and write
E70000
trusted library allocation
page execute and read and write
BC0000
trusted library allocation
page read and write
5110000
heap
page execute and read and write
782E000
stack
page read and write
E90000
trusted library allocation
page read and write
139E000
stack
page read and write
107E000
stack
page read and write
1206000
heap
page read and write
6270000
trusted library allocation
page read and write
10C0000
heap
page read and write
4D70000
heap
page readonly
EBA000
trusted library allocation
page execute and read and write
9D5000
unkown
page readonly
287F000
stack
page read and write
568A000
stack
page read and write
1090000
trusted library allocation
page execute and read and write
ECB000
trusted library allocation
page execute and read and write
155F000
stack
page read and write
6CFA000
stack
page read and write
CF8000
stack
page read and write
32D000
stack
page read and write
5118000
trusted library allocation
page read and write
2881000
trusted library allocation
page read and write
1050000
heap
page read and write
367D000
trusted library allocation
page execute and read and write
2DAE000
stack
page read and write
74FE000
stack
page read and write
7900000
trusted library allocation
page read and write
870000
unkown
page read and write
ED0000
heap
page read and write
69B8000
heap
page read and write
5C9F000
stack
page read and write
95C000
stack
page read and write
7EEE8000
trusted library allocation
page execute and read and write
2C4E000
stack
page read and write
3B31000
trusted library allocation
page read and write
116E000
stack
page read and write
2A70000
trusted library allocation
page read and write
50E8000
trusted library allocation
page read and write
89FA000
heap
page read and write
500E000
stack
page read and write
7C9D000
stack
page read and write
BD3000
trusted library allocation
page execute and read and write
2A60000
trusted library allocation
page read and write
EA3000
trusted library allocation
page execute and read and write
79BE000
heap
page read and write
3850000
heap
page read and write
7927000
heap
page read and write
75C000
stack
page read and write
7F0C0000
trusted library allocation
page execute and read and write
3660000
trusted library allocation
page read and write
7A31000
heap
page read and write
733E000
stack
page read and write
62D7000
trusted library allocation
page read and write
116F000
stack
page read and write
365C000
heap
page read and write
1106000
heap
page read and write
108F000
stack
page read and write
D3E000
stack
page read and write
3408000
heap
page read and write
78F0000
heap
page execute and read and write
5B37000
trusted library allocation
page read and write
2A5D000
stack
page read and write
CC3000
heap
page read and write
E2E000
stack
page read and write
6A00000
heap
page read and write
5F2000
unkown
page readonly
1394000
heap
page read and write
743E000
stack
page read and write
5A9A000
stack
page read and write
F80000
heap
page read and write
7D10000
trusted library allocation
page read and write
FDF000
stack
page read and write
33D0000
heap
page read and write
7944000
heap
page read and write
10F9000
heap
page read and write
78AE000
stack
page read and write
898C000
heap
page read and write
50E0000
trusted library allocation
page read and write
10D0000
heap
page read and write
2BC1000
trusted library allocation
page read and write
891A000
heap
page read and write
1040000
heap
page read and write
74BE000
stack
page read and write
691D000
heap
page read and write
1200000
trusted library allocation
page read and write
870000
unkown
page write copy
4E9E000
stack
page read and write
1350000
heap
page execute and read and write
124E000
stack
page read and write
2B2F000
stack
page read and write
7CE0000
trusted library allocation
page read and write
3680000
trusted library allocation
page read and write
F06000
heap
page read and write
2DEF000
stack
page read and write
100A000
heap
page read and write
11E0000
heap
page read and write
599E000
stack
page read and write
103E000
stack
page read and write
132B000
trusted library allocation
page execute and read and write
11CF000
stack
page read and write
3674000
heap
page read and write
1340000
trusted library allocation
page read and write
36C9000
heap
page read and write
348E000
unkown
page read and write
C6D000
stack
page read and write
882E000
stack
page read and write
4F40000
heap
page read and write
4C5E000
stack
page read and write
2EF7000
stack
page read and write
3390000
heap
page read and write
4FDE000
stack
page read and write
5120000
trusted library allocation
page execute and read and write
1368000
heap
page read and write
390000
heap
page read and write
88C0000
trusted library allocation
page read and write
10D7000
heap
page read and write
34CE000
stack
page read and write
F3E000
stack
page read and write
36A0000
trusted library allocation
page read and write
7935000
heap
page read and write
3881000
trusted library allocation
page read and write
EC7000
trusted library allocation
page execute and read and write
3530000
heap
page read and write
7C5E000
stack
page read and write
8D50000
trusted library allocation
page read and write
11EB000
trusted library allocation
page execute and read and write
1320000
heap
page read and write
1300000
heap
page read and write
5250000
heap
page read and write
F10000
heap
page read and write
79C6000
heap
page read and write
841000
unkown
page execute read
636E000
stack
page read and write
33D8000
heap
page read and write
890E000
heap
page read and write
2D00000
heap
page read and write
2D13000
trusted library allocation
page execute and read and write
F30000
heap
page read and write
5296000
trusted library allocation
page read and write
2AFC000
heap
page read and write
1382000
heap
page read and write
3D11000
trusted library allocation
page read and write
2EBC000
stack
page read and write
2B31000
trusted library allocation
page read and write
6141000
trusted library allocation
page read and write
7680000
heap
page read and write
8BE0000
trusted library allocation
page read and write
795000
heap
page read and write
574C000
trusted library allocation
page read and write
7D60000
trusted library allocation
page read and write
8B40000
trusted library allocation
page execute and read and write
4DC000
remote allocation
page execute read
3FA1000
trusted library allocation
page read and write
50B0000
heap
page execute and read and write
56A7000
trusted library allocation
page read and write
88D2000
trusted library allocation
page read and write
865000
unkown
page readonly
C53000
heap
page read and write
E94000
trusted library allocation
page read and write
EDB000
trusted library allocation
page execute and read and write
7E0000
heap
page read and write
62A0000
trusted library allocation
page execute and read and write
79B3000
heap
page read and write
F60000
heap
page read and write
6149000
trusted library allocation
page read and write
7042F000
unkown
page readonly
70426000
unkown
page readonly
79A000
stack
page read and write
5766000
trusted library allocation
page read and write
323D000
stack
page read and write
3670000
trusted library allocation
page read and write
C0E000
stack
page read and write
2C4D000
stack
page read and write
12F4000
trusted library allocation
page read and write
66AE000
stack
page read and write
71FA000
stack
page read and write
4E4E000
stack
page read and write
7C1E000
stack
page read and write
753E000
stack
page read and write
3650000
heap
page read and write
2E90000
heap
page execute and read and write
F7A000
heap
page read and write
2F9F000
stack
page read and write
70411000
unkown
page execute read
330E000
stack
page read and write
5611000
trusted library allocation
page read and write
6EFA000
stack
page read and write
538000
remote allocation
page execute and read and write
10F2000
heap
page read and write
9C0000
heap
page read and write
25AE000
stack
page read and write
EFA000
stack
page read and write
11D8000
heap
page read and write
EF0000
trusted library allocation
page execute and read and write
10FE000
stack
page read and write
591B000
stack
page read and write
6A10000
heap
page read and write
2CB1000
trusted library allocation
page read and write
D7F000
stack
page read and write
8780000
trusted library allocation
page read and write
2C0F000
stack
page read and write
C0B000
trusted library allocation
page execute and read and write
12E0000
trusted library allocation
page read and write
88F0000
heap
page read and write
50E4000
trusted library allocation
page read and write
EAD000
trusted library allocation
page execute and read and write
4D5D000
stack
page read and write
10ED000
heap
page read and write
5141000
trusted library allocation
page read and write
2D60000
trusted library allocation
page read and write
11D0000
heap
page read and write
E30000
heap
page read and write
7EED0000
trusted library allocation
page execute and read and write
333D000
stack
page read and write
1327000
trusted library allocation
page execute and read and write
2A1F000
unkown
page read and write
338F000
stack
page read and write
7D40000
trusted library allocation
page read and write
E93000
trusted library allocation
page execute and read and write
79BB000
heap
page read and write
4EDE000
stack
page read and write
54E0000
heap
page execute and read and write
10C4000
trusted library allocation
page read and write
136F000
stack
page read and write
CA0000
heap
page read and write
F7E000
heap
page read and write
2CA0000
heap
page read and write
88B0000
trusted library allocation
page read and write
C60000
heap
page read and write
51A0000
trusted library allocation
page read and write
6984000
heap
page read and write
6430000
heap
page read and write
EF9000
stack
page read and write
EB0000
trusted library allocation
page read and write
D90000
heap
page read and write
402000
remote allocation
page execute read
5190000
trusted library allocation
page read and write
B9E000
stack
page read and write
790000
heap
page read and write
EC2000
trusted library allocation
page read and write
4D4E000
stack
page read and write
79F6000
heap
page read and write
BE0000
trusted library allocation
page read and write
3E0000
heap
page read and write
9D5000
unkown
page readonly
5AD3000
trusted library allocation
page read and write
8922000
heap
page read and write
4EA0000
heap
page execute and read and write
5100000
heap
page execute and read and write
840000
unkown
page readonly
6934000
heap
page read and write
2D11000
trusted library allocation
page read and write
51B0000
trusted library allocation
page execute and read and write
8770000
trusted library allocation
page execute and read and write
70FA000
stack
page read and write
5776000
trusted library allocation
page read and write
50FB000
stack
page read and write
1350000
heap
page read and write
2F70000
heap
page read and write
36A2000
trusted library allocation
page read and write
88A0000
trusted library allocation
page read and write
ED7000
trusted library allocation
page execute and read and write
C37000
heap
page read and write
4DE0000
trusted library allocation
page execute and read and write
2B13000
heap
page read and write
D6D000
stack
page read and write
767A000
stack
page read and write
E80000
trusted library allocation
page read and write
7CB0000
trusted library allocation
page execute and read and write
6DFA000
stack
page read and write
2BF0000
heap
page read and write
2D20000
trusted library allocation
page read and write
5B70000
trusted library allocation
page read and write
109E000
stack
page read and write
3448000
heap
page read and write
8D53000
trusted library allocation
page read and write
4D6E000
stack
page read and write
8BCE000
stack
page read and write
E9D000
trusted library allocation
page execute and read and write
2BBE000
stack
page read and write
11A0000
heap
page read and write
13A0000
heap
page read and write
36CB000
heap
page read and write
7B8A000
trusted library allocation
page read and write
1014000
heap
page read and write
7D50000
trusted library allocation
page read and write
C90000
trusted library allocation
page read and write
8916000
heap
page read and write
8760000
heap
page read and write
E9F000
stack
page read and write
7042D000
unkown
page read and write
2D47000
trusted library allocation
page execute and read and write
4E17000
heap
page read and write
F7E000
stack
page read and write
4CE0000
trusted library allocation
page read and write
2D00000
trusted library allocation
page read and write
555F000
stack
page read and write
51DE000
stack
page read and write
C4E000
stack
page read and write
841000
unkown
page execute read
12FE000
stack
page read and write
25C0000
heap
page read and write
516A000
trusted library allocation
page read and write
5130000
heap
page execute and read and write
4E4E000
stack
page read and write
DC0000
heap
page read and write
2D14000
trusted library allocation
page read and write
6630000
heap
page read and write
4E5C000
stack
page read and write
653E000
stack
page read and write
2AB0000
heap
page read and write
3BC1000
trusted library allocation
page read and write
7D00000
trusted library allocation
page read and write
799D000
heap
page read and write
7920000
heap
page read and write
11F9000
heap
page read and write
2FFE000
unkown
page read and write
E80000
heap
page execute and read and write
10B3000
trusted library allocation
page execute and read and write
B5E000
stack
page read and write
2AA0000
trusted library allocation
page read and write
79EB000
heap
page read and write
A10000
heap
page read and write
D95000
heap
page read and write
F00000
heap
page read and write
62E8000
trusted library allocation
page read and write
68EE000
stack
page read and write
7D70000
trusted library allocation
page read and write
A40000
heap
page read and write
52CF000
stack
page read and write
545E000
stack
page read and write
52DF000
stack
page read and write
1170000
heap
page read and write
2960000
heap
page execute and read and write
87ED000
stack
page read and write
7D80000
trusted library allocation
page read and write
7D30000
trusted library allocation
page read and write
1388000
heap
page read and write
69C000
stack
page read and write
69A000
remote allocation
page execute and read and write
3159000
trusted library allocation
page read and write
4DDC000
stack
page read and write
7B2B000
trusted library allocation
page read and write
8BD0000
trusted library allocation
page read and write
1250000
trusted library allocation
page execute and read and write
7D0000
heap
page read and write
5130000
trusted library allocation
page read and write
4E10000
heap
page read and write
2B13000
heap
page read and write
137D000
heap
page read and write
10BE000
stack
page read and write
8B8E000
stack
page read and write
89E3000
heap
page read and write
570E000
stack
page read and write
F20000
heap
page read and write
400000
remote allocation
page execute and read and write
7B80000
trusted library allocation
page read and write
BD4000
trusted library allocation
page read and write
12FD000
trusted library allocation
page execute and read and write
2FA1000
trusted library allocation
page read and write
79D4000
heap
page read and write
E20000
direct allocation
page execute and read and write
F70000
heap
page read and write
4DF0000
trusted library allocation
page read and write
5110000
trusted library allocation
page read and write
56A1000
trusted library allocation
page read and write
2C60000
trusted library allocation
page read and write
795E000
heap
page read and write
840000
unkown
page readonly
3310000
heap
page read and write
3DE000
unkown
page read and write
2DB0000
trusted library allocation
page execute and read and write
560F000
trusted library allocation
page read and write
7CA0000
trusted library allocation
page read and write
10A0000
trusted library allocation
page read and write
3CB1000
trusted library allocation
page read and write
363F000
unkown
page read and write
8D40000
trusted library allocation
page read and write
69AF000
heap
page read and write
67AE000
stack
page read and write
2E70000
trusted library allocation
page read and write
4C2E000
stack
page read and write
D03000
heap
page read and write
5170000
trusted library allocation
page execute and read and write
EC0000
heap
page read and write
9D0000
heap
page read and write
5AF3000
trusted library allocation
page read and write
BE4000
trusted library allocation
page read and write
EB4000
trusted library allocation
page read and write
1300000
trusted library allocation
page read and write
EE0000
trusted library allocation
page read and write
62F7000
trusted library allocation
page read and write
106C000
stack
page read and write
72FA000
stack
page read and write
7B87000
trusted library allocation
page read and write
BB0000
heap
page read and write
4FCE000
stack
page read and write
89D7000
heap
page read and write
865000
unkown
page readonly
116A000
stack
page read and write
2B11000
heap
page read and write
E1E000
stack
page read and write
4A5D000
stack
page read and write
EA3000
trusted library allocation
page read and write
3674000
trusted library allocation
page read and write
7CC0000
trusted library allocation
page read and write
792B000
heap
page read and write
256D000
stack
page read and write
2FBE000
unkown
page read and write
2A90000
trusted library allocation
page read and write
3370000
heap
page read and write
7B90000
trusted library allocation
page read and write
CA8000
heap
page read and write
3345000
heap
page read and write
2A1A000
stack
page read and write
894C000
heap
page read and write
5310000
heap
page execute and read and write
62EE000
trusted library allocation
page read and write
A00000
heap
page read and write
5F0000
unkown
page readonly
E6E000
stack
page read and write
509D000
stack
page read and write
1040000
heap
page read and write
1060000
heap
page read and write
495D000
stack
page read and write
5150000
trusted library allocation
page read and write
6169000
trusted library allocation
page read and write
5160000
trusted library allocation
page read and write
36C0000
heap
page read and write
C07000
trusted library allocation
page execute and read and write
2D40000
trusted library allocation
page read and write
63AE000
stack
page read and write
1320000
heap
page read and write
7B7E000
stack
page read and write
34D0000
heap
page read and write
580A000
stack
page read and write
DD0000
heap
page read and write
7D20000
trusted library allocation
page read and write
763D000
stack
page read and write
3690000
trusted library allocation
page read and write
4D88000
trusted library allocation
page read and write
548E000
stack
page read and write
EA4000
trusted library allocation
page read and write
3950000
heap
page read and write
C30000
heap
page read and write
7BDE000
stack
page read and write
1304000
trusted library allocation
page read and write
50B5000
heap
page execute and read and write
1260000
heap
page read and write
3689000
trusted library allocation
page read and write
1177000
heap
page read and write
2A80000
heap
page execute and read and write
2AF0000
heap
page read and write
142F000
stack
page read and write
2D24000
trusted library allocation
page read and write
36A5000
trusted library allocation
page execute and read and write
EB6000
trusted library allocation
page execute and read and write
5139000
trusted library allocation
page read and write
2DC0000
heap
page read and write
10A0000
trusted library allocation
page read and write
5FE000
unkown
page readonly
786E000
stack
page read and write
79D2000
heap
page read and write
51CE000
stack
page read and write
2D1D000
trusted library allocation
page execute and read and write
887E000
stack
page read and write
12AE000
stack
page read and write
BFC000
stack
page read and write
3675000
heap
page read and write
2910000
heap
page read and write
70410000
unkown
page readonly
75FE000
stack
page read and write
1110000
heap
page read and write
6947000
heap
page read and write
799B000
heap
page read and write
There are 535 hidden memdumps, click here to show them.