IOC Report
#U8f6f#U4ef6#U5305#U5b89#U88c5#U7a0b#U5e8f_1.0.4.exe

loading gif

Files

File Path
Type
Category
Malicious
#U8f6f#U4ef6#U5305#U5b89#U88c5#U7a0b#U5e8f_1.0.4.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Temp\is-0LRJ5.tmp\#U8f6f#U4ef6#U5305#U5b89#U88c5#U7a0b#U5e8f_1.0.4.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\is-VOKMN.tmp\#U8f6f#U4ef6#U5305#U5b89#U88c5#U7a0b#U5e8f_1.0.4.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Program Files (x86)\Windows NT\7zr.exe
PE32 executable (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Windows NT\file.bin (copy)
data
dropped
C:\Program Files (x86)\Windows NT\is-7F262.tmp
PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
dropped
C:\Program Files (x86)\Windows NT\is-G3Q97.tmp
data
dropped
C:\Program Files (x86)\Windows NT\locale.bin
data
dropped
C:\Program Files (x86)\Windows NT\locale.dat
7-zip archive data, version 0.4
dropped
C:\Program Files (x86)\Windows NT\locale2.bin
data
dropped
C:\Program Files (x86)\Windows NT\locale2.dat
7-zip archive data, version 0.4
dropped
C:\Program Files (x86)\Windows NT\locale3.bin
data
dropped
C:\Program Files (x86)\Windows NT\locale3.dat
7-zip archive data, version 0.4
dropped
C:\Program Files (x86)\Windows NT\locale4.bin
data
dropped
C:\Program Files (x86)\Windows NT\locale4.dat
7-zip archive data, version 0.4
dropped
C:\Program Files (x86)\Windows NT\locale7.bin
data
dropped
C:\Program Files (x86)\Windows NT\locale7.dat
7-zip archive data, version 0.4
dropped
C:\Program Files (x86)\Windows NT\res.dat
7-zip archive data, version 0.4
dropped
C:\Program Files (x86)\Windows NT\tProtect.dll
PE32+ executable (native) x86-64, for MS Windows
dropped
C:\Program Files (x86)\Windows NT\task.xml
data
dropped
C:\Program Files (x86)\Windows NT\trash (copy)
PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
dropped
C:\Program Files (x86)\Windows NT\updat4.vac
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3xlrotyl.asi.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_epzcupzj.g4d.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_usc54tp5.20u.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wwr22fqg.bme.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\is-0UFV8.tmp\_isetup\_setup64.tmp
PE32+ executable (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\is-0UFV8.tmp\update.vac
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\is-ONGLN.tmp\_isetup\_setup64.tmp
PE32+ executable (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\is-ONGLN.tmp\update.vac
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
\Device\ConDrv
ASCII text, with CRLF, CR line terminators
dropped
There are 22 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\#U8f6f#U4ef6#U5305#U5b89#U88c5#U7a0b#U5e8f_1.0.4.exe
"C:\Users\user\Desktop\#U8f6f#U4ef6#U5305#U5b89#U88c5#U7a0b#U5e8f_1.0.4.exe"
malicious
C:\Users\user\AppData\Local\Temp\is-0LRJ5.tmp\#U8f6f#U4ef6#U5305#U5b89#U88c5#U7a0b#U5e8f_1.0.4.tmp
"C:\Users\user\AppData\Local\Temp\is-0LRJ5.tmp\#U8f6f#U4ef6#U5305#U5b89#U88c5#U7a0b#U5e8f_1.0.4.tmp" /SL5="$2043A,4740332,845824,C:\Users\user\Desktop\#U8f6f#U4ef6#U5305#U5b89#U88c5#U7a0b#U5e8f_1.0.4.exe"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" -Command "Add-MpPreference -ExclusionPath 'C:\'"
malicious
C:\Users\user\Desktop\#U8f6f#U4ef6#U5305#U5b89#U88c5#U7a0b#U5e8f_1.0.4.exe
"C:\Users\user\Desktop\#U8f6f#U4ef6#U5305#U5b89#U88c5#U7a0b#U5e8f_1.0.4.exe" /VERYSILENT
malicious
C:\Users\user\AppData\Local\Temp\is-VOKMN.tmp\#U8f6f#U4ef6#U5305#U5b89#U88c5#U7a0b#U5e8f_1.0.4.tmp
"C:\Users\user\AppData\Local\Temp\is-VOKMN.tmp\#U8f6f#U4ef6#U5305#U5b89#U88c5#U7a0b#U5e8f_1.0.4.tmp" /SL5="$4043E,4740332,845824,C:\Users\user\Desktop\#U8f6f#U4ef6#U5305#U5b89#U88c5#U7a0b#U5e8f_1.0.4.exe" /VERYSILENT
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
C:\Windows\System32\cmd.exe
cmd /c start sc create CleverSoar displayname= CleverSoar binPath= "C:\Program Files (x86)\Windows NT\tProtect.dll" type= kernel start= auto
C:\Windows\System32\sc.exe
sc create CleverSoar displayname= CleverSoar binPath= "C:\Program Files (x86)\Windows NT\tProtect.dll" type= kernel start= auto
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Program Files (x86)\Windows NT\7zr.exe
7zr.exe x -y res.dat -pad8dtyw9eyfd9aslyd9iald
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Program Files (x86)\Windows NT\7zr.exe
7zr.exe x -y locale3.dat -pasfasdf79yf9layslofs
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
There are 101 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://aria2.github.io/Usage:
unknown
https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
unknown
https://github.com/aria2/aria2/issuesReport
unknown
http://www.metalinker.org/
unknown
https://www.remobjects.com/ps
unknown
https://aria2.github.io/
unknown
https://github.com/aria2/aria2/issues
unknown
https://www.innosetup.com/
unknown
http://www.metalinker.org/basic_string::_M_construct
unknown

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Owner
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
SessionHash
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Sequence
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Owner
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
SessionHash
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Sequence
HKEY_CURRENT_USER\SOFTWARE\Magisk
ring3_username

Memdumps

Base Address
Regiontype
Protect
Malicious
B3C607F000
stack
page read and write
10AF000
stack
page read and write
1C187230000
heap
page read and write
24E9000
direct allocation
page read and write
14B876D0000
heap
page read and write
1810000
direct allocation
page read and write
844A3FF000
stack
page read and write
18B6000
direct allocation
page read and write
3DC2000
direct allocation
page read and write
277DAAC0000
heap
page read and write
1DB9CFE000
stack
page read and write
D27000
unkown
page readonly
252FAAD0000
heap
page read and write
22C66410000
heap
page read and write
2A60000
direct allocation
page read and write
35C0000
direct allocation
page read and write
44B000
unkown
page readonly
4980000
trusted library allocation
page read and write
4986000
trusted library allocation
page read and write
2C930480000
heap
page read and write
277DA7A0000
heap
page read and write
2C930660000
heap
page read and write
35F3000
heap
page read and write
1941000
direct allocation
page read and write
1DA63770000
heap
page read and write
12EF000
stack
page read and write
1840000
direct allocation
page read and write
FB8000
stack
page read and write
216F4CA0000
heap
page read and write
E07ECFE000
stack
page read and write
131F000
stack
page read and write
3290000
trusted library allocation
page read and write
211D6DB0000
heap
page read and write
9D16BDF000
stack
page read and write
CDD000
heap
page read and write
28F78578000
heap
page read and write
3143000
heap
page read and write
28F78740000
heap
page read and write
188C0A50000
heap
page read and write
8EC000
stack
page read and write
385EBDD000
stack
page read and write
640557F000
stack
page read and write
ACE000
stack
page read and write
215515E5000
heap
page read and write
18EB000
direct allocation
page read and write
EFD567F000
stack
page read and write
6CB61000
unkown
page read and write
2B11000
heap
page read and write
21551220000
heap
page read and write
216F4CA5000
heap
page read and write
80BD97E000
stack
page read and write
2C5B000
direct allocation
page read and write
211D71B0000
heap
page read and write
121E000
stack
page read and write
381000
unkown
page execute read
1415000
heap
page read and write
29A89C00000
heap
page read and write
2BA6000
heap
page read and write
26BE000
heap
page read and write
3452C7E000
stack
page read and write
8449FBD000
stack
page read and write
CBD000
unkown
page read and write
14B876E0000
heap
page read and write
2AC9000
heap
page read and write
180F000
stack
page read and write
89CFB7D000
stack
page read and write
27278738000
heap
page read and write
B10000
heap
page read and write
250F000
direct allocation
page read and write
960000
heap
page read and write
2858FF40000
heap
page read and write
1823000
direct allocation
page read and write
2CE5A690000
heap
page read and write
E07E9EC000
stack
page read and write
27574908000
heap
page read and write
36C0000
direct allocation
page read and write
2FD1000
direct allocation
page read and write
1969000
heap
page read and write
240000
unkown
page readonly
188C0A55000
heap
page read and write
2576000
direct allocation
page read and write
3840000
direct allocation
page read and write
8FD000
stack
page read and write
381000
unkown
page execute read
193A000
direct allocation
page read and write
1F87B080000
heap
page read and write
21A124B0000
heap
page read and write
22389735000
heap
page read and write
2CE5A765000
heap
page read and write
7F630000
direct allocation
page read and write
A7E000
stack
page read and write
22C66390000
heap
page read and write
CD0000
heap
page read and write
2FB4000
direct allocation
page read and write
26946560000
heap
page read and write
2F54000
direct allocation
page read and write
247EE7D0000
heap
page read and write
380000
unkown
page readonly
F80000
unkown
page write copy
4840000
trusted library allocation
page read and write
78CD6FE000
stack
page read and write
2CEA000
direct allocation
page read and write
24A8000
direct allocation
page read and write
29A89CF8000
heap
page read and write
22C80740000
heap
page read and write
1F94AB60000
heap
page read and write
120D2510000
heap
page read and write
89CFE7E000
stack
page read and write
26946450000
heap
page read and write
188C0750000
heap
page read and write
7F64B000
direct allocation
page read and write
EBE000
stack
page read and write
2858FCC8000
heap
page read and write
4BDFE7D000
stack
page read and write
2C66000
direct allocation
page read and write
2A9B000
heap
page read and write
42D8000
direct allocation
page read and write
C80000
direct allocation
page execute and read and write
1F779B00000
heap
page read and write
2F19000
direct allocation
page read and write
2F9F000
direct allocation
page read and write
247EE7B0000
heap
page read and write
1831000
direct allocation
page read and write
ED0000
heap
page read and write
3FD3000
direct allocation
page read and write
2E9000
unkown
page write copy
1B73A6B0000
heap
page read and write
14B87995000
heap
page read and write
B56000
heap
page read and write
9D16EFF000
stack
page read and write
CDD000
heap
page read and write
2C93000
direct allocation
page read and write
B54000
heap
page read and write
35B0000
heap
page read and write
2F0B000
direct allocation
page read and write
2C930580000
heap
page read and write
2F04000
direct allocation
page read and write
26946565000
heap
page read and write
277DA900000
heap
page read and write
2CA2000
direct allocation
page read and write
2A9C000
heap
page read and write
2F3F000
direct allocation
page read and write
2C49000
direct allocation
page read and write
CD9000
heap
page read and write
29A89CD0000
heap
page read and write
1965000
heap
page read and write
2FAD000
direct allocation
page read and write
380000
unkown
page readonly
2858FCC0000
heap
page read and write
1850BB68000
heap
page read and write
1F94AC00000
heap
page read and write
497B000
stack
page read and write
2BF7000
direct allocation
page read and write
32D8D7D000
stack
page read and write
14B87750000
heap
page read and write
1C187310000
heap
page read and write
1B73A825000
heap
page read and write
49AB000
trusted library allocation
page read and write
277DA908000
heap
page read and write
442000
unkown
page read and write
2CDC000
direct allocation
page read and write
B5F000
heap
page read and write
259A000
direct allocation
page read and write
2CE3000
direct allocation
page read and write
22C807C5000
heap
page read and write
3FC0000
direct allocation
page read and write
2F27000
direct allocation
page read and write
216F4810000
heap
page read and write
D3186FF000
stack
page read and write
F9077ED000
stack
page read and write
F786A7F000
stack
page read and write
1DA63970000
heap
page read and write
255DB7F0000
heap
page read and write
14B87700000
heap
page read and write
B74000
heap
page read and write
22C66380000
heap
page read and write
1FD0AE50000
heap
page read and write
26946578000
heap
page read and write
3FC0000
direct allocation
page read and write
2AA6000
heap
page read and write
6C8E1000
unkown
page execute read
1F94AC08000
heap
page read and write
35A0000
heap
page read and write
2CE5A598000
heap
page read and write
2BFE000
direct allocation
page read and write
2EE7000
direct allocation
page read and write
251D000
direct allocation
page read and write
1864000
direct allocation
page read and write
381000
unkown
page execute read
194AC070000
heap
page read and write
3E40000
direct allocation
page read and write
8FD000
stack
page read and write
164C000
heap
page read and write
18C5000
direct allocation
page read and write
454D2AD000
stack
page read and write
B879F7E000
stack
page read and write
1B73A6D0000
heap
page read and write
22389440000
heap
page read and write
CAE000
unkown
page read and write
18DB000
direct allocation
page read and write
1610000
heap
page read and write
257D000
direct allocation
page read and write
1916000
direct allocation
page read and write
ED6000
unkown
page execute read
4DAF000
stack
page read and write
F7E000
unkown
page read and write
2BE1000
direct allocation
page read and write
21A12925000
heap
page read and write
6CA96000
unkown
page write copy
BCD9C7F000
stack
page read and write
14C6000
heap
page read and write
2F9000
unkown
page readonly
2F98000
direct allocation
page read and write
499D000
trusted library allocation
page read and write
24CC000
direct allocation
page read and write
357E000
direct allocation
page read and write
4819000
direct allocation
page read and write
1900000
direct allocation
page read and write
4F2E000
stack
page read and write
41AE000
stack
page read and write
D99000
heap
page read and write
12B0000
heap
page read and write
1DA639A5000
heap
page read and write
1F87AC80000
heap
page read and write
24B0000
direct allocation
page read and write
CDA000
heap
page read and write
F363FFE000
unkown
page readonly
2AC9000
heap
page read and write
3460000
direct allocation
page read and write
57918FE000
stack
page read and write
1855000
direct allocation
page read and write
DB7A9BC000
stack
page read and write
3FEF000
direct allocation
page read and write
2BE9000
direct allocation
page read and write
2990000
heap
page read and write
3D69000
direct allocation
page read and write
27574BC5000
heap
page read and write
385EFFE000
stack
page read and write
B18000
heap
page read and write
1899000
direct allocation
page read and write
2CE5A6B0000
heap
page read and write
26BD000
heap
page read and write
1908000
direct allocation
page read and write
3452B7E000
stack
page read and write
4980000
trusted library allocation
page read and write
2499000
direct allocation
page read and write
380000
unkown
page readonly
9D16ADD000
stack
page read and write
44B000
unkown
page readonly
254A000
direct allocation
page read and write
502F000
stack
page read and write
CE0000
heap
page read and write
EFD577F000
stack
page read and write
208B9800000
heap
page read and write
140CBEE000
stack
page read and write
2AB9000
heap
page read and write
2858FDE0000
heap
page read and write
2541000
direct allocation
page read and write
2490000
direct allocation
page read and write
AE0000
heap
page read and write
1F94AA60000
heap
page read and write
120D2200000
heap
page read and write
B13F5BC000
stack
page read and write
487D000
stack
page read and write
42C000
unkown
page readonly
2FD8000
direct allocation
page read and write
2F37000
direct allocation
page read and write
F78671C000
stack
page read and write
1850BD30000
heap
page read and write
3452A7D000
stack
page read and write
2593000
direct allocation
page read and write
2C930560000
heap
page read and write
CC0000
heap
page read and write
27278730000
heap
page read and write
2A90000
heap
page read and write
1850BD50000
heap
page read and write
1FD0ABF0000
heap
page read and write
4EEF000
stack
page read and write
B879E7D000
stack
page read and write
28F78760000
heap
page read and write
120D2120000
heap
page read and write
255DB810000
heap
page read and write
A9946DC000
stack
page read and write
5947A7E000
stack
page read and write
2C38000
direct allocation
page read and write
215511F0000
heap
page read and write
3DC0000
direct allocation
page read and write
6CC4D000
unkown
page readonly
194AC050000
heap
page read and write
D70000
heap
page read and write
211D6ED8000
heap
page read and write
2C05000
direct allocation
page read and write
2CE5A760000
heap
page read and write
930000
heap
page read and write
2C9305E0000
heap
page read and write
188C07A0000
heap
page read and write
256F000
direct allocation
page read and write
1DA63780000
heap
page read and write
A9947DF000
stack
page read and write
499D000
trusted library allocation
page read and write
1F87AD20000
heap
page read and write
15F0000
heap
page read and write
2AB9000
heap
page read and write
1FD0AB10000
heap
page read and write
B53000
heap
page read and write
A80000
heap
page read and write
208B9400000
heap
page read and write
3D8E000
direct allocation
page read and write
44B000
unkown
page readonly
442000
unkown
page write copy
2489000
direct allocation
page read and write
454D3AE000
stack
page read and write
2C28000
direct allocation
page read and write
2C1B000
direct allocation
page read and write
3880000
direct allocation
page read and write
21A12570000
heap
page read and write
1850BEC0000
heap
page read and write
A994AFE000
stack
page read and write
DB7ACFF000
stack
page read and write
2F250FF000
stack
page read and write
211D6EB0000
heap
page read and write
6CB67000
unkown
page execute read
1F779CD8000
heap
page read and write
CD1000
unkown
page execute read
2F6A000
direct allocation
page read and write
29A89CD5000
heap
page read and write
247EEB50000
heap
page read and write
22C66448000
heap
page read and write
247EEB55000
heap
page read and write
1180000
heap
page read and write
2AC9000
heap
page read and write
111F000
stack
page read and write
1DA639A0000
heap
page read and write
FD29FE000
stack
page read and write
1F87AC90000
heap
page read and write
3AF5000
heap
page read and write
2560000
direct allocation
page read and write
F786B7F000
stack
page read and write
2552000
direct allocation
page read and write
2C14000
direct allocation
page read and write
27278830000
heap
page read and write
2680000
heap
page read and write
21A12578000
heap
page read and write
12B8000
heap
page read and write
FD25FD000
stack
page read and write
1872000
direct allocation
page read and write
380000
unkown
page readonly
42C000
unkown
page readonly
489D000
direct allocation
page read and write
194AC090000
heap
page read and write
CD0000
unkown
page readonly
4740000
heap
page read and write
C60000
heap
page read and write
2F24D8D000
stack
page read and write
32D907F000
stack
page read and write
26946530000
heap
page read and write
2ACA000
heap
page read and write
640567E000
stack
page read and write
192C000
direct allocation
page read and write
1960000
heap
page read and write
1FD0AE55000
heap
page read and write
4C6E000
stack
page read and write
BCD9A7D000
stack
page read and write
2880000
direct allocation
page read and write
2CE5A590000
heap
page read and write
103B000
stack
page read and write
4CAE000
stack
page read and write
2F7A000
direct allocation
page read and write
F907BFE000
stack
page read and write
241000
unkown
page execute read
3A90000
direct allocation
page read and write
211D6ED0000
heap
page read and write
CC0000
unkown
page write copy
2E9000
unkown
page read and write
6C8E0000
unkown
page readonly
277DA8A0000
heap
page read and write
DB7ADFE000
stack
page read and write
2CE5A4A0000
heap
page read and write
B49000
heap
page read and write
21551200000
heap
page read and write
35F0000
heap
page read and write
1F779BE0000
heap
page read and write
120D22C0000
heap
page read and write
89CFF7F000
stack
page read and write
26BE000
heap
page read and write
4986000
trusted library allocation
page read and write
261DA940000
heap
page read and write
2C50000
direct allocation
page read and write
18D4000
direct allocation
page read and write
124E000
stack
page read and write
2AB9000
heap
page read and write
C50000
heap
page read and write
29A89C20000
heap
page read and write
190F000
direct allocation
page read and write
C2E000
stack
page read and write
18F9000
direct allocation
page read and write
2B11000
heap
page read and write
208B93F0000
heap
page read and write
4440000
heap
page read and write
24E2000
direct allocation
page read and write
2858FBD0000
heap
page read and write
CC7000
unkown
page readonly
11EF000
stack
page read and write
120D2220000
heap
page read and write
594787D000
stack
page read and write
1B73A5B0000
heap
page read and write
FD28FF000
stack
page read and write
208B9805000
heap
page read and write
26946570000
heap
page read and write
B13F8FE000
stack
page read and write
49A8000
trusted library allocation
page read and write
24FF000
direct allocation
page read and write
1320000
heap
page read and write
2EEE000
direct allocation
page read and write
F907AFE000
stack
page read and write
252FAB50000
heap
page read and write
15CE000
stack
page read and write
22C807D0000
heap
page read and write
78CD3DF000
stack
page read and write
22C66415000
heap
page read and write
216F49C0000
heap
page read and write
C878B7E000
stack
page read and write
EDF000
stack
page read and write
5D6000
stack
page read and write
1410000
heap
page read and write
1F779FB0000
heap
page read and write
2CF1000
direct allocation
page read and write
499D000
trusted library allocation
page read and write
27574880000
heap
page read and write
2C6D000
direct allocation
page read and write
18A0000
direct allocation
page read and write
1850BB40000
heap
page read and write
24BE000
direct allocation
page read and write
44B000
unkown
page readonly
2F89000
direct allocation
page read and write
4980000
trusted library allocation
page read and write
2E90000
heap
page read and write
F7E000
unkown
page write copy
2C9305E5000
heap
page read and write
10EE000
stack
page read and write
24F7000
direct allocation
page read and write
1419000
heap
page read and write
BCD9B7E000
stack
page read and write
261DA758000
heap
page read and write
24C5000
direct allocation
page read and write
1850BEC5000
heap
page read and write
454D6FE000
stack
page read and write
2FBC000
direct allocation
page read and write
2AA7000
heap
page read and write
2C84000
direct allocation
page read and write
1290000
heap
page read and write
B20000
heap
page read and write
B3C617E000
stack
page read and write
184E000
direct allocation
page read and write
3D70000
direct allocation
page read and write
2BA0000
direct allocation
page read and write
1F779FB5000
heap
page read and write
2559000
direct allocation
page read and write
2B0A000
heap
page read and write
261DA920000
heap
page read and write
2568000
direct allocation
page read and write
4741000
heap
page read and write
275748B0000
heap
page read and write
1C1873A0000
heap
page read and write
2F12000
direct allocation
page read and write
CDB85FE000
stack
page read and write
CC5000
unkown
page readonly
1DA63788000
heap
page read and write
F363E7D000
stack
page read and write
D3187FE000
stack
page read and write
9FC000
stack
page read and write
188C07A8000
heap
page read and write
52BF000
stack
page read and write
216F48F0000
heap
page read and write
140CEFF000
stack
page read and write
499A000
trusted library allocation
page read and write
640547C000
stack
page read and write
1839000
direct allocation
page read and write
2F90000
direct allocation
page read and write
CB5000
unkown
page read and write
CB0000
unkown
page read and write
F363F7E000
stack
page read and write
CFD000
stack
page read and write
29A89CF0000
heap
page read and write
22C663B0000
heap
page read and write
11D0000
heap
page read and write
CDD000
heap
page read and write
18AB000
direct allocation
page read and write
216F4910000
heap
page read and write
1C187330000
heap
page read and write
1F87B085000
heap
page read and write
937000
heap
page read and write
F85000
unkown
page read and write
18BD000
direct allocation
page read and write
21A124E0000
heap
page read and write
147E000
stack
page read and write
252FAAB0000
heap
page read and write
CEC000
unkown
page execute read
261DA945000
heap
page read and write
3FD0000
heap
page read and write
516C000
stack
page read and write
255DBBB0000
heap
page read and write
C8C89FF000
stack
page read and write
2B11000
heap
page read and write
E07EDFF000
stack
page read and write
2EB000
unkown
page read and write
AB0000
heap
page read and write
1200000
heap
page read and write
2BC0000
direct allocation
page read and write
57919FF000
stack
page read and write
442000
unkown
page write copy
49AB000
trusted library allocation
page read and write
CE8000
heap
page read and write
1618000
heap
page read and write
579159D000
stack
page read and write
252FA9D0000
heap
page read and write
22389580000
heap
page read and write
2FC3000
direct allocation
page read and write
2F20000
direct allocation
page read and write
B53000
heap
page read and write
252FAE40000
heap
page read and write
18F2000
direct allocation
page read and write
2C8B000
direct allocation
page read and write
D3183AC000
stack
page read and write
1F94AE75000
heap
page read and write
F80000
unkown
page read and write
D60000
heap
page read and write
25A1000
direct allocation
page read and write
3FBF3CF000
stack
page read and write
14C0000
heap
page read and write
F8D000
unkown
page read and write
194AC140000
heap
page read and write
1948000
direct allocation
page read and write
506C000
stack
page read and write
2584000
direct allocation
page read and write
3D9E000
direct allocation
page read and write
2FA6000
direct allocation
page read and write
24D4000
direct allocation
page read and write
2EFC000
direct allocation
page read and write
28F78550000
heap
page read and write
EFD531C000
stack
page read and write
C8C85BD000
stack
page read and write
3FDD000
direct allocation
page read and write
594797F000
stack
page read and write
1924000
direct allocation
page read and write
381000
unkown
page execute read
3C6C000
stack
page read and write
28F787F5000
heap
page read and write
21A124C0000
heap
page read and write
F97000
unkown
page readonly
185D000
direct allocation
page read and write
1C187408000
heap
page read and write
4980000
trusted library allocation
page read and write
2AA1000
heap
page read and write
6CA86000
unkown
page readonly
191D000
direct allocation
page read and write
B7D000
heap
page read and write
2CD4000
direct allocation
page read and write
C878A7D000
stack
page read and write
3740000
direct allocation
page read and write
255DBBB5000
heap
page read and write
37C0000
trusted library allocation
page read and write
255DB898000
heap
page read and write
22389520000
heap
page read and write
208B9420000
heap
page read and write
CAE000
unkown
page write copy
42C000
unkown
page readonly
255DB890000
heap
page read and write
1F779CD0000
heap
page read and write
1F87AD28000
heap
page read and write
35B0000
direct allocation
page read and write
215515E0000
heap
page read and write
3D79000
direct allocation
page read and write
B13F9FE000
stack
page read and write
3FBF2CC000
stack
page read and write
2ED1000
direct allocation
page read and write
28F787F0000
heap
page read and write
A01000
unkown
page execute read
253A000
direct allocation
page read and write
2C9B000
direct allocation
page read and write
211D6E90000
heap
page read and write
215512A0000
heap
page read and write
2F251FF000
stack
page read and write
2A9D000
heap
page read and write
5FC000
stack
page read and write
1C1873A5000
heap
page read and write
27574890000
heap
page read and write
2FCA000
direct allocation
page read and write
3140000
heap
page read and write
24A1000
direct allocation
page read and write
2EB9000
direct allocation
page read and write
3C2F000
stack
page read and write
F4D000
unkown
page execute read
936000
heap
page read and write
442000
unkown
page read and write
844A2FE000
stack
page read and write
208B9468000
heap
page read and write
3D84000
direct allocation
page read and write
24B7000
direct allocation
page read and write
2CB8000
direct allocation
page read and write
473F000
stack
page read and write
C8C88FE000
stack
page read and write
216F49C8000
heap
page read and write
26BF000
heap
page read and write
21A12920000
heap
page read and write
B61000
heap
page read and write
2A95000
heap
page read and write
F7B000
unkown
page execute read
42CE000
direct allocation
page read and write
120D2515000
heap
page read and write
49AB000
trusted library allocation
page read and write
1600000
direct allocation
page execute and read and write
261DA950000
heap
page read and write
1B73A5B8000
heap
page read and write
1FD0AC10000
heap
page read and write
1F94AE70000
heap
page read and write
194ABF70000
heap
page read and write
22C66440000
heap
page read and write
4BDFF7E000
stack
page read and write
2F46000
direct allocation
page read and write
F94000
unkown
page read and write
A6E000
stack
page read and write
499A000
trusted library allocation
page read and write
2CC6000
direct allocation
page read and write
1888000
direct allocation
page read and write
80BD87F000
stack
page read and write
1F94AB40000
heap
page read and write
22389540000
heap
page read and write
12CB000
heap
page read and write
78CD2DC000
stack
page read and write
2AA9000
heap
page read and write
188C0650000
heap
page read and write
28F78570000
heap
page read and write
2C22000
direct allocation
page read and write
261DA750000
heap
page read and write
2AA7000
heap
page read and write
950000
heap
page read and write
277DA880000
heap
page read and write
2CBB000
heap
page read and write
4DEE000
stack
page read and write
167F000
stack
page read and write
3B2E000
stack
page read and write
2A9D000
heap
page read and write
D80000
heap
page read and write
27574BC0000
heap
page read and write
120D22C8000
heap
page read and write
1F87ACB0000
heap
page read and write
2BF0000
direct allocation
page read and write
AAE000
stack
page read and write
22C80710000
heap
page read and write
2C930667000
heap
page read and write
2CBF000
direct allocation
page read and write
2789000
heap
page read and write
143E000
stack
page read and write
7F94A000
direct allocation
page read and write
18E4000
direct allocation
page read and write
252A000
direct allocation
page read and write
F94000
unkown
page write copy
2990000
direct allocation
page read and write
2CF8000
direct allocation
page read and write
211D71B5000
heap
page read and write
499A000
trusted library allocation
page read and write
1B73A4D0000
heap
page read and write
3640000
direct allocation
page read and write
42F0000
direct allocation
page read and write
2F71000
direct allocation
page read and write
2F2F000
direct allocation
page read and write
27278975000
heap
page read and write
27574900000
heap
page read and write
385EEFE000
stack
page read and write
2EF5000
direct allocation
page read and write
2C5E000
direct allocation
page read and write
2BD3000
direct allocation
page read and write
194AC095000
heap
page read and write
247EE9C0000
heap
page read and write
252FAE45000
heap
page read and write
18AE000
direct allocation
page read and write
D92000
heap
page read and write
2CCD000
direct allocation
page read and write
3980000
direct allocation
page read and write
2C0D000
direct allocation
page read and write
22C807C0000
heap
page read and write
215512A8000
heap
page read and write
CD5000
heap
page read and write
1DA63950000
heap
page read and write
CDB84FF000
stack
page read and write
22389730000
heap
page read and write
27278850000
heap
page read and write
2858FDC0000
heap
page read and write
42C000
unkown
page readonly
2858FF45000
heap
page read and write
4986000
trusted library allocation
page read and write
A00000
unkown
page readonly
26946670000
heap
page read and write
C878C7F000
stack
page read and write
25A8000
direct allocation
page read and write
255DB7E0000
heap
page read and write
35B0000
direct allocation
page read and write
35B0000
direct allocation
page read and write
157E000
stack
page read and write
1850BB60000
heap
page read and write
32D917E000
stack
page read and write
D97000
heap
page read and write
1DB9DFF000
stack
page read and write
247EE9A0000
heap
page read and write
D88000
heap
page read and write
14B87990000
heap
page read and write
B3C5D2D000
stack
page read and write
2F82000
direct allocation
page read and write
1FD0AC58000
heap
page read and write
3DAE000
direct allocation
page read and write
3FCB000
direct allocation
page read and write
42F3000
direct allocation
page read and write
1F779C00000
heap
page read and write
1B73A820000
heap
page read and write
1933000
direct allocation
page read and write
261DA730000
heap
page read and write
1DB99DD000
stack
page read and write
2F2000
unkown
page read and write
2AA0000
heap
page read and write
24DB000
direct allocation
page read and write
113C000
stack
page read and write
1C187400000
heap
page read and write
1FD0AC50000
heap
page read and write
1480000
heap
page read and write
2681000
heap
page read and write
27278970000
heap
page read and write
24F0000
direct allocation
page read and write
247EE7D8000
heap
page read and write
CDB81ED000
stack
page read and write
3FBF6FE000
stack
page read and write
186B000
direct allocation
page read and write
29A89B20000
heap
page read and write
80BD53D000
stack
page read and write
2516000
direct allocation
page read and write
2F4D000
direct allocation
page read and write
2F5000
unkown
page write copy
208B9460000
heap
page read and write
3460000
direct allocation
page read and write
51BE000
stack
page read and write
2C7D000
direct allocation
page read and write
27278650000
heap
page read and write
14B87758000
heap
page read and write
B32000
heap
page read and write
188C0730000
heap
page read and write
4BE007F000
stack
page read and write
194AC148000
heap
page read and write
2EE0000
direct allocation
page read and write
4370000
direct allocation
page read and write
2F7000
unkown
page readonly
2507000
direct allocation
page read and write
B50000
heap
page read and write
22C80720000
heap
page read and write
22C807D8000
heap
page read and write
277DAAC5000
heap
page read and write
258C000
direct allocation
page read and write
2AC9000
heap
page read and write
18CD000
direct allocation
page read and write
AFD000
stack
page read and write
1847000
direct allocation
page read and write
F85000
unkown
page write copy
252FAB58000
heap
page read and write
140CAEC000
stack
page read and write
B73000
heap
page read and write
C70000
direct allocation
page read and write
2ED8000
direct allocation
page read and write
22389588000
heap
page read and write
11CE000
stack
page read and write
There are 758 hidden memdumps, click here to show them.