IOC Report
#U5b89#U88c5#U52a9#U624b1.0.2.exe

loading gif

Files

File Path
Type
Category
Malicious
#U5b89#U88c5#U52a9#U624b1.0.2.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\Program Files (x86)\Windows NT\hrsw.vbc
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
malicious
C:\Program Files (x86)\Windows NT\tProtect.dll
PE32+ executable (native) x86-64, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\is-4RQR5.tmp\update.vac
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\is-HT0ET.tmp\update.vac
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\is-OEIE1.tmp\#U5b89#U88c5#U52a9#U624b1.0.2.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\is-QO799.tmp\#U5b89#U88c5#U52a9#U624b1.0.2.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Program Files (x86)\Windows NT\7zr.exe
PE32 executable (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Windows NT\file.bin (copy)
data
dropped
C:\Program Files (x86)\Windows NT\is-RHS98.tmp
data
dropped
C:\Program Files (x86)\Windows NT\is-S9CBO.tmp
data
dropped
C:\Program Files (x86)\Windows NT\locale.bin
data
dropped
C:\Program Files (x86)\Windows NT\locale.dat
7-zip archive data, version 0.4
dropped
C:\Program Files (x86)\Windows NT\locale2.bin
data
dropped
C:\Program Files (x86)\Windows NT\locale2.dat
7-zip archive data, version 0.4
dropped
C:\Program Files (x86)\Windows NT\locale3.bin
data
dropped
C:\Program Files (x86)\Windows NT\locale3.dat
7-zip archive data, version 0.4
dropped
C:\Program Files (x86)\Windows NT\locale4.bin
data
dropped
C:\Program Files (x86)\Windows NT\locale4.dat
7-zip archive data, version 0.4
dropped
C:\Program Files (x86)\Windows NT\locale7.bin
data
dropped
C:\Program Files (x86)\Windows NT\locale7.dat
7-zip archive data, version 0.4
dropped
C:\Program Files (x86)\Windows NT\res.dat
7-zip archive data, version 0.4
dropped
C:\Program Files (x86)\Windows NT\task.xml
data
dropped
C:\Program Files (x86)\Windows NT\trash
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ejvsx5uu.zef.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hgctsqwj.j2d.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_t2ruqbsc.an3.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uq3h13r2.wxa.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\is-4RQR5.tmp\_isetup\_setup64.tmp
PE32+ executable (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\is-HT0ET.tmp\_isetup\_setup64.tmp
PE32+ executable (console) x86-64, for MS Windows
dropped
\Device\ConDrv
ASCII text, with CRLF, CR line terminators
dropped
There are 22 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\#U5b89#U88c5#U52a9#U624b1.0.2.exe
"C:\Users\user\Desktop\#U5b89#U88c5#U52a9#U624b1.0.2.exe"
malicious
C:\Users\user\AppData\Local\Temp\is-QO799.tmp\#U5b89#U88c5#U52a9#U624b1.0.2.tmp
"C:\Users\user\AppData\Local\Temp\is-QO799.tmp\#U5b89#U88c5#U52a9#U624b1.0.2.tmp" /SL5="$20466,5031707,845824,C:\Users\user\Desktop\#U5b89#U88c5#U52a9#U624b1.0.2.exe"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" -Command "Add-MpPreference -ExclusionPath 'C:\'"
malicious
C:\Users\user\Desktop\#U5b89#U88c5#U52a9#U624b1.0.2.exe
"C:\Users\user\Desktop\#U5b89#U88c5#U52a9#U624b1.0.2.exe" /VERYSILENT
malicious
C:\Users\user\AppData\Local\Temp\is-OEIE1.tmp\#U5b89#U88c5#U52a9#U624b1.0.2.tmp
"C:\Users\user\AppData\Local\Temp\is-OEIE1.tmp\#U5b89#U88c5#U52a9#U624b1.0.2.tmp" /SL5="$10488,5031707,845824,C:\Users\user\Desktop\#U5b89#U88c5#U52a9#U624b1.0.2.exe" /VERYSILENT
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc create CleverSoar displayname= CleverSoar binPath= "C:\Program Files (x86)\Windows NT\tProtect.dll" type= kernel start= auto
C:\Windows\System32\sc.exe
sc create CleverSoar displayname= CleverSoar binPath= "C:\Program Files (x86)\Windows NT\tProtect.dll" type= kernel start= auto
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Program Files (x86)\Windows NT\7zr.exe
7zr.exe x -y res.dat -pad8dtyw9eyfd9aslyd9iald
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Program Files (x86)\Windows NT\7zr.exe
7zr.exe x -y locale3.dat -pasfasdf79yf9layslofs
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
There are 101 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
unknown
https://www.remobjects.com/ps
unknown
https://www.innosetup.com/
unknown

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Owner
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
SessionHash
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Sequence
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Owner
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
SessionHash
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Sequence
HKEY_CURRENT_USER\SOFTWARE\Magisk
ring3_username

Memdumps

Base Address
Regiontype
Protect
Malicious
5B0AF7F000
stack
page read and write
4591000
trusted library allocation
page read and write
2820000
direct allocation
page read and write
680000
heap
page read and write
BF7257F000
stack
page read and write
CE3000
heap
page read and write
18B75EE000
stack
page read and write
1FE23AA0000
heap
page read and write
2CBE000
heap
page read and write
8CF000
stack
page read and write
274E1B60000
heap
page read and write
28B0000
direct allocation
page read and write
C42000
unkown
page write copy
4020000
heap
page read and write
3DE5BFE000
stack
page read and write
DC02CFE000
stack
page read and write
2B04000
direct allocation
page read and write
32A0000
direct allocation
page read and write
14904F70000
heap
page read and write
1FE23B58000
heap
page read and write
5B0AB5D000
stack
page read and write
2749000
direct allocation
page read and write
5B283CD000
stack
page read and write
1100000
heap
page read and write
21096F88000
heap
page read and write
37F00FD000
stack
page read and write
74E000
stack
page read and write
23076E08000
heap
page read and write
516D47E000
stack
page read and write
12FAF935000
heap
page read and write
2609F1B0000
heap
page read and write
1DF5C280000
heap
page read and write
2CC0000
heap
page read and write
1405FC70000
heap
page read and write
FC599FE000
stack
page read and write
24FF000
stack
page read and write
2FEF000
stack
page read and write
CF1000
unkown
page execute read
2DC0000
direct allocation
page read and write
EEF000
stack
page read and write
2671000
heap
page read and write
F3E000
stack
page read and write
340000
unkown
page readonly
21B247E000
stack
page read and write
4E1000
unkown
page execute read
2902000
direct allocation
page read and write
2AD6000
direct allocation
page read and write
1B91B880000
heap
page read and write
253CE370000
heap
page read and write
1FF6FDD0000
heap
page read and write
D20000
heap
page read and write
2CBB000
heap
page read and write
FC598FD000
stack
page read and write
2AFB000
direct allocation
page read and write
30A0000
direct allocation
page read and write
248C000
direct allocation
page read and write
2B28000
direct allocation
page read and write
2770000
direct allocation
page read and write
23077055000
heap
page read and write
3A7E000
direct allocation
page read and write
3A6E000
direct allocation
page read and write
283D000
direct allocation
page read and write
1D966900000
heap
page read and write
2849000
direct allocation
page read and write
CF1000
heap
page read and write
9E8000
heap
page read and write
2AED000
direct allocation
page read and write
293C000
direct allocation
page read and write
20958068000
heap
page read and write
DC029BD000
stack
page read and write
2E41000
heap
page read and write
4C52D6D000
stack
page read and write
2CBD000
heap
page read and write
253CE610000
heap
page read and write
9FE000
heap
page read and write
287B000
direct allocation
page read and write
18760DA8000
heap
page read and write
1E9236C0000
heap
page read and write
CF0000
heap
page read and write
11A8000
heap
page read and write
27C6000
direct allocation
page read and write
1E0957B0000
heap
page read and write
A7F037E000
stack
page read and write
23FF000
direct allocation
page read and write
2384A090000
heap
page read and write
3790000
heap
page read and write
27B0000
direct allocation
page read and write
274E18B0000
heap
page read and write
1432C045000
heap
page read and write
1070000
heap
page read and write
3E0000
heap
page read and write
459A000
trusted library allocation
page read and write
2768000
direct allocation
page read and write
23C5000
direct allocation
page read and write
2218BC20000
heap
page read and write
E5A9F7E000
stack
page read and write
1DF5C555000
heap
page read and write
2609F1E0000
heap
page read and write
6C631000
unkown
page execute read
1FD81028000
heap
page read and write
1EB58480000
heap
page read and write
5C0000
heap
page read and write
126E000
stack
page read and write
7A7000
unkown
page readonly
516D11D000
stack
page read and write
2CBE000
heap
page read and write
23076DF0000
heap
page read and write
1410000
heap
page read and write
209583F0000
heap
page read and write
29907AF0000
heap
page read and write
5BD000
unkown
page execute read
2882000
direct allocation
page read and write
4580000
trusted library allocation
page read and write
2836000
direct allocation
page read and write
24A2DE25000
heap
page read and write
2820000
direct allocation
page read and write
1E095790000
heap
page read and write
1E923790000
heap
page read and write
5B286FE000
stack
page read and write
1B91B788000
heap
page read and write
22E697E000
stack
page read and write
8FC000
stack
page read and write
7F74A000
direct allocation
page read and write
2958000
direct allocation
page read and write
3A92000
direct allocation
page read and write
6A15EFE000
stack
page read and write
700000
heap
page read and write
C4B000
unkown
page readonly
1969DD40000
heap
page read and write
1C704AA5000
heap
page read and write
249A000
direct allocation
page read and write
2459000
direct allocation
page read and write
C42000
unkown
page read and write
341000
unkown
page execute read
28DF8CF0000
heap
page read and write
2943000
direct allocation
page read and write
1E923A70000
heap
page read and write
CDA000
heap
page read and write
B81000
unkown
page execute read
2A84000
direct allocation
page read and write
D04000
heap
page read and write
23F0000
direct allocation
page read and write
B862DFE000
stack
page read and write
2DC6000
heap
page read and write
E4A5B7F000
stack
page read and write
2B68000
direct allocation
page read and write
4440000
trusted library allocation
page read and write
23849DF0000
heap
page read and write
2857000
direct allocation
page read and write
2E0E000
direct allocation
page read and write
2B53000
direct allocation
page read and write
B3E000
stack
page read and write
447D000
stack
page read and write
2218B938000
heap
page read and write
4580000
trusted library allocation
page read and write
25FD000
heap
page read and write
6C7D8000
unkown
page readonly
2629000
heap
page read and write
23849D90000
heap
page read and write
27B7000
direct allocation
page read and write
28DF8D10000
heap
page read and write
286D000
direct allocation
page read and write
20958030000
heap
page read and write
139F000
stack
page read and write
3A5E000
direct allocation
page read and write
29907C10000
heap
page read and write
2794000
direct allocation
page read and write
F9F000
stack
page read and write
262A000
heap
page read and write
1EB58290000
heap
page read and write
2600000
heap
page read and write
8A7BAFE000
stack
page read and write
1FF6FF98000
heap
page read and write
CFA000
heap
page read and write
ADF9C7E000
stack
page read and write
2868000
direct allocation
page read and write
1400000
heap
page read and write
27DD000
direct allocation
page read and write
2812000
direct allocation
page read and write
3DE5AFE000
stack
page read and write
284C000
direct allocation
page read and write
2FD0000
direct allocation
page read and write
1E923A75000
heap
page read and write
6FD000
stack
page read and write
A80000
heap
page read and write
1671CAA5000
heap
page read and write
2671000
heap
page read and write
6C7E8000
unkown
page write copy
2ACB000
direct allocation
page read and write
3B60000
direct allocation
page read and write
5D0000
heap
page read and write
977000
heap
page read and write
253CE310000
heap
page read and write
2850000
direct allocation
page read and write
1D558500000
heap
page read and write
CBE000
stack
page read and write
1405FC50000
heap
page read and write
E4A5C7E000
stack
page read and write
A7F047F000
stack
page read and write
3A54000
direct allocation
page read and write
14904DB0000
heap
page read and write
58881FF000
stack
page read and write
1FF70250000
heap
page read and write
1969D9E0000
heap
page read and write
14487495000
heap
page read and write
2218B930000
heap
page read and write
21B257E000
stack
page read and write
2441000
direct allocation
page read and write
2116CA65000
heap
page read and write
1E9235C0000
heap
page read and write
1FF6FEB0000
heap
page read and write
31A0000
direct allocation
page read and write
4341000
heap
page read and write
1671C870000
heap
page read and write
18761015000
heap
page read and write
6A15FFF000
stack
page read and write
1B91B8B0000
heap
page read and write
2606000
heap
page read and write
2619000
heap
page read and write
1432C020000
heap
page read and write
1D5584E0000
heap
page read and write
2218B810000
heap
page read and write
459C000
trusted library allocation
page read and write
1405FEE5000
heap
page read and write
23A1000
direct allocation
page read and write
78E000
unkown
page write copy
2D01000
heap
page read and write
3B7B000
direct allocation
page read and write
2874000
direct allocation
page read and write
459C000
trusted library allocation
page read and write
663DF7F000
stack
page read and write
3A49000
direct allocation
page read and write
941D08C000
stack
page read and write
68C88FE000
stack
page read and write
D9B000
unkown
page read and write
2424000
direct allocation
page read and write
1405FC40000
heap
page read and write
37D7000
heap
page read and write
1419000
heap
page read and write
B80000
unkown
page readonly
1969DD45000
heap
page read and write
28DBDC45000
heap
page read and write
2A8B000
direct allocation
page read and write
941D4FE000
stack
page read and write
24A2DEC0000
heap
page read and write
282F000
direct allocation
page read and write
4B0E000
stack
page read and write
58884FF000
stack
page read and write
2468000
direct allocation
page read and write
BF0000
heap
page read and write
7F430000
direct allocation
page read and write
247D000
direct allocation
page read and write
3DE57CC000
stack
page read and write
2EA0000
heap
page read and write
604000
unkown
page write copy
25FD000
heap
page read and write
1A9AFAD000
stack
page read and write
6E9000
heap
page read and write
144874C0000
heap
page read and write
27FA000
direct allocation
page read and write
25F5000
heap
page read and write
1DF5C1A0000
heap
page read and write
28DBDB70000
heap
page read and write
45AB000
trusted library allocation
page read and write
4580000
trusted library allocation
page read and write
1BA72A30000
heap
page read and write
4C4B000
stack
page read and write
2609F150000
heap
page read and write
457B000
stack
page read and write
241D000
direct allocation
page read and write
1DF5C2E0000
heap
page read and write
6749D7D000
stack
page read and write
1D9668E0000
heap
page read and write
4C5317E000
stack
page read and write
2B12000
direct allocation
page read and write
1969D9E8000
heap
page read and write
CA0000
heap
page read and write
292D000
direct allocation
page read and write
BA6000
heap
page read and write
E4A5A7C000
stack
page read and write
14487490000
heap
page read and write
BF7216D000
stack
page read and write
1079000
heap
page read and write
FD0000
direct allocation
page execute and read and write
29907A00000
heap
page read and write
20958230000
heap
page read and write
CE0000
heap
page read and write
5F5000
unkown
page read and write
1BCFCBD000
stack
page read and write
1F0000
heap
page read and write
58880FD000
stack
page read and write
BA0000
heap
page read and write
1075000
heap
page read and write
1DF5C2A0000
heap
page read and write
279B000
direct allocation
page read and write
2A51000
direct allocation
page read and write
1671CAA0000
heap
page read and write
8A7B7DF000
stack
page read and write
14904EE0000
heap
page read and write
B2D000
stack
page read and write
1C704860000
heap
page read and write
3B60000
direct allocation
page read and write
27A2000
direct allocation
page read and write
28DBDB50000
heap
page read and write
B81000
unkown
page execute read
2116C6B0000
heap
page read and write
E89FA7C000
stack
page read and write
37F04FE000
stack
page read and write
1FE23AC0000
heap
page read and write
3B60000
direct allocation
page read and write
459C000
trusted library allocation
page read and write
2A92000
direct allocation
page read and write
1432C010000
heap
page read and write
390F000
stack
page read and write
4340000
heap
page read and write
255C6FF000
stack
page read and write
3043000
heap
page read and write
FDD000
heap
page read and write
4591000
trusted library allocation
page read and write
E9F000
stack
page read and write
5F0000
unkown
page write copy
1EB58170000
heap
page read and write
2384A095000
heap
page read and write
28C6000
direct allocation
page read and write
87A017E000
stack
page read and write
24A2DE20000
heap
page read and write
516D57E000
stack
page read and write
28DBDA50000
heap
page read and write
3360000
trusted library allocation
page read and write
BA7000
heap
page read and write
2D41000
heap
page read and write
3EB3000
direct allocation
page read and write
1969D990000
heap
page read and write
459A000
trusted library allocation
page read and write
570000
heap
page read and write
1D558840000
heap
page read and write
3420000
direct allocation
page read and write
253CE2F0000
heap
page read and write
DA6000
unkown
page read and write
2A67000
direct allocation
page read and write
29907CF0000
heap
page read and write
274E17B0000
heap
page read and write
6C8B3000
unkown
page read and write
28DF8C10000
heap
page read and write
144874A0000
heap
page read and write
274E1890000
heap
page read and write
2FF0000
heap
page read and write
1FD80FA5000
heap
page read and write
1EE000
stack
page read and write
2865000
direct allocation
page read and write
1415000
heap
page read and write
24A2DE50000
heap
page read and write
2609F1E8000
heap
page read and write
BF7247E000
stack
page read and write
F56000
heap
page read and write
CE4000
heap
page read and write
390000
heap
page read and write
2E40000
heap
page read and write
24A2DE10000
heap
page read and write
2A7D000
direct allocation
page read and write
244A000
direct allocation
page read and write
960000
heap
page read and write
3E98000
direct allocation
page read and write
6D8000
heap
page read and write
1405FEE0000
heap
page read and write
2817000
heap
page read and write
C90000
heap
page read and write
498E000
stack
page read and write
1671C860000
heap
page read and write
2CBE000
heap
page read and write
674A07F000
stack
page read and write
2CB0000
heap
page read and write
C2C000
unkown
page readonly
1671C8A0000
heap
page read and write
2951000
direct allocation
page read and write
B862CFE000
stack
page read and write
1C704AA0000
heap
page read and write
1969D970000
heap
page read and write
2785000
direct allocation
page read and write
1BA72DE5000
heap
page read and write
3EB0000
direct allocation
page read and write
28E4000
direct allocation
page read and write
1EB58298000
heap
page read and write
1432C0D8000
heap
page read and write
2484000
direct allocation
page read and write
27A9000
direct allocation
page read and write
28DBDA58000
heap
page read and write
243A000
direct allocation
page read and write
D99000
unkown
page read and write
2B36000
direct allocation
page read and write
2619000
heap
page read and write
1FD81020000
heap
page read and write
607000
unkown
page readonly
23CC000
direct allocation
page read and write
2AF4000
direct allocation
page read and write
14904EE5000
heap
page read and write
795000
unkown
page read and write
AED000
stack
page read and write
1432C040000
heap
page read and write
144872A0000
heap
page read and write
100A000
heap
page read and write
D0C000
heap
page read and write
C4B000
unkown
page readonly
3040000
heap
page read and write
278C000
direct allocation
page read and write
28F3000
direct allocation
page read and write
E5A9E7F000
stack
page read and write
274E18F8000
heap
page read and write
2898000
direct allocation
page read and write
2609000
heap
page read and write
894C7F000
stack
page read and write
D00000
heap
page read and write
1BCFDBF000
stack
page read and write
3B70000
direct allocation
page read and write
49CE000
stack
page read and write
29907BF0000
heap
page read and write
27E4000
direct allocation
page read and write
50B000
stack
page read and write
23077050000
heap
page read and write
24A1000
direct allocation
page read and write
87A007F000
stack
page read and write
3DE000
stack
page read and write
2493000
direct allocation
page read and write
2CB5000
heap
page read and write
23076FD0000
heap
page read and write
CEA000
heap
page read and write
2918000
direct allocation
page read and write
2AA8000
direct allocation
page read and write
23E2000
direct allocation
page read and write
6C8B9000
unkown
page execute read
5B287FE000
stack
page read and write
2619000
heap
page read and write
1B91B6A0000
heap
page read and write
674A17E000
stack
page read and write
B81000
unkown
page execute read
D02000
heap
page read and write
23B0000
direct allocation
page read and write
DA5000
unkown
page write copy
380E000
stack
page read and write
5EE000
unkown
page write copy
5D5000
heap
page read and write
1432C050000
heap
page read and write
1969D960000
heap
page read and write
12FAF930000
heap
page read and write
144872A8000
heap
page read and write
546000
unkown
page execute read
1BA72A98000
heap
page read and write
CE3000
heap
page read and write
5F5000
unkown
page write copy
2801000
direct allocation
page read and write
274E1B65000
heap
page read and write
43315FF000
stack
page read and write
12FAF580000
heap
page read and write
2888000
direct allocation
page read and write
3020000
direct allocation
page read and write
28DF9020000
heap
page read and write
ADF9A7C000
stack
page read and write
2844000
direct allocation
page read and write
FC59CFF000
stack
page read and write
23076FF0000
heap
page read and write
1FE23B50000
heap
page read and write
2A43000
direct allocation
page read and write
21097170000
heap
page read and write
22E6A7E000
stack
page read and write
13B000
stack
page read and write
1D966C20000
heap
page read and write
CA0000
heap
page read and write
18B78FE000
stack
page read and write
68C89FE000
stack
page read and write
2B61000
direct allocation
page read and write
2ADD000
direct allocation
page read and write
18760DA0000
heap
page read and write
1B91B8A5000
heap
page read and write
21097290000
heap
page read and write
7F0000
heap
page read and write
18761010000
heap
page read and write
28D4000
direct allocation
page read and write
12FAF530000
heap
page read and write
3220000
direct allocation
page read and write
4FC000
stack
page read and write
FA8000
heap
page read and write
B78000
stack
page read and write
255C3FE000
stack
page read and write
4591000
trusted library allocation
page read and write
2F50000
trusted library allocation
page read and write
23849DB0000
heap
page read and write
D99000
unkown
page read and write
3D4E000
stack
page read and write
2452000
direct allocation
page read and write
2218B910000
heap
page read and write
968000
heap
page read and write
2629000
heap
page read and write
14904EB0000
heap
page read and write
27CF000
direct allocation
page read and write
7A0000
unkown
page write copy
28DF8D70000
heap
page read and write
9CF000
stack
page read and write
3F50000
direct allocation
page read and write
2AE4000
direct allocation
page read and write
25FC000
heap
page read and write
3B83000
direct allocation
page read and write
10FF000
stack
page read and write
163D38D000
stack
page read and write
23BE000
direct allocation
page read and write
3320000
direct allocation
page read and write
28DBDC40000
heap
page read and write
2819000
direct allocation
page read and write
1BA72A90000
heap
page read and write
28DF8D78000
heap
page read and write
1EB58270000
heap
page read and write
253CE615000
heap
page read and write
1671C8A8000
heap
page read and write
4580000
trusted library allocation
page read and write
5B8F000
stack
page read and write
D09000
heap
page read and write
2828000
direct allocation
page read and write
CFE000
stack
page read and write
21097190000
heap
page read and write
A7F027D000
stack
page read and write
6C630000
unkown
page readonly
4D4C000
stack
page read and write
DA7000
unkown
page readonly
144873A0000
heap
page read and write
2CC2000
heap
page read and write
291F000
direct allocation
page read and write
2B3D000
direct allocation
page read and write
2AC0000
direct allocation
page read and write
2116C8B0000
heap
page read and write
2861000
direct allocation
page read and write
45A9000
trusted library allocation
page read and write
2601000
heap
page read and write
1E923798000
heap
page read and write
1E095780000
heap
page read and write
2416000
direct allocation
page read and write
E5A9B7D000
stack
page read and write
79D000
unkown
page read and write
D00000
heap
page read and write
35C000
unkown
page execute read
1A0000
heap
page read and write
1D558400000
heap
page read and write
776000
stack
page read and write
3B8D000
direct allocation
page read and write
1050000
heap
page read and write
2671000
heap
page read and write
3010000
direct allocation
page execute and read and write
5F0000
unkown
page read and write
28DBD960000
heap
page read and write
209583F5000
heap
page read and write
280A000
direct allocation
page read and write
21B214C000
stack
page read and write
24A2DEC8000
heap
page read and write
3A40000
direct allocation
page read and write
242A000
direct allocation
page read and write
394C000
stack
page read and write
23849CB0000
heap
page read and write
1D966C25000
heap
page read and write
18760D40000
heap
page read and write
294A000
direct allocation
page read and write
2833000
direct allocation
page read and write
894B7E000
stack
page read and write
2671000
heap
page read and write
1FE239C0000
heap
page read and write
459A000
trusted library allocation
page read and write
1BD00FF000
stack
page read and write
C2C000
unkown
page readonly
23F8000
direct allocation
page read and write
A2C000
stack
page read and write
2B19000
direct allocation
page read and write
1FF6FED0000
heap
page read and write
1EB58250000
heap
page read and write
25FB000
heap
page read and write
29907AF8000
heap
page read and write
B81000
unkown
page execute read
DC02DFF000
stack
page read and write
1BA72A10000
heap
page read and write
C93000
heap
page read and write
5EB000
unkown
page execute read
2CF0000
direct allocation
page read and write
790000
direct allocation
page read and write
23D4000
direct allocation
page read and write
2629000
heap
page read and write
1DF5C550000
heap
page read and write
2629000
heap
page read and write
45AB000
trusted library allocation
page read and write
B8629CD000
stack
page read and write
1D966980000
heap
page read and write
4C5307F000
stack
page read and write
28EB000
direct allocation
page read and write
FC0000
heap
page read and write
9E0000
heap
page read and write
2116C6E8000
heap
page read and write
2476000
direct allocation
page read and write
2B4C000
direct allocation
page read and write
B5F000
stack
page read and write
24A8000
direct allocation
page read and write
1BA72DE0000
heap
page read and write
43311FD000
stack
page read and write
2AB9000
direct allocation
page read and write
610000
heap
page read and write
18760D60000
heap
page read and write
C70000
heap
page read and write
2609F120000
heap
page read and write
23DB000
direct allocation
page read and write
2777000
direct allocation
page read and write
20958060000
heap
page read and write
4C0F000
stack
page read and write
5EE000
unkown
page read and write
1E095B10000
heap
page read and write
1FF6FF90000
heap
page read and write
C1E000
stack
page read and write
2460000
direct allocation
page read and write
690000
heap
page read and write
24A2DE30000
heap
page read and write
253CE378000
heap
page read and write
2ACE000
direct allocation
page read and write
1E9236A0000
heap
page read and write
2609F1B5000
heap
page read and write
1FF70255000
heap
page read and write
2399000
direct allocation
page read and write
12FAF540000
heap
page read and write
DA2000
unkown
page read and write
32C000
stack
page read and write
23849DF8000
heap
page read and write
12FAF588000
heap
page read and write
B80000
unkown
page readonly
941D18F000
stack
page read and write
28BE000
direct allocation
page read and write
1D966988000
heap
page read and write
2B40000
heap
page read and write
E89FC7E000
stack
page read and write
65E000
stack
page read and write
25FD000
heap
page read and write
7C0000
heap
page read and write
AFD000
stack
page read and write
2720000
heap
page read and write
1C704A60000
heap
page read and write
2702000
heap
page read and write
2A75000
direct allocation
page read and write
6D0000
heap
page read and write
B80000
unkown
page readonly
2116C6E0000
heap
page read and write
28A9000
direct allocation
page read and write
27D6000
direct allocation
page read and write
2B20000
direct allocation
page read and write
2607000
heap
page read and write
2D42000
heap
page read and write
FA0000
heap
page read and write
1D558845000
heap
page read and write
663DE7D000
stack
page read and write
1E095B15000
heap
page read and write
3A39000
direct allocation
page read and write
18760C60000
heap
page read and write
246F000
direct allocation
page read and write
5B0AE7F000
stack
page read and write
1A9B3FE000
stack
page read and write
37F01FF000
stack
page read and write
45AB000
trusted library allocation
page read and write
28DF9025000
heap
page read and write
8A7B6DD000
stack
page read and write
6A15BED000
stack
page read and write
F50000
heap
page read and write
2B0B000
direct allocation
page read and write
3040000
direct allocation
page read and write
20958040000
heap
page read and write
1FD80FD0000
heap
page read and write
3B70000
direct allocation
page read and write
3750000
direct allocation
page read and write
CF0000
unkown
page readonly
CE4000
heap
page read and write
1FD80FA0000
heap
page read and write
1432C0D0000
heap
page read and write
E89FB7F000
stack
page read and write
285E000
direct allocation
page read and write
2CF0000
direct allocation
page read and write
28FB000
direct allocation
page read and write
2CB9000
heap
page read and write
1C704960000
heap
page read and write
2853000
direct allocation
page read and write
2609F130000
heap
page read and write
C2C000
unkown
page readonly
2389000
direct allocation
page read and write
894A7C000
stack
page read and write
484E000
stack
page read and write
D99000
unkown
page write copy
11A0000
heap
page read and write
D9B000
unkown
page read and write
1BA72A00000
heap
page read and write
ADF9B7E000
stack
page read and write
2934000
direct allocation
page read and write
14904E90000
heap
page read and write
4E0000
unkown
page readonly
28CD000
direct allocation
page read and write
18B74ED000
stack
page read and write
663E07E000
stack
page read and write
3A90000
direct allocation
page read and write
1FE23D35000
heap
page read and write
5BE000
stack
page read and write
12FAF560000
heap
page read and write
1405FC78000
heap
page read and write
1FE23D30000
heap
page read and write
25F0000
heap
page read and write
790000
unkown
page read and write
2B5A000
direct allocation
page read and write
21097295000
heap
page read and write
2CBE000
heap
page read and write
43314FE000
stack
page read and write
2B44000
direct allocation
page read and write
253CE210000
heap
page read and write
B7E000
stack
page read and write
68C859D000
stack
page read and write
32D0000
heap
page read and write
3E8E000
direct allocation
page read and write
5FD000
unkown
page read and write
B80000
unkown
page readonly
163D6FE000
stack
page read and write
23B7000
direct allocation
page read and write
2A59000
direct allocation
page read and write
4ACE000
stack
page read and write
BDE000
stack
page read and write
274E18F0000
heap
page read and write
1C704968000
heap
page read and write
879FD0D000
stack
page read and write
CA8000
heap
page read and write
29907CF5000
heap
page read and write
1D558558000
heap
page read and write
2671000
heap
page read and write
2A30000
direct allocation
page read and write
3B9F000
direct allocation
page read and write
C42000
unkown
page read and write
C70000
heap
page read and write
23076E00000
heap
page read and write
1B91B8A0000
heap
page read and write
2116CA60000
heap
page read and write
2607000
heap
page read and write
2B2F000
direct allocation
page read and write
21097090000
heap
page read and write
277E000
direct allocation
page read and write
2841000
direct allocation
page read and write
21096F80000
heap
page read and write
266A000
heap
page read and write
1D558550000
heap
page read and write
604000
unkown
page read and write
CC3518C000
stack
page read and write
23A8000
direct allocation
page read and write
1DF5C2E8000
heap
page read and write
6C9A3000
unkown
page readonly
2218B8F0000
heap
page read and write
2EEE000
stack
page read and write
488D000
stack
page read and write
ECF000
stack
page read and write
1FD80FB0000
heap
page read and write
7E0000
heap
page read and write
2761000
direct allocation
page read and write
1E0957E0000
heap
page read and write
22E687D000
stack
page read and write
1D966800000
heap
page read and write
1405FE40000
heap
page read and write
23E9000
direct allocation
page read and write
78E000
unkown
page read and write
C42000
unkown
page write copy
1A9B2FE000
stack
page read and write
1B91B780000
heap
page read and write
163D7FE000
stack
page read and write
C2C000
unkown
page readonly
1671CA70000
heap
page read and write
C4B000
unkown
page readonly
807000
unkown
page readonly
28BB000
direct allocation
page read and write
C4B000
unkown
page readonly
1C704940000
heap
page read and write
BE0000
heap
page read and write
2406000
direct allocation
page read and write
2700000
direct allocation
page read and write
27BF000
direct allocation
page read and write
14904F78000
heap
page read and write
240F000
direct allocation
page read and write
DA9000
unkown
page readonly
3E8C000
direct allocation
page read and write
2671000
heap
page read and write
7F44B000
direct allocation
page read and write
2116C6A0000
heap
page read and write
2A60000
direct allocation
page read and write
2926000
direct allocation
page read and write
285A000
direct allocation
page read and write
7A5000
unkown
page readonly
DA2000
unkown
page read and write
1EB58485000
heap
page read and write
2218BC25000
heap
page read and write
1FD80F80000
heap
page read and write
255C2FC000
stack
page read and write
1E0957E8000
heap
page read and write
2A6E000
direct allocation
page read and write
2629000
heap
page read and write
There are 783 hidden memdumps, click here to show them.