IOC Report
#U5b89#U88c5#U52a9#U624b1.0.1.exe

loading gif

Files

File Path
Type
Category
Malicious
#U5b89#U88c5#U52a9#U624b1.0.1.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Temp\is-LDPLH.tmp\#U5b89#U88c5#U52a9#U624b1.0.1.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\is-PB21B.tmp\#U5b89#U88c5#U52a9#U624b1.0.1.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Program Files (x86)\Windows NT\7zr.exe
PE32 executable (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Windows NT\file.bin (copy)
data
dropped
C:\Program Files (x86)\Windows NT\hrsw.vbc
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Windows NT\is-9Q49J.tmp
data
dropped
C:\Program Files (x86)\Windows NT\is-SBH8U.tmp
OpenPGP Secret Key
dropped
C:\Program Files (x86)\Windows NT\locale.bin
data
dropped
C:\Program Files (x86)\Windows NT\locale.dat
7-zip archive data, version 0.4
dropped
C:\Program Files (x86)\Windows NT\locale2.bin
data
dropped
C:\Program Files (x86)\Windows NT\locale2.dat
7-zip archive data, version 0.4
dropped
C:\Program Files (x86)\Windows NT\locale3.bin
data
dropped
C:\Program Files (x86)\Windows NT\locale3.dat
7-zip archive data, version 0.4
dropped
C:\Program Files (x86)\Windows NT\locale4.bin
data
dropped
C:\Program Files (x86)\Windows NT\locale4.dat
7-zip archive data, version 0.4
dropped
C:\Program Files (x86)\Windows NT\locale7.bin
data
dropped
C:\Program Files (x86)\Windows NT\locale7.dat
7-zip archive data, version 0.4
dropped
C:\Program Files (x86)\Windows NT\res.dat
7-zip archive data, version 0.4
dropped
C:\Program Files (x86)\Windows NT\tProtect.dll
PE32+ executable (native) x86-64, for MS Windows
dropped
C:\Program Files (x86)\Windows NT\task.xml
data
dropped
C:\Program Files (x86)\Windows NT\trash
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0cwkgqrh.vf1.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2snt4uvh.3kt.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ksrgjyaw.flz.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_spijxguy.jrr.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\is-5OPPK.tmp\_isetup\_setup64.tmp
PE32+ executable (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\is-5OPPK.tmp\update.vac
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\is-P2CCP.tmp\_isetup\_setup64.tmp
PE32+ executable (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\is-P2CCP.tmp\update.vac
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
\Device\ConDrv
ASCII text, with CRLF, CR line terminators
dropped
There are 22 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\#U5b89#U88c5#U52a9#U624b1.0.1.exe
"C:\Users\user\Desktop\#U5b89#U88c5#U52a9#U624b1.0.1.exe"
malicious
C:\Users\user\AppData\Local\Temp\is-LDPLH.tmp\#U5b89#U88c5#U52a9#U624b1.0.1.tmp
"C:\Users\user\AppData\Local\Temp\is-LDPLH.tmp\#U5b89#U88c5#U52a9#U624b1.0.1.tmp" /SL5="$20474,7641276,845824,C:\Users\user\Desktop\#U5b89#U88c5#U52a9#U624b1.0.1.exe"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" -Command "Add-MpPreference -ExclusionPath 'C:\'"
malicious
C:\Users\user\Desktop\#U5b89#U88c5#U52a9#U624b1.0.1.exe
"C:\Users\user\Desktop\#U5b89#U88c5#U52a9#U624b1.0.1.exe" /VERYSILENT
malicious
C:\Users\user\AppData\Local\Temp\is-PB21B.tmp\#U5b89#U88c5#U52a9#U624b1.0.1.tmp
"C:\Users\user\AppData\Local\Temp\is-PB21B.tmp\#U5b89#U88c5#U52a9#U624b1.0.1.tmp" /SL5="$20492,7641276,845824,C:\Users\user\Desktop\#U5b89#U88c5#U52a9#U624b1.0.1.exe" /VERYSILENT
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc create CleverSoar displayname= CleverSoar binPath= "C:\Program Files (x86)\Windows NT\tProtect.dll" type= kernel start= auto
C:\Windows\System32\sc.exe
sc create CleverSoar displayname= CleverSoar binPath= "C:\Program Files (x86)\Windows NT\tProtect.dll" type= kernel start= auto
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Program Files (x86)\Windows NT\7zr.exe
7zr.exe x -y res.dat -pad8dtyw9eyfd9aslyd9iald
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Program Files (x86)\Windows NT\7zr.exe
7zr.exe x -y locale3.dat -pasfasdf79yf9layslofs
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
There are 98 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
unknown
https://www.remobjects.com/ps
unknown
https://www.innosetup.com/
unknown

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Owner
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
SessionHash
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Sequence
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Owner
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
SessionHash
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Sequence
HKEY_CURRENT_USER\SOFTWARE\Magisk
ring3_username

Memdumps

Base Address
Regiontype
Protect
Malicious
2980000
heap
page read and write
2244000
direct allocation
page read and write
2BE53305000
heap
page read and write
711000
unkown
page execute read
22F4000
direct allocation
page read and write
181DB210000
heap
page read and write
184E000
direct allocation
page read and write
CCD000
unkown
page execute read
2A357E18000
heap
page read and write
FCE000
stack
page read and write
98E000
heap
page read and write
185D000
direct allocation
page read and write
15EA000
heap
page read and write
224B000
direct allocation
page read and write
C694A7F000
stack
page read and write
15CAE7E000
stack
page read and write
28C2000
heap
page read and write
CE0000
unkown
page readonly
1AD949B0000
heap
page read and write
12EC000
stack
page read and write
148C87B0000
heap
page read and write
3FD7000
heap
page read and write
16505470000
heap
page read and write
16505370000
heap
page read and write
2867000
direct allocation
page read and write
2951A5F0000
heap
page read and write
165F0F30000
heap
page read and write
2B01000
heap
page read and write
30A0000
direct allocation
page read and write
FA7000
unkown
page readonly
148C85B0000
heap
page read and write
294C000
direct allocation
page read and write
293F84D0000
heap
page read and write
2F0A000
heap
page read and write
237965F0000
heap
page read and write
1220000
heap
page read and write
1D5A7A30000
heap
page read and write
3C10000
heap
page read and write
443E000
stack
page read and write
1910000
heap
page read and write
2F7A000
heap
page read and write
117547D000
stack
page read and write
D05000
unkown
page read and write
1FAAAA25000
heap
page read and write
1B5516C5000
heap
page read and write
3760000
heap
page read and write
312A000
heap
page read and write
165054F0000
heap
page read and write
13B8000
heap
page read and write
F90000
unkown
page read and write
93AE0FF000
stack
page read and write
29C0000
heap
page read and write
311F000
direct allocation
page read and write
1FAAAA20000
heap
page read and write
15433320000
heap
page read and write
1D7551D8000
heap
page read and write
1380000
direct allocation
page read and write
295A000
direct allocation
page read and write
15F4000
heap
page read and write
1CDBCE97000
heap
page read and write
2408CAA0000
heap
page read and write
23796895000
heap
page read and write
10017F000
stack
page read and write
2A357D20000
heap
page read and write
2BC677E000
stack
page read and write
292F000
direct allocation
page read and write
711000
unkown
page execute read
2651F640000
heap
page read and write
1CDBCDD0000
heap
page read and write
D0D000
unkown
page read and write
A30000
heap
page read and write
2F19000
heap
page read and write
28E4000
direct allocation
page read and write
12FC000
stack
page read and write
232AF990000
heap
page read and write
1AD94CF5000
heap
page read and write
1CDBCE90000
heap
page read and write
92E000
stack
page read and write
2B80000
direct allocation
page read and write
1818000
direct allocation
page read and write
180B000
direct allocation
page read and write
56E000
stack
page read and write
27A0000
direct allocation
page read and write
2860000
direct allocation
page read and write
1B5518D0000
heap
page read and write
2B00000
heap
page read and write
3CB0000
direct allocation
page read and write
28FB000
direct allocation
page read and write
90F23AD000
stack
page read and write
28F4000
direct allocation
page read and write
2276000
direct allocation
page read and write
1215000
heap
page read and write
CE1000
unkown
page execute read
4D97000
trusted library allocation
page read and write
3B30000
direct allocation
page read and write
1D7550B0000
heap
page read and write
3158000
direct allocation
page read and write
A50000
unkown
page readonly
2331BB80000
heap
page read and write
2919000
direct allocation
page read and write
2A357D40000
heap
page read and write
E110F1D000
stack
page read and write
D14000
unkown
page read and write
C4F000
stack
page read and write
2220000
direct allocation
page read and write
26EE000
heap
page read and write
2331BEE0000
heap
page read and write
141EF3F0000
heap
page read and write
18E1000
direct allocation
page read and write
2178C9A0000
heap
page read and write
18F0000
heap
page read and write
F8E000
unkown
page write copy
21111780000
heap
page read and write
A51000
unkown
page execute read
1E0C9FC0000
heap
page read and write
3049000
direct allocation
page read and write
21F9000
direct allocation
page read and write
140E000
stack
page read and write
141EF7C0000
heap
page read and write
10047F000
stack
page read and write
1FA858D0000
heap
page read and write
2F16000
heap
page read and write
1FAAAA50000
heap
page read and write
1447000
heap
page read and write
28CB000
direct allocation
page read and write
B7B7D9D000
stack
page read and write
D00000
unkown
page write copy
1FAAAAB8000
heap
page read and write
26EE000
heap
page read and write
C56000
unkown
page execute read
16505705000
heap
page read and write
232AFC65000
heap
page read and write
2951A750000
heap
page read and write
B7B81FE000
stack
page read and write
A86157E000
stack
page read and write
7A0000
heap
page read and write
2BE530B0000
heap
page read and write
293F85F0000
heap
page read and write
1F7FB958000
heap
page read and write
2961000
direct allocation
page read and write
18BD000
direct allocation
page read and write
141EF7C5000
heap
page read and write
1CDBCE00000
heap
page read and write
2800000
heap
page read and write
E7C7AFE000
stack
page read and write
141EF4D0000
heap
page read and write
1CFC8830000
heap
page read and write
1AD94B38000
heap
page read and write
3126000
direct allocation
page read and write
90F27FE000
stack
page read and write
F80000
heap
page read and write
3F90000
heap
page read and write
E6F000
stack
page read and write
22D0000
direct allocation
page read and write
2F3A000
heap
page read and write
52207DF000
stack
page read and write
D6E000
stack
page read and write
453B2FD000
stack
page read and write
293F8785000
heap
page read and write
312D000
direct allocation
page read and write
227F000
direct allocation
page read and write
E11137F000
stack
page read and write
2981000
heap
page read and write
18CC000
direct allocation
page read and write
9B6000
unkown
page read and write
7DB000
unkown
page readonly
4B54BFD000
stack
page read and write
1FA85990000
heap
page read and write
CA78D1C000
stack
page read and write
2259000
direct allocation
page read and write
2651F660000
heap
page read and write
1230000
heap
page read and write
2294000
direct allocation
page read and write
22C06D70000
heap
page read and write
1FA85C35000
heap
page read and write
7F8CA000
direct allocation
page read and write
4290000
direct allocation
page read and write
2F29000
heap
page read and write
2651F668000
heap
page read and write
EBC000
stack
page read and write
2928000
direct allocation
page read and write
15AF000
stack
page read and write
17C3000
direct allocation
page read and write
AB000
stack
page read and write
148C85D0000
heap
page read and write
2408CB18000
heap
page read and write
18E8000
direct allocation
page read and write
18AF000
direct allocation
page read and write
230A000
direct allocation
page read and write
2BE52FB0000
heap
page read and write
90F26FE000
stack
page read and write
117567F000
stack
page read and write
FA5000
unkown
page readonly
2211000
direct allocation
page read and write
6CAC3000
unkown
page read and write
30AF000
direct allocation
page read and write
6CAC9000
unkown
page execute read
287D000
direct allocation
page read and write
1AD94A90000
heap
page read and write
410000
heap
page read and write
22C9000
direct allocation
page read and write
28ED000
direct allocation
page read and write
A10000
heap
page read and write
8EE000
stack
page read and write
3AE8000
direct allocation
page read and write
1FA85C30000
heap
page read and write
2FD0000
trusted library allocation
page read and write
2803000
heap
page read and write
5C0000
heap
page read and write
2331BBA0000
heap
page read and write
2842000
heap
page read and write
C79097E000
stack
page read and write
958000
heap
page read and write
7BC000
unkown
page readonly
4B54FFF000
stack
page read and write
158E000
stack
page read and write
6C841000
unkown
page execute read
1AD94B30000
heap
page read and write
B7B80FF000
stack
page read and write
3075000
direct allocation
page read and write
9B5000
unkown
page write copy
15D5000
heap
page read and write
7BC000
unkown
page readonly
2B10000
direct allocation
page read and write
148C8638000
heap
page read and write
1CFC8AF0000
heap
page read and write
1856000
direct allocation
page read and write
1550000
heap
page read and write
3AB0000
direct allocation
page read and write
2F10000
heap
page read and write
20FBF2C0000
heap
page read and write
2286000
direct allocation
page read and write
154F000
stack
page read and write
37D0000
direct allocation
page read and write
2178C910000
heap
page read and write
9AB000
unkown
page read and write
58A16EC000
stack
page read and write
226F000
direct allocation
page read and write
9D10A7D000
stack
page read and write
F5BEBFF000
stack
page read and write
A18000
heap
page read and write
20FBF530000
heap
page read and write
9A9000
unkown
page read and write
1FAAAA30000
heap
page read and write
1EC04610000
heap
page read and write
2218000
direct allocation
page read and write
C54327C000
stack
page read and write
AB973FE000
stack
page read and write
222E000
direct allocation
page read and write
133E000
stack
page read and write
26E5000
heap
page read and write
1D5A7DD0000
heap
page read and write
2951A755000
heap
page read and write
28A8000
direct allocation
page read and write
2408CAC0000
heap
page read and write
15F3000
heap
page read and write
1B5518B0000
heap
page read and write
2900000
direct allocation
page read and write
247F57F000
stack
page read and write
26F4000
heap
page read and write
711000
unkown
page execute read
1446000
heap
page read and write
1F7FBCC5000
heap
page read and write
1B5516E8000
heap
page read and write
A86147D000
stack
page read and write
4C40000
trusted library allocation
page read and write
3ADE000
direct allocation
page read and write
200A9EA0000
heap
page read and write
181DB270000
heap
page read and write
1840000
direct allocation
page read and write
22BA000
direct allocation
page read and write
C69487C000
stack
page read and write
6CBB3000
unkown
page readonly
8BE000
stack
page read and write
2A40000
heap
page read and write
8E0000
heap
page read and write
6AD000
stack
page read and write
3067000
direct allocation
page read and write
46FC000
stack
page read and write
1AC000
stack
page read and write
1EC045F0000
heap
page read and write
F95000
unkown
page read and write
20FBF2C8000
heap
page read and write
2944000
direct allocation
page read and write
1E0C9FD0000
heap
page read and write
30BF000
direct allocation
page read and write
CA7917E000
stack
page read and write
15433420000
heap
page read and write
211117E8000
heap
page read and write
3084000
direct allocation
page read and write
17E0000
direct allocation
page read and write
1D5A7A40000
heap
page read and write
53F94D000
stack
page read and write
30EA000
direct allocation
page read and write
141EF5F0000
heap
page read and write
232AF940000
heap
page read and write
2227000
direct allocation
page read and write
1EC04940000
heap
page read and write
26E0000
heap
page read and write
2303000
direct allocation
page read and write
181DB240000
heap
page read and write
2875000
direct allocation
page read and write
58A1AFE000
stack
page read and write
1D5A7AA8000
heap
page read and write
148C8630000
heap
page read and write
2651F850000
heap
page read and write
165F11B5000
heap
page read and write
37F0000
heap
page read and write
165F11B0000
heap
page read and write
47FC000
stack
page read and write
7BF000
stack
page read and write
2884000
direct allocation
page read and write
2920000
heap
page read and write
15433500000
heap
page read and write
1CFC8AF5000
heap
page read and write
1007000
unkown
page readonly
21E0000
heap
page read and write
2859000
direct allocation
page read and write
17D1000
direct allocation
page read and write
420000
heap
page read and write
21111750000
heap
page read and write
A0851CE000
stack
page read and write
4254000
direct allocation
page read and write
2178CC00000
heap
page read and write
3058000
direct allocation
page read and write
CFB000
unkown
page execute read
1828000
direct allocation
page read and write
2951A3E0000
heap
page read and write
7F5B0000
direct allocation
page read and write
1B5516C0000
heap
page read and write
201B1120000
heap
page read and write
2BE530B8000
heap
page read and write
2F12000
heap
page read and write
639000
stack
page read and write
1B5516B0000
heap
page read and write
37ED000
direct allocation
page read and write
301E000
heap
page read and write
15B8000
heap
page read and write
6C840000
unkown
page readonly
1D5A7DD5000
heap
page read and write
17FD000
direct allocation
page read and write
2904000
direct allocation
page read and write
D05000
unkown
page write copy
17EE000
direct allocation
page read and write
1CFC8858000
heap
page read and write
2BE52FD0000
heap
page read and write
1A00000
heap
page read and write
2951A4F0000
heap
page read and write
2A358015000
heap
page read and write
2A358010000
heap
page read and write
711000
unkown
page execute read
3B03000
direct allocation
page read and write
2620000
heap
page read and write
181DB215000
heap
page read and write
623027C000
stack
page read and write
3102000
direct allocation
page read and write
148C84D0000
heap
page read and write
2F00000
heap
page read and write
456BD5D000
stack
page read and write
200A9FA0000
heap
page read and write
154336B0000
heap
page read and write
E11127E000
stack
page read and write
3E70000
direct allocation
page read and write
C54337F000
stack
page read and write
7BC000
unkown
page readonly
1E0CA088000
heap
page read and write
9B2000
unkown
page read and write
1F7FBB20000
heap
page read and write
201B14A5000
heap
page read and write
93ADCBC000
stack
page read and write
FD0000
heap
page read and write
3143000
direct allocation
page read and write
4C7D000
stack
page read and write
2F39000
heap
page read and write
53FC7E000
stack
page read and write
7D2000
unkown
page write copy
60A5A7F000
stack
page read and write
200AA1E0000
heap
page read and write
17E7000
direct allocation
page read and write
2908000
heap
page read and write
37D0000
direct allocation
page read and write
2883000
heap
page read and write
3C30000
direct allocation
page read and write
FA0000
unkown
page write copy
450000
heap
page read and write
60A5B7E000
stack
page read and write
308B000
direct allocation
page read and write
30F1000
direct allocation
page read and write
293F83F0000
heap
page read and write
2843000
direct allocation
page read and write
425E000
direct allocation
page read and write
3060000
direct allocation
page read and write
1AD94CF0000
heap
page read and write
23796890000
heap
page read and write
2951A3E8000
heap
page read and write
AB96FBD000
stack
page read and write
1CFC8800000
heap
page read and write
2E80000
heap
page read and write
201B14A0000
heap
page read and write
1EC046C0000
heap
page read and write
47CB000
direct allocation
page read and write
1D5A7AA0000
heap
page read and write
D14000
unkown
page write copy
4249000
direct allocation
page read and write
223C000
direct allocation
page read and write
1E0CA035000
heap
page read and write
1FA85900000
heap
page read and write
1FAAAAB0000
heap
page read and write
37FF000
direct allocation
page read and write
58A17EF000
stack
page read and write
1900000
direct allocation
page execute and read and write
9B7000
unkown
page readonly
4D7B000
stack
page read and write
2BC66FE000
unkown
page readonly
39CD000
stack
page read and write
C69497E000
stack
page read and write
FBD000
stack
page read and write
643D8FF000
stack
page read and write
CD0000
direct allocation
page read and write
21111660000
heap
page read and write
26E9000
heap
page read and write
53FD7E000
stack
page read and write
1892000
direct allocation
page read and write
2882000
heap
page read and write
184B000
direct allocation
page read and write
1874000
direct allocation
page read and write
2BC667E000
stack
page read and write
2408CB10000
heap
page read and write
D00000
unkown
page read and write
F5BE78C000
stack
page read and write
16505450000
heap
page read and write
5AE000
stack
page read and write
1E0CA080000
heap
page read and write
9D10C7F000
stack
page read and write
30FA000
direct allocation
page read and write
7DB000
unkown
page readonly
2178C920000
heap
page read and write
148C87B5000
heap
page read and write
200A9F80000
heap
page read and write
9A9000
unkown
page write copy
201B1220000
heap
page read and write
28CE000
direct allocation
page read and write
117557E000
stack
page read and write
1600000
heap
page read and write
23796630000
heap
page read and write
2331BC28000
heap
page read and write
4D80000
trusted library allocation
page read and write
30B6000
direct allocation
page read and write
1558000
heap
page read and write
4D9B000
trusted library allocation
page read and write
2331BC20000
heap
page read and write
22C2000
direct allocation
page read and write
1D7551D0000
heap
page read and write
181DB220000
heap
page read and write
2920000
direct allocation
page read and write
2BE52ED0000
heap
page read and write
C2E000
stack
page read and write
17B0000
direct allocation
page read and write
1219000
heap
page read and write
232AF998000
heap
page read and write
AB972FF000
stack
page read and write
1CFC8810000
heap
page read and write
37E3000
direct allocation
page read and write
2331BB70000
heap
page read and write
4DAA000
trusted library allocation
page read and write
22ED000
direct allocation
page read and write
28DD000
direct allocation
page read and write
2651F905000
heap
page read and write
247F47D000
stack
page read and write
37DB000
direct allocation
page read and write
21111755000
heap
page read and write
247F67F000
stack
page read and write
184F000
stack
page read and write
2892000
direct allocation
page read and write
4330000
direct allocation
page read and write
15CAD7E000
stack
page read and write
237965D0000
heap
page read and write
2A357E10000
heap
page read and write
9A9000
unkown
page read and write
2F29000
heap
page read and write
8A0000
heap
page read and write
16505700000
heap
page read and write
623037E000
stack
page read and write
CA7907E000
stack
page read and write
7DB000
unkown
page readonly
2851000
direct allocation
page read and write
200A9FE8000
heap
page read and write
15F0000
heap
page read and write
4292000
direct allocation
page read and write
5220AFF000
stack
page read and write
28B9000
direct allocation
page read and write
228D000
direct allocation
page read and write
710000
unkown
page readonly
1FA858E0000
heap
page read and write
161C000
heap
page read and write
1603000
heap
page read and write
1E0C9FF0000
heap
page read and write
17F5000
direct allocation
page read and write
A86167E000
stack
page read and write
F1B000
stack
page read and write
7D2000
unkown
page read and write
22AA000
direct allocation
page read and write
22C06D60000
heap
page read and write
26EB000
heap
page read and write
306E000
direct allocation
page read and write
4D9B000
trusted library allocation
page read and write
30A8000
direct allocation
page read and write
456C07E000
stack
page read and write
1F7FBB40000
heap
page read and write
20FBF290000
heap
page read and write
5AC000
stack
page read and write
187B000
direct allocation
page read and write
4B41000
heap
page read and write
2252000
direct allocation
page read and write
36B0000
heap
page read and write
46BF000
stack
page read and write
1601000
heap
page read and write
22C07000000
heap
page read and write
1AD94AB0000
heap
page read and write
2408CDB0000
heap
page read and write
72F000
stack
page read and write
BE0000
heap
page read and write
3B00000
direct allocation
page read and write
A61098D000
stack
page read and write
22C06DB8000
heap
page read and write
623047F000
stack
page read and write
3151000
direct allocation
page read and write
1FA85998000
heap
page read and write
3BB0000
direct allocation
page read and write
1812000
direct allocation
page read and write
9B9000
unkown
page readonly
20FBF535000
heap
page read and write
4D80000
trusted library allocation
page read and write
1929000
heap
page read and write
687527D000
stack
page read and write
21111760000
heap
page read and write
30C6000
direct allocation
page read and write
141EF4F0000
heap
page read and write
165F1018000
heap
page read and write
30CD000
direct allocation
page read and write
1D755190000
heap
page read and write
C79087D000
stack
page read and write
9AB000
unkown
page read and write
20FBF490000
heap
page read and write
1EC04510000
heap
page read and write
D2F000
stack
page read and write
2936000
direct allocation
page read and write
3110000
direct allocation
page read and write
7BC000
unkown
page readonly
200AA1E5000
heap
page read and write
F9D000
unkown
page read and write
2260000
direct allocation
page read and write
293F85D0000
heap
page read and write
3134000
direct allocation
page read and write
9D10B7F000
stack
page read and write
293F84D8000
heap
page read and write
1804000
direct allocation
page read and write
5C8000
heap
page read and write
6C9E8000
unkown
page readonly
134E000
stack
page read and write
2178CC05000
heap
page read and write
1D5A7A60000
heap
page read and write
181DB278000
heap
page read and write
687537E000
stack
page read and write
E7C7BFF000
stack
page read and write
4DAA000
trusted library allocation
page read and write
2E8F000
stack
page read and write
CFE000
unkown
page read and write
7F0000
heap
page read and write
165F1110000
heap
page read and write
26EE000
heap
page read and write
18B6000
direct allocation
page read and write
456C17F000
stack
page read and write
C70000
heap
page read and write
15FA000
heap
page read and write
710000
unkown
page readonly
3170000
heap
page read and write
30D4000
direct allocation
page read and write
93ADDBF000
stack
page read and write
453B6FE000
stack
page read and write
3740000
trusted library allocation
page read and write
1EC046C8000
heap
page read and write
293D000
direct allocation
page read and write
1920000
heap
page read and write
3F50000
direct allocation
page read and write
CD0000
direct allocation
page read and write
2D8E000
stack
page read and write
2331BEE5000
heap
page read and write
18D3000
direct allocation
page read and write
950000
heap
page read and write
1864000
direct allocation
page read and write
A610CFF000
stack
page read and write
1440000
heap
page read and write
1E0CA030000
heap
page read and write
27A0000
direct allocation
page read and write
13C8000
heap
page read and write
9B9000
heap
page read and write
26EA000
heap
page read and write
900000
unkown
page readonly
201B12D0000
heap
page read and write
201B1200000
heap
page read and write
410F000
stack
page read and write
880000
heap
page read and write
4D97000
trusted library allocation
page read and write
427E000
direct allocation
page read and write
7EA147D000
stack
page read and write
2BE53300000
heap
page read and write
3092000
direct allocation
page read and write
2F16000
heap
page read and write
3118000
direct allocation
page read and write
2A01000
heap
page read and write
15CAC7D000
stack
page read and write
426E000
direct allocation
page read and write
293F8780000
heap
page read and write
1D7553C5000
heap
page read and write
28BE000
direct allocation
page read and write
A0854FF000
stack
page read and write
23796638000
heap
page read and write
710000
unkown
page readonly
FE0000
heap
page read and write
17AE000
stack
page read and write
1913000
heap
page read and write
2A357C40000
heap
page read and write
901000
unkown
page execute read
1210000
heap
page read and write
C54347E000
stack
page read and write
232AF860000
heap
page read and write
1CDBCCF0000
heap
page read and write
1370000
heap
page read and write
447E000
stack
page read and write
3B40000
direct allocation
page read and write
2A80000
heap
page read and write
2178C9A8000
heap
page read and write
18C4000
direct allocation
page read and write
307C000
direct allocation
page read and write
165F1130000
heap
page read and write
20FBF280000
heap
page read and write
2318000
direct allocation
page read and write
237965C0000
heap
page read and write
286E000
direct allocation
page read and write
E7C779D000
stack
page read and write
15B0000
heap
page read and write
7D2000
unkown
page write copy
3099000
direct allocation
page read and write
2F17000
heap
page read and write
2178C940000
heap
page read and write
154336B5000
heap
page read and write
22FC000
direct allocation
page read and write
643D5AC000
stack
page read and write
165F1010000
heap
page read and write
4B54EFF000
stack
page read and write
22E6000
direct allocation
page read and write
1CDBCDF5000
heap
page read and write
165054F8000
heap
page read and write
181DB1F0000
heap
page read and write
3DB0000
direct allocation
page read and write
200A9FE0000
heap
page read and write
17D9000
direct allocation
page read and write
7F5CB000
direct allocation
page read and write
15433328000
heap
page read and write
15F3000
heap
page read and write
4B40000
heap
page read and write
4D80000
trusted library allocation
page read and write
414C000
stack
page read and write
28C0000
direct allocation
page read and write
7EA157E000
stack
page read and write
314A000
direct allocation
page read and write
A6C000
unkown
page execute read
10007D000
stack
page read and write
C80000
direct allocation
page execute and read and write
B4E000
stack
page read and write
2408CA90000
heap
page read and write
2951A5D0000
heap
page read and write
2802000
heap
page read and write
2E83000
heap
page read and write
201B12D8000
heap
page read and write
C790A7F000
stack
page read and write
1F7FBCC0000
heap
page read and write
3109000
direct allocation
page read and write
1EC04945000
heap
page read and write
1350000
heap
page read and write
710000
unkown
page readonly
F76000
stack
page read and write
22B1000
direct allocation
page read and write
1839000
direct allocation
page read and write
22C07005000
heap
page read and write
22DF000
direct allocation
page read and write
FF0000
heap
page read and write
188B000
direct allocation
page read and write
22D8000
direct allocation
page read and write
15F4000
heap
page read and write
141EF4F8000
heap
page read and write
28D6000
direct allocation
page read and write
2F05000
heap
page read and write
9B2000
unkown
page read and write
2A00000
heap
page read and write
643D9FE000
stack
page read and write
174F000
stack
page read and write
2BC633C000
stack
page read and write
7D2000
unkown
page read and write
400E000
stack
page read and write
A0850CD000
stack
page read and write
4D80000
trusted library allocation
page read and write
453B3FF000
stack
page read and write
A00000
heap
page read and write
232AF960000
heap
page read and write
1F7FB950000
heap
page read and write
4240000
direct allocation
page read and write
CFE000
unkown
page write copy
8A6000
heap
page read and write
52206DD000
stack
page read and write
1D7551B0000
heap
page read and write
455000
heap
page read and write
F5BEAFF000
stack
page read and write
22C06DB0000
heap
page read and write
45BE000
stack
page read and write
13B0000
heap
page read and write
4239000
direct allocation
page read and write
1925000
heap
page read and write
22C06D90000
heap
page read and write
D17000
unkown
page readonly
7EA167E000
stack
page read and write
1FAAAA00000
heap
page read and write
7DB000
unkown
page readonly
2968000
direct allocation
page read and write
26EE000
heap
page read and write
2830000
direct allocation
page read and write
3051000
direct allocation
page read and write
687547E000
stack
page read and write
60A573D000
stack
page read and write
6C9F8000
unkown
page write copy
1CDBCDF0000
heap
page read and write
457F000
stack
page read and write
211117E0000
heap
page read and write
F8E000
unkown
page read and write
3010000
direct allocation
page read and write
1D7553C0000
heap
page read and write
1B5516E0000
heap
page read and write
2802000
heap
page read and write
1609000
heap
page read and write
2651F900000
heap
page read and write
13C0000
heap
page read and write
1F7FB940000
heap
page read and write
3039000
direct allocation
page read and write
232AFC60000
heap
page read and write
638F000
stack
page read and write
2651F830000
heap
page read and write
CC0000
heap
page read and write
2408CDB5000
heap
page read and write
18DA000
direct allocation
page read and write
290B000
direct allocation
page read and write
288B000
direct allocation
page read and write
8DE7DCD000
stack
page read and write
15433520000
heap
page read and write
2267000
direct allocation
page read and write
18A8000
direct allocation
page read and write
1569000
heap
page read and write
2235000
direct allocation
page read and write
30DA000
direct allocation
page read and write
A610DFE000
stack
page read and write
313C000
direct allocation
page read and write
1CFC8850000
heap
page read and write
2311000
direct allocation
page read and write
CD0000
direct allocation
page read and write
2912000
direct allocation
page read and write
12FD000
stack
page read and write
1883000
direct allocation
page read and write
2953000
direct allocation
page read and write
There are 758 hidden memdumps, click here to show them.