IOC Report
#U5b89#U88c5#U52a9#U624b1.0.3.exe

loading gif

Files

File Path
Type
Category
Malicious
#U5b89#U88c5#U52a9#U624b1.0.3.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\Program Files (x86)\Windows NT\hrsw.vbc
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
malicious
C:\Program Files (x86)\Windows NT\tProtect.dll
PE32+ executable (native) x86-64, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\is-3G83D.tmp\#U5b89#U88c5#U52a9#U624b1.0.3.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\is-HSI1O.tmp\#U5b89#U88c5#U52a9#U624b1.0.3.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\is-MRB94.tmp\update.vac
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\is-U1N14.tmp\update.vac
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
malicious
C:\Program Files (x86)\Windows NT\7zr.exe
PE32 executable (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Windows NT\file.bin (copy)
data
dropped
C:\Program Files (x86)\Windows NT\is-51JMP.tmp
data
dropped
C:\Program Files (x86)\Windows NT\is-9UHGB.tmp
data
dropped
C:\Program Files (x86)\Windows NT\locale.bin
data
dropped
C:\Program Files (x86)\Windows NT\locale.dat
7-zip archive data, version 0.4
dropped
C:\Program Files (x86)\Windows NT\locale2.bin
data
dropped
C:\Program Files (x86)\Windows NT\locale2.dat
7-zip archive data, version 0.4
dropped
C:\Program Files (x86)\Windows NT\locale3.bin
data
dropped
C:\Program Files (x86)\Windows NT\locale3.dat
7-zip archive data, version 0.4
dropped
C:\Program Files (x86)\Windows NT\locale4.bin
data
dropped
C:\Program Files (x86)\Windows NT\locale4.dat
7-zip archive data, version 0.4
dropped
C:\Program Files (x86)\Windows NT\locale7.bin
data
dropped
C:\Program Files (x86)\Windows NT\locale7.dat
7-zip archive data, version 0.4
dropped
C:\Program Files (x86)\Windows NT\res.dat
7-zip archive data, version 0.4
dropped
C:\Program Files (x86)\Windows NT\task.xml
data
dropped
C:\Program Files (x86)\Windows NT\trash
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2p2k5iwb.q0y.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kvjygs2h.2td.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uv3ixvps.aom.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zcnjpcuh.3b5.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\is-MRB94.tmp\_isetup\_setup64.tmp
PE32+ executable (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\is-U1N14.tmp\_isetup\_setup64.tmp
PE32+ executable (console) x86-64, for MS Windows
dropped
\Device\ConDrv
ASCII text, with CRLF, CR line terminators
dropped
There are 22 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\#U5b89#U88c5#U52a9#U624b1.0.3.exe
"C:\Users\user\Desktop\#U5b89#U88c5#U52a9#U624b1.0.3.exe"
malicious
C:\Users\user\AppData\Local\Temp\is-HSI1O.tmp\#U5b89#U88c5#U52a9#U624b1.0.3.tmp
"C:\Users\user\AppData\Local\Temp\is-HSI1O.tmp\#U5b89#U88c5#U52a9#U624b1.0.3.tmp" /SL5="$2040C,6541320,845824,C:\Users\user\Desktop\#U5b89#U88c5#U52a9#U624b1.0.3.exe"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" -Command "Add-MpPreference -ExclusionPath 'C:\'"
malicious
C:\Users\user\Desktop\#U5b89#U88c5#U52a9#U624b1.0.3.exe
"C:\Users\user\Desktop\#U5b89#U88c5#U52a9#U624b1.0.3.exe" /VERYSILENT
malicious
C:\Users\user\AppData\Local\Temp\is-3G83D.tmp\#U5b89#U88c5#U52a9#U624b1.0.3.tmp
"C:\Users\user\AppData\Local\Temp\is-3G83D.tmp\#U5b89#U88c5#U52a9#U624b1.0.3.tmp" /SL5="$1042A,6541320,845824,C:\Users\user\Desktop\#U5b89#U88c5#U52a9#U624b1.0.3.exe" /VERYSILENT
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc create CleverSoar displayname= CleverSoar binPath= "C:\Program Files (x86)\Windows NT\tProtect.dll" type= kernel start= auto
C:\Windows\System32\sc.exe
sc create CleverSoar displayname= CleverSoar binPath= "C:\Program Files (x86)\Windows NT\tProtect.dll" type= kernel start= auto
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Program Files (x86)\Windows NT\7zr.exe
7zr.exe x -y res.dat -pad8dtyw9eyfd9aslyd9iald
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Program Files (x86)\Windows NT\7zr.exe
7zr.exe x -y locale3.dat -pasfasdf79yf9layslofs
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
C:\Windows\System32\sc.exe
sc start CleverSoar
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd /c start sc start CleverSoar
There are 98 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
unknown
https://www.remobjects.com/ps
unknown
https://www.innosetup.com/
unknown

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Owner
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
SessionHash
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Sequence
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Owner
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
SessionHash
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Sequence
HKEY_CURRENT_USER\SOFTWARE\Magisk
ring3_username

Memdumps

Base Address
Regiontype
Protect
Malicious
1C6883D0000
heap
page read and write
1163000
heap
page read and write
EE8377F000
stack
page read and write
22C238D0000
heap
page read and write
882000
unkown
page read and write
1E844AB0000
heap
page read and write
189721C0000
heap
page read and write
6D97D4D000
stack
page read and write
1AE4C020000
heap
page read and write
4C9000
unkown
page read and write
1C688390000
heap
page read and write
3CCC000
stack
page read and write
250000
unkown
page readonly
1F50FFF000
stack
page read and write
882000
unkown
page write copy
C90000
heap
page read and write
CC000
stack
page read and write
1484EF18000
heap
page read and write
1E844AB8000
heap
page read and write
2473B930000
heap
page read and write
2C74000
direct allocation
page read and write
B1729FF000
stack
page read and write
20A16920000
heap
page read and write
6CC78000
unkown
page readonly
2A1B000
direct allocation
page read and write
2AB6000
direct allocation
page read and write
E89267D000
stack
page read and write
115A000
heap
page read and write
165F5510000
heap
page read and write
4A16000
trusted library allocation
page read and write
C1F000
stack
page read and write
21D603C5000
heap
page read and write
F8E000
stack
page read and write
2C28000
direct allocation
page read and write
2BB0000
direct allocation
page read and write
1AEA9F68000
heap
page read and write
1AEA9EA0000
heap
page read and write
22E09F60000
heap
page read and write
2460D590000
heap
page read and write
2A81000
direct allocation
page read and write
2836000
direct allocation
page read and write
1E844CA0000
heap
page read and write
3DDE000
direct allocation
page read and write
EEF000
stack
page read and write
47B0000
heap
page read and write
28D8000
direct allocation
page read and write
3163000
direct allocation
page read and write
DC4F4FE000
unkown
page readonly
22E09E50000
heap
page read and write
1AF77E50000
heap
page read and write
2BF5000
direct allocation
page read and write
49EB000
stack
page read and write
216695A0000
heap
page read and write
280B000
direct allocation
page read and write
15DD000
heap
page read and write
26B5000
heap
page read and write
F40000
heap
page read and write
950000
heap
page read and write
7C0000
unkown
page readonly
515000
unkown
page readonly
6CC88000
unkown
page write copy
1150000
heap
page read and write
22E09F70000
heap
page read and write
2460D308000
heap
page read and write
2804000
direct allocation
page read and write
239EE580000
heap
page read and write
2013D8D5000
heap
page read and write
1EF417B0000
heap
page read and write
2150000
direct allocation
page read and write
287A000
direct allocation
page read and write
21D60078000
heap
page read and write
4D2000
unkown
page read and write
2A5D000
direct allocation
page read and write
27C0000
heap
page read and write
2A99000
direct allocation
page read and write
B5E000
stack
page read and write
2BFD000
direct allocation
page read and write
2CD3000
direct allocation
page read and write
20A16758000
heap
page read and write
2460D420000
heap
page read and write
4A0A000
trusted library allocation
page read and write
20C72635000
heap
page read and write
440000
heap
page read and write
1D06E410000
heap
page read and write
17AFDD48000
heap
page read and write
284D000
direct allocation
page read and write
48ED000
stack
page read and write
450000
unkown
page readonly
2C12000
direct allocation
page read and write
2140000
heap
page read and write
2828000
direct allocation
page read and write
160E8985000
heap
page read and write
310B000
direct allocation
page read and write
1AE4C210000
heap
page read and write
1F242C40000
heap
page read and write
4410000
direct allocation
page read and write
22CBE260000
heap
page read and write
1158000
heap
page read and write
64A87C000
stack
page read and write
2C83000
direct allocation
page read and write
132F000
stack
page read and write
2A56000
direct allocation
page read and write
5B9A87E000
stack
page read and write
3DCE000
direct allocation
page read and write
B9E000
stack
page read and write
1F7DB9B0000
heap
page read and write
26BC000
heap
page read and write
6CD59000
unkown
page execute read
9BE000
stack
page read and write
B77DF7F000
stack
page read and write
2C4B000
direct allocation
page read and write
103FDB30000
heap
page read and write
238EAD70000
heap
page read and write
DF1577E000
stack
page read and write
2898000
direct allocation
page read and write
9ED3EAC000
stack
page read and write
3085000
direct allocation
page read and write
882000
unkown
page read and write
2BEE000
direct allocation
page read and write
1AE4C3F5000
heap
page read and write
3D0000
heap
page read and write
2AE8000
direct allocation
page read and write
5F12EFE000
stack
page read and write
5F12FFE000
stack
page read and write
29E8000
direct allocation
page read and write
1F7DBB18000
heap
page read and write
22CBE1C0000
heap
page read and write
2460D595000
heap
page read and write
71B1D7E000
stack
page read and write
2CE8000
direct allocation
page read and write
E89287F000
stack
page read and write
2F90000
direct allocation
page read and write
307E000
direct allocation
page read and write
5D2376D000
stack
page read and write
2E70C290000
heap
page read and write
286A000
direct allocation
page read and write
1830000
heap
page read and write
3DB9000
direct allocation
page read and write
7AB000
stack
page read and write
238EAD50000
heap
page read and write
165F54E0000
heap
page read and write
2C64000
direct allocation
page read and write
1AE4C230000
heap
page read and write
4429000
direct allocation
page read and write
460000
heap
page read and write
2C5D000
direct allocation
page read and write
1EF41838000
heap
page read and write
4D9000
unkown
page readonly
88B000
unkown
page readonly
6FD000
stack
page read and write
451000
unkown
page execute read
7FC5A000
direct allocation
page read and write
22E09F65000
heap
page read and write
7C0000
unkown
page readonly
28C0000
heap
page read and write
2A29000
direct allocation
page read and write
1816F7E000
stack
page read and write
28D1000
direct allocation
page read and write
1A7CE1A5000
heap
page read and write
B1728FE000
stack
page read and write
2AA0000
direct allocation
page read and write
7F95B000
direct allocation
page read and write
160E8980000
heap
page read and write
114A000
heap
page read and write
3154000
direct allocation
page read and write
165F58C5000
heap
page read and write
1899000
heap
page read and write
27B9000
direct allocation
page read and write
4D7000
unkown
page readonly
489000
heap
page read and write
1ECBDFF000
stack
page read and write
1154000
heap
page read and write
2460D400000
heap
page read and write
2199000
heap
page read and write
1AE4C130000
heap
page read and write
409F000
direct allocation
page read and write
3B5E000
heap
page read and write
30AE000
direct allocation
page read and write
2190000
heap
page read and write
1110000
heap
page read and write
1F7DBA90000
heap
page read and write
4FE000
unkown
page read and write
30C9000
direct allocation
page read and write
3B8E000
stack
page read and write
2EB0000
heap
page read and write
1E844A50000
heap
page read and write
20A169C0000
heap
page read and write
17AFE0D5000
heap
page read and write
1F242958000
heap
page read and write
1F242950000
heap
page read and write
1132000
heap
page read and write
2E70C5B5000
heap
page read and write
1D06DFF0000
heap
page read and write
705000
unkown
page write copy
315C000
direct allocation
page read and write
2013D8A0000
heap
page read and write
F46000
heap
page read and write
14131D000
stack
page read and write
1496000
heap
page read and write
F8F000
stack
page read and write
5B9A77E000
stack
page read and write
2A92000
direct allocation
page read and write
21A7EFE000
stack
page read and write
21669540000
heap
page read and write
154E000
stack
page read and write
3070000
direct allocation
page read and write
1484EE70000
heap
page read and write
22E09F90000
heap
page read and write
470000
heap
page read and write
1C688370000
heap
page read and write
1200000
heap
page read and write
9FE000
stack
page read and write
239EE588000
heap
page read and write
4070000
direct allocation
page read and write
1298AFF000
stack
page read and write
BD61BFD000
stack
page read and write
2551E3C0000
heap
page read and write
160E8680000
heap
page read and write
7B0000
heap
page read and write
1A7CDEE8000
heap
page read and write
218C000
heap
page read and write
2C18000
direct allocation
page read and write
27EE000
direct allocation
page read and write
21A9000
heap
page read and write
316A000
direct allocation
page read and write
1484EEA5000
heap
page read and write
99E000
stack
page read and write
EA5671C000
stack
page read and write
1135000
heap
page read and write
4E1EC7F000
stack
page read and write
2A64000
direct allocation
page read and write
2A8A000
direct allocation
page read and write
30DB000
direct allocation
page read and write
239EE845000
heap
page read and write
2A14000
direct allocation
page read and write
1F242C45000
heap
page read and write
1154000
heap
page read and write
21669810000
heap
page read and write
6CD53000
unkown
page read and write
2551E428000
heap
page read and write
1172000
heap
page read and write
28A6000
direct allocation
page read and write
1164000
heap
page read and write
2C0B000
direct allocation
page read and write
1D06E415000
heap
page read and write
30FD000
direct allocation
page read and write
4D4E000
stack
page read and write
1AEAA225000
heap
page read and write
25C0000
direct allocation
page read and write
95D747C000
stack
page read and write
1F49D3D0000
heap
page read and write
1AF77D50000
heap
page read and write
189723E5000
heap
page read and write
2A46000
direct allocation
page read and write
1162000
heap
page read and write
2CA8000
direct allocation
page read and write
6D9807F000
stack
page read and write
27D8000
direct allocation
page read and write
165F55B8000
heap
page read and write
1F49D6F0000
heap
page read and write
2180000
heap
page read and write
2FB0000
direct allocation
page read and write
1D06E0A0000
heap
page read and write
22C23570000
heap
page read and write
1F49D6F5000
heap
page read and write
3040000
heap
page read and write
282F000
direct allocation
page read and write
1AF77B80000
heap
page read and write
3130000
direct allocation
page read and write
577000
unkown
page readonly
22E09E58000
heap
page read and write
1AF77E55000
heap
page read and write
88B000
unkown
page readonly
3E00000
direct allocation
page read and write
1484EEA0000
heap
page read and write
25D0000
direct allocation
page read and write
4F8F000
stack
page read and write
3050000
direct allocation
page execute and read and write
15A0000
heap
page read and write
3180000
heap
page read and write
4A0A000
trusted library allocation
page read and write
4C9000
unkown
page read and write
C98000
heap
page read and write
2ADA000
direct allocation
page read and write
6D9817F000
stack
page read and write
1AF77B50000
heap
page read and write
2A7A000
direct allocation
page read and write
160E8780000
heap
page read and write
22C23670000
heap
page read and write
88B000
unkown
page readonly
1CB30CD5000
heap
page read and write
22C238D5000
heap
page read and write
E8F000
stack
page read and write
29F7000
direct allocation
page read and write
20A16750000
heap
page read and write
238EAB88000
heap
page read and write
CFC000
stack
page read and write
3069000
direct allocation
page read and write
1AEAA220000
heap
page read and write
1CB30A80000
heap
page read and write
1ECB9FC000
stack
page read and write
29F0000
direct allocation
page read and write
2741000
heap
page read and write
2AC4000
direct allocation
page read and write
130E000
stack
page read and write
30E6000
direct allocation
page read and write
3DA9000
direct allocation
page read and write
CA9000
heap
page read and write
1153000
heap
page read and write
3053000
direct allocation
page read and write
28BC000
direct allocation
page read and write
30ED000
direct allocation
page read and write
27E0000
direct allocation
page read and write
309B000
direct allocation
page read and write
30B8000
direct allocation
page read and write
2ABD000
direct allocation
page read and write
179E000
stack
page read and write
421000
unkown
page execute read
1484EF10000
heap
page read and write
1C688630000
heap
page read and write
216695A8000
heap
page read and write
714000
unkown
page write copy
189722C0000
heap
page read and write
1F49D5E0000
heap
page read and write
4E4F000
stack
page read and write
1409000
heap
page read and write
656000
unkown
page execute read
2013D990000
heap
page read and write
4A18000
trusted library allocation
page read and write
1580000
heap
page read and write
283F000
direct allocation
page read and write
2A22000
direct allocation
page read and write
1CB309A0000
heap
page read and write
3146000
direct allocation
page read and write
6CE43000
unkown
page readonly
4070000
direct allocation
page read and write
160E8760000
heap
page read and write
46A3CE000
stack
page read and write
F47000
heap
page read and write
2CB6000
direct allocation
page read and write
1A7CDD30000
heap
page read and write
21669530000
heap
page read and write
20C72350000
heap
page read and write
26C0000
heap
page read and write
1A7CDE10000
heap
page read and write
70D000
unkown
page read and write
27C9000
direct allocation
page read and write
1D06E010000
heap
page read and write
27CC000
heap
page read and write
7C1000
unkown
page execute read
29FE000
direct allocation
page read and write
3061000
direct allocation
page read and write
2819000
direct allocation
page read and write
9E6CB7E000
stack
page read and write
882000
unkown
page write copy
1F49D5C0000
heap
page read and write
3077000
direct allocation
page read and write
F40000
heap
page read and write
2013D8D0000
heap
page read and write
79FF17F000
stack
page read and write
26C1000
heap
page read and write
49F0000
trusted library allocation
page read and write
1AE4C3F0000
heap
page read and write
3F0000
heap
page read and write
1C688635000
heap
page read and write
7BE000
stack
page read and write
C68ACBD000
stack
page read and write
29C9000
direct allocation
page read and write
17AFDC90000
heap
page read and write
3129000
direct allocation
page read and write
2C40000
direct allocation
page read and write
103FDC30000
heap
page read and write
238EAEC5000
heap
page read and write
E89277F000
stack
page read and write
3104000
direct allocation
page read and write
2A05000
direct allocation
page read and write
9E6C72C000
stack
page read and write
BA0000
heap
page read and write
1153000
heap
page read and write
86C000
unkown
page readonly
77E000
stack
page read and write
1E844950000
heap
page read and write
B10000
heap
page read and write
30F4000
direct allocation
page read and write
430000
heap
page read and write
4CB000
unkown
page read and write
2E70C5B0000
heap
page read and write
238EAB80000
heap
page read and write
4D6000
unkown
page read and write
2196000
heap
page read and write
1833000
heap
page read and write
DC4F47E000
stack
page read and write
1170000
heap
page read and write
3E924CD000
stack
page read and write
2473B5B8000
heap
page read and write
117C000
heap
page read and write
20A16720000
heap
page read and write
F30000
heap
page read and write
71B196C000
stack
page read and write
2192000
heap
page read and write
160E87D8000
heap
page read and write
88B000
unkown
page readonly
B77DE7F000
stack
page read and write
1F2428F0000
heap
page read and write
2CCC000
direct allocation
page read and write
2BD9000
direct allocation
page read and write
9ED3FAE000
stack
page read and write
15A8000
heap
page read and write
95D767F000
stack
page read and write
189721C8000
heap
page read and write
6FB000
unkown
page execute read
4CB000
unkown
page read and write
21BA000
heap
page read and write
1AEA9EC0000
heap
page read and write
77E000
stack
page read and write
28C1000
heap
page read and write
95D757E000
stack
page read and write
26B0000
heap
page read and write
4E1EB7F000
stack
page read and write
437E000
direct allocation
page read and write
22C23490000
heap
page read and write
26B9000
heap
page read and write
510000
unkown
page write copy
BD61EFE000
stack
page read and write
700000
unkown
page write copy
C68ADBE000
stack
page read and write
6CAD0000
unkown
page readonly
2AE1000
direct allocation
page read and write
2551E2E0000
heap
page read and write
2E70000
direct allocation
page read and write
479F000
stack
page read and write
43A0000
direct allocation
page read and write
2E70C390000
heap
page read and write
21A9000
heap
page read and write
4FF0C7C000
stack
page read and write
F48000
heap
page read and write
3C8F000
stack
page read and write
2013D8E0000
heap
page read and write
103FDC58000
heap
page read and write
1EF417D0000
heap
page read and write
103FDC10000
heap
page read and write
2AA8000
direct allocation
page read and write
DE0000
heap
page read and write
308D000
direct allocation
page read and write
46A2CD000
stack
page read and write
1180000
heap
page read and write
27E7000
direct allocation
page read and write
958000
heap
page read and write
160E87D0000
heap
page read and write
28CA000
direct allocation
page read and write
3514AED000
stack
page read and write
2C7B000
direct allocation
page read and write
1CB30AC8000
heap
page read and write
21669815000
heap
page read and write
2BE7000
direct allocation
page read and write
103FDC50000
heap
page read and write
1C6883D8000
heap
page read and write
2197000
heap
page read and write
4D0E000
stack
page read and write
103FDD90000
heap
page read and write
1170000
heap
page read and write
BEC000
stack
page read and write
2C39000
direct allocation
page read and write
4D5000
unkown
page write copy
71B1C7E000
stack
page read and write
1820000
heap
page read and write
2DF0000
direct allocation
page read and write
48B0000
trusted library allocation
page read and write
2C56000
direct allocation
page read and write
1E844A30000
heap
page read and write
49F0000
trusted library allocation
page read and write
9ED42FF000
stack
page read and write
30DE000
direct allocation
page read and write
86C000
unkown
page readonly
7C1000
unkown
page execute read
1570000
heap
page read and write
970000
heap
page read and write
2473B780000
heap
page read and write
17AFDC80000
heap
page read and write
79FF07E000
stack
page read and write
64A97E000
stack
page read and write
27D1000
direct allocation
page read and write
313F000
direct allocation
page read and write
6CD000
unkown
page execute read
1163000
heap
page read and write
1ECBCFF000
stack
page read and write
5B9A67C000
stack
page read and write
28AD000
direct allocation
page read and write
2A0C000
direct allocation
page read and write
21A7BED000
stack
page read and write
17AFDD40000
heap
page read and write
1298BFE000
stack
page read and write
2C04000
direct allocation
page read and write
2812000
direct allocation
page read and write
505000
unkown
page read and write
21669560000
heap
page read and write
189720B0000
heap
page read and write
239EE790000
heap
page read and write
EA56B7F000
stack
page read and write
86C000
unkown
page readonly
C2D7C8C000
stack
page read and write
239EE840000
heap
page read and write
1490000
heap
page read and write
2A30000
direct allocation
page read and write
3170000
heap
page read and write
2780000
heap
page read and write
6CAD1000
unkown
page execute read
28C3000
direct allocation
page read and write
218C000
heap
page read and write
21D603C0000
heap
page read and write
46A6FF000
stack
page read and write
49F0000
trusted library allocation
page read and write
22CBE268000
heap
page read and write
3514EFF000
stack
page read and write
30D0000
heap
page read and write
3030000
direct allocation
page read and write
7C0000
unkown
page readonly
10CE000
stack
page read and write
2820000
direct allocation
page read and write
2CAF000
direct allocation
page read and write
4E8E000
stack
page read and write
22C23678000
heap
page read and write
1F7DBB10000
heap
page read and write
2473B590000
heap
page read and write
189723E0000
heap
page read and write
21D5FFB0000
heap
page read and write
108E000
stack
page read and write
2013D997000
heap
page read and write
2D70000
direct allocation
page read and write
43A3000
direct allocation
page read and write
1F50EFF000
stack
page read and write
2013D7C0000
heap
page read and write
22CBE0E0000
heap
page read and write
3171000
direct allocation
page read and write
1AF77B60000
heap
page read and write
2460D300000
heap
page read and write
4FCB000
stack
page read and write
B77DB2D000
stack
page read and write
1F7DBAB0000
heap
page read and write
13A0000
heap
page read and write
1AE4C028000
heap
page read and write
1C688360000
heap
page read and write
27F5000
direct allocation
page read and write
285A000
direct allocation
page read and write
79FED4D000
stack
page read and write
3AD0000
direct allocation
page read and write
29C0000
direct allocation
page read and write
21D60070000
heap
page read and write
3870000
trusted library allocation
page read and write
1840000
direct allocation
page read and write
47B1000
heap
page read and write
2A4F000
direct allocation
page read and write
116F000
heap
page read and write
2551E420000
heap
page read and write
2BE0000
direct allocation
page read and write
2E70C370000
heap
page read and write
1EF417D5000
heap
page read and write
73E000
stack
page read and write
20C72630000
heap
page read and write
3094000
direct allocation
page read and write
1EF41830000
heap
page read and write
1118000
heap
page read and write
714000
unkown
page read and write
22E09D60000
heap
page read and write
4FF0D7E000
stack
page read and write
3138000
direct allocation
page read and write
1AEA9E90000
heap
page read and write
115D000
heap
page read and write
2BC3000
direct allocation
page read and write
705000
unkown
page read and write
12987CD000
stack
page read and write
AE6000
stack
page read and write
1400000
heap
page read and write
21D5FFA0000
heap
page read and write
35C000
stack
page read and write
3114000
direct allocation
page read and write
2551E615000
heap
page read and write
2800000
heap
page read and write
1153000
heap
page read and write
113E000
stack
page read and write
165F55B0000
heap
page read and write
2551E3E0000
heap
page read and write
115A000
heap
page read and write
64AA7E000
stack
page read and write
3122000
direct allocation
page read and write
2CE1000
direct allocation
page read and write
2C92000
direct allocation
page read and write
1480000
heap
page read and write
B17259D000
stack
page read and write
14167F000
stack
page read and write
67E000
stack
page read and write
420000
unkown
page readonly
22CBE4F5000
heap
page read and write
1484ED70000
heap
page read and write
1AEA9F60000
heap
page read and write
2854000
direct allocation
page read and write
1F7DBDE5000
heap
page read and write
181707E000
stack
page read and write
1D06DFE0000
heap
page read and write
3B10000
heap
page read and write
1AF77B88000
heap
page read and write
1840000
direct allocation
page read and write
218A000
heap
page read and write
30D0000
direct allocation
page read and write
2551E610000
heap
page read and write
32D0000
trusted library allocation
page read and write
17A0000
direct allocation
page execute and read and write
2CDA000
direct allocation
page read and write
4388000
direct allocation
page read and write
21D5FFD0000
heap
page read and write
17AFE0D0000
heap
page read and write
9E6CA7F000
stack
page read and write
20A169C5000
heap
page read and write
7F940000
direct allocation
page read and write
1F49D3D8000
heap
page read and write
46C000
unkown
page execute read
22CBE4F0000
heap
page read and write
EE8387F000
stack
page read and write
5F12BDC000
stack
page read and write
239EE770000
heap
page read and write
7C0000
unkown
page readonly
BB0000
heap
page read and write
407B000
direct allocation
page read and write
1F49D4E0000
heap
page read and write
23A8000
heap
page read and write
1238000
stack
page read and write
1CD000
stack
page read and write
165F54F0000
heap
page read and write
1A7CDEE0000
heap
page read and write
2700000
heap
page read and write
1156000
heap
page read and write
1D06E0A8000
heap
page read and write
2A3F000
direct allocation
page read and write
478000
heap
page read and write
49F0000
trusted library allocation
page read and write
2882000
direct allocation
page read and write
EA56A7E000
stack
page read and write
408D000
direct allocation
page read and write
4E1EA7D000
stack
page read and write
3130000
direct allocation
page read and write
2846000
direct allocation
page read and write
35BE000
stack
page read and write
1A7CDE30000
heap
page read and write
20C72358000
heap
page read and write
2C4E000
direct allocation
page read and write
700000
unkown
page read and write
2473B5B0000
heap
page read and write
1895000
heap
page read and write
424E000
stack
page read and write
28B4000
direct allocation
page read and write
50CC000
stack
page read and write
2290000
direct allocation
page read and write
3C0000
heap
page read and write
4FE000
unkown
page write copy
218C000
heap
page read and write
22C23590000
heap
page read and write
165F58C0000
heap
page read and write
6FE000
unkown
page write copy
1CB30CD0000
heap
page read and write
3183000
heap
page read and write
C2D80FF000
stack
page read and write
7C1000
unkown
page execute read
21B9000
heap
page read and write
289F000
direct allocation
page read and write
1EF417E0000
heap
page read and write
4D2000
unkown
page read and write
2890000
direct allocation
page read and write
4083000
direct allocation
page read and write
3178000
direct allocation
page read and write
DF1567D000
stack
page read and write
2185000
heap
page read and write
239EE690000
heap
page read and write
17AFDCB0000
heap
page read and write
50D000
unkown
page read and write
1A7CE1A0000
heap
page read and write
20C722D0000
heap
page read and write
4A0A000
trusted library allocation
page read and write
4A16000
trusted library allocation
page read and write
3040000
direct allocation
page read and write
1CB30AA0000
heap
page read and write
30A2000
direct allocation
page read and write
103FDD95000
heap
page read and write
EE8367D000
stack
page read and write
2B00000
heap
page read and write
1E844CA5000
heap
page read and write
1484EE50000
heap
page read and write
BD61FFE000
stack
page read and write
4A18000
trusted library allocation
page read and write
C68B0FF000
stack
page read and write
29E1000
direct allocation
page read and write
2840000
heap
page read and write
3DC4000
direct allocation
page read and write
2A37000
direct allocation
page read and write
86C000
unkown
page readonly
2AD3000
direct allocation
page read and write
2ACC000
direct allocation
page read and write
3514BEE000
stack
page read and write
20C722A0000
heap
page read and write
1179000
heap
page read and write
14DE000
stack
page read and write
5D23A7F000
stack
page read and write
1EF417A0000
heap
page read and write
44F0000
heap
page read and write
24CC000
heap
page read and write
27FC000
direct allocation
page read and write
1840000
direct allocation
page read and write
3E925CE000
stack
page read and write
3DEE000
direct allocation
page read and write
6FE000
unkown
page read and write
2889000
direct allocation
page read and write
717000
unkown
page readonly
BDC000
stack
page read and write
20C722B0000
heap
page read and write
2740000
heap
page read and write
22CBE1E0000
heap
page read and write
BD6F72D000
stack
page read and write
3E928FE000
stack
page read and write
DF1587F000
stack
page read and write
2C8B000
direct allocation
page read and write
2294000
heap
page read and write
C2D7D8E000
stack
page read and write
1890000
heap
page read and write
AFC000
stack
page read and write
2E70C3B8000
heap
page read and write
27C1000
heap
page read and write
2CBD000
direct allocation
page read and write
2E70C3B0000
heap
page read and write
115A000
heap
page read and write
18972190000
heap
page read and write
1F7DBDE0000
heap
page read and write
2F90000
direct allocation
page read and write
90B000
stack
page read and write
2AAF000
direct allocation
page read and write
D1F000
stack
page read and write
1816E7C000
stack
page read and write
2473B935000
heap
page read and write
14177E000
stack
page read and write
2CC4000
direct allocation
page read and write
238EAEC0000
heap
page read and write
DC4F10D000
stack
page read and write
5D23B7E000
stack
page read and write
1F242810000
heap
page read and write
E50000
heap
page read and write
2BD1000
direct allocation
page read and write
1CB30AC0000
heap
page read and write
3E02000
direct allocation
page read and write
2F70000
direct allocation
page read and write
1405000
heap
page read and write
7C1000
unkown
page execute read
20A16710000
heap
page read and write
517000
unkown
page readonly
21A7FFF000
stack
page read and write
1151000
heap
page read and write
2473B580000
heap
page read and write
2460D220000
heap
page read and write
238EAB60000
heap
page read and write
1F242910000
heap
page read and write
4FF0E7E000
stack
page read and write
500000
unkown
page read and write
251000
unkown
page execute read
21FA000
heap
page read and write
DD0000
heap
page read and write
2871000
direct allocation
page read and write
314D000
direct allocation
page read and write
311B000
direct allocation
page read and write
4C9000
unkown
page write copy
3DB0000
direct allocation
page read and write
1F50B8D000
stack
page read and write
There are 758 hidden memdumps, click here to show them.