IOC Report
file.exe

Files

File Path

Type

Category

Malicious

file.exe

PE32 executable (GUI) Intel 80386, for MS Windows

initial sample

Details

Filetype:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	6.506605405523016
Filename:	file.exe
Filesize:	148992
MD5:	d8029e1465ce1c847c658c71f7711bde
SHA1:	4b1a68c52bf2b22c359d6e321177789c1cc622c7
SHA256:	1c16b204dd52d4d3fab6113f20a43c29ff74db2746798b88bfd8f4214ac95cc5
SHA512:	4a5fc5264e6b0f9e01d6fa701ed5aeb991ab620b97d3cc0ebd5250841ac71c5f343a01ed35ce6feb6faf5d604e3600c01f87a8cf574469c4dfc6d87e992bfa0b
SSDEEP:	3072:eYHVHd2NCMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdCjRv9OtN:eyOqqDL64vdGREz
Preview:	MZ......................@...............................................!..L.!This rK.I..m cannot be run in DOS mode....$.......AU@..4...4...4..Ce...4..Ce...4...f...4...4...4...L...4...4/..4...f...4...f...4...f...4..Rich.4..................PE..L...].vZ...

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Malicious sample detected (through community Yara rule)	System Summary
Multi AV Scanner detection for submitted file	AV Detection
Found Tor onion address	Networking	Proxy
Machine Learning detection for sample	AV Detection
Uses nslookup.exe to query domains	Networking
AV process strings found (often used to terminate AV products)	Lowering of HIPS / PFW / Operating System Security Settings
Checks for available system drives (often done to infect USB drives)	Spreading	Replication Through Removable Media
Contains functionality to dynamically determine API calls	Data Obfuscation, Anti Debugging	Native API
Contains functionality to enumerate device drivers	Malware Analysis System Evasion
Contains functionality to query CPU information (cpuid)	Language, Device and Operating System Detection
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion
Detected potential crypto function	System Summary	Archive Collected Data Encrypted Channel
Drops PE files	Persistence and Installation Behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)	Malware Analysis System Evasion
May sleep (evasive loops) to hinder dynamic analysis	Malware Analysis System Evasion	File and Directory Discovery
PE file contains sections with non-standard names	Data Obfuscation
Queries information about the installed CPU (vendor, model number etc)	Language, Device and Operating System Detection	Native API File and Directory Discovery
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	Native API
Sample execution stops while process was sleeping (likely an evasion)	Malware Analysis System Evasion
Uses 32bit PE files	Compliance, System Summary	Masquerading
Uses Microsoft's Enhanced Cryptographic Provider	Cryptography	System Network Configuration Discovery
Uses code obfuscation techniques (call, push, ret)	Data Obfuscation	Obfuscated Files or Information
Yara signature match	System Summary
Contains functionality to enumerate / list files inside a directory	Spreading, Malware Analysis System Evasion	File and Directory Discovery
Contains functionality to import cryptographic keys (often used in ransomware)	Spam, unwanted Advertisements and Ransom Demands	Data Encrypted for Impact
Creates an autostart registry key	Boot Survival	Registry Run Keys / Startup Folder File and Directory Discovery
Creates files inside the user directory	System Summary	Masquerading
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery
Queries a list of all running drivers	Malware Analysis System Evasion
Queries the cryptographic machine GUID	Language, Device and Operating System Detection	System Information Discovery
Reads software policies	System Summary
Sample is known by Antivirus	System Summary
Tries to load missing DLLs	System Summary	DLL Side-Loading
URLs found in memory or binary data	Networking
Uses an in-process (OLE) Automation server	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary

C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe
Category:	dropped
Dump:	ubrrkv.exe.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\file.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	6.506603543250002
Encrypted:	false
Ssdeep:	3072:zYHVHd2NCMqqDL2/mr3IdE8we0Avu5r++ygLIaagvdCjRv9OtN:zyOqqDL64vdGREz
Size:	148992
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for dropped file	AV Detection
Machine Learning detection for dropped file	AV Detection
Contains functionality to detect virtual machines (SLDT)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
Found large amount of non-executed APIs	Malware Analysis System Evasion
Queries information about the installed CPU (vendor, model number etc)	Language, Device and Operating System Detection	System Information Discovery
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sigma detected: CurrentVersion Autorun Keys Modification	System Summary
Creates files inside the user directory	System Summary	Masquerading
Spawns processes	System Summary	Process Injection
Tries to load missing DLLs	System Summary	DLL Side-Loading

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\7ec63eecc011967c28496572961d2a7c_9e146be9-c76a-4720-bcdb-53011b87bd06

data

dropped

Details

File:	C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\7ec63eecc011967c28496572961d2a7c_9e146be9-c76a-4720-bcdb-53011b87bd06
Category:	dropped
Dump:	7ec63eecc011967c28496572961d2a7c_9e146be9-c76a-4720-bcdb-53011b87bd06.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Users\user\Desktop\file.exe
Type:	data
Entropy:	0.0
Encrypted:	false
Ssdeep:	3::
Size:	2219
Whitelisted:	true
Reputation:	timeout

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\file.exe

"C:\Users\user\Desktop\file.exe"

C:\Windows\SysWOW64\nslookup.exe

nslookup nomoreransom.bit dns1.soprodns.ru

C:\Windows\SysWOW64\nslookup.exe

nslookup emsisoft.bit dns1.soprodns.ru

C:\Windows\SysWOW64\nslookup.exe

nslookup gandcrab.bit dns1.soprodns.ru

C:\Windows\SysWOW64\nslookup.exe

nslookup nomoreransom.bit dns1.soprodns.ru

C:\Windows\SysWOW64\nslookup.exe

nslookup emsisoft.bit dns1.soprodns.ru

C:\Windows\SysWOW64\nslookup.exe

nslookup gandcrab.bit dns1.soprodns.ru

C:\Windows\SysWOW64\nslookup.exe

nslookup nomoreransom.bit dns1.soprodns.ru

C:\Windows\SysWOW64\nslookup.exe

nslookup emsisoft.bit dns1.soprodns.ru

C:\Windows\SysWOW64\nslookup.exe

nslookup gandcrab.bit dns1.soprodns.ru

C:\Windows\SysWOW64\nslookup.exe

nslookup nomoreransom.bit dns1.soprodns.ru

C:\Windows\SysWOW64\nslookup.exe

nslookup emsisoft.bit dns1.soprodns.ru

C:\Windows\SysWOW64\nslookup.exe

nslookup gandcrab.bit dns1.soprodns.ru

C:\Windows\SysWOW64\nslookup.exe

nslookup nomoreransom.bit dns1.soprodns.ru

C:\Windows\SysWOW64\nslookup.exe

nslookup emsisoft.bit dns1.soprodns.ru

C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe

"C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe"

C:\Windows\SysWOW64\nslookup.exe

nslookup gandcrab.bit dns1.soprodns.ru

C:\Windows\SysWOW64\nslookup.exe

nslookup nomoreransom.bit dns1.soprodns.ru

C:\Windows\SysWOW64\nslookup.exe

nslookup emsisoft.bit dns1.soprodns.ru

C:\Windows\SysWOW64\nslookup.exe

nslookup gandcrab.bit dns1.soprodns.ru

C:\Windows\SysWOW64\nslookup.exe

nslookup nomoreransom.bit dns1.soprodns.ru

C:\Windows\SysWOW64\nslookup.exe

nslookup emsisoft.bit dns1.soprodns.ru

C:\Windows\SysWOW64\nslookup.exe

nslookup gandcrab.bit dns1.soprodns.ru

C:\Windows\SysWOW64\nslookup.exe

nslookup nomoreransom.bit dns1.soprodns.ru

C:\Windows\SysWOW64\nslookup.exe

nslookup emsisoft.bit dns1.soprodns.ru

C:\Windows\SysWOW64\nslookup.exe

nslookup gandcrab.bit dns1.soprodns.ru

C:\Windows\SysWOW64\nslookup.exe

nslookup nomoreransom.bit dns1.soprodns.ru

C:\Windows\SysWOW64\nslookup.exe

nslookup emsisoft.bit dns1.soprodns.ru

C:\Windows\SysWOW64\nslookup.exe

nslookup gandcrab.bit dns1.soprodns.ru

C:\Windows\SysWOW64\nslookup.exe

nslookup nomoreransom.bit dns1.soprodns.ru

C:\Windows\SysWOW64\nslookup.exe

nslookup emsisoft.bit dns1.soprodns.ru

C:\Windows\SysWOW64\nslookup.exe

nslookup gandcrab.bit dns1.soprodns.ru

C:\Windows\SysWOW64\nslookup.exe

nslookup nomoreransom.bit dns1.soprodns.ru

C:\Windows\SysWOW64\nslookup.exe

nslookup emsisoft.bit dns1.soprodns.ru

C:\Windows\SysWOW64\nslookup.exe

nslookup gandcrab.bit dns1.soprodns.ru

C:\Windows\SysWOW64\nslookup.exe

nslookup nomoreransom.bit dns1.soprodns.ru

C:\Windows\SysWOW64\nslookup.exe

nslookup emsisoft.bit dns1.soprodns.ru

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

There are 62 hidden processes, click here to show them.

URLs

Name

IP

Malicious

http://gdcbghvjyqy7jclk.onion.plus/c09ba58a9869e72e

unknown

http://gdcbghvjyqy7jclk.onion.rip/c09ba58a9869e72e

unknown

http://gdcbghvjyqy7jclk.onion/c09ba58a9869e72e

unknown

http://gdcbghvjyqy7jclk.onion.top/c09ba58a9869e72e

unknown

http://gdcbghvjyqy7jclk.onion.guide/c09ba58a9869e72e

unknown

http://gdcbghvjyqy7jclk.onion.casa/c09ba58a9869e72e

unknown

http://ipv4bot.whatismyipaddress.com/U

unknown

https://www.torproject.org/

unknown

http://ipv4bot.whatismyipaddress.com/S

unknown

http://ipv4bot.whatismyipaddress.com/

unknown

Domains

Name

IP

Malicious

emsisoft.bit

unknown

Details

Name:	emsisoft.bit
TargetID:	51
Current Path:	C:\Windows\SysWOW64\nslookup.exe

Signature Hits	Behavior Group	Mitre Attack
Uses nslookup.exe to query domains	Networking	System Network Configuration Discovery
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection

nomoreransom.bit

unknown

Details

Name:	nomoreransom.bit
TargetID:	49
Current Path:	C:\Windows\SysWOW64\nslookup.exe

Signature Hits	Behavior Group	Mitre Attack
Uses nslookup.exe to query domains	Networking	System Network Configuration Discovery
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection

gandcrab.bit

unknown

Details

Name:	gandcrab.bit
TargetID:	51
Current Path:	C:\Windows\SysWOW64\nslookup.exe

Signature Hits	Behavior Group	Mitre Attack
Uses nslookup.exe to query domains	Networking	System Network Configuration Discovery
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection

dns1.soprodns.ru

unknown

Details

Name:	dns1.soprodns.ru
TargetID:	29
Current Path:	C:\Windows\SysWOW64\nslookup.exe

Signature Hits	Behavior Group	Mitre Attack
Uses nslookup.exe to query domains	Networking	System Network Configuration Discovery
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection

ipv4bot.whatismyipaddress.com

unknown

Details

Name:	ipv4bot.whatismyipaddress.com
TargetID:	-1

Signature Hits	Behavior Group	Mitre Attack
May check the online IP address of the machine	Networking	System Network Configuration Discovery
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

1.1.1.1.in-addr.arpa

unknown

Registry

Path

Value

Malicious

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

vpfihnjmqea

Details

TargetID:	0
Path:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Value name:	vpfihnjmqea
Value data:	"C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe"

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: CurrentVersion Autorun Keys Modification	System Summary
Creates an autostart registry key	Boot Survival	Registry Run Keys / Startup Folder

Memdumps

Base Address

Regiontype

Protect

Malicious

22C1000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

6D9000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

70B000

heap

page read and write

22C1000

heap

page read and write

2C7B000

stack

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

5D0000

direct allocation

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22D0000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

414000

unkown

page readonly

22C1000

heap

page read and write

22C1000

heap

page read and write

534000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

409000

unkown

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

6D9000

heap

page read and write

6BE000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

534000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

20A0000

direct allocation

page read and write

6D9000

heap

page read and write

409000

unkown

page write copy

22C1000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

427000

unkown

page execute and read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

690000

direct allocation

page read and write

22C1000

heap

page read and write

690000

direct allocation

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

426000

unkown

page execute and read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

6D9000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

5F0000

heap

page read and write

6D9000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

534000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

6D9000

heap

page read and write

534000

heap

page read and write

6DD000

heap

page read and write

21B0000

heap

page read and write

6B0000

heap

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

5FE000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

430000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

2140000

direct allocation

page read and write

6D9000

heap

page read and write

6DD000

heap

page read and write

422000

unkown

page execute and write copy

6DD000

heap

page read and write

5E0000

direct allocation

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

5BE000

stack

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

2160000

trusted library allocation

page read and write

22C1000

heap

page read and write

409000

unkown

page write copy

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

6D9000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

2E00000

direct allocation

page execute and read and write

6D9000

heap

page read and write

22C1000

heap

page read and write

680000

direct allocation

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

6D9000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

409000

unkown

page read and write

41D000

unkown

page execute and write copy

6DD000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

530000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

534000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

401000

unkown

page execute read

6DD000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

22C2000

heap

page read and write

2160000

direct allocation

page execute and read and write

22C1000

heap

page read and write

6D9000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

534000

heap

page read and write

6EC000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

6DC000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

510000

heap

page read and write

6F5000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

414000

unkown

page readonly

6DD000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

690000

direct allocation

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

534000

heap

page read and write

534000

heap

page read and write

19C000

stack

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

2B7E000

stack

page read and write

22C1000

heap

page read and write

416000

unkown

page execute and write copy

6DD000

heap

page read and write

22A0000

direct allocation

page execute and read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

9C000

stack

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

6D9000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

690000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

22C0000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

510000

heap

page read and write

690000

direct allocation

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

6D9000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

2DC0000

direct allocation

page execute and read and write

534000

heap

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

534000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

534000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

6D5000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

21FE000

stack

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

6D9000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

400000

unkown

page readonly

418000

unkown

page execute and read and write

725000

heap

page read and write

6DD000

heap

page read and write

6D9000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

534000

heap

page read and write

690000

direct allocation

page read and write

417000

unkown

page execute and write copy

534000

heap

page read and write

680000

direct allocation

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

2E0B000

direct allocation

page execute and read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

6D9000

heap

page read and write

6DD000

heap

page read and write

570000

heap

page read and write

6DD000

heap

page read and write

416000

unkown

page execute and read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

401000

unkown

page execute read

6DD000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

2090000

trusted library allocation

page read and write

6D5000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

414000

unkown

page readonly

29FF000

stack

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

6D9000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

6D9000

heap

page read and write

690000

direct allocation

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

412000

unkown

page write copy

22C1000

heap

page read and write

6D9000

heap

page read and write

227E000

stack

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

534000

heap

page read and write

22C1000

heap

page read and write

19D000

stack

page read and write

401000

unkown

page execute read

22C1000

heap

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

400000

unkown

page readonly

6DD000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

680000

direct allocation

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

680000

direct allocation

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

20B0000

direct allocation

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

2DBE000

stack

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

6D9000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

6D5000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

2CBE000

stack

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

9C000

stack

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

400000

unkown

page readonly

22C1000

heap

page read and write

430000

heap

page read and write

22C1000

heap

page read and write

2090000

direct allocation

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

680000

direct allocation

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

5FA000

heap

page read and write

6DD000

heap

page read and write

27FF000

stack

page read and write

534000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

20A0000

direct allocation

page read and write

400000

unkown

page readonly

22C1000

heap

page read and write

2B3F000

stack

page read and write

534000

heap

page read and write

22C1000

heap

page read and write

55E000

stack

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

214F000

stack

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

414000

unkown

page readonly

6DD000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

223E000

stack

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

6D9000

heap

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

7EF000

stack

page read and write

22C1000

heap

page read and write

416000

unkown

page execute and read and write

6D5000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

680000

direct allocation

page execute and read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

680000

direct allocation

page read and write

2040000

heap

page read and write

690000

direct allocation

page read and write

71D000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

28FF000

stack

page read and write

680000

direct allocation

page read and write

22C1000

heap

page read and write

2A3E000

stack

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

416000

unkown

page execute and write copy

22C1000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

534000

heap

page read and write

2150000

direct allocation

page read and write

22C1000

heap

page read and write

401000

unkown

page execute read

6A0000

direct allocation

page read and write

22C1000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

534000

heap

page read and write

22C1000

heap

page read and write

6BA000

heap

page read and write

22C1000

heap

page read and write

6DD000

heap

page read and write

6DD000

heap

page read and write

6D5000

heap

page read and write

22C1000

heap

page read and write

6D9000

heap

page read and write

22C1000

heap

page read and write

6D9000

heap

page read and write

6DD000

heap

page read and write

22C1000

heap

page read and write

There are 593 hidden memdumps, click here to show them.