IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\Program Files (x86)\FgasoftFR\FinalRecovery\Preview.exe (copy)
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Program Files (x86)\FgasoftFR\FinalRecovery\finalrecovery.exe
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
modified
malicious
C:\Program Files (x86)\FgasoftFR\FinalRecovery\is-H9OSH.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Program Files (x86)\FgasoftFR\FinalRecovery\is-J1RPT.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Program Files (x86)\FgasoftFR\FinalRecovery\unins000.exe (copy)
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\is-J872N.tmp\_isetup\_RegDLL.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\is-J872N.tmp\_isetup\_iscrypt.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\is-J872N.tmp\_isetup\_setup64.tmp
PE32+ executable (console) x86-64, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\is-P0SS2.tmp\file.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Roaming\{e6e9dfa8-98f2-11e9-90ce-806e6f6e6963}\wEQg8.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Program Files (x86)\FgasoftFR\FinalRecovery\Readme.txt (copy)
ASCII text, with CRLF line terminators
dropped
C:\Program Files (x86)\FgasoftFR\FinalRecovery\data\Config.xml (copy)
XML 1.0 document, ASCII text, with very long lines (5978), with CRLF line terminators
dropped
C:\Program Files (x86)\FgasoftFR\FinalRecovery\data\is-CFA7P.tmp
XML 1.0 document, ASCII text, with very long lines (5978), with CRLF line terminators
dropped
C:\Program Files (x86)\FgasoftFR\FinalRecovery\finalrecovery.chm (copy)
MS Windows HtmlHelp Data
dropped
C:\Program Files (x86)\FgasoftFR\FinalRecovery\is-13C1Q.tmp
data
dropped
C:\Program Files (x86)\FgasoftFR\FinalRecovery\is-6R8AD.tmp
ASCII text, with CRLF line terminators
dropped
C:\Program Files (x86)\FgasoftFR\FinalRecovery\is-I8MHH.tmp
MS Windows HtmlHelp Data
dropped
C:\Program Files (x86)\FgasoftFR\FinalRecovery\unins000.dat
InnoSetup Log FgasoftFR FinalRecovery, version 0x30, 4340 bytes, 701188\user, "C:\Program Files (x86)\FgasoftFR\FinalRecovery"
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\fuckingdllENCR[1].dll
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\stuk[1].htm
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\dll[1].htm
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\dll[1].htm
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\plus[1].htm
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\is-J872N.tmp\_isetup\_shfoldr.dll
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
dropped
There are 15 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
C:\Users\user\Desktop\file.exe
malicious
C:\Users\user\AppData\Local\Temp\is-P0SS2.tmp\file.tmp
"C:\Users\user\AppData\Local\Temp\is-P0SS2.tmp\file.tmp" /SL5="$4025C,1578849,54272,C:\Users\user\Desktop\file.exe"
malicious
C:\Program Files (x86)\FgasoftFR\FinalRecovery\finalrecovery.exe
"C:\Program Files (x86)\FgasoftFR\FinalRecovery\finalrecovery.exe"
malicious
C:\Users\user\AppData\Roaming\{e6e9dfa8-98f2-11e9-90ce-806e6f6e6963}\wEQg8.exe
malicious
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c taskkill /im "finalrecovery.exe" /f & erase "C:\Program Files (x86)\FgasoftFR\FinalRecovery\finalrecovery.exe" & exit
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /im "finalrecovery.exe" /f

URLs

Name
IP
Malicious
http://45.12.253.72/default/stuk.php
45.12.253.72
malicious
http://45.12.253.56/advertisting/plus.php?s=NOSUB&str=mixtwo&substr=mixinte
45.12.253.56
malicious
http://45.12.253.72/default/puk.php
45.12.253.72
malicious
http://45.12.253.75/dll.php
45.12.253.75
malicious
http://45.12.253.75/dll.phpc
unknown
http://www.innosetup.com/
unknown
http://45.12.253.75/dll.phpd
unknown
http://www.remobjects.com/psU
unknown
http://45.12.253.75/dll.phpK
unknown
http://45.12.253.75/dll.phpL
unknown
http://45.12
unknown
http://45.12.253.75/dll.phpi
unknown
http://45.12.253.75/dll.phpQ
unknown
http://45.12.253.75/dll.phprl
unknown
http://www.finalrecovery.com/buy.htm
unknown
http://45.12.253.56/advertisting/plus.php?s=NOSUB&str=mixtwo&substr=mixinteY
unknown
http://45.12.253.75/dll.phpr
unknown
http://www.remobjects.com/ps
unknown
http://nbafrog.com/
unknown
http://nbafrog.com/.
unknown
http://45.12.253.56/advertisting/plus.php?s=NOSUB&str=mixtwo&substr=mixinteeF
unknown
http://45.12.253.72/default/stuk.php2N
unknown
http://45.12.253.75/dll.phpx
unknown
There are 13 hidden URLs, click here to show them.

IPs

IP
Domain
Country
Malicious
45.12.253.72
unknown
Germany
malicious
45.12.253.75
unknown
Germany
malicious
45.12.253.98
unknown
Germany
malicious
45.12.253.56
unknown
Germany
malicious

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
Inno Setup: Setup Version
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
Inno Setup: App Path
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
InstallLocation
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
Inno Setup: Icon Group
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
Inno Setup: User
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
Inno Setup: Language
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
DisplayIcon
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
QuietUninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
Publisher
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
URLInfoAbout
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
HelpLink
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
URLUpdateInfo
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
NoModify
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
NoRepair
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
InstallDate
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FgasoftFR FinalRecovery_is1
EstimatedSize
There are 8 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
19A0000
direct allocation
page read and write
malicious
400000
unkown
page execute and read and write
malicious
14A4000
heap
page read and write
2213BE76000
heap
page read and write
15EE000
stack
page read and write
3B6E000
stack
page read and write
3F1C000
stack
page read and write
1CE0D413000
heap
page read and write
1F7BD918000
heap
page read and write
2B0EFB02000
heap
page read and write
54F000
heap
page read and write
4F0000
heap
page read and write
4EDD000
direct allocation
page read and write
5B0000
heap
page read and write
531000
heap
page read and write
18F000
stack
page read and write
547000
heap
page read and write
38A0000
trusted library allocation
page read and write
1F7BF440000
trusted library allocation
page read and write
2B0EFA49000
heap
page read and write
498000
unkown
page read and write
2203C675000
heap
page read and write
A80000
heap
page read and write
2B0EFA7A000
heap
page read and write
2B0EF7D0000
heap
page read and write
14A4000
heap
page read and write
37A1000
heap
page read and write
2F1000
unkown
page execute read
2203C613000
heap
page read and write
1857AA00000
heap
page read and write
37B0000
heap
page read and write
2E9037E000
stack
page read and write
179B000
heap
page read and write
1F7BD85F000
heap
page read and write
179D000
heap
page read and write
2F1000
unkown
page execute read
37A1000
heap
page read and write
235C5400000
heap
page read and write
2213BD00000
heap
page read and write
2B0EFA40000
heap
page read and write
12B5000
unkown
page execute and write copy
235C5424000
heap
page read and write
20883E57000
heap
page read and write
52D000
heap
page read and write
2B0EFA76000
heap
page read and write
37A1000
heap
page read and write
99B7B7D000
stack
page read and write
14A4000
heap
page read and write
37A1000
heap
page read and write
1F7BD902000
heap
page read and write
718D96B000
stack
page read and write
37A1000
heap
page read and write
4C0000
heap
page read and write
2E9057C000
stack
page read and write
37A1000
heap
page read and write
1857A950000
heap
page read and write
2213BE59000
heap
page read and write
30000
heap
page read and write
37A1000
heap
page read and write
99B7D7F000
stack
page read and write
14A4000
heap
page read and write
22EF000
direct allocation
page read and write
2E8FF7F000
stack
page read and write
199F000
stack
page read and write
43F3000
heap
page read and write
AAF000
stack
page read and write
531000
heap
page read and write
52A000
heap
page read and write
86E000
stack
page read and write
2203C702000
heap
page read and write
2B0EFA13000
heap
page read and write
14A4000
heap
page read and write
1CE0D300000
heap
page read and write
2F0000
unkown
page readonly
DDC447F000
stack
page read and write
14A4000
heap
page read and write
49C000
unkown
page write copy
1CE0D400000
heap
page read and write
1746000
heap
page read and write
10000000
direct allocation
page read and write
1CE0D444000
heap
page read and write
2B0EFA58000
heap
page read and write
718DD7B000
stack
page read and write
37A1000
heap
page read and write
2213C7BE000
heap
page read and write
82F000
stack
page read and write
1857AABE000
heap
page read and write
EDD007F000
stack
page read and write
650000
heap
page read and write
2B0EF7E0000
heap
page read and write
2213C700000
heap
page read and write
2B0EFA5A000
heap
page read and write
2203C5D0000
trusted library allocation
page read and write
37A1000
heap
page read and write
14A4000
heap
page read and write
1690000
direct allocation
page read and write
2213C722000
heap
page read and write
10001000
unkown
page execute read
179A000
heap
page read and write
235C5A80000
trusted library allocation
page read and write
179D000
heap
page read and write
2213C792000
heap
page read and write
179D000
heap
page read and write
2FC000
unkown
page readonly
37A1000
heap
page read and write
1420000
heap
page read and write
DDC44FF000
stack
page read and write
235C5320000
heap
page read and write
BB0000
heap
page read and write
37A1000
heap
page read and write
2213BE92000
heap
page read and write
235C5AB0000
remote allocation
page read and write
DDC4AFE000
stack
page read and write
1857B202000
heap
page read and write
1857AA24000
heap
page read and write
1857AA86000
heap
page read and write
2203C713000
heap
page read and write
1490000
direct allocation
page read and write
37A1000
heap
page read and write
2B0EFA7D000
heap
page read and write
1CE0DC02000
trusted library allocation
page read and write
52934FB000
stack
page read and write
37A1000
heap
page read and write
2213BD10000
heap
page read and write
42E6000
heap
page read and write
1CE0D43A000
heap
page read and write
4362000
heap
page read and write
51F69FF000
stack
page read and write
37A1000
heap
page read and write
1CE0D402000
heap
page read and write
37A1000
heap
page read and write
718DEFE000
stack
page read and write
2213C827000
heap
page read and write
2213BE00000
heap
page read and write
14A4000
heap
page read and write
2213C802000
heap
page read and write
14A4000
heap
page read and write
331D000
stack
page read and write
539000
heap
page read and write
498000
unkown
page write copy
10017000
direct allocation
page read and write
4AA000
unkown
page readonly
718E1FB000
stack
page read and write
1CE0D426000
heap
page read and write
401000
unkown
page execute read
EDCF99E000
stack
page read and write
1546F79000
stack
page read and write
1771000
heap
page read and write
1F7BD83D000
heap
page read and write
5E0000
heap
page read and write
4308000
heap
page read and write
37A1000
heap
page read and write
3A2E000
stack
page read and write
1F7BF400000
trusted library allocation
page read and write
2280000
heap
page read and write
1F7BD85C000
heap
page read and write
10001000
direct allocation
page execute read
2213BE6E000
heap
page read and write
54F000
heap
page read and write
14A4000
heap
page read and write
400000
unkown
page readonly
2B0F0002000
trusted library allocation
page read and write
406A000
stack
page read and write
99B7A7E000
stack
page read and write
718E17C000
stack
page read and write
2510000
direct allocation
page read and write
2213BE8C000
heap
page read and write
14A4000
heap
page read and write
DDC4BFA000
stack
page read and write
1F7BD710000
heap
page read and write
39EF000
stack
page read and write
2213BE65000
heap
page read and write
54C000
heap
page read and write
37A1000
heap
page read and write
37A1000
heap
page read and write
53D000
heap
page read and write
37A1000
heap
page read and write
12AE000
unkown
page execute and write copy
2510000
direct allocation
page read and write
14A4000
heap
page read and write
2870000
trusted library allocation
page read and write
2213C702000
heap
page read and write
426A000
heap
page read and write
2E8FDFD000
stack
page read and write
51F6BFD000
stack
page read and write
20883DF0000
trusted library allocation
page read and write
2B0EFA2D000
heap
page read and write
341F000
stack
page read and write
400000
unkown
page readonly
1F7BD86F000
heap
page read and write
400000
unkown
page readonly
22EC000
direct allocation
page read and write
22E0000
direct allocation
page read and write
401000
unkown
page execute read
1F7BD885000
heap
page read and write
2B0EFA2F000
heap
page read and write
2120000
direct allocation
page read and write
2B0EFA3D000
heap
page read and write
22E0000
direct allocation
page read and write
1857B313000
heap
page read and write
1F7BD8A0000
heap
page read and write
14A4000
heap
page read and write
20883E00000
heap
page read and write
14A4000
heap
page read and write
20883E76000
heap
page read and write
1857A8E0000
heap
page read and write
1F7BD6A0000
heap
page read and write
37A1000
heap
page read and write
20883E24000
heap
page read and write
235C5AB0000
remote allocation
page read and write
2203C600000
heap
page read and write
1857AA3E000
heap
page read and write
30000
heap
page read and write
3DC0000
heap
page read and write
1CE0D452000
heap
page read and write
37A1000
heap
page read and write
2B0EFA82000
heap
page read and write
4333000
heap
page read and write
10010000
direct allocation
page readonly
51F6AFD000
stack
page read and write
31A0000
heap
page read and write
2B0EFA64000
heap
page read and write
3CAE000
stack
page read and write
37A1000
heap
page read and write
2320000
direct allocation
page read and write
41AE000
stack
page read and write
235C5402000
heap
page read and write
2B0EFA79000
heap
page read and write
235C52C0000
heap
page read and write
14A4000
heap
page read and write
1F7BD82A000
heap
page read and write
3F6E000
stack
page read and write
DDC467F000
stack
page read and write
4333000
heap
page read and write
1A00000
direct allocation
page read and write
EDCFC7E000
stack
page read and write
2213C754000
heap
page read and write
2750000
heap
page read and write
52935FB000
stack
page read and write
96F000
stack
page read and write
BBA000
heap
page read and write
40AE000
stack
page read and write
37A1000
heap
page read and write
4315000
heap
page read and write
37A1000
heap
page read and write
14A4000
heap
page read and write
37A1000
heap
page read and write
2213BDA0000
trusted library allocation
page read and write
52933FB000
stack
page read and write
2B0EFA26000
heap
page read and write
411000
unkown
page readonly
20883E13000
heap
page read and write
2213C830000
heap
page read and write
AF0000
heap
page read and write
10019000
direct allocation
page read and write
189F000
stack
page read and write
2220000
heap
page read and write
2213BE13000
heap
page read and write
1F7BD86F000
heap
page read and write
51F66FE000
stack
page read and write
2213C7B0000
heap
page read and write
2203C63F000
heap
page read and write
22B9000
heap
page read and write
51F677E000
stack
page read and write
2213BE43000
heap
page read and write
1F7BF800000
remote allocation
page read and write
1272000
unkown
page readonly
1F7BF800000
remote allocation
page read and write
1857AA13000
heap
page read and write
4F0000
heap
page read and write
16AA000
heap
page read and write
2213C722000
heap
page read and write
20883F02000
heap
page read and write
154717F000
stack
page read and write
43F4000
heap
page read and write
2B0EFA00000
heap
page read and write
31E1000
heap
page read and write
37A1000
heap
page read and write
31A0000
direct allocation
page read and write
43F3000
heap
page read and write
37A1000
heap
page read and write
2B0EFA5C000
heap
page read and write
1857AA8B000
heap
page read and write
95D000
stack
page read and write
2213BDC0000
trusted library allocation
page read and write
1857AACD000
heap
page read and write
43F3000
heap
page read and write
51F647B000
stack
page read and write
B40000
heap
page read and write
20883DC0000
heap
page read and write
2203C65A000
heap
page read and write
5292E9B000
stack
page read and write
14A4000
heap
page read and write
EDCF91B000
stack
page read and write
2213C800000
heap
page read and write
2213BE74000
heap
page read and write
10000000
unkown
page readonly
2290000
heap
page read and write
14A4000
heap
page read and write
235C5502000
heap
page read and write
235C5440000
heap
page read and write
DDC477B000
stack
page read and write
2213BD70000
heap
page read and write
37A1000
heap
page read and write
99B807E000
stack
page read and write
37A1000
heap
page read and write
85D000
stack
page read and write
2203C629000
heap
page read and write
38A0000
trusted library allocation
page read and write
37A1000
heap
page read and write
37A1000
heap
page read and write
401000
unkown
page execute read
16A0000
heap
page read and write
1F7BF1B0000
trusted library allocation
page read and write
1F7BF1D0000
trusted library allocation
page read and write
41AC000
stack
page read and write
1CE0D447000
heap
page read and write
22E0000
direct allocation
page read and write
99B7F7F000
stack
page read and write
57E000
stack
page read and write
688000
heap
page read and write
99B7C7E000
stack
page read and write
2213BE92000
heap
page read and write
1CE0D42A000
heap
page read and write
46E000
unkown
page readonly
154707E000
stack
page read and write
551000
heap
page read and write
1CE0D43C000
heap
page read and write
162E000
stack
page read and write
337F000
stack
page read and write
99B7E7F000
stack
page read and write
3F1E000
stack
page read and write
718E3FE000
stack
page read and write
99B734C000
stack
page read and write
97F000
stack
page read and write
1857AB02000
heap
page read and write
3DAF000
stack
page read and write
1857AA70000
heap
page read and write
3E1E000
stack
page read and write
37A1000
heap
page read and write
179D000
heap
page read and write
2203C460000
heap
page read and write
2B0EFA57000
heap
page read and write
43F3000
heap
page read and write
1782000
heap
page read and write
20883F00000
heap
page read and write
2F0000
unkown
page readonly
1F7BD85F000
heap
page read and write
43F3000
heap
page read and write
2FC000
unkown
page readonly
51F697D000
stack
page read and write
22B0000
heap
page read and write
2213BE3C000
heap
page read and write
1790000
heap
page read and write
1F7BD87C000
heap
page read and write
179D000
heap
page read and write
2B0EFA7C000
heap
page read and write
522000
heap
page read and write
42F0000
heap
page read and write
20883D60000
heap
page read and write
718DFFF000
stack
page read and write
37A1000
heap
page read and write
1F7BF202000
trusted library allocation
page read and write
52936FE000
stack
page read and write
2213C743000
heap
page read and write
2213BFB9000
heap
page read and write
304000
unkown
page readonly
40D000
unkown
page write copy
33BE000
stack
page read and write
2E9017E000
stack
page read and write
455E000
stack
page read and write
2213BE22000
heap
page read and write
3C6F000
stack
page read and write
EDCFF7F000
stack
page read and write
22C0000
direct allocation
page read and write
37A1000
heap
page read and write
2213C813000
heap
page read and write
327E000
stack
page read and write
2138000
direct allocation
page read and write
235C5451000
heap
page read and write
2B0EF840000
heap
page read and write
400000
unkown
page readonly
37A1000
heap
page read and write
2B0EFA4E000
heap
page read and write
14A4000
heap
page read and write
2320000
direct allocation
page read and write
2213BFE5000
heap
page read and write
718E5FF000
stack
page read and write
2203C470000
heap
page read and write
19C000
stack
page read and write
1857AA2A000
heap
page read and write
37A1000
heap
page read and write
1660000
direct allocation
page read and write
DDC49FF000
stack
page read and write
235C5C02000
trusted library allocation
page read and write
199000
stack
page read and write
99B777B000
stack
page read and write
2213BE6A000
heap
page read and write
2213BF13000
heap
page read and write
2B0EFA5E000
heap
page read and write
235C5AB0000
remote allocation
page read and write
34BF000
stack
page read and write
680000
heap
page read and write
37A1000
heap
page read and write
20883E02000
heap
page read and write
1857B300000
heap
page read and write
2B0EFA45000
heap
page read and write
1CE0D42E000
heap
page read and write
235C5413000
heap
page read and write
539000
heap
page read and write
2B0EFA46000
heap
page read and write
411000
unkown
page readonly
718E4FD000
stack
page read and write
37A1000
heap
page read and write
2203CE02000
trusted library allocation
page read and write
37A1000
heap
page read and write
20883D50000
heap
page read and write
2203C602000
heap
page read and write
1546C7B000
stack
page read and write
3220000
direct allocation
page read and write
43F3000
heap
page read and write
302000
unkown
page read and write
38A0000
trusted library allocation
page read and write
1F7BF800000
remote allocation
page read and write
22E5000
direct allocation
page read and write
99B787F000
stack
page read and write
2E8F9AB000
stack
page read and write
14A4000
heap
page read and write
DDC47F9000
stack
page read and write
9AE000
stack
page read and write
2B0EFFA0000
trusted library allocation
page read and write
302000
unkown
page write copy
2B0EFA73000
heap
page read and write
2203C677000
heap
page read and write
DDC40FC000
stack
page read and write
2213C76F000
heap
page read and write
179D000
heap
page read and write
2520000
heap
page read and write
14A4000
heap
page read and write
2213BE2A000
heap
page read and write
2131000
direct allocation
page read and write
37A1000
heap
page read and write
20883E3C000
heap
page read and write
2B0EFA42000
heap
page read and write
20884602000
trusted library allocation
page read and write
43F3000
heap
page read and write
2B0EFA29000
heap
page read and write
14A4000
heap
page read and write
37A1000
heap
page read and write
718E07C000
stack
page read and write
179D000
heap
page read and write
20883F13000
heap
page read and write
9C000
stack
page read and write
2203C4D0000
heap
page read and write
37A1000
heap
page read and write
401000
unkown
page execute read
2213C602000
heap
page read and write
4E10000
direct allocation
page read and write
DDC48FA000
stack
page read and write
43F3000
heap
page read and write
1630000
direct allocation
page read and write
2524000
heap
page read and write
2E9027C000
stack
page read and write
1857AACF000
heap
page read and write
14A4000
heap
page read and write
30000
heap
page read and write
51F6C7F000
stack
page read and write
32D0000
direct allocation
page read and write
22D8000
direct allocation
page read and write
1CE0D502000
heap
page read and write
37A0000
heap
page read and write
43F3000
heap
page read and write
452000
unkown
page execute and read and write
1CE0D390000
trusted library allocation
page read and write
14A4000
heap
page read and write
1F7BD86C000
heap
page read and write
235C542A000
heap
page read and write
20883E68000
heap
page read and write
2B0EFA32000
heap
page read and write
37A1000
heap
page read and write
31A0000
direct allocation
page read and write
2213BF8E000
heap
page read and write
1CE0D310000
heap
page read and write
2213BE2C000
heap
page read and write
37A1000
heap
page read and write
4311000
heap
page read and write
20883E7A000
heap
page read and write
1857A980000
trusted library allocation
page read and write
14A4000
heap
page read and write
4640000
heap
page read and write
37A1000
heap
page read and write
2B0EFA78000
heap
page read and write
14A4000
heap
page read and write
37A1000
heap
page read and write
51F687E000
stack
page read and write
655000
heap
page read and write
38EE000
stack
page read and write
53D000
heap
page read and write
401000
unkown
page execute read
179D000
heap
page read and write
1CE0D360000
heap
page read and write
14A4000
heap
page read and write
2131000
direct allocation
page read and write
14A0000
heap
page read and write
2B0EFA67000
heap
page read and write
14A4000
heap
page read and write
718E2FD000
stack
page read and write
37A1000
heap
page read and write
2B0EFA74000
heap
page read and write
97000
stack
page read and write
2250000
direct allocation
page execute and read and write
2213C7C6000
heap
page read and write
2B0EFA60000
heap
page read and write
99B797C000
stack
page read and write
EDCFE7E000
stack
page read and write
2213C823000
heap
page read and write
1F7BD813000
heap
page read and write
1F7BD84E000
heap
page read and write
1F7BD800000
heap
page read and write
1F7BD6B0000
heap
page read and write
37A1000
heap
page read and write
9C000
stack
page read and write
1F7BD913000
heap
page read and write
37A1000
heap
page read and write
1A20000
heap
page read and write
2B0EFA6B000
heap
page read and write
4362000
heap
page read and write
4AA000
unkown
page readonly
12CD000
unkown
page execute and write copy
2B0EFA5F000
heap
page read and write
474C000
stack
page read and write
2E9007E000
stack
page read and write
179D000
heap
page read and write
62E000
stack
page read and write
40B000
unkown
page write copy
21E8000
direct allocation
page read and write
499000
unkown
page write copy
22C8000
direct allocation
page read and write
40B000
unkown
page read and write
1857A8F0000
heap
page read and write
235C52B0000
heap
page read and write
49A000
unkown
page read and write
2B0EFA3B000
heap
page read and write
3B2F000
stack
page read and write
43F3000
heap
page read and write
304000
unkown
page readonly
1857AB13000
heap
page read and write
400000
unkown
page readonly
1857AAE2000
heap
page read and write
14A4000
heap
page read and write
22C7000
direct allocation
page read and write
22B5000
heap
page read and write
4FA000
heap
page read and write
10002000
unkown
page readonly
14A4000
heap
page read and write
2E9047E000
stack
page read and write
1F7BD900000
heap
page read and write
2213BE89000
heap
page read and write
551000
heap
page read and write
2B0EFA62000
heap
page read and write
551000
heap
page read and write
There are 551 hidden memdumps, click here to show them.