IOC Report
QUOTATION#006856.exe

loading gifFilesProcessesURLsDomainsIPsRegistryMemdumps21010010Label

Files

File Path
Type
Category
Malicious
Download
QUOTATION#006856.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegSvcs.exe.log
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\aut8408.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\tmp14C2.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 9
dropped
C:\Users\user\AppData\Local\Temp\tmp161.tmp
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 2, database pages 20, cookie 0xc, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\tmp172.tmp
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 2, database pages 20, cookie 0xc, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\tmp183.tmp
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 2, database pages 20, cookie 0xc, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\tmp184.tmp
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 2, database pages 20, cookie 0xc, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\tmp194.tmp
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 2, database pages 20, cookie 0xc, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\tmp1A5.tmp
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 2, database pages 20, cookie 0xc, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\tmp1B6.tmp
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 5, database pages 68, cookie 0x4a, schema 4, UTF-8, version-valid-for 5
dropped
C:\Users\user\AppData\Local\Temp\tmp1B7.tmp
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 5, database pages 68, cookie 0x4a, schema 4, UTF-8, version-valid-for 5
dropped
C:\Users\user\AppData\Local\Temp\tmp3942.tmp
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 5, database pages 68, cookie 0x4a, schema 4, UTF-8, version-valid-for 5
dropped
C:\Users\user\AppData\Local\Temp\tmp3953.tmp
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 5, database pages 68, cookie 0x4a, schema 4, UTF-8, version-valid-for 5
dropped
C:\Users\user\AppData\Local\Temp\tmp3964.tmp
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 5, database pages 68, cookie 0x4a, schema 4, UTF-8, version-valid-for 5
dropped
C:\Users\user\AppData\Local\Temp\tmp3993.tmp
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 5, database pages 68, cookie 0x4a, schema 4, UTF-8, version-valid-for 5
dropped
C:\Users\user\AppData\Local\Temp\tmp39A4.tmp
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 5, database pages 68, cookie 0x4a, schema 4, UTF-8, version-valid-for 5
dropped
C:\Users\user\AppData\Local\Temp\tmp70B3.tmp
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 5, database pages 68, cookie 0x4a, schema 4, UTF-8, version-valid-for 5
dropped
C:\Users\user\AppData\Local\Temp\tmp70C3.tmp
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 5, database pages 68, cookie 0x4a, schema 4, UTF-8, version-valid-for 5
dropped
C:\Users\user\AppData\Local\Temp\tmp70C4.tmp
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 5, database pages 68, cookie 0x4a, schema 4, UTF-8, version-valid-for 5
dropped
C:\Users\user\AppData\Local\Temp\tmp70D5.tmp
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 5, database pages 68, cookie 0x4a, schema 4, UTF-8, version-valid-for 5
dropped
C:\Users\user\AppData\Local\Temp\tmp70E6.tmp
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 5, database pages 68, cookie 0x4a, schema 4, UTF-8, version-valid-for 5
dropped
C:\Users\user\AppData\Local\Temp\tmp70F6.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\tmp7107.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\tmp7108.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\tmp7F64.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 9
dropped
C:\Users\user\AppData\Local\Temp\tmp7F84.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 9
dropped
C:\Users\user\AppData\Local\Temp\tmp7F95.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 9
dropped
C:\Users\user\AppData\Local\Temp\tmp7FC5.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 9
dropped
C:\Users\user\AppData\Local\Temp\tmp819B.tmp
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\tmp819C.tmp
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\tmp81AC.tmp
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\tmp81AD.tmp
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\tmp81BE.tmp
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\tmp81BF.tmp
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\tmpA7A9.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\tmpA7AA.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\tmpA7BB.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\tmpA7DB.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 9
dropped
C:\Users\user\AppData\Local\Temp\tmpA82A.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 9
dropped
C:\Users\user\AppData\Local\Temp\tmpB434.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 9
dropped
C:\Users\user\AppData\Local\Temp\tmpB464.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 9
dropped
C:\Users\user\AppData\Local\Temp\tmpB484.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 9
dropped
C:\Users\user\AppData\Local\Temp\tmpDE4F.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 9
dropped
C:\Users\user\AppData\Local\Temp\tmpDE8E.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 9
dropped
C:\Users\user\AppData\Local\Temp\tmpE837.tmp
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\tmpE848.tmp
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\undiscernibly
data
dropped
There are 38 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\QUOTATION#006856.exe
"C:\Users\user\Desktop\QUOTATION#006856.exe"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
"C:\Users\user\Desktop\QUOTATION#006856.exe"
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

URLs

Name
IP
Malicious
http://209.38.151.4:55123/
209.38.151.4
 malicious
209.38.151.4:55123
malicious
https://ipinfo.io/ip%appdata%
unknown
http://209.38.151.4:55123
unknown
https://duckduckgo.com/ac/?q=
unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
unknown
http://tempuri.org/Endpoint/CheckConnectResponse
unknown
http://schemas.datacontract.org/2004/07/
unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing/faultX
unknown
http://tempuri.org/Endpoint/EnvironmentSettings
unknown
https://api.ip.sb/geoip%USERPEnvironmentROFILE%
unknown
https://api.ip.sb/geoip
172.67.75.172
http://schemas.xmlsoap.org/soap/envelope/
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
https://ac.ecosia.org?q=
unknown
http://tempuri.org/
unknown
http://tempuri.org/Endpoint/CheckConnect
unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
http://tempuri.org/Endpoint/GetUpd
unknown
http://tempuri.org/Endpoint/VerifyUpdateResponse
unknown
http://tempuri.org/Endpoint/SetEnvironment
unknown
http://tempuri.org/Endpoint/SetEnvironmentResponse
unknown
http://tempuri.org/D
unknown
http://tempuri.org/Endpoint/GetUpdates
unknown
https://www.google.com/images/branding/product/ico/googleg_alldp.ico
unknown
https://www.ecosia.org/newtab/v20
unknown
https://api.ipify.orgcookies//settinString.Removeg
unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing
unknown
http://tempuri.org/Endpoint/GetUpdatesResponse
unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
unknown
https://duckduckgo.com/chrome_newtabv209h
unknown
http://tempuri.org/Endpoint/EnvironmentSettingsResponse
unknown
http://tempuri.org/Endpoint/VerifyUpdate
unknown
http://tempuri.org/0
unknown
http://209.38.151.4:
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
unknown
https://gemini.google.com/app?q=
unknown
http://schemas.xmlsoap.org/soap/actor/next
unknown
There are 29 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
api.ip.sb.cdn.cloudflare.net
172.67.75.172
api.ip.sb
unknown

IPs

IP
Domain
Country
Malicious
209.38.151.4
unknown
United States
malicious
172.67.75.172
api.ip.sb.cdn.cloudflare.net
United States

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
FileDirectory
There are 5 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
Download
40E0000
direct allocation
page read and write
 malicious
772000
system
page execute and read and write
 malicious
5DB0000
trusted library allocation
page execute and read and write
6760000
trusted library allocation
page execute and read and write
63F1000
trusted library allocation
page read and write
4223000
direct allocation
page read and write
1943000
heap
page read and write
1942000
heap
page read and write
70B3000
heap
page read and write
5D6B000
heap
page read and write
15CF000
stack
page read and write
2878000
trusted library allocation
page read and write
2760000
trusted library allocation
page read and write
6770000
trusted library allocation
page read and write
26FC000
stack
page read and write
4100000
direct allocation
page read and write
50CA000
trusted library allocation
page read and write
5D5E000
heap
page read and write
2781000
trusted library allocation
page read and write
1994000
heap
page read and write
5F18000
trusted library allocation
page read and write
92E000
stack
page read and write
AAD000
trusted library allocation
page execute and read and write
63B0000
trusted library allocation
page read and write
1918000
heap
page read and write
A51000
unkown
page execute read
43ED000
direct allocation
page read and write
604E000
stack
page read and write
ADF000
unkown
page readonly
5DA0000
heap
page execute and read and write
5F8E000
stack
page read and write
6E80000
heap
page read and write
4FF0000
trusted library allocation
page read and write
708B000
heap
page read and write
2BE7000
trusted library allocation
page read and write
4BC0000
heap
page execute and read and write
1840000
heap
page read and write
70A1000
heap
page read and write
50B0000
trusted library allocation
page read and write
1A53000
heap
page read and write
5F00000
trusted library allocation
page read and write
4BC3000
heap
page execute and read and write
43C9000
direct allocation
page read and write
5D90000
trusted library allocation
page read and write
5F09000
trusted library allocation
page read and write
4E0E000
stack
page read and write
2C84000
trusted library allocation
page read and write
1993000
heap
page read and write
2787000
trusted library allocation
page read and write
1854000
heap
page read and write
5050000
trusted library allocation
page execute and read and write
517E000
stack
page read and write
4CCE000
stack
page read and write
B17000
unkown
page readonly
2CAC000
trusted library allocation
page read and write
A50000
heap
page read and write
D70000
trusted library allocation
page read and write
5510000
trusted library allocation
page read and write
60CE000
stack
page read and write
50F0000
trusted library allocation
page execute and read and write
6E30000
trusted library allocation
page execute and read and write
5030000
trusted library allocation
page read and write
43E9000
direct allocation
page read and write
1910000
heap
page read and write
639E000
stack
page read and write
5D82000
heap
page read and write
4223000
direct allocation
page read and write
1A92000
heap
page read and write
A51000
unkown
page execute read
2B68000
trusted library allocation
page read and write
39DB000
trusted library allocation
page read and write
3784000
trusted library allocation
page read and write
8EE000
stack
page read and write
5F05000
trusted library allocation
page read and write
770000
system
page execute and read and write
6E50000
trusted library allocation
page read and write
1933000
heap
page read and write
5020000
trusted library allocation
page execute and read and write
4100000
direct allocation
page read and write
AB0000
trusted library allocation
page read and write
5562000
trusted library allocation
page read and write
43CD000
direct allocation
page read and write
529E000
trusted library allocation
page read and write
2C03000
trusted library allocation
page read and write
70C1000
heap
page read and write
4F5B000
trusted library allocation
page read and write
443E000
direct allocation
page read and write
AA3000
trusted library allocation
page execute and read and write
1993000
heap
page read and write
50D0000
trusted library allocation
page read and write
287A000
trusted library allocation
page read and write
ADF000
unkown
page readonly
B12000
unkown
page write copy
6530000
trusted library allocation
page read and write
6740000
trusted library allocation
page execute and read and write
67C6000
trusted library allocation
page read and write
4BB0000
trusted library allocation
page read and write
72A0000
trusted library allocation
page read and write
E10000
heap
page read and write
6000000
trusted library allocation
page execute and read and write
371E000
trusted library allocation
page read and write
4F61000
trusted library allocation
page read and write
15DB000
stack
page read and write
63F6000
trusted library allocation
page read and write
6F80000
heap
page read and write
194A000
heap
page read and write
6750000
trusted library allocation
page read and write
17B0000
heap
page read and write
5CF2000
heap
page read and write
2965000
trusted library allocation
page read and write
194F000
heap
page read and write
63C0000
trusted library allocation
page execute and read and write
63F8000
trusted library allocation
page read and write
18F0000
heap
page read and write
1956000
heap
page read and write
5F2F000
trusted library allocation
page read and write
A50000
unkown
page readonly
70BE000
heap
page read and write
6E96000
heap
page read and write
5D8E000
heap
page read and write
295D000
trusted library allocation
page read and write
7FA80000
trusted library allocation
page execute and read and write
4223000
direct allocation
page read and write
4E4D000
stack
page read and write
5D10000
heap
page read and write
278F000
trusted library allocation
page read and write
70D8000
heap
page read and write
4243000
direct allocation
page read and write
2BFD000
trusted library allocation
page read and write
5FE0000
trusted library allocation
page read and write
42C0000
direct allocation
page read and write
43E9000
direct allocation
page read and write
63E4000
trusted library allocation
page read and write
42C0000
direct allocation
page read and write
50A0000
trusted library allocation
page read and write
5040000
trusted library allocation
page read and write
2B9E000
trusted library allocation
page read and write
7D0000
heap
page read and write
64B0000
trusted library allocation
page read and write
63A0000
trusted library allocation
page read and write
5FCF000
stack
page read and write
B0E000
unkown
page write copy
BDF000
stack
page read and write
B04000
unkown
page readonly
43ED000
direct allocation
page read and write
296E000
trusted library allocation
page read and write
1993000
heap
page read and write
7096000
heap
page read and write
7290000
trusted library allocation
page execute and read and write
2876000
trusted library allocation
page read and write
6520000
trusted library allocation
page read and write
FF9000
stack
page read and write
1A10000
heap
page read and write
70CF000
heap
page read and write
D78000
trusted library allocation
page read and write
3711000
trusted library allocation
page read and write
5F25000
trusted library allocation
page read and write
2872000
trusted library allocation
page read and write
2C77000
trusted library allocation
page read and write
5565000
trusted library allocation
page read and write
64A0000
trusted library allocation
page read and write
194E000
heap
page execute and read and write
AC0000
trusted library allocation
page read and write
5532000
trusted library allocation
page read and write
AD0000
heap
page read and write
210F000
stack
page read and write
63D2000
trusted library allocation
page read and write
177E000
stack
page read and write
B0E000
unkown
page read and write
513D000
stack
page read and write
250E000
stack
page read and write
5C9C000
heap
page read and write
4FA0000
trusted library allocation
page read and write
4BAE000
stack
page read and write
2B16000
trusted library allocation
page read and write
938000
heap
page read and write
63E8000
trusted library allocation
page read and write
D00000
trusted library allocation
page read and write
15BF000
stack
page read and write
5550000
trusted library allocation
page read and write
6F84000
heap
page read and write
5D63000
heap
page read and write
4B50000
trusted library allocation
page read and write
4F90000
trusted library allocation
page read and write
D50000
trusted library allocation
page execute and read and write
5C8E000
stack
page read and write
6419000
trusted library allocation
page read and write
445E000
direct allocation
page read and write
4243000
direct allocation
page read and write
CE0000
trusted library allocation
page read and write
3864000
trusted library allocation
page read and write
63D6000
trusted library allocation
page read and write
E1B000
heap
page read and write
70D2000
heap
page read and write
19B3000
heap
page read and write
43CD000
direct allocation
page read and write
4223000
direct allocation
page read and write
63DC000
trusted library allocation
page read and write
5FF0000
trusted library allocation
page read and write
50CD000
trusted library allocation
page read and write
1993000
heap
page read and write
196B000
heap
page read and write
5290000
trusted library allocation
page read and write
4120000
direct allocation
page read and write
2B7C000
trusted library allocation
page read and write
67C0000
trusted library allocation
page read and write
1850000
heap
page read and write
63B000
stack
page read and write
43CD000
direct allocation
page read and write
4BB4000
trusted library allocation
page read and write
930000
heap
page read and write
608E000
stack
page read and write
6410000
trusted library allocation
page read and write
63DF000
trusted library allocation
page read and write
799F000
stack
page read and write
43CD000
direct allocation
page read and write
1A52000
heap
page read and write
5D59000
heap
page read and write
1963000
heap
page read and write
480D000
stack
page read and write
529B000
trusted library allocation
page read and write
63D4000
trusted library allocation
page read and write
B04000
unkown
page readonly
43C9000
direct allocation
page read and write
5F1F000
trusted library allocation
page read and write
5560000
trusted library allocation
page read and write
63BA000
trusted library allocation
page read and write
7C0000
heap
page read and write
3743000
trusted library allocation
page read and write
D60000
heap
page execute and read and write
5CA4000
heap
page read and write
6402000
trusted library allocation
page read and write
443E000
direct allocation
page read and write
4243000
direct allocation
page read and write
2C8A000
trusted library allocation
page read and write
1956000
heap
page read and write
7C5000
heap
page read and write
4F81000
trusted library allocation
page read and write
4B60000
trusted library allocation
page read and write
6E20000
heap
page read and write
6F96000
heap
page read and write
E17000
heap
page read and write
967000
heap
page read and write
A50000
unkown
page readonly
6405000
trusted library allocation
page read and write
66DD000
stack
page read and write
4F4E000
stack
page read and write
5DFE000
stack
page read and write
70ED000
heap
page read and write
42A0000
direct allocation
page read and write
63EE000
trusted library allocation
page read and write
26BF000
stack
page read and write
A90000
trusted library allocation
page read and write
AA4000
trusted library allocation
page read and write
5554000
trusted library allocation
page read and write
42A0000
direct allocation
page read and write
5D8A000
heap
page read and write
3722000
trusted library allocation
page read and write
5540000
trusted library allocation
page execute and read and write
9D0000
heap
page read and write
1993000
heap
page read and write
2700000
heap
page read and write
445E000
direct allocation
page read and write
6F91000
heap
page read and write
2BF0000
trusted library allocation
page read and write
443E000
direct allocation
page read and write
CDE000
stack
page read and write
1660000
heap
page read and write
4D0E000
stack
page read and write
738000
stack
page read and write
6780000
heap
page read and write
651C000
stack
page read and write
B17000
unkown
page readonly
AC6000
trusted library allocation
page execute and read and write
2AC3000
trusted library allocation
page read and write
4F72000
trusted library allocation
page read and write
2CF5000
trusted library allocation
page read and write
1942000
heap
page read and write
5EFF000
stack
page read and write
63FD000
trusted library allocation
page read and write
445E000
direct allocation
page read and write
1993000
heap
page read and write
528E000
stack
page read and write
6E70000
trusted library allocation
page execute and read and write
2B76000
trusted library allocation
page read and write
50E0000
trusted library allocation
page read and write
295F000
trusted library allocation
page read and write
5D7D000
heap
page read and write
42A0000
direct allocation
page read and write
5180000
trusted library allocation
page execute and read and write
CEB000
trusted library allocation
page execute and read and write
CE7000
trusted library allocation
page execute and read and write
3964000
trusted library allocation
page read and write
AC2000
trusted library allocation
page read and write
17FE000
stack
page read and write
4FD0000
trusted library allocation
page read and write
5F2A000
trusted library allocation
page read and write
D4E000
stack
page read and write
AA0000
trusted library allocation
page read and write
CE5000
trusted library allocation
page execute and read and write
2711000
trusted library allocation
page read and write
4100000
direct allocation
page read and write
5F02000
trusted library allocation
page read and write
5530000
trusted library allocation
page read and write
1A72000
heap
page read and write
709D000
heap
page read and write
42C0000
direct allocation
page read and write
789E000
stack
page read and write
6E40000
trusted library allocation
page read and write
1A72000
heap
page read and write
67A0000
heap
page read and write
CE2000
trusted library allocation
page read and write
94E000
heap
page read and write
1780000
heap
page read and write
5F1A000
trusted library allocation
page read and write
4BBA000
trusted library allocation
page read and write
4120000
direct allocation
page read and write
5D32000
heap
page read and write
43ED000
direct allocation
page read and write
4F7E000
trusted library allocation
page read and write
195C000
heap
page read and write
A30000
heap
page read and write
7084000
heap
page read and write
43E9000
direct allocation
page read and write
15FD000
stack
page read and write
4100000
direct allocation
page read and write
1955000
heap
page execute and read and write
2B5E000
trusted library allocation
page read and write
70E2000
heap
page read and write
4F66000
trusted library allocation
page read and write
43C9000
direct allocation
page read and write
4120000
direct allocation
page read and write
43C9000
direct allocation
page read and write
2C6E000
trusted library allocation
page read and write
7102000
heap
page read and write
4FB1000
trusted library allocation
page read and write
5CD2000
heap
page read and write
7080000
heap
page read and write
70D5000
heap
page read and write
443E000
direct allocation
page read and write
2CFF000
trusted library allocation
page read and write
ABD000
trusted library allocation
page execute and read and write
2C25000
trusted library allocation
page read and write
42A0000
direct allocation
page read and write
4FE0000
trusted library allocation
page read and write
4F50000
trusted library allocation
page read and write
There are 336 hidden memdumps, click here to show them.