IOC Report
OUvD2Iu1tw.exe

loading gifFilesProcessesURLsDomainsIPsRegistryMemdumps321010010Label

Files

File Path
Type
Category
Malicious
Download
OUvD2Iu1tw.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\OUvD2Iu1tw.exe.log
ASCII text, with CRLF line terminators
dropped
 malicious
C:\Users\user\AppData\Local\Temp\tmp235C.tmp
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\tmp236D.tmp
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\tmp237E.tmp
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\tmp238E.tmp
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\tmp239F.tmp
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\tmp23CF.tmp
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\tmp585D.tmp
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\tmp586E.tmp
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\tmp587E.tmp
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\tmp588F.tmp
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\tmp589F.tmp
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\tmp58B0.tmp
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\tmp58C1.tmp
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\tmp81CB.tmp
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 2, database pages 20, cookie 0xc, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\tmp81DB.tmp
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 2, database pages 20, cookie 0xc, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\tmp81EC.tmp
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 2, database pages 20, cookie 0xc, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\tmp81FD.tmp
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 2, database pages 20, cookie 0xc, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\tmp81FE.tmp
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 2, database pages 20, cookie 0xc, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\tmp820E.tmp
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 2, database pages 20, cookie 0xc, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\tmp821F.tmp
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 6, database pages 68, cookie 0x4a, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Temp\tmp8CC2.tmp
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\tmp8CD3.tmp
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\tmp8CE3.tmp
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\tmp8CF4.tmp
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\tmp8D05.tmp
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\tmp8D15.tmp
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\tmp8D26.tmp
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\tmpB814.tmp
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 6, database pages 68, cookie 0x4a, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Temp\tmpB825.tmp
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 6, database pages 68, cookie 0x4a, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Temp\tmpB845.tmp
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 6, database pages 68, cookie 0x4a, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Temp\tmpB856.tmp
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 6, database pages 68, cookie 0x4a, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Temp\tmpB866.tmp
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 6, database pages 68, cookie 0x4a, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Temp\tmpB867.tmp
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 6, database pages 68, cookie 0x4a, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Temp\tmpB878.tmp
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 6, database pages 68, cookie 0x4a, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Temp\tmpB889.tmp
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 6, database pages 68, cookie 0x4a, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Temp\tmpC07D.tmp
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\tmpC08E.tmp
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\tmpC08F.tmp
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\tmpC090.tmp
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\tmpC091.tmp
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\tmpC0A1.tmp
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\tmpEDF2.tmp
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 6, database pages 68, cookie 0x4a, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Temp\tmpEE02.tmp
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 6, database pages 68, cookie 0x4a, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Temp\tmpEE13.tmp
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 6, database pages 68, cookie 0x4a, schema 4, UTF-8, version-valid-for 6
dropped
There are 36 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\OUvD2Iu1tw.exe
"C:\Users\user\Desktop\OUvD2Iu1tw.exe"
 malicious
C:\Users\user\Desktop\OUvD2Iu1tw.exe
"C:\Users\user\Desktop\OUvD2Iu1tw.exe"
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

URLs

Name
IP
Malicious
http://185.222.57.71:55615/
185.222.57.71
 malicious
185.222.57.71:55615
malicious
https://api.ipify.orgcookies//settinString.Removeg
unknown
 malicious
http://www.fontbureau.com/designersG
unknown
https://duckduckgo.com/ac/?q=
unknown
http://185.222.57.71:55615
unknown
http://www.fontbureau.com/designers/?
unknown
http://www.founder.com.cn/cn/bThe
unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing/faultX
unknown
http://www.fontbureau.com/designers?
unknown
http://tempuri.org/Endpoint/EnvironmentSettings
unknown
https://api.ip.sb/geoip
104.26.12.31
http://schemas.xmlsoap.org/soap/envelope/
unknown
http://www.tiro.com
unknown
http://tempuri.org/
unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
http://www.fontbureau.com/designers
unknown
http://tempuri.org/Endpoint/VerifyUpdateResponse
unknown
http://tempuri.org/Endpoint/SetEnvironment
unknown
http://tempuri.org/Endpoint/SetEnvironmentResponse
unknown
http://www.sajatypeworks.com
unknown
http://tempuri.org/Endpoint/GetUpdates
unknown
http://www.typography.netD
unknown
https://www.google.com/images/branding/product/ico/googleg_alldp.ico
unknown
http://www.founder.com.cn/cn/cThe
unknown
http://www.galapagosdesign.com/staff/dennis.htm
unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
unknown
http://www.galapagosdesign.com/DPlease
unknown
http://tempuri.org/Endpoint/VerifyUpdate
unknown
http://tempuri.org/0
unknown
http://www.fonts.com
unknown
http://www.urwpp.deDPlease
unknown
http://www.zhongyicts.com.cn
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
http://www.sakkal.com
unknown
https://ipinfo.io/ip%appdata%
unknown
http://www.apache.org/licenses/LICENSE-2.0
unknown
http://www.fontbureau.com
unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
unknown
http://tempuri.org/Endpoint/CheckConnectResponse
unknown
http://schemas.datacontract.org/2004/07/
unknown
https://api.ip.sb/geoip%USERPEnvironmentROFILE%
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
https://ac.ecosia.org?q=
unknown
http://tempuri.org/Endpoint/CheckConnect
unknown
http://www.carterandcone.coml
unknown
http://www.fontbureau.com/designers/cabarga.htmlN
unknown
http://www.founder.com.cn/cn
unknown
https://www.ecosia.org/newtab/v20
unknown
http://www.fontbureau.com/designers/frere-user.html
unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing
unknown
https://duckduckgo.com/chrome_newtabv20
unknown
http://tempuri.org/Endpoint/GetUpdatesResponse
unknown
http://www.jiyu-kobo.co.jp/
unknown
http://tempuri.org/Endpoint/EnvironmentSettingsResponse
unknown
http://www.fontbureau.com/designers8
unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
unknown
https://gemini.google.com/app?q=
unknown
http://schemas.xmlsoap.org/soap/actor/next
unknown
There are 49 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
api.ip.sb.cdn.cloudflare.net
104.26.12.31
api.ip.sb
unknown

IPs

IP
Domain
Country
Malicious
185.222.57.71
unknown
Netherlands
malicious
104.26.12.31
api.ip.sb.cdn.cloudflare.net
United States

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\OUvD2Iu1tw_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\OUvD2Iu1tw_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\OUvD2Iu1tw_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\OUvD2Iu1tw_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\OUvD2Iu1tw_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\OUvD2Iu1tw_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\OUvD2Iu1tw_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\OUvD2Iu1tw_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\OUvD2Iu1tw_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\OUvD2Iu1tw_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\OUvD2Iu1tw_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\OUvD2Iu1tw_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\OUvD2Iu1tw_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\OUvD2Iu1tw_RASMANCS
FileDirectory
There are 5 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
Download
3020000
trusted library allocation
page read and write
 malicious
402000
remote allocation
page execute and read and write
 malicious
34E9000
trusted library allocation
page read and write
 malicious
1520000
heap
page read and write
59B0000
trusted library allocation
page read and write
6A5A000
trusted library allocation
page read and write
6885000
heap
page read and write
33CC000
trusted library allocation
page read and write
510000
heap
page read and write
415F000
trusted library allocation
page read and write
3FE2000
trusted library allocation
page read and write
4451000
trusted library allocation
page read and write
C30000
heap
page read and write
576B000
heap
page read and write
6B50000
trusted library allocation
page execute and read and write
4FD8000
trusted library allocation
page read and write
4980000
heap
page read and write
2E84000
trusted library allocation
page read and write
82B000
trusted library allocation
page execute and read and write
4C10000
heap
page execute and read and write
5930000
trusted library allocation
page read and write
49D0000
trusted library allocation
page read and write
632000
heap
page read and write
7AF0000
trusted library allocation
page execute and read and write
71C0000
trusted library allocation
page execute and read and write
72F0000
trusted library allocation
page execute and read and write
6882000
heap
page read and write
59CA000
trusted library allocation
page read and write
5E2D000
stack
page read and write
6A85000
trusted library allocation
page read and write
6816000
heap
page read and write
305D000
trusted library allocation
page read and write
2E80000
trusted library allocation
page read and write
C38000
heap
page read and write
4A00000
trusted library allocation
page read and write
6F90000
trusted library allocation
page read and write
6868000
heap
page read and write
5772000
heap
page read and write
6F3C000
trusted library allocation
page read and write
5F0000
heap
page read and write
414D000
trusted library allocation
page read and write
5C5000
heap
page read and write
6A45000
trusted library allocation
page read and write
121E000
stack
page read and write
14A0000
trusted library allocation
page read and write
4D20000
trusted library allocation
page read and write
70E0000
heap
page read and write
7300000
trusted library allocation
page read and write
72B0000
trusted library allocation
page read and write
5B90000
trusted library allocation
page read and write
6F65000
trusted library allocation
page read and write
4F8E000
stack
page read and write
72A0000
trusted library allocation
page read and write
14D7000
trusted library allocation
page execute and read and write
6F80000
trusted library allocation
page read and write
2EB0000
heap
page execute and read and write
576E000
stack
page read and write
6F34000
trusted library allocation
page read and write
6A6F000
trusted library allocation
page read and write
2E90000
trusted library allocation
page read and write
68A2000
heap
page read and write
1460000
heap
page read and write
71B0000
trusted library allocation
page read and write
784A000
heap
page read and write
4175000
trusted library allocation
page read and write
6A42000
trusted library allocation
page read and write
7F3000
trusted library allocation
page execute and read and write
5886000
trusted library allocation
page read and write
1289000
heap
page read and write
3FFB000
trusted library allocation
page read and write
4152000
trusted library allocation
page read and write
6F48000
trusted library allocation
page read and write
59A0000
trusted library allocation
page read and write
870000
heap
page read and write
5881000
trusted library allocation
page read and write
6D30000
heap
page read and write
413D000
trusted library allocation
page read and write
58F0000
trusted library allocation
page read and write
AFE000
stack
page read and write
3FF4000
trusted library allocation
page read and write
58D0000
trusted library allocation
page read and write
49A6000
trusted library allocation
page read and write
6F40000
trusted library allocation
page read and write
27B0000
trusted library allocation
page read and write
4159000
trusted library allocation
page read and write
72C0000
trusted library allocation
page read and write
6A82000
trusted library allocation
page read and write
493E000
trusted library allocation
page read and write
86C6000
heap
page read and write
3FE8000
trusted library allocation
page read and write
68B0000
trusted library allocation
page read and write
125E000
stack
page read and write
59CD000
trusted library allocation
page read and write
59F0000
trusted library allocation
page execute and read and write
59E0000
trusted library allocation
page read and write
B3C000
stack
page read and write
682E000
heap
page read and write
6F20000
heap
page read and write
67C4000
heap
page read and write
6F36000
trusted library allocation
page read and write
14BD000
trusted library allocation
page execute and read and write
67B0000
heap
page read and write
5C0000
heap
page read and write
81A000
trusted library allocation
page execute and read and write
AE3E000
stack
page read and write
810000
trusted library allocation
page read and write
692E000
stack
page read and write
33A0000
trusted library allocation
page read and write
6A3F000
stack
page read and write
827000
trusted library allocation
page execute and read and write
6A74000
trusted library allocation
page read and write
7028000
trusted library allocation
page read and write
4A80000
heap
page read and write
4F7000
stack
page read and write
67F2000
heap
page read and write
5950000
trusted library allocation
page execute and read and write
689D000
heap
page read and write
822000
trusted library allocation
page read and write
7C1D000
stack
page read and write
4351000
trusted library allocation
page read and write
1500000
trusted library allocation
page execute and read and write
68D0000
trusted library allocation
page read and write
6A5F000
trusted library allocation
page read and write
92BA000
heap
page read and write
DC0000
heap
page read and write
68D2000
trusted library allocation
page read and write
7010000
trusted library allocation
page read and write
3370000
trusted library allocation
page read and write
49A2000
trusted library allocation
page read and write
4166000
trusted library allocation
page read and write
68A8000
heap
page read and write
6A65000
trusted library allocation
page read and write
1510000
trusted library allocation
page read and write
6920000
trusted library allocation
page execute and read and write
1810000
heap
page execute and read and write
6870000
heap
page read and write
24F5000
trusted library allocation
page read and write
516D000
stack
page read and write
7290000
trusted library allocation
page execute and read and write
14C2000
trusted library allocation
page read and write
63A000
heap
page read and write
4002000
trusted library allocation
page read and write
1268000
heap
page read and write
4E4E000
stack
page read and write
DD0000
heap
page read and write
7E0000
trusted library allocation
page read and write
25E5000
trusted library allocation
page read and write
56D000
stack
page read and write
58A1000
trusted library allocation
page read and write
4941000
trusted library allocation
page read and write
ABE000
stack
page read and write
5F8000
heap
page read and write
562E000
stack
page read and write
D5B000
stack
page read and write
6F1E000
stack
page read and write
7310000
trusted library allocation
page read and write
618000
heap
page read and write
66AE000
stack
page read and write
5B8F000
stack
page read and write
1260000
heap
page read and write
1298000
heap
page read and write
6F32000
trusted library allocation
page read and write
55EF000
stack
page read and write
662000
heap
page read and write
7840000
heap
page read and write
70D0000
heap
page read and write
58E0000
trusted library allocation
page read and write
3061000
trusted library allocation
page read and write
414A000
trusted library allocation
page read and write
2EA0000
trusted library allocation
page read and write
6F3F000
trusted library allocation
page read and write
6A6A000
trusted library allocation
page read and write
41A8000
trusted library allocation
page read and write
787C000
heap
page read and write
8A5000
trusted library allocation
page read and write
4185000
trusted library allocation
page read and write
14C6000
trusted library allocation
page execute and read and write
65E000
heap
page read and write
6F44000
trusted library allocation
page read and write
3207000
trusted library allocation
page read and write
6930000
trusted library allocation
page execute and read and write
5E6E000
stack
page read and write
35DA000
trusted library allocation
page read and write
1820000
heap
page read and write
859E000
stack
page read and write
7FD000
trusted library allocation
page execute and read and write
880000
trusted library allocation
page read and write
890000
trusted library allocation
page read and write
80D000
trusted library allocation
page execute and read and write
67CC000
heap
page read and write
17FE000
stack
page read and write
6A70000
trusted library allocation
page read and write
14A4000
trusted library allocation
page read and write
2E8A000
trusted library allocation
page read and write
5A3D000
stack
page read and write
7883000
heap
page read and write
4F90000
trusted library section
page read and write
574F000
stack
page read and write
730E000
stack
page read and write
6A40000
trusted library allocation
page read and write
6F5D000
trusted library allocation
page read and write
7A50000
trusted library allocation
page execute and read and write
700C000
stack
page read and write
5D0000
heap
page read and write
4C00000
trusted library allocation
page read and write
7AC0000
heap
page read and write
7F0000
trusted library allocation
page read and write
6910000
trusted library allocation
page execute and read and write
5870000
trusted library allocation
page read and write
7314000
trusted library allocation
page read and write
564E000
stack
page read and write
5760000
heap
page read and write
849E000
stack
page read and write
6CF000
heap
page read and write
7EF90000
trusted library allocation
page execute and read and write
24DE000
stack
page read and write
5892000
trusted library allocation
page read and write
80000
unkown
page readonly
6BEE000
stack
page read and write
7A80000
trusted library allocation
page execute and read and write
6BAE000
stack
page read and write
6A49000
trusted library allocation
page read and write
54EE000
stack
page read and write
5940000
trusted library allocation
page read and write
3376000
trusted library allocation
page read and write
7F4000
trusted library allocation
page read and write
812000
trusted library allocation
page read and write
6930000
trusted library allocation
page read and write
699000
heap
page read and write
850000
trusted library allocation
page execute and read and write
58B1000
trusted library allocation
page read and write
7020000
trusted library allocation
page read and write
86DD000
heap
page read and write
2FD1000
trusted library allocation
page read and write
7875000
heap
page read and write
34E1000
trusted library allocation
page read and write
24ED000
trusted library allocation
page read and write
162F000
stack
page read and write
14DB000
trusted library allocation
page execute and read and write
182B000
heap
page read and write
49A0000
trusted library allocation
page read and write
4946000
trusted library allocation
page read and write
68D0000
trusted library allocation
page read and write
8670000
heap
page read and write
4F4E000
stack
page read and write
5B9B000
trusted library allocation
page read and write
6952000
trusted library allocation
page read and write
67AE000
stack
page read and write
4D10000
trusted library allocation
page execute and read and write
6B6E000
trusted library allocation
page read and write
4BAE000
stack
page read and write
49B0000
trusted library allocation
page read and write
6AFE000
stack
page read and write
6A58000
trusted library allocation
page read and write
24E1000
trusted library allocation
page read and write
520000
heap
page read and write
589E000
trusted library allocation
page read and write
92B6000
heap
page read and write
7B10000
heap
page read and write
66C000
heap
page read and write
32D3000
trusted library allocation
page read and write
65AE000
stack
page read and write
4D40000
heap
page read and write
9BE000
stack
page read and write
4BEE000
stack
page read and write
4B6E000
stack
page read and write
69E000
heap
page read and write
6F70000
trusted library allocation
page read and write
14D2000
trusted library allocation
page read and write
6F56000
trusted library allocation
page read and write
860000
trusted library allocation
page read and write
2FCE000
stack
page read and write
3FD1000
trusted library allocation
page read and write
41B8000
trusted library allocation
page read and write
33D2000
trusted library allocation
page read and write
B60000
heap
page execute and read and write
4920000
trusted library allocation
page read and write
6F62000
trusted library allocation
page read and write
816000
trusted library allocation
page execute and read and write
B78000
trusted library allocation
page read and write
4197000
trusted library allocation
page read and write
339E000
trusted library allocation
page read and write
7A40000
trusted library allocation
page read and write
14AD000
trusted library allocation
page execute and read and write
586F000
stack
page read and write
4182000
trusted library allocation
page read and write
800000
trusted library allocation
page read and write
68E0000
trusted library allocation
page execute and read and write
5A80000
trusted library allocation
page execute and read and write
5B9E000
trusted library allocation
page read and write
10F7000
stack
page read and write
7C40000
heap
page read and write
418A000
trusted library allocation
page read and write
49E0000
heap
page read and write
4BF0000
heap
page read and write
1490000
trusted library allocation
page read and write
6F2E000
stack
page read and write
14B0000
trusted library allocation
page read and write
B03E000
stack
page read and write
4A10000
trusted library section
page readonly
5750000
heap
page read and write
C10000
trusted library allocation
page read and write
4A7B000
stack
page read and write
71AB000
trusted library allocation
page read and write
7857000
heap
page read and write
7D8E000
stack
page read and write
5AE000
stack
page read and write
4136000
trusted library allocation
page read and write
6D53000
heap
page read and write
1AA000
stack
page read and write
326D000
trusted library allocation
page read and write
2EC0000
heap
page read and write
6812000
heap
page read and write
4169000
trusted library allocation
page read and write
3FEF000
trusted library allocation
page read and write
419E000
trusted library allocation
page read and write
6A80000
trusted library allocation
page read and write
14D5000
trusted library allocation
page execute and read and write
1800000
trusted library allocation
page read and write
11D0000
heap
page read and write
3050000
trusted library allocation
page read and write
587B000
trusted library allocation
page read and write
145E000
stack
page read and write
71A0000
trusted library allocation
page read and write
4A35000
heap
page read and write
7A60000
trusted library allocation
page read and write
3184000
trusted library allocation
page read and write
2E7C000
stack
page read and write
494D000
trusted library allocation
page read and write
7AD0000
trusted library allocation
page execute and read and write
4A30000
heap
page read and write
6F51000
trusted library allocation
page read and write
11D5000
heap
page read and write
49E3000
heap
page read and write
5A7E000
stack
page read and write
840000
trusted library allocation
page read and write
4A20000
trusted library allocation
page execute and read and write
6A90000
trusted library allocation
page read and write
59D0000
trusted library allocation
page read and write
4191000
trusted library allocation
page read and write
6FA0000
trusted library allocation
page read and write
400000
remote allocation
page execute and read and write
4990000
trusted library allocation
page execute and read and write
7F050000
trusted library allocation
page execute and read and write
5FE000
heap
page read and write
33A4000
trusted library allocation
page read and write
127E000
heap
page read and write
7DCE000
stack
page read and write
6F58000
trusted library allocation
page read and write
417B000
trusted library allocation
page read and write
4228000
trusted library allocation
page read and write
4047000
trusted library allocation
page read and write
8B0000
heap
page read and write
45DC000
stack
page read and write
6B60000
trusted library allocation
page read and write
720E000
stack
page read and write
92A0000
heap
page read and write
3FDE000
trusted library allocation
page read and write
B40000
trusted library allocation
page read and write
7140000
trusted library section
page read and write
6F4E000
trusted library allocation
page read and write
686B000
heap
page read and write
6EDF000
stack
page read and write
8A0000
trusted library allocation
page read and write
7AE0000
trusted library allocation
page read and write
14F0000
trusted library allocation
page read and write
6D3E000
heap
page read and write
572F000
stack
page read and write
14D0000
trusted library allocation
page read and write
1300000
heap
page read and write
14C0000
trusted library allocation
page read and write
416E000
trusted library allocation
page read and write
5920000
trusted library allocation
page execute and read and write
3048000
trusted library allocation
page read and write
4143000
trusted library allocation
page read and write
6B3E000
stack
page read and write
6888000
heap
page read and write
8698000
heap
page read and write
14A3000
trusted library allocation
page execute and read and write
82000
unkown
page readonly
31A2000
trusted library allocation
page read and write
1827000
heap
page read and write
There are 372 hidden memdumps, click here to show them.