IOCReport

loading gif

Files

File Path
Type
Category
Malicious
Sample_B.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Roaming\Windows Update.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Windows Update.exe:Zone.Identifier
ASCII text, with CRLF line terminators
modified
 malicious
C:\Users\user\AppData\Roaming\WindowsUpdate.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\WindowsUpdate.exe:Zone.Identifier
ASCII text, with CRLF line terminators
modified
 malicious
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
data
dropped
 clean
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Microsoft Cabinet archive data, 59134 bytes, 1 file
dropped
 clean
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
data
dropped
 clean
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
data
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_windows update.e_8def7a6b85a0513a7da3debaf0f7a2c3a14caff_0b1db1a4\Report.wer
data
modified
 clean
C:\Users\user\AppData\Local\Temp\CabAB00.tmp
Microsoft Cabinet archive data, 59134 bytes, 1 file
dropped
 clean
C:\Users\user\AppData\Local\Temp\SysInfo.txt
ASCII text, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\TarAB01.tmp
data
dropped
 clean
C:\Users\user\AppData\Local\Temp\WERA42C.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Roaming\pid.txt
ASCII text, with no line terminators
dropped
 clean
C:\Users\user\AppData\Roaming\pidloc.txt
ASCII text, with no line terminators
dropped
 clean
There are 6 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\Sample_B.exe
'C:\Users\user\Desktop\Sample_B.exe'
malicious
C:\Users\user\AppData\Roaming\Windows Update.exe
'C:\Users\user\AppData\Roaming\Windows Update.exe'
malicious
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext 'C:\Users\user\AppData\Local\Temp\holdermail.txt'
 malicious
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext 'C:\Users\user\AppData\Local\Temp\holderwb.txt'
 malicious
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
dw20.exe -x -s 1708
 clean

URLs

Name
IP
Malicious
http://www.windows.com/pctv.
unknown
 clean
http://investor.msn.com
unknown
 clean
http://www.msnbc.com/news/ticker.txt
unknown
 clean
http://crl.entrust.net/server1.crl0
unknown
 clean
http://ocsp.entrust.net03
unknown
 clean
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
unknown
 clean
http://pki.goog/gsr2/GTS1O1.crt0
unknown
 clean
http://www.diginotar.nl/cps/pkioverheid0
unknown
 clean
http://ocsp.pki.goog/gsr202
unknown
 clean
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
unknown
 clean
http://www.hotmail.com/oe
unknown
 clean
https://pki.goog/repository/0
unknown
 clean
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
unknown
 clean
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
unknown
 clean
http://www.icra.org/vocabulary/.
unknown
 clean
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
unknown
 clean
http://ocsp.pki.goog/gts1o1core0
unknown
 clean
http://investor.msn.com/
unknown
 clean
http://crl.pki.goog/GTS1O1core.crl0
unknown
 clean
http://whatismyipaddress.com/-
unknown
 clean
http://www.%s.comPA
unknown
 clean
https://login.yahoo.com/config/login
unknown
 clean
http://www.site.com/logs.php
unknown
 clean
http://whatismyipaddress.com/
104.16.155.36
 clean
http://crl.pki.goog/gsr2/gsr2.crl0?
unknown
 clean
http://www.nirsoft.net/
unknown
 clean
http://ocsp.entrust.net0D
unknown
 clean
https://secure.comodo.com/CPS0
unknown
 clean
http://crl.entrust.net/2048ca.crl0
unknown
 clean
There are 19 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
163.190.5.0.in-addr.arpa
unknown
 malicious
whatismyipaddress.com
104.16.155.36
 clean
cdn.digicertcdn.com
104.18.10.39
 clean
smtp.gmail.com
66.102.1.108
 clean

IPs

IP
Domain
Country
Active
Malicious
104.16.155.36
unknown
United States
unknown
 clean
66.102.1.108
unknown
United States
unknown
 clean

Registry

Path
Value
Malicious
C:\Users\user\AppData\Roaming\Windows Update.exe
Hidden
 malicious
C:\Users\user\Desktop\Sample_B.exe
FontCachePath
 clean
C:\Users\user\AppData\Roaming\Windows Update.exe
EnableFileTracing
 clean
C:\Users\user\AppData\Roaming\Windows Update.exe
EnableConsoleTracing
 clean
C:\Users\user\AppData\Roaming\Windows Update.exe
FileTracingMask
 clean
C:\Users\user\AppData\Roaming\Windows Update.exe
ConsoleTracingMask
 clean
C:\Users\user\AppData\Roaming\Windows Update.exe
MaxFileSize
 clean
C:\Users\user\AppData\Roaming\Windows Update.exe
FileDirectory
 clean
C:\Users\user\AppData\Roaming\Windows Update.exe
EnableFileTracing
 clean
C:\Users\user\AppData\Roaming\Windows Update.exe
EnableConsoleTracing
 clean
C:\Users\user\AppData\Roaming\Windows Update.exe
FileTracingMask
 clean
C:\Users\user\AppData\Roaming\Windows Update.exe
ConsoleTracingMask
 clean
C:\Users\user\AppData\Roaming\Windows Update.exe
MaxFileSize
 clean
C:\Users\user\AppData\Roaming\Windows Update.exe
FileDirectory
 clean
C:\Users\user\AppData\Roaming\Windows Update.exe
Windows Update
 clean
C:\Users\user\AppData\Roaming\Windows Update.exe
Blob
 clean
C:\Users\user\AppData\Roaming\Windows Update.exe
Blob
 clean
C:\Users\user\AppData\Roaming\Windows Update.exe
Blob
 clean
C:\Users\user\AppData\Roaming\Windows Update.exe
Blob
 clean
C:\Users\user\AppData\Roaming\Windows Update.exe
Blob
 clean
C:\Users\user\AppData\Roaming\Windows Update.exe
Blob
 clean
There are 11 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
BC2000
unkown image
page execute read
 malicious
3610000
unkown
page read and write
 malicious
EE2000
unkown image
page execute read
 malicious
3371000
unkown
page read and write
 malicious
EE2000
unkown image
page execute read
 malicious
BC2000
unkown image
page execute read
 malicious
2371000
unkown
page read and write
 malicious
54A9000
unkown
page read and write
 malicious
BA0000
unkown
page readonly
 clean
99AF000
stack
page read and write
 clean
1A0000
unkown
page read and write
 clean
B9E000
unkown
page read and write | page guard
 clean
20000
unkown
page read and write
 clean
4422000
heap private
page read and write
 clean
50D2000
unkown
page read and write
 clean
1F9000
stack
page read and write
 clean
685D000
unkown
page read and write
 clean
F9000
unkown
page read and write
 clean
A70000
unkown
page read and write
 clean
A10000
unkown
page readonly
 clean
76E2000
unkown
page readonly
 clean
76B4000
unkown
page readonly
 clean
608F000
stack
page read and write
 clean
5E0000
heap private
page read and write
 clean
6B7C000
unkown
page read and write
 clean
68EC000
unkown
page read and write
 clean
6E3E000
unkown
page read and write
 clean
F62000
unkown image
page readonly
 clean
6A60000
unkown
page read and write
 clean
F0000
unkown
page read and write
 clean
6F0B000
unkown
page read and write
 clean
7712000
unkown
page readonly
 clean
827000
heap private
page read and write
 clean
6942000
unkown
page read and write
 clean
2D2000
unkown
page read and write
 clean
6EBA000
unkown
page read and write
 clean
4790000
unkown
page read and write
 clean
6E56000
unkown
page read and write
 clean
6B8B000
unkown
page read and write
 clean
4400000
heap private
page read and write
 clean
2A9000
stack
page read and write
 clean
ED0000
unkown
page read and write
 clean
7294000
unkown
page read and write
 clean
29A000
unkown
page execute and read and write
 clean
46F0000
unkown
page read and write
 clean
6610000
heap private
page read and write
 clean
3490000
unkown
page read and write
 clean
66B2000
unkown
page read and write
 clean
36A7000
unkown
page read and write
 clean
9C0000
unkown
page readonly
 clean
6947000
unkown
page read and write
 clean
4F1000
unkown
page read and write
 clean
7A40000
unkown
page readonly
 clean
491E000
unkown
page read and write
 clean
3AB000
unkown
page read and write
 clean
47A0000
unkown
page read and write
 clean
5034000
unkown
page read and write
 clean
4370000
unkown
page read and write
 clean
505C000
unkown
page read and write
 clean
5640000
unkown
page read and write
 clean
5093000
unkown
page read and write
 clean
7725000
unkown
page readonly
 clean
6AB2000
unkown
page read and write
 clean
2E0000
heap private
page read and write
 clean
64EB000
unkown
page read and write
 clean
400000
unkown
page execute and read and write
 clean
7672000
unkown
page readonly
 clean
7694000
unkown
page readonly
 clean
33F0000
unkown
page read and write
 clean
FC000
unkown
page read and write
 clean
6553000
unkown
page read and write
 clean
7966000
unkown
page read and write
 clean
2C0000
unkown
page read and write
 clean
51EF000
unkown
page read and write
 clean
B50000
unkown
page readonly
 clean
BC0000
unkown image
page readonly
 clean
69D1000
unkown
page read and write
 clean
70000
unkown
page read and write
 clean
4700000
unkown
page read and write
 clean
6A0A000
unkown
page read and write
 clean
395000
unkown
page read and write
 clean
A10C000
stack
page read and write
 clean
3A7000
unkown
page read and write
 clean
8A0000
heap default
page read and write
 clean
4450000
heap private
page read and write
 clean
390000
unkown
page read and write
 clean
4404000
heap private
page read and write
 clean
397000
unkown
page read and write
 clean
3590000
unkown
page read and write
 clean
4490000
unkown
page read and write
 clean
7971000
unkown
page read and write
 clean
883E000
unkown
page readonly
 clean
6850000
unkown
page read and write
 clean
9BAE000
stack
page read and write
 clean
76B2000
unkown
page readonly
 clean
672A000
unkown
page read and write
 clean
54DA000
unkown
page read and write
 clean
AC0000
unkown
page read and write
 clean
7EFDF000
unkown
page read and write
 clean
6B4E000
unkown
page read and write
 clean
2100000
heap private
page read and write
 clean
43E0000
unkown
page readonly
 clean
61CB000
unkown
page read and write
 clean
93CE000
stack
page read and write
 clean
49EF000
stack
page read and write
 clean
6A1E000
unkown
page read and write
 clean
6E40000
unkown
page read and write
 clean
2F6000
unkown
page read and write
 clean
7EFDF000
unkown
page read and write
 clean
390000
unkown
page read and write
 clean
400000
unkown
page readonly
 clean
622000
heap private
page execute and read and write
 clean
7D7D000
unkown
page readonly
 clean
18E000
unkown
page read and write
 clean
69D7000
unkown
page read and write
 clean
2531000
unkown
page read and write
 clean
505D000
unkown
page read and write
 clean
6A46000
unkown
page read and write
 clean
6A92000
unkown
page read and write
 clean
4490000
unkown
page read and write
 clean
5640000
unkown
page read and write
 clean
6E14000
unkown
page read and write
 clean
50A2000
unkown
page read and write
 clean
45FE000
stack
page read and write
 clean
579E000
stack
page read and write
 clean
58FF000
unkown
page read and write
 clean
6EF9000
unkown
page read and write
 clean
5C17000
unkown
page readonly
 clean
4630000
unkown
page readonly
 clean
5360000
unkown
page read and write
 clean
7692000
unkown
page readonly
 clean
5640000
unkown
page read and write
 clean
4490000
unkown
page read and write
 clean
3688000
unkown
page read and write
 clean
553E000
stack
page read and write
 clean
447000
heap default
page read and write
 clean
80000
unkown
page readonly
 clean
691E000
unkown
page read and write
 clean
650000
unkown
page readonly
 clean
5093000
unkown
page read and write
 clean
6D11000
unkown
page read and write
 clean
3688000
unkown
page read and write
 clean
3AE000
unkown
page read and write
 clean
5C0E000
stack
page read and write
 clean
43C0000
unkown
page readonly
 clean
50EE000
stack
page read and write
 clean
660000
heap private
page read and write
 clean
5840000
heap private
page read and write
 clean
8282000
unkown
page readonly
 clean
1F7000
unkown
page read and write | page guard
 clean
5398000
unkown
page read and write
 clean
35B0000
unkown
page read and write
 clean
7310000
unkown
page read and write
 clean
44A0000
unkown
page readonly
 clean
36C7000
unkown
page read and write
 clean
51F0000
unkown image
page readonly
 clean
390000
unkown
page read and write
 clean
6A25000
unkown
page read and write
 clean
4B0000
unkown
page readonly
 clean
5F0000
unkown
page readonly
 clean
540000
unkown
page read and write
 clean
6A8F000
unkown
page read and write
 clean
260000
unkown
page read and write
 clean
6825000
unkown
page read and write
 clean
67F4000
unkown
page read and write
 clean
6FEE000
unkown
page read and write
 clean
51E0000
heap private
page read and write
 clean
29B8000
unkown
page read and write
 clean
9CC000
unkown
page readonly
 clean
7075000
unkown
page read and write
 clean
570000
unkown
page readonly
 clean
6795000
unkown
page read and write
 clean
53F6000
unkown
page read and write
 clean
2BA000
unkown
page execute and read and write
 clean
588E000
unkown
page read and write
 clean
6DC4000
unkown
page read and write
 clean
6A0D000
unkown
page read and write
 clean
3530000
unkown
page read and write
 clean
49F0000
unkown
page readonly
 clean
5D0000
unkown
page execute and read and write
 clean
3A6000
unkown
page read and write
 clean
67EA000
unkown
page read and write
 clean
4790000
unkown
page read and write
 clean
66DB000
unkown
page read and write
 clean
4F1000
unkown
page read and write
 clean
9C7000
unkown
page readonly
 clean
44B0000
unkown
page read and write
 clean
8A000
unkown
page read and write
 clean
76AE000
unkown
page read and write
 clean
34D0000
unkown
page read and write
 clean
6D6C000
stack
page read and write
 clean
5AF000
unkown
page read and write
 clean
7EFDF000
unkown
page read and write
 clean
78DC000
unkown
page read and write
 clean
48AE000
unkown
page read and write
 clean
A10000
unkown
page read and write
 clean
565D000
unkown
page read and write
 clean
225E000
unkown
page read and write | page guard
 clean
397000
unkown
page read and write
 clean
5497000
unkown
page read and write
 clean
5604000
heap private
page read and write
 clean
4440000
unkown
page read and write
 clean
44A0000
unkown
page read and write
 clean
68BC000
stack
page read and write
 clean
50E6000
unkown
page read and write
 clean
6F16000
unkown
page read and write
 clean
4C2000
heap default
page read and write
 clean
549A000
unkown
page read and write
 clean
5460000
unkown
page read and write
 clean
2260000
unkown
page readonly
 clean
64D0000
unkown
page read and write
 clean
6A54000
unkown
page read and write
 clean
71E6000
unkown
page read and write
 clean
A5D000
unkown
page read and write
 clean
35F0000
unkown
page read and write
 clean
3B9000
unkown
page read and write
 clean
18E000
unkown
page read and write
 clean
76F5000
unkown
page readonly
 clean
F0000
unkown
page readonly
 clean
4490000
unkown
page read and write
 clean
6C08000
unkown
page read and write
 clean
77B2000
unkown
page readonly
 clean
6940000
unkown
page read and write
 clean
27A000
unkown
page execute and read and write
 clean
51E5000
heap private
page read and write
 clean
4C0000
unkown
page readonly
 clean
6A51000
unkown
page read and write
 clean
6DF3000
unkown
page read and write
 clean
54A1000
unkown
page read and write
 clean
50E6000
unkown
page read and write
 clean
550000
unkown
page execute and read and write
 clean
2A7000
unkown
page read and write | page guard
 clean
9A0000
unkown
page read and write
 clean
5077000
unkown
page read and write
 clean
69BE000
unkown
page read and write
 clean
6E78000
unkown
page read and write
 clean
A10000
unkown
page readonly
 clean
79E0000
unkown
page readonly
 clean
5640000
unkown
page read and write
 clean
6BB8000
unkown
page read and write
 clean
36C7000
unkown
page read and write
 clean
37C000
heap default
page read and write
 clean
B9F000
unkown
page read and write
 clean
578E000
unkown
page read and write
 clean
33B0000
unkown
page read and write
 clean
6E8B000
unkown
page read and write
 clean
6E05000
unkown
page read and write
 clean
5EEE000
stack
page read and write
 clean
ED0000
unkown
page read and write
 clean
6DFE000
unkown
page read and write
 clean
143000
heap default
page read and write
 clean
7321000
unkown
page read and write
 clean
67C8000
unkown
page read and write
 clean
69BA000
unkown
page read and write
 clean
604000
heap private
page execute and read and write
 clean
7835000
unkown
page readonly
 clean
6D6B000
unkown
page read and write
 clean
5ADB000
unkown
page read and write
 clean
5640000
unkown
page read and write
 clean
4490000
unkown
page read and write
 clean
867F000
unkown
page readonly
 clean
5640000
unkown
page read and write
 clean
44C0000
heap private
page read and write
 clean
3A6000
unkown
page read and write
 clean
6939000
unkown
page read and write
 clean
D0000
heap default
page read and write
 clean
67F0000
unkown
page read and write
 clean
477E000
unkown
page read and write
 clean
53C4000
unkown
page read and write
 clean
6C92000
unkown
page read and write
 clean
3410000
unkown
page read and write
 clean
6884000
unkown
page read and write
 clean
990000
unkown
page read and write
 clean
7C72000
unkown
page readonly
 clean
4BB000
heap default
page read and write
 clean
6CD9000
unkown
page read and write
 clean
790000
unkown
page readonly
 clean
927B000
stack
page read and write
 clean
6527000
unkown
page read and write
 clean
66B0000
heap private
page read and write
 clean
2A6000
unkown
page read and write
 clean
11A000
unkown
page execute and read and write
 clean
53A0000
heap private
page read and write
 clean
505C000
unkown
page read and write
 clean
74B8000
unkown
page readonly
 clean
5640000
unkown
page read and write
 clean
7819000
unkown
page readonly
 clean
5640000
unkown
page read and write
 clean
650000
heap private
page read and write
 clean
5C9E000
unkown
page read and write
 clean
A80000
heap private
page execute and read and write
 clean
7DDA000
unkown
page readonly
 clean
9860000
heap private
page execute and read and write
 clean
6A17000
unkown
page read and write
 clean
6E35000
unkown
page read and write
 clean
77E2000
unkown
page readonly
 clean
613E000
stack
page read and write
 clean
2DB000
unkown
page execute and read and write
 clean
50F0000
unkown
page write copy
 clean
8DA0000
unkown
page readonly
 clean
77B9000
unkown
page readonly
 clean
543C000
unkown
page read and write
 clean
79A2000
unkown
page readonly
 clean
EE0000
unkown image
page readonly
 clean
970A000
stack
page read and write
 clean
2B6000
unkown
page execute and read and write
 clean
324000
heap default
page read and write
 clean
6EC5000
unkown
page read and write
 clean
C42000
unkown image
page readonly
 clean
4490000
unkown
page read and write
 clean
658E000
unkown
page read and write
 clean
51EE000
unkown
page read and write | page guard
 clean
307000
heap default
page read and write
 clean
668E000
unkown
page read and write
 clean
3BB000
unkown
page read and write
 clean
1F6000
unkown
page read and write
 clean
7B01000
unkown
page readonly
 clean
67F7000
unkown
page read and write
 clean
640000
unkown
page execute and read and write
 clean
2C2000
unkown
page execute and read and write
 clean
8255000
unkown
page readonly
 clean
36A7000
unkown
page read and write
 clean
2050000
unkown
page readonly
 clean
12A000
unkown
page read and write
 clean
6A67000
unkown
page read and write
 clean
3B1000
unkown
page read and write
 clean
8D000
unkown
page read and write
 clean
6E97000
unkown
page read and write
 clean
2E7000
heap private
page read and write
 clean
670000
unkown
page readonly
 clean
69C3000
unkown
page read and write
 clean
43D0000
unkown
page read and write
 clean
299E000
unkown
page read and write
 clean
4AE000
unkown
page read and write
 clean
561000
unkown
page read and write
 clean
600000
heap private
page execute and read and write
 clean
640000
unkown
page readonly
 clean
6670000
unkown
page read and write
 clean
5540000
unkown
page read and write
 clean
4FF0000
unkown
page read and write
 clean
2AA000
unkown
page execute and read and write
 clean
54A2000
unkown
page read and write
 clean
6FF9000
unkown
page read and write
 clean
4798000
unkown
page read and write
 clean
66F0000
unkown
page read and write
 clean
677D000
unkown
page read and write
 clean
523E000
unkown
page read and write
 clean
542D000
unkown
page read and write
 clean
58FE000
unkown
page read and write | page guard
 clean
478E000
unkown
page read and write
 clean
6DAE000
unkown
page read and write
 clean
430000
unkown
page readonly
 clean
3450000
unkown
page read and write
 clean
47FD000
unkown
page read and write
 clean
538E000
unkown
page read and write
 clean
E9000
unkown
page read and write
 clean
5AB000
unkown
page readonly
 clean
634A000
unkown
page read and write
 clean
7796000
unkown
page readonly
 clean
36C7000
unkown
page read and write
 clean
3688000
unkown
page read and write
 clean
1C0000
unkown
page readonly
 clean
5421000
unkown
page read and write
 clean
666E000
unkown
page read and write
 clean
69C6000
unkown
page read and write
 clean
4E7000
heap default
page read and write
 clean
44B0000
unkown
page read and write
 clean
C42000
unkown image
page readonly
 clean
810000
unkown
page readonly
 clean
950A000
stack
page read and write
 clean
5640000
unkown
page read and write
 clean
36C7000
unkown
page read and write
 clean
BC0000
unkown image
page readonly
 clean
5600000
heap private
page read and write
 clean
29BA000
unkown
page read and write
 clean
1C0000
unkown
page readonly
 clean
34B0000
unkown
page read and write
 clean
5EC000
heap private
page read and write
 clean
62FE000
stack
page read and write
 clean
3470000
unkown
page read and write
 clean
5640000
unkown
page read and write
 clean
20000
unkown
page read and write
 clean
7799000
unkown
page readonly
 clean
46F0000
unkown
page read and write
 clean
43E0000
unkown
page read and write
 clean
777A000
unkown
page read and write
 clean
6A20000
unkown
page read and write
 clean
4700000
unkown
page read and write
 clean
3430000
unkown
page read and write
 clean
7EF40000
unkown
page execute and read and write
 clean
560B000
heap private
page read and write
 clean
390000
unkown
page read and write
 clean
300000
heap default
page read and write
 clean
310000
heap default
page read and write
 clean
690F000
unkown
page read and write
 clean
67BC000
unkown
page read and write
 clean
500D000
unkown
page read and write
 clean
4F9E000
unkown
page read and write | page guard
 clean
6C7E000
unkown
page read and write
 clean
6632000
unkown
page read and write
 clean
58A0000
unkown
page read and write
 clean
4810000
heap private
page read and write
 clean
28A000
unkown
page execute and read and write
 clean
A70000
unkown
page read and write
 clean
3550000
unkown
page read and write
 clean
6AAB000
unkown
page read and write
 clean
C6000
heap default
page read and write
 clean
6E54000
unkown
page read and write
 clean
2B4000
heap private
page read and write
 clean
F6000
unkown
page read and write
 clean
35D0000
unkown
page read and write
 clean
3687000
unkown
page read and write
 clean
64E0000
unkown
page read and write
 clean
BD000
heap default
page read and write
 clean
6A97000
unkown
page read and write
 clean
47A0000
unkown
page read and write
 clean
4A2F000
stack
page read and write
 clean
280000
unkown
page read and write
 clean
9A0000
unkown
page read and write
 clean
5058000
unkown
page read and write
 clean
72E5000
unkown
page read and write
 clean
45B000
unkown
page read and write
 clean
1A2000
unkown
page execute and read and write
 clean
6880000
unkown
page read and write
 clean
6B40000
unkown
page read and write
 clean
6856000
unkown
page read and write
 clean
225F000
unkown
page read and write
 clean
BC0000
unkown image
page readonly
 clean
464000
heap default
page read and write
 clean
44B0000
unkown
page read and write
 clean
548000
unkown
page read and write
 clean
3570000
unkown
page read and write
 clean
6E48000
unkown
page read and write
 clean
395000
unkown
page read and write
 clean
535E000
stack
page read and write
 clean
5640000
unkown
page read and write
 clean
67C5000
unkown
page read and write
 clean
6A5E000
stack
page read and write
 clean
709A000
unkown
page read and write
 clean
F5000
unkown
page read and write
 clean
8918000
unkown
page readonly
 clean
5640000
unkown
page read and write
 clean
7805000
unkown
page readonly
 clean
AD0000
unkown
page readonly
 clean
540D000
unkown
page read and write
 clean
20B0000
heap private
page read and write
 clean
393000
heap default
page read and write
 clean
548F000
unkown
page read and write
 clean
2F0000
unkown
page read and write
 clean
5077000
unkown
page read and write
 clean
738F000
unkown
page read and write
 clean
6A01000
unkown
page read and write
 clean
6E83000
unkown
page read and write
 clean
2122000
heap private
page read and write
 clean
7772000
unkown
page readonly
 clean
60000
unkown
page readonly
 clean
66D0000
unkown
page read and write
 clean
EE0000
unkown image
page readonly
 clean
6EB7000
unkown
page read and write
 clean
33D0000
unkown
page read and write
 clean
AD0000
unkown
page read and write
 clean
7785000
unkown
page readonly
 clean
6F01000
unkown
page read and write
 clean
4A30000
unkown
page readonly
 clean
A60000
unkown
page read and write
 clean
5290000
heap private
page read and write
 clean
6632000
heap private
page read and write
 clean
44B0000
unkown
page read and write
 clean
50D2000
unkown
page read and write
 clean
28C000
unkown
page execute and read and write
 clean
43BD000
unkown
page read and write
 clean
3FC000
heap default
page read and write
 clean
474C000
unkown
page read and write
 clean
5094000
unkown
page read and write
 clean
69D9000
unkown
page read and write
 clean
2B0000
heap private
page read and write
 clean
54B2000
unkown
page read and write
 clean
391000
unkown
page read and write
 clean
660000
unkown
page readonly
 clean
6DFB000
unkown
page read and write
 clean
5497000
unkown
page read and write
 clean
87000
heap default
page read and write
 clean
6B09000
unkown
page read and write
 clean
68DF000
unkown
page read and write
 clean
5058000
unkown
page read and write
 clean
6682000
unkown
page read and write
 clean
5DCE000
stack
page read and write
 clean
5640000
unkown
page read and write
 clean
6A65000
unkown
page read and write
 clean
3BC000
unkown
page read and write
 clean
50B6000
unkown
page read and write
 clean
82D000
heap private
page read and write
 clean
6BC7000
unkown
page read and write
 clean
7755000
unkown
page readonly
 clean
57CE000
unkown
page read and write
 clean
12A000
unkown
page read and write
 clean
2A2000
unkown
page execute and read and write
 clean
A6D000
unkown
page read and write
 clean
64DE000
stack
page read and write
 clean
8818000
unkown
page readonly
 clean
67BA000
unkown
page read and write
 clean
440000
heap default
page read and write
 clean
5640000
unkown
page read and write
 clean
681D000
unkown
page read and write
 clean
67C1000
unkown
page read and write
 clean
6A60000
unkown
page read and write
 clean
4D0000
unkown
page read and write
 clean
E0000
unkown
page read and write
 clean
6AD0000
unkown
page read and write
 clean
69FF000
unkown
page read and write
 clean
5427000
unkown
page read and write
 clean
D0000
unkown
page readonly
 clean
653F000
unkown
page read and write
 clean
860000
heap default
page read and write
 clean
34F0000
unkown
page read and write
 clean
FE000
unkown
page read and write
 clean
AF0000
unkown
page readonly
 clean
2582000
unkown
page read and write
 clean
50B6000
unkown
page read and write
 clean
6EFB000
unkown
page read and write
 clean
658000
heap private
page read and write
 clean
7110000
unkown
page readonly
 clean
6FAC000
unkown
page read and write
 clean
43F0000
unkown
page execute and read and write
 clean
779D000
unkown
page readonly
 clean
6EC2000
unkown
page read and write
 clean
100000
unkown
page read and write
 clean
692C000
unkown
page read and write
 clean
7983000
unkown
page read and write
 clean
50A2000
unkown
page read and write
 clean
3688000
unkown
page read and write
 clean
7EFDF000
unkown
page read and write
 clean
29A0000
unkown
page read and write
 clean
C8000
heap default
page read and write
 clean
F62000
unkown image
page readonly
 clean
4463000
heap private
page read and write
 clean
12C0000
heap private
page read and write
 clean
36A7000
unkown
page read and write
 clean
7742000
unkown
page readonly
 clean
8D7F000
unkown
page readonly
 clean
46E0000
unkown
page read and write
 clean
8D000
unkown
page read and write
 clean
54A8000
unkown
page read and write
 clean
7130000
unkown
page readonly
 clean
5640000
unkown
page read and write
 clean
25A000
unkown
page read and write
 clean
6823000
unkown
page read and write
 clean
6ED8000
unkown
page read and write
 clean
5640000
unkown
page read and write
 clean
5640000
unkown
page read and write
 clean
7A00000
unkown
page readonly
 clean
654E000
unkown
page read and write
 clean
55AE000
unkown
page read and write
 clean
7766000
unkown
page readonly
 clean
796B000
unkown
page read and write
 clean
12A000
unkown
page read and write
 clean
7674000
unkown
page readonly
 clean
5A30000
unkown
page readonly
 clean
7F0000
unkown
page readonly
 clean
6F03000
unkown
page read and write
 clean
6AAF000
unkown
page read and write
 clean
46F0000
unkown
page read and write
 clean
6AFA000
unkown
page read and write
 clean
50B6000
unkown
page read and write
 clean
5890000
unkown
page read and write
 clean
3A6000
unkown
page read and write
 clean
27D000
unkown
page read and write
 clean
65A1000
unkown
page read and write
 clean
7A20000
unkown
page readonly
 clean
6ECD000
unkown
page read and write
 clean
65BE000
unkown
page read and write
 clean
43C0000
unkown
page read and write
 clean
640000
heap default
page read and write
 clean
5E8000
heap private
page read and write
 clean
7EF40000
unkown
page execute and read and write
 clean
6EBD000
unkown
page read and write
 clean
77E9000
unkown
page readonly
 clean
4E0000
unkown
page execute and read and write
 clean
4700000
unkown
page read and write
 clean
47A0000
unkown
page read and write
 clean
685A000
unkown
page read and write
 clean
112000
unkown
page execute and read and write
 clean
3B9000
unkown
page read and write
 clean
48A000
heap default
page read and write
 clean
6E80000
unkown
page read and write
 clean
7812000
unkown
page readonly
 clean
E70000
unkown
page readonly
 clean
4E7E000
unkown
page read and write
 clean
679A000
unkown
page read and write
 clean
6A99000
unkown
page read and write
 clean
600000
heap private
page execute and read and write
 clean
55FD000
unkown
page read and write
 clean
146000
heap default
page read and write
 clean
ED000
heap default
page read and write
 clean
5640000
unkown
page read and write
 clean
67D1000
unkown
page read and write
 clean
6A5E000
unkown
page read and write
 clean
B1E000
unkown
page read and write
 clean
661E000
unkown
page read and write
 clean
75B2000
unkown
page readonly
 clean
77D5000
unkown
page readonly
 clean
5608000
heap private
page read and write
 clean
6BF5000
unkown
page read and write
 clean
1F0000
unkown
page read and write
 clean
88A4000
unkown
page readonly
 clean
300000
unkown
page readonly
 clean
58C000
unkown
page readonly
 clean
54EB000
unkown
page read and write
 clean
47B0000
unkown
page read and write
 clean
9D0A000
stack
page read and write
 clean
7987000
unkown
page read and write
 clean
69DB000
unkown
page read and write
 clean
2B0000
heap private
page read and write
 clean
292000
unkown
page read and write
 clean
5C10000
heap private
page read and write
 clean
72BA000
unkown
page read and write
 clean
6AA5000
unkown
page read and write
 clean
9A0000
unkown
page read and write
 clean
500000
heap private
page execute and read and write
 clean
2CB000
unkown
page execute and read and write
 clean
6C4C000
unkown
page read and write
 clean
7F0000
unkown
page read and write
 clean
3AE000
unkown
page read and write
 clean
6A48000
unkown
page read and write
 clean
390000
unkown
page read and write
 clean
4DE0000
unkown
page read and write
 clean
6C38000
unkown
page read and write
 clean
5640000
unkown
page read and write
 clean
272000
unkown
page execute and read and write
 clean
2C2000
unkown
page read and write
 clean
2C7000
unkown
page execute and read and write
 clean
7E0000
unkown
page readonly
 clean
692E000
unkown
page read and write
 clean
6A8B000
unkown
page read and write
 clean
395000
unkown
page read and write
 clean
561000
unkown
page read and write
 clean
A20000
unkown
page read and write
 clean
6615000
heap private
page read and write
 clean
50D2000
unkown
page read and write
 clean
6E12000
unkown
page read and write
 clean
180000
unkown
page readonly
 clean
F0000
unkown
page read and write
 clean
6A6C000
unkown
page read and write
 clean
8F87000
unkown
page readonly
 clean
8625000
unkown
page readonly
 clean
2D7000
unkown
page execute and read and write
 clean
53AC000
heap private
page read and write
 clean
600000
heap default
page read and write
 clean
12A000
unkown
page read and write
 clean
3531000
unkown
page read and write
 clean
53E6000
unkown
page read and write
 clean
53E9000
unkown
page read and write
 clean
282000
unkown
page execute and read and write
 clean
6A06000
unkown
page read and write
 clean
68D4000
unkown
page read and write
 clean
50E6000
unkown
page read and write
 clean
50A2000
unkown
page read and write
 clean
3510000
unkown
page read and write
 clean
6A4C000
unkown
page read and write
 clean
66EF000
unkown
page read and write
 clean
9FE000
unkown
page read and write
 clean
462D000
stack
page read and write
 clean
ED0000
unkown
page read and write
 clean
4FB000
heap default
page read and write
 clean
3A0000
heap default
page read and write
 clean
6A7D000
unkown
page read and write
 clean
68E6000
unkown
page read and write
 clean
390000
unkown
page read and write
 clean
5640000
unkown
page read and write
 clean
7706000
unkown
page readonly
 clean
2104000
heap private
page read and write
 clean
673E000
unkown
page read and write
 clean
2F0000
unkown
page read and write
 clean
6620000
unkown
page read and write
 clean
3A6000
unkown
page read and write
 clean
C70000
unkown
page readonly
 clean
5FFE000
stack
page read and write
 clean
4F9F000
unkown
page read and write
 clean
2584000
unkown
page read and write
 clean
5640000
unkown
page read and write
 clean
EE0000
unkown image
page readonly
 clean
6BCD000
unkown
page read and write
 clean
3AE000
unkown
page read and write
 clean
47FC000
unkown
page read and write
 clean
A70000
unkown
page read and write
 clean
4850000
unkown
page readonly
 clean
64D1000
unkown
page read and write
 clean
5079000
unkown
page read and write
 clean
72D0000
unkown
page read and write
 clean
2CA000
unkown
page execute and read and write
 clean
69DE000
unkown
page read and write
 clean
54A0000
unkown
page read and write
 clean
881B000
unkown
page readonly
 clean
595E000
unkown
page read and write
 clean
297000
unkown
page execute and read and write
 clean
4FEE000
stack
page read and write
 clean
4710000
unkown
page readonly
 clean
4830000
heap private
page read and write
 clean
9F6D000
stack
page read and write
 clean
9EB000
unkown
page readonly
 clean
587000
unkown
page readonly
 clean
4700000
unkown
page readonly
 clean
AEF000
unkown
page read and write
 clean
E10000
unkown
page readonly
 clean
820000
heap private
page read and write
 clean
981E000
stack
page read and write
 clean
882E000
unkown
page readonly
 clean
639E000
unkown
page read and write
 clean
BAE000
unkown
page read and write
 clean
7736000
unkown
page readonly
 clean
5640000
unkown
page read and write
 clean
36A7000
unkown
page read and write
 clean
618C000
unkown
page read and write
 clean
74B2000
unkown
page readonly
 clean
2B2000
unkown
page read and write
 clean
120000
heap default
page read and write
 clean
580000
unkown
page readonly
 clean
80000
heap default
page read and write
 clean
72D7000
unkown
page read and write
 clean
6A4E000
unkown
page read and write
 clean
6779000
unkown
page read and write
 clean
400000
unkown
page execute and read and write
 clean
569E000
unkown
page read and write
 clean
54A6000
unkown
page read and write
 clean
A70000
unkown
page read and write
 clean
681F000
unkown
page read and write
 clean
4600000
unkown
page readonly
 clean
7035000
unkown
page read and write
 clean
There are 718 hidden memdumps, click here to show them.