IOC Report
ygm2mXUReY.exe

loading gif

Files

File Path
Type
Category
Malicious
ygm2mXUReY.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\ProgramData\MPGPH131\MPGPH131.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\SZDEAvOWuc1j5blWLO4H6aA.zip
Zip archive data, at least v2.0 to extract, compression method=deflate
modified
 malicious
C:\Users\user\AppData\Local\Temp\dxTuy4jPkMDKvqGzbwvO8nc.zip
Zip archive data, at least v2.0 to extract, compression method=deflate
modified
 malicious
C:\ProgramData\MPGPH131\MPGPH131.exe:Zone.Identifier
ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MPGPH131.exe_1695d586fe6dcb3fc26aa419f17677af41dbbd72_05789ee0_11df57f9-a911-4a76-ad6c-3fa73011ab48\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MPGPH131.exe_1695d586fe6dcb3fc26aa419f17677af41dbbd72_05789ee0_312dbc34-0135-4795-993d-44365049eb94\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MPGPH131.exe_1695d586fe6dcb3fc26aa419f17677af41dbbd72_05789ee0_3d419301-bf8a-4dc3-ab87-97d54a9e0356\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MPGPH131.exe_1695d586fe6dcb3fc26aa419f17677af41dbbd72_05789ee0_457182eb-5933-493a-bcc4-dd0068772e19\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
modified
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MPGPH131.exe_1695d586fe6dcb3fc26aa419f17677af41dbbd72_05789ee0_64aa4c50-a1b6-477f-81c5-7c1101021e37\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MPGPH131.exe_1695d586fe6dcb3fc26aa419f17677af41dbbd72_05789ee0_782df4d4-a9ed-4ef0-9c2b-b94a67192a7b\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
modified
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MPGPH131.exe_1695d586fe6dcb3fc26aa419f17677af41dbbd72_05789ee0_7ac4df01-ceba-4e94-89d2-844c94f59c45\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MPGPH131.exe_1695d586fe6dcb3fc26aa419f17677af41dbbd72_05789ee0_9507a248-5cec-477c-965b-79a1daac08d5\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MPGPH131.exe_1695d586fe6dcb3fc26aa419f17677af41dbbd72_05789ee0_b4010589-7351-456c-928a-338198f9d087\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_ygm2mXUReY.exe_65396d3389e0d0bfd23059c0a7ad776d4579bbf9_66eab1d0_231ce3d8-5135-43dc-a832-9839be86e7db\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_ygm2mXUReY.exe_65396d3389e0d0bfd23059c0a7ad776d4579bbf9_66eab1d0_2bf57861-c4ef-4b8b-97e9-ae95bb3c92d5\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_ygm2mXUReY.exe_65396d3389e0d0bfd23059c0a7ad776d4579bbf9_66eab1d0_31ad85ba-b8f8-437e-acc5-4874b249f007\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_ygm2mXUReY.exe_65396d3389e0d0bfd23059c0a7ad776d4579bbf9_66eab1d0_462ceb47-b992-432d-8264-7ff329454d6f\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_ygm2mXUReY.exe_65396d3389e0d0bfd23059c0a7ad776d4579bbf9_66eab1d0_793f1f16-da2c-4abb-bbfb-a3182d08cc53\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_ygm2mXUReY.exe_65396d3389e0d0bfd23059c0a7ad776d4579bbf9_66eab1d0_846b0825-30d1-4e15-a1b5-b4019b8a9ef3\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_ygm2mXUReY.exe_65396d3389e0d0bfd23059c0a7ad776d4579bbf9_66eab1d0_9c2ce2f8-bddb-4357-b487-46476e6771ba\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8BF6.tmp.dmp
Mini DuMP crash report, 15 streams, Sun Apr 21 23:52:54 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8D6E.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8DBD.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER93A7.tmp.dmp
Mini DuMP crash report, 15 streams, Sun Apr 21 23:52:55 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9473.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9493.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9656.tmp.dmp
Mini DuMP crash report, 15 streams, Sun Apr 21 23:52:56 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9732.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9752.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9954.tmp.dmp
Mini DuMP crash report, 15 streams, Sun Apr 21 23:52:57 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9A01.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9A40.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9CDE.tmp.dmp
Mini DuMP crash report, 15 streams, Sun Apr 21 23:52:58 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9DE8.tmp.dmp
Mini DuMP crash report, 15 streams, Sun Apr 21 23:52:58 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9E36.tmp.dmp
Mini DuMP crash report, 15 streams, Sun Apr 21 23:52:58 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9F02.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9F60.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9F61.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9F6F.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9F90.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9FAF.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA376.tmp.dmp
Mini DuMP crash report, 15 streams, Sun Apr 21 23:52:59 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA451.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA481.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA5D7.tmp.dmp
Mini DuMP crash report, 15 streams, Sun Apr 21 23:53:00 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA720.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA7BB.tmp.dmp
Mini DuMP crash report, 15 streams, Sun Apr 21 23:53:01 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA7CB.tmp.dmp
Mini DuMP crash report, 15 streams, Sun Apr 21 23:53:01 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA82B.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA924.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA953.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA973.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA983.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERACBD.tmp.dmp
Mini DuMP crash report, 15 streams, Sun Apr 21 23:53:02 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAD98.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERADD6.tmp.dmp
Mini DuMP crash report, 15 streams, Sun Apr 21 23:53:02 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAE16.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAE73.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAEC2.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB141.tmp.dmp
Mini DuMP crash report, 15 streams, Sun Apr 21 23:53:03 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB1DD.tmp.dmp
Mini DuMP crash report, 15 streams, Sun Apr 21 23:53:03 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB21D.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB25C.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB365.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB395.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB577.tmp.dmp
Mini DuMP crash report, 15 streams, Sun Apr 21 23:53:04 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB662.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB6C1.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\RageMP131\RageMP131.exe:Zone.Identifier
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\rage131MP.tmp
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\span6AEw0M_IhkGZ\02zdBXl47cvzcookies.sqlite
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\span6AEw0M_IhkGZ\10Pc6utWIKvPCookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Temp\span6AEw0M_IhkGZ\3aqhlGTkMf6CWeb Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\span6AEw0M_IhkGZ\3b6N2Xdh3CYwplaces.sqlite
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\span6AEw0M_IhkGZ\5ubzGmjuGMGiHistory
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\span6AEw0M_IhkGZ\BvIYddkfIBauLogin Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\span6AEw0M_IhkGZ\D87fZN3R3jFeplaces.sqlite
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\span6AEw0M_IhkGZ\GSrU6tJI5jqdCookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Temp\span6AEw0M_IhkGZ\HiTDZbYl7tFjWeb Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\span6AEw0M_IhkGZ\KmAexCJkC4ggHistory
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\span6AEw0M_IhkGZ\MRFQeKpv_Q9HLogin Data For Account
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\span6AEw0M_IhkGZ\OQfY1gqQGgq8History
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\span6AEw0M_IhkGZ\V5xRcDusXlIgWeb Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Temp\span6AEw0M_IhkGZ\cLPMQEK1PaWPHistory
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\span6AEw0M_IhkGZ\oqeZ8c0GMjOkWeb Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\span6AEw0M_IhkGZ\u7JVJIshcVUFLogin Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\span6AEw0M_IhkGZ\u95tGpwZki_XWeb Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Temp\span6AEw0M_IhkGZ\vJBq_maU8UdXWeb Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Temp\spanpFpfdi9cVY05\02zdBXl47cvzcookies.sqlite
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\spanpFpfdi9cVY05\22YOafS9AuarWeb Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\spanpFpfdi9cVY05\3b6N2Xdh3CYwplaces.sqlite
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\spanpFpfdi9cVY05\6XPTC_VuRvwAWeb Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\spanpFpfdi9cVY05\9RXV5dQHO6wdWeb Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Temp\spanpFpfdi9cVY05\AZa26iW7YyBCHistory
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\spanpFpfdi9cVY05\CmUnb0IC2w59History
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\spanpFpfdi9cVY05\D87fZN3R3jFeplaces.sqlite
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\spanpFpfdi9cVY05\D_PqPMh3t76fLogin Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\spanpFpfdi9cVY05\FsARZr9gVanTWeb Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Temp\spanpFpfdi9cVY05\MEClXgzFtw3WCookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Temp\spanpFpfdi9cVY05\NdZrHbm08IDPWeb Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\spanpFpfdi9cVY05\TMHi1BjWgM9QLogin Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\spanpFpfdi9cVY05\dZAi4cbdogK5History
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\spanpFpfdi9cVY05\e1b5ormmlkNOLogin Data For Account
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\spanpFpfdi9cVY05\ftgPJeedzDWiWeb Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Temp\spanpFpfdi9cVY05\qdnEfTd8VGDBCookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Temp\spanpFpfdi9cVY05\wlp36kFa8_U7History
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\trixy6AEw0M_IhkGZ\Cookies\Chrome_Default.txt
ASCII text, with very long lines (369), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\trixy6AEw0M_IhkGZ\information.txt
ASCII text, with CRLF, LF line terminators
dropped
C:\Users\user\AppData\Local\Temp\trixy6AEw0M_IhkGZ\passwords.txt
Unicode text, UTF-8 text, with CRLF, LF line terminators
dropped
C:\Users\user\AppData\Local\Temp\trixypFpfdi9cVY05\Cookies\Chrome_Default.txt
ASCII text, with very long lines (369), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\trixypFpfdi9cVY05\information.txt
ASCII text, with CRLF, LF line terminators
dropped
C:\Users\user\AppData\Local\Temp\trixypFpfdi9cVY05\passwords.txt
Unicode text, UTF-8 text, with CRLF, LF line terminators
dropped
C:\Windows\appcompat\Programs\Amcache.hve
MS Windows registry file, NT/2000 or above
dropped
There are 105 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\ygm2mXUReY.exe
"C:\Users\user\Desktop\ygm2mXUReY.exe"
 malicious
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
 malicious
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST
 malicious
C:\ProgramData\MPGPH131\MPGPH131.exe
C:\ProgramData\MPGPH131\MPGPH131.exe
 malicious
C:\ProgramData\MPGPH131\MPGPH131.exe
C:\ProgramData\MPGPH131\MPGPH131.exe
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 796
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 952
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 984
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 992
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 1056
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 800
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 736 -s 772
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 1380
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 736 -s 896
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 1388
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 912
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 736 -s 900
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 916
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 736 -s 912
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 948
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 736 -s 1100
There are 13 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://193.233.132.167/cost/lenin.exe
unknown
 malicious
https://duckduckgo.com/chrome_newtab
unknown
https://duckduckgo.com/ac/?q=
unknown
http://193.233.132.167/cost/lenin.exeepro
unknown
http://193.233.132.167/cost/go.exeadka.ex
unknown
http://147.45.47.102:57893/hera/amadka.exe
unknown
https://db-ip.com/
unknown
http://147.45.47.102:57893/hera/amadka.exe&
unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
https://t.me/RiseProSUPPORTd
unknown
https://t.me/risepro_bot~Fxt
unknown
https://ipinfo.io/Content-Type:
unknown
http://193.233.132.167/cost/go.exe.52
unknown
http://193.233.132.167/cost/go.exe
unknown
https://ipinfo.io/widget/demo/81.181.57.52e
unknown
https://t.me/risepro_bot-
unknown
https://t.me/RiseProSUPPORTV
unknown
https://db-ip.com/dx
unknown
https://ipinfo.io:443/widget/demo/81.181.57.52
unknown
https://db-ip.com/demo/home.php?s=81.181.57.52U
unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
unknown
https://ipinfo.io/l
unknown
https://t.me/risepro_bot9
unknown
https://t.me/risepro_botrisepro
unknown
http://193.233.132.167/cost/lenin.exe0
unknown
https://db-ip.com:443/demo/home.php?s=81.181.57.52
unknown
https://ipinfo.io:443/widget/demo/81.181.57.52(
unknown
http://www.winimage.com/zLibD
unknown
https://db-ip.com/demo/home.php?s=81.181.57.52?F
unknown
http://193.233.132.167/cost/go.exeda1t
unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
unknown
http://193.233.132.167/cost/go.exeate
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
https://ipinfo.io/widget/demo/81.181.57.52=J
unknown
http://upx.sf.net
unknown
https://t.me/RiseProSUPPORT
unknown
https://t.me/risepro_bot6F
unknown
https://www.ecosia.org/newtab/
unknown
https://ipinfo.io/Mozilla/5.0
unknown
https://ipinfo.io/widget/demo/81.181.57.52
34.117.186.192
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
unknown
https://ipinfo.io/z=
unknown
http://147.45.47.102:57893/hera/amadka.exea
unknown
https://ac.ecosia.org/autocomplete?q=
unknown
https://t.me/risepro_bot
unknown
https://t.me/risepro_botl
unknown
https://ipinfo.io/
unknown
https://ipinfo.io/widget/demo/81.181.57.52a9
unknown
https://db-ip.com/demo/home.php?s=81.181.57.52
172.67.75.166
https://www.maxmind.com/en/locate-my-ip-address
unknown
http://193.233.132.167/cost/lenin.exeoina
unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
unknown
http://www.winimage.com/zLibDll
unknown
https://support.mozilla.org
unknown
https://ipinfo.io/rb
unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
unknown
https://ipinfo.io:443/widget/demo/81.181.57.52?
unknown
http://147.45.47.102:57893/hera/amadka.exeA
unknown
There are 48 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
ipinfo.io
34.117.186.192
db-ip.com
172.67.75.166

IPs

IP
Domain
Country
Malicious
147.45.47.93
unknown
Russian Federation
malicious
34.117.186.192
ipinfo.io
United States
172.67.75.166
db-ip.com
United States

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RageMP131
\REGISTRY\A\{56713270-0b32-9c48-947c-d1f5a099c8a2}\Root\InventoryApplicationFile\ygm2mxurey.exe|51024affd5a601d
ProgramId
\REGISTRY\A\{56713270-0b32-9c48-947c-d1f5a099c8a2}\Root\InventoryApplicationFile\ygm2mxurey.exe|51024affd5a601d
FileId
\REGISTRY\A\{56713270-0b32-9c48-947c-d1f5a099c8a2}\Root\InventoryApplicationFile\ygm2mxurey.exe|51024affd5a601d
LowerCaseLongPath
\REGISTRY\A\{56713270-0b32-9c48-947c-d1f5a099c8a2}\Root\InventoryApplicationFile\ygm2mxurey.exe|51024affd5a601d
LongPathHash
\REGISTRY\A\{56713270-0b32-9c48-947c-d1f5a099c8a2}\Root\InventoryApplicationFile\ygm2mxurey.exe|51024affd5a601d
Name
\REGISTRY\A\{56713270-0b32-9c48-947c-d1f5a099c8a2}\Root\InventoryApplicationFile\ygm2mxurey.exe|51024affd5a601d
OriginalFileName
\REGISTRY\A\{56713270-0b32-9c48-947c-d1f5a099c8a2}\Root\InventoryApplicationFile\ygm2mxurey.exe|51024affd5a601d
Publisher
\REGISTRY\A\{56713270-0b32-9c48-947c-d1f5a099c8a2}\Root\InventoryApplicationFile\ygm2mxurey.exe|51024affd5a601d
Version
\REGISTRY\A\{56713270-0b32-9c48-947c-d1f5a099c8a2}\Root\InventoryApplicationFile\ygm2mxurey.exe|51024affd5a601d
BinFileVersion
\REGISTRY\A\{56713270-0b32-9c48-947c-d1f5a099c8a2}\Root\InventoryApplicationFile\ygm2mxurey.exe|51024affd5a601d
BinaryType
\REGISTRY\A\{56713270-0b32-9c48-947c-d1f5a099c8a2}\Root\InventoryApplicationFile\ygm2mxurey.exe|51024affd5a601d
ProductName
\REGISTRY\A\{56713270-0b32-9c48-947c-d1f5a099c8a2}\Root\InventoryApplicationFile\ygm2mxurey.exe|51024affd5a601d
ProductVersion
\REGISTRY\A\{56713270-0b32-9c48-947c-d1f5a099c8a2}\Root\InventoryApplicationFile\ygm2mxurey.exe|51024affd5a601d
LinkDate
\REGISTRY\A\{56713270-0b32-9c48-947c-d1f5a099c8a2}\Root\InventoryApplicationFile\ygm2mxurey.exe|51024affd5a601d
BinProductVersion
\REGISTRY\A\{56713270-0b32-9c48-947c-d1f5a099c8a2}\Root\InventoryApplicationFile\ygm2mxurey.exe|51024affd5a601d
AppxPackageFullName
\REGISTRY\A\{56713270-0b32-9c48-947c-d1f5a099c8a2}\Root\InventoryApplicationFile\ygm2mxurey.exe|51024affd5a601d
AppxPackageRelativeId
\REGISTRY\A\{56713270-0b32-9c48-947c-d1f5a099c8a2}\Root\InventoryApplicationFile\ygm2mxurey.exe|51024affd5a601d
Size
\REGISTRY\A\{56713270-0b32-9c48-947c-d1f5a099c8a2}\Root\InventoryApplicationFile\ygm2mxurey.exe|51024affd5a601d
Language
\REGISTRY\A\{56713270-0b32-9c48-947c-d1f5a099c8a2}\Root\InventoryApplicationFile\ygm2mxurey.exe|51024affd5a601d
Usn
\REGISTRY\A\{306a1106-7a0e-4bed-ad51-900a08191a02}\Root\InventoryApplicationFile\mpgph131.exe|9aac11c6f9321563
ProgramId
\REGISTRY\A\{306a1106-7a0e-4bed-ad51-900a08191a02}\Root\InventoryApplicationFile\mpgph131.exe|9aac11c6f9321563
FileId
\REGISTRY\A\{306a1106-7a0e-4bed-ad51-900a08191a02}\Root\InventoryApplicationFile\mpgph131.exe|9aac11c6f9321563
LowerCaseLongPath
\REGISTRY\A\{306a1106-7a0e-4bed-ad51-900a08191a02}\Root\InventoryApplicationFile\mpgph131.exe|9aac11c6f9321563
LongPathHash
\REGISTRY\A\{306a1106-7a0e-4bed-ad51-900a08191a02}\Root\InventoryApplicationFile\mpgph131.exe|9aac11c6f9321563
Name
\REGISTRY\A\{306a1106-7a0e-4bed-ad51-900a08191a02}\Root\InventoryApplicationFile\mpgph131.exe|9aac11c6f9321563
OriginalFileName
\REGISTRY\A\{306a1106-7a0e-4bed-ad51-900a08191a02}\Root\InventoryApplicationFile\mpgph131.exe|9aac11c6f9321563
Publisher
\REGISTRY\A\{306a1106-7a0e-4bed-ad51-900a08191a02}\Root\InventoryApplicationFile\mpgph131.exe|9aac11c6f9321563
Version
\REGISTRY\A\{306a1106-7a0e-4bed-ad51-900a08191a02}\Root\InventoryApplicationFile\mpgph131.exe|9aac11c6f9321563
BinFileVersion
\REGISTRY\A\{306a1106-7a0e-4bed-ad51-900a08191a02}\Root\InventoryApplicationFile\mpgph131.exe|9aac11c6f9321563
BinaryType
\REGISTRY\A\{306a1106-7a0e-4bed-ad51-900a08191a02}\Root\InventoryApplicationFile\mpgph131.exe|9aac11c6f9321563
ProductName
\REGISTRY\A\{306a1106-7a0e-4bed-ad51-900a08191a02}\Root\InventoryApplicationFile\mpgph131.exe|9aac11c6f9321563
ProductVersion
\REGISTRY\A\{306a1106-7a0e-4bed-ad51-900a08191a02}\Root\InventoryApplicationFile\mpgph131.exe|9aac11c6f9321563
LinkDate
\REGISTRY\A\{306a1106-7a0e-4bed-ad51-900a08191a02}\Root\InventoryApplicationFile\mpgph131.exe|9aac11c6f9321563
BinProductVersion
\REGISTRY\A\{306a1106-7a0e-4bed-ad51-900a08191a02}\Root\InventoryApplicationFile\mpgph131.exe|9aac11c6f9321563
AppxPackageFullName
\REGISTRY\A\{306a1106-7a0e-4bed-ad51-900a08191a02}\Root\InventoryApplicationFile\mpgph131.exe|9aac11c6f9321563
AppxPackageRelativeId
\REGISTRY\A\{306a1106-7a0e-4bed-ad51-900a08191a02}\Root\InventoryApplicationFile\mpgph131.exe|9aac11c6f9321563
Size
\REGISTRY\A\{306a1106-7a0e-4bed-ad51-900a08191a02}\Root\InventoryApplicationFile\mpgph131.exe|9aac11c6f9321563
Language
\REGISTRY\A\{306a1106-7a0e-4bed-ad51-900a08191a02}\Root\InventoryApplicationFile\mpgph131.exe|9aac11c6f9321563
Usn
There are 29 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
8DD8000
heap
page read and write
 malicious
430C000
heap
page read and write
 malicious
430B000
heap
page read and write
 malicious
8E04000
heap
page read and write
 malicious
430B000
heap
page read and write
 malicious
435E000
heap
page read and write
 malicious
430B000
heap
page read and write
 malicious
8E08000
heap
page read and write
 malicious
8E23000
heap
page read and write
44DB000
heap
page read and write
8DFA000
heap
page read and write
8F71000
heap
page read and write
9013000
heap
page read and write
9160000
trusted library allocation
page read and write
901B000
heap
page read and write
3340000
heap
page read and write
44DB000
heap
page read and write
901A000
heap
page read and write
43DC000
heap
page read and write
8E97000
heap
page read and write
9B000
stack
page read and write
9025000
heap
page read and write
8E20000
heap
page read and write
8E96000
heap
page read and write
901A000
heap
page read and write
901E000
heap
page read and write
8E34000
heap
page read and write
40D6000
unkown
page read and write
8E96000
heap
page read and write
8E25000
heap
page read and write
8E4A000
heap
page read and write
8E29000
heap
page read and write
44DB000
heap
page read and write
8DF9000
heap
page read and write
8E24000
heap
page read and write
8E0F000
heap
page read and write
42E9000
heap
page read and write
8F90000
heap
page read and write
6170000
direct allocation
page execute and read and write
8F9D000
heap
page read and write
2A3E000
stack
page read and write
92F5000
heap
page read and write
8E1B000
heap
page read and write
8F88000
heap
page read and write
4371000
heap
page read and write
8E45000
heap
page read and write
8FA2000
heap
page read and write
9150000
trusted library allocation
page read and write
9150000
trusted library allocation
page read and write
8E68000
heap
page read and write
8EDC000
heap
page read and write
9160000
trusted library allocation
page read and write
8E43000
heap
page read and write
40D8000
unkown
page readonly
6060000
direct allocation
page execute and read and write
8DF5000
heap
page read and write
8EDD000
heap
page read and write
907D000
heap
page read and write
61B0000
heap
page read and write
901F000
heap
page read and write
923C000
heap
page read and write
44DB000
heap
page read and write
446A000
heap
page read and write
8FB4000
heap
page read and write
8F90000
heap
page read and write
2E3E000
unkown
page read and write
8E77000
heap
page read and write
44DB000
heap
page read and write
8FEE000
heap
page read and write
9171000
heap
page read and write
8DF1000
heap
page read and write
8E49000
heap
page read and write
41E000
unkown
page write copy
8E1F000
heap
page read and write
9160000
trusted library allocation
page read and write
900E000
heap
page read and write
442E000
heap
page read and write
9170000
trusted library allocation
page read and write
8E44000
heap
page read and write
8F85000
heap
page read and write
8FCE000
heap
page read and write
8E77000
heap
page read and write
8F71000
heap
page read and write
8F81000
heap
page read and write
8F71000
heap
page read and write
8E23000
heap
page read and write
8E97000
heap
page read and write
8E0F000
heap
page read and write
4435000
heap
page read and write
4348000
heap
page read and write
9236000
heap
page read and write
8F72000
heap
page read and write
2B1D000
stack
page read and write
8E05000
heap
page read and write
8E97000
heap
page read and write
8DFF000
heap
page read and write
619D000
stack
page read and write
8E05000
heap
page read and write
86CD000
stack
page read and write
44E1000
heap
page read and write
8DFD000
heap
page read and write
8E96000
heap
page read and write
87E0000
remote allocation
page read and write
8F71000
heap
page read and write
852E000
stack
page read and write
2B37000
heap
page read and write
902A000
heap
page read and write
8F80000
heap
page read and write
4371000
heap
page read and write
8E97000
heap
page read and write
902A000
heap
page read and write
8DFF000
heap
page read and write
4371000
heap
page read and write
8E23000
heap
page read and write
8EE4000
heap
page read and write
42BD000
heap
page read and write
8E96000
heap
page read and write
8F89000
heap
page read and write
8E1F000
heap
page read and write
8DF2000
heap
page read and write
8E12000
heap
page read and write
8E36000
heap
page read and write
8E0F000
heap
page read and write
8E23000
heap
page read and write
8E28000
heap
page read and write
8E3F000
heap
page read and write
57D000
stack
page read and write
922F000
heap
page read and write
8E25000
heap
page read and write
8FE2000
heap
page read and write
46C0000
heap
page read and write
8DF5000
heap
page read and write
84DD000
stack
page read and write
8DFD000
heap
page read and write
83ED000
stack
page read and write
593000
unkown
page execute and read and write
4640000
heap
page read and write
616D000
direct allocation
page execute and read and write
900E000
heap
page read and write
4230000
heap
page read and write
8FA2000
heap
page read and write
8E0D000
heap
page read and write
902A000
heap
page read and write
902A000
heap
page read and write
8E19000
heap
page read and write
9025000
heap
page read and write
1F0000
heap
page read and write
197000
stack
page read and write
60D0000
direct allocation
page read and write
42AC000
heap
page read and write
8DFA000
heap
page read and write
8E3A000
heap
page read and write
9170000
trusted library allocation
page read and write
8ED1000
heap
page read and write
8E24000
heap
page read and write
9025000
heap
page read and write
8E24000
heap
page read and write
901A000
heap
page read and write
8FB2000
heap
page read and write
917D000
heap
page read and write
41E000
unkown
page write copy
8F8D000
heap
page read and write
40F0000
heap
page read and write
901B000
heap
page read and write
8E17000
heap
page read and write
900F000
heap
page read and write
8E36000
heap
page read and write
444B000
heap
page read and write
8E42000
heap
page read and write
444A000
heap
page read and write
41B0000
heap
page read and write
401000
unkown
page execute read
8B6D000
stack
page read and write
8E1F000
heap
page read and write
99B1000
heap
page read and write
81AD000
stack
page read and write
8E0F000
heap
page read and write
8E2F000
heap
page read and write
8E39000
heap
page read and write
8F8A000
heap
page read and write
8FDE000
heap
page read and write
8F90000
heap
page read and write
8F9D000
heap
page read and write
8E77000
heap
page read and write
924A000
heap
page read and write
8E96000
heap
page read and write
8F72000
heap
page read and write
9150000
trusted library allocation
page read and write
8E24000
heap
page read and write
9032000
heap
page read and write
8E0D000
heap
page read and write
917F000
heap
page read and write
8E5B000
heap
page read and write
8E97000
heap
page read and write
87F0000
remote allocation
page read and write
8F8F000
heap
page read and write
87E0000
remote allocation
page read and write
8E96000
heap
page read and write
8FB2000
heap
page read and write
8DF9000
heap
page read and write
9028000
heap
page read and write
8E5A000
heap
page read and write
8F71000
heap
page read and write
8F83000
heap
page read and write
8E17000
heap
page read and write
8ED9000
heap
page read and write
8E23000
heap
page read and write
4348000
heap
page read and write
917D000
heap
page read and write
8E0D000
heap
page read and write
4348000
heap
page read and write
8E17000
heap
page read and write
8E25000
heap
page read and write
8DE1000
heap
page read and write
8E19000
heap
page read and write
8EDC000
heap
page read and write
8F8A000
heap
page read and write
428E000
heap
page read and write
82AE000
stack
page read and write
8E63000
heap
page read and write
8E27000
heap
page read and write
8E0D000
heap
page read and write
8E19000
heap
page read and write
4350000
heap
page read and write
8E33000
heap
page read and write
9150000
trusted library allocation
page read and write
82ED000
stack
page read and write
87F0000
remote allocation
page read and write
8F71000
heap
page read and write
9018000
heap
page read and write
8DFA000
heap
page read and write
61E9000
heap
page read and write
8E5A000
heap
page read and write
8E97000
heap
page read and write
8E0D000
heap
page read and write
43A1000
heap
page read and write
437A000
heap
page read and write
8E1F000
heap
page read and write
8DF6000
heap
page read and write
8E1F000
heap
page read and write
9150000
trusted library allocation
page read and write
900E000
heap
page read and write
401000
unkown
page execute read
620000
heap
page read and write
8E0F000
heap
page read and write
8E0D000
heap
page read and write
8E6F000
heap
page read and write
9186000
heap
page read and write
8FEE000
heap
page read and write
8F71000
heap
page read and write
8E23000
heap
page read and write
8E48000
heap
page read and write
9150000
trusted library allocation
page read and write
901A000
heap
page read and write
43C3000
heap
page read and write
42CB000
heap
page read and write
8E1F000
heap
page read and write
8E25000
heap
page read and write
8E42000
heap
page read and write
901A000
heap
page read and write
9032000
heap
page read and write
45EF000
stack
page read and write
4420000
heap
page read and write
8FD6000
heap
page read and write
435A000
heap
page read and write
9160000
trusted library allocation
page read and write
9170000
heap
page read and write
907E000
heap
page read and write
8E17000
heap
page read and write
1F0000
heap
page read and write
9150000
trusted library allocation
page read and write
8E97000
heap
page read and write
8E1F000
heap
page read and write
87E0000
remote allocation
page read and write
8E96000
heap
page read and write
8E17000
heap
page read and write
8E32000
heap
page read and write
8DDB000
heap
page read and write
8E23000
heap
page read and write
900E000
heap
page read and write
917F000
heap
page read and write
400000
unkown
page readonly
8E25000
heap
page read and write
8E1F000
heap
page read and write
844D000
stack
page read and write
9018000
heap
page read and write
8E17000
heap
page read and write
454F000
stack
page read and write
4240000
heap
page read and write
9160000
trusted library allocation
page read and write
8FA6000
heap
page read and write
92F4000
heap
page read and write
44DB000
heap
page read and write
8DFB000
heap
page read and write
8C6E000
stack
page read and write
8DF5000
heap
page read and write
4197000
heap
page read and write
8E96000
heap
page read and write
2BD0000
heap
page read and write
44D3000
heap
page read and write
8E96000
heap
page read and write
9018000
heap
page read and write
4348000
heap
page read and write
8E30000
heap
page read and write
44DC000
heap
page read and write
410000
unkown
page readonly
42EB000
heap
page read and write
8E0A000
heap
page read and write
8E1F000
heap
page read and write
8F8A000
heap
page read and write
90BA000
heap
page read and write
8F86000
heap
page read and write
8E1F000
heap
page read and write
41FE000
stack
page read and write
9160000
trusted library allocation
page read and write
8FC3000
heap
page read and write
8E59000
heap
page read and write
8F8F000
heap
page read and write
593000
unkown
page execute and read and write
9021000
heap
page read and write
8FA1000
heap
page read and write
917D000
heap
page read and write
8F83000
heap
page read and write
9170000
trusted library allocation
page read and write
8E32000
heap
page read and write
2B5A000
stack
page read and write
400000
unkown
page readonly
42DF000
heap
page read and write
4325000
heap
page read and write
8E23000
heap
page read and write
9150000
trusted library allocation
page read and write
8EE2000
heap
page read and write
8E97000
heap
page read and write
8CCD000
stack
page read and write
8E19000
heap
page read and write
8FB2000
heap
page read and write
400000
unkown
page execute and read and write
418000
unkown
page write copy
9308000
heap
page read and write
9043000
heap
page read and write
99C1000
heap
page read and write
8E6F000
heap
page read and write
2FCE000
stack
page read and write
4325000
heap
page read and write
8FF5000
heap
page read and write
8E1F000
heap
page read and write
8E5C000
heap
page read and write
8DFA000
heap
page read and write
9021000
heap
page read and write
42B7000
heap
page read and write
438F000
heap
page read and write
8E23000
heap
page read and write
8EDA000
heap
page read and write
8E0F000
heap
page read and write
8E1F000
heap
page read and write
8E97000
heap
page read and write
8E24000
heap
page read and write
8E43000
heap
page read and write
8DF7000
heap
page read and write
9150000
trusted library allocation
page read and write
8E96000
heap
page read and write
473E000
heap
page read and write
46F0000
heap
page read and write
9025000
heap
page read and write
9301000
heap
page read and write
3058000
heap
page read and write
8C7E000
stack
page read and write
8E0F000
heap
page read and write
8E97000
heap
page read and write
8FA2000
heap
page read and write
43B1000
heap
page read and write
8FA6000
heap
page read and write
8E2B000
heap
page read and write
8E19000
heap
page read and write
8E96000
heap
page read and write
8E2B000
heap
page read and write
9015000
heap
page read and write
87CE000
stack
page read and write
4325000
heap
page read and write
8E97000
heap
page read and write
630000
heap
page read and write
593000
unkown
page execute and read and write
901F000
heap
page read and write
8E0D000
heap
page read and write
8E05000
heap
page read and write
901B000
heap
page read and write
9150000
trusted library allocation
page read and write
43A3000
heap
page read and write
8E77000
heap
page read and write
8E20000
heap
page read and write
87F0000
remote allocation
page read and write
8F90000
heap
page read and write
8E5A000
heap
page read and write
42D6000
heap
page read and write
8E1F000
heap
page read and write
4371000
heap
page read and write
8ED6000
heap
page read and write
901E000
heap
page read and write
8F71000
heap
page read and write
8F8C000
heap
page read and write
42B5000
heap
page read and write
8E25000
heap
page read and write
9244000
heap
page read and write
41B5000
heap
page read and write
4434000
heap
page read and write
8E24000
heap
page read and write
8E73000
heap
page read and write
43A8000
heap
page read and write
8F97000
heap
page read and write
8E25000
heap
page read and write
43AD000
heap
page read and write
4424000
heap
page read and write
8E13000
heap
page read and write
615D000
stack
page read and write
9025000
heap
page read and write
8FD6000
heap
page read and write
8E24000
heap
page read and write
8DEA000
heap
page read and write
8E28000
heap
page read and write
8E3C000
heap
page read and write
8E0F000
heap
page read and write
92D9000
heap
page read and write
8E26000
heap
page read and write
8E25000
heap
page read and write
900E000
heap
page read and write
9232000
heap
page read and write
8E3B000
heap
page read and write
1F0000
heap
page read and write
197000
stack
page read and write
18C000
stack
page read and write
8FAF000
heap
page read and write
92FC000
heap
page read and write
44DB000
heap
page read and write
900F000
heap
page read and write
8E0D000
heap
page read and write
8E97000
heap
page read and write
464F000
stack
page read and write
9033000
heap
page read and write
901C000
heap
page read and write
8E19000
heap
page read and write
8E19000
heap
page read and write
9170000
trusted library allocation
page read and write
92FB000
heap
page read and write
43BF000
heap
page read and write
8F8A000
heap
page read and write
9032000
heap
page read and write
9014000
heap
page read and write
464F000
stack
page read and write
42B0000
heap
page read and write
8DFA000
heap
page read and write
8E24000
heap
page read and write
3050000
heap
page read and write
902E000
heap
page read and write
99C1000
heap
page read and write
8F95000
heap
page read and write
8DFF000
heap
page read and write
8E22000
heap
page read and write
5F30000
direct allocation
page execute and read and write
8E19000
heap
page read and write
8DF4000
heap
page read and write
8EE1000
heap
page read and write
8F93000
heap
page read and write
8E08000
heap
page read and write
8E28000
heap
page read and write
8E32000
heap
page read and write
8F91000
heap
page read and write
413E000
stack
page read and write
8E3B000
heap
page read and write
8E0F000
heap
page read and write
8DD0000
heap
page read and write
8E24000
heap
page read and write
4348000
heap
page read and write
922A000
heap
page read and write
8DFF000
heap
page read and write
8E39000
heap
page read and write
8E23000
heap
page read and write
9020000
heap
page read and write
8E97000
heap
page read and write
9021000
heap
page read and write
8E3D000
heap
page read and write
8E1F000
heap
page read and write
8E29000
heap
page read and write
8E4C000
heap
page read and write
923B000
heap
page read and write
4442000
heap
page read and write
8E19000
heap
page read and write
8ED5000
heap
page read and write
8DE0000
heap
page read and write
8E0F000
heap
page read and write
8E23000
heap
page read and write
8E44000
heap
page read and write
8E6F000
heap
page read and write
8E26000
heap
page read and write
4720000
heap
page read and write
8E97000
heap
page read and write
8E24000
heap
page read and write
8E37000
heap
page read and write
4393000
heap
page read and write
4348000
heap
page read and write
8EE0000
remote allocation
page read and write
43D5000
heap
page read and write
4280000
heap
page read and write
8E26000
heap
page read and write
8E25000
heap
page read and write
8E24000
heap
page read and write
8EE7000
heap
page read and write
8E0F000
heap
page read and write
8E0D000
heap
page read and write
8DF5000
heap
page read and write
8E97000
heap
page read and write
8E67000
heap
page read and write
8E19000
heap
page read and write
4380000
heap
page read and write
605D000
direct allocation
page execute and read and write
8E24000
heap
page read and write
590000
unkown
page execute and read and write
8E24000
heap
page read and write
8E1F000
heap
page read and write
410000
unkown
page readonly
9021000
heap
page read and write
903A000
heap
page read and write
436B000
heap
page read and write
400000
unkown
page readonly
9160000
trusted library allocation
page read and write
401000
unkown
page execute read
8FE2000
heap
page read and write
8E0F000
heap
page read and write
8E10000
heap
page read and write
8CAD000
stack
page read and write
8DFF000
heap
page read and write
8E1F000
heap
page read and write
8E96000
heap
page read and write
8F81000
heap
page read and write
8E1F000
heap
page read and write
8E06000
heap
page read and write
8E24000
heap
page read and write
61FC000
direct allocation
page read and write
9229000
heap
page read and write
41E000
unkown
page write copy
4410000
heap
page read and write
8DD1000
heap
page read and write
8E0F000
heap
page read and write
8E20000
heap
page read and write
9AC0000
trusted library allocation
page read and write
8ED2000
heap
page read and write
9025000
heap
page read and write
4444000
heap
page read and write
9309000
heap
page read and write
8E96000
heap
page read and write
8DFF000
heap
page read and write
8E19000
heap
page read and write
902C000
heap
page read and write
61BD000
stack
page read and write
8E10000
heap
page read and write
90F0000
heap
page read and write
8E6B000
heap
page read and write
8F10000
remote allocation
page read and write
9182000
heap
page read and write
8F90000
heap
page read and write
9150000
trusted library allocation
page read and write
9160000
trusted library allocation
page read and write
8E26000
heap
page read and write
8E0B000
heap
page read and write
625C000
direct allocation
page read and write
8E96000
heap
page read and write
868E000
stack
page read and write
8DE1000
heap
page read and write
8DE9000
heap
page read and write
854E000
stack
page read and write
9018000
heap
page read and write
9AC0000
trusted library allocation
page read and write
9025000
heap
page read and write
8F90000
heap
page read and write
8E96000
heap
page read and write
43E2000
heap
page read and write
8F70000
heap
page read and write
901A000
heap
page read and write
9315000
heap
page read and write
8E96000
heap
page read and write
9233000
heap
page read and write
930F000
heap
page read and write
9032000
heap
page read and write
8E23000
heap
page read and write
8FB4000
heap
page read and write
8DCE000
stack
page read and write
8E25000
heap
page read and write
9043000
heap
page read and write
8E19000
heap
page read and write
8F00000
remote allocation
page read and write
8E0D000
heap
page read and write
9160000
trusted library allocation
page read and write
8DE8000
heap
page read and write
8E30000
heap
page read and write
8E26000
heap
page read and write
18C000
stack
page read and write
44CF000
heap
page read and write
9047000
heap
page read and write
8DAE000
stack
page read and write
9170000
trusted library allocation
page read and write
9170000
trusted library allocation
page read and write
8E2B000
heap
page read and write
9024000
heap
page read and write
8DFA000
heap
page read and write
923C000
heap
page read and write
8F9C000
heap
page read and write
9023000
heap
page read and write
8FB4000
heap
page read and write
8DCE000
stack
page read and write
9011000
heap
page read and write
8DF5000
heap
page read and write
8E10000
heap
page read and write
90AE000
heap
page read and write
43B0000
heap
page read and write
903B000
heap
page read and write
9178000
heap
page read and write
8E96000
heap
page read and write
901B000
heap
page read and write
8ED8000
heap
page read and write
444D000
heap
page read and write
8E2B000
heap
page read and write
4371000
heap
page read and write
92E8000
heap
page read and write
8E25000
heap
page read and write
9025000
heap
page read and write
8DD5000
heap
page read and write
902A000
heap
page read and write
8DF8000
heap
page read and write
428A000
heap
page read and write
2760000
heap
page read and write
9170000
trusted library allocation
page read and write
8E26000
heap
page read and write
427D000
heap
page execute and read and write
8E3B000
heap
page read and write
8E1F000
heap
page read and write
8E1F000
heap
page read and write
8E6A000
heap
page read and write
842D000
stack
page read and write
4439000
heap
page read and write
8E03000
heap
page read and write
9150000
trusted library allocation
page read and write
900E000
heap
page read and write
417E000
stack
page read and write
8DF3000
heap
page read and write
901A000
heap
page read and write
8DF0000
heap
page read and write
8ED2000
heap
page read and write
40D8000
unkown
page readonly
8E27000
heap
page read and write
8E1F000
heap
page read and write
9160000
trusted library allocation
page read and write
8E23000
heap
page read and write
8E1F000
heap
page read and write
4385000
heap
page read and write
83DE000
stack
page read and write
630F000
direct allocation
page read and write
8E97000
heap
page read and write
8DFA000
heap
page read and write
18C000
stack
page read and write
8E23000
heap
page read and write
8E10000
heap
page read and write
901A000
heap
page read and write
8E4C000
heap
page read and write
8E39000
heap
page read and write
87F0000
remote allocation
page read and write
438C000
heap
page read and write
4195000
heap
page read and write
8E05000
heap
page read and write
8E23000
heap
page read and write
9226000
heap
page read and write
8E24000
heap
page read and write
43F8000
heap
page read and write
8E36000
heap
page read and write
9AC0000
trusted library allocation
page read and write
8E39000
heap
page read and write
858D000
stack
page read and write
8072000
heap
page read and write
8F71000
heap
page read and write
8E96000
heap
page read and write
8DF5000
heap
page read and write
8F9D000
heap
page read and write
9174000
heap
page read and write
8E25000
heap
page read and write
197000
stack
page read and write
611D000
stack
page read and write
8E73000
heap
page read and write
8F71000
heap
page read and write
8ED1000
heap
page read and write
8E6B000
heap
page read and write
400000
unkown
page execute and read and write
8E97000
heap
page read and write
46C3000
heap
page execute and read and write
8FDE000
heap
page read and write
904B000
heap
page read and write
9B000
stack
page read and write
8F71000
heap
page read and write
9184000
heap
page read and write
8E2F000
heap
page read and write
8E23000
heap
page read and write
4348000
heap
page read and write
9020000
heap
page read and write
423E000
stack
page read and write
6300000
heap
page read and write
2F8F000
unkown
page read and write
8FE2000
heap
page read and write
87F0000
remote allocation
page read and write
9300000
heap
page read and write
8E23000
heap
page read and write
9300000
heap
page read and write
8E33000
heap
page read and write
43EE000
heap
page read and write
8E0B000
heap
page read and write
9021000
heap
page read and write
40D8000
unkown
page readonly
42DB000
heap
page read and write
8E10000
heap
page read and write
8E96000
heap
page read and write
2A7F000
stack
page read and write
9120000
heap
page read and write
44D3000
heap
page read and write
8E18000
heap
page read and write
8DD9000
heap
page read and write
8F81000
heap
page read and write
8E05000
heap
page read and write
439D000
heap
page read and write
8E1F000
heap
page read and write
8F71000
heap
page read and write
8F94000
heap
page read and write
8FA2000
heap
page read and write
8DF4000
heap
page read and write
9230000
heap
page read and write
902A000
heap
page read and write
2B30000
heap
page read and write
8E23000
heap
page read and write
8E96000
heap
page read and write
40D6000
unkown
page read and write
9021000
heap
page read and write
8FA5000
heap
page read and write
8070000
remote allocation
page read and write
9150000
trusted library allocation
page read and write
8E45000
heap
page read and write
9150000
trusted library allocation
page read and write
8E96000
heap
page read and write
8E96000
heap
page read and write
8DFA000
heap
page read and write
8E25000
heap
page read and write
4322000
heap
page read and write
8E08000
heap
page read and write
9021000
heap
page read and write
900E000
heap
page read and write
8E97000
heap
page read and write
9025000
heap
page read and write
918D000
heap
page read and write
85DE000
stack
page read and write
8E3B000
heap
page read and write
27AE000
unkown
page read and write
8E28000
heap
page read and write
417E000
stack
page read and write
8E08000
heap
page read and write
8E42000
heap
page read and write
903A000
heap
page read and write
901B000
heap
page read and write
8E0D000
heap
page read and write
8E25000
heap
page read and write
8F71000
heap
page read and write
43EE000
heap
page read and write
8F85000
heap
page read and write
8E23000
heap
page read and write
8F81000
heap
page read and write
62D0000
heap
page read and write
443E000
heap
page read and write
8E0F000
heap
page read and write
8B7D000
stack
page read and write
9170000
trusted library allocation
page read and write
8EF0000
remote allocation
page read and write
4452000
heap
page read and write
930B000
heap
page read and write
8E17000
heap
page read and write
8F93000
heap
page read and write
8E25000
heap
page read and write
8E0B000
heap
page read and write
8F81000
heap
page read and write
5FE0000
direct allocation
page execute and read and write
8E08000
heap
page read and write
43F0000
heap
page read and write
8DFD000
heap
page read and write
8F71000
heap
page read and write
8F75000
heap
page read and write
8DDB000
heap
page read and write
8E26000
heap
page read and write
8F9F000
heap
page read and write
922D000
heap
page read and write
4477000
heap
page read and write
8E25000
heap
page read and write
8DFF000
heap
page read and write
413E000
stack
page read and write
8E63000
heap
page read and write
8DDB000
heap
page read and write
44D1000
heap
page read and write
8F71000
heap
page read and write
9021000
heap
page read and write
87F0000
remote allocation
page read and write
8E96000
heap
page read and write
8E0B000
heap
page read and write
9227000
heap
page read and write
469D000
stack
page read and write
8F72000
heap
page read and write
8FEE000
heap
page read and write
4432000
heap
page read and write
9160000
trusted library allocation
page read and write
62FD000
stack
page read and write
8E0F000
heap
page read and write
8E05000
heap
page read and write
8FA6000
heap
page read and write
8E97000
heap
page read and write
445F000
heap
page read and write
8FDE000
heap
page read and write
4446000
heap
page read and write
858D000
stack
page read and write
8F71000
heap
page read and write
8E97000
heap
page read and write
900E000
heap
page read and write
42C1000
heap
page read and write
4325000
heap
page read and write
8E1F000
heap
page read and write
43AF000
heap
page read and write
6070000
direct allocation
page read and write
300E000
stack
page read and write
900D000
heap
page read and write
8E1F000
heap
page read and write
4444000
heap
page read and write
901B000
heap
page read and write
9150000
trusted library allocation
page read and write
8E0F000
heap
page read and write
9150000
trusted library allocation
page read and write
8E17000
heap
page read and write
9B000
stack
page read and write
60C0000
direct allocation
page execute and read and write
8E7A000
heap
page read and write
8DFF000
heap
page read and write
8FD2000
heap
page read and write
9026000
heap
page read and write
46B0000
heap
page read and write
8EF0000
remote allocation
page read and write
8E23000
heap
page read and write
8E24000
heap
page read and write
8E4C000
heap
page read and write
8E05000
heap
page read and write
62BE000
stack
page read and write
43BF000
stack
page read and write
8E23000
heap
page read and write
8E23000
heap
page read and write
8EF0000
remote allocation
page read and write
9181000
heap
page read and write
9160000
trusted library allocation
page read and write
4397000
heap
page read and write
8DFF000
heap
page read and write
8F8D000
heap
page read and write
430B000
heap
page read and write
87CE000
stack
page read and write
44E1000
heap
page read and write
40D8000
unkown
page readonly
44E6000
heap
page read and write
8E36000
heap
page read and write
8E24000
heap
page read and write
8FA3000
heap
page read and write
418000
unkown
page write copy
8F71000
heap
page read and write
8E59000
heap
page read and write
8E25000
heap
page read and write
8E80000
heap
page read and write
8E97000
heap
page read and write
43E2000
heap
page read and write
9170000
heap
page read and write
86DE000
stack
page read and write
8E23000
heap
page read and write
9033000
heap
page read and write
8F95000
heap
page read and write
8E32000
heap
page read and write
4325000
heap
page read and write
8E2F000
heap
page read and write
9174000
heap
page read and write
8FB3000
heap
page read and write
901C000
heap
page read and write
44DB000
heap
page read and write
8F8E000
heap
page read and write
8E1F000
heap
page read and write
87DE000
stack
page read and write
8F71000
heap
page read and write
8E25000
heap
page read and write
8F71000
heap
page read and write
8E97000
heap
page read and write
8E97000
heap
page read and write
4445000
heap
page read and write
8DFA000
heap
page read and write
8FA2000
heap
page read and write
8F81000
heap
page read and write
8E37000
heap
page read and write
9043000
heap
page read and write
8E2F000
heap
page read and write
8DFD000
heap
page read and write
922A000
heap
page read and write
901F000
heap
page read and write
8E06000
heap
page read and write
4305000
heap
page read and write
8E0D000
heap
page read and write
43BB000
heap
page read and write
8E17000
heap
page read and write
44DC000
heap
page read and write
8E23000
heap
page read and write
8DF3000
heap
page read and write
8F81000
heap
page read and write
901B000
heap
page read and write
8E15000
heap
page read and write
9025000
heap
page read and write
8E25000
heap
page read and write
42CF000
heap
page read and write
808E000
heap
page read and write
8F71000
heap
page read and write
444C000
heap
page read and write
9170000
trusted library allocation
page read and write
8E97000
heap
page read and write
8E0D000
heap
page read and write
8E05000
heap
page read and write
8E1F000
heap
page read and write
463D000
stack
page read and write
40D6000
unkown
page read and write
9160000
trusted library allocation
page read and write
923E000
heap
page read and write
8E6B000
heap
page read and write
590000
unkown
page execute and read and write
8E38000
heap
page read and write
4450000
heap
page read and write
9160000
trusted library allocation
page read and write
8DF3000
heap
page read and write
901B000
heap
page read and write
8E0D000
heap
page read and write
8FF2000
heap
page read and write
8E1F000
heap
page read and write
917E000
heap
page read and write
8E10000
heap
page read and write
8F75000
heap
page read and write
8E4A000
heap
page read and write
8E17000
heap
page read and write
8E96000
heap
page read and write
8E96000
heap
page read and write
8F97000
heap
page read and write
9220000
heap
page read and write
8E96000
heap
page read and write
8F7F000
heap
page read and write
8E1F000
heap
page read and write
8F71000
heap
page read and write
8F81000
heap
page read and write
8E96000
heap
page read and write
8F85000
heap
page read and write
8E17000
heap
page read and write
8E2F000
heap
page read and write
8FD2000
heap
page read and write
8E97000
heap
page read and write
410000
unkown
page readonly
8E4B000
heap
page read and write
8FA0000
heap
page read and write
8E0B000
heap
page read and write
8FF4000
heap
page read and write
8F71000
heap
page read and write
8E19000
heap
page read and write
99C0000
heap
page read and write
61CD000
heap
page read and write
8DF1000
heap
page read and write
8DFF000
heap
page read and write
8E6F000
heap
page read and write
8EDB000
heap
page read and write
9150000
trusted library allocation
page read and write
8E2B000
heap
page read and write
43E2000
heap
page read and write
8E4B000
heap
page read and write
8E25000
heap
page read and write
8DFC000
heap
page read and write
8C7E000
stack
page read and write
40D8000
unkown
page readonly
931B000
heap
page read and write
42F1000
heap
page read and write
8DDB000
heap
page read and write
4435000
heap
page read and write
8F81000
heap
page read and write
8E73000
heap
page read and write
8E6B000
heap
page read and write
8E3B000
heap
page read and write
8E01000
heap
page read and write
8FA1000
heap
page read and write
8DDA000
heap
page read and write
902A000
heap
page read and write
8E4B000
heap
page read and write
8F72000
heap
page read and write
8E34000
heap
page read and write
41B7000
heap
page read and write
8E77000
heap
page read and write
9150000
trusted library allocation
page read and write
8DD8000
heap
page read and write
8DD0000
heap
page read and write
8E96000
heap
page read and write
8F81000
heap
page read and write
9223000
heap
page read and write
4656000
heap
page execute and read and write
43EE000
heap
page read and write
9043000
heap
page read and write
8E0B000
heap
page read and write
4435000
heap
page read and write
8E63000
heap
page read and write
61FF000
direct allocation
page read and write
43B9000
heap
page read and write
8E20000
heap
page read and write
40F0000
heap
page read and write
42D4000
heap
page read and write
9150000
trusted library allocation
page read and write
8E0F000
heap
page read and write
9032000
heap
page read and write
8CCD000
stack
page read and write
8E05000
heap
page read and write
8E23000
heap
page read and write
8E1F000
heap
page read and write
27EF000
unkown
page read and write
902A000
heap
page read and write
8EE7000
heap
page read and write
8FA9000
heap
page read and write
8E96000
heap
page read and write
8E59000
heap
page read and write
8DFA000
heap
page read and write
8E2F000
heap
page read and write
8E96000
heap
page read and write
8E97000
heap
page read and write
8DE6000
heap
page read and write
8E04000
heap
page read and write
8DE6000
heap
page read and write
900E000
heap
page read and write
43CA000
heap
page read and write
8E2B000
heap
page read and write
2AB0000
heap
page read and write
8E4A000
heap
page read and write
43DC000
heap
page read and write
4325000
heap
page read and write
9012000
heap
page read and write
4326000
heap
page read and write
8DF3000
heap
page read and write
8E25000
heap
page read and write
901B000
heap
page read and write
8FA6000
heap
page read and write
8E0F000
heap
page read and write
918B000
heap
page read and write
90AF000
heap
page read and write
8EE5000
heap
page read and write
60BD000
direct allocation
page execute and read and write
9230000
heap
page read and write
8F81000
heap
page read and write
8E05000
heap
page read and write
8E19000
heap
page read and write
8E3D000
heap
page read and write
8DFA000
heap
page read and write
8E17000
heap
page read and write
8FE2000
heap
page read and write
8E23000
heap
page read and write
9024000
heap
page read and write
8FB2000
heap
page read and write
8DF4000
heap
page read and write
8E1F000
heap
page read and write
4371000
heap
page read and write
901B000
heap
page read and write
8E0D000
heap
page read and write
8E97000
heap
page read and write
92FB000
heap
page read and write
8E24000
heap
page read and write
8E29000
heap
page read and write
8E17000
heap
page read and write
8E27000
heap
page read and write
92E4000
heap
page read and write
454F000
stack
page read and write
8F8A000
heap
page read and write
4710000
heap
page read and write
8FE2000
heap
page read and write
8E0D000
heap
page read and write
8F90000
heap
page read and write
8E36000
heap
page read and write
9183000
heap
page read and write
8E0D000
heap
page read and write
9150000
trusted library allocation
page read and write
92E9000
heap
page read and write
8E96000
heap
page read and write
8E96000
heap
page read and write
8E2D000
heap
page read and write
8E3B000
heap
page read and write
8E19000
heap
page read and write
90B5000
heap
page read and write
8E4C000
heap
page read and write
8E09000
heap
page read and write
9047000
heap
page read and write
8DF0000
heap
page read and write
8FA6000
heap
page read and write
868E000
stack
page read and write
8E26000
heap
page read and write
8DE8000
heap
page read and write
9079000
heap
page read and write
8E23000
heap
page read and write
8E25000
heap
page read and write
8E3C000
heap
page read and write
8F81000
heap
page read and write
4830000
heap
page read and write
8F71000
heap
page read and write
8E19000
heap
page read and write
4190000
heap
page read and write
86CD000
stack
page read and write
8DDA000
heap
page read and write
8E97000
heap
page read and write
8E96000
heap
page read and write
9150000
trusted library allocation
page read and write
418000
unkown
page write copy
5BA000
stack
page read and write
8E23000
heap
page read and write
630C000
direct allocation
page read and write
8F71000
heap
page read and write
9306000
heap
page read and write
901F000
heap
page read and write
8E34000
heap
page read and write
8E4A000
heap
page read and write
8DE4000
heap
page read and write
8E41000
heap
page read and write
8E08000
heap
page read and write
8E6B000
heap
page read and write
8DE4000
heap
page read and write
4458000
heap
page read and write
8F80000
heap
page read and write
6180000
direct allocation
page read and write
44D2000
heap
page read and write
44DB000
heap
page read and write
8F74000
heap
page read and write
8F8A000
heap
page read and write
901B000
heap
page read and write
43DD000
heap
page read and write
99B0000
heap
page read and write
92E5000
heap
page read and write
8E38000
heap
page read and write
8E24000
heap
page read and write
8DF8000
heap
page read and write
400000
unkown
page execute and read and write
8EEA000
heap
page read and write
8E6F000
heap
page read and write
8E2D000
heap
page read and write
8F81000
heap
page read and write
8E1F000
heap
page read and write
42F8000
heap
page read and write
8E25000
heap
page read and write
8F70000
heap
page read and write
4722000
heap
page read and write
9160000
trusted library allocation
page read and write
901B000
heap
page read and write
901C000
heap
page read and write
92F3000
heap
page read and write
8FC2000
heap
page read and write
9172000
heap
page read and write
8E40000
heap
page read and write
8F71000
heap
page read and write
99C0000
heap
page read and write
8F71000
heap
page read and write
625F000
direct allocation
page read and write
8E97000
heap
page read and write
8E26000
heap
page read and write
2BC0000
heap
page read and write
90EB000
heap
page read and write
901C000
heap
page read and write
8E37000
heap
page read and write
8B7D000
stack
page read and write
8E23000
heap
page read and write
8E24000
heap
page read and write
8E23000
heap
page read and write
8E1F000
heap
page read and write
8F93000
heap
page read and write
8E19000
heap
page read and write
8E0D000
heap
page read and write
8ED8000
heap
page read and write
8E54000
heap
page read and write
2E70000
heap
page read and write
901B000
heap
page read and write
900F000
heap
page read and write
590000
unkown
page execute and read and write
40D8000
unkown
page readonly
5ED0000
direct allocation
page execute and read and write
8E24000
heap
page read and write
8E06000
heap
page read and write
8DFD000
heap
page read and write
8E1F000
heap
page read and write
8E19000
heap
page read and write
4371000
heap
page read and write
8DD8000
heap
page read and write
8DD1000
heap
page read and write
840D000
stack
page read and write
8E41000
heap
page read and write
8F85000
heap
page read and write
901C000
heap
page read and write
917E000
heap
page read and write
8FE7000
heap
page read and write
8FD2000
heap
page read and write
907D000
heap
page read and write
8E24000
heap
page read and write
8E32000
heap
page read and write
8E17000
heap
page read and write
4250000
heap
page read and write
42B3000
heap
page read and write
8E97000
heap
page read and write
8DFA000
heap
page read and write
8E2B000
heap
page read and write
9239000
heap
page read and write
8F89000
heap
page read and write
8E12000
heap
page read and write
8E96000
heap
page read and write
9018000
heap
page read and write
902C000
heap
page read and write
8DFA000
heap
page read and write
There are 1205 hidden memdumps, click here to show them.