IOC Report
7rA1iX60wh.exe

loading gif

Files

File Path
Type
Category
Malicious
7rA1iX60wh.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\ProgramData\MPGPH131\MPGPH131.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\MPGPH131\MPGPH131.exe:Zone.Identifier
ASCII text, with CRLF line terminators
dropped
 malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_7rA1iX60wh.exe_511ab0be63976828f72d7f6d2841b4c9b261a31_cf8b7adb_4ffa0061-89aa-4a4c-b409-95594dce7fb0\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
 malicious
C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\RageMP131\RageMP131.exe:Zone.Identifier
ASCII text, with CRLF line terminators
dropped
 malicious
C:\Users\user\AppData\Local\Temp\SYv2wcsD2EVzcZNBuLFypWC.zip
Zip archive data, at least v2.0 to extract, compression method=deflate
modified
 malicious
C:\Users\user\AppData\Local\Temp\lw3hbkC7r6iSSxte_tz5rje.zip
Zip archive data, at least v2.0 to extract, compression method=deflate
modified
 malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MPGPH131.exe_a06fe7d5e939aa5857c5d2fe9ff4c2a9e77a88_f4fd270f_bb4cd91d-df8c-4f38-905d-2e89817ed0fa\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MPGPH131.exe_a06fe7d5e939aa5857c5d2fe9ff4c2a9e77a88_f4fd270f_c3495008-d89e-4544-998b-0fae7661c62b\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2225.tmp.dmp
Mini DuMP crash report, 15 streams, Thu Jun 20 21:32:16 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER239D.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER23CD.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2F83.tmp.dmp
Mini DuMP crash report, 15 streams, Thu Jun 20 21:32:20 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER31F5.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3225.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3242.tmp.dmp
Mini DuMP crash report, 15 streams, Thu Jun 20 21:32:20 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER332E.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER337D.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\rage131MP.tmp
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\spanfMKOdBHYvzaR\02zdBXl47cvzcookies.sqlite
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\spanfMKOdBHYvzaR\3b6N2Xdh3CYwplaces.sqlite
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\spanfMKOdBHYvzaR\D87fZN3R3jFeplaces.sqlite
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\spanfMKOdBHYvzaR\KTLvV8LpVE9pWeb Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\spanfMKOdBHYvzaR\R0S0RUVxqvyQHistory
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Temp\spanfMKOdBHYvzaR\drK5I6mZQPFzWeb Data
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\spanfMKOdBHYvzaR\fYBtN6WB2te6History
SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\spanfMKOdBHYvzaR\feyUeh_eGCc2Web Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\spanfMKOdBHYvzaR\kIQomd5yBLOGHistory
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Temp\spanfMKOdBHYvzaR\m8dScJ7a8z3ZLogin Data
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\spanfMKOdBHYvzaR\mf8AS39i8yL1Login Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\spanfMKOdBHYvzaR\ndJelY4wftoNWeb Data
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\spanfMKOdBHYvzaR\ngQhft7xiv4THistory
SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\spanfMKOdBHYvzaR\oP6Wo1scogyXCookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
dropped
C:\Users\user\AppData\Local\Temp\spanfMKOdBHYvzaR\qcOI72S8Wv9BWeb Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\spanfMKOdBHYvzaR\tzWwWCdjTGU8Web Data
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\spanfMKOdBHYvzaR\w8m6J4EPt9q1Login Data For Account
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\spanwHjf0pIE7Aqw\02zdBXl47cvzcookies.sqlite
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\spanwHjf0pIE7Aqw\2YzQt69UsAn1History
SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\spanwHjf0pIE7Aqw\3b6N2Xdh3CYwplaces.sqlite
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\spanwHjf0pIE7Aqw\7td_a9XJUaZjHistory
SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\spanwHjf0pIE7Aqw\9BQxZZWndJ0JWeb Data
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\spanwHjf0pIE7Aqw\AB89z_t13yqTHistory
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Temp\spanwHjf0pIE7Aqw\D87fZN3R3jFeplaces.sqlite
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\spanwHjf0pIE7Aqw\GpT142gGtTJXWeb Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\spanwHjf0pIE7Aqw\PYtSMPHrm1SuWeb Data
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\spanwHjf0pIE7Aqw\Rb2xMzRNsLcbLogin Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\spanwHjf0pIE7Aqw\U2l6ocEPq0VAWeb Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\spanwHjf0pIE7Aqw\doeJFtzaloUBLogin Data
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\spanwHjf0pIE7Aqw\eYQJ_YGPGqbuLogin Data For Account
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\spanwHjf0pIE7Aqw\jq2E_9CdxA4hWeb Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\spanwHjf0pIE7Aqw\uXAOMY6nzRJRHistory
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Temp\spanwHjf0pIE7Aqw\v3pxjf8ng_oCWeb Data
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\spanwHjf0pIE7Aqw\zmamEJ09jjflCookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
dropped
C:\Users\user\AppData\Local\Temp\trixyfMKOdBHYvzaR\Cookies\Chrome_Default.txt
ASCII text, with very long lines (769), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\trixyfMKOdBHYvzaR\information.txt
ASCII text, with CRLF, LF line terminators
dropped
C:\Users\user\AppData\Local\Temp\trixyfMKOdBHYvzaR\passwords.txt
Unicode text, UTF-8 text, with CRLF, LF line terminators
dropped
C:\Users\user\AppData\Local\Temp\trixywHjf0pIE7Aqw\Cookies\Chrome_Default.txt
ASCII text, with very long lines (769), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\trixywHjf0pIE7Aqw\information.txt
ASCII text, with CRLF, LF line terminators
dropped
C:\Users\user\AppData\Local\Temp\trixywHjf0pIE7Aqw\passwords.txt
Unicode text, UTF-8 text, with CRLF, LF line terminators
dropped
C:\Windows\appcompat\Programs\Amcache.hve
MS Windows registry file, NT/2000 or above
dropped
There are 51 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\7rA1iX60wh.exe
"C:\Users\user\Desktop\7rA1iX60wh.exe"
 malicious
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
 malicious
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST
 malicious
C:\ProgramData\MPGPH131\MPGPH131.exe
C:\ProgramData\MPGPH131\MPGPH131.exe
 malicious
C:\ProgramData\MPGPH131\MPGPH131.exe
C:\ProgramData\MPGPH131\MPGPH131.exe
 malicious
C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
"C:\Users\user\AppData\Local\RageMP131\RageMP131.exe"
malicious
C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
"C:\Users\user\AppData\Local\RageMP131\RageMP131.exe"
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6752 -s 1944
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 1860
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 1904
There are 2 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://77.91.77.81/mine/amadka.exe
unknown
https://db-ip.com:443/demo/home.php?s=8.46.123.33J
unknown
https://ipinfo.io/widget/demo/8.46.123.33D
unknown
https://t.me/RiseProSUPPORTw
unknown
http://77.91.77.81/mine/amadka.exet1
unknown
https://duckduckgo.com/chrome_newtab
unknown
https://ipinfo.io:443/widget/demo/8.46.123.33
unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
unknown
https://duckduckgo.com/ac/?q=
unknown
http://77.91.77.81/cost/go.exe
unknown
https://t.me/risepro_botraction
unknown
https://t.me/RiseProSUPPORTr
unknown
https://t.me/RiseProSUPPORTk
unknown
https://db-ip.com/
unknown
http://77.91.77.81/cost/lenin.exeshinam
unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
https://ipinfo.io/widget/demo/8.46.123.338
unknown
https://ipinfo.io/widget/demo/8.46.123.33ap
unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
unknown
https://t.me/risepro_botY
unknown
http://77.91.77.81/cost/lenin.exe0.1
unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016/ee
unknown
https://t.me/risepro
unknown
https://t.me/risepro_bot.cloudflare.c
unknown
https://db-ip.com/demo/home.php?s=8.46.123.33N
unknown
http://77.91.77.81/cost/lenin.exeilesCO
unknown
https://t.me/RiseProSUPPORTQ
unknown
https://ipinfo.io/widget/demo/8.46.123.33
34.117.186.192
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17/ewGpY
unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
unknown
https://t.me/RiseProSUPPORTN
unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
unknown
https://ipinfo.io/t
unknown
https://db-ip.com:443/demo/home.php?s=8.46.123.33
unknown
https://ipinfo.io/widget/demo/8.46.123.33o
unknown
http://77.91.77.81/mine/amadka.exeer
unknown
https://db-ip.com/N
unknown
https://ipinfo.io/widget/demo/8.46.123.33W
unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016A
unknown
https://ipinfo.io/e
unknown
https://ipinfo.io:443/widget/demo/8.46.123.330
unknown
https://t.me/risepro_bot33
unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
unknown
https://t.me/risepro_botm)
unknown
https://db-ip.com/Z
unknown
https://db-ip.com/demo/home.php?s=8.46.123.33LA
unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016R
unknown
https://t.me/risepro_botisepro_botP
unknown
https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dll
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
http://upx.sf.net
unknown
https://t.me/RiseProSUPPORT
unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
unknown
https://www.ecosia.org/newtab/
unknown
https://ipinfo.io/Mozilla/5.0
unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
unknown
https://ac.ecosia.org/autocomplete?q=
unknown
http://77.91.77.81/cost/lenin.exet
unknown
https://t.me/risepro_bot
unknown
https://ipinfo.io/:
unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17FALSE
unknown
https://t.me/risepro_botlater
unknown
https://ipinfo.io/
34.117.186.192
https://www.maxmind.com/en/locate-my-ip-address
unknown
https://ipinfo.io/widget/demo/8.46.123.330
unknown
https://t.M
unknown
https://t.me/risepro_bot_
unknown
http://www.winimage.com/zLibDll
unknown
https://db-ip.com/demo/home.php?s=8.46.123.33r
unknown
https://support.mozilla.org
unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
unknown
https://t.me/RiseProSUPPORTOU
unknown
https://db-ip.com/demo/home.php?s=8.46.123.33
104.26.4.15
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
unknown
http://77.91.77.81/cost/lenin.exe
unknown
There are 65 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
ipinfo.io
34.117.186.192
db-ip.com
104.26.4.15

IPs

IP
Domain
Country
Malicious
77.91.77.66
unknown
Russian Federation
malicious
34.117.186.192
ipinfo.io
United States
104.26.4.15
db-ip.com
United States

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RageMP131
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Owner
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
SessionHash
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Sequence
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
RegFiles0000
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
RegFilesHash
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Owner
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
SessionHash
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Sequence
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
RegFiles0000
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
RegFilesHash
\REGISTRY\A\{6669429f-3ed3-0d0b-55bf-56166b5c0cb8}\Root\InventoryApplicationFile\7ra1ix60wh.exe|544928a4a4ac8ba3
ProgramId
\REGISTRY\A\{6669429f-3ed3-0d0b-55bf-56166b5c0cb8}\Root\InventoryApplicationFile\7ra1ix60wh.exe|544928a4a4ac8ba3
FileId
\REGISTRY\A\{6669429f-3ed3-0d0b-55bf-56166b5c0cb8}\Root\InventoryApplicationFile\7ra1ix60wh.exe|544928a4a4ac8ba3
LowerCaseLongPath
\REGISTRY\A\{6669429f-3ed3-0d0b-55bf-56166b5c0cb8}\Root\InventoryApplicationFile\7ra1ix60wh.exe|544928a4a4ac8ba3
LongPathHash
\REGISTRY\A\{6669429f-3ed3-0d0b-55bf-56166b5c0cb8}\Root\InventoryApplicationFile\7ra1ix60wh.exe|544928a4a4ac8ba3
Name
\REGISTRY\A\{6669429f-3ed3-0d0b-55bf-56166b5c0cb8}\Root\InventoryApplicationFile\7ra1ix60wh.exe|544928a4a4ac8ba3
OriginalFileName
\REGISTRY\A\{6669429f-3ed3-0d0b-55bf-56166b5c0cb8}\Root\InventoryApplicationFile\7ra1ix60wh.exe|544928a4a4ac8ba3
Publisher
\REGISTRY\A\{6669429f-3ed3-0d0b-55bf-56166b5c0cb8}\Root\InventoryApplicationFile\7ra1ix60wh.exe|544928a4a4ac8ba3
Version
\REGISTRY\A\{6669429f-3ed3-0d0b-55bf-56166b5c0cb8}\Root\InventoryApplicationFile\7ra1ix60wh.exe|544928a4a4ac8ba3
BinFileVersion
\REGISTRY\A\{6669429f-3ed3-0d0b-55bf-56166b5c0cb8}\Root\InventoryApplicationFile\7ra1ix60wh.exe|544928a4a4ac8ba3
BinaryType
\REGISTRY\A\{6669429f-3ed3-0d0b-55bf-56166b5c0cb8}\Root\InventoryApplicationFile\7ra1ix60wh.exe|544928a4a4ac8ba3
ProductName
\REGISTRY\A\{6669429f-3ed3-0d0b-55bf-56166b5c0cb8}\Root\InventoryApplicationFile\7ra1ix60wh.exe|544928a4a4ac8ba3
ProductVersion
\REGISTRY\A\{6669429f-3ed3-0d0b-55bf-56166b5c0cb8}\Root\InventoryApplicationFile\7ra1ix60wh.exe|544928a4a4ac8ba3
LinkDate
\REGISTRY\A\{6669429f-3ed3-0d0b-55bf-56166b5c0cb8}\Root\InventoryApplicationFile\7ra1ix60wh.exe|544928a4a4ac8ba3
BinProductVersion
\REGISTRY\A\{6669429f-3ed3-0d0b-55bf-56166b5c0cb8}\Root\InventoryApplicationFile\7ra1ix60wh.exe|544928a4a4ac8ba3
AppxPackageFullName
\REGISTRY\A\{6669429f-3ed3-0d0b-55bf-56166b5c0cb8}\Root\InventoryApplicationFile\7ra1ix60wh.exe|544928a4a4ac8ba3
AppxPackageRelativeId
\REGISTRY\A\{6669429f-3ed3-0d0b-55bf-56166b5c0cb8}\Root\InventoryApplicationFile\7ra1ix60wh.exe|544928a4a4ac8ba3
Size
\REGISTRY\A\{6669429f-3ed3-0d0b-55bf-56166b5c0cb8}\Root\InventoryApplicationFile\7ra1ix60wh.exe|544928a4a4ac8ba3
Language
\REGISTRY\A\{6669429f-3ed3-0d0b-55bf-56166b5c0cb8}\Root\InventoryApplicationFile\7ra1ix60wh.exe|544928a4a4ac8ba3
Usn
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
TickCount
\REGISTRY\A\{6669429f-3ed3-0d0b-55bf-56166b5c0cb8}\Root\InventoryApplicationFile\mpgph131.exe|9aac11c6f9321563
ProgramId
\REGISTRY\A\{6669429f-3ed3-0d0b-55bf-56166b5c0cb8}\Root\InventoryApplicationFile\mpgph131.exe|9aac11c6f9321563
FileId
\REGISTRY\A\{6669429f-3ed3-0d0b-55bf-56166b5c0cb8}\Root\InventoryApplicationFile\mpgph131.exe|9aac11c6f9321563
LowerCaseLongPath
\REGISTRY\A\{6669429f-3ed3-0d0b-55bf-56166b5c0cb8}\Root\InventoryApplicationFile\mpgph131.exe|9aac11c6f9321563
LongPathHash
\REGISTRY\A\{6669429f-3ed3-0d0b-55bf-56166b5c0cb8}\Root\InventoryApplicationFile\mpgph131.exe|9aac11c6f9321563
Name
\REGISTRY\A\{6669429f-3ed3-0d0b-55bf-56166b5c0cb8}\Root\InventoryApplicationFile\mpgph131.exe|9aac11c6f9321563
OriginalFileName
\REGISTRY\A\{6669429f-3ed3-0d0b-55bf-56166b5c0cb8}\Root\InventoryApplicationFile\mpgph131.exe|9aac11c6f9321563
Publisher
\REGISTRY\A\{6669429f-3ed3-0d0b-55bf-56166b5c0cb8}\Root\InventoryApplicationFile\mpgph131.exe|9aac11c6f9321563
Version
\REGISTRY\A\{6669429f-3ed3-0d0b-55bf-56166b5c0cb8}\Root\InventoryApplicationFile\mpgph131.exe|9aac11c6f9321563
BinFileVersion
\REGISTRY\A\{6669429f-3ed3-0d0b-55bf-56166b5c0cb8}\Root\InventoryApplicationFile\mpgph131.exe|9aac11c6f9321563
BinaryType
\REGISTRY\A\{6669429f-3ed3-0d0b-55bf-56166b5c0cb8}\Root\InventoryApplicationFile\mpgph131.exe|9aac11c6f9321563
ProductName
\REGISTRY\A\{6669429f-3ed3-0d0b-55bf-56166b5c0cb8}\Root\InventoryApplicationFile\mpgph131.exe|9aac11c6f9321563
ProductVersion
\REGISTRY\A\{6669429f-3ed3-0d0b-55bf-56166b5c0cb8}\Root\InventoryApplicationFile\mpgph131.exe|9aac11c6f9321563
LinkDate
\REGISTRY\A\{6669429f-3ed3-0d0b-55bf-56166b5c0cb8}\Root\InventoryApplicationFile\mpgph131.exe|9aac11c6f9321563
BinProductVersion
\REGISTRY\A\{6669429f-3ed3-0d0b-55bf-56166b5c0cb8}\Root\InventoryApplicationFile\mpgph131.exe|9aac11c6f9321563
AppxPackageFullName
\REGISTRY\A\{6669429f-3ed3-0d0b-55bf-56166b5c0cb8}\Root\InventoryApplicationFile\mpgph131.exe|9aac11c6f9321563
AppxPackageRelativeId
\REGISTRY\A\{6669429f-3ed3-0d0b-55bf-56166b5c0cb8}\Root\InventoryApplicationFile\mpgph131.exe|9aac11c6f9321563
Size
\REGISTRY\A\{6669429f-3ed3-0d0b-55bf-56166b5c0cb8}\Root\InventoryApplicationFile\mpgph131.exe|9aac11c6f9321563
Language
\REGISTRY\A\{6669429f-3ed3-0d0b-55bf-56166b5c0cb8}\Root\InventoryApplicationFile\mpgph131.exe|9aac11c6f9321563
Usn
There are 41 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
5770000
heap
page read and write
 malicious
57AF000
heap
page read and write
 malicious
E2E000
heap
page read and write
 malicious
5793000
heap
page read and write
 malicious
E2D000
heap
page read and write
 malicious
D9E000
heap
page read and write
 malicious
E2D000
heap
page read and write
 malicious
57BB000
heap
page read and write
 malicious
5793000
heap
page read and write
 malicious
E2D000
heap
page read and write
 malicious
57D2000
heap
page read and write
74F000
unkown
page execute and read and write
75C000
unkown
page execute and read and write
57B4000
heap
page read and write
FE3000
heap
page read and write
DC9000
heap
page read and write
4EFD000
stack
page read and write
5821000
heap
page read and write
5832000
heap
page read and write
57CE000
heap
page read and write
582D000
heap
page read and write
58A000
unkown
page readonly
5806000
heap
page read and write
7AE000
unkown
page execute and read and write
57BE000
heap
page read and write
57B2000
heap
page read and write
57E0000
heap
page read and write
57BF000
heap
page read and write
5AF0000
trusted library allocation
page read and write
57F9000
heap
page read and write
2920000
remote allocation
page read and write
57B4000
heap
page read and write
5B09000
heap
page read and write
57DF000
heap
page read and write
5AF0000
trusted library allocation
page read and write
5AF0000
trusted library allocation
page read and write
57EE000
heap
page read and write
57BF000
heap
page read and write
55D000
unkown
page readonly
57E3000
heap
page read and write
5821000
heap
page read and write
7AE000
unkown
page execute and read and write
29F0000
remote allocation
page read and write
578A000
heap
page read and write
FAB000
heap
page read and write
E38000
heap
page read and write
DBD000
heap
page read and write
755000
unkown
page execute and read and write
497C000
heap
page read and write
5AF0000
trusted library allocation
page read and write
77C000
unkown
page execute and read and write
57E0000
heap
page read and write
EED000
heap
page read and write
EFA000
heap
page read and write
75E000
unkown
page execute and read and write
57D7000
heap
page read and write
57CF000
heap
page read and write
297E000
stack
page read and write
C5E000
stack
page read and write
57EA000
heap
page read and write
5787000
heap
page read and write
57E2000
heap
page read and write
57E2000
heap
page read and write
57D5000
heap
page read and write
D0F000
heap
page read and write
5B10000
heap
page read and write
76C000
unkown
page execute and read and write
788000
unkown
page execute and read and write
57C4000
heap
page read and write
5821000
heap
page read and write
759000
unkown
page execute and read and write
57C2000
heap
page read and write
5B01000
heap
page read and write
57F2000
heap
page read and write
5773000
heap
page read and write
57C4000
heap
page read and write
DA0000
heap
page read and write
57EC000
heap
page read and write
5B11000
heap
page read and write
77A000
unkown
page execute and read and write
CB0000
direct allocation
page read and write
5821000
heap
page read and write
57F2000
heap
page read and write
F8E000
stack
page read and write
2970000
remote allocation
page read and write
75E000
unkown
page execute and read and write
57DF000
heap
page read and write
5778000
heap
page read and write
579A000
heap
page read and write
57CE000
heap
page read and write
2870000
direct allocation
page read and write
57E8000
heap
page read and write
F8D000
heap
page read and write
57DE000
heap
page read and write
57CE000
heap
page read and write
579A000
heap
page read and write
5B00000
trusted library allocation
page read and write
760000
unkown
page execute and read and write
57A6000
heap
page read and write
759000
unkown
page execute and read and write
57E7000
heap
page read and write
7B3000
unkown
page execute and read and write
507E000
stack
page read and write
D0B000
heap
page read and write
57A4000
heap
page read and write
DAF000
heap
page read and write
5760000
heap
page read and write
770000
unkown
page execute and read and write
F92000
heap
page read and write
582D000
heap
page read and write
585000
unkown
page read and write
5AF0000
trusted library allocation
page read and write
57C2000
heap
page read and write
57BE000
heap
page read and write
598000
unkown
page execute and read and write
57B1000
heap
page read and write
4F3E000
stack
page read and write
DE0000
heap
page read and write
2850000
heap
page read and write
57B0000
heap
page read and write
108F000
stack
page read and write
DBD000
heap
page read and write
5AF2000
heap
page read and write
5826000
heap
page read and write
76E000
unkown
page execute and read and write
582E000
heap
page read and write
EED000
heap
page read and write
57D9000
heap
page read and write
578B000
heap
page read and write
57D6000
heap
page read and write
57E5000
heap
page read and write
57BE000
heap
page read and write
7B3000
unkown
page execute and read and write
503F000
stack
page read and write
57E0000
heap
page read and write
400000
unkown
page readonly
5775000
heap
page read and write
5B20000
heap
page read and write
57D2000
heap
page read and write
57DF000
heap
page read and write
F20000
heap
page read and write
5DF0000
trusted library allocation
page read and write
57E7000
heap
page read and write
57A9000
heap
page read and write
57F7000
heap
page read and write
5AF0000
trusted library allocation
page read and write
D29000
heap
page read and write
75C000
unkown
page execute and read and write
57B5000
heap
page read and write
57E2000
heap
page read and write
578B000
heap
page read and write
D14000
heap
page read and write
5B2C000
heap
page read and write
5B09000
heap
page read and write
566E000
stack
page read and write
78A000
unkown
page execute and read and write
57B7000
heap
page read and write
504F000
stack
page read and write
E46000
heap
page read and write
788000
unkown
page execute and read and write
57CD000
heap
page read and write
EFA000
heap
page read and write
57C1000
heap
page read and write
2BF0000
remote allocation
page read and write
5B00000
trusted library allocation
page read and write
5AF6000
heap
page read and write
57B0000
heap
page read and write
57E0000
heap
page read and write
561F000
stack
page read and write
400000
unkown
page readonly
5800000
heap
page read and write
57C2000
heap
page read and write
5B16000
heap
page read and write
7AE000
unkown
page execute and read and write
5B2C000
heap
page read and write
596000
unkown
page write copy
980000
unkown
page execute read
5861000
heap
page read and write
2960000
heap
page read and write
776000
unkown
page execute and read and write
57E2000
heap
page read and write
76A000
unkown
page execute and read and write
5AF0000
trusted library allocation
page read and write
5B10000
heap
page read and write
E85000
heap
page read and write
D00000
direct allocation
page read and write
5B02000
heap
page read and write
57E0000
heap
page read and write
FA1000
heap
page read and write
5821000
heap
page read and write
29CE000
stack
page read and write
5B24000
heap
page read and write
57C5000
heap
page read and write
CCA000
heap
page read and write
57E7000
heap
page read and write
E7C000
heap
page read and write
2830000
direct allocation
page read and write
1D0000
heap
page read and write
5821000
heap
page read and write
5791000
heap
page read and write
57E0000
heap
page read and write
E89000
heap
page read and write
57B4000
heap
page read and write
4DBD000
stack
page read and write
5826000
heap
page read and write
5AF0000
trusted library allocation
page read and write
EC0000
direct allocation
page read and write
75C000
unkown
page execute and read and write
57D3000
heap
page read and write
529F000
stack
page read and write
5B0B000
heap
page read and write
4F6E000
stack
page read and write
401000
unkown
page execute read
57DF000
heap
page read and write
5AF0000
trusted library allocation
page read and write
57D1000
heap
page read and write
FB6000
heap
page read and write
78A000
unkown
page execute and read and write
582A000
heap
page read and write
E35000
heap
page read and write
57C1000
heap
page read and write
E9F000
stack
page read and write
9B000
stack
page read and write
E4F000
heap
page read and write
57F2000
heap
page read and write
57BC000
heap
page read and write
5AF0000
trusted library allocation
page read and write
57B0000
heap
page read and write
29A0000
heap
page read and write
57DF000
heap
page read and write
2920000
remote allocation
page read and write
2860000
direct allocation
page read and write
5E00000
trusted library allocation
page read and write
596000
unkown
page read and write
5777000
heap
page read and write
57C1000
heap
page read and write
596000
unkown
page read and write
57B7000
heap
page read and write
F31000
heap
page read and write
57B0000
heap
page read and write
4F30000
heap
page read and write
585000
unkown
page write copy
757000
unkown
page execute and read and write
5AF6000
heap
page read and write
585000
unkown
page read and write
5B00000
trusted library allocation
page read and write
D9A000
heap
page read and write
5807000
heap
page read and write
57D0000
heap
page read and write
57F4000
heap
page read and write
755000
unkown
page execute and read and write
DB3000
heap
page read and write
57D9000
heap
page read and write
5821000
heap
page read and write
57E5000
heap
page read and write
E38000
heap
page read and write
57E2000
heap
page read and write
571F000
stack
page read and write
57CF000
heap
page read and write
58A000
unkown
page readonly
2BCE000
stack
page read and write
5821000
heap
page read and write
DB1000
heap
page read and write
4CFE000
stack
page read and write
5821000
heap
page read and write
57C5000
heap
page read and write
2970000
remote allocation
page read and write
5783000
heap
page read and write
DB6000
heap
page read and write
57C4000
heap
page read and write
57E6000
heap
page read and write
DC0000
direct allocation
page read and write
57A3000
heap
page read and write
57E0000
heap
page read and write
5AF1000
heap
page read and write
CAE000
stack
page read and write
57B0000
heap
page read and write
515F000
stack
page read and write
C77000
heap
page read and write
57A3000
heap
page read and write
19A000
stack
page read and write
77C000
unkown
page execute and read and write
57A4000
heap
page read and write
FBC000
heap
page read and write
5788000
heap
page read and write
5AF1000
heap
page read and write
57B9000
heap
page read and write
57A6000
heap
page read and write
29F0000
remote allocation
page read and write
2860000
direct allocation
page read and write
57DF000
heap
page read and write
5821000
heap
page read and write
5821000
heap
page read and write
587C000
heap
page read and write
57CE000
heap
page read and write
5806000
heap
page read and write
753000
unkown
page execute and read and write
551E000
stack
page read and write
DBD000
heap
page read and write
74F000
unkown
page execute and read and write
776000
unkown
page execute and read and write
F10000
heap
page read and write
75C000
unkown
page execute and read and write
5832000
heap
page read and write
57C7000
heap
page read and write
58A000
unkown
page readonly
5AFD000
heap
page read and write
598000
unkown
page execute and read and write
5AF1000
heap
page read and write
FD7000
heap
page read and write
57D2000
heap
page read and write
57FE000
heap
page read and write
58A000
unkown
page readonly
E67000
heap
page read and write
57C7000
heap
page read and write
FC8000
heap
page read and write
596000
unkown
page write copy
770000
unkown
page execute and read and write
D31000
heap
page read and write
580F000
heap
page read and write
5821000
heap
page read and write
57C0000
heap
page read and write
57CE000
heap
page read and write
5786000
heap
page read and write
F1D000
heap
page read and write
57B0000
heap
page read and write
D80000
direct allocation
page read and write
58A000
unkown
page readonly
5B00000
trusted library allocation
page read and write
E3F000
heap
page read and write
401000
unkown
page execute read
58A000
unkown
page readonly
57CF000
heap
page read and write
EED000
heap
page read and write
57F1000
heap
page read and write
5825000
heap
page read and write
F07000
heap
page read and write
E38000
heap
page read and write
76E000
unkown
page execute and read and write
5793000
heap
page read and write
D80000
direct allocation
page read and write
57D6000
heap
page read and write
57DF000
heap
page read and write
784000
unkown
page execute and read and write
C00000
heap
page read and write
5784000
heap
page read and write
5B00000
heap
page read and write
D2B000
heap
page read and write
5765000
heap
page read and write
5B20000
heap
page read and write
5804000
heap
page read and write
57E0000
heap
page read and write
5B11000
heap
page read and write
5825000
heap
page read and write
57ED000
heap
page read and write
57C5000
heap
page read and write
5B00000
trusted library allocation
page read and write
76E000
unkown
page execute and read and write
57EC000
heap
page read and write
585000
unkown
page write copy
EE6000
heap
page read and write
57A6000
heap
page read and write
F5E000
heap
page read and write
753000
unkown
page execute and read and write
108F000
stack
page read and write
CB0000
direct allocation
page read and write
57B2000
heap
page read and write
57D0000
heap
page read and write
57B6000
heap
page read and write
576F000
stack
page read and write
57D8000
heap
page read and write
F63000
heap
page read and write
5B0E000
heap
page read and write
5B01000
heap
page read and write
5AF0000
trusted library allocation
page read and write
788000
unkown
page execute and read and write
DE5000
heap
page read and write
E48000
heap
page read and write
78A000
unkown
page execute and read and write
55D000
unkown
page readonly
C6E000
stack
page read and write
5B00000
trusted library allocation
page read and write
57F0000
heap
page read and write
579D000
heap
page read and write
12CF000
stack
page read and write
57B5000
heap
page read and write
57D3000
heap
page read and write
57D4000
heap
page read and write
57BF000
heap
page read and write
5AF0000
heap
page read and write
57CE000
heap
page read and write
57AF000
heap
page read and write
D1A000
heap
page read and write
579D000
heap
page read and write
5860000
heap
page read and write
5B01000
heap
page read and write
57A4000
heap
page read and write
77A000
unkown
page execute and read and write
57A4000
heap
page read and write
57F8000
heap
page read and write
57BE000
heap
page read and write
565E000
stack
page read and write
FFF000
stack
page read and write
5AF0000
trusted library allocation
page read and write
2870000
direct allocation
page read and write
5821000
heap
page read and write
4E2E000
stack
page read and write
57F1000
heap
page read and write
57D6000
heap
page read and write
5AF1000
heap
page read and write
5AF0000
trusted library allocation
page read and write
EE6000
heap
page read and write
DB3000
heap
page read and write
E38000
heap
page read and write
770000
unkown
page execute and read and write
57CF000
heap
page read and write
CE7000
heap
page read and write
57D0000
heap
page read and write
D01000
heap
page read and write
582A000
heap
page read and write
57BF000
heap
page read and write
57CF000
heap
page read and write
57B0000
heap
page read and write
57C4000
heap
page read and write
E29000
heap
page read and write
57D3000
heap
page read and write
2920000
remote allocation
page read and write
57E5000
heap
page read and write
4F20000
heap
page read and write
57C4000
heap
page read and write
400000
unkown
page readonly
5AF0000
trusted library allocation
page read and write
EC0000
direct allocation
page read and write
76A000
unkown
page execute and read and write
5B02000
heap
page read and write
57BF000
heap
page read and write
57BF000
heap
page read and write
EE4000
heap
page read and write
57CF000
heap
page read and write
4996000
heap
page read and write
5B00000
trusted library allocation
page read and write
2830000
direct allocation
page read and write
E2D000
heap
page read and write
57A4000
heap
page read and write
50AE000
stack
page read and write
57BF000
heap
page read and write
57EC000
heap
page read and write
57B0000
heap
page read and write
EE5000
heap
page read and write
5B10000
heap
page read and write
D80000
direct allocation
page read and write
7B3000
unkown
page execute and read and write
57B0000
heap
page read and write
784000
unkown
page execute and read and write
5B00000
trusted library allocation
page read and write
7B3000
unkown
page execute and read and write
57FB000
heap
page read and write
5808000
heap
page read and write
5B0A000
heap
page read and write
76C000
unkown
page execute and read and write
57F1000
heap
page read and write
57D4000
heap
page read and write
74F000
unkown
page execute and read and write
507E000
stack
page read and write
579F000
heap
page read and write
D00000
direct allocation
page read and write
5821000
heap
page read and write
E36000
heap
page read and write
F50000
heap
page read and write
57D6000
heap
page read and write
5AF0000
trusted library allocation
page read and write
57B0000
heap
page read and write
C20000
heap
page read and write
57C2000
heap
page read and write
F9C000
heap
page read and write
57FD000
heap
page read and write
57DB000
heap
page read and write
2930000
remote allocation
page read and write
74F000
unkown
page execute and read and write
28E0000
direct allocation
page read and write
C00000
heap
page read and write
579A000
heap
page read and write
579A000
heap
page read and write
57C4000
heap
page read and write
57C5000
heap
page read and write
57E0000
heap
page read and write
F33000
heap
page read and write
57B0000
heap
page read and write
57D0000
heap
page read and write
5821000
heap
page read and write
57B0000
heap
page read and write
4B8D000
heap
page read and write
C00000
heap
page read and write
2870000
direct allocation
page read and write
2BF0000
remote allocation
page read and write
57BE000
heap
page read and write
2A00000
heap
page read and write
980000
unkown
page execute read
5AF0000
trusted library allocation
page read and write
EE3000
heap
page read and write
503F000
stack
page read and write
57EC000
heap
page read and write
5791000
heap
page read and write
57C1000
heap
page read and write
401000
unkown
page execute read
57C2000
heap
page read and write
57DB000
heap
page read and write
51AF000
stack
page read and write
FA3000
heap
page read and write
9B000
stack
page read and write
5B12000
heap
page read and write
C10000
heap
page read and write
76E000
unkown
page execute and read and write
5789000
heap
page read and write
55D000
unkown
page readonly
58AC000
heap
page read and write
770000
unkown
page execute and read and write
57AF000
heap
page read and write
19A000
stack
page read and write
5807000
heap
page read and write
CC7000
heap
page read and write
F16000
heap
page read and write
57C1000
heap
page read and write
75E000
unkown
page execute and read and write
57C1000
heap
page read and write
5875000
heap
page read and write
575E000
stack
page read and write
57F7000
heap
page read and write
57F8000
heap
page read and write
C75000
heap
page read and write
5800000
heap
page read and write
57AD000
heap
page read and write
5821000
heap
page read and write
58A000
unkown
page readonly
784000
unkown
page execute and read and write
5771000
heap
page read and write
57BE000
heap
page read and write
4F0D000
stack
page read and write
582A000
heap
page read and write
57C2000
heap
page read and write
5800000
heap
page read and write
CE0000
heap
page read and write
EEE000
heap
page read and write
400000
unkown
page readonly
57A4000
heap
page read and write
2860000
direct allocation
page read and write
517F000
stack
page read and write
596000
unkown
page write copy
57BF000
heap
page read and write
C00000
heap
page read and write
760000
unkown
page execute and read and write
753000
unkown
page execute and read and write
E17000
heap
page read and write
57AF000
heap
page read and write
57C0000
heap
page read and write
57B3000
heap
page read and write
57CD000
heap
page read and write
E38000
heap
page read and write
784000
unkown
page execute and read and write
57F3000
heap
page read and write
508E000
stack
page read and write
552E000
stack
page read and write
755000
unkown
page execute and read and write
57D6000
heap
page read and write
57AD000
heap
page read and write
551E000
stack
page read and write
5792000
heap
page read and write
57C4000
heap
page read and write
5AF1000
heap
page read and write
57BD000
heap
page read and write
289F000
stack
page read and write
D16000
heap
page read and write
D15000
heap
page read and write
5821000
heap
page read and write
57E4000
heap
page read and write
57FF000
heap
page read and write
75C000
unkown
page execute and read and write
EFC000
heap
page read and write
57E1000
heap
page read and write
57D8000
heap
page read and write
4DFD000
stack
page read and write
2830000
direct allocation
page read and write
57C1000
heap
page read and write
C70000
heap
page read and write
582D000
heap
page read and write
4F3E000
stack
page read and write
757000
unkown
page execute and read and write
5874000
heap
page read and write
18E000
stack
page read and write
5AF0000
trusted library allocation
page read and write
5825000
heap
page read and write
5787000
heap
page read and write
57C1000
heap
page read and write
57C2000
heap
page read and write
7AE000
unkown
page execute and read and write
CE0000
heap
page read and write
5808000
heap
page read and write
EA0000
heap
page read and write
DDC000
heap
page read and write
DBD000
heap
page read and write
2870000
direct allocation
page read and write
506F000
stack
page read and write
57BE000
heap
page read and write
FC2000
heap
page read and write
75E000
unkown
page execute and read and write
57E5000
heap
page read and write
582A000
heap
page read and write
57BE000
heap
page read and write
596000
unkown
page read and write
57DB000
heap
page read and write
755000
unkown
page execute and read and write
D45000
heap
page read and write
579A000
heap
page read and write
596000
unkown
page write copy
576E000
heap
page read and write
5785000
heap
page read and write
D9D000
heap
page read and write
57BF000
heap
page read and write
57F2000
heap
page read and write
5791000
heap
page read and write
EEF000
heap
page read and write
400000
unkown
page readonly
E8E000
heap
page read and write
5AF0000
trusted library allocation
page read and write
57D7000
heap
page read and write
5821000
heap
page read and write
58A000
unkown
page readonly
5775000
heap
page read and write
CC7000
heap
page read and write
77C000
unkown
page execute and read and write
57E0000
heap
page read and write
577C000
heap
page read and write
5B00000
trusted library allocation
page read and write
5AFD000
heap
page read and write
D07000
heap
page read and write
5AF0000
trusted library allocation
page read and write
EEE000
heap
page read and write
CAE000
stack
page read and write
57B5000
heap
page read and write
E31000
heap
page read and write
57BD000
heap
page read and write
401000
unkown
page execute read
57C5000
heap
page read and write
DD2000
heap
page read and write
57C2000
heap
page read and write
57E0000
heap
page read and write
100C000
heap
page read and write
CC5000
heap
page read and write
C50000
heap
page read and write
57D4000
heap
page read and write
57D4000
heap
page read and write
E5F000
heap
page read and write
EED000
heap
page read and write
EE4000
heap
page read and write
57E7000
heap
page read and write
776000
unkown
page execute and read and write
DB8000
heap
page read and write
57D7000
heap
page read and write
585000
unkown
page write copy
57C2000
heap
page read and write
49B2000
heap
page read and write
EFA000
heap
page read and write
57AF000
heap
page read and write
2850000
heap
page read and write
4B8F000
heap
page read and write
57EC000
heap
page read and write
5AF1000
heap
page read and write
F39000
heap
page read and write
57AF000
heap
page read and write
5AF6000
heap
page read and write
5AFD000
heap
page read and write
57BE000
heap
page read and write
57B0000
heap
page read and write
5804000
heap
page read and write
582D000
heap
page read and write
57D1000
heap
page read and write
561E000
stack
page read and write
76A000
unkown
page execute and read and write
577D000
heap
page read and write
57CE000
heap
page read and write
19C000
stack
page read and write
5B06000
heap
page read and write
57AD000
heap
page read and write
2930000
heap
page read and write
519E000
stack
page read and write
561F000
stack
page read and write
57BF000
heap
page read and write
57F0000
heap
page read and write
57C2000
heap
page read and write
5765000
heap
page read and write
2830000
direct allocation
page read and write
F2E000
heap
page read and write
5AF2000
heap
page read and write
DB3000
heap
page read and write
C10000
heap
page read and write
57D6000
heap
page read and write
5B01000
heap
page read and write
582D000
heap
page read and write
FBA000
heap
page read and write
57F1000
heap
page read and write
E53000
heap
page read and write
577F000
heap
page read and write
4DFE000
stack
page read and write
400000
unkown
page readonly
760000
unkown
page execute and read and write
7AE000
unkown
page execute and read and write
577B000
heap
page read and write
4E1E000
stack
page read and write
562F000
stack
page read and write
505E000
stack
page read and write
DB1000
heap
page read and write
57F7000
heap
page read and write
5B0A000
heap
page read and write
2830000
heap
page read and write
5B01000
heap
page read and write
57F8000
heap
page read and write
DA9000
heap
page read and write
57FF000
heap
page read and write
29F0000
remote allocation
page read and write
757000
unkown
page execute and read and write
57C5000
heap
page read and write
5821000
heap
page read and write
57B7000
heap
page read and write
57B2000
heap
page read and write
5B09000
heap
page read and write
57DC000
heap
page read and write
57D6000
heap
page read and write
DB3000
heap
page read and write
5821000
heap
page read and write
57E2000
heap
page read and write
E6E000
heap
page read and write
5871000
heap
page read and write
5AF1000
heap
page read and write
F18000
heap
page read and write
F8F000
stack
page read and write
5825000
heap
page read and write
5861000
heap
page read and write
57B0000
heap
page read and write
76A000
unkown
page execute and read and write
5B00000
trusted library allocation
page read and write
751000
unkown
page execute and read and write
ED7000
heap
page read and write
2930000
remote allocation
page read and write
578A000
heap
page read and write
DE7000
heap
page read and write
55D000
unkown
page readonly
55D000
unkown
page readonly
D3B000
heap
page read and write
57A6000
heap
page read and write
74F000
unkown
page execute and read and write
57A6000
heap
page read and write
400000
unkown
page readonly
D38000
heap
page read and write
57D6000
heap
page read and write
5AF6000
heap
page read and write
57CD000
heap
page read and write
57B6000
heap
page read and write
57D7000
heap
page read and write
57CE000
heap
page read and write
596000
unkown
page write copy
57B3000
heap
page read and write
2C00000
heap
page read and write
294E000
stack
page read and write
57C1000
heap
page read and write
55D000
unkown
page readonly
57F3000
heap
page read and write
5825000
heap
page read and write
57A4000
heap
page read and write
57EC000
heap
page read and write
5822000
heap
page read and write
5813000
heap
page read and write
E38000
heap
page read and write
583B000
heap
page read and write
57AF000
heap
page read and write
57F7000
heap
page read and write
DB6000
heap
page read and write
598000
unkown
page execute and read and write
57EA000
heap
page read and write
57C4000
heap
page read and write
57CD000
heap
page read and write
57BF000
heap
page read and write
5B01000
heap
page read and write
759000
unkown
page execute and read and write
788000
unkown
page execute and read and write
980000
unkown
page execute read
5821000
heap
page read and write
9B000
stack
page read and write
582D000
heap
page read and write
5B24000
heap
page read and write
57F9000
heap
page read and write
759000
unkown
page execute and read and write
5AF0000
trusted library allocation
page read and write
4F2D000
stack
page read and write
57B7000
heap
page read and write
5B00000
trusted library allocation
page read and write
585000
unkown
page read and write
576E000
heap
page read and write
EE4000
heap
page read and write
755000
unkown
page execute and read and write
77A000
unkown
page execute and read and write
1D7000
heap
page read and write
578A000
heap
page read and write
E61000
heap
page read and write
57C1000
heap
page read and write
57D1000
heap
page read and write
400000
unkown
page readonly
57B6000
heap
page read and write
401000
unkown
page execute read
5784000
heap
page read and write
5817000
heap
page read and write
57CE000
heap
page read and write
57DC000
heap
page read and write
401000
unkown
page execute read
5821000
heap
page read and write
577E000
heap
page read and write
E00000
heap
page read and write
5B02000
heap
page read and write
FA8000
heap
page read and write
980000
unkown
page execute read
579A000
heap
page read and write
5B1E000
heap
page read and write
E85000
heap
page read and write
5871000
heap
page read and write
5970000
trusted library allocation
page read and write
55D000
unkown
page readonly
5AF0000
trusted library allocation
page read and write
753000
unkown
page execute and read and write
CB0000
direct allocation
page read and write
980000
unkown
page execute read
587C000
heap
page read and write
776000
unkown
page execute and read and write
18E000
stack
page read and write
57AD000
heap
page read and write
2870000
direct allocation
page read and write
5826000
heap
page read and write
57E2000
heap
page read and write
587C000
heap
page read and write
E5F000
stack
page read and write
D10000
heap
page read and write
1D7000
heap
page read and write
57B2000
heap
page read and write
EED000
heap
page read and write
596000
unkown
page read and write
5AF6000
heap
page read and write
E38000
heap
page read and write
D90000
heap
page read and write
582C000
heap
page read and write
57D2000
heap
page read and write
2A50000
direct allocation
page read and write
55D000
unkown
page readonly
585F000
stack
page read and write
57CF000
heap
page read and write
57B8000
heap
page read and write
5AFB000
heap
page read and write
4CAE000
stack
page read and write
57DE000
heap
page read and write
5AF0000
trusted library allocation
page read and write
57D7000
heap
page read and write
55D000
unkown
page readonly
DBD000
heap
page read and write
F5D000
heap
page read and write
57C8000
heap
page read and write
2860000
direct allocation
page read and write
76A000
unkown
page execute and read and write
57DC000
heap
page read and write
2B8E000
stack
page read and write
57BB000
heap
page read and write
575E000
stack
page read and write
C4E000
stack
page read and write
585000
unkown
page read and write
7B3000
unkown
page execute and read and write
400000
unkown
page readonly
580B000
heap
page read and write
57D7000
heap
page read and write
57CF000
heap
page read and write
5B00000
trusted library allocation
page read and write
57BE000
heap
page read and write
DBD000
heap
page read and write
5AF1000
heap
page read and write
980000
unkown
page execute read
D00000
direct allocation
page read and write
57D7000
heap
page read and write
19C000
stack
page read and write
4F4E000
stack
page read and write
401000
unkown
page execute read
582A000
heap
page read and write
77C000
unkown
page execute and read and write
5874000
heap
page read and write
5821000
heap
page read and write
598000
unkown
page execute and read and write
5807000
heap
page read and write
57F3000
heap
page read and write
2BF0000
remote allocation
page read and write
5B18000
heap
page read and write
759000
unkown
page execute and read and write
5810000
heap
page read and write
5AF1000
heap
page read and write
760000
unkown
page execute and read and write
2A3E000
stack
page read and write
5821000
heap
page read and write
DCE000
heap
page read and write
565E000
stack
page read and write
2970000
remote allocation
page read and write
F42000
heap
page read and write
F4C000
heap
page read and write
5AF0000
trusted library allocation
page read and write
5AF1000
heap
page read and write
2940000
direct allocation
page read and write
D90000
heap
page read and write
57E6000
heap
page read and write
5B01000
heap
page read and write
579A000
heap
page read and write
5774000
heap
page read and write
57BE000
heap
page read and write
57BE000
heap
page read and write
57CF000
heap
page read and write
57C2000
heap
page read and write
57C7000
heap
page read and write
577C000
heap
page read and write
DB0000
heap
page read and write
57D8000
heap
page read and write
5821000
heap
page read and write
57C2000
heap
page read and write
EED000
heap
page read and write
57D1000
heap
page read and write
5B08000
heap
page read and write
4DDE000
stack
page read and write
5781000
heap
page read and write
57C2000
heap
page read and write
5B00000
trusted library allocation
page read and write
E9E000
stack
page read and write
F95000
heap
page read and write
57EB000
heap
page read and write
57E7000
heap
page read and write
57AD000
heap
page read and write
57C5000
heap
page read and write
5AF0000
trusted library allocation
page read and write
5780000
heap
page read and write
57B7000
heap
page read and write
E31000
heap
page read and write
57A4000
heap
page read and write
DC0000
direct allocation
page read and write
57C5000
heap
page read and write
D2E000
stack
page read and write
4CDE000
stack
page read and write
57A7000
heap
page read and write
ED4000
heap
page read and write
57CE000
heap
page read and write
57EA000
heap
page read and write
4A14000
heap
page read and write
598000
unkown
page execute and read and write
5B00000
trusted library allocation
page read and write
4BAE000
stack
page read and write
2860000
direct allocation
page read and write
57DF000
heap
page read and write
57C0000
heap
page read and write
770000
unkown
page execute and read and write
4CEE000
stack
page read and write
57EC000
heap
page read and write
57BB000
heap
page read and write
5B25000
heap
page read and write
E07000
heap
page read and write
5832000
heap
page read and write
57BA000
heap
page read and write
1D5000
heap
page read and write
EEF000
heap
page read and write
5821000
heap
page read and write
582D000
heap
page read and write
5AF0000
trusted library allocation
page read and write
57C8000
heap
page read and write
57F2000
heap
page read and write
980000
unkown
page execute read
57C6000
heap
page read and write
E02000
heap
page read and write
57C9000
heap
page read and write
76C000
unkown
page execute and read and write
582D000
heap
page read and write
78A000
unkown
page execute and read and write
57EA000
heap
page read and write
5813000
heap
page read and write
760000
unkown
page execute and read and write
57E5000
heap
page read and write
2930000
remote allocation
page read and write
585000
unkown
page write copy
57D6000
heap
page read and write
2A40000
heap
page read and write
77A000
unkown
page execute and read and write
57C2000
heap
page read and write
57C5000
heap
page read and write
57EC000
heap
page read and write
5B08000
heap
page read and write
114F000
stack
page read and write
57AF000
heap
page read and write
517F000
stack
page read and write
57C5000
heap
page read and write
5812000
heap
page read and write
57CB000
heap
page read and write
18E000
stack
page read and write
580F000
heap
page read and write
57A6000
heap
page read and write
5781000
heap
page read and write
ED0000
heap
page read and write
5B2C000
heap
page read and write
75E000
unkown
page execute and read and write
2840000
heap
page read and write
57DC000
heap
page read and write
578A000
heap
page read and write
76C000
unkown
page execute and read and write
DAE000
heap
page read and write
2980000
heap
page read and write
E38000
heap
page read and write
55D000
unkown
page readonly
57B2000
heap
page read and write
57C5000
heap
page read and write
57B2000
heap
page read and write
5789000
heap
page read and write
E22000
heap
page read and write
5AF1000
heap
page read and write
EF6000
heap
page read and write
57B2000
heap
page read and write
576E000
heap
page read and write
E7C000
heap
page read and write
776000
unkown
page execute and read and write
57D9000
heap
page read and write
5817000
heap
page read and write
57C5000
heap
page read and write
EE4000
heap
page read and write
784000
unkown
page execute and read and write
57C6000
heap
page read and write
DBD000
heap
page read and write
57E1000
heap
page read and write
57C7000
heap
page read and write
585000
unkown
page write copy
57B4000
heap
page read and write
293E000
stack
page read and write
57AF000
heap
page read and write
596000
unkown
page read and write
57B0000
heap
page read and write
58A000
unkown
page readonly
5AF0000
trusted library allocation
page read and write
5B00000
trusted library allocation
page read and write
28D0000
heap
page read and write
57BD000
heap
page read and write
577A000
heap
page read and write
57D7000
heap
page read and write
57EC000
heap
page read and write
57B6000
heap
page read and write
577C000
heap
page read and write
57D7000
heap
page read and write
401000
unkown
page execute read
DFC000
heap
page read and write
57B9000
heap
page read and write
78A000
unkown
page execute and read and write
DFA000
heap
page read and write
753000
unkown
page execute and read and write
518F000
stack
page read and write
F5A000
heap
page read and write
5821000
heap
page read and write
9B000
stack
page read and write
788000
unkown
page execute and read and write
57CC000
heap
page read and write
4CBE000
stack
page read and write
57D5000
heap
page read and write
57D2000
heap
page read and write
58AC000
heap
page read and write
575E000
stack
page read and write
57B0000
heap
page read and write
57B5000
heap
page read and write
76C000
unkown
page execute and read and write
77C000
unkown
page execute and read and write
57D2000
heap
page read and write
57BE000
heap
page read and write
751000
unkown
page execute and read and write
562F000
stack
page read and write
CC0000
heap
page read and write
57F8000
heap
page read and write
980000
unkown
page execute read
57E4000
heap
page read and write
5AF0000
trusted library allocation
page read and write
294E000
stack
page read and write
4C9E000
stack
page read and write
751000
unkown
page execute and read and write
5AF1000
heap
page read and write
EA0000
heap
page read and write
E38000
heap
page read and write
57BE000
heap
page read and write
582B000
heap
page read and write
401000
unkown
page execute read
D95000
heap
page read and write
578B000
heap
page read and write
57A6000
heap
page read and write
58A000
unkown
page readonly
582D000
heap
page read and write
DEB000
heap
page read and write
5791000
heap
page read and write
5761000
heap
page read and write
57CD000
heap
page read and write
4C7E000
stack
page read and write
CC0000
heap
page read and write
5AF0000
trusted library allocation
page read and write
5AF0000
trusted library allocation
page read and write
57C5000
heap
page read and write
5793000
heap
page read and write
980000
unkown
page execute read
5784000
heap
page read and write
5870000
heap
page read and write
5B02000
heap
page read and write
57BF000
heap
page read and write
4C1D000
heap
page read and write
298E000
stack
page read and write
57B0000
heap
page read and write
E8A000
heap
page read and write
57D6000
heap
page read and write
4DED000
stack
page read and write
585000
unkown
page read and write
CCD000
heap
page read and write
400000
unkown
page readonly
5870000
heap
page read and write
552E000
stack
page read and write
57BE000
heap
page read and write
EE4000
heap
page read and write
582A000
heap
page read and write
5B06000
heap
page read and write
57C5000
heap
page read and write
751000
unkown
page execute and read and write
57E0000
heap
page read and write
19A000
stack
page read and write
D3E000
heap
page read and write
751000
unkown
page execute and read and write
57CD000
heap
page read and write
5800000
heap
page read and write
5791000
heap
page read and write
9B000
stack
page read and write
DB3000
heap
page read and write
D6E000
stack
page read and write
57D5000
heap
page read and write
5AF0000
trusted library allocation
page read and write
5B20000
heap
page read and write
57A4000
heap
page read and write
757000
unkown
page execute and read and write
57A7000
heap
page read and write
57A4000
heap
page read and write
76E000
unkown
page execute and read and write
D8E000
stack
page read and write
5821000
heap
page read and write
57D6000
heap
page read and write
F02000
heap
page read and write
2A8E000
stack
page read and write
5760000
heap
page read and write
4EFE000
stack
page read and write
57CF000
heap
page read and write
582D000
heap
page read and write
980000
unkown
page execute read
D5E000
stack
page read and write
77A000
unkown
page execute and read and write
578B000
heap
page read and write
4F1D000
stack
page read and write
57C1000
heap
page read and write
757000
unkown
page execute and read and write
DBD000
heap
page read and write
57AF000
heap
page read and write
57E0000
heap
page read and write
DBD000
heap
page read and write
401000
unkown
page execute read
CFB000
heap
page read and write
There are 1155 hidden memdumps, click here to show them.