IOC Report
h4ZgewNxoj.exe

FilesProcessesURLsDomainsIPsRegistryMemdumps642010010Label

Files

File Path
Type
Category
Malicious
Download
h4ZgewNxoj.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\ProgramData\BGCBGCAFIIECBFIDHIJK
ASCII text, with very long lines (1743), with CRLF line terminators
dropped
C:\ProgramData\CAEHJEBKFCAKKFIEHDBF
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\CFIEGDAE
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
dropped
C:\ProgramData\EBAAAFBG
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\FHIDAFHCBAKFCAAKFCFCFIIJKF
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\HJJKJJDHCGCAECAAECFHDAECFH
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\JKFHIIEHIEGDHJJJKFII
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\ProgramData\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\13d4bf35-33ad-4897-94b9-a2fabcdf1aaa.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\66273e50-90ec-479c-af4b-d180583a12bd.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\6a931aba-9409-4c11-9b48-293af4f0168f.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\77c290cd-7bc2-4c94-bf50-3c0ef407e5f2.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-6794F8C0-1B98.pma
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF36aa2.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF36ab1.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF374c4.TMP (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\b96e5d19-9c73-4189-bd6c-758b7877c5c1.tmp
JSON data
modified
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\freebl3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\mozglue[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\msvcp140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\nss3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\softokn3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\vcruntime140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\json[1].json
JSON data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Jan 25 13:44:09 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Jan 25 13:44:09 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Jan 25 13:44:09 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Jan 25 13:44:09 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Jan 25 13:44:09 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm
data
dropped
Chrome Cache Entry: 111
ASCII text, with very long lines (834)
downloaded
Chrome Cache Entry: 112
ASCII text, with very long lines (2410)
downloaded
Chrome Cache Entry: 113
ASCII text
downloaded
Chrome Cache Entry: 114
ASCII text, with very long lines (65531)
downloaded
Chrome Cache Entry: 115
ASCII text, with very long lines (1395)
downloaded
Chrome Cache Entry: 116
ASCII text, with very long lines (5162), with no line terminators
downloaded
Chrome Cache Entry: 117
SVG Scalable Vector Graphics image
downloaded
Chrome Cache Entry: 118
ASCII text
downloaded
There are 40 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\h4ZgewNxoj.exe
"C:\Users\user\Desktop\h4ZgewNxoj.exe"
malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 --field-trial-handle=2148,i,4031852269897719072,16253759926837054816,262144 /prefetch:8
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=""
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=2200,i,8281646957936742168,7994800533158010306,262144 /prefetch:3
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2364 --field-trial-handle=2000,i,13819835944976493745,13060883091540873233,262144 /prefetch:3
malicious

URLs

Name
IP
Malicious
http://185.215.113.206/68b591d6548ec281/msvcp140.dll$
unknown
malicious
http://185.215.113.206/68b591d6548ec281/vcruntime140.dllb
unknown
malicious
http://185.215.1
unknown
malicious
http://185.215.113.206/68b591d6548ec281/softokn3.dll
185.215.113.206
https://duckduckgo.com/chrome_newtab
unknown
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
185.215.113.206
http://185.215.113.206/c4becf79229cb002.phpZ
unknown
https://duckduckgo.com/ac/?q=
unknown
http://185.215.113.206/
185.215.113.206
http://www.broofa.com
unknown
http://185.215.113.206/c4becf79229cb002.phph
unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
http://185.215.113.206/68b591d6548ec281/sqlite3.dll
185.215.113.206
https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
unknown
http://185.215.113.206/c4becf79229cb002.phpr
unknown
http://185.215.113.206/c4becf79229cb002.phpfox
unknown
http://185.215.113.206/c4becf79229cb002.phpation
unknown
http://185.215.113.206/68b591d6548ec281/freebl3.dll
185.215.113.206
http://185.215.113.206/c4becf79229cb002.php~
unknown
http://185.215.113.206D
unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dll
185.215.113.206
http://185.215.113.206/68b591d6548ec281/mozglue.dll
185.215.113.206
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
216.58.206.68
https://apis.google.com
unknown
https://domains.google.com/suggest/flow
unknown
http://www.sqlite.org/copyright.html.
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dlla
unknown
http://www.mozilla.com/en-US/blocklist/
unknown
https://mozilla.org0/
unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
unknown
http://185.215.113.206/c4becf79229cb002.phpSxS
unknown
http://185.215.113.206/tem
unknown
http://185.215.113.206/68b591d6548ec281/msvcp140.dll
185.215.113.206
http://185.215.113.206/c4becf79229cb002.php&
unknown
http://185.215.113.206/c4becf79229cb002.php
185.215.113.206
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
https://www.google.com/async/newtab_promos
216.58.206.68
https://www.ecosia.org/newtab/
unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
unknown
http://185.215.113.206/c4becf79229cb002.php2
unknown
http://185.215.113.206/68b591d6548ec281/softokn3.dllY
unknown
https://plus.google.com
unknown
http://185.215.113.206/c4becf79229cb002.php6
unknown
https://ac.ecosia.org/autocomplete?q=
unknown
https://www.google.com/async/ddljson?async=ntp:2
216.58.206.68
https://play.google.com/log?format=json&hasfast=true
142.250.186.46
http://185.215.113.206/c4becf79229cb002.php:
unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
216.58.206.68
http://185.215.113.206/68b591d6548ec281/sqlite3.dllO
unknown
https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
unknown
http://185.215.113.206/68b591d6548ec281/mozglue.dlle
unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
unknown
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
unknown
https://support.mozilla.org
unknown
http://185.215.113.206
unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
unknown
http://185.215.113.206/68b591d6548ec281/nss3.dllS
unknown
https://clients6.google.com
unknown
http://185.215.113.206/c4becf79229cb002.phpV
unknown
http://185.215.113.206c4becf79229cb002.php243a7dd15c52de126103ecf52f0e-release
unknown
There are 56 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
plus.l.google.com
142.250.185.238
play.google.com
142.250.186.46
www.google.com
216.58.206.68
apis.google.com
unknown

IPs

IP
Domain
Country
Malicious
192.168.2.5
unknown
unknown
malicious
185.215.113.206
unknown
Portugal
malicious
142.250.186.46
play.google.com
United States
216.58.206.68
www.google.com
United States
239.255.255.250
unknown
Reserved
127.0.0.1
unknown
unknown

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Left
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
Top
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
StatusCodes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
state
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
There are 3 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
Download
6F1000
unkown
page execute and read and write
malicious
F7E000
heap
page read and write
malicious
4B50000
direct allocation
page read and write
malicious
46D1000
heap
page read and write
5621000
heap
page read and write
6C4D1000
unkown
page execute read
46D1000
heap
page read and write
46D1000
heap
page read and write
5F4000
heap
page read and write
560C000
heap
page read and write
5F4000
heap
page read and write
5631000
heap
page read and write
BAE2000
heap
page read and write
5622000
heap
page read and write
BA40000
trusted library allocation
page read and write
31CE000
stack
page read and write
5F4000
heap
page read and write
5F4000
heap
page read and write
5607000
heap
page read and write
55E0000
heap
page read and write
37CF000
stack
page read and write
5631000
heap
page read and write
55DD000
stack
page read and write
46CF000
stack
page read and write
4B10000
trusted library allocation
page read and write
560D000
heap
page read and write
55FD000
heap
page read and write
6D0000
direct allocation
page read and write
2F4E000
stack
page read and write
394E000
stack
page read and write
550000
heap
page read and write
6C571000
unkown
page execute read
4F8E000
stack
page read and write
55FB000
heap
page read and write
46D1000
heap
page read and write
D75000
unkown
page execute and write copy
5F4000
heap
page read and write
FD7000
heap
page read and write
354F000
stack
page read and write
B727000
heap
page read and write
560B000
heap
page read and write
46D1000
heap
page read and write
BA3F000
stack
page read and write
5619000
heap
page read and write
46D1000
heap
page read and write
6D0000
direct allocation
page read and write
5F4000
heap
page read and write
5F4000
heap
page read and write
61ED0000
direct allocation
page read and write
5631000
heap
page read and write
5626000
heap
page read and write
46D1000
heap
page read and write
5F4000
heap
page read and write
560C000
heap
page read and write
5607000
heap
page read and write
290E000
stack
page read and write
6D0000
direct allocation
page read and write
4CC0000
direct allocation
page execute and read and write
102D000
heap
page read and write
3A4F000
stack
page read and write
3CCF000
stack
page read and write
5609000
heap
page read and write
5607000
heap
page read and write
3D0E000
stack
page read and write
46D1000
heap
page read and write
EFE000
stack
page read and write
5613000
heap
page read and write
4FE000
stack
page read and write
560C000
heap
page read and write
6D0000
direct allocation
page read and write
5610000
heap
page read and write
46D1000
heap
page read and write
5F4000
heap
page read and write
5F4000
heap
page read and write
561A000
heap
page read and write
6C750000
unkown
page read and write
560C000
heap
page read and write
4C90000
direct allocation
page execute and read and write
46D1000
heap
page read and write
561A000
heap
page read and write
F50000
direct allocation
page execute and read and write
5623000
heap
page read and write
F3E000
heap
page read and write
5631000
heap
page read and write
5615000
heap
page read and write
46D1000
heap
page read and write
5631000
heap
page read and write
562E000
heap
page read and write
5F4000
heap
page read and write
5F4000
heap
page read and write
55F2000
heap
page read and write
55FB000
heap
page read and write
2DCF000
stack
page read and write
E7F000
stack
page read and write
2A0F000
stack
page read and write
5710000
trusted library allocation
page read and write
5619000
heap
page read and write
561C000
heap
page read and write
41CF000
stack
page read and write
5F4000
heap
page read and write
46D8000
heap
page read and write
5610000
heap
page read and write
F60000
direct allocation
page execute and read and write
3F4F000
stack
page read and write
928000
unkown
page execute and read and write
61EB4000
direct allocation
page read and write
B7C0000
heap
page read and write
5615000
heap
page read and write
5613000
heap
page read and write
5621000
heap
page read and write
61ED4000
direct allocation
page readonly
6D0000
direct allocation
page read and write
F7A000
heap
page read and write
5622000
heap
page read and write
5623000
heap
page read and write
6C74F000
unkown
page write copy
46D1000
heap
page read and write
6D0000
direct allocation
page read and write
5615000
heap
page read and write
55F2000
heap
page read and write
55FA000
heap
page read and write
46D1000
heap
page read and write
5F4000
heap
page read and write
46D1000
heap
page read and write
4B10000
heap
page read and write
6C570000
unkown
page readonly
561A000
heap
page read and write
6D0000
direct allocation
page read and write
5612000
heap
page read and write
FB8000
heap
page read and write
308E000
stack
page read and write
B7C0000
trusted library allocation
page read and write
6D0000
direct allocation
page read and write
55F3000
heap
page read and write
560C000
heap
page read and write
5F0000
heap
page read and write
46D1000
heap
page read and write
5F4000
heap
page read and write
6C74E000
unkown
page read and write
5631000
heap
page read and write
534D000
stack
page read and write
5615000
heap
page read and write
560B000
heap
page read and write
5621000
heap
page read and write
5628000
heap
page read and write
2B8E000
stack
page read and write
434E000
stack
page read and write
5613000
heap
page read and write
5F4000
heap
page read and write
5F4000
heap
page read and write
560000
heap
page read and write
5F4000
heap
page read and write
560F000
heap
page read and write
5F4000
heap
page read and write
7A5000
unkown
page execute and read and write
5631000
heap
page read and write
380E000
stack
page read and write
46D1000
heap
page read and write
45CE000
stack
page read and write
46D1000
heap
page read and write
4CA0000
direct allocation
page execute and read and write
5F4000
heap
page read and write
560D000
heap
page read and write
5F4000
heap
page read and write
5615000
heap
page read and write
4730000
heap
page read and write
5631000
heap
page read and write
5F4000
heap
page read and write
5617000
heap
page read and write
55E6000
heap
page read and write
2B4F000
stack
page read and write
93A000
unkown
page write copy
561A000
heap
page read and write
5715000
heap
page read and write
5F4000
heap
page read and write
561A000
heap
page read and write
562A000
heap
page read and write
54DD000
stack
page read and write
774000
unkown
page execute and read and write
560F000
heap
page read and write
5615000
heap
page read and write
55FA000
heap
page read and write
5F4000
heap
page read and write
61E00000
direct allocation
page execute and read and write
BADD000
heap
page read and write
46D1000
heap
page read and write
3F8E000
stack
page read and write
46E0000
heap
page read and write
5615000
heap
page read and write
46D1000
heap
page read and write
560C000
heap
page read and write
FC0000
heap
page read and write
B684000
heap
page read and write
3BCE000
stack
page read and write
7C4000
unkown
page execute and read and write
5621000
heap
page read and write
46F0000
heap
page read and write
5623000
heap
page read and write
46D1000
heap
page read and write
5F4000
heap
page read and write
FC3000
heap
page read and write
390F000
stack
page read and write
61ECD000
direct allocation
page readonly
358E000
stack
page read and write
4F2000
stack
page read and write
340F000
stack
page read and write
5631000
heap
page read and write
46D1000
heap
page read and write
5631000
heap
page read and write
561B000
heap
page read and write
46D1000
heap
page read and write
46D1000
heap
page read and write
B7C0000
trusted library allocation
page read and write
46D1000
heap
page read and write
BDD000
unkown
page execute and write copy
46D1000
heap
page read and write
61ECC000
direct allocation
page read and write
857000
unkown
page execute and read and write
5615000
heap
page read and write
560F000
heap
page read and write
EBE000
stack
page read and write
5612000
heap
page read and write
55FB000
heap
page read and write
3E4E000
stack
page read and write
560D000
heap
page read and write
55FB000
heap
page read and write
B93E000
stack
page read and write
46D1000
heap
page read and write
5621000
heap
page read and write
46D1000
heap
page read and write
6F0000
unkown
page read and write
5F4000
heap
page read and write
330E000
stack
page read and write
46D1000
heap
page read and write
B7E0000
heap
page read and write
F70000
heap
page read and write
4E4E000
stack
page read and write
5615000
heap
page read and write
F10000
direct allocation
page read and write
5617000
heap
page read and write
B99000
unkown
page execute and read and write
2C8F000
stack
page read and write
46D1000
heap
page read and write
46D1000
heap
page read and write
46D1000
heap
page read and write
6C55E000
unkown
page read and write
318F000
stack
page read and write
46D1000
heap
page read and write
5615000
heap
page read and write
55F1000
heap
page read and write
5F4000
heap
page read and write
55F3000
heap
page read and write
32CF000
stack
page read and write
B8C0000
trusted library allocation
page read and write
F37000
heap
page read and write
560D000
heap
page read and write
46D1000
heap
page read and write
5631000
heap
page read and write
3B8F000
stack
page read and write
55F3000
heap
page read and write
5F4000
heap
page read and write
5623000
heap
page read and write
560F000
heap
page read and write
55FB000
heap
page read and write
5615000
heap
page read and write
5615000
heap
page read and write
5F4000
heap
page read and write
46D1000
heap
page read and write
5F4000
heap
page read and write
5622000
heap
page read and write
6D0000
direct allocation
page read and write
46D1000
heap
page read and write
5615000
heap
page read and write
46D1000
heap
page read and write
BCE000
unkown
page execute and read and write
4CB0000
direct allocation
page execute and read and write
55EF000
heap
page read and write
448E000
stack
page read and write
5621000
heap
page read and write
560C000
heap
page read and write
46D1000
heap
page read and write
4D0E000
stack
page read and write
50CE000
stack
page read and write
5F4000
heap
page read and write
5619000
heap
page read and write
46D1000
heap
page read and write
46D1000
heap
page read and write
5F4000
heap
page read and write
6C562000
unkown
page readonly
61EB7000
direct allocation
page readonly
420E000
stack
page read and write
BAE5000
heap
page read and write
2E0E000
stack
page read and write
FF3000
heap
page read and write
7C0000
unkown
page execute and read and write
5619000
heap
page read and write
6F0000
unkown
page readonly
5621000
heap
page read and write
BAEB000
heap
page read and write
61E01000
direct allocation
page execute read
B861000
heap
page read and write
5615000
heap
page read and write
46D1000
heap
page read and write
5615000
heap
page read and write
5623000
heap
page read and write
46D1000
heap
page read and write
51CF000
stack
page read and write
46D1000
heap
page read and write
55FB000
heap
page read and write
1EC000
stack
page read and write
F30000
heap
page read and write
6E0000
heap
page read and write
6D0000
direct allocation
page read and write
5615000
heap
page read and write
5615000
heap
page read and write
46D1000
heap
page read and write
AC1000
unkown
page execute and read and write
46D1000
heap
page read and write
61ED3000
direct allocation
page read and write
2CCE000
stack
page read and write
BC2000
unkown
page execute and read and write
F40000
direct allocation
page execute and read and write
6C4D0000
unkown
page readonly
368F000
stack
page read and write
5610000
heap
page read and write
5615000
heap
page read and write
46D1000
heap
page read and write
5619000
heap
page read and write
5CD000
stack
page read and write
520E000
stack
page read and write
3E0F000
stack
page read and write
4F8000
stack
page read and write
6D0000
direct allocation
page read and write
5615000
heap
page read and write
444F000
stack
page read and write
5631000
heap
page read and write
D74000
unkown
page execute and read and write
561B000
heap
page read and write
304F000
stack
page read and write
4B8C000
stack
page read and write
4F4F000
stack
page read and write
36CE000
stack
page read and write
6C70F000
unkown
page readonly
4E0F000
stack
page read and write
5F4000
heap
page read and write
6C755000
unkown
page readonly
5615000
heap
page read and write
46D1000
heap
page read and write
BDC000
unkown
page execute and read and write
4C90000
direct allocation
page execute and read and write
5612000
heap
page read and write
6D0000
direct allocation
page read and write
544D000
stack
page read and write
5621000
heap
page read and write
5621000
heap
page read and write
5F4000
heap
page read and write
4C8F000
stack
page read and write
46D1000
heap
page read and write
5615000
heap
page read and write
55FB000
heap
page read and write
5F4000
heap
page read and write
560E000
heap
page read and write
530C000
stack
page read and write
46D0000
heap
page read and write
5F4000
heap
page read and write
46D1000
heap
page read and write
5615000
heap
page read and write
F10000
direct allocation
page read and write
BADA000
heap
page read and write
5631000
heap
page read and write
562A000
heap
page read and write
46D1000
heap
page read and write
55F4000
heap
page read and write
5F4000
heap
page read and write
344E000
stack
page read and write
408F000
stack
page read and write
5631000
heap
page read and write
5615000
heap
page read and write
5615000
heap
page read and write
5631000
heap
page read and write
F3B000
heap
page read and write
6D0000
direct allocation
page read and write
55F1000
heap
page read and write
5614000
heap
page read and write
55FB000
heap
page read and write
93A000
unkown
page read and write
2A4C000
stack
page read and write
5F4000
heap
page read and write
46D1000
heap
page read and write
430F000
stack
page read and write
3A8E000
stack
page read and write
458F000
stack
page read and write
5F4000
heap
page read and write
2F0F000
stack
page read and write
93C000
unkown
page execute and read and write
560D000
heap
page read and write
BDC000
unkown
page execute and write copy
46D1000
heap
page read and write
508E000
stack
page read and write
560C000
heap
page read and write
5631000
heap
page read and write
5F4000
heap
page read and write
46D1000
heap
page read and write
40CE000
stack
page read and write
6C54D000
unkown
page readonly
5F4000
heap
page read and write
46D1000
heap
page read and write
5F4000
heap
page read and write
6D0000
direct allocation
page read and write
F10000
direct allocation
page read and write
46D1000
heap
page read and write
560F000
heap
page read and write
6F1000
unkown
page execute and write copy
There are 403 hidden memdumps, click here to show them.