Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
r0hiaXHscs.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Network\Downloader\edb.chk
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
MPEG-4 LOAS
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage engine DataBase, version 0x620, checksum 0xc3b679aa, page size 16384, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_r0h_31cb52ba2bf69c94e76619fce422511ad71911_684ed31a_155663d4\Report.wer
|
Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4C93.tmp.dmp
|
Mini DuMP crash report, 15 streams, Sat May 14 02:43:38 2022, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4F53.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER511A.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log
|
Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
|
modified
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\regsvr32.exe
|
regsvr32.exe /s C:\Users\user\Desktop\r0hiaXHscs.dll
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\r0hiaXHscs.dll",#1
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\r0hiaXHscs.dll,DllRegisterServer
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\r0hiaXHscs.dll,DllUnregisterServer
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\EjXLXGuvoI\eGzQUTT.dll"
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
|
|
|
|
C:\Windows\System32\svchost.exe
|
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
|
|
|
|
C:\Windows\System32\svchost.exe
|
c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k NetworkService -p
|
|
|
|
C:\Windows\System32\svchost.exe
|
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
|
|
|
|
C:\Windows\System32\svchost.exe
|
c:\windows\system32\svchost.exe -k unistacksvcgroup
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p
|
|
|
|
C:\Windows\System32\loaddll64.exe
|
loaddll64.exe "C:\Users\user\Desktop\r0hiaXHscs.dll"
|
||
|
C:\Windows\System32\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\r0hiaXHscs.dll",#1
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 3472 -s 328
|
||
|
C:\Windows\System32\SgrmBroker.exe
|
C:\Windows\system32\SgrmBroker.exe
|
||
|
C:\Program Files\Windows Defender\MpCmdRun.exe
|
"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 12 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://23.239.0.12/1y
|
unknown
|
|
|
|
https://23.239.0.12/e
|
unknown
|
|
|
|
https://23.239.0.12/
|
23.239.0.12
|
|
|
|
https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
|
unknown
|
||
|
https://www.disneyplus.com/legal/your-california-privacy-rights
|
unknown
|
||
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=
|
unknown
|
||
|
https://dev.ditu.live.com/REST/v1/Routes/
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Routes/Driving
|
unknown
|
||
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
|
unknown
|
||
|
https://dev.ditu.live.com/REST/v1/Transit/Stops/
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Routes/
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Traffic/Incidents/
|
unknown
|
||
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Routes/Walking
|
unknown
|
||
|
http://crl.ver)
|
unknown
|
||
|
https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
|
unknown
|
||
|
https://www.tiktok.com/legal/report/feedback
|
unknown
|
||
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
|
unknown
|
||
|
https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=
|
unknown
|
||
|
https://%s.xboxlive.com
|
unknown
|
||
|
https://dev.ditu.live.com/mapcontrol/mapconfiguration.ashx?name=native&v=
|
unknown
|
||
|
https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v=
|
unknown
|
||
|
https://dev.virtualearth.net/mapcontrol/logging.ashx
|
unknown
|
||
|
https://support.hotspotshield.com/
|
unknown
|
||
|
https://dev.ditu.live.com/mapcontrol/logging.ashx
|
unknown
|
||
|
https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
|
unknown
|
||
|
https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?entry=
|
unknown
|
||
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
|
unknown
|
||
|
https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
|
unknown
|
||
|
https://www.disneyplus.com/legal/privacy-policy
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/JsonFilter/VenueMaps/data/
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Transit/Schedules/
|
unknown
|
||
|
https://dynamic.t
|
unknown
|
||
|
https://t0.tiles.ditu.live.com/tiles/gensv=msv7
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Routes/Transit
|
unknown
|
||
|
https://www.hotspotshield.com/terms/
|
unknown
|
||
|
https://www.pango.co/privacy
|
unknown
|
||
|
https://disneyplus.com/legal.
|
unknown
|
||
|
https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
|
unknown
|
||
|
https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
|
unknown
|
||
|
https://activity.windows.com
|
unknown
|
||
|
http://www.bingmapsportal.com
|
unknown
|
||
|
https://dev.ditu.live.com/REST/v1/Locations
|
unknown
|
||
|
http://help.disneyplus.com.
|
unknown
|
||
|
https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
|
unknown
|
||
|
https://%s.dnet.xboxlive.com
|
unknown
|
||
|
https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
|
unknown
|
There are 37 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
23.239.0.12
|
unknown
|
United States
|
|
|
|
192.168.2.1
|
unknown
|
unknown
|
||
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
|
cval
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
|
cval
|
|
|
|
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProgramId
|
||
|
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
FileId
|
||
|
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LongPathHash
|
||
|
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Name
|
||
|
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Publisher
|
||
|
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Version
|
||
|
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinFileVersion
|
||
|
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinaryType
|
||
|
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductName
|
||
|
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductVersion
|
||
|
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LinkDate
|
||
|
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinProductVersion
|
||
|
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Size
|
||
|
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Language
|
||
|
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsPeFile
|
||
|
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsOsComponent
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
00184006417502B9
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f1\52C64B7E
|
@%SystemRoot%\System32\ci.dll,-100
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f1\52C64B7E
|
@%SystemRoot%\System32\ci.dll,-101
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f1\52C64B7E
|
@%SystemRoot%\system32\dnsapi.dll,-103
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f1\52C64B7E
|
@%SystemRoot%\System32\fveui.dll,-843
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f1\52C64B7E
|
@%SystemRoot%\System32\fveui.dll,-844
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f1\52C64B7E
|
@%SystemRoot%\System32\wuaueng.dll,-400
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f1\52C64B7E
|
@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f1\52C64B7E
|
@%SystemRoot%\system32\NgcRecovery.dll,-100
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage
|
MonthID
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
There are 24 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
251A69B0000
|
direct allocation
|
page execute and read and write
|
|
|
|
251A69B0000
|
direct allocation
|
page execute and read and write
|
|
|
|
1F647070000
|
direct allocation
|
page execute and read and write
|
|
|
|
570000
|
direct allocation
|
page execute and read and write
|
|
|
|
14B0000
|
direct allocation
|
page execute and read and write
|
|
|
|
1A62C2D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
251A69B0000
|
direct allocation
|
page execute and read and write
|
|
|
|
251A6930000
|
heap
|
page read and write
|
||
|
581AB7D000
|
stack
|
page read and write
|
||
|
7FFFE2329000
|
unkown
|
page readonly
|
||
|
1BA18BC0000
|
heap
|
page read and write
|
||
|
1585BE6B000
|
heap
|
page read and write
|
||
|
1585BE61000
|
heap
|
page read and write
|
||
|
2249BEC0000
|
heap
|
page read and write
|
||
|
4F1000
|
heap
|
page read and write
|
||
|
2C4C5C91000
|
heap
|
page read and write
|
||
|
4DEB5FF000
|
stack
|
page read and write
|
||
|
18C13B00000
|
heap
|
page read and write
|
||
|
3EDFDD5000
|
stack
|
page read and write
|
||
|
251A67D0000
|
heap
|
page read and write
|
||
|
581AFFC000
|
stack
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page readonly
|
||
|
1585BE84000
|
heap
|
page read and write
|
||
|
1BA18B7C000
|
heap
|
page read and write
|
||
|
1F945C60000
|
trusted library allocation
|
page read and write
|
||
|
581B0FF000
|
stack
|
page read and write
|
||
|
224F2784000
|
heap
|
page read and write
|
||
|
259C628A000
|
heap
|
page read and write
|
||
|
1F945993000
|
heap
|
page read and write
|
||
|
259C6020000
|
heap
|
page read and write
|
||
|
1BA19002000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page readonly
|
||
|
F0000
|
remote allocation
|
page read and write
|
||
|
3EE027E000
|
stack
|
page read and write
|
||
|
1BA18B8D000
|
heap
|
page read and write
|
||
|
251A69E0000
|
heap
|
page readonly
|
||
|
7FFFE2326000
|
unkown
|
page read and write
|
||
|
1F9469A0000
|
trusted library allocation
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
259C6030000
|
heap
|
page read and write
|
||
|
1E1557B000
|
stack
|
page read and write
|
||
|
144B383D000
|
heap
|
page read and write
|
||
|
1FE0000
|
remote allocation
|
page read and write
|
||
|
27B86B00000
|
heap
|
page read and write
|
||
|
1BA18B85000
|
heap
|
page read and write
|
||
|
2840B390000
|
heap
|
page read and write
|
||
|
27B86B60000
|
heap
|
page read and write
|
||
|
CD618FF000
|
stack
|
page read and write
|
||
|
251A8490000
|
heap
|
page read and write
|
||
|
2840B424000
|
heap
|
page read and write
|
||
|
2840B4E3000
|
heap
|
page read and write
|
||
|
2C4CB0E0000
|
trusted library allocation
|
page read and write
|
||
|
1BA18029000
|
heap
|
page read and write
|
||
|
1F9459BF000
|
heap
|
page read and write
|
||
|
2C4CB390000
|
trusted library allocation
|
page read and write
|
||
|
1585BE7B000
|
heap
|
page read and write
|
||
|
251A6980000
|
heap
|
page read and write
|
||
|
1FE0000
|
remote allocation
|
page read and write
|
||
|
5C4000
|
heap
|
page read and write
|
||
|
1BA18B97000
|
heap
|
page read and write
|
||
|
13035053000
|
heap
|
page read and write
|
||
|
A1FA67D000
|
stack
|
page read and write
|
||
|
27B86C71000
|
heap
|
page read and write
|
||
|
1BA18116000
|
heap
|
page read and write
|
||
|
1E1527B000
|
stack
|
page read and write
|
||
|
2C4CB3C0000
|
trusted library allocation
|
page read and write
|
||
|
2C4CB3B0000
|
trusted library allocation
|
page read and write
|
||
|
2C4C63F3000
|
trusted library allocation
|
page read and write
|
||
|
18C13A4C000
|
heap
|
page read and write
|
||
|
2C4C6500000
|
heap
|
page read and write
|
||
|
1585BE31000
|
heap
|
page read and write
|
||
|
4DEB6FF000
|
stack
|
page read and write
|
||
|
1585BE6D000
|
heap
|
page read and write
|
||
|
2C4CB3E0000
|
remote allocation
|
page read and write
|
||
|
1F945C55000
|
heap
|
page read and write
|
||
|
18C139A0000
|
trusted library allocation
|
page read and write
|
||
|
18C13A29000
|
heap
|
page read and write
|
||
|
2C4C5C6F000
|
heap
|
page read and write
|
||
|
A1FA27C000
|
stack
|
page read and write
|
||
|
1F945900000
|
heap
|
page read and write
|
||
|
1BA18B83000
|
heap
|
page read and write
|
||
|
1E1587F000
|
stack
|
page read and write
|
||
|
CD616FF000
|
stack
|
page read and write
|
||
|
4A1000
|
heap
|
page read and write
|
||
|
27B87602000
|
trusted library allocation
|
page read and write
|
||
|
AC590DB000
|
stack
|
page read and write
|
||
|
1320000
|
heap
|
page read and write
|
||
|
224F2756000
|
heap
|
page read and write
|
||
|
1BA18B4A000
|
heap
|
page read and write
|
||
|
5A0000
|
heap
|
page readonly
|
||
|
251A6A20000
|
heap
|
page read and write
|
||
|
251A69E0000
|
heap
|
page readonly
|
||
|
17023C00000
|
heap
|
page read and write
|
||
|
1A62C0FE000
|
heap
|
page read and write
|
||
|
1BA18B8E000
|
heap
|
page read and write
|
||
|
251A8300000
|
heap
|
page read and write
|
||
|
3EE017E000
|
stack
|
page read and write
|
||
|
2249C029000
|
heap
|
page read and write
|
||
|
13C2000
|
heap
|
page read and write
|
||
|
2C4CB3D0000
|
trusted library allocation
|
page read and write
|
||
|
251A6A25000
|
heap
|
page read and write
|
||
|
259C7E00000
|
trusted library allocation
|
page read and write
|
||
|
1F945C10000
|
trusted library allocation
|
page read and write
|
||
|
2C4CB49F000
|
heap
|
page read and write
|
||
|
FA6689C000
|
stack
|
page read and write
|
||
|
251A67D0000
|
unkown
|
page read and write
|
||
|
1F645758000
|
heap
|
page read and write
|
||
|
1F9459B7000
|
heap
|
page read and write
|
||
|
18C13A4E000
|
heap
|
page read and write
|
||
|
251A82F0000
|
remote allocation
|
page read and write
|
||
|
FA6757A000
|
stack
|
page read and write
|
||
|
1BA18051000
|
heap
|
page read and write
|
||
|
899B07F000
|
stack
|
page read and write
|
||
|
224F2751000
|
heap
|
page read and write
|
||
|
13035108000
|
heap
|
page read and write
|
||
|
13035000000
|
heap
|
page read and write
|
||
|
251A6910000
|
heap
|
page read and write
|
||
|
1384000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page read and write
|
||
|
18C13A5E000
|
heap
|
page read and write
|
||
|
7FFFE22D0000
|
unkown
|
page readonly
|
||
|
224F2690000
|
heap
|
page read and write
|
||
|
1585BE49000
|
heap
|
page read and write
|
||
|
2840B502000
|
heap
|
page read and write
|
||
|
1585BE3E000
|
heap
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page readonly
|
||
|
4FC000
|
heap
|
page read and write
|
||
|
251A6930000
|
heap
|
page read and write
|
||
|
2249BF60000
|
trusted library allocation
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page readonly
|
||
|
18C13A53000
|
heap
|
page read and write
|
||
|
DA2B5F9000
|
stack
|
page read and write
|
||
|
1420000
|
heap
|
page read and write
|
||
|
DA2B579000
|
stack
|
page read and write
|
||
|
1BA18B8D000
|
heap
|
page read and write
|
||
|
1480000
|
direct allocation
|
page execute and read and write
|
||
|
2249BF90000
|
remote allocation
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
46B000
|
heap
|
page read and write
|
||
|
2C4CB0F0000
|
trusted library allocation
|
page read and write
|
||
|
4DEB2FD000
|
stack
|
page read and write
|
||
|
2249C002000
|
heap
|
page read and write
|
||
|
2C4C5C77000
|
heap
|
page read and write
|
||
|
14BB8FD000
|
stack
|
page read and write
|
||
|
1A62DD00000
|
heap
|
page read and write
|
||
|
2640000
|
heap
|
page read and write
|
||
|
E7AF1EC000
|
stack
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
2840B513000
|
heap
|
page read and write
|
||
|
1BA19002000
|
heap
|
page read and write
|
||
|
17023C02000
|
heap
|
page read and write
|
||
|
FA66E7A000
|
stack
|
page read and write
|
||
|
2249C000000
|
heap
|
page read and write
|
||
|
2C4CB350000
|
trusted library allocation
|
page read and write
|
||
|
1BA18113000
|
heap
|
page read and write
|
||
|
2C4C5C3D000
|
heap
|
page read and write
|
||
|
18C13A8C000
|
heap
|
page read and write
|
||
|
C21B7F000
|
stack
|
page read and write
|
||
|
321C000
|
stack
|
page read and write
|
||
|
1BA18B89000
|
heap
|
page read and write
|
||
|
251A69A0000
|
direct allocation
|
page execute and read and write
|
||
|
FA6777F000
|
stack
|
page read and write
|
||
|
18C13A5E000
|
heap
|
page read and write
|
||
|
52F000
|
heap
|
page read and write
|
||
|
259C6213000
|
heap
|
page read and write
|
||
|
17023C29000
|
heap
|
page read and write
|
||
|
201F103C000
|
heap
|
page read and write
|
||
|
899ADF5000
|
stack
|
page read and write
|
||
|
24BF000
|
stack
|
page read and write
|
||
|
9D3FBFE000
|
stack
|
page read and write
|
||
|
224F2786000
|
heap
|
page read and write
|
||
|
201F0F30000
|
heap
|
page read and write
|
||
|
9D3FEFB000
|
stack
|
page read and write
|
||
|
2C4C70E0000
|
trusted library allocation
|
page read and write
|
||
|
13034E80000
|
heap
|
page read and write
|
||
|
1BA18013000
|
heap
|
page read and write
|
||
|
1585BE13000
|
heap
|
page read and write
|
||
|
1BA18B3A000
|
heap
|
page read and write
|
||
|
32CE000
|
stack
|
page read and write
|
||
|
1BA180E3000
|
heap
|
page read and write
|
||
|
899B17E000
|
stack
|
page read and write
|
||
|
251A6A25000
|
heap
|
page read and write
|
||
|
263F000
|
stack
|
page read and write
|
||
|
2C4C6415000
|
heap
|
page read and write
|
||
|
27B86C29000
|
heap
|
page read and write
|
||
|
CC61EFE000
|
stack
|
page read and write
|
||
|
18C13A90000
|
heap
|
page read and write
|
||
|
2C4CB170000
|
trusted library allocation
|
page read and write
|
||
|
9D4037E000
|
stack
|
page read and write
|
||
|
1BA18B98000
|
heap
|
page read and write
|
||
|
2840B400000
|
heap
|
page read and write
|
||
|
259C6275000
|
heap
|
page read and write
|
||
|
224F2560000
|
heap
|
page read and write
|
||
|
E7AF4FE000
|
stack
|
page read and write
|
||
|
581ADFB000
|
stack
|
page read and write
|
||
|
1F6457AB000
|
heap
|
page read and write
|
||
|
2C4CB4EA000
|
heap
|
page read and write
|
||
|
1BA180AA000
|
heap
|
page read and write
|
||
|
CC61EFE000
|
stack
|
page read and write
|
||
|
FA66F7B000
|
stack
|
page read and write
|
||
|
4CC000
|
heap
|
page read and write
|
||
|
1585BE66000
|
heap
|
page read and write
|
||
|
2C4C5C74000
|
heap
|
page read and write
|
||
|
1585C802000
|
trusted library allocation
|
page read and write
|
||
|
650000
|
trusted library allocation
|
page read and write
|
||
|
1BA18BD0000
|
heap
|
page read and write
|
||
|
1BA18B83000
|
heap
|
page read and write
|
||
|
2C4C5CFD000
|
heap
|
page read and write
|
||
|
1BA18B7C000
|
heap
|
page read and write
|
||
|
224F2767000
|
heap
|
page read and write
|
||
|
1E1547B000
|
stack
|
page read and write
|
||
|
1F645890000
|
heap
|
page read and write
|
||
|
17024602000
|
trusted library allocation
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page readonly
|
||
|
4CC000
|
heap
|
page read and write
|
||
|
2C4CB6D0000
|
trusted library allocation
|
page read and write
|
||
|
259C61E0000
|
remote allocation
|
page read and write
|
||
|
1A62C10D000
|
heap
|
page read and write
|
||
|
1BA18B5F000
|
heap
|
page read and write
|
||
|
FA26379000
|
stack
|
page read and write
|
||
|
17023C52000
|
heap
|
page read and write
|
||
|
CC61E7F000
|
stack
|
page read and write
|
||
|
2840B466000
|
heap
|
page read and write
|
||
|
7FFFE2322000
|
unkown
|
page readonly
|
||
|
1BA18BA8000
|
heap
|
page read and write
|
||
|
7FFFE2326000
|
unkown
|
page read and write
|
||
|
1585BE64000
|
heap
|
page read and write
|
||
|
1BA18B8F000
|
heap
|
page read and write
|
||
|
1E1577E000
|
stack
|
page read and write
|
||
|
201F1058000
|
heap
|
page read and write
|
||
|
2C4C5D07000
|
heap
|
page read and write
|
||
|
1BA18B97000
|
heap
|
page read and write
|
||
|
1585BE2F000
|
heap
|
page read and write
|
||
|
224F26B0000
|
heap
|
page read and write
|
||
|
1BA18B8D000
|
heap
|
page read and write
|
||
|
52F000
|
heap
|
page read and write
|
||
|
2840B4CA000
|
heap
|
page read and write
|
||
|
2C4C63F0000
|
trusted library allocation
|
page read and write
|
||
|
224F276E000
|
heap
|
page read and write
|
||
|
1BA18B98000
|
heap
|
page read and write
|
||
|
1BA18B8F000
|
heap
|
page read and write
|
||
|
251A8490000
|
heap
|
page read and write
|
||
|
1BA1804B000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page read and write
|
||
|
251A8300000
|
heap
|
page read and write
|
||
|
2C4C6518000
|
heap
|
page read and write
|
||
|
1A62DD04000
|
heap
|
page read and write
|
||
|
1F945890000
|
heap
|
page read and write
|
||
|
680000
|
heap
|
page read and write
|
||
|
1BA19002000
|
heap
|
page read and write
|
||
|
1F945970000
|
heap
|
page read and write
|
||
|
1BA1804E000
|
heap
|
page read and write
|
||
|
1F6458C5000
|
heap
|
page read and write
|
||
|
27B86C13000
|
heap
|
page read and write
|
||
|
1363000
|
heap
|
page read and write
|
||
|
E7AF47E000
|
stack
|
page read and write
|
||
|
1BA19002000
|
heap
|
page read and write
|
||
|
1A62C3D0000
|
heap
|
page read and write
|
||
|
201F1000000
|
heap
|
page read and write
|
||
|
1303505E000
|
heap
|
page read and write
|
||
|
2C4CB6F0000
|
trusted library allocation
|
page read and write
|
||
|
1BA18084000
|
heap
|
page read and write
|
||
|
224F2740000
|
heap
|
page read and write
|
||
|
1A62C300000
|
heap
|
page readonly
|
||
|
9D3FB7F000
|
stack
|
page read and write
|
||
|
18C13A00000
|
heap
|
page read and write
|
||
|
1585BE69000
|
heap
|
page read and write
|
||
|
144B3830000
|
heap
|
page read and write
|
||
|
1BA17F10000
|
heap
|
page read and write
|
||
|
1BA1804C000
|
heap
|
page read and write
|
||
|
2C4CB3E0000
|
remote allocation
|
page read and write
|
||
|
2C4CB3A0000
|
trusted library allocation
|
page read and write
|
||
|
1A62C0F2000
|
heap
|
page read and write
|
||
|
224F2763000
|
heap
|
page read and write
|
||
|
1BA180AF000
|
heap
|
page read and write
|
||
|
259C6259000
|
heap
|
page read and write
|
||
|
1A62BFF0000
|
heap
|
page read and write
|
||
|
2C4CB502000
|
heap
|
page read and write
|
||
|
1F9459DF000
|
heap
|
page read and write
|
||
|
2249BF90000
|
remote allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
136E000
|
heap
|
page read and write
|
||
|
2249BED0000
|
heap
|
page read and write
|
||
|
2C4C5C13000
|
heap
|
page read and write
|
||
|
1BA180EE000
|
heap
|
page read and write
|
||
|
1BA18B7C000
|
heap
|
page read and write
|
||
|
259C6300000
|
heap
|
page read and write
|
||
|
2249C05C000
|
heap
|
page read and write
|
||
|
1585BE46000
|
heap
|
page read and write
|
||
|
251A8490000
|
heap
|
page read and write
|
||
|
7FFFE2322000
|
unkown
|
page readonly
|
||
|
27B86D13000
|
heap
|
page read and write
|
||
|
581B1FF000
|
stack
|
page read and write
|
||
|
7FFFE22D1000
|
unkown
|
page execute read
|
||
|
17023D02000
|
heap
|
page read and write
|
||
|
2C4CB43D000
|
heap
|
page read and write
|
||
|
2DDF000
|
stack
|
page read and write
|
||
|
1585BE62000
|
heap
|
page read and write
|
||
|
CC61E7F000
|
stack
|
page read and write
|
||
|
899B1FF000
|
stack
|
page read and write
|
||
|
251A82F0000
|
remote allocation
|
page read and write
|
||
|
1FE0000
|
remote allocation
|
page read and write
|
||
|
1BA17F00000
|
heap
|
page read and write
|
||
|
224F2766000
|
heap
|
page read and write
|
||
|
2C4C6502000
|
heap
|
page read and write
|
||
|
259C61B0000
|
trusted library allocation
|
page read and write
|
||
|
27B86C7E000
|
heap
|
page read and write
|
||
|
FA25F9F000
|
stack
|
page read and write
|
||
|
201F1013000
|
heap
|
page read and write
|
||
|
259C6227000
|
heap
|
page read and write
|
||
|
FA6717B000
|
stack
|
page read and write
|
||
|
251A6910000
|
heap
|
page read and write
|
||
|
4A1000
|
heap
|
page read and write
|
||
|
2C4C5CAC000
|
heap
|
page read and write
|
||
|
7FFFE2326000
|
unkown
|
page read and write
|
||
|
AC5987E000
|
stack
|
page read and write
|
||
|
2C4CB370000
|
trusted library allocation
|
page read and write
|
||
|
1F946960000
|
trusted library allocation
|
page read and write
|
||
|
259C6264000
|
heap
|
page read and write
|
||
|
1BA188D0000
|
remote allocation
|
page read and write
|
||
|
259C6313000
|
heap
|
page read and write
|
||
|
2840B486000
|
heap
|
page read and write
|
||
|
1BA18B91000
|
heap
|
page read and write
|
||
|
2840B4C3000
|
heap
|
page read and write
|
||
|
1585BE4E000
|
heap
|
page read and write
|
||
|
1BA180C7000
|
heap
|
page read and write
|
||
|
259C6259000
|
heap
|
page read and write
|
||
|
CD614FB000
|
stack
|
page read and write
|
||
|
2C4C70C1000
|
trusted library allocation
|
page read and write
|
||
|
13035802000
|
trusted library allocation
|
page read and write
|
||
|
17023C78000
|
heap
|
page read and write
|
||
|
1490000
|
heap
|
page readonly
|
||
|
C216FE000
|
stack
|
page read and write
|
||
|
1585BF02000
|
heap
|
page read and write
|
||
|
4FC000
|
heap
|
page read and write
|
||
|
1BA18B9F000
|
heap
|
page read and write
|
||
|
CC61E7F000
|
stack
|
page read and write
|
||
|
1BA18B7C000
|
heap
|
page read and write
|
||
|
A1FA57F000
|
stack
|
page read and write
|
||
|
2249C102000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
1585BE3C000
|
heap
|
page read and write
|
||
|
1BA1805A000
|
heap
|
page read and write
|
||
|
7FFFE22D0000
|
unkown
|
page readonly
|
||
|
1A62C0C8000
|
heap
|
page read and write
|
||
|
CD60E7B000
|
stack
|
page read and write
|
||
|
18C13A49000
|
heap
|
page read and write
|
||
|
1BA18A02000
|
heap
|
page read and write
|
||
|
9D40478000
|
stack
|
page read and write
|
||
|
52F000
|
heap
|
page read and write
|
||
|
1F645894000
|
heap
|
page read and write
|
||
|
2C4C5D02000
|
heap
|
page read and write
|
||
|
251A6A20000
|
heap
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page readonly
|
||
|
1F946750000
|
trusted library allocation
|
page read and write
|
||
|
2C4CB350000
|
trusted library allocation
|
page read and write
|
||
|
1BA18BB0000
|
heap
|
page read and write
|
||
|
12F0000
|
heap
|
page read and write
|
||
|
7FFFE2329000
|
unkown
|
page readonly
|
||
|
201F1100000
|
heap
|
page read and write
|
||
|
FE4000
|
stack
|
page read and write
|
||
|
251A69A0000
|
direct allocation
|
page execute and read and write
|
||
|
1BA1803C000
|
heap
|
page read and write
|
||
|
1BA180B4000
|
heap
|
page read and write
|
||
|
A1FA2FC000
|
stack
|
page read and write
|
||
|
C21A7F000
|
stack
|
page read and write
|
||
|
2C4CB461000
|
heap
|
page read and write
|
||
|
460000
|
heap
|
page read and write
|
||
|
1500000
|
heap
|
page read and write
|
||
|
DA2B67E000
|
stack
|
page read and write
|
||
|
4DEAC7B000
|
stack
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page readonly
|
||
|
4FC000
|
heap
|
page read and write
|
||
|
1A62C0EC000
|
heap
|
page read and write
|
||
|
1BA18BC3000
|
heap
|
page read and write
|
||
|
251A69A0000
|
direct allocation
|
page execute and read and write
|
||
|
13A5000
|
heap
|
page read and write
|
||
|
7FFFE2326000
|
unkown
|
page read and write
|
||
|
A1FA4FE000
|
stack
|
page read and write
|
||
|
224F2965000
|
heap
|
page read and write
|
||
|
25BE000
|
stack
|
page read and write
|
||
|
FA263FF000
|
stack
|
page read and write
|
||
|
2C4C5C29000
|
heap
|
page read and write
|
||
|
2C4CB500000
|
heap
|
page read and write
|
||
|
2C4C5C9D000
|
heap
|
page read and write
|
||
|
E7AF877000
|
stack
|
page read and write
|
||
|
251A69E0000
|
heap
|
page readonly
|
||
|
1BA18BCE000
|
heap
|
page read and write
|
||
|
1504000
|
heap
|
page read and write
|
||
|
1BA18B6B000
|
heap
|
page read and write
|
||
|
2C4C6400000
|
heap
|
page read and write
|
||
|
2C4CB41D000
|
heap
|
page read and write
|
||
|
1BA18B8D000
|
heap
|
page read and write
|
||
|
CC61EFE000
|
stack
|
page read and write
|
||
|
13035065000
|
heap
|
page read and write
|
||
|
2C4C5D26000
|
heap
|
page read and write
|
||
|
9D40277000
|
stack
|
page read and write
|
||
|
1585BCF0000
|
heap
|
page read and write
|
||
|
1BA18B7C000
|
heap
|
page read and write
|
||
|
7FFFE2329000
|
unkown
|
page readonly
|
||
|
DA2B12B000
|
stack
|
page read and write
|
||
|
251A6A30000
|
heap
|
page read and write
|
||
|
1BA18B84000
|
heap
|
page read and write
|
||
|
2C4CB2B0000
|
trusted library allocation
|
page read and write
|
||
|
2C4CB4A3000
|
heap
|
page read and write
|
||
|
2C4C5C9B000
|
heap
|
page read and write
|
||
|
7FFFE22D1000
|
unkown
|
page execute read
|
||
|
27B86D00000
|
heap
|
page read and write
|
||
|
4DEAE7A000
|
stack
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page readonly
|
||
|
581AA7B000
|
stack
|
page read and write
|
||
|
7FFFE22D0000
|
unkown
|
page readonly
|
||
|
251A6910000
|
heap
|
page read and write
|
||
|
1BA18B8D000
|
heap
|
page read and write
|
||
|
27B86AF0000
|
heap
|
page read and write
|
||
|
1F945C59000
|
heap
|
page read and write
|
||
|
DA2B6FB000
|
stack
|
page read and write
|
||
|
2C4C6402000
|
heap
|
page read and write
|
||
|
2840B4B9000
|
heap
|
page read and write
|
||
|
1BA1808A000
|
heap
|
page read and write
|
||
|
2C4CB2A0000
|
trusted library allocation
|
page read and write
|
||
|
1F2E000
|
stack
|
page read and write
|
||
|
259C6090000
|
heap
|
page read and write
|
||
|
1F64579E000
|
heap
|
page read and write
|
||
|
253F000
|
stack
|
page read and write
|
||
|
2C4CB288000
|
trusted library allocation
|
page read and write
|
||
|
2C4CB2C4000
|
trusted library allocation
|
page read and write
|
||
|
18C14202000
|
trusted library allocation
|
page read and write
|
||
|
2C4C6559000
|
heap
|
page read and write
|
||
|
FA66CF7000
|
stack
|
page read and write
|
||
|
1BA188D0000
|
remote allocation
|
page read and write
|
||
|
1585BE32000
|
heap
|
page read and write
|
||
|
13035013000
|
heap
|
page read and write
|
||
|
18C13830000
|
heap
|
page read and write
|
||
|
F0000
|
remote allocation
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page read and write
|
||
|
259C7BA0000
|
trusted library allocation
|
page read and write
|
||
|
2C4CB4F4000
|
heap
|
page read and write
|
||
|
1BA18050000
|
heap
|
page read and write
|
||
|
FA2627F000
|
stack
|
page read and write
|
||
|
49D000
|
heap
|
page read and write
|
||
|
1585BE42000
|
heap
|
page read and write
|
||
|
201F0F20000
|
heap
|
page read and write
|
||
|
1BA18BB5000
|
heap
|
page read and write
|
||
|
2C4C5D14000
|
heap
|
page read and write
|
||
|
2840BE02000
|
heap
|
page read and write
|
||
|
17023C67000
|
heap
|
page read and write
|
||
|
259C61E0000
|
remote allocation
|
page read and write
|
||
|
2840B330000
|
heap
|
page read and write
|
||
|
2C4CB2C0000
|
trusted library allocation
|
page read and write
|
||
|
2840B46D000
|
heap
|
page read and write
|
||
|
FA6707F000
|
stack
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page readonly
|
||
|
1A62C060000
|
heap
|
page read and write
|
||
|
2C4CB2A4000
|
trusted library allocation
|
page read and write
|
||
|
899B0FF000
|
stack
|
page read and write
|
||
|
319E000
|
stack
|
page read and write
|
||
|
7FFFE2326000
|
unkown
|
page read and write
|
||
|
7FFFE22D0000
|
unkown
|
page readonly
|
||
|
2C4CB2B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFFE2329000
|
unkown
|
page readonly
|
||
|
2C4C5C79000
|
heap
|
page read and write
|
||
|
1F945C50000
|
heap
|
page read and write
|
||
|
158F000
|
stack
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
2840B3C0000
|
trusted library allocation
|
page read and write
|
||
|
15B0000
|
heap
|
page read and write
|
||
|
CD615FC000
|
stack
|
page read and write
|
||
|
AC5977F000
|
stack
|
page read and write
|
||
|
259C61E0000
|
remote allocation
|
page read and write
|
||
|
7FFFE2326000
|
unkown
|
page read and write
|
||
|
224F2772000
|
heap
|
page read and write
|
||
|
1BA18B83000
|
heap
|
page read and write
|
||
|
400000
|
heap
|
page read and write
|
||
|
1BA18B7D000
|
heap
|
page read and write
|
||
|
2C4C5C8D000
|
heap
|
page read and write
|
||
|
7FFFE22D0000
|
unkown
|
page readonly
|
||
|
1585BD90000
|
trusted library allocation
|
page read and write
|
||
|
1303502C000
|
heap
|
page read and write
|
||
|
2C4C5C00000
|
heap
|
page read and write
|
||
|
27B86C8C000
|
heap
|
page read and write
|
||
|
224F2756000
|
heap
|
page read and write
|
||
|
27B86D08000
|
heap
|
page read and write
|
||
|
1585BE44000
|
heap
|
page read and write
|
||
|
581AEF7000
|
stack
|
page read and write
|
||
|
2C4C5C9D000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
251A6A38000
|
heap
|
page read and write
|
||
|
224F2772000
|
heap
|
page read and write
|
||
|
13035082000
|
heap
|
page read and write
|
||
|
1BA18B95000
|
heap
|
page read and write
|
||
|
560000
|
direct allocation
|
page execute and read and write
|
||
|
2C4CB280000
|
trusted library allocation
|
page read and write
|
||
|
650000
|
trusted library allocation
|
page read and write
|
||
|
18C13A70000
|
heap
|
page read and write
|
||
|
201F107B000
|
heap
|
page read and write
|
||
|
1F945977000
|
heap
|
page read and write
|
||
|
2840B320000
|
heap
|
page read and write
|
||
|
1BA19000000
|
heap
|
page read and write
|
||
|
4C9000
|
heap
|
page read and write
|
||
|
1BA180F6000
|
heap
|
page read and write
|
||
|
27B86C54000
|
heap
|
page read and write
|
||
|
1A62C3D5000
|
heap
|
page read and write
|
||
|
1BA18B13000
|
heap
|
page read and write
|
||
|
201F1102000
|
heap
|
page read and write
|
||
|
FA26478000
|
stack
|
page read and write
|
||
|
1585BE47000
|
heap
|
page read and write
|
||
|
3EE01FE000
|
stack
|
page read and write
|
||
|
1BA18B8E000
|
heap
|
page read and write
|
||
|
2840B4E0000
|
heap
|
page read and write
|
||
|
2249C040000
|
heap
|
page read and write
|
||
|
1BA18B8E000
|
heap
|
page read and write
|
||
|
251A8494000
|
heap
|
page read and write
|
||
|
1585BD00000
|
heap
|
page read and write
|
||
|
1F945C20000
|
heap
|
page readonly
|
||
|
251A6A38000
|
heap
|
page read and write
|
||
|
201F0F90000
|
heap
|
page read and write
|
||
|
17023C13000
|
heap
|
page read and write
|
||
|
4DEB4FE000
|
stack
|
page read and write
|
||
|
1585BE7A000
|
heap
|
page read and write
|
||
|
1BA18B85000
|
heap
|
page read and write
|
||
|
224F2960000
|
heap
|
page read and write
|
||
|
1BA180A3000
|
heap
|
page read and write
|
||
|
AC59A7C000
|
stack
|
page read and write
|
||
|
1F6456D0000
|
heap
|
page read and write
|
||
|
9D3FF7E000
|
stack
|
page read and write
|
||
|
1585BE4D000
|
heap
|
page read and write
|
||
|
1BA19002000
|
heap
|
page read and write
|
||
|
1BA18102000
|
heap
|
page read and write
|
||
|
144B3843000
|
heap
|
page read and write
|
||
|
546000
|
heap
|
page read and write
|
||
|
7FFFE2329000
|
unkown
|
page readonly
|
||
|
1FAC000
|
stack
|
page read and write
|
||
|
1BA18000000
|
heap
|
page read and write
|
||
|
4DEB0FD000
|
stack
|
page read and write
|
||
|
23CBDFF000
|
stack
|
page read and write
|
||
|
4DEB3FE000
|
stack
|
page read and write
|
||
|
201F1113000
|
heap
|
page read and write
|
||
|
1BA18B7C000
|
heap
|
page read and write
|
||
|
1BA18B00000
|
heap
|
page read and write
|
||
|
1E15677000
|
stack
|
page read and write
|
||
|
C2177E000
|
stack
|
page read and write
|
||
|
132B000
|
heap
|
page read and write
|
||
|
2C4C6C40000
|
trusted library allocation
|
page read and write
|
||
|
224F276E000
|
heap
|
page read and write
|
||
|
7FFFE22D1000
|
unkown
|
page execute read
|
||
|
144B3810000
|
heap
|
page read and write
|
||
|
259C623D000
|
heap
|
page read and write
|
||
|
1BA188D0000
|
remote allocation
|
page read and write
|
||
|
18C138A0000
|
heap
|
page read and write
|
||
|
2C4CB160000
|
trusted library allocation
|
page read and write
|
||
|
259C6248000
|
heap
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page readonly
|
||
|
1E152FE000
|
stack
|
page read and write
|
||
|
251A8300000
|
heap
|
page read and write
|
||
|
1BA19003000
|
heap
|
page read and write
|
||
|
1BA180DB000
|
heap
|
page read and write
|
||
|
2C4C5CAA000
|
heap
|
page read and write
|
||
|
2840B4BC000
|
heap
|
page read and write
|
||
|
2840B413000
|
heap
|
page read and write
|
||
|
13035102000
|
heap
|
page read and write
|
||
|
2C4C6558000
|
heap
|
page read and write
|
||
|
251A6980000
|
heap
|
page read and write
|
||
|
2C4CB454000
|
heap
|
page read and write
|
||
|
1F645792000
|
heap
|
page read and write
|
||
|
9D404FF000
|
unkown
|
page read and write
|
||
|
2249C013000
|
heap
|
page read and write
|
||
|
1A62C2A0000
|
heap
|
page read and write
|
||
|
2C4C5A80000
|
heap
|
page read and write
|
||
|
2C4CB4F4000
|
heap
|
page read and write
|
||
|
1F645750000
|
heap
|
page read and write
|
||
|
1F645850000
|
heap
|
page read and write
|
||
|
1303503C000
|
heap
|
page read and write
|
||
|
1BA18B98000
|
heap
|
page read and write
|
||
|
2C4C6513000
|
heap
|
page read and write
|
||
|
9D3FAFB000
|
stack
|
page read and write
|
||
|
259C6258000
|
heap
|
page read and write
|
||
|
1F9459BF000
|
heap
|
page read and write
|
||
|
CC61BF6000
|
stack
|
page read and write
|
||
|
1585BE3A000
|
heap
|
page read and write
|
||
|
7FFFE22D1000
|
unkown
|
page execute read
|
||
|
CC61BF6000
|
stack
|
page read and write
|
||
|
2C4C5C56000
|
heap
|
page read and write
|
||
|
18C13B02000
|
heap
|
page read and write
|
||
|
440000
|
heap
|
page read and write
|
||
|
1A62C2C0000
|
direct allocation
|
page execute and read and write
|
||
|
18C13B08000
|
heap
|
page read and write
|
||
|
251A6A38000
|
heap
|
page read and write
|
||
|
251A6A25000
|
heap
|
page read and write
|
||
|
1BA18B91000
|
heap
|
page read and write
|
||
|
1F645590000
|
heap
|
page read and write
|
||
|
A1F9DAC000
|
stack
|
page read and write
|
||
|
CD617FC000
|
stack
|
page read and write
|
||
|
27B86C02000
|
heap
|
page read and write
|
||
|
2C4C5BE0000
|
trusted library allocation
|
page read and write
|
||
|
2C4C6504000
|
heap
|
page read and write
|
||
|
CD6147E000
|
stack
|
page read and write
|
||
|
18C13A13000
|
heap
|
page read and write
|
||
|
1BA18059000
|
heap
|
page read and write
|
||
|
13035029000
|
heap
|
page read and write
|
||
|
2C4CB3E0000
|
trusted library allocation
|
page read and write
|
||
|
2C4CB400000
|
heap
|
page read and write
|
||
|
581ACFE000
|
stack
|
page read and write
|
||
|
1BA18055000
|
heap
|
page read and write
|
||
|
1BA18B8D000
|
heap
|
page read and write
|
||
|
E7AF77E000
|
stack
|
page read and write
|
||
|
7FFFE2322000
|
unkown
|
page readonly
|
||
|
1BA18B8D000
|
heap
|
page read and write
|
||
|
27B86B90000
|
trusted library allocation
|
page read and write
|
||
|
251A8494000
|
heap
|
page read and write
|
||
|
259C6249000
|
heap
|
page read and write
|
||
|
7FFFE2329000
|
unkown
|
page readonly
|
||
|
23CBEFE000
|
stack
|
page read and write
|
||
|
259C6318000
|
heap
|
page read and write
|
||
|
1A62C10D000
|
heap
|
page read and write
|
||
|
2249BF90000
|
remote allocation
|
page read and write
|
||
|
1BA17F70000
|
heap
|
page read and write
|
||
|
1F9459BF000
|
heap
|
page read and write
|
||
|
27B86D02000
|
heap
|
page read and write
|
||
|
1BA18B91000
|
heap
|
page read and write
|
||
|
2C4C6518000
|
heap
|
page read and write
|
||
|
1585BE77000
|
heap
|
page read and write
|
||
|
15B5000
|
heap
|
page read and write
|
||
|
C2167B000
|
stack
|
page read and write
|
||
|
1A62C0C0000
|
heap
|
page read and write
|
||
|
2C4C5A70000
|
heap
|
page read and write
|
||
|
7FFFE2322000
|
unkown
|
page readonly
|
||
|
2C4CB411000
|
heap
|
page read and write
|
||
|
2C4CB42B000
|
heap
|
page read and write
|
||
|
259C6202000
|
heap
|
page read and write
|
||
|
1BA18B9F000
|
heap
|
page read and write
|
||
|
2C4CB44A000
|
heap
|
page read and write
|
||
|
7FFFE22D1000
|
unkown
|
page execute read
|
||
|
2C4C5D02000
|
heap
|
page read and write
|
||
|
2840B464000
|
heap
|
page read and write
|
||
|
201F1077000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
7FFFE22D1000
|
unkown
|
page execute read
|
||
|
581AAFE000
|
stack
|
page read and write
|
||
|
2840B43F000
|
heap
|
page read and write
|
||
|
23CB6BB000
|
stack
|
page read and write
|
||
|
18C13B13000
|
heap
|
page read and write
|
||
|
23CBCFB000
|
stack
|
page read and write
|
||
|
1585BE7E000
|
heap
|
page read and write
|
||
|
1BA19002000
|
heap
|
page read and write
|
||
|
251A8494000
|
heap
|
page read and write
|
||
|
CD612FF000
|
stack
|
page read and write
|
||
|
1585BE45000
|
heap
|
page read and write
|
||
|
1BA1804D000
|
heap
|
page read and write
|
||
|
1585BE41000
|
heap
|
page read and write
|
||
|
1BA180C0000
|
heap
|
page read and write
|
||
|
AC59C7D000
|
stack
|
page read and write
|
||
|
1A62C10D000
|
heap
|
page read and write
|
||
|
224F2772000
|
heap
|
page read and write
|
||
|
1F945920000
|
heap
|
page read and write
|
||
|
2C4CB3E0000
|
remote allocation
|
page read and write
|
||
|
201F1028000
|
heap
|
page read and write
|
||
|
1BA19021000
|
heap
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page readonly
|
||
|
1BA18B9F000
|
heap
|
page read and write
|
||
|
CD6107C000
|
stack
|
page read and write
|
||
|
7FFFE2322000
|
unkown
|
page readonly
|
||
|
18002D000
|
direct allocation
|
page readonly
|
||
|
1A62DEF0000
|
heap
|
page read and write
|
||
|
9D40078000
|
stack
|
page read and write
|
||
|
259C6200000
|
heap
|
page read and write
|
||
|
4F1000
|
heap
|
page read and write
|
||
|
224F276E000
|
heap
|
page read and write
|
||
|
1BA18B84000
|
heap
|
page read and write
|
||
|
E7AFA7E000
|
stack
|
page read and write
|
||
|
27B86C4E000
|
heap
|
page read and write
|
||
|
C5000
|
stack
|
page read and write
|
||
|
18C13840000
|
heap
|
page read and write
|
||
|
224F2762000
|
heap
|
page read and write
|
||
|
1585BE5F000
|
heap
|
page read and write
|
||
|
2C4CB350000
|
trusted library allocation
|
page read and write
|
||
|
17023AD0000
|
heap
|
page read and write
|
||
|
334B000
|
stack
|
page read and write
|
||
|
251A6930000
|
heap
|
page read and write
|
||
|
4DEB7FF000
|
stack
|
page read and write
|
||
|
7FFFE2326000
|
unkown
|
page read and write
|
||
|
27B86C3C000
|
heap
|
page read and write
|
||
|
23BB000
|
stack
|
page read and write
|
||
|
1BA18057000
|
heap
|
page read and write
|
||
|
1F945C30000
|
trusted library allocation
|
page read and write
|
||
|
1BA18B8F000
|
heap
|
page read and write
|
||
|
2840BF00000
|
heap
|
page read and write
|
||
|
13034E90000
|
heap
|
page read and write
|
||
|
F30000
|
heap
|
page read and write
|
||
|
2C4CB280000
|
trusted library allocation
|
page read and write
|
||
|
201F1002000
|
heap
|
page read and write
|
||
|
1BA18B9F000
|
heap
|
page read and write
|
||
|
2C4CB4D9000
|
heap
|
page read and write
|
||
|
13035113000
|
heap
|
page read and write
|
||
|
13035076000
|
heap
|
page read and write
|
||
|
1585BE4B000
|
heap
|
page read and write
|
||
|
2C4C5C8B000
|
heap
|
page read and write
|
||
|
1585BE2E000
|
heap
|
page read and write
|
||
|
259C6249000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
A1FA17E000
|
stack
|
page read and write
|
||
|
17023AE0000
|
heap
|
page read and write
|
||
|
1F647190000
|
heap
|
page read and write
|
||
|
1BA19002000
|
heap
|
page read and write
|
||
|
7FFFE2322000
|
unkown
|
page readonly
|
||
|
4DEAFFD000
|
stack
|
page read and write
|
||
|
17023B70000
|
trusted library allocation
|
page read and write
|
||
|
2C4CB4F2000
|
heap
|
page read and write
|
||
|
1BA18B91000
|
heap
|
page read and write
|
||
|
CC61BF6000
|
stack
|
page read and write
|
||
|
1F645740000
|
direct allocation
|
page execute and read and write
|
||
|
2C4CB28E000
|
trusted library allocation
|
page read and write
|
||
|
2C4C5CA7000
|
heap
|
page read and write
|
||
|
1A62C080000
|
heap
|
page read and write
|
||
|
18C13A3C000
|
heap
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page readonly
|
||
|
18C13A87000
|
heap
|
page read and write
|
||
|
18C13A7D000
|
heap
|
page read and write
|
||
|
13A7000
|
heap
|
page read and write
|
||
|
3EE00FF000
|
stack
|
page read and write
|
||
|
201F106C000
|
heap
|
page read and write
|
||
|
201F0FC0000
|
trusted library allocation
|
page read and write
|
||
|
9D40177000
|
stack
|
page read and write
|
||
|
1585BE3B000
|
heap
|
page read and write
|
||
|
1F6458C0000
|
heap
|
page read and write
|
||
|
251A6980000
|
heap
|
page read and write
|
||
|
14A0000
|
heap
|
page read and write
|
||
|
2C4C5C9A000
|
heap
|
page read and write
|
||
|
17023D13000
|
heap
|
page read and write
|
||
|
7FFFE2329000
|
unkown
|
page readonly
|
||
|
1BA18071000
|
heap
|
page read and write
|
||
|
1BA18108000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page read and write
|
||
|
1E1537E000
|
stack
|
page read and write
|
||
|
144B36D0000
|
heap
|
page read and write
|
||
|
1BA18B8D000
|
heap
|
page read and write
|
||
|
1BA17FA0000
|
trusted library allocation
|
page read and write
|
||
|
251A6A30000
|
heap
|
page read and write
|
||
|
1BA18B8D000
|
heap
|
page read and write
|
||
|
E7AF5FB000
|
stack
|
page read and write
|
||
|
1BA180EE000
|
heap
|
page read and write
|
||
|
2249BF30000
|
heap
|
page read and write
|
||
|
1F945B70000
|
trusted library allocation
|
page read and write
|
||
|
13034FF0000
|
trusted library allocation
|
page read and write
|
||
|
7FFFE22D0000
|
unkown
|
page readonly
|
||
|
AC5967F000
|
stack
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page readonly
|
||
|
27B86C00000
|
heap
|
page read and write
|
||
|
3EE02FB000
|
stack
|
page read and write
|
||
|
259C7C02000
|
trusted library allocation
|
page read and write
|
||
|
17023C3D000
|
heap
|
page read and write
|
||
|
2C4C5CAC000
|
heap
|
page read and write
|
||
|
1FF0000
|
heap
|
page read and write
|
||
|
1BA18B7D000
|
heap
|
page read and write
|
||
|
201F1A02000
|
trusted library allocation
|
page read and write
|
||
|
685000
|
heap
|
page read and write
|
||
|
2C4C5CFD000
|
heap
|
page read and write
|
||
|
13034EF0000
|
heap
|
page read and write
|
||
|
1585BE32000
|
heap
|
page read and write
|
||
|
1BA18B8F000
|
heap
|
page read and write
|
||
|
E7AF6FB000
|
stack
|
page read and write
|
||
|
1F9458A0000
|
trusted library allocation
|
page read and write
|
||
|
1585BE29000
|
heap
|
page read and write
|
||
|
1BA18B10000
|
heap
|
page read and write
|
||
|
2C4C5AE0000
|
heap
|
page read and write
|
||
|
1585BE00000
|
heap
|
page read and write
|
||
|
2840BF32000
|
heap
|
page read and write
|
||
|
2249CA02000
|
trusted library allocation
|
page read and write
|
||
|
CD6137C000
|
stack
|
page read and write
|
||
|
2C4CB4FC000
|
heap
|
page read and write
|
||
|
C2197E000
|
stack
|
page read and write
|
||
|
1D0000
|
heap
|
page read and write
|
||
|
7FFFE22D0000
|
unkown
|
page readonly
|
||
|
1F645870000
|
heap
|
page readonly
|
||
|
1460000
|
heap
|
page read and write
|
||
|
FA25F1A000
|
stack
|
page read and write
|
||
|
1F6456F0000
|
heap
|
page read and write
|
||
|
259C6190000
|
trusted library allocation
|
page read and write
|
||
|
1BA18B9F000
|
heap
|
page read and write
|
||
|
1BA18053000
|
heap
|
page read and write
|
||
|
1BA18B98000
|
heap
|
page read and write
|
||
|
AC5997C000
|
stack
|
page read and write
|
||
|
CD611FF000
|
stack
|
page read and write
|
||
|
259C6302000
|
heap
|
page read and write
|
||
|
13035100000
|
heap
|
page read and write
|
||
|
1585BD60000
|
heap
|
page read and write
|
||
|
17023B40000
|
heap
|
page read and write
|
||
|
7FFFE22D1000
|
unkown
|
page execute read
|
||
|
2C4CB2A1000
|
trusted library allocation
|
page read and write
|
||
|
E7AF97C000
|
stack
|
page read and write
|
||
|
3EE007E000
|
stack
|
page read and write
|
||
|
251A6A20000
|
heap
|
page read and write
|
||
|
1F945BD0000
|
trusted library allocation
|
page read and write
|
||
|
1BA19002000
|
heap
|
page read and write
|
||
|
1BA18B9F000
|
heap
|
page read and write
|
||
|
7FFFE2322000
|
unkown
|
page readonly
|
||
|
251A6A30000
|
heap
|
page read and write
|
||
|
23CBBFB000
|
stack
|
page read and write
|
||
|
FA262FF000
|
stack
|
page read and write
|
||
|
251A67D0000
|
unkown
|
page read and write
|
||
|
1F945B60000
|
trusted library allocation
|
page read and write
|
There are 798 hidden memdumps, click here to show them.