IOC Report
r0hiaXHscs.dll

loading gif

Files

File Path
Type
Category
Malicious
r0hiaXHscs.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
initial sample
malicious
C:\ProgramData\Microsoft\Network\Downloader\edb.chk
data
dropped
C:\ProgramData\Microsoft\Network\Downloader\edb.log
MPEG-4 LOAS
dropped
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
Extensible storage engine DataBase, version 0x620, checksum 0xc3b679aa, page size 16384, Windows version 10.0
dropped
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
data
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_r0h_31cb52ba2bf69c94e76619fce422511ad71911_684ed31a_155663d4\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4C93.tmp.dmp
Mini DuMP crash report, 15 streams, Sat May 14 02:43:38 2022, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4F53.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER511A.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
ASCII text, with no line terminators
dropped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log
Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
modified

Processes

Path
Cmdline
Malicious
C:\Windows\System32\regsvr32.exe
regsvr32.exe /s C:\Users\user\Desktop\r0hiaXHscs.dll
malicious
C:\Windows\System32\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\r0hiaXHscs.dll",#1
malicious
C:\Windows\System32\rundll32.exe
rundll32.exe C:\Users\user\Desktop\r0hiaXHscs.dll,DllRegisterServer
malicious
C:\Windows\System32\rundll32.exe
rundll32.exe C:\Users\user\Desktop\r0hiaXHscs.dll,DllUnregisterServer
malicious
C:\Windows\System32\regsvr32.exe
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\FxQLsR\ONbDjBVKT.dll"
malicious
C:\Windows\System32\regsvr32.exe
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\EjXLXGuvoI\eGzQUTT.dll"
malicious
C:\Windows\System32\svchost.exe
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
malicious
C:\Windows\System32\svchost.exe
c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p
malicious
C:\Windows\System32\svchost.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
malicious
C:\Windows\System32\svchost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup
malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
malicious
C:\Windows\System32\loaddll64.exe
loaddll64.exe "C:\Users\user\Desktop\r0hiaXHscs.dll"
C:\Windows\System32\cmd.exe
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\r0hiaXHscs.dll",#1
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
C:\Windows\System32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3472 -s 328
C:\Windows\System32\SgrmBroker.exe
C:\Windows\system32\SgrmBroker.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 14 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://23.239.0.12/aw
unknown
malicious
https://23.239.0.12/
23.239.0.12
malicious
https://23.239.0.12/1y
unknown
malicious
https://23.239.0.12/e
unknown
malicious
https://www.disneyplus.com/legal/your-california-privacy-rights
unknown
https://www.disneyplus.com/legal/privacy-policy
unknown
https://www.hotspotshield.com/terms/
unknown
https://www.pango.co/privacy
unknown
https://disneyplus.com/legal.
unknown
http://crl.ver)
unknown
https://www.tiktok.com/legal/report
unknown
https://www.tiktok.com/legal/report/feedback
unknown
http://help.disneyplus.com.
unknown
https://support.hotspotshield.com/
unknown
http://schemas.microsoft
unknown
https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
unknown
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=
unknown
https://dev.ditu.live.com/REST/v1/Routes/
unknown
https://dev.virtualearth.net/REST/v1/Routes/Driving
unknown
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
unknown
https://dev.ditu.live.com/REST/v1/Transit/Stops/
unknown
https://dev.virtualearth.net/REST/v1/Routes/
unknown
https://dev.virtualearth.net/REST/v1/Traffic/Incidents/
unknown
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
unknown
https://dev.virtualearth.net/REST/v1/Routes/Walking
unknown
https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
unknown
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
unknown
https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=
unknown
https://%s.xboxlive.com
unknown
https://dev.ditu.live.com/mapcontrol/mapconfiguration.ashx?name=native&v=
unknown
https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v=
unknown
https://dev.virtualearth.net/mapcontrol/logging.ashx
unknown
https://dev.ditu.live.com/mapcontrol/logging.ashx
unknown
https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
unknown
https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?entry=
unknown
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
unknown
https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
unknown
https://dev.virtualearth.net/REST/v1/JsonFilter/VenueMaps/data/
unknown
https://dev.virtualearth.net/REST/v1/Transit/Schedules/
unknown
https://dynamic.t
unknown
https://t0.tiles.ditu.live.com/tiles/gensv=msv7
unknown
https://dev.virtualearth.net/REST/v1/Routes/Transit
unknown
https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
unknown
https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
unknown
https://activity.windows.com
unknown
http://www.bingmapsportal.com
unknown
https://dev.ditu.live.com/REST/v1/Locations
unknown
https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
unknown
https://%s.dnet.xboxlive.com
unknown
https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
unknown
There are 40 hidden URLs, click here to show them.

IPs

IP
Domain
Country
Malicious
23.239.0.12
unknown
United States
malicious
192.168.2.1
unknown
unknown
127.0.0.1
unknown
unknown

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
cval
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
cval
malicious
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
ProgramId
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
FileId
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
LowerCaseLongPath
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
LongPathHash
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
Name
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
Publisher
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
Version
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
BinFileVersion
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
BinaryType
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
ProductName
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
ProductVersion
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
LinkDate
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
BinProductVersion
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
Size
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
Language
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
IsPeFile
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
IsOsComponent
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
DeviceTicket
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
DeviceId
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
ApplicationFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug
ExceptionRecord
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
00184006417502B9
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f1\52C64B7E
@%SystemRoot%\System32\ci.dll,-100
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f1\52C64B7E
@%SystemRoot%\System32\ci.dll,-101
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f1\52C64B7E
@%SystemRoot%\system32\dnsapi.dll,-103
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f1\52C64B7E
@%SystemRoot%\System32\fveui.dll,-843
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f1\52C64B7E
@%SystemRoot%\System32\fveui.dll,-844
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f1\52C64B7E
@%SystemRoot%\System32\wuaueng.dll,-400
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f1\52C64B7E
@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f1\52C64B7E
@%SystemRoot%\system32\NgcRecovery.dll,-100
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage
MonthID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
PerfMMFileName
There are 24 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
180001000
direct allocation
page execute read
malicious
2C40000
direct allocation
page execute and read and write
malicious
180001000
direct allocation
page execute read
malicious
13444F90000
direct allocation
page execute and read and write
malicious
2165C820000
direct allocation
page execute and read and write
malicious
180001000
direct allocation
page execute read
malicious
5A0000
direct allocation
page execute and read and write
malicious
180001000
direct allocation
page execute read
malicious
1F25DB7B000
heap
page read and write
7FFF21B71000
unkown
page execute read
C45BE7F000
stack
page read and write
1BA48429000
heap
page read and write
1F4E000
stack
page read and write
18E1A840000
heap
page read and write
313E000
stack
page read and write
1F25DB91000
heap
page read and write
1F25E002000
heap
page read and write
1F25D253000
heap
page read and write
1A6FB28B000
heap
page read and write
FE0000
remote allocation
page read and write
1F25DB56000
heap
page read and write
17D79EE0000
heap
page read and write
18002E000
direct allocation
page read and write
1F25D213000
heap
page read and write
7FFF21BC9000
unkown
page readonly
20A6CD57000
heap
page read and write
5299AFF000
stack
page read and write
BEF6D6F000
stack
page read and write
1F25DB86000
heap
page read and write
134450B5000
heap
page read and write
30000
heap
page read and write
1B2D2FE000
stack
page read and write
13444D64000
heap
page read and write
1E32AE6C000
heap
page read and write
15965DF0000
heap
page read and write
18E1AB08000
heap
page read and write
3679B79000
stack
page read and write
24C151B0000
trusted library allocation
page read and write
18E1AB02000
heap
page read and write
BEF6CEC000
stack
page read and write
1390000
heap
page readonly
7FFF21BC6000
unkown
page read and write
1350000
heap
page read and write
F00000
heap
page read and write
1F25DB13000
heap
page read and write
1F25DB00000
heap
page read and write
BAE8A7E000
stack
page read and write
2B0A03B2000
heap
page read and write
2B0A039F000
heap
page read and write
1F25DB7B000
heap
page read and write
134450B0000
heap
page read and write
1F25D229000
heap
page read and write
1A6FB213000
heap
page read and write
17D7AD00000
trusted library allocation
page read and write
BAE874B000
stack
page read and write
4441735000
stack
page read and write
1F25DB81000
heap
page read and write
BAE8AFE000
stack
page read and write
1F25DB89000
heap
page read and write
31BC000
stack
page read and write
63059F9000
stack
page read and write
1F25DB86000
heap
page read and write
36797EA000
stack
page read and write
2B0A0397000
heap
page read and write
9B80577000
stack
page read and write
197CD7E000
stack
page read and write
18E1AA70000
heap
page read and write
1F25D23C000
heap
page read and write
18002F000
direct allocation
page readonly
24C14B13000
heap
page read and write
1F25D254000
heap
page read and write
17D79DE8000
heap
page read and write
1A6FB25C000
heap
page read and write
1BA4846A000
heap
page read and write
1F25D1D0000
trusted library allocation
page read and write
20A6CD67000
heap
page read and write
18E1AA7B000
heap
page read and write
7FFF21BC2000
unkown
page readonly
18E1AA4E000
heap
page read and write
1F25E002000
heap
page read and write
1A6FB140000
heap
page read and write
24C14A4D000
heap
page read and write
7FFF21B70000
unkown
page readonly
3679CF9000
stack
page read and write
7FFF21BC2000
unkown
page readonly
17D79DF1000
heap
page read and write
24C14A70000
heap
page read and write
BEF6DEE000
stack
page read and write
C46AFD000
stack
page read and write
13A8000
heap
page read and write
1F25D247000
heap
page read and write
18E1AA67000
heap
page read and write
1F25DB6E000
heap
page read and write
2165C74C000
heap
page read and write
1F25DB6E000
heap
page read and write
2B0A0555000
heap
page read and write
9010F5E000
stack
page read and write
20A6CD67000
heap
page read and write
24C14910000
heap
page read and write
1A6FB1D0000
trusted library allocation
page read and write
12D0000
heap
page read and write
18E1AA54000
heap
page read and write
18E1AA5F000
heap
page read and write
1F25DB77000
heap
page read and write
2165C8A0000
heap
page read and write
13444F10000
heap
page read and write
18002D000
direct allocation
page readonly
1F25DB88000
heap
page read and write
1F25DB8D000
heap
page read and write
1A6FB200000
heap
page read and write
13444F60000
heap
page read and write
574000
heap
page read and write
44417BF000
stack
page read and write
560000
direct allocation
page execute and read and write
1F25E002000
heap
page read and write
17D79F50000
trusted library allocation
page read and write
1F25DB15000
heap
page read and write
18002D000
direct allocation
page readonly
529928C000
stack
page read and write
7FFF21B70000
unkown
page readonly
5D0000
heap
page readonly
3679A7E000
stack
page read and write
1A6FB257000
heap
page read and write
20A6CD76000
heap
page read and write
2165C8A4000
heap
page read and write
1F25D2AE000
heap
page read and write
1F25DB97000
heap
page read and write
1F25DBD8000
heap
page read and write
2B0A039A000
heap
page read and write
630597F000
stack
page read and write
197C99F000
stack
page read and write
1F25D226000
heap
page read and write
4441AFE000
stack
page read and write
1E32AF00000
heap
page read and write
1E32AF13000
heap
page read and write
7FFF21BC2000
unkown
page readonly
1BA4844D000
heap
page read and write
1E32AE00000
heap
page read and write
20A6CD74000
heap
page read and write
C45C3FE000
stack
page read and write
1F25DB88000
heap
page read and write
1BA48413000
heap
page read and write
1B2CFDB000
stack
page read and write
7FFF21BC9000
unkown
page readonly
1430000
heap
page read and write
180000000
direct allocation
page read and write
1F25E002000
heap
page read and write
1F25D24D000
heap
page read and write
17D7AD80000
trusted library allocation
page read and write
1B2D6FF000
stack
page read and write
1F25D0D0000
heap
page read and write
20A6CD81000
heap
page read and write
1A6FB261000
heap
page read and write
18002F000
direct allocation
page readonly
1E32AC10000
heap
page read and write
18E1AB13000
heap
page read and write
1F25DB86000
heap
page read and write
1A6FB130000
heap
page read and write
20A6CD78000
heap
page read and write
24C14B00000
heap
page read and write
2165C6A0000
heap
page read and write
13444D4B000
heap
page read and write
1F25D2C3000
heap
page read and write
17D79DB0000
heap
page read and write
1A6FB27B000
heap
page read and write
9B7FFDE000
stack
page read and write
1BA48500000
heap
page read and write
1A6FB286000
heap
page read and write
625000
heap
page read and write
1F25DB6E000
heap
page read and write
2B0A04C0000
heap
page read and write
1F25D259000
heap
page read and write
1F25DB9F000
heap
page read and write
1A6FB252000
heap
page read and write
1F25DBA9000
heap
page read and write
244B000
stack
page read and write
1F25DB6E000
heap
page read and write
13444F80000
direct allocation
page execute and read and write
13E1000
heap
page read and write
9B7FF5B000
stack
page read and write
1F25DBA0000
heap
page read and write
1F25DB6E000
heap
page read and write
146B000
heap
page read and write
24C14B02000
heap
page read and write
529938E000
stack
page read and write
18E1A830000
heap
page read and write
2165C752000
heap
page read and write
2165C8F5000
heap
page read and write
1F25DB81000
heap
page read and write
20A6CD91000
heap
page read and write
1F25DB86000
heap
page read and write
2B0A03C6000
heap
page read and write
90116FF000
stack
page read and write
7FFF21BC6000
unkown
page read and write
1F25D2C9000
heap
page read and write
1F25DBC4000
heap
page read and write
C45C0FB000
stack
page read and write
1F25DB77000
heap
page read and write
1F50000
heap
page read and write
90115FE000
stack
page read and write
FE0000
remote allocation
page read and write
1F25DB6F000
heap
page read and write
18002F000
direct allocation
page readonly
7FFF21BC9000
unkown
page readonly
1439000
heap
page read and write
1F25DBB0000
heap
page read and write
1F25DB8E000
heap
page read and write
2165C8F0000
heap
page read and write
1439000
heap
page read and write
BAE87CE000
stack
page read and write
1A6FB300000
heap
page read and write
1F25DB7C000
heap
page read and write
30C0000
trusted library allocation
page read and write
5299BF8000
stack
page read and write
1F25DB86000
heap
page read and write
1F25DB7C000
heap
page read and write
1ECF000
stack
page read and write
1F25D258000
heap
page read and write
1F25D24E000
heap
page read and write
2165C850000
heap
page readonly
2B0A03A9000
heap
page read and write
4441A7E000
stack
page read and write
4441B7F000
stack
page read and write
2B0A0320000
heap
page read and write
1F25DB8D000
heap
page read and write
12F0000
heap
page read and write
1F25DB88000
heap
page read and write
1A6FB263000
heap
page read and write
1F25DB81000
heap
page read and write
1F25DA02000
heap
page read and write
C45BB9B000
stack
page read and write
20A6CF40000
heap
page read and write
2B0A055B000
heap
page read and write
1436000
heap
page read and write
1BA4847C000
heap
page read and write
1E32AF02000
heap
page read and write
1E32AE75000
heap
page read and write
17D7AD20000
trusted library allocation
page read and write
18E1AA7C000
heap
page read and write
2B0A038B000
heap
page read and write
1F25DB7C000
heap
page read and write
24C14A4B000
heap
page read and write
24C14A4F000
heap
page read and write
1F25D308000
heap
page read and write
1F25DB8E000
heap
page read and write
1F25DB9F000
heap
page read and write
1F25DB86000
heap
page read and write
30C0000
trusted library allocation
page read and write
13A0000
heap
page read and write
7FFF21B70000
unkown
page readonly
1F25DB86000
heap
page read and write
1A6FB23C000
heap
page read and write
1F25DBC5000
heap
page read and write
146B000
heap
page read and write
17D79E2E000
heap
page read and write
18E1AA67000
heap
page read and write
2165C74D000
heap
page read and write
2B0A01E0000
heap
page read and write
1F25D302000
heap
page read and write
1F25DB63000
heap
page read and write
24C14A8A000
heap
page read and write
18E1AB00000
heap
page read and write
2165E0E0000
heap
page read and write
323E000
stack
page read and write
1BA4846F000
heap
page read and write
2B0A03BE000
heap
page read and write
2B0A039A000
heap
page read and write
52997F9000
stack
page read and write
18E1AA3C000
heap
page read and write
34A0000
remote allocation
page read and write
231C000
stack
page read and write
18E1AA29000
heap
page read and write
13444CB0000
heap
page read and write
2165C720000
heap
page read and write
7FFF21BC6000
unkown
page read and write
24C148B0000
heap
page read and write
1F25D060000
heap
page read and write
134469B0000
heap
page read and write
1F25DB3E000
heap
page read and write
20A6CD81000
heap
page read and write
15965EE0000
heap
page read and write
90113FB000
stack
page read and write
34A0000
remote allocation
page read and write
18002E000
direct allocation
page read and write
1E32B602000
trusted library allocation
page read and write
2B0A3E80000
heap
page read and write
17D79E2E000
heap
page read and write
7FFF21B71000
unkown
page execute read
1F25E000000
heap
page read and write
20A6CD50000
heap
page read and write
1F25DBA1000
heap
page read and write
2B0A0387000
heap
page read and write
1BA48370000
heap
page read and write
1325000
heap
page read and write
580000
heap
page read and write
1A6FB25D000
heap
page read and write
1F25DB77000
heap
page read and write
1F25DB7F000
heap
page read and write
24C14A52000
heap
page read and write
1F25D2DB000
heap
page read and write
1E32AD80000
trusted library allocation
page read and write
1BA4843C000
heap
page read and write
24C14A7F000
heap
page read and write
1F25DBB3000
heap
page read and write
1F25DB90000
heap
page read and write
1E32AC80000
heap
page read and write
1F25DB87000
heap
page read and write
1F25DB9F000
heap
page read and write
1F25D256000
heap
page read and write
15965EE8000
heap
page read and write
24C14B08000
heap
page read and write
24C14A3C000
heap
page read and write
197CC7F000
stack
page read and write
1F25D316000
heap
page read and write
15965EF5000
heap
page read and write
1380000
direct allocation
page execute and read and write
5299C7F000
unkown
page read and write
17D7AD10000
heap
page readonly
1F25DBB1000
heap
page read and write
BEF73FF000
stack
page read and write
20A6CD5E000
heap
page read and write
2B0A03AD000
heap
page read and write
2B0A03A3000
heap
page read and write
1F25DBB0000
heap
page read and write
7FFF21B70000
unkown
page readonly
13444D28000
heap
page read and write
1F25DBB0000
heap
page read and write
1F25DB8E000
heap
page read and write
1A6FB229000
heap
page read and write
1F25DB6E000
heap
page read and write
1F25D070000
heap
page read and write
17D79C70000
heap
page read and write
1F25DB4E000
heap
page read and write
1340000
heap
page read and write
1F25DB7B000
heap
page read and write
529930E000
stack
page read and write
1BA48488000
heap
page read and write
1E32AE28000
heap
page read and write
1B2D3FC000
stack
page read and write
13444D20000
heap
page read and write
1E32AE13000
heap
page read and write
481000
heap
page read and write
13445020000
heap
page read and write
17D79DE0000
heap
page read and write
90114F7000
stack
page read and write
1F25DB8D000
heap
page read and write
1A6FB302000
heap
page read and write
13E1000
heap
page read and write
1F25DB8D000
heap
page read and write
9B8027E000
stack
page read and write
1F25DB86000
heap
page read and write
1E4F000
stack
page read and write
2B0A039E000
heap
page read and write
2B0A03A3000
heap
page read and write
2B0A3673000
heap
page read and write
E5000
stack
page read and write
1F25D281000
heap
page read and write
24C148A0000
heap
page read and write
2B0A03AD000
heap
page read and write
1F25DB8E000
heap
page read and write
17D79FB0000
trusted library allocation
page read and write
2B0A3670000
heap
page read and write
1A6FB27C000
heap
page read and write
18E1AA88000
heap
page read and write
13444D51000
heap
page read and write
3530000
heap
page read and write
1F25DF70000
remote allocation
page read and write
1F25DB97000
heap
page read and write
1F25DBB3000
heap
page read and write
1F25DB7C000
heap
page read and write
1B2D27E000
stack
page read and write
7FFF21BC2000
unkown
page readonly
FB5000
stack
page read and write
1BA48E02000
trusted library allocation
page read and write
13444EF0000
heap
page read and write
1E32AE3E000
heap
page read and write
17D79E26000
heap
page read and write
1F25DBA0000
heap
page read and write
1BA48C70000
trusted library allocation
page read and write
1F25D24A000
heap
page read and write
1F25E002000
heap
page read and write
1B2D7FE000
stack
page read and write
9B8077E000
stack
page read and write
1F25DBA1000
heap
page read and write
13444FC0000
heap
page readonly
1F25DBA0000
heap
page read and write
2B0A0550000
heap
page read and write
63054CB000
stack
page read and write
1F25D2ED000
heap
page read and write
2165C540000
heap
page read and write
1F25E002000
heap
page read and write
1F25D2F5000
heap
page read and write
351F000
stack
page read and write
1412000
heap
page read and write
9010EDB000
stack
page read and write
180000000
direct allocation
page read and write
630587D000
stack
page read and write
1F25DB8E000
heap
page read and write
1F25D200000
heap
page read and write
17D7AD30000
trusted library allocation
page read and write
17D79FF5000
heap
page read and write
18002E000
direct allocation
page read and write
1F25D313000
heap
page read and write
1A6FB27B000
heap
page read and write
1F25D24B000
heap
page read and write
17D79FF9000
heap
page read and write
1F25DB73000
heap
page read and write
1F25DB8D000
heap
page read and write
7FFF21BC9000
unkown
page readonly
141C000
heap
page read and write
1F25D2AC000
heap
page read and write
63058F9000
stack
page read and write
3679BFF000
stack
page read and write
1F25DB7C000
heap
page read and write
23CF000
stack
page read and write
18E1A9A0000
trusted library allocation
page read and write
18E1AA5F000
heap
page read and write
1430000
heap
page read and write
20A6CCE0000
heap
page read and write
1A6FBC02000
trusted library allocation
page read and write
1F25DF70000
remote allocation
page read and write
1F25DBA0000
heap
page read and write
2165C710000
direct allocation
page execute and read and write
1F25DBA0000
heap
page read and write
34A0000
remote allocation
page read and write
1F25DB78000
heap
page read and write
24C14A50000
heap
page read and write
18E1AA00000
heap
page read and write
2B0A0340000
heap
page read and write
1F25DB88000
heap
page read and write
13444D69000
heap
page read and write
1E32AE78000
heap
page read and write
1F25DBB0000
heap
page read and write
20A6CF75000
heap
page read and write
197CCFE000
stack
page read and write
1344000
heap
page read and write
347F000
stack
page read and write
1320000
heap
page read and write
1F25D250000
heap
page read and write
1BA48400000
heap
page read and write
BEF72F7000
stack
page read and write
1F25D2B6000
heap
page read and write
17D79E2E000
heap
page read and write
1F25E019000
heap
page read and write
1F25DB77000
heap
page read and write
32BB000
stack
page read and write
13E1000
heap
page read and write
1F25DBA3000
heap
page read and write
1BA48402000
heap
page read and write
400000
heap
page read and write
1F25E002000
heap
page read and write
3679C7F000
stack
page read and write
1F25E003000
heap
page read and write
C45C1FE000
stack
page read and write
18E1A8A0000
heap
page read and write
2165C680000
heap
page read and write
18002F000
direct allocation
page readonly
1BA48453000
heap
page read and write
18002D000
direct allocation
page readonly
20A6CD81000
heap
page read and write
1F25DB86000
heap
page read and write
3679AFE000
stack
page read and write
1F25DB6E000
heap
page read and write
141C000
heap
page read and write
7FFF21B71000
unkown
page execute read
1F25DBA0000
heap
page read and write
24C14A29000
heap
page read and write
24C14A9D000
heap
page read and write
1F25DB86000
heap
page read and write
2165C6F0000
heap
page read and write
20A6CD93000
heap
page read and write
2B0A0380000
heap
page read and write
1F25DB7C000
heap
page read and write
17D79C80000
trusted library allocation
page read and write
7FFF21B71000
unkown
page execute read
1F25D251000
heap
page read and write
7FFF21BC6000
unkown
page read and write
1414000
heap
page read and write
1F25E003000
heap
page read and write
20A6CD62000
heap
page read and write
13D8000
heap
page read and write
1F25DBA1000
heap
page read and write
C45C2FB000
stack
page read and write
24C14A7E000
heap
page read and write
20A6CD73000
heap
page read and write
1F25E021000
heap
page read and write
9B8067E000
stack
page read and write
134469B4000
heap
page read and write
1F25D249000
heap
page read and write
33DE000
stack
page read and write
1BA48508000
heap
page read and write
20A6CF20000
heap
page read and write
17D7A000000
trusted library allocation
page read and write
1486000
heap
page read and write
17D7AAF0000
trusted library allocation
page read and write
1F25DB86000
heap
page read and write
4A6000
heap
page read and write
52998F7000
stack
page read and write
4C0000
heap
page read and write
24C14A13000
heap
page read and write
1F25DB78000
heap
page read and write
20A6CF70000
heap
page read and write
1E32AE54000
heap
page read and write
1F25DB92000
heap
page read and write
520000
heap
page read and write
1A6FB313000
heap
page read and write
146B000
heap
page read and write
1F25DB89000
heap
page read and write
1F25D2E3000
heap
page read and write
18002D000
direct allocation
page readonly
18E1AA13000
heap
page read and write
9B8047B000
stack
page read and write
1BA48502000
heap
page read and write
1B2D4FB000
stack
page read and write
18002E000
direct allocation
page read and write
17D79FF0000
heap
page read and write
1F25DB9F000
heap
page read and write
24C14A00000
heap
page read and write
1BA48360000
heap
page read and write
2B0A3680000
trusted library allocation
page read and write
570000
heap
page read and write
1BA48513000
heap
page read and write
420000
heap
page read and write
9010FDD000
stack
page read and write
1F25DB73000
heap
page read and write
17D79E52000
heap
page read and write
1A6FB1A0000
heap
page read and write
1E32AE02000
heap
page read and write
1F25DBB5000
heap
page read and write
1F25DB7C000
heap
page read and write
52999F7000
stack
page read and write
197C915000
stack
page read and write
BEF74FF000
stack
page read and write
1F25D248000
heap
page read and write
15965CB0000
heap
page read and write
180000000
direct allocation
page read and write
1F25DB7B000
heap
page read and write
1F25DB86000
heap
page read and write
620000
heap
page read and write
428000
heap
page read and write
6305A7F000
stack
page read and write
1A6FB308000
heap
page read and write
141C000
heap
page read and write
18E1B202000
trusted library allocation
page read and write
13444D64000
heap
page read and write
180000000
direct allocation
page read and write
1F25D270000
heap
page read and write
1F25DB6E000
heap
page read and write
1B2D5F7000
stack
page read and write
2165C728000
heap
page read and write
1439000
heap
page read and write
1F25DF70000
remote allocation
page read and write
BEF71FB000
stack
page read and write
1F25DBB5000
heap
page read and write
1F25DB84000
heap
page read and write
1BA483D0000
heap
page read and write
9B8087F000
stack
page read and write
17D79F40000
trusted library allocation
page read and write
24C15202000
trusted library allocation
page read and write
1E32AC20000
heap
page read and write
1370000
heap
page read and write
There are 551 hidden memdumps, click here to show them.