Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
r0hiaXHscs.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
initial sample
|
||
C:\ProgramData\Microsoft\Network\Downloader\edb.chk
|
data
|
dropped
|
||
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
MPEG-4 LOAS
|
dropped
|
||
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage engine DataBase, version 0x620, checksum 0xc3b679aa, page size 16384, Windows version 10.0
|
dropped
|
||
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_r0h_31cb52ba2bf69c94e76619fce422511ad71911_684ed31a_155663d4\Report.wer
|
Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4C93.tmp.dmp
|
Mini DuMP crash report, 15 streams, Sat May 14 02:43:38 2022, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4F53.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER511A.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log
|
Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
|
modified
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Windows\System32\regsvr32.exe
|
regsvr32.exe /s C:\Users\user\Desktop\r0hiaXHscs.dll
|
||
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\r0hiaXHscs.dll",#1
|
||
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\r0hiaXHscs.dll,DllRegisterServer
|
||
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\r0hiaXHscs.dll,DllUnregisterServer
|
||
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\FxQLsR\ONbDjBVKT.dll"
|
||
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\EjXLXGuvoI\eGzQUTT.dll"
|
||
C:\Windows\System32\svchost.exe
|
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
|
||
C:\Windows\System32\svchost.exe
|
c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
|
||
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k NetworkService -p
|
||
C:\Windows\System32\svchost.exe
|
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
|
||
C:\Windows\System32\svchost.exe
|
c:\windows\system32\svchost.exe -k unistacksvcgroup
|
||
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
||
C:\Windows\System32\loaddll64.exe
|
loaddll64.exe "C:\Users\user\Desktop\r0hiaXHscs.dll"
|
||
C:\Windows\System32\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\r0hiaXHscs.dll",#1
|
||
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
|
||
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p
|
||
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p
|
||
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p
|
||
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p
|
||
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p
|
||
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 3472 -s 328
|
||
C:\Windows\System32\SgrmBroker.exe
|
C:\Windows\system32\SgrmBroker.exe
|
||
C:\Program Files\Windows Defender\MpCmdRun.exe
|
"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 14 hidden processes, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://23.239.0.12/aw
|
unknown
|
||
https://23.239.0.12/
|
23.239.0.12
|
||
https://23.239.0.12/1y
|
unknown
|
||
https://23.239.0.12/e
|
unknown
|
||
https://www.disneyplus.com/legal/your-california-privacy-rights
|
unknown
|
||
https://www.disneyplus.com/legal/privacy-policy
|
unknown
|
||
https://www.hotspotshield.com/terms/
|
unknown
|
||
https://www.pango.co/privacy
|
unknown
|
||
https://disneyplus.com/legal.
|
unknown
|
||
http://crl.ver)
|
unknown
|
||
https://www.tiktok.com/legal/report
|
unknown
|
||
https://www.tiktok.com/legal/report/feedback
|
unknown
|
||
http://help.disneyplus.com.
|
unknown
|
||
https://support.hotspotshield.com/
|
unknown
|
||
http://schemas.microsoft
|
unknown
|
||
https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
|
unknown
|
||
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=
|
unknown
|
||
https://dev.ditu.live.com/REST/v1/Routes/
|
unknown
|
||
https://dev.virtualearth.net/REST/v1/Routes/Driving
|
unknown
|
||
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
|
unknown
|
||
https://dev.ditu.live.com/REST/v1/Transit/Stops/
|
unknown
|
||
https://dev.virtualearth.net/REST/v1/Routes/
|
unknown
|
||
https://dev.virtualearth.net/REST/v1/Traffic/Incidents/
|
unknown
|
||
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
|
unknown
|
||
https://dev.virtualearth.net/REST/v1/Routes/Walking
|
unknown
|
||
https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
|
unknown
|
||
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
|
unknown
|
||
https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=
|
unknown
|
||
https://%s.xboxlive.com
|
unknown
|
||
https://dev.ditu.live.com/mapcontrol/mapconfiguration.ashx?name=native&v=
|
unknown
|
||
https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v=
|
unknown
|
||
https://dev.virtualearth.net/mapcontrol/logging.ashx
|
unknown
|
||
https://dev.ditu.live.com/mapcontrol/logging.ashx
|
unknown
|
||
https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
|
unknown
|
||
https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?entry=
|
unknown
|
||
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
|
unknown
|
||
https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
|
unknown
|
||
https://dev.virtualearth.net/REST/v1/JsonFilter/VenueMaps/data/
|
unknown
|
||
https://dev.virtualearth.net/REST/v1/Transit/Schedules/
|
unknown
|
||
https://dynamic.t
|
unknown
|
||
https://t0.tiles.ditu.live.com/tiles/gensv=msv7
|
unknown
|
||
https://dev.virtualearth.net/REST/v1/Routes/Transit
|
unknown
|
||
https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
|
unknown
|
||
https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
|
unknown
|
||
https://activity.windows.com
|
unknown
|
||
http://www.bingmapsportal.com
|
unknown
|
||
https://dev.ditu.live.com/REST/v1/Locations
|
unknown
|
||
https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
|
unknown
|
||
https://%s.dnet.xboxlive.com
|
unknown
|
||
https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
|
unknown
|
There are 40 hidden URLs, click here to show them.
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
23.239.0.12
|
unknown
|
United States
|
||
192.168.2.1
|
unknown
|
unknown
|
||
127.0.0.1
|
unknown
|
unknown
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
|
cval
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
|
cval
|
||
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProgramId
|
||
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
FileId
|
||
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LowerCaseLongPath
|
||
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LongPathHash
|
||
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Name
|
||
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Publisher
|
||
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Version
|
||
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinFileVersion
|
||
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinaryType
|
||
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductName
|
||
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductVersion
|
||
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LinkDate
|
||
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinProductVersion
|
||
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Size
|
||
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Language
|
||
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsPeFile
|
||
\REGISTRY\A\{de560fbc-d896-f821-0879-1452c84fbb98}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsOsComponent
|
||
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
00184006417502B9
|
||
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f1\52C64B7E
|
@%SystemRoot%\System32\ci.dll,-100
|
||
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f1\52C64B7E
|
@%SystemRoot%\System32\ci.dll,-101
|
||
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f1\52C64B7E
|
@%SystemRoot%\system32\dnsapi.dll,-103
|
||
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f1\52C64B7E
|
@%SystemRoot%\System32\fveui.dll,-843
|
||
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f1\52C64B7E
|
@%SystemRoot%\System32\fveui.dll,-844
|
||
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f1\52C64B7E
|
@%SystemRoot%\System32\wuaueng.dll,-400
|
||
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f1\52C64B7E
|
@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124
|
||
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f1\52C64B7E
|
@%SystemRoot%\system32\NgcRecovery.dll,-100
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage
|
MonthID
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
There are 24 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
180001000
|
direct allocation
|
page execute read
|
||
2C40000
|
direct allocation
|
page execute and read and write
|
||
180001000
|
direct allocation
|
page execute read
|
||
13444F90000
|
direct allocation
|
page execute and read and write
|
||
2165C820000
|
direct allocation
|
page execute and read and write
|
||
180001000
|
direct allocation
|
page execute read
|
||
5A0000
|
direct allocation
|
page execute and read and write
|
||
180001000
|
direct allocation
|
page execute read
|
||
1F25DB7B000
|
heap
|
page read and write
|
||
7FFF21B71000
|
unkown
|
page execute read
|
||
C45BE7F000
|
stack
|
page read and write
|
||
1BA48429000
|
heap
|
page read and write
|
||
1F4E000
|
stack
|
page read and write
|
||
18E1A840000
|
heap
|
page read and write
|
||
313E000
|
stack
|
page read and write
|
||
1F25DB91000
|
heap
|
page read and write
|
||
1F25E002000
|
heap
|
page read and write
|
||
1F25D253000
|
heap
|
page read and write
|
||
1A6FB28B000
|
heap
|
page read and write
|
||
FE0000
|
remote allocation
|
page read and write
|
||
1F25DB56000
|
heap
|
page read and write
|
||
17D79EE0000
|
heap
|
page read and write
|
||
18002E000
|
direct allocation
|
page read and write
|
||
1F25D213000
|
heap
|
page read and write
|
||
7FFF21BC9000
|
unkown
|
page readonly
|
||
20A6CD57000
|
heap
|
page read and write
|
||
5299AFF000
|
stack
|
page read and write
|
||
BEF6D6F000
|
stack
|
page read and write
|
||
1F25DB86000
|
heap
|
page read and write
|
||
134450B5000
|
heap
|
page read and write
|
||
30000
|
heap
|
page read and write
|
||
1B2D2FE000
|
stack
|
page read and write
|
||
13444D64000
|
heap
|
page read and write
|
||
1E32AE6C000
|
heap
|
page read and write
|
||
15965DF0000
|
heap
|
page read and write
|
||
18E1AB08000
|
heap
|
page read and write
|
||
3679B79000
|
stack
|
page read and write
|
||
24C151B0000
|
trusted library allocation
|
page read and write
|
||
18E1AB02000
|
heap
|
page read and write
|
||
BEF6CEC000
|
stack
|
page read and write
|
||
1390000
|
heap
|
page readonly
|
||
7FFF21BC6000
|
unkown
|
page read and write
|
||
1350000
|
heap
|
page read and write
|
||
F00000
|
heap
|
page read and write
|
||
1F25DB13000
|
heap
|
page read and write
|
||
1F25DB00000
|
heap
|
page read and write
|
||
BAE8A7E000
|
stack
|
page read and write
|
||
2B0A03B2000
|
heap
|
page read and write
|
||
2B0A039F000
|
heap
|
page read and write
|
||
1F25DB7B000
|
heap
|
page read and write
|
||
134450B0000
|
heap
|
page read and write
|
||
1F25D229000
|
heap
|
page read and write
|
||
1A6FB213000
|
heap
|
page read and write
|
||
17D7AD00000
|
trusted library allocation
|
page read and write
|
||
BAE874B000
|
stack
|
page read and write
|
||
4441735000
|
stack
|
page read and write
|
||
1F25DB81000
|
heap
|
page read and write
|
||
BAE8AFE000
|
stack
|
page read and write
|
||
1F25DB89000
|
heap
|
page read and write
|
||
31BC000
|
stack
|
page read and write
|
||
63059F9000
|
stack
|
page read and write
|
||
1F25DB86000
|
heap
|
page read and write
|
||
36797EA000
|
stack
|
page read and write
|
||
2B0A0397000
|
heap
|
page read and write
|
||
9B80577000
|
stack
|
page read and write
|
||
197CD7E000
|
stack
|
page read and write
|
||
18E1AA70000
|
heap
|
page read and write
|
||
1F25D23C000
|
heap
|
page read and write
|
||
18002F000
|
direct allocation
|
page readonly
|
||
24C14B13000
|
heap
|
page read and write
|
||
1F25D254000
|
heap
|
page read and write
|
||
17D79DE8000
|
heap
|
page read and write
|
||
1A6FB25C000
|
heap
|
page read and write
|
||
1BA4846A000
|
heap
|
page read and write
|
||
1F25D1D0000
|
trusted library allocation
|
page read and write
|
||
20A6CD67000
|
heap
|
page read and write
|
||
18E1AA7B000
|
heap
|
page read and write
|
||
7FFF21BC2000
|
unkown
|
page readonly
|
||
18E1AA4E000
|
heap
|
page read and write
|
||
1F25E002000
|
heap
|
page read and write
|
||
1A6FB140000
|
heap
|
page read and write
|
||
24C14A4D000
|
heap
|
page read and write
|
||
7FFF21B70000
|
unkown
|
page readonly
|
||
3679CF9000
|
stack
|
page read and write
|
||
7FFF21BC2000
|
unkown
|
page readonly
|
||
17D79DF1000
|
heap
|
page read and write
|
||
24C14A70000
|
heap
|
page read and write
|
||
BEF6DEE000
|
stack
|
page read and write
|
||
C46AFD000
|
stack
|
page read and write
|
||
13A8000
|
heap
|
page read and write
|
||
1F25D247000
|
heap
|
page read and write
|
||
18E1AA67000
|
heap
|
page read and write
|
||
1F25DB6E000
|
heap
|
page read and write
|
||
2165C74C000
|
heap
|
page read and write
|
||
1F25DB6E000
|
heap
|
page read and write
|
||
2B0A0555000
|
heap
|
page read and write
|
||
9010F5E000
|
stack
|
page read and write
|
||
20A6CD67000
|
heap
|
page read and write
|
||
24C14910000
|
heap
|
page read and write
|
||
1A6FB1D0000
|
trusted library allocation
|
page read and write
|
||
12D0000
|
heap
|
page read and write
|
||
18E1AA54000
|
heap
|
page read and write
|
||
18E1AA5F000
|
heap
|
page read and write
|
||
1F25DB77000
|
heap
|
page read and write
|
||
2165C8A0000
|
heap
|
page read and write
|
||
13444F10000
|
heap
|
page read and write
|
||
18002D000
|
direct allocation
|
page readonly
|
||
1F25DB88000
|
heap
|
page read and write
|
||
1F25DB8D000
|
heap
|
page read and write
|
||
1A6FB200000
|
heap
|
page read and write
|
||
13444F60000
|
heap
|
page read and write
|
||
574000
|
heap
|
page read and write
|
||
44417BF000
|
stack
|
page read and write
|
||
560000
|
direct allocation
|
page execute and read and write
|
||
1F25E002000
|
heap
|
page read and write
|
||
17D79F50000
|
trusted library allocation
|
page read and write
|
||
1F25DB15000
|
heap
|
page read and write
|
||
18002D000
|
direct allocation
|
page readonly
|
||
529928C000
|
stack
|
page read and write
|
||
7FFF21B70000
|
unkown
|
page readonly
|
||
5D0000
|
heap
|
page readonly
|
||
3679A7E000
|
stack
|
page read and write
|
||
1A6FB257000
|
heap
|
page read and write
|
||
20A6CD76000
|
heap
|
page read and write
|
||
2165C8A4000
|
heap
|
page read and write
|
||
1F25D2AE000
|
heap
|
page read and write
|
||
1F25DB97000
|
heap
|
page read and write
|
||
1F25DBD8000
|
heap
|
page read and write
|
||
2B0A039A000
|
heap
|
page read and write
|
||
630597F000
|
stack
|
page read and write
|
||
197C99F000
|
stack
|
page read and write
|
||
1F25D226000
|
heap
|
page read and write
|
||
4441AFE000
|
stack
|
page read and write
|
||
1E32AF00000
|
heap
|
page read and write
|
||
1E32AF13000
|
heap
|
page read and write
|
||
7FFF21BC2000
|
unkown
|
page readonly
|
||
1BA4844D000
|
heap
|
page read and write
|
||
1E32AE00000
|
heap
|
page read and write
|
||
20A6CD74000
|
heap
|
page read and write
|
||
C45C3FE000
|
stack
|
page read and write
|
||
1F25DB88000
|
heap
|
page read and write
|
||
1BA48413000
|
heap
|
page read and write
|
||
1B2CFDB000
|
stack
|
page read and write
|
||
7FFF21BC9000
|
unkown
|
page readonly
|
||
1430000
|
heap
|
page read and write
|
||
180000000
|
direct allocation
|
page read and write
|
||
1F25E002000
|
heap
|
page read and write
|
||
1F25D24D000
|
heap
|
page read and write
|
||
17D7AD80000
|
trusted library allocation
|
page read and write
|
||
1B2D6FF000
|
stack
|
page read and write
|
||
1F25D0D0000
|
heap
|
page read and write
|
||
20A6CD81000
|
heap
|
page read and write
|
||
1A6FB261000
|
heap
|
page read and write
|
||
18002F000
|
direct allocation
|
page readonly
|
||
1E32AC10000
|
heap
|
page read and write
|
||
18E1AB13000
|
heap
|
page read and write
|
||
1F25DB86000
|
heap
|
page read and write
|
||
1A6FB130000
|
heap
|
page read and write
|
||
20A6CD78000
|
heap
|
page read and write
|
||
24C14B00000
|
heap
|
page read and write
|
||
2165C6A0000
|
heap
|
page read and write
|
||
13444D4B000
|
heap
|
page read and write
|
||
1F25D2C3000
|
heap
|
page read and write
|
||
17D79DB0000
|
heap
|
page read and write
|
||
1A6FB27B000
|
heap
|
page read and write
|
||
9B7FFDE000
|
stack
|
page read and write
|
||
1BA48500000
|
heap
|
page read and write
|
||
1A6FB286000
|
heap
|
page read and write
|
||
625000
|
heap
|
page read and write
|
||
1F25DB6E000
|
heap
|
page read and write
|
||
2B0A04C0000
|
heap
|
page read and write
|
||
1F25D259000
|
heap
|
page read and write
|
||
1F25DB9F000
|
heap
|
page read and write
|
||
1A6FB252000
|
heap
|
page read and write
|
||
1F25DBA9000
|
heap
|
page read and write
|
||
244B000
|
stack
|
page read and write
|
||
1F25DB6E000
|
heap
|
page read and write
|
||
13444F80000
|
direct allocation
|
page execute and read and write
|
||
13E1000
|
heap
|
page read and write
|
||
9B7FF5B000
|
stack
|
page read and write
|
||
1F25DBA0000
|
heap
|
page read and write
|
||
1F25DB6E000
|
heap
|
page read and write
|
||
146B000
|
heap
|
page read and write
|
||
24C14B02000
|
heap
|
page read and write
|
||
529938E000
|
stack
|
page read and write
|
||
18E1A830000
|
heap
|
page read and write
|
||
2165C752000
|
heap
|
page read and write
|
||
2165C8F5000
|
heap
|
page read and write
|
||
1F25DB81000
|
heap
|
page read and write
|
||
20A6CD91000
|
heap
|
page read and write
|
||
1F25DB86000
|
heap
|
page read and write
|
||
2B0A03C6000
|
heap
|
page read and write
|
||
90116FF000
|
stack
|
page read and write
|
||
7FFF21BC6000
|
unkown
|
page read and write
|
||
1F25D2C9000
|
heap
|
page read and write
|
||
1F25DBC4000
|
heap
|
page read and write
|
||
C45C0FB000
|
stack
|
page read and write
|
||
1F25DB77000
|
heap
|
page read and write
|
||
1F50000
|
heap
|
page read and write
|
||
90115FE000
|
stack
|
page read and write
|
||
FE0000
|
remote allocation
|
page read and write
|
||
1F25DB6F000
|
heap
|
page read and write
|
||
18002F000
|
direct allocation
|
page readonly
|
||
7FFF21BC9000
|
unkown
|
page readonly
|
||
1439000
|
heap
|
page read and write
|
||
1F25DBB0000
|
heap
|
page read and write
|
||
1F25DB8E000
|
heap
|
page read and write
|
||
2165C8F0000
|
heap
|
page read and write
|
||
1439000
|
heap
|
page read and write
|
||
BAE87CE000
|
stack
|
page read and write
|
||
1A6FB300000
|
heap
|
page read and write
|
||
1F25DB7C000
|
heap
|
page read and write
|
||
30C0000
|
trusted library allocation
|
page read and write
|
||
5299BF8000
|
stack
|
page read and write
|
||
1F25DB86000
|
heap
|
page read and write
|
||
1F25DB7C000
|
heap
|
page read and write
|
||
1ECF000
|
stack
|
page read and write
|
||
1F25D258000
|
heap
|
page read and write
|
||
1F25D24E000
|
heap
|
page read and write
|
||
2165C850000
|
heap
|
page readonly
|
||
2B0A03A9000
|
heap
|
page read and write
|
||
4441A7E000
|
stack
|
page read and write
|
||
4441B7F000
|
stack
|
page read and write
|
||
2B0A0320000
|
heap
|
page read and write
|
||
1F25DB8D000
|
heap
|
page read and write
|
||
12F0000
|
heap
|
page read and write
|
||
1F25DB88000
|
heap
|
page read and write
|
||
1A6FB263000
|
heap
|
page read and write
|
||
1F25DB81000
|
heap
|
page read and write
|
||
1F25DA02000
|
heap
|
page read and write
|
||
C45BB9B000
|
stack
|
page read and write
|
||
20A6CF40000
|
heap
|
page read and write
|
||
2B0A055B000
|
heap
|
page read and write
|
||
1436000
|
heap
|
page read and write
|
||
1BA4847C000
|
heap
|
page read and write
|
||
1E32AF02000
|
heap
|
page read and write
|
||
1E32AE75000
|
heap
|
page read and write
|
||
17D7AD20000
|
trusted library allocation
|
page read and write
|
||
18E1AA7C000
|
heap
|
page read and write
|
||
2B0A038B000
|
heap
|
page read and write
|
||
1F25DB7C000
|
heap
|
page read and write
|
||
24C14A4B000
|
heap
|
page read and write
|
||
24C14A4F000
|
heap
|
page read and write
|
||
1F25D308000
|
heap
|
page read and write
|
||
1F25DB8E000
|
heap
|
page read and write
|
||
1F25DB9F000
|
heap
|
page read and write
|
||
1F25DB86000
|
heap
|
page read and write
|
||
30C0000
|
trusted library allocation
|
page read and write
|
||
13A0000
|
heap
|
page read and write
|
||
7FFF21B70000
|
unkown
|
page readonly
|
||
1F25DB86000
|
heap
|
page read and write
|
||
1A6FB23C000
|
heap
|
page read and write
|
||
1F25DBC5000
|
heap
|
page read and write
|
||
146B000
|
heap
|
page read and write
|
||
17D79E2E000
|
heap
|
page read and write
|
||
18E1AA67000
|
heap
|
page read and write
|
||
2165C74D000
|
heap
|
page read and write
|
||
2B0A01E0000
|
heap
|
page read and write
|
||
1F25D302000
|
heap
|
page read and write
|
||
1F25DB63000
|
heap
|
page read and write
|
||
24C14A8A000
|
heap
|
page read and write
|
||
18E1AB00000
|
heap
|
page read and write
|
||
2165E0E0000
|
heap
|
page read and write
|
||
323E000
|
stack
|
page read and write
|
||
1BA4846F000
|
heap
|
page read and write
|
||
2B0A03BE000
|
heap
|
page read and write
|
||
2B0A039A000
|
heap
|
page read and write
|
||
52997F9000
|
stack
|
page read and write
|
||
18E1AA3C000
|
heap
|
page read and write
|
||
34A0000
|
remote allocation
|
page read and write
|
||
231C000
|
stack
|
page read and write
|
||
18E1AA29000
|
heap
|
page read and write
|
||
13444CB0000
|
heap
|
page read and write
|
||
2165C720000
|
heap
|
page read and write
|
||
7FFF21BC6000
|
unkown
|
page read and write
|
||
24C148B0000
|
heap
|
page read and write
|
||
1F25D060000
|
heap
|
page read and write
|
||
134469B0000
|
heap
|
page read and write
|
||
1F25DB3E000
|
heap
|
page read and write
|
||
20A6CD81000
|
heap
|
page read and write
|
||
15965EE0000
|
heap
|
page read and write
|
||
90113FB000
|
stack
|
page read and write
|
||
34A0000
|
remote allocation
|
page read and write
|
||
18002E000
|
direct allocation
|
page read and write
|
||
1E32B602000
|
trusted library allocation
|
page read and write
|
||
2B0A3E80000
|
heap
|
page read and write
|
||
17D79E2E000
|
heap
|
page read and write
|
||
7FFF21B71000
|
unkown
|
page execute read
|
||
1F25E000000
|
heap
|
page read and write
|
||
20A6CD50000
|
heap
|
page read and write
|
||
1F25DBA1000
|
heap
|
page read and write
|
||
2B0A0387000
|
heap
|
page read and write
|
||
1BA48370000
|
heap
|
page read and write
|
||
1325000
|
heap
|
page read and write
|
||
580000
|
heap
|
page read and write
|
||
1A6FB25D000
|
heap
|
page read and write
|
||
1F25DB77000
|
heap
|
page read and write
|
||
1F25DB7F000
|
heap
|
page read and write
|
||
24C14A52000
|
heap
|
page read and write
|
||
1F25D2DB000
|
heap
|
page read and write
|
||
1E32AD80000
|
trusted library allocation
|
page read and write
|
||
1BA4843C000
|
heap
|
page read and write
|
||
24C14A7F000
|
heap
|
page read and write
|
||
1F25DBB3000
|
heap
|
page read and write
|
||
1F25DB90000
|
heap
|
page read and write
|
||
1E32AC80000
|
heap
|
page read and write
|
||
1F25DB87000
|
heap
|
page read and write
|
||
1F25DB9F000
|
heap
|
page read and write
|
||
1F25D256000
|
heap
|
page read and write
|
||
15965EE8000
|
heap
|
page read and write
|
||
24C14B08000
|
heap
|
page read and write
|
||
24C14A3C000
|
heap
|
page read and write
|
||
197CC7F000
|
stack
|
page read and write
|
||
1F25D316000
|
heap
|
page read and write
|
||
15965EF5000
|
heap
|
page read and write
|
||
1380000
|
direct allocation
|
page execute and read and write
|
||
5299C7F000
|
unkown
|
page read and write
|
||
17D7AD10000
|
heap
|
page readonly
|
||
1F25DBB1000
|
heap
|
page read and write
|
||
BEF73FF000
|
stack
|
page read and write
|
||
20A6CD5E000
|
heap
|
page read and write
|
||
2B0A03AD000
|
heap
|
page read and write
|
||
2B0A03A3000
|
heap
|
page read and write
|
||
1F25DBB0000
|
heap
|
page read and write
|
||
7FFF21B70000
|
unkown
|
page readonly
|
||
13444D28000
|
heap
|
page read and write
|
||
1F25DBB0000
|
heap
|
page read and write
|
||
1F25DB8E000
|
heap
|
page read and write
|
||
1A6FB229000
|
heap
|
page read and write
|
||
1F25DB6E000
|
heap
|
page read and write
|
||
1F25D070000
|
heap
|
page read and write
|
||
17D79C70000
|
heap
|
page read and write
|
||
1F25DB4E000
|
heap
|
page read and write
|
||
1340000
|
heap
|
page read and write
|
||
1F25DB7B000
|
heap
|
page read and write
|
||
529930E000
|
stack
|
page read and write
|
||
1BA48488000
|
heap
|
page read and write
|
||
1E32AE28000
|
heap
|
page read and write
|
||
1B2D3FC000
|
stack
|
page read and write
|
||
13444D20000
|
heap
|
page read and write
|
||
1E32AE13000
|
heap
|
page read and write
|
||
481000
|
heap
|
page read and write
|
||
13445020000
|
heap
|
page read and write
|
||
17D79DE0000
|
heap
|
page read and write
|
||
90114F7000
|
stack
|
page read and write
|
||
1F25DB8D000
|
heap
|
page read and write
|
||
1A6FB302000
|
heap
|
page read and write
|
||
13E1000
|
heap
|
page read and write
|
||
1F25DB8D000
|
heap
|
page read and write
|
||
9B8027E000
|
stack
|
page read and write
|
||
1F25DB86000
|
heap
|
page read and write
|
||
1E4F000
|
stack
|
page read and write
|
||
2B0A039E000
|
heap
|
page read and write
|
||
2B0A03A3000
|
heap
|
page read and write
|
||
2B0A3673000
|
heap
|
page read and write
|
||
E5000
|
stack
|
page read and write
|
||
1F25D281000
|
heap
|
page read and write
|
||
24C148A0000
|
heap
|
page read and write
|
||
2B0A03AD000
|
heap
|
page read and write
|
||
1F25DB8E000
|
heap
|
page read and write
|
||
17D79FB0000
|
trusted library allocation
|
page read and write
|
||
2B0A3670000
|
heap
|
page read and write
|
||
1A6FB27C000
|
heap
|
page read and write
|
||
18E1AA88000
|
heap
|
page read and write
|
||
13444D51000
|
heap
|
page read and write
|
||
3530000
|
heap
|
page read and write
|
||
1F25DF70000
|
remote allocation
|
page read and write
|
||
1F25DB97000
|
heap
|
page read and write
|
||
1F25DBB3000
|
heap
|
page read and write
|
||
1F25DB7C000
|
heap
|
page read and write
|
||
1B2D27E000
|
stack
|
page read and write
|
||
7FFF21BC2000
|
unkown
|
page readonly
|
||
FB5000
|
stack
|
page read and write
|
||
1BA48E02000
|
trusted library allocation
|
page read and write
|
||
13444EF0000
|
heap
|
page read and write
|
||
1E32AE3E000
|
heap
|
page read and write
|
||
17D79E26000
|
heap
|
page read and write
|
||
1F25DBA0000
|
heap
|
page read and write
|
||
1BA48C70000
|
trusted library allocation
|
page read and write
|
||
1F25D24A000
|
heap
|
page read and write
|
||
1F25E002000
|
heap
|
page read and write
|
||
1B2D7FE000
|
stack
|
page read and write
|
||
9B8077E000
|
stack
|
page read and write
|
||
1F25DBA1000
|
heap
|
page read and write
|
||
13444FC0000
|
heap
|
page readonly
|
||
1F25DBA0000
|
heap
|
page read and write
|
||
2B0A0550000
|
heap
|
page read and write
|
||
63054CB000
|
stack
|
page read and write
|
||
1F25D2ED000
|
heap
|
page read and write
|
||
2165C540000
|
heap
|
page read and write
|
||
1F25E002000
|
heap
|
page read and write
|
||
1F25D2F5000
|
heap
|
page read and write
|
||
351F000
|
stack
|
page read and write
|
||
1412000
|
heap
|
page read and write
|
||
9010EDB000
|
stack
|
page read and write
|
||
180000000
|
direct allocation
|
page read and write
|
||
630587D000
|
stack
|
page read and write
|
||
1F25DB8E000
|
heap
|
page read and write
|
||
1F25D200000
|
heap
|
page read and write
|
||
17D7AD30000
|
trusted library allocation
|
page read and write
|
||
17D79FF5000
|
heap
|
page read and write
|
||
18002E000
|
direct allocation
|
page read and write
|
||
1F25D313000
|
heap
|
page read and write
|
||
1A6FB27B000
|
heap
|
page read and write
|
||
1F25D24B000
|
heap
|
page read and write
|
||
17D79FF9000
|
heap
|
page read and write
|
||
1F25DB73000
|
heap
|
page read and write
|
||
1F25DB8D000
|
heap
|
page read and write
|
||
7FFF21BC9000
|
unkown
|
page readonly
|
||
141C000
|
heap
|
page read and write
|
||
1F25D2AC000
|
heap
|
page read and write
|
||
63058F9000
|
stack
|
page read and write
|
||
3679BFF000
|
stack
|
page read and write
|
||
1F25DB7C000
|
heap
|
page read and write
|
||
23CF000
|
stack
|
page read and write
|
||
18E1A9A0000
|
trusted library allocation
|
page read and write
|
||
18E1AA5F000
|
heap
|
page read and write
|
||
1430000
|
heap
|
page read and write
|
||
20A6CCE0000
|
heap
|
page read and write
|
||
1A6FBC02000
|
trusted library allocation
|
page read and write
|
||
1F25DF70000
|
remote allocation
|
page read and write
|
||
1F25DBA0000
|
heap
|
page read and write
|
||
2165C710000
|
direct allocation
|
page execute and read and write
|
||
1F25DBA0000
|
heap
|
page read and write
|
||
34A0000
|
remote allocation
|
page read and write
|
||
1F25DB78000
|
heap
|
page read and write
|
||
24C14A50000
|
heap
|
page read and write
|
||
18E1AA00000
|
heap
|
page read and write
|
||
2B0A0340000
|
heap
|
page read and write
|
||
1F25DB88000
|
heap
|
page read and write
|
||
13444D69000
|
heap
|
page read and write
|
||
1E32AE78000
|
heap
|
page read and write
|
||
1F25DBB0000
|
heap
|
page read and write
|
||
20A6CF75000
|
heap
|
page read and write
|
||
197CCFE000
|
stack
|
page read and write
|
||
1344000
|
heap
|
page read and write
|
||
347F000
|
stack
|
page read and write
|
||
1320000
|
heap
|
page read and write
|
||
1F25D250000
|
heap
|
page read and write
|
||
1BA48400000
|
heap
|
page read and write
|
||
BEF72F7000
|
stack
|
page read and write
|
||
1F25D2B6000
|
heap
|
page read and write
|
||
17D79E2E000
|
heap
|
page read and write
|
||
1F25E019000
|
heap
|
page read and write
|
||
1F25DB77000
|
heap
|
page read and write
|
||
32BB000
|
stack
|
page read and write
|
||
13E1000
|
heap
|
page read and write
|
||
1F25DBA3000
|
heap
|
page read and write
|
||
1BA48402000
|
heap
|
page read and write
|
||
400000
|
heap
|
page read and write
|
||
1F25E002000
|
heap
|
page read and write
|
||
3679C7F000
|
stack
|
page read and write
|
||
1F25E003000
|
heap
|
page read and write
|
||
C45C1FE000
|
stack
|
page read and write
|
||
18E1A8A0000
|
heap
|
page read and write
|
||
2165C680000
|
heap
|
page read and write
|
||
18002F000
|
direct allocation
|
page readonly
|
||
1BA48453000
|
heap
|
page read and write
|
||
18002D000
|
direct allocation
|
page readonly
|
||
20A6CD81000
|
heap
|
page read and write
|
||
1F25DB86000
|
heap
|
page read and write
|
||
3679AFE000
|
stack
|
page read and write
|
||
1F25DB6E000
|
heap
|
page read and write
|
||
141C000
|
heap
|
page read and write
|
||
7FFF21B71000
|
unkown
|
page execute read
|
||
1F25DBA0000
|
heap
|
page read and write
|
||
24C14A29000
|
heap
|
page read and write
|
||
24C14A9D000
|
heap
|
page read and write
|
||
1F25DB86000
|
heap
|
page read and write
|
||
2165C6F0000
|
heap
|
page read and write
|
||
20A6CD93000
|
heap
|
page read and write
|
||
2B0A0380000
|
heap
|
page read and write
|
||
1F25DB7C000
|
heap
|
page read and write
|
||
17D79C80000
|
trusted library allocation
|
page read and write
|
||
7FFF21B71000
|
unkown
|
page execute read
|
||
1F25D251000
|
heap
|
page read and write
|
||
7FFF21BC6000
|
unkown
|
page read and write
|
||
1414000
|
heap
|
page read and write
|
||
1F25E003000
|
heap
|
page read and write
|
||
20A6CD62000
|
heap
|
page read and write
|
||
13D8000
|
heap
|
page read and write
|
||
1F25DBA1000
|
heap
|
page read and write
|
||
C45C2FB000
|
stack
|
page read and write
|
||
24C14A7E000
|
heap
|
page read and write
|
||
20A6CD73000
|
heap
|
page read and write
|
||
1F25E021000
|
heap
|
page read and write
|
||
9B8067E000
|
stack
|
page read and write
|
||
134469B4000
|
heap
|
page read and write
|
||
1F25D249000
|
heap
|
page read and write
|
||
33DE000
|
stack
|
page read and write
|
||
1BA48508000
|
heap
|
page read and write
|
||
20A6CF20000
|
heap
|
page read and write
|
||
17D7A000000
|
trusted library allocation
|
page read and write
|
||
1486000
|
heap
|
page read and write
|
||
17D7AAF0000
|
trusted library allocation
|
page read and write
|
||
1F25DB86000
|
heap
|
page read and write
|
||
4A6000
|
heap
|
page read and write
|
||
52998F7000
|
stack
|
page read and write
|
||
4C0000
|
heap
|
page read and write
|
||
24C14A13000
|
heap
|
page read and write
|
||
1F25DB78000
|
heap
|
page read and write
|
||
20A6CF70000
|
heap
|
page read and write
|
||
1E32AE54000
|
heap
|
page read and write
|
||
1F25DB92000
|
heap
|
page read and write
|
||
520000
|
heap
|
page read and write
|
||
1A6FB313000
|
heap
|
page read and write
|
||
146B000
|
heap
|
page read and write
|
||
1F25DB89000
|
heap
|
page read and write
|
||
1F25D2E3000
|
heap
|
page read and write
|
||
18002D000
|
direct allocation
|
page readonly
|
||
18E1AA13000
|
heap
|
page read and write
|
||
9B8047B000
|
stack
|
page read and write
|
||
1BA48502000
|
heap
|
page read and write
|
||
1B2D4FB000
|
stack
|
page read and write
|
||
18002E000
|
direct allocation
|
page read and write
|
||
17D79FF0000
|
heap
|
page read and write
|
||
1F25DB9F000
|
heap
|
page read and write
|
||
24C14A00000
|
heap
|
page read and write
|
||
1BA48360000
|
heap
|
page read and write
|
||
2B0A3680000
|
trusted library allocation
|
page read and write
|
||
570000
|
heap
|
page read and write
|
||
1BA48513000
|
heap
|
page read and write
|
||
420000
|
heap
|
page read and write
|
||
9010FDD000
|
stack
|
page read and write
|
||
1F25DB73000
|
heap
|
page read and write
|
||
17D79E52000
|
heap
|
page read and write
|
||
1A6FB1A0000
|
heap
|
page read and write
|
||
1E32AE02000
|
heap
|
page read and write
|
||
1F25DBB5000
|
heap
|
page read and write
|
||
1F25DB7C000
|
heap
|
page read and write
|
||
52999F7000
|
stack
|
page read and write
|
||
197C915000
|
stack
|
page read and write
|
||
BEF74FF000
|
stack
|
page read and write
|
||
1F25D248000
|
heap
|
page read and write
|
||
15965CB0000
|
heap
|
page read and write
|
||
180000000
|
direct allocation
|
page read and write
|
||
1F25DB7B000
|
heap
|
page read and write
|
||
1F25DB86000
|
heap
|
page read and write
|
||
620000
|
heap
|
page read and write
|
||
428000
|
heap
|
page read and write
|
||
6305A7F000
|
stack
|
page read and write
|
||
1A6FB308000
|
heap
|
page read and write
|
||
141C000
|
heap
|
page read and write
|
||
18E1B202000
|
trusted library allocation
|
page read and write
|
||
13444D64000
|
heap
|
page read and write
|
||
180000000
|
direct allocation
|
page read and write
|
||
1F25D270000
|
heap
|
page read and write
|
||
1F25DB6E000
|
heap
|
page read and write
|
||
1B2D5F7000
|
stack
|
page read and write
|
||
2165C728000
|
heap
|
page read and write
|
||
1439000
|
heap
|
page read and write
|
||
1F25DF70000
|
remote allocation
|
page read and write
|
||
BEF71FB000
|
stack
|
page read and write
|
||
1F25DBB5000
|
heap
|
page read and write
|
||
1F25DB84000
|
heap
|
page read and write
|
||
1BA483D0000
|
heap
|
page read and write
|
||
9B8087F000
|
stack
|
page read and write
|
||
17D79F40000
|
trusted library allocation
|
page read and write
|
||
24C15202000
|
trusted library allocation
|
page read and write
|
||
1E32AC20000
|
heap
|
page read and write
|
||
1370000
|
heap
|
page read and write
|
There are 551 hidden memdumps, click here to show them.