Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
vur7t4SumQ.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_vur_1d0254f19b869b476574097083416095bb4e4c_67e37b4c_10e28517\Report.wer
|
Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER74E.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER846.tmp.csv
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB35.tmp.txt
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF4ED.tmp.dmp
|
Mini DuMP crash report, 15 streams, Sat May 14 12:10:12 2022, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFFAC.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\edb.chk
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
MPEG-4 LOAS
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage engine DataBase, version 0x620, checksum 0x26183b80, page size 16384, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_vur_4cd58e58b1e637f1367f31dafe24a2e5d883329_67e37b4c_19aab41b\Report.wer
|
Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER90C4.tmp.dmp
|
Mini DuMP crash report, 15 streams, Sat May 14 11:57:05 2022, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9BF0.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAB24.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log
|
Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
|
modified
|
There are 7 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\regsvr32.exe
|
regsvr32.exe /s C:\Users\user\Desktop\vur7t4SumQ.dll
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\vur7t4SumQ.dll",#1
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\vur7t4SumQ.dll,DllRegisterServer
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\vur7t4SumQ.dll,DllUnregisterServer
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\QpRiewx\dKRLHbLQXAMim.dll"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\JZAnomWmMqlc\LxifZH.dll"
|
|
|
|
C:\Windows\System32\svchost.exe
|
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
|
|
|
|
C:\Windows\System32\svchost.exe
|
c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k NetworkService -p
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
|
|
|
C:\Windows\System32\svchost.exe
|
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\system32\svchost.exe -k wusvcs -p -s WaaSMedicSvc
|
|
|
|
C:\Windows\System32\loaddll64.exe
|
loaddll64.exe "C:\Users\user\Desktop\vur7t4SumQ.dll"
|
||
|
C:\Windows\System32\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\vur7t4SumQ.dll",#1
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k WerSvcGroup
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -pss -s 492 -p 7104 -ip 7104
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7104 -s 336
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 6444 -s 316
|
||
|
C:\Windows\System32\SgrmBroker.exe
|
C:\Windows\system32\SgrmBroker.exe
|
||
|
C:\Program Files\Windows Defender\MpCmdRun.exe
|
"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 16 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://23.239.0.12/
|
23.239.0.12
|
|
|
|
https://23.239.0.12/dllrG4
|
unknown
|
|
|
|
https://23.239.0.12/:
|
unknown
|
|
|
|
https://www.disneyplus.com/legal/your-california-privacy-rights
|
unknown
|
||
|
http://crl.ver)
|
unknown
|
||
|
https://www.disneyplus.com/legal/privacy-policy
|
unknown
|
||
|
https://www.tiktok.com/legal/report/feedback
|
unknown
|
||
|
http://help.disneyplus.com.
|
unknown
|
||
|
https://support.hotspotshield.com/
|
unknown
|
||
|
https://www.hotspotshield.com/terms/
|
unknown
|
||
|
https://www.pango.co/privacy
|
unknown
|
||
|
https://disneyplus.com/legal.
|
unknown
|
||
|
https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
|
unknown
|
||
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=
|
unknown
|
||
|
https://dev.ditu.live.com/REST/v1/Routes/
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Routes/Driving
|
unknown
|
||
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
|
unknown
|
||
|
https://dev.ditu.live.com/REST/v1/Transit/Stops/
|
unknown
|
||
|
https://t0.tiles.ditu.live.com/tiles/gen
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Routes/
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Traffic/Incidents/
|
unknown
|
||
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Routes/Walking
|
unknown
|
||
|
https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
|
unknown
|
||
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
|
unknown
|
||
|
https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=
|
unknown
|
||
|
https://%s.xboxlive.com
|
unknown
|
||
|
https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v=
|
unknown
|
||
|
https://dev.virtualearth.net/mapcontrol/logging.ashx
|
unknown
|
||
|
https://dev.ditu.live.com/mapcontrol/logging.ashx
|
unknown
|
||
|
https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
|
unknown
|
||
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
|
unknown
|
||
|
https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/JsonFilter/VenueMaps/data/
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Transit/Schedules/
|
unknown
|
||
|
https://dynamic.t
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Routes/Transit
|
unknown
|
||
|
https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
|
unknown
|
||
|
https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
|
unknown
|
||
|
https://activity.windows.com
|
unknown
|
||
|
http://www.bingmapsportal.com
|
unknown
|
||
|
https://dev.ditu.live.com/REST/v1/Locations
|
unknown
|
||
|
https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
|
unknown
|
||
|
https://%s.dnet.xboxlive.com
|
unknown
|
||
|
https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
|
unknown
|
There are 35 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
23.239.0.12
|
unknown
|
United States
|
|
|
|
192.168.2.1
|
unknown
|
unknown
|
||
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
|
cval
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
|
cval
|
|
|
|
\REGISTRY\A\{005c6333-c6c2-1ad2-d71b-ad8b912d2a2b}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProgramId
|
||
|
\REGISTRY\A\{005c6333-c6c2-1ad2-d71b-ad8b912d2a2b}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
FileId
|
||
|
\REGISTRY\A\{005c6333-c6c2-1ad2-d71b-ad8b912d2a2b}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{005c6333-c6c2-1ad2-d71b-ad8b912d2a2b}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LongPathHash
|
||
|
\REGISTRY\A\{005c6333-c6c2-1ad2-d71b-ad8b912d2a2b}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Name
|
||
|
\REGISTRY\A\{005c6333-c6c2-1ad2-d71b-ad8b912d2a2b}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Publisher
|
||
|
\REGISTRY\A\{005c6333-c6c2-1ad2-d71b-ad8b912d2a2b}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Version
|
||
|
\REGISTRY\A\{005c6333-c6c2-1ad2-d71b-ad8b912d2a2b}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinFileVersion
|
||
|
\REGISTRY\A\{005c6333-c6c2-1ad2-d71b-ad8b912d2a2b}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinaryType
|
||
|
\REGISTRY\A\{005c6333-c6c2-1ad2-d71b-ad8b912d2a2b}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductName
|
||
|
\REGISTRY\A\{005c6333-c6c2-1ad2-d71b-ad8b912d2a2b}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductVersion
|
||
|
\REGISTRY\A\{005c6333-c6c2-1ad2-d71b-ad8b912d2a2b}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LinkDate
|
||
|
\REGISTRY\A\{005c6333-c6c2-1ad2-d71b-ad8b912d2a2b}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinProductVersion
|
||
|
\REGISTRY\A\{005c6333-c6c2-1ad2-d71b-ad8b912d2a2b}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Size
|
||
|
\REGISTRY\A\{005c6333-c6c2-1ad2-d71b-ad8b912d2a2b}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Language
|
||
|
\REGISTRY\A\{005c6333-c6c2-1ad2-d71b-ad8b912d2a2b}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsPeFile
|
||
|
\REGISTRY\A\{005c6333-c6c2-1ad2-d71b-ad8b912d2a2b}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsOsComponent
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\System32\ci.dll,-100
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\System32\ci.dll,-101
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\system32\dnsapi.dll,-103
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\System32\fveui.dll,-843
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\System32\fveui.dll,-844
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\System32\wuaueng.dll,-400
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\system32\NgcRecovery.dll,-100
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage
|
MonthID
|
||
|
\REGISTRY\A\{716106eb-4c16-3a41-7175-039016bd5bee}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProgramId
|
||
|
\REGISTRY\A\{716106eb-4c16-3a41-7175-039016bd5bee}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
FileId
|
||
|
\REGISTRY\A\{716106eb-4c16-3a41-7175-039016bd5bee}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{716106eb-4c16-3a41-7175-039016bd5bee}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LongPathHash
|
||
|
\REGISTRY\A\{716106eb-4c16-3a41-7175-039016bd5bee}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Name
|
||
|
\REGISTRY\A\{716106eb-4c16-3a41-7175-039016bd5bee}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Publisher
|
||
|
\REGISTRY\A\{716106eb-4c16-3a41-7175-039016bd5bee}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Version
|
||
|
\REGISTRY\A\{716106eb-4c16-3a41-7175-039016bd5bee}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinFileVersion
|
||
|
\REGISTRY\A\{716106eb-4c16-3a41-7175-039016bd5bee}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinaryType
|
||
|
\REGISTRY\A\{716106eb-4c16-3a41-7175-039016bd5bee}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductName
|
||
|
\REGISTRY\A\{716106eb-4c16-3a41-7175-039016bd5bee}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductVersion
|
||
|
\REGISTRY\A\{716106eb-4c16-3a41-7175-039016bd5bee}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LinkDate
|
||
|
\REGISTRY\A\{716106eb-4c16-3a41-7175-039016bd5bee}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinProductVersion
|
||
|
\REGISTRY\A\{716106eb-4c16-3a41-7175-039016bd5bee}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Size
|
||
|
\REGISTRY\A\{716106eb-4c16-3a41-7175-039016bd5bee}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Language
|
||
|
\REGISTRY\A\{716106eb-4c16-3a41-7175-039016bd5bee}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsPeFile
|
||
|
\REGISTRY\A\{716106eb-4c16-3a41-7175-039016bd5bee}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsOsComponent
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
0018800453F4626F
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\WaaS\WaaSMedic\TaskStore
|
Schedule Scan
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\WaaS\WaaSMedic\State
|
BlockUntilTimeStatus
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\WaaS\WaaSMedic\Configuration
|
refreshAfter
|
There are 44 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
225740C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
E10000
|
direct allocation
|
page execute and read and write
|
|
|
|
25875C10000
|
direct allocation
|
page execute and read and write
|
|
|
|
25875C10000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
1D80D4F0000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
25875C10000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
2590000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
267D0FAA000
|
heap
|
page read and write
|
||
|
C75000
|
stack
|
page read and write
|
||
|
AF65D7B000
|
stack
|
page read and write
|
||
|
C20000
|
heap
|
page read and write
|
||
|
24F67990000
|
heap
|
page read and write
|
||
|
24292F13000
|
heap
|
page read and write
|
||
|
238BBAF0000
|
heap
|
page read and write
|
||
|
22572770000
|
heap
|
page read and write
|
||
|
267D0F90000
|
heap
|
page read and write
|
||
|
267D1402000
|
heap
|
page read and write
|
||
|
267D0FA8000
|
heap
|
page read and write
|
||
|
27D57F42000
|
heap
|
page read and write
|
||
|
7FFF2F3D2000
|
unkown
|
page readonly
|
||
|
267D0F78000
|
heap
|
page read and write
|
||
|
267D0F86000
|
heap
|
page read and write
|
||
|
25875A9B000
|
heap
|
page read and write
|
||
|
267D06AB000
|
heap
|
page read and write
|
||
|
267D1418000
|
heap
|
page read and write
|
||
|
267D0FA5000
|
heap
|
page read and write
|
||
|
7FFF2F3D9000
|
unkown
|
page readonly
|
||
|
7FFF2F3D6000
|
unkown
|
page read and write
|
||
|
7FFF2F3D9000
|
unkown
|
page readonly
|
||
|
25875BE0000
|
heap
|
page read and write
|
||
|
28AC3B10000
|
heap
|
page read and write
|
||
|
2A6C2818000
|
heap
|
page read and write
|
||
|
267D0F89000
|
heap
|
page read and write
|
||
|
1130000
|
heap
|
page read and write
|
||
|
7FFF2F3D9000
|
unkown
|
page readonly
|
||
|
29FD1200000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page read and write
|
||
|
9E0000
|
direct allocation
|
page execute and read and write
|
||
|
2C9B000
|
stack
|
page read and write
|
||
|
24F67970000
|
trusted library allocation
|
page read and write
|
||
|
267D0FA5000
|
heap
|
page read and write
|
||
|
15654A80000
|
trusted library allocation
|
page read and write
|
||
|
15654302000
|
heap
|
page read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
22574120000
|
heap
|
page read and write
|
||
|
267D0F8A000
|
heap
|
page read and write
|
||
|
267D0FD8000
|
heap
|
page read and write
|
||
|
EE3000
|
heap
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page readonly
|
||
|
1135000
|
heap
|
page read and write
|
||
|
29FD1313000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page readonly
|
||
|
267D0F8A000
|
heap
|
page read and write
|
||
|
267D0F85000
|
heap
|
page read and write
|
||
|
27D57F42000
|
heap
|
page read and write
|
||
|
1D80D585000
|
heap
|
page read and write
|
||
|
C28000
|
heap
|
page read and write
|
||
|
24292E7C000
|
heap
|
page read and write
|
||
|
267D0FB3000
|
heap
|
page read and write
|
||
|
267D0FB1000
|
heap
|
page read and write
|
||
|
27D57F27000
|
heap
|
page read and write
|
||
|
267D0F88000
|
heap
|
page read and write
|
||
|
7FFF2F3D2000
|
unkown
|
page readonly
|
||
|
25875BE0000
|
heap
|
page read and write
|
||
|
25875A90000
|
heap
|
page read and write
|
||
|
25877600000
|
heap
|
page read and write
|
||
|
24292D30000
|
heap
|
page read and write
|
||
|
29FD1308000
|
heap
|
page read and write
|
||
|
CBB000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page read and write
|
||
|
24F679CD000
|
heap
|
page read and write
|
||
|
7FFF2F381000
|
unkown
|
page execute read
|
||
|
C8F000
|
heap
|
page read and write
|
||
|
BD5508D000
|
stack
|
page read and write
|
||
|
24292F08000
|
heap
|
page read and write
|
||
|
267D0F7A000
|
heap
|
page read and write
|
||
|
28AC3D15000
|
trusted library allocation
|
page read and write
|
||
|
225727E5000
|
heap
|
page read and write
|
||
|
C861FFE000
|
stack
|
page read and write
|
||
|
D5BB4FF000
|
stack
|
page read and write
|
||
|
7E7F8FF000
|
stack
|
page read and write
|
||
|
25877644000
|
heap
|
page read and write
|
||
|
238BBD13000
|
heap
|
page read and write
|
||
|
24F679CD000
|
heap
|
page read and write
|
||
|
29FD1213000
|
heap
|
page read and write
|
||
|
25875B90000
|
heap
|
page read and write
|
||
|
267D0F97000
|
heap
|
page read and write
|
||
|
1D80D470000
|
heap
|
page read and write
|
||
|
29FD10B0000
|
heap
|
page read and write
|
||
|
6F766DB000
|
stack
|
page read and write
|
||
|
267D0FB4000
|
heap
|
page read and write
|
||
|
25875C40000
|
heap
|
page readonly
|
||
|
22572630000
|
heap
|
page read and write
|
||
|
7FFF2F381000
|
unkown
|
page execute read
|
||
|
6F76B7E000
|
stack
|
page read and write
|
||
|
29BE000
|
stack
|
page read and write
|
||
|
1565428E000
|
heap
|
page read and write
|
||
|
267D0F89000
|
heap
|
page read and write
|
||
|
7FFF2F380000
|
unkown
|
page readonly
|
||
|
27D57DB0000
|
heap
|
page read and write
|
||
|
28BF000
|
stack
|
page read and write
|
||
|
267D0F88000
|
heap
|
page read and write
|
||
|
1565423C000
|
heap
|
page read and write
|
||
|
24292E00000
|
heap
|
page read and write
|
||
|
15654300000
|
heap
|
page read and write
|
||
|
7FFF2F380000
|
unkown
|
page readonly
|
||
|
CEB000
|
heap
|
page read and write
|
||
|
29FD126D000
|
heap
|
page read and write
|
||
|
27D57F2F000
|
heap
|
page read and write
|
||
|
267D0F57000
|
heap
|
page read and write
|
||
|
25875D05000
|
heap
|
page read and write
|
||
|
267D1422000
|
heap
|
page read and write
|
||
|
25875A70000
|
heap
|
page read and write
|
||
|
AF662FB000
|
stack
|
page read and write
|
||
|
25875A70000
|
heap
|
page read and write
|
||
|
267D0FAA000
|
heap
|
page read and write
|
||
|
24292F02000
|
heap
|
page read and write
|
||
|
267D063C000
|
heap
|
page read and write
|
||
|
9F9107E000
|
stack
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
24F67980000
|
heap
|
page read and write
|
||
|
15654170000
|
heap
|
page read and write
|
||
|
2E0A000
|
stack
|
page read and write
|
||
|
29FD1249000
|
heap
|
page read and write
|
||
|
238BBBF0000
|
trusted library allocation
|
page read and write
|
||
|
27D57F42000
|
heap
|
page read and write
|
||
|
27D0000
|
heap
|
page read and write
|
||
|
25875A90000
|
heap
|
page read and write
|
||
|
7FFF2F381000
|
unkown
|
page execute read
|
||
|
267D0600000
|
heap
|
page read and write
|
||
|
29FD1270000
|
heap
|
page read and write
|
||
|
15654281000
|
heap
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
E40000
|
heap
|
page readonly
|
||
|
25875C40000
|
heap
|
page readonly
|
||
|
267D0650000
|
heap
|
page read and write
|
||
|
267D064D000
|
heap
|
page read and write
|
||
|
27D57F23000
|
heap
|
page read and write
|
||
|
1D80D6F0000
|
heap
|
page read and write
|
||
|
267D0F7C000
|
heap
|
page read and write
|
||
|
24292E52000
|
heap
|
page read and write
|
||
|
15654C02000
|
trusted library allocation
|
page read and write
|
||
|
7FFF2F3D2000
|
unkown
|
page readonly
|
||
|
18002D000
|
direct allocation
|
page readonly
|
||
|
267D0F8F000
|
heap
|
page read and write
|
||
|
238BBC00000
|
heap
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page readonly
|
||
|
25877600000
|
heap
|
page read and write
|
||
|
7FFF2F380000
|
unkown
|
page readonly
|
||
|
27D57F36000
|
heap
|
page read and write
|
||
|
238BBC02000
|
heap
|
page read and write
|
||
|
156541E0000
|
heap
|
page read and write
|
||
|
7FFF2F3D6000
|
unkown
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page readonly
|
||
|
24292E29000
|
heap
|
page read and write
|
||
|
25875C40000
|
heap
|
page readonly
|
||
|
238BBC77000
|
heap
|
page read and write
|
||
|
C8C000
|
heap
|
page read and write
|
||
|
24F678C0000
|
heap
|
page read and write
|
||
|
24292E5C000
|
heap
|
page read and write
|
||
|
29FD1229000
|
heap
|
page read and write
|
||
|
267D0702000
|
heap
|
page read and write
|
||
|
28AC3E13000
|
heap
|
page read and write
|
||
|
27D57F17000
|
heap
|
page read and write
|
||
|
24293802000
|
trusted library allocation
|
page read and write
|
||
|
7FFF2F3D2000
|
unkown
|
page readonly
|
||
|
18002F000
|
direct allocation
|
page readonly
|
||
|
15654308000
|
heap
|
page read and write
|
||
|
267D1422000
|
heap
|
page read and write
|
||
|
15654180000
|
heap
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page readonly
|
||
|
24292E13000
|
heap
|
page read and write
|
||
|
267D0F90000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page read and write
|
||
|
1D80D558000
|
heap
|
page read and write
|
||
|
D01000
|
heap
|
page read and write
|
||
|
C861F7F000
|
stack
|
page read and write
|
||
|
1D80D6F4000
|
heap
|
page read and write
|
||
|
267D0F90000
|
heap
|
page read and write
|
||
|
27D57F42000
|
heap
|
page read and write
|
||
|
267D0F88000
|
heap
|
page read and write
|
||
|
28AC3C3D000
|
heap
|
page read and write
|
||
|
267D0F8A000
|
heap
|
page read and write
|
||
|
267D1419000
|
heap
|
page read and write
|
||
|
29FD126F000
|
heap
|
page read and write
|
||
|
267D0FA8000
|
heap
|
page read and write
|
||
|
905000
|
stack
|
page read and write
|
||
|
25877640000
|
heap
|
page read and write
|
||
|
267D1402000
|
heap
|
page read and write
|
||
|
22572A70000
|
direct allocation
|
page execute and read and write
|
||
|
238BBC3E000
|
heap
|
page read and write
|
||
|
267D0F9A000
|
heap
|
page read and write
|
||
|
238BBD02000
|
heap
|
page read and write
|
||
|
225728A0000
|
heap
|
page read and write
|
||
|
27D57F36000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
24F679C5000
|
heap
|
page read and write
|
||
|
267D068A000
|
heap
|
page read and write
|
||
|
24F67930000
|
trusted library allocation
|
page read and write
|
||
|
15654274000
|
heap
|
page read and write
|
||
|
7E7F5AA000
|
stack
|
page read and write
|
||
|
24F68810000
|
trusted library allocation
|
page read and write
|
||
|
267D0F80000
|
heap
|
page read and write
|
||
|
25875C00000
|
direct allocation
|
page execute and read and write
|
||
|
C61000
|
heap
|
page read and write
|
||
|
267D0653000
|
heap
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
9FDED55000
|
stack
|
page read and write
|
||
|
7FFF2F3D9000
|
unkown
|
page readonly
|
||
|
267D0F78000
|
heap
|
page read and write
|
||
|
24F678A0000
|
heap
|
page read and write
|
||
|
24F679E6000
|
heap
|
page read and write
|
||
|
9FDF07F000
|
stack
|
page read and write
|
||
|
9F90E7F000
|
stack
|
page read and write
|
||
|
22572A80000
|
heap
|
page read and write
|
||
|
267D0F7A000
|
heap
|
page read and write
|
||
|
2B9C000
|
stack
|
page read and write
|
||
|
267D0F7D000
|
heap
|
page read and write
|
||
|
15654249000
|
heap
|
page read and write
|
||
|
267D0F20000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
267D1402000
|
heap
|
page read and write
|
||
|
7E7F87F000
|
stack
|
page read and write
|
||
|
7FFF2F381000
|
unkown
|
page execute read
|
||
|
27D57EE0000
|
heap
|
page read and write
|
||
|
29FD1300000
|
heap
|
page read and write
|
||
|
267D1402000
|
heap
|
page read and write
|
||
|
D5BB67E000
|
stack
|
page read and write
|
||
|
24F685E0000
|
trusted library allocation
|
page read and write
|
||
|
96486F9000
|
stack
|
page read and write
|
||
|
24292DD0000
|
trusted library allocation
|
page read and write
|
||
|
24F67C79000
|
heap
|
page read and write
|
||
|
267D0F82000
|
heap
|
page read and write
|
||
|
7FFF2F3D6000
|
unkown
|
page read and write
|
||
|
C30367E000
|
stack
|
page read and write
|
||
|
267D0F78000
|
heap
|
page read and write
|
||
|
EFD000
|
heap
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
27D57F29000
|
heap
|
page read and write
|
||
|
267D1418000
|
heap
|
page read and write
|
||
|
267D0FBD000
|
heap
|
page read and write
|
||
|
15654276000
|
heap
|
page read and write
|
||
|
267D0400000
|
heap
|
page read and write
|
||
|
C3039F7000
|
stack
|
page read and write
|
||
|
24292E62000
|
heap
|
page read and write
|
||
|
6F767DE000
|
stack
|
page read and write
|
||
|
2E9F000
|
stack
|
page read and write
|
||
|
24F67C60000
|
heap
|
page readonly
|
||
|
267D0F7D000
|
heap
|
page read and write
|
||
|
CEB000
|
heap
|
page read and write
|
||
|
C3033DC000
|
stack
|
page read and write
|
||
|
267D0FB3000
|
heap
|
page read and write
|
||
|
29FD126C000
|
heap
|
page read and write
|
||
|
25875D00000
|
heap
|
page read and write
|
||
|
28AC3F13000
|
heap
|
page read and write
|
||
|
267D0F78000
|
heap
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
24292E86000
|
heap
|
page read and write
|
||
|
25875A9B000
|
heap
|
page read and write
|
||
|
267D06EC000
|
heap
|
page read and write
|
||
|
DB32AFD000
|
stack
|
page read and write
|
||
|
267D0716000
|
heap
|
page read and write
|
||
|
267D0FB2000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page readonly
|
||
|
7FFF2F3D2000
|
unkown
|
page readonly
|
||
|
9F90FFE000
|
stack
|
page read and write
|
||
|
C10000
|
trusted library allocation
|
page read and write
|
||
|
27D57F17000
|
heap
|
page read and write
|
||
|
7FFF2F3D9000
|
unkown
|
page readonly
|
||
|
267D05C0000
|
remote allocation
|
page read and write
|
||
|
9F0000
|
heap
|
page readonly
|
||
|
267D0F97000
|
heap
|
page read and write
|
||
|
1D80D310000
|
heap
|
page read and write
|
||
|
225740A0000
|
heap
|
page read and write
|
||
|
267D0F82000
|
heap
|
page read and write
|
||
|
25875A90000
|
heap
|
page read and write
|
||
|
15654253000
|
heap
|
page read and write
|
||
|
25875BE0000
|
heap
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
24F67760000
|
heap
|
page read and write
|
||
|
24F67C75000
|
heap
|
page read and write
|
||
|
6F770F8000
|
stack
|
page read and write
|
||
|
267D0FB3000
|
heap
|
page read and write
|
||
|
24F679CD000
|
heap
|
page read and write
|
||
|
29FD1255000
|
heap
|
page read and write
|
||
|
267D0FB8000
|
heap
|
page read and write
|
||
|
27A0000
|
remote allocation
|
page read and write
|
||
|
7FFF2F3D6000
|
unkown
|
page read and write
|
||
|
267D0F82000
|
heap
|
page read and write
|
||
|
225727A0000
|
heap
|
page read and write
|
||
|
1565424E000
|
heap
|
page read and write
|
||
|
267D0FB1000
|
heap
|
page read and write
|
||
|
267D0FA9000
|
heap
|
page read and write
|
||
|
267D06FB000
|
heap
|
page read and write
|
||
|
6F76C78000
|
stack
|
page read and write
|
||
|
24F67C70000
|
heap
|
page read and write
|
||
|
930000
|
remote allocation
|
page read and write
|
||
|
27D57F36000
|
heap
|
page read and write
|
||
|
267D0FA9000
|
heap
|
page read and write
|
||
|
267D0F90000
|
heap
|
page read and write
|
||
|
C3036FE000
|
stack
|
page read and write
|
||
|
267D0613000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
15654200000
|
heap
|
page read and write
|
||
|
25877600000
|
heap
|
page read and write
|
||
|
1D80D520000
|
heap
|
page readonly
|
||
|
267D05C0000
|
remote allocation
|
page read and write
|
||
|
24292F00000
|
heap
|
page read and write
|
||
|
29FD126A000
|
heap
|
page read and write
|
||
|
267D05C0000
|
remote allocation
|
page read and write
|
||
|
7FFF2F3D6000
|
unkown
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page readonly
|
||
|
6F76FFF000
|
unkown
|
page read and write
|
||
|
238BBD00000
|
heap
|
page read and write
|
||
|
267D0F97000
|
heap
|
page read and write
|
||
|
225727A8000
|
heap
|
page read and write
|
||
|
238BBC24000
|
heap
|
page read and write
|
||
|
964887F000
|
stack
|
page read and write
|
||
|
96482CC000
|
stack
|
page read and write
|
||
|
24F67770000
|
trusted library allocation
|
page read and write
|
||
|
267D0F9B000
|
heap
|
page read and write
|
||
|
27D57F40000
|
heap
|
page read and write
|
||
|
267D0649000
|
heap
|
page read and write
|
||
|
28AC3C02000
|
unkown
|
page read and write
|
||
|
25875CA0000
|
remote allocation
|
page read and write
|
||
|
C8B000
|
heap
|
page read and write
|
||
|
28AC3C28000
|
heap
|
page read and write
|
||
|
9FDED55000
|
stack
|
page read and write
|
||
|
27D57F2F000
|
heap
|
page read and write
|
||
|
2680000
|
heap
|
page read and write
|
||
|
AF664FE000
|
stack
|
page read and write
|
||
|
D5BADDC000
|
stack
|
page read and write
|
||
|
2A6C2720000
|
heap
|
page read and write
|
||
|
AF663FB000
|
stack
|
page read and write
|
||
|
15654229000
|
heap
|
page read and write
|
||
|
24F67988000
|
heap
|
page read and write
|
||
|
9FDEDDE000
|
stack
|
page read and write
|
||
|
25875930000
|
unkown
|
page read and write
|
||
|
25875D05000
|
heap
|
page read and write
|
||
|
E68000
|
heap
|
page read and write
|
||
|
C8E000
|
heap
|
page read and write
|
||
|
21F6C9B000
|
stack
|
page read and write
|
||
|
25875D05000
|
heap
|
page read and write
|
||
|
29C0000
|
heap
|
page read and write
|
||
|
25875A9B000
|
heap
|
page read and write
|
||
|
C3038FB000
|
stack
|
page read and write
|
||
|
1D80D4E0000
|
direct allocation
|
page execute and read and write
|
||
|
278F000
|
stack
|
page read and write
|
||
|
BD554FE000
|
stack
|
page read and write
|
||
|
7E7FB7C000
|
stack
|
page read and write
|
||
|
238BBA80000
|
heap
|
page read and write
|
||
|
267D0F8F000
|
heap
|
page read and write
|
||
|
27D581C5000
|
heap
|
page read and write
|
||
|
28AC3D23000
|
heap
|
page read and write
|
||
|
2A6C2810000
|
heap
|
page read and write
|
||
|
C61000
|
heap
|
page read and write
|
||
|
25875930000
|
heap
|
page read and write
|
||
|
27D581C0000
|
heap
|
page read and write
|
||
|
267D1402000
|
heap
|
page read and write
|
||
|
9FDEDDE000
|
stack
|
page read and write
|
||
|
27D57F2F000
|
heap
|
page read and write
|
||
|
C303AFE000
|
stack
|
page read and write
|
||
|
28AC3C13000
|
unkown
|
page read and write
|
||
|
15654313000
|
heap
|
page read and write
|
||
|
964867B000
|
stack
|
page read and write
|
||
|
CED000
|
heap
|
page read and write
|
||
|
267D0FB4000
|
heap
|
page read and write
|
||
|
CBB000
|
heap
|
page read and write
|
||
|
267D0F80000
|
heap
|
page read and write
|
||
|
7FFF2F380000
|
unkown
|
page readonly
|
||
|
1D80D785000
|
heap
|
page read and write
|
||
|
6F76D77000
|
stack
|
page read and write
|
||
|
29FD1302000
|
heap
|
page read and write
|
||
|
964877F000
|
stack
|
page read and write
|
||
|
CBB000
|
heap
|
page read and write
|
||
|
7FFF2F3D6000
|
unkown
|
page read and write
|
||
|
293C000
|
stack
|
page read and write
|
||
|
28AC3F00000
|
heap
|
page read and write
|
||
|
24F68820000
|
trusted library allocation
|
page read and write
|
||
|
27D57F12000
|
heap
|
page read and write
|
||
|
267D03A0000
|
heap
|
page read and write
|
||
|
267D0713000
|
heap
|
page read and write
|
||
|
D5BB57E000
|
stack
|
page read and write
|
||
|
238BC402000
|
trusted library allocation
|
page read and write
|
||
|
25877640000
|
heap
|
page read and write
|
||
|
6F7675E000
|
stack
|
page read and write
|
||
|
267D0F89000
|
heap
|
page read and write
|
||
|
27D57F25000
|
heap
|
page read and write
|
||
|
267D0F86000
|
heap
|
page read and write
|
||
|
267D0F00000
|
heap
|
page read and write
|
||
|
267D0F1E000
|
heap
|
page read and write
|
||
|
9F90BF6000
|
stack
|
page read and write
|
||
|
29FD11B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFF2F381000
|
unkown
|
page execute read
|
||
|
975000
|
heap
|
page read and write
|
||
|
25875D00000
|
heap
|
page read and write
|
||
|
24292E5E000
|
heap
|
page read and write
|
||
|
1D80D57C000
|
heap
|
page read and write
|
||
|
2A6C2825000
|
heap
|
page read and write
|
||
|
C8620FE000
|
stack
|
page read and write
|
||
|
28AC3C2E000
|
heap
|
page read and write
|
||
|
267D1403000
|
heap
|
page read and write
|
||
|
267D06EA000
|
heap
|
page read and write
|
||
|
267D0670000
|
heap
|
page read and write
|
||
|
27A0000
|
remote allocation
|
page read and write
|
||
|
29FD1050000
|
heap
|
page read and write
|
||
|
267D06B5000
|
heap
|
page read and write
|
||
|
27D4000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
1D80D580000
|
heap
|
page read and write
|
||
|
238BBC13000
|
heap
|
page read and write
|
||
|
9FDF07F000
|
stack
|
page read and write
|
||
|
1565428B000
|
heap
|
page read and write
|
||
|
25875B90000
|
heap
|
page read and write
|
||
|
28AC3D02000
|
trusted library allocation
|
page read and write
|
||
|
EC1000
|
heap
|
page read and write
|
||
|
267D0FAC000
|
heap
|
page read and write
|
||
|
267D0FCC000
|
heap
|
page read and write
|
||
|
7FFF2F381000
|
unkown
|
page execute read
|
||
|
267D0F78000
|
heap
|
page read and write
|
||
|
BD557F9000
|
stack
|
page read and write
|
||
|
CB3000
|
heap
|
page read and write
|
||
|
1D80D550000
|
heap
|
page read and write
|
||
|
267D0F88000
|
heap
|
page read and write
|
||
|
267D0F5D000
|
heap
|
page read and write
|
||
|
2830000
|
heap
|
page read and write
|
||
|
267D06AB000
|
heap
|
page read and write
|
||
|
267D0FA9000
|
heap
|
page read and write
|
||
|
22572802000
|
heap
|
page read and write
|
||
|
24292D40000
|
heap
|
page read and write
|
||
|
267D0F59000
|
heap
|
page read and write
|
||
|
6F76F7F000
|
stack
|
page read and write
|
||
|
25875930000
|
unkown
|
page read and write
|
||
|
267D0FB2000
|
heap
|
page read and write
|
||
|
7FFF2F380000
|
unkown
|
page readonly
|
||
|
267D0F99000
|
heap
|
page read and write
|
||
|
267D1402000
|
heap
|
page read and write
|
||
|
21F72F7000
|
stack
|
page read and write
|
||
|
267D06E2000
|
heap
|
page read and write
|
||
|
267D06E7000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page readonly
|
||
|
7FFF2F380000
|
unkown
|
page readonly
|
||
|
267D0F8A000
|
heap
|
page read and write
|
||
|
267D0FBD000
|
heap
|
page read and write
|
||
|
21F74FE000
|
stack
|
page read and write
|
||
|
267D0F8F000
|
heap
|
page read and write
|
||
|
267D0F88000
|
heap
|
page read and write
|
||
|
24F67950000
|
trusted library allocation
|
page read and write
|
||
|
7FFF2F3D9000
|
unkown
|
page readonly
|
||
|
28AC3E02000
|
heap
|
page read and write
|
||
|
7E7FAFF000
|
stack
|
page read and write
|
||
|
25875CA0000
|
remote allocation
|
page read and write
|
||
|
267D0500000
|
trusted library allocation
|
page read and write
|
||
|
7FFF2F3D6000
|
unkown
|
page read and write
|
||
|
267D1402000
|
heap
|
page read and write
|
||
|
267D0FA1000
|
heap
|
page read and write
|
||
|
CB3000
|
heap
|
page read and write
|
||
|
238BBA90000
|
heap
|
page read and write
|
||
|
22572A85000
|
heap
|
page read and write
|
||
|
267D0E02000
|
heap
|
page read and write
|
||
|
C86207E000
|
stack
|
page read and write
|
||
|
267D0F86000
|
heap
|
page read and write
|
||
|
24292E7A000
|
heap
|
page read and write
|
||
|
25877644000
|
heap
|
page read and write
|
||
|
9F910FB000
|
stack
|
page read and write
|
||
|
267D0F7A000
|
heap
|
page read and write
|
||
|
CED000
|
heap
|
page read and write
|
||
|
27A0000
|
remote allocation
|
page read and write
|
||
|
96487F9000
|
stack
|
page read and write
|
||
|
E60000
|
heap
|
page read and write
|
||
|
267D0F7A000
|
heap
|
page read and write
|
||
|
7FFF2F3D9000
|
unkown
|
page readonly
|
||
|
267D0F74000
|
heap
|
page read and write
|
||
|
7FFF2F381000
|
unkown
|
page execute read
|
||
|
7E7F9FF000
|
stack
|
page read and write
|
||
|
D5BB2FB000
|
stack
|
page read and write
|
||
|
C861E75000
|
stack
|
page read and write
|
||
|
28AC3C00000
|
unkown
|
page read and write
|
||
|
21F6D9E000
|
stack
|
page read and write
|
||
|
1D80D596000
|
heap
|
page read and write
|
||
|
D5BB1FB000
|
stack
|
page read and write
|
||
|
24F68870000
|
trusted library allocation
|
page read and write
|
||
|
2C1E000
|
stack
|
page read and write
|
||
|
24292E7A000
|
heap
|
page read and write
|
||
|
267D0F7B000
|
heap
|
page read and write
|
||
|
EAD000
|
heap
|
page read and write
|
||
|
2640000
|
trusted library allocation
|
page read and write
|
||
|
29FD1040000
|
heap
|
page read and write
|
||
|
24292DA0000
|
heap
|
page read and write
|
||
|
238BBC58000
|
heap
|
page read and write
|
||
|
15654213000
|
heap
|
page read and write
|
||
|
28AC3AA0000
|
heap
|
page read and write
|
||
|
D5BB07E000
|
stack
|
page read and write
|
||
|
267D0F82000
|
heap
|
page read and write
|
||
|
7E7F97F000
|
stack
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page readonly
|
||
|
CB8000
|
heap
|
page read and write
|
||
|
25875C00000
|
direct allocation
|
page execute and read and write
|
||
|
267D0F8A000
|
heap
|
page read and write
|
||
|
22574124000
|
heap
|
page read and write
|
||
|
27CE000
|
stack
|
page read and write
|
||
|
24292E60000
|
heap
|
page read and write
|
||
|
27D57F3F000
|
heap
|
page read and write
|
||
|
25877644000
|
heap
|
page read and write
|
||
|
D70000
|
heap
|
page read and write
|
||
|
1D80EFF0000
|
heap
|
page read and write
|
||
|
267D0F82000
|
heap
|
page read and write
|
||
|
28AC3D00000
|
trusted library allocation
|
page read and write
|
||
|
AF665FB000
|
stack
|
page read and write
|
||
|
21F73FE000
|
stack
|
page read and write
|
||
|
2A6C2790000
|
heap
|
page read and write
|
||
|
7FFF2F3D2000
|
unkown
|
page readonly
|
||
|
267D0708000
|
heap
|
page read and write
|
||
|
25877640000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page readonly
|
||
|
24F67C80000
|
trusted library allocation
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page readonly
|
||
|
C861EFE000
|
stack
|
page read and write
|
||
|
9F90EFF000
|
stack
|
page read and write
|
||
|
22574220000
|
heap
|
page read and write
|
||
|
29C4000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page read and write
|
||
|
1D80D780000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
28AC3AB0000
|
trusted library allocation
|
page read and write
|
||
|
24292E3C000
|
heap
|
page read and write
|
||
|
28AC3C30000
|
heap
|
page read and write
|
||
|
21F71FB000
|
stack
|
page read and write
|
||
|
2E1F000
|
stack
|
page read and write
|
||
|
267D064A000
|
heap
|
page read and write
|
||
|
267D0F78000
|
heap
|
page read and write
|
||
|
27D57F00000
|
heap
|
page read and write
|
||
|
9FDEDDE000
|
stack
|
page read and write
|
||
|
15654270000
|
heap
|
page read and write
|
||
|
267D0390000
|
heap
|
page read and write
|
||
|
6F76E7C000
|
stack
|
page read and write
|
||
|
D5BB0FE000
|
stack
|
page read and write
|
||
|
267D0FA1000
|
heap
|
page read and write
|
||
|
267D0F86000
|
heap
|
page read and write
|
||
|
267D0627000
|
heap
|
page read and write
|
||
|
267D06C8000
|
heap
|
page read and write
|
||
|
1D80D450000
|
heap
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
C303BFF000
|
stack
|
page read and write
|
||
|
267D06C1000
|
heap
|
page read and write
|
||
|
25875B90000
|
heap
|
page read and write
|
||
|
2D9F000
|
stack
|
page read and write
|
||
|
267D0657000
|
heap
|
page read and write
|
||
|
21F6D1E000
|
stack
|
page read and write
|
||
|
267D1400000
|
heap
|
page read and write
|
||
|
27D57F0B000
|
heap
|
page read and write
|
||
|
267D0FAC000
|
heap
|
page read and write
|
||
|
267D1402000
|
heap
|
page read and write
|
||
|
7FFF2F3D2000
|
unkown
|
page readonly
|
||
|
29FD123C000
|
heap
|
page read and write
|
||
|
24292E5A000
|
heap
|
page read and write
|
||
|
9F90F7E000
|
stack
|
page read and write
|
||
|
1D80D4C0000
|
heap
|
page read and write
|
||
|
C61000
|
heap
|
page read and write
|
||
|
2D8F000
|
stack
|
page read and write
|
||
|
CED000
|
heap
|
page read and write
|
||
|
25875A70000
|
heap
|
page read and write
|
||
|
9FDED55000
|
stack
|
page read and write
|
||
|
28AC3F02000
|
heap
|
page read and write
|
||
|
27D58000000
|
heap
|
page read and write
|
||
|
2EA0000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page readonly
|
||
|
7E7FA78000
|
stack
|
page read and write
|
||
|
24F67940000
|
trusted library allocation
|
page read and write
|
||
|
E00000
|
direct allocation
|
page execute and read and write
|
||
|
29FD1272000
|
heap
|
page read and write
|
||
|
25875D00000
|
heap
|
page read and write
|
||
|
D5BB3F7000
|
stack
|
page read and write
|
||
|
7FFF2F380000
|
unkown
|
page readonly
|
||
|
9FDF07F000
|
stack
|
page read and write
|
||
|
267D0FA9000
|
heap
|
page read and write
|
||
|
267D0F7C000
|
heap
|
page read and write
|
||
|
267D0F2A000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
267D0F86000
|
heap
|
page read and write
|
||
|
25875C00000
|
direct allocation
|
page execute and read and write
|
||
|
CEB000
|
heap
|
page read and write
|
||
|
29FD1A02000
|
trusted library allocation
|
page read and write
|
||
|
225740F0000
|
heap
|
page readonly
|
||
|
930000
|
remote allocation
|
page read and write
|
||
|
267D0F9B000
|
heap
|
page read and write
|
||
|
28AC3C0D000
|
unkown
|
page read and write
|
There are 585 hidden memdumps, click here to show them.