Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
W3XqCWvDWC.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage engine DataBase, version 0x620, checksum 0xd1c7ce56, page size 16384, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_W3X_4b2923b72b8cb92cc1b5f136816e1b8388c8c88_11952a33_188de68a\Report.wer
|
Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_W3X_4b2923b72b8cb92cc1b5f136816e1b8388c8c88_11952a33_192de409\Report.wer
|
Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC3CF.tmp.dmp
|
Mini DuMP crash report, 15 streams, Mon May 23 05:29:49 2022, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC844.tmp.dmp
|
Mini DuMP crash report, 15 streams, Mon May 23 05:29:50 2022, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCDD3.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD0C2.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD17C.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD544.tmp.csv
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD882.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD95C.tmp.csv
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDA57.tmp.txt
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDD17.tmp.txt
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, 61480 bytes, 1 file
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
modified
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
ASCII text, with no line terminators
|
dropped
|
There are 7 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\regsvr32.exe
|
regsvr32.exe /s C:\Users\user\Desktop\W3XqCWvDWC.dll
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\W3XqCWvDWC.dll",#1
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\W3XqCWvDWC.dll,AddIn_FileTime
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\W3XqCWvDWC.dll,AddIn_SystemTime
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\KYnbMwv\FkmMqbieZ.dll"
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\W3XqCWvDWC.dll,DllRegisterServer
|
|
|
|
C:\Windows\System32\loaddll64.exe
|
loaddll64.exe "C:\Users\user\Desktop\W3XqCWvDWC.dll"
|
||
|
C:\Windows\System32\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\W3XqCWvDWC.dll",#1
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k WerSvcGroup
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -pss -s 428 -p 5116 -ip 5116
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -pss -s 492 -p 3628 -ip 3628
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 5116 -s 336
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 3628 -s 328
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p
|
||
|
C:\Windows\System32\svchost.exe
|
c:\windows\system32\svchost.exe -k netsvcs -p -s BITS
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p
|
There are 9 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://www.disneyplus.com/legal/your-california-privacy-rights
|
unknown
|
||
|
https://www.disneyplus.com/legal/privacy-policy
|
unknown
|
||
|
https://165.22.73.229:8080/
|
unknown
|
||
|
https://www.hotspotshield.com/terms/
|
unknown
|
||
|
https://www.pango.co/privacy
|
unknown
|
||
|
https://disneyplus.com/legal.
|
unknown
|
||
|
https://165.22.73.229/
|
unknown
|
||
|
https://165.22.73.229:8080/temD
|
unknown
|
||
|
http://crl.ver)
|
unknown
|
||
|
https://www.tiktok.com/legal/report/feedback
|
unknown
|
||
|
http://help.disneyplus.com.
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/08/addressin
|
unknown
|
||
|
https://support.hotspotshield.com/
|
unknown
|
There are 3 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
165.22.73.229
|
unknown
|
United States
|
|
|
|
192.168.2.1
|
unknown
|
unknown
|
||
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{50e1f40b-35d9-9514-3dd2-1a291dd85141}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProgramId
|
||
|
\REGISTRY\A\{50e1f40b-35d9-9514-3dd2-1a291dd85141}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
FileId
|
||
|
\REGISTRY\A\{50e1f40b-35d9-9514-3dd2-1a291dd85141}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{50e1f40b-35d9-9514-3dd2-1a291dd85141}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LongPathHash
|
||
|
\REGISTRY\A\{50e1f40b-35d9-9514-3dd2-1a291dd85141}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Name
|
||
|
\REGISTRY\A\{50e1f40b-35d9-9514-3dd2-1a291dd85141}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Publisher
|
||
|
\REGISTRY\A\{50e1f40b-35d9-9514-3dd2-1a291dd85141}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Version
|
||
|
\REGISTRY\A\{50e1f40b-35d9-9514-3dd2-1a291dd85141}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinFileVersion
|
||
|
\REGISTRY\A\{50e1f40b-35d9-9514-3dd2-1a291dd85141}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinaryType
|
||
|
\REGISTRY\A\{50e1f40b-35d9-9514-3dd2-1a291dd85141}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductName
|
||
|
\REGISTRY\A\{50e1f40b-35d9-9514-3dd2-1a291dd85141}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductVersion
|
||
|
\REGISTRY\A\{50e1f40b-35d9-9514-3dd2-1a291dd85141}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LinkDate
|
||
|
\REGISTRY\A\{50e1f40b-35d9-9514-3dd2-1a291dd85141}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinProductVersion
|
||
|
\REGISTRY\A\{50e1f40b-35d9-9514-3dd2-1a291dd85141}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Size
|
||
|
\REGISTRY\A\{50e1f40b-35d9-9514-3dd2-1a291dd85141}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Language
|
||
|
\REGISTRY\A\{50e1f40b-35d9-9514-3dd2-1a291dd85141}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsPeFile
|
||
|
\REGISTRY\A\{50e1f40b-35d9-9514-3dd2-1a291dd85141}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsOsComponent
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
00180008F3870B0F
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
00180008F3870B0F
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\System32\ci.dll,-100
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\System32\ci.dll,-101
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\system32\dnsapi.dll,-103
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\System32\fveui.dll,-843
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\System32\fveui.dll,-844
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\System32\wuaueng.dll,-400
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\system32\NgcRecovery.dll,-100
|
There are 23 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
21F07620000
|
direct allocation
|
page execute and read and write
|
|
|
|
29D0DC80000
|
direct allocation
|
page execute and read and write
|
|
|
|
29D0DC80000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
21F07620000
|
direct allocation
|
page execute and read and write
|
|
|
|
1F20000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
21F07620000
|
direct allocation
|
page execute and read and write
|
|
|
|
29D0DC80000
|
direct allocation
|
page execute and read and write
|
|
|
|
CF0000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
18002E000
|
direct allocation
|
page readonly
|
||
|
1D7DFB06000
|
heap
|
page read and write
|
||
|
1F13844A000
|
heap
|
page read and write
|
||
|
CC29D9F000
|
stack
|
page read and write
|
||
|
21F05D38000
|
heap
|
page read and write
|
||
|
280D10D0000
|
heap
|
page read and write
|
||
|
194F5502000
|
heap
|
page read and write
|
||
|
19057030000
|
heap
|
page read and write
|
||
|
25A22700000
|
trusted library allocation
|
page read and write
|
||
|
2B20FF11000
|
heap
|
page read and write
|
||
|
284D000
|
heap
|
page read and write
|
||
|
B6C000
|
heap
|
page read and write
|
||
|
6DA000
|
heap
|
page read and write
|
||
|
6EB000
|
heap
|
page read and write
|
||
|
25A224AA000
|
heap
|
page read and write
|
||
|
D20000
|
heap
|
page readonly
|
||
|
194F6590000
|
trusted library section
|
page readonly
|
||
|
29D0DDA0000
|
remote allocation
|
page read and write
|
||
|
194FAC12000
|
heap
|
page read and write
|
||
|
EAD3177000
|
stack
|
page read and write
|
||
|
25A22440000
|
heap
|
page read and write
|
||
|
2A1E000
|
heap
|
page read and write
|
||
|
1F138F92000
|
heap
|
page read and write
|
||
|
25A23320000
|
trusted library allocation
|
page read and write
|
||
|
68C000
|
heap
|
page read and write
|
||
|
25A223F0000
|
heap
|
page read and write
|
||
|
1D7E3610000
|
heap
|
page read and write
|
||
|
4004C77000
|
stack
|
page read and write
|
||
|
1E85E788000
|
heap
|
page read and write
|
||
|
20E5E800000
|
unkown
|
page read and write
|
||
|
20E5E670000
|
trusted library allocation
|
page read and write
|
||
|
27465D13000
|
heap
|
page read and write
|
||
|
194FACDA000
|
heap
|
page read and write
|
||
|
2B20FF05000
|
heap
|
page read and write
|
||
|
29D0C320000
|
heap
|
page read and write
|
||
|
2B20FF0E000
|
heap
|
page read and write
|
||
|
194FABF0000
|
trusted library allocation
|
page read and write
|
||
|
21F05D10000
|
heap
|
page read and write
|
||
|
1F139402000
|
heap
|
page read and write
|
||
|
194F5C15000
|
heap
|
page read and write
|
||
|
1D7DFBE0000
|
heap
|
page read and write
|
||
|
280D1152000
|
heap
|
page read and write
|
||
|
2B20FF0E000
|
heap
|
page read and write
|
||
|
AAEA70B000
|
stack
|
page read and write
|
||
|
194F6550000
|
trusted library section
|
page readonly
|
||
|
A8E95DE000
|
stack
|
page read and write
|
||
|
194FAAB8000
|
trusted library allocation
|
page read and write
|
||
|
1F138451000
|
heap
|
page read and write
|
||
|
EE14FC000
|
stack
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
7FF8BE5AB000
|
unkown
|
page read and write
|
||
|
194FACDE000
|
heap
|
page read and write
|
||
|
2832000
|
heap
|
page read and write
|
||
|
25A22449000
|
heap
|
page read and write
|
||
|
4004E7E000
|
stack
|
page read and write
|
||
|
239AA09C000
|
heap
|
page read and write
|
||
|
AF0000
|
heap
|
page read and write
|
||
|
CC2A07E000
|
stack
|
page read and write
|
||
|
27465C48000
|
heap
|
page read and write
|
||
|
1D7DFBD0000
|
heap
|
page read and write
|
||
|
194FACE4000
|
heap
|
page read and write
|
||
|
1F139403000
|
heap
|
page read and write
|
||
|
194FA990000
|
trusted library allocation
|
page read and write
|
||
|
194FAC00000
|
heap
|
page read and write
|
||
|
67D000
|
heap
|
page read and write
|
||
|
1F138F90000
|
heap
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page read and write
|
||
|
29D0C1E0000
|
heap
|
page read and write
|
||
|
21F05D30000
|
heap
|
page read and write
|
||
|
194FAE10000
|
remote allocation
|
page read and write
|
||
|
1F138360000
|
heap
|
page read and write
|
||
|
AA0000
|
heap
|
page read and write
|
||
|
19057313000
|
heap
|
page read and write
|
||
|
2B20FEF7000
|
heap
|
page read and write
|
||
|
1F138F6F000
|
heap
|
page read and write
|
||
|
65B000
|
heap
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
194F54A6000
|
heap
|
page read and write
|
||
|
27465C13000
|
heap
|
page read and write
|
||
|
29D0C3B0000
|
heap
|
page read and write
|
||
|
1F138F99000
|
heap
|
page read and write
|
||
|
1F139402000
|
heap
|
page read and write
|
||
|
2B20FEEB000
|
heap
|
page read and write
|
||
|
EE0E7E000
|
stack
|
page read and write
|
||
|
EE13FB000
|
stack
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
16CA97B0000
|
trusted library allocation
|
page read and write
|
||
|
1905723C000
|
heap
|
page read and write
|
||
|
EE12FE000
|
stack
|
page read and write
|
||
|
239A9F20000
|
heap
|
page read and write
|
||
|
19057229000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
642000
|
heap
|
page read and write
|
||
|
1F138461000
|
heap
|
page read and write
|
||
|
194FACF5000
|
heap
|
page read and write
|
||
|
29D0C3B8000
|
heap
|
page read and write
|
||
|
194F5D18000
|
heap
|
page read and write
|
||
|
280D111B000
|
heap
|
page read and write
|
||
|
1F13844D000
|
heap
|
page read and write
|
||
|
F9455EF000
|
stack
|
page read and write
|
||
|
29D0E040000
|
heap
|
page read and write
|
||
|
194FAC60000
|
heap
|
page read and write
|
||
|
2B20FF11000
|
heap
|
page read and write
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
740000
|
heap
|
page readonly
|
||
|
180030000
|
direct allocation
|
page readonly
|
||
|
21F05FF5000
|
heap
|
page read and write
|
||
|
2B20FEF7000
|
heap
|
page read and write
|
||
|
7FF8BE5AB000
|
unkown
|
page read and write
|
||
|
27465C79000
|
heap
|
page read and write
|
||
|
252B000
|
stack
|
page read and write
|
||
|
1F139400000
|
heap
|
page read and write
|
||
|
1F138F9E000
|
heap
|
page read and write
|
||
|
1F138F9E000
|
heap
|
page read and write
|
||
|
25AB000
|
stack
|
page read and write
|
||
|
194FA920000
|
trusted library allocation
|
page read and write
|
||
|
1F138F94000
|
heap
|
page read and write
|
||
|
20E5E902000
|
trusted library allocation
|
page read and write
|
||
|
1D7DF960000
|
heap
|
page read and write
|
||
|
1F138390000
|
trusted library allocation
|
page read and write
|
||
|
194FAD00000
|
heap
|
page read and write
|
||
|
1D7E2D03000
|
heap
|
page read and write
|
||
|
21F05BB0000
|
unkown
|
page read and write
|
||
|
CC29D9F000
|
stack
|
page read and write
|
||
|
7FF8BE5AF000
|
unkown
|
page readonly
|
||
|
21F07780000
|
remote allocation
|
page read and write
|
||
|
1F138F93000
|
heap
|
page read and write
|
||
|
27465D08000
|
heap
|
page read and write
|
||
|
19057A02000
|
trusted library allocation
|
page read and write
|
||
|
27465C4D000
|
heap
|
page read and write
|
||
|
29D0C320000
|
heap
|
page read and write
|
||
|
5F8000
|
heap
|
page read and write
|
||
|
730000
|
direct allocation
|
page execute and read and write
|
||
|
280D1152000
|
heap
|
page read and write
|
||
|
29D6000
|
heap
|
page read and write
|
||
|
194FACF1000
|
heap
|
page read and write
|
||
|
280D1161000
|
heap
|
page read and write
|
||
|
26F0000
|
heap
|
page read and write
|
||
|
B80C98B000
|
stack
|
page read and write
|
||
|
25A22484000
|
heap
|
page read and write
|
||
|
1F138F92000
|
heap
|
page read and write
|
||
|
68C000
|
heap
|
page read and write
|
||
|
194FAABE000
|
trusted library allocation
|
page read and write
|
||
|
194FAC9E000
|
heap
|
page read and write
|
||
|
29D0DE40000
|
heap
|
page read and write
|
||
|
1F138F8E000
|
heap
|
page read and write
|
||
|
194FAD02000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
770000
|
heap
|
page read and write
|
||
|
194F6570000
|
trusted library section
|
page readonly
|
||
|
194F5400000
|
heap
|
page read and write
|
||
|
21F076A0000
|
heap
|
page read and write
|
||
|
20E5E915000
|
trusted library allocation
|
page read and write
|
||
|
280D1158000
|
heap
|
page read and write
|
||
|
1F138448000
|
heap
|
page read and write
|
||
|
F7EFFB000
|
stack
|
page read and write
|
||
|
20E5EB00000
|
heap
|
page read and write
|
||
|
1F138F94000
|
heap
|
page read and write
|
||
|
1F139402000
|
heap
|
page read and write
|
||
|
B85000
|
heap
|
page read and write
|
||
|
16CAA202000
|
trusted library allocation
|
page read and write
|
||
|
25A23350000
|
trusted library allocation
|
page read and write
|
||
|
1F138F8C000
|
heap
|
page read and write
|
||
|
194F5310000
|
heap
|
page read and write
|
||
|
21F05D38000
|
heap
|
page read and write
|
||
|
16CA9800000
|
heap
|
page read and write
|
||
|
21F07610000
|
direct allocation
|
page execute and read and write
|
||
|
29D0C1E0000
|
unkown
|
page read and write
|
||
|
7FF8BE581000
|
unkown
|
page execute read
|
||
|
CC29D1C000
|
stack
|
page read and write
|
||
|
19057130000
|
trusted library allocation
|
page read and write
|
||
|
25A23070000
|
trusted library allocation
|
page read and write
|
||
|
275E000
|
stack
|
page read and write
|
||
|
1F138F9E000
|
heap
|
page read and write
|
||
|
2A48000
|
heap
|
page read and write
|
||
|
29D0C3A0000
|
heap
|
page readonly
|
||
|
CC2A07E000
|
stack
|
page read and write
|
||
|
2B20FF0E000
|
heap
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
DF5000
|
heap
|
page read and write
|
||
|
1F138FA7000
|
heap
|
page read and write
|
||
|
7FF8BE580000
|
unkown
|
page readonly
|
||
|
AAEABF9000
|
stack
|
page read and write
|
||
|
7FF8BE5AB000
|
unkown
|
page read and write
|
||
|
1D7DFAD7000
|
heap
|
page read and write
|
||
|
2B210270000
|
heap
|
page read and write
|
||
|
EE0B78000
|
stack
|
page read and write
|
||
|
6DA000
|
heap
|
page read and write
|
||
|
280D1060000
|
heap
|
page read and write
|
||
|
CB9A8FF000
|
stack
|
page read and write
|
||
|
25A23060000
|
trusted library allocation
|
page read and write
|
||
|
1F138F82000
|
heap
|
page read and write
|
||
|
1F1384ED000
|
heap
|
page read and write
|
||
|
194FABE0000
|
trusted library allocation
|
page read and write
|
||
|
EE117F000
|
stack
|
page read and write
|
||
|
29D0E040000
|
heap
|
page read and write
|
||
|
7FF8BE5AB000
|
unkown
|
page read and write
|
||
|
27465C4A000
|
heap
|
page read and write
|
||
|
1D7DFADE000
|
heap
|
page read and write
|
||
|
194F6580000
|
trusted library section
|
page readonly
|
||
|
27465C49000
|
heap
|
page read and write
|
||
|
25A226F9000
|
heap
|
page read and write
|
||
|
AAEAC7E000
|
stack
|
page read and write
|
||
|
239AA076000
|
heap
|
page read and write
|
||
|
194FAAE0000
|
trusted library allocation
|
page read and write
|
||
|
16CA9780000
|
heap
|
page read and write
|
||
|
27465C4E000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
7FF8BE5AF000
|
unkown
|
page readonly
|
||
|
1F138F92000
|
heap
|
page read and write
|
||
|
2B20FF03000
|
heap
|
page read and write
|
||
|
B80CDFC000
|
stack
|
page read and write
|
||
|
1E85E6B0000
|
heap
|
page read and write
|
||
|
1D7DFAE3000
|
heap
|
page read and write
|
||
|
21F05D10000
|
heap
|
page read and write
|
||
|
6CD000
|
heap
|
page read and write
|
||
|
2BBB000
|
stack
|
page read and write
|
||
|
25A23330000
|
heap
|
page readonly
|
||
|
1F138FAF000
|
heap
|
page read and write
|
||
|
1D7DFAED000
|
heap
|
page read and write
|
||
|
194F6540000
|
trusted library section
|
page readonly
|
||
|
21F05BB0000
|
unkown
|
page read and write
|
||
|
4004F7F000
|
stack
|
page read and write
|
||
|
CC29D9F000
|
stack
|
page read and write
|
||
|
7FF8BE580000
|
unkown
|
page readonly
|
||
|
29D0E040000
|
heap
|
page read and write
|
||
|
194FAAF0000
|
trusted library allocation
|
page read and write
|
||
|
F94587F000
|
stack
|
page read and write
|
||
|
1F138F13000
|
heap
|
page read and write
|
||
|
6EB000
|
heap
|
page read and write
|
||
|
1F138513000
|
heap
|
page read and write
|
||
|
1F138F8E000
|
heap
|
page read and write
|
||
|
F94556C000
|
stack
|
page read and write
|
||
|
6BB000
|
heap
|
page read and write
|
||
|
29D0C660000
|
heap
|
page read and write
|
||
|
7FF8BE5AB000
|
unkown
|
page read and write
|
||
|
194F6900000
|
trusted library allocation
|
page read and write
|
||
|
21F077A0000
|
heap
|
page read and write
|
||
|
7FF8BE5AF000
|
unkown
|
page readonly
|
||
|
25A222A0000
|
trusted library allocation
|
page read and write
|
||
|
684000
|
heap
|
page read and write
|
||
|
2B20FF24000
|
heap
|
page read and write
|
||
|
261F000
|
stack
|
page read and write
|
||
|
194F68E1000
|
trusted library allocation
|
page read and write
|
||
|
19057264000
|
heap
|
page read and write
|
||
|
B41000
|
heap
|
page read and write
|
||
|
1F138F94000
|
heap
|
page read and write
|
||
|
16CA9720000
|
heap
|
page read and write
|
||
|
6D3000
|
heap
|
page read and write
|
||
|
2B20FF07000
|
heap
|
page read and write
|
||
|
79362F9000
|
stack
|
page read and write
|
||
|
2B20FF20000
|
heap
|
page read and write
|
||
|
7FF8BE5A2000
|
unkown
|
page readonly
|
||
|
7FF8BE5A2000
|
unkown
|
page readonly
|
||
|
280D115C000
|
heap
|
page read and write
|
||
|
1F138F00000
|
heap
|
page read and write
|
||
|
1F138449000
|
heap
|
page read and write
|
||
|
194F5458000
|
heap
|
page read and write
|
||
|
7FF8BE580000
|
unkown
|
page readonly
|
||
|
280D115C000
|
heap
|
page read and write
|
||
|
20E5EA02000
|
heap
|
page read and write
|
||
|
1F138F8F000
|
heap
|
page read and write
|
||
|
194FABC0000
|
trusted library allocation
|
page read and write
|
||
|
1E85E794000
|
heap
|
page read and write
|
||
|
7FF8BE581000
|
unkown
|
page execute read
|
||
|
20E5E837000
|
heap
|
page read and write
|
||
|
1F138F86000
|
heap
|
page read and write
|
||
|
6DA000
|
heap
|
page read and write
|
||
|
21F077A0000
|
heap
|
page read and write
|
||
|
1F138F8E000
|
heap
|
page read and write
|
||
|
CB9A47E000
|
stack
|
page read and write
|
||
|
21F07650000
|
heap
|
page readonly
|
||
|
25A226F0000
|
heap
|
page read and write
|
||
|
CC29D1C000
|
stack
|
page read and write
|
||
|
194F5493000
|
heap
|
page read and write
|
||
|
1F1384DB000
|
heap
|
page read and write
|
||
|
21F05CF0000
|
heap
|
page read and write
|
||
|
194F5D18000
|
heap
|
page read and write
|
||
|
194F5D13000
|
heap
|
page read and write
|
||
|
7FF8BE580000
|
unkown
|
page readonly
|
||
|
289E000
|
heap
|
page read and write
|
||
|
239AA013000
|
heap
|
page read and write
|
||
|
180030000
|
direct allocation
|
page readonly
|
||
|
40048FE000
|
stack
|
page read and write
|
||
|
21F07780000
|
remote allocation
|
page read and write
|
||
|
2883000
|
heap
|
page read and write
|
||
|
194FAC3D000
|
heap
|
page read and write
|
||
|
19056FC0000
|
heap
|
page read and write
|
||
|
194F5D59000
|
heap
|
page read and write
|
||
|
29D0C665000
|
heap
|
page read and write
|
||
|
27465A10000
|
heap
|
page read and write
|
||
|
21F05FF0000
|
heap
|
page read and write
|
||
|
194F548C000
|
heap
|
page read and write
|
||
|
2780000
|
remote allocation
|
page read and write
|
||
|
FE402DA000
|
stack
|
page read and write
|
||
|
F94587F000
|
stack
|
page read and write
|
||
|
1F138CC0000
|
remote allocation
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
F7F0FB000
|
stack
|
page read and write
|
||
|
1F138F8C000
|
heap
|
page read and write
|
||
|
633000
|
heap
|
page read and write
|
||
|
29B1000
|
heap
|
page read and write
|
||
|
1905727F000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
21F05D30000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
EAD2C7E000
|
stack
|
page read and write
|
||
|
1F138F40000
|
heap
|
page read and write
|
||
|
1F138502000
|
heap
|
page read and write
|
||
|
29D0C1E0000
|
unkown
|
page read and write
|
||
|
62B000
|
heap
|
page read and write
|
||
|
239A9FC0000
|
trusted library allocation
|
page read and write
|
||
|
6B7000
|
heap
|
page read and write
|
||
|
29FF000
|
heap
|
page read and write
|
||
|
19057253000
|
heap
|
page read and write
|
||
|
280D1149000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
4004A7B000
|
stack
|
page read and write
|
||
|
F9455EF000
|
stack
|
page read and write
|
||
|
B80CF7B000
|
stack
|
page read and write
|
||
|
239AA05C000
|
heap
|
page read and write
|
||
|
21F07610000
|
direct allocation
|
page execute and read and write
|
||
|
16CA9710000
|
heap
|
page read and write
|
||
|
4E0000
|
remote allocation
|
page read and write
|
||
|
68C000
|
heap
|
page read and write
|
||
|
7FF8BE5A2000
|
unkown
|
page readonly
|
||
|
239AA100000
|
heap
|
page read and write
|
||
|
16CA9828000
|
heap
|
page read and write
|
||
|
29D7000
|
heap
|
page read and write
|
||
|
180030000
|
direct allocation
|
page readonly
|
||
|
F7E9AB000
|
stack
|
page read and write
|
||
|
20E5EA00000
|
heap
|
page read and write
|
||
|
27465C29000
|
heap
|
page read and write
|
||
|
4004B7B000
|
stack
|
page read and write
|
||
|
194FAC1D000
|
heap
|
page read and write
|
||
|
194F5470000
|
heap
|
page read and write
|
||
|
194FA9A0000
|
trusted library allocation
|
page read and write
|
||
|
1F138F8C000
|
heap
|
page read and write
|
||
|
1F138F96000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
239AA108000
|
heap
|
page read and write
|
||
|
20E5E868000
|
heap
|
page read and write
|
||
|
27465C70000
|
heap
|
page read and write
|
||
|
29D0C340000
|
heap
|
page read and write
|
||
|
21F05FF5000
|
heap
|
page read and write
|
||
|
19057300000
|
heap
|
page read and write
|
||
|
2B20FF1F000
|
heap
|
page read and write
|
||
|
2B20FEF2000
|
heap
|
page read and write
|
||
|
1905725E000
|
heap
|
page read and write
|
||
|
2430000
|
trusted library allocation
|
page read and write
|
||
|
6DA000
|
heap
|
page read and write
|
||
|
2811000
|
heap
|
page read and write
|
||
|
21F05CF0000
|
heap
|
page read and write
|
||
|
FE406FF000
|
stack
|
page read and write
|
||
|
194FABD0000
|
trusted library allocation
|
page read and write
|
||
|
F7F1FE000
|
stack
|
page read and write
|
||
|
28A7000
|
heap
|
page read and write
|
||
|
B88000
|
heap
|
page read and write
|
||
|
194FAC2B000
|
heap
|
page read and write
|
||
|
1F138456000
|
heap
|
page read and write
|
||
|
28A5000
|
heap
|
page read and write
|
||
|
20E5EB13000
|
heap
|
page read and write
|
||
|
CC8636D000
|
stack
|
page read and write
|
||
|
239AA102000
|
heap
|
page read and write
|
||
|
194FACAD000
|
heap
|
page read and write
|
||
|
EE107F000
|
stack
|
page read and write
|
||
|
29B0000
|
heap
|
page read and write
|
||
|
29D0C660000
|
heap
|
page read and write
|
||
|
EE11FE000
|
stack
|
page read and write
|
||
|
29D0C665000
|
heap
|
page read and write
|
||
|
28A5000
|
heap
|
page read and write
|
||
|
1F138429000
|
heap
|
page read and write
|
||
|
194FAAE0000
|
trusted library allocation
|
page read and write
|
||
|
2B20FEE0000
|
heap
|
page read and write
|
||
|
25A230E0000
|
trusted library allocation
|
page read and write
|
||
|
CB9A9FF000
|
stack
|
page read and write
|
||
|
1F1382F0000
|
heap
|
page read and write
|
||
|
1F138FC2000
|
heap
|
page read and write
|
||
|
21F07650000
|
heap
|
page readonly
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
29D0C3B8000
|
heap
|
page read and write
|
||
|
28B5000
|
heap
|
page read and write
|
||
|
269C000
|
stack
|
page read and write
|
||
|
A8E98FE000
|
stack
|
page read and write
|
||
|
1F138F88000
|
heap
|
page read and write
|
||
|
EAD2D78000
|
stack
|
page read and write
|
||
|
1F13843C000
|
heap
|
page read and write
|
||
|
1D7DFADA000
|
heap
|
page read and write
|
||
|
1F139402000
|
heap
|
page read and write
|
||
|
7FF8BE581000
|
unkown
|
page execute read
|
||
|
194FAAB0000
|
trusted library allocation
|
page read and write
|
||
|
280D10F0000
|
heap
|
page read and write
|
||
|
194F5478000
|
heap
|
page read and write
|
||
|
19057308000
|
heap
|
page read and write
|
||
|
7FF8BE5A2000
|
unkown
|
page readonly
|
||
|
FE4077F000
|
stack
|
page read and write
|
||
|
194F5D59000
|
heap
|
page read and write
|
||
|
280D1130000
|
heap
|
page read and write
|
||
|
EAD2A7D000
|
stack
|
page read and write
|
||
|
7FF8BE5AF000
|
unkown
|
page readonly
|
||
|
BDB51BE000
|
stack
|
page read and write
|
||
|
1F138400000
|
heap
|
page read and write
|
||
|
21F076A0000
|
heap
|
page read and write
|
||
|
280D1110000
|
heap
|
page read and write
|
||
|
16CA983C000
|
heap
|
page read and write
|
||
|
20E5E80D000
|
unkown
|
page read and write
|
||
|
27FF000
|
stack
|
page read and write
|
||
|
194FAC00000
|
trusted library allocation
|
page read and write
|
||
|
1F1384AB000
|
heap
|
page read and write
|
||
|
26C0000
|
heap
|
page read and write
|
||
|
194F6460000
|
trusted library allocation
|
page read and write
|
||
|
7FF8BE581000
|
unkown
|
page execute read
|
||
|
1905728A000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
CC2A07E000
|
stack
|
page read and write
|
||
|
27465C80000
|
heap
|
page read and write
|
||
|
194F547A000
|
heap
|
page read and write
|
||
|
1F138470000
|
heap
|
page read and write
|
||
|
194FAAD1000
|
trusted library allocation
|
page read and write
|
||
|
29D0DDA0000
|
remote allocation
|
page read and write
|
||
|
BA2000
|
heap
|
page read and write
|
||
|
21F05FF5000
|
heap
|
page read and write
|
||
|
29D0C3B0000
|
heap
|
page read and write
|
||
|
21F05FF0000
|
heap
|
page read and write
|
||
|
29D0C390000
|
direct allocation
|
page execute and read and write
|
||
|
1F138516000
|
heap
|
page read and write
|
||
|
1F138450000
|
heap
|
page read and write
|
||
|
1F138F82000
|
heap
|
page read and write
|
||
|
CB9A19B000
|
stack
|
page read and write
|
||
|
775000
|
heap
|
page read and write
|
||
|
B80CE7F000
|
stack
|
page read and write
|
||
|
1D7E2D00000
|
heap
|
page read and write
|
||
|
1F139402000
|
heap
|
page read and write
|
||
|
27465C00000
|
heap
|
page read and write
|
||
|
239AA05E000
|
heap
|
page read and write
|
||
|
7935BBD000
|
stack
|
page read and write
|
||
|
280D4D60000
|
heap
|
page read and write
|
||
|
2060000
|
heap
|
page read and write
|
||
|
AAEACF9000
|
stack
|
page read and write
|
||
|
EE0D79000
|
stack
|
page read and write
|
||
|
194F5413000
|
heap
|
page read and write
|
||
|
1F139402000
|
heap
|
page read and write
|
||
|
24AF000
|
stack
|
page read and write
|
||
|
21F077A0000
|
heap
|
page read and write
|
||
|
1D7DFAF2000
|
heap
|
page read and write
|
||
|
7FF8BE5A2000
|
unkown
|
page readonly
|
||
|
1D7DFBD5000
|
heap
|
page read and write
|
||
|
29D0DE40000
|
heap
|
page read and write
|
||
|
EE10FE000
|
stack
|
page read and write
|
||
|
21F05FF0000
|
heap
|
page read and write
|
||
|
1F138F9E000
|
heap
|
page read and write
|
||
|
21F05BB0000
|
heap
|
page read and write
|
||
|
21F07610000
|
direct allocation
|
page execute and read and write
|
||
|
1F139420000
|
heap
|
page read and write
|
||
|
7FF8BE5AB000
|
unkown
|
page read and write
|
||
|
29D0C3A0000
|
heap
|
page readonly
|
||
|
1D7DFADF000
|
heap
|
page read and write
|
||
|
194FACFB000
|
heap
|
page read and write
|
||
|
20E5E828000
|
heap
|
page read and write
|
||
|
1F138F9E000
|
heap
|
page read and write
|
||
|
F94587F000
|
stack
|
page read and write
|
||
|
EE0C7D000
|
stack
|
page read and write
|
||
|
6EB000
|
heap
|
page read and write
|
||
|
16CA9900000
|
heap
|
page read and write
|
||
|
239AA03C000
|
heap
|
page read and write
|
||
|
16CA987A000
|
heap
|
page read and write
|
||
|
1F138CC0000
|
remote allocation
|
page read and write
|
||
|
20E5E923000
|
heap
|
page read and write
|
||
|
25A2248C000
|
heap
|
page read and write
|
||
|
20E5E868000
|
heap
|
page read and write
|
||
|
194FAE10000
|
remote allocation
|
page read and write
|
||
|
1F1384C1000
|
heap
|
page read and write
|
||
|
EAD2E77000
|
stack
|
page read and write
|
||
|
65C000
|
heap
|
page read and write
|
||
|
1F138F8C000
|
heap
|
page read and write
|
||
|
2878000
|
heap
|
page read and write
|
||
|
21F076A0000
|
heap
|
page read and write
|
||
|
20E5EB02000
|
heap
|
page read and write
|
||
|
287C000
|
heap
|
page read and write
|
||
|
CE0000
|
direct allocation
|
page execute and read and write
|
||
|
FE4035F000
|
stack
|
page read and write
|
||
|
25A230D0000
|
trusted library allocation
|
page read and write
|
||
|
20E5E837000
|
heap
|
page read and write
|
||
|
27465C3C000
|
heap
|
page read and write
|
||
|
AFB000
|
heap
|
page read and write
|
||
|
194F54AF000
|
heap
|
page read and write
|
||
|
286C000
|
heap
|
page read and write
|
||
|
194FACA1000
|
heap
|
page read and write
|
||
|
1F1384F5000
|
heap
|
page read and write
|
||
|
194F52B0000
|
heap
|
page read and write
|
||
|
A8E987F000
|
stack
|
page read and write
|
||
|
29D0C390000
|
direct allocation
|
page execute and read and write
|
||
|
1D7E2E10000
|
trusted library allocation
|
page read and write
|
||
|
7FF8BE5AF000
|
unkown
|
page readonly
|
||
|
19057213000
|
heap
|
page read and write
|
||
|
194FACEF000
|
heap
|
page read and write
|
||
|
EAD27BB000
|
stack
|
page read and write
|
||
|
194F54A2000
|
heap
|
page read and write
|
||
|
194FAC4A000
|
heap
|
page read and write
|
||
|
B80D27F000
|
stack
|
page read and write
|
||
|
280D4450000
|
heap
|
page read and write
|
||
|
EE127F000
|
stack
|
page read and write
|
||
|
280D1115000
|
heap
|
page read and write
|
||
|
1F1384EE000
|
heap
|
page read and write
|
||
|
1F138E02000
|
heap
|
page read and write
|
||
|
BDB513B000
|
stack
|
page read and write
|
||
|
CB9A5FB000
|
stack
|
page read and write
|
||
|
AAEAD7E000
|
stack
|
page read and write
|
||
|
BDB54FE000
|
stack
|
page read and write
|
||
|
1F138F11000
|
heap
|
page read and write
|
||
|
1F138FCD000
|
heap
|
page read and write
|
||
|
65B000
|
heap
|
page read and write
|
||
|
1D7DFADA000
|
heap
|
page read and write
|
||
|
A75000
|
stack
|
page read and write
|
||
|
1F139402000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
EE0F7B000
|
stack
|
page read and write
|
||
|
194FAAB0000
|
trusted library allocation
|
page read and write
|
||
|
F7EEFB000
|
stack
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page read and write
|
||
|
6EB000
|
heap
|
page read and write
|
||
|
29D0C390000
|
direct allocation
|
page execute and read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
EAD31FE000
|
unkown
|
page read and write
|
||
|
29D0C665000
|
heap
|
page read and write
|
||
|
A8E955B000
|
stack
|
page read and write
|
||
|
B80D17E000
|
stack
|
page read and write
|
||
|
194F5BC0000
|
trusted library section
|
page read and write
|
||
|
6BC000
|
heap
|
page read and write
|
||
|
F94556C000
|
stack
|
page read and write
|
||
|
1F138F8D000
|
heap
|
page read and write
|
||
|
1F138F8C000
|
heap
|
page read and write
|
||
|
1D7DFAE3000
|
heap
|
page read and write
|
||
|
1F138413000
|
heap
|
page read and write
|
||
|
180030000
|
direct allocation
|
page readonly
|
||
|
7FF8BE5A2000
|
unkown
|
page readonly
|
||
|
2B20FE90000
|
heap
|
page read and write
|
||
|
7FF8BE5AF000
|
unkown
|
page readonly
|
||
|
1F138F50000
|
heap
|
page read and write
|
||
|
6CE000
|
heap
|
page read and write
|
||
|
194FAAF4000
|
trusted library allocation
|
page read and write
|
||
|
7FF8BE5AB000
|
unkown
|
page read and write
|
||
|
16CA9802000
|
heap
|
page read and write
|
||
|
DAF000
|
stack
|
page read and write
|
||
|
6DA000
|
heap
|
page read and write
|
||
|
FE403DF000
|
stack
|
page read and write
|
||
|
29D6000
|
heap
|
page read and write
|
||
|
194F54FE000
|
heap
|
page read and write
|
||
|
280D1137000
|
heap
|
page read and write
|
||
|
1F1384E3000
|
heap
|
page read and write
|
||
|
194FAE10000
|
remote allocation
|
page read and write
|
||
|
20E5E660000
|
heap
|
page read and write
|
||
|
BDB547D000
|
stack
|
page read and write
|
||
|
180030000
|
direct allocation
|
page readonly
|
||
|
1F138FA3000
|
heap
|
page read and write
|
||
|
194F5C00000
|
heap
|
page read and write
|
||
|
400000
|
heap
|
page read and write
|
||
|
2B20FE10000
|
heap
|
page read and write
|
||
|
16CA9813000
|
heap
|
page read and write
|
||
|
194F5D02000
|
heap
|
page read and write
|
||
|
29D0C3B0000
|
heap
|
page read and write
|
||
|
2810000
|
heap
|
page read and write
|
||
|
7FF8BE580000
|
unkown
|
page readonly
|
||
|
2B20FF22000
|
heap
|
page read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
239AAA02000
|
trusted library allocation
|
page read and write
|
||
|
194FACF9000
|
heap
|
page read and write
|
||
|
7FF8BE5AF000
|
unkown
|
page readonly
|
||
|
FE407FC000
|
stack
|
page read and write
|
||
|
7FF8BE580000
|
unkown
|
page readonly
|
||
|
EAD2BFB000
|
stack
|
page read and write
|
||
|
1D7E15D0000
|
heap
|
page read and write
|
||
|
7FF8BE5A2000
|
unkown
|
page readonly
|
||
|
194FAAD0000
|
trusted library allocation
|
page read and write
|
||
|
21F05D10000
|
heap
|
page read and write
|
||
|
1F138455000
|
heap
|
page read and write
|
||
|
25A223D0000
|
heap
|
page read and write
|
||
|
27465C85000
|
heap
|
page read and write
|
||
|
194F6910000
|
trusted library allocation
|
page read and write
|
||
|
1E85E570000
|
heap
|
page read and write
|
||
|
2884000
|
heap
|
page read and write
|
||
|
1F139402000
|
heap
|
page read and write
|
||
|
7FF8BE581000
|
unkown
|
page execute read
|
||
|
6EB000
|
heap
|
page read and write
|
||
|
1D7DFAFE000
|
heap
|
page read and write
|
||
|
19057302000
|
heap
|
page read and write
|
||
|
280D1149000
|
heap
|
page read and write
|
||
|
27465A70000
|
heap
|
page read and write
|
||
|
27465C4C000
|
heap
|
page read and write
|
||
|
EAD2AFE000
|
stack
|
page read and write
|
||
|
B6D000
|
heap
|
page read and write
|
||
|
194FA910000
|
trusted library allocation
|
page read and write
|
||
|
1905725A000
|
heap
|
page read and write
|
||
|
20E5EA13000
|
heap
|
page read and write
|
||
|
239AA029000
|
heap
|
page read and write
|
||
|
FE40679000
|
stack
|
page read and write
|
||
|
2895000
|
heap
|
page read and write
|
||
|
194F6903000
|
trusted library allocation
|
page read and write
|
||
|
29D0C3A0000
|
heap
|
page readonly
|
||
|
239AA060000
|
heap
|
page read and write
|
||
|
21F05D30000
|
heap
|
page read and write
|
||
|
7FF8BE581000
|
unkown
|
page execute read
|
||
|
F9455EF000
|
stack
|
page read and write
|
||
|
B52000
|
heap
|
page read and write
|
||
|
1D7DFAED000
|
heap
|
page read and write
|
||
|
6DA000
|
heap
|
page read and write
|
||
|
1F138300000
|
heap
|
page read and write
|
||
|
B80D077000
|
stack
|
page read and write
|
||
|
280D113B000
|
heap
|
page read and write
|
||
|
29D0C320000
|
heap
|
page read and write
|
||
|
2894000
|
heap
|
page read and write
|
||
|
B85000
|
heap
|
page read and write
|
||
|
28A5000
|
heap
|
page read and write
|
||
|
F94556C000
|
stack
|
page read and write
|
||
|
239AA113000
|
heap
|
page read and write
|
||
|
6EB000
|
heap
|
page read and write
|
||
|
20E5E900000
|
trusted library allocation
|
page read and write
|
||
|
2897000
|
heap
|
page read and write
|
||
|
286C000
|
heap
|
page read and write
|
||
|
6B7000
|
heap
|
page read and write
|
||
|
194F543F000
|
heap
|
page read and write
|
||
|
280D4560000
|
trusted library allocation
|
page read and write
|
||
|
26BE000
|
stack
|
page read and write
|
||
|
2B20FE70000
|
heap
|
page read and write
|
||
|
1F138F99000
|
heap
|
page read and write
|
||
|
2B210275000
|
heap
|
page read and write
|
||
|
194F6560000
|
trusted library section
|
page readonly
|
||
|
21F07650000
|
heap
|
page readonly
|
||
|
CB9A4FF000
|
stack
|
page read and write
|
||
|
16CA9856000
|
heap
|
page read and write
|
||
|
1F13844C000
|
heap
|
page read and write
|
||
|
1F1384B5000
|
heap
|
page read and write
|
||
|
194F5475000
|
heap
|
page read and write
|
||
|
7FF8BE5AB000
|
unkown
|
page read and write
|
||
|
1F138508000
|
heap
|
page read and write
|
||
|
19056FD0000
|
heap
|
page read and write
|
||
|
2B20FF06000
|
heap
|
page read and write
|
||
|
1F138453000
|
heap
|
page read and write
|
||
|
27465C47000
|
heap
|
page read and write
|
||
|
25A226F5000
|
heap
|
page read and write
|
||
|
1F138FD5000
|
heap
|
page read and write
|
||
|
194F5C02000
|
heap
|
page read and write
|
||
|
239AA081000
|
heap
|
page read and write
|
||
|
194F5BB0000
|
trusted library allocation
|
page read and write
|
||
|
19057261000
|
heap
|
page read and write
|
||
|
1F138447000
|
heap
|
page read and write
|
||
|
4004D7C000
|
stack
|
page read and write
|
||
|
280D116D000
|
heap
|
page read and write
|
||
|
280D114D000
|
heap
|
page read and write
|
||
|
B80CC7F000
|
stack
|
page read and write
|
||
|
400497E000
|
stack
|
page read and write
|
||
|
1E85E780000
|
heap
|
page read and write
|
||
|
7FF8BE5AF000
|
unkown
|
page readonly
|
||
|
1F1384C7000
|
heap
|
page read and write
|
||
|
180030000
|
direct allocation
|
page readonly
|
||
|
1D7DFAC8000
|
heap
|
page read and write
|
||
|
2050000
|
trusted library allocation
|
page read and write
|
||
|
194FAB80000
|
trusted library allocation
|
page read and write
|
||
|
643000
|
heap
|
page read and write
|
||
|
29D0DE40000
|
heap
|
page read and write
|
||
|
20E5E802000
|
unkown
|
page read and write
|
||
|
180030000
|
direct allocation
|
page readonly
|
||
|
27465D00000
|
heap
|
page read and write
|
||
|
194F5429000
|
heap
|
page read and write
|
||
|
1F138460000
|
heap
|
page read and write
|
||
|
1F13848B000
|
heap
|
page read and write
|
||
|
7FF8BE581000
|
unkown
|
page execute read
|
||
|
29D0C340000
|
heap
|
page read and write
|
||
|
25A233A0000
|
trusted library allocation
|
page read and write
|
||
|
280D1146000
|
heap
|
page read and write
|
||
|
16CA9902000
|
heap
|
page read and write
|
||
|
1F138F8C000
|
heap
|
page read and write
|
||
|
21F05CF0000
|
heap
|
page read and write
|
||
|
29D0C660000
|
heap
|
page read and write
|
||
|
194F548E000
|
heap
|
page read and write
|
||
|
CB9A7F7000
|
stack
|
page read and write
|
||
|
6B7000
|
heap
|
page read and write
|
||
|
28DD000
|
heap
|
page read and write
|
||
|
280D4453000
|
heap
|
page read and write
|
||
|
194FAAD4000
|
trusted library allocation
|
page read and write
|
||
|
16CA9913000
|
heap
|
page read and write
|
||
|
194FACFE000
|
heap
|
page read and write
|
||
|
27465D02000
|
heap
|
page read and write
|
||
|
EAD307F000
|
stack
|
page read and write
|
||
|
1F138F8C000
|
heap
|
page read and write
|
||
|
19057200000
|
heap
|
page read and write
|
||
|
2B3F000
|
stack
|
page read and write
|
||
|
194F5D00000
|
heap
|
page read and write
|
||
|
1F138454000
|
heap
|
page read and write
|
||
|
25A2248C000
|
heap
|
page read and write
|
||
|
2B20FF11000
|
heap
|
page read and write
|
||
|
27466402000
|
trusted library allocation
|
page read and write
|
||
|
1D7DFAA0000
|
heap
|
page read and write
|
||
|
7FF8BE580000
|
unkown
|
page readonly
|
||
|
29D0C3B8000
|
heap
|
page read and write
|
||
|
1D7DFAE9000
|
heap
|
page read and write
|
||
|
EE16FE000
|
stack
|
page read and write
|
||
|
EE075B000
|
stack
|
page read and write
|
||
|
280D1175000
|
heap
|
page read and write
|
||
|
25A23340000
|
trusted library allocation
|
page read and write
|
||
|
CC29D1C000
|
stack
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
4E0000
|
remote allocation
|
page read and write
|
||
|
27465C50000
|
heap
|
page read and write
|
||
|
239AA000000
|
heap
|
page read and write
|
||
|
1F138FBF000
|
heap
|
page read and write
|
||
|
400487B000
|
stack
|
page read and write
|
||
|
B80CCFE000
|
stack
|
page read and write
|
||
|
2ABE000
|
stack
|
page read and write
|
||
|
1D7DFBDB000
|
heap
|
page read and write
|
||
|
1F1384A4000
|
heap
|
page read and write
|
||
|
6DA000
|
heap
|
page read and write
|
||
|
194FAD02000
|
heap
|
page read and write
|
||
|
7935F79000
|
stack
|
page read and write
|
||
|
B4E000
|
heap
|
page read and write
|
||
|
21F05D38000
|
heap
|
page read and write
|
||
|
25A2248C000
|
heap
|
page read and write
|
||
|
1F1384B2000
|
heap
|
page read and write
|
||
|
4BA000
|
stack
|
page read and write
|
||
|
1F138484000
|
heap
|
page read and write
|
||
|
194F5513000
|
heap
|
page read and write
|
||
|
7FF8BE581000
|
unkown
|
page execute read
|
||
|
7FF8BE580000
|
unkown
|
page readonly
|
||
|
2780000
|
remote allocation
|
page read and write
|
||
|
280D2CD0000
|
heap
|
page read and write
|
||
|
1F138CC0000
|
remote allocation
|
page read and write
|
||
|
AAEAB79000
|
stack
|
page read and write
|
||
|
239A9F90000
|
heap
|
page read and write
|
||
|
180030000
|
direct allocation
|
page readonly
|
||
|
25A22290000
|
heap
|
page read and write
|
||
|
194F52A0000
|
heap
|
page read and write
|
||
|
684000
|
heap
|
page read and write
|
||
|
27465B70000
|
trusted library allocation
|
page read and write
|
||
|
27465A00000
|
heap
|
page read and write
|
||
|
1F138F9E000
|
heap
|
page read and write
|
||
|
EAD2F78000
|
stack
|
page read and write
|
||
|
239A9F30000
|
heap
|
page read and write
|
||
|
20E5E813000
|
unkown
|
page read and write
|
||
|
2A48000
|
heap
|
page read and write
|
||
|
CB9A6FB000
|
stack
|
page read and write
|
||
|
7FF8BE5A2000
|
unkown
|
page readonly
|
||
|
2894000
|
heap
|
page read and write
|
||
|
1D7DFAC0000
|
heap
|
page read and write
|
||
|
194FAC10000
|
trusted library allocation
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
20E5E6D0000
|
heap
|
page read and write
|
||
|
AC0000
|
heap
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
633000
|
heap
|
page read and write
|
||
|
2780000
|
remote allocation
|
page read and write
|
||
|
6EB000
|
heap
|
page read and write
|
||
|
29D0C340000
|
heap
|
page read and write
|
There are 758 hidden memdumps, click here to show them.