Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
W3XqCWvDWC.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Network\Downloader\edb.chk
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
MPEG-4 LOAS
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage engine DataBase, version 0x620, checksum 0x30318109, page size 16384, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_W3X_e6deee335863428d576ebaa51f7a212f69d3e2_11952a33_077be6ee\Report.wer
|
Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_W3X_e6deee335863428d576ebaa51f7a212f69d3e2_11952a33_0e4fe7a9\Report.wer
|
Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD838.tmp.dmp
|
Mini DuMP crash report, 15 streams, Mon May 23 05:42:49 2022, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD8D4.tmp.dmp
|
Mini DuMP crash report, 15 streams, Mon May 23 05:42:50 2022, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDCBD.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDD88.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDEE1.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE01A.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Logs\waasmedic\waasmedic.20220308_162907_174.etl
|
data
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_W3X_4b2923b72b8cb92cc1b5f136816e1b8388c8c88_11952a33_188de68a\Report.wer
|
Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_W3X_4b2923b72b8cb92cc1b5f136816e1b8388c8c88_11952a33_192de409\Report.wer
|
Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC3CF.tmp.dmp
|
Mini DuMP crash report, 15 streams, Mon May 23 05:29:49 2022, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC844.tmp.dmp
|
Mini DuMP crash report, 15 streams, Mon May 23 05:29:50 2022, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCDD3.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD0C2.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD17C.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD544.tmp.csv
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD882.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD95C.tmp.csv
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDA57.tmp.txt
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDD17.tmp.txt
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, 61480 bytes, 1 file
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
modified
|
There are 19 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\regsvr32.exe
|
regsvr32.exe /s C:\Users\user\Desktop\W3XqCWvDWC.dll
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\W3XqCWvDWC.dll",#1
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\W3XqCWvDWC.dll,AddIn_FileTime
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\W3XqCWvDWC.dll,AddIn_SystemTime
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\ZDZEtulZzZAlvF\WFoCkDI.dll"
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\W3XqCWvDWC.dll,DllRegisterServer
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\KYnbMwv\FkmMqbieZ.dll"
|
|
|
|
C:\Windows\System32\loaddll64.exe
|
loaddll64.exe "C:\Users\user\Desktop\W3XqCWvDWC.dll"
|
||
|
C:\Windows\System32\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\W3XqCWvDWC.dll",#1
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 4668 -s 340
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 5156 -s 328
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\system32\svchost.exe -k wusvcs -p -s WaaSMedicSvc
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k WerSvcGroup
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -pss -s 428 -p 5116 -ip 5116
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -pss -s 492 -p 3628 -ip 3628
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 5116 -s 336
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 3628 -s 328
|
||
|
C:\Windows\System32\svchost.exe
|
c:\windows\system32\svchost.exe -k netsvcs -p -s BITS
|
There are 14 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://165.22.73.229/BV
|
unknown
|
|
|
|
https://165.22.73.229/
|
unknown
|
|
|
|
https://www.disneyplus.com/legal/your-california-privacy-rights
|
unknown
|
||
|
https://www.disneyplus.com/legal/privacy-policy
|
unknown
|
||
|
https://165.22.73.229:8080/
|
unknown
|
||
|
https://www.hotspotshield.com/terms/
|
unknown
|
||
|
https://www.pango.co/privacy
|
unknown
|
||
|
https://disneyplus.com/legal.
|
unknown
|
||
|
http://crl.ver)
|
unknown
|
||
|
https://165.22.73.229:8080/temsi
|
unknown
|
||
|
https://www.tiktok.com/legal/report/feedback
|
unknown
|
||
|
http://universalstore.streaming.mediaservices.windows
|
unknown
|
||
|
https://165.22.73.229:8080/zU
|
unknown
|
||
|
https://165.22.73.229:8080/t
|
unknown
|
||
|
http://help.disneyplus.com.
|
unknown
|
||
|
https://support.hotspotshield.com/
|
unknown
|
||
|
https://165.22.73.229:8080/temD
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/08/addressin
|
unknown
|
There are 8 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
165.22.73.229
|
unknown
|
United States
|
|
|
|
192.168.2.1
|
unknown
|
unknown
|
||
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{81e00543-02b3-baf3-c8d2-239b16bcdeb2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProgramId
|
||
|
\REGISTRY\A\{81e00543-02b3-baf3-c8d2-239b16bcdeb2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
FileId
|
||
|
\REGISTRY\A\{81e00543-02b3-baf3-c8d2-239b16bcdeb2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{81e00543-02b3-baf3-c8d2-239b16bcdeb2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LongPathHash
|
||
|
\REGISTRY\A\{81e00543-02b3-baf3-c8d2-239b16bcdeb2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Name
|
||
|
\REGISTRY\A\{81e00543-02b3-baf3-c8d2-239b16bcdeb2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Publisher
|
||
|
\REGISTRY\A\{81e00543-02b3-baf3-c8d2-239b16bcdeb2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Version
|
||
|
\REGISTRY\A\{81e00543-02b3-baf3-c8d2-239b16bcdeb2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinFileVersion
|
||
|
\REGISTRY\A\{81e00543-02b3-baf3-c8d2-239b16bcdeb2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinaryType
|
||
|
\REGISTRY\A\{81e00543-02b3-baf3-c8d2-239b16bcdeb2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductName
|
||
|
\REGISTRY\A\{81e00543-02b3-baf3-c8d2-239b16bcdeb2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductVersion
|
||
|
\REGISTRY\A\{81e00543-02b3-baf3-c8d2-239b16bcdeb2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LinkDate
|
||
|
\REGISTRY\A\{81e00543-02b3-baf3-c8d2-239b16bcdeb2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinProductVersion
|
||
|
\REGISTRY\A\{81e00543-02b3-baf3-c8d2-239b16bcdeb2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Size
|
||
|
\REGISTRY\A\{81e00543-02b3-baf3-c8d2-239b16bcdeb2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Language
|
||
|
\REGISTRY\A\{81e00543-02b3-baf3-c8d2-239b16bcdeb2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsPeFile
|
||
|
\REGISTRY\A\{81e00543-02b3-baf3-c8d2-239b16bcdeb2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsOsComponent
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
0018C005C62C4D85
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
0018C005C62C4D85
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\System32\ci.dll,-100
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\System32\ci.dll,-101
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\system32\dnsapi.dll,-103
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\System32\fveui.dll,-843
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\System32\fveui.dll,-844
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\System32\wuaueng.dll,-400
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\system32\NgcRecovery.dll,-100
|
||
|
\REGISTRY\A\{50e1f40b-35d9-9514-3dd2-1a291dd85141}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProgramId
|
||
|
\REGISTRY\A\{50e1f40b-35d9-9514-3dd2-1a291dd85141}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
FileId
|
||
|
\REGISTRY\A\{50e1f40b-35d9-9514-3dd2-1a291dd85141}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{50e1f40b-35d9-9514-3dd2-1a291dd85141}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LongPathHash
|
||
|
\REGISTRY\A\{50e1f40b-35d9-9514-3dd2-1a291dd85141}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Name
|
||
|
\REGISTRY\A\{50e1f40b-35d9-9514-3dd2-1a291dd85141}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Publisher
|
||
|
\REGISTRY\A\{50e1f40b-35d9-9514-3dd2-1a291dd85141}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Version
|
||
|
\REGISTRY\A\{50e1f40b-35d9-9514-3dd2-1a291dd85141}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinFileVersion
|
||
|
\REGISTRY\A\{50e1f40b-35d9-9514-3dd2-1a291dd85141}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinaryType
|
||
|
\REGISTRY\A\{50e1f40b-35d9-9514-3dd2-1a291dd85141}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductName
|
||
|
\REGISTRY\A\{50e1f40b-35d9-9514-3dd2-1a291dd85141}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductVersion
|
||
|
\REGISTRY\A\{50e1f40b-35d9-9514-3dd2-1a291dd85141}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LinkDate
|
||
|
\REGISTRY\A\{50e1f40b-35d9-9514-3dd2-1a291dd85141}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinProductVersion
|
||
|
\REGISTRY\A\{50e1f40b-35d9-9514-3dd2-1a291dd85141}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Size
|
||
|
\REGISTRY\A\{50e1f40b-35d9-9514-3dd2-1a291dd85141}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Language
|
||
|
\REGISTRY\A\{50e1f40b-35d9-9514-3dd2-1a291dd85141}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsPeFile
|
||
|
\REGISTRY\A\{50e1f40b-35d9-9514-3dd2-1a291dd85141}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsOsComponent
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
00180008F3870B0F
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
00180008F3870B0F
|
There are 42 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
26206480000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
3C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
18470750000
|
direct allocation
|
page execute and read and write
|
|
|
|
18470750000
|
direct allocation
|
page execute and read and write
|
|
|
|
26206480000
|
direct allocation
|
page execute and read and write
|
|
|
|
4F0000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
26206480000
|
direct allocation
|
page execute and read and write
|
|
|
|
18470750000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
1AF9F77D000
|
heap
|
page read and write
|
||
|
1900E65D000
|
heap
|
page read and write
|
||
|
8A8B5AB000
|
stack
|
page read and write
|
||
|
18EA654A000
|
heap
|
page read and write
|
||
|
242A2799000
|
heap
|
page read and write
|
||
|
622000
|
heap
|
page read and write
|
||
|
22B8DE6D000
|
heap
|
page read and write
|
||
|
18EA64B0000
|
heap
|
page read and write
|
||
|
1650F56D000
|
heap
|
page read and write
|
||
|
5EF58FF000
|
stack
|
page read and write
|
||
|
F474FBC000
|
stack
|
page read and write
|
||
|
2005D7C0000
|
trusted library allocation
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
242A2550000
|
remote allocation
|
page read and write
|
||
|
18470860000
|
heap
|
page read and write
|
||
|
26206220000
|
heap
|
page read and write
|
||
|
242A2C02000
|
heap
|
page read and write
|
||
|
19630813000
|
heap
|
page read and write
|
||
|
1F36F48E000
|
heap
|
page read and write
|
||
|
1F36F49C000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
242A2727000
|
heap
|
page read and write
|
||
|
18EA6570000
|
heap
|
page read and write
|
||
|
1900E580000
|
trusted library allocation
|
page read and write
|
||
|
F702A7E000
|
stack
|
page read and write
|
||
|
18EA6570000
|
heap
|
page read and write
|
||
|
242A2602000
|
heap
|
page read and write
|
||
|
F474FBC000
|
stack
|
page read and write
|
||
|
242A27AC000
|
heap
|
page read and write
|
||
|
7FFA668D2000
|
unkown
|
page readonly
|
||
|
1900F002000
|
trusted library allocation
|
page read and write
|
||
|
2478B318000
|
heap
|
page read and write
|
||
|
7FFA668B1000
|
unkown
|
page execute read
|
||
|
242A1D08000
|
heap
|
page read and write
|
||
|
1AF9FA15000
|
heap
|
page read and write
|
||
|
184705F0000
|
heap
|
page read and write
|
||
|
242A2791000
|
heap
|
page read and write
|
||
|
22B8DF02000
|
heap
|
page read and write
|
||
|
2005D7D9000
|
heap
|
page read and write
|
||
|
242A2727000
|
heap
|
page read and write
|
||
|
247904FE000
|
heap
|
page read and write
|
||
|
1AF9F788000
|
heap
|
page read and write
|
||
|
247900C4000
|
trusted library allocation
|
page read and write
|
||
|
22B8DE56000
|
heap
|
page read and write
|
||
|
242A27A3000
|
heap
|
page read and write
|
||
|
2AC939F0000
|
trusted library allocation
|
page read and write
|
||
|
242A270D000
|
heap
|
page read and write
|
||
|
2AC93A3B000
|
heap
|
page read and write
|
||
|
2005D81B000
|
heap
|
page read and write
|
||
|
7FFA668B0000
|
unkown
|
page readonly
|
||
|
51AC3FC000
|
stack
|
page read and write
|
||
|
26206460000
|
direct allocation
|
page execute and read and write
|
||
|
2B94ACF0000
|
heap
|
page read and write
|
||
|
62E000
|
heap
|
page read and write
|
||
|
7FFA668DF000
|
unkown
|
page readonly
|
||
|
247904F9000
|
heap
|
page read and write
|
||
|
242A2799000
|
heap
|
page read and write
|
||
|
242A2724000
|
heap
|
page read and write
|
||
|
18470740000
|
direct allocation
|
page execute and read and write
|
||
|
19630849000
|
heap
|
page read and write
|
||
|
242A1CAB000
|
heap
|
page read and write
|
||
|
2B94AE7B000
|
heap
|
page read and write
|
||
|
26206298000
|
heap
|
page read and write
|
||
|
184707E0000
|
remote allocation
|
page read and write
|
||
|
18470640000
|
heap
|
page read and write
|
||
|
7FFA668DF000
|
unkown
|
page readonly
|
||
|
7FFA668D2000
|
unkown
|
page readonly
|
||
|
7FFA668DF000
|
unkown
|
page readonly
|
||
|
19630877000
|
heap
|
page read and write
|
||
|
6CAF5FB000
|
stack
|
page read and write
|
||
|
1650F560000
|
heap
|
page read and write
|
||
|
18470865000
|
heap
|
page read and write
|
||
|
1900E686000
|
heap
|
page read and write
|
||
|
247901B0000
|
trusted library allocation
|
page read and write
|
||
|
242A2C02000
|
heap
|
page read and write
|
||
|
1900E4F0000
|
heap
|
page read and write
|
||
|
2B94AE02000
|
heap
|
page read and write
|
||
|
18470648000
|
heap
|
page read and write
|
||
|
18EA6573000
|
heap
|
page read and write
|
||
|
D3AF07F000
|
stack
|
page read and write
|
||
|
4E0000
|
direct allocation
|
page execute and read and write
|
||
|
242A2799000
|
heap
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
30AF0FE000
|
stack
|
page read and write
|
||
|
1AF9F768000
|
heap
|
page read and write
|
||
|
24790200000
|
remote allocation
|
page read and write
|
||
|
26206298000
|
heap
|
page read and write
|
||
|
2005D835000
|
heap
|
page read and write
|
||
|
22B8DE74000
|
heap
|
page read and write
|
||
|
242A1C65000
|
heap
|
page read and write
|
||
|
242A2C00000
|
heap
|
page read and write
|
||
|
242A2C03000
|
heap
|
page read and write
|
||
|
2005D822000
|
heap
|
page read and write
|
||
|
229F000
|
stack
|
page read and write
|
||
|
5FC000
|
heap
|
page read and write
|
||
|
654EB7F000
|
stack
|
page read and write
|
||
|
18470740000
|
direct allocation
|
page execute and read and write
|
||
|
242A2779000
|
heap
|
page read and write
|
||
|
1900E664000
|
heap
|
page read and write
|
||
|
242A278A000
|
heap
|
page read and write
|
||
|
654EA77000
|
stack
|
page read and write
|
||
|
F70287B000
|
stack
|
page read and write
|
||
|
247901E0000
|
trusted library allocation
|
page read and write
|
||
|
242A2700000
|
heap
|
page read and write
|
||
|
242A276E000
|
heap
|
page read and write
|
||
|
2478AAA6000
|
heap
|
page read and write
|
||
|
2B94B802000
|
trusted library allocation
|
page read and write
|
||
|
2AC94202000
|
trusted library allocation
|
page read and write
|
||
|
242A27C4000
|
heap
|
page read and write
|
||
|
242A2728000
|
heap
|
page read and write
|
||
|
242A2C02000
|
heap
|
page read and write
|
||
|
2AC93A13000
|
heap
|
page read and write
|
||
|
247900E0000
|
trusted library allocation
|
page read and write
|
||
|
242A1C29000
|
heap
|
page read and write
|
||
|
E1B5477000
|
stack
|
page read and write
|
||
|
180030000
|
direct allocation
|
page readonly
|
||
|
5EF519B000
|
stack
|
page read and write
|
||
|
242A2490000
|
trusted library allocation
|
page read and write
|
||
|
242A1CE1000
|
heap
|
page read and write
|
||
|
242A1C6C000
|
heap
|
page read and write
|
||
|
1650F4A0000
|
heap
|
page read and write
|
||
|
5FD000
|
heap
|
page read and write
|
||
|
242A279C000
|
heap
|
page read and write
|
||
|
18472140000
|
heap
|
page read and write
|
||
|
2478B1A0000
|
trusted library allocation
|
page read and write
|
||
|
51AC2F8000
|
stack
|
page read and write
|
||
|
2005E6D0000
|
trusted library allocation
|
page read and write
|
||
|
242A1C64000
|
heap
|
page read and write
|
||
|
18470640000
|
heap
|
page read and write
|
||
|
2478AB16000
|
heap
|
page read and write
|
||
|
7FFA668D2000
|
unkown
|
page readonly
|
||
|
622000
|
heap
|
page read and write
|
||
|
8A8B8FE000
|
stack
|
page read and write
|
||
|
242A2727000
|
heap
|
page read and write
|
||
|
2AC93A02000
|
heap
|
page read and write
|
||
|
242A27A3000
|
heap
|
page read and write
|
||
|
2478FF10000
|
trusted library allocation
|
page read and write
|
||
|
74E000
|
stack
|
page read and write
|
||
|
18EA6580000
|
heap
|
page read and write
|
||
|
F4752FF000
|
stack
|
page read and write
|
||
|
18EA6430000
|
heap
|
page read and write
|
||
|
F4752FF000
|
stack
|
page read and write
|
||
|
E1B5F7E000
|
stack
|
page read and write
|
||
|
24790400000
|
heap
|
page read and write
|
||
|
5EF54FE000
|
stack
|
page read and write
|
||
|
5EF55FB000
|
stack
|
page read and write
|
||
|
242A1B90000
|
heap
|
page read and write
|
||
|
2B94AF02000
|
heap
|
page read and write
|
||
|
140CE7C000
|
stack
|
page read and write
|
||
|
18470780000
|
heap
|
page readonly
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
242A2550000
|
remote allocation
|
page read and write
|
||
|
1F36F492000
|
heap
|
page read and write
|
||
|
51AC17F000
|
stack
|
page read and write
|
||
|
2479041F000
|
heap
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page read and write
|
||
|
242A1C3C000
|
heap
|
page read and write
|
||
|
19630900000
|
heap
|
page read and write
|
||
|
242A1C6B000
|
heap
|
page read and write
|
||
|
242A279B000
|
heap
|
page read and write
|
||
|
242A1CB0000
|
heap
|
page read and write
|
||
|
242A2779000
|
heap
|
page read and write
|
||
|
7FB000
|
heap
|
page read and write
|
||
|
242A27DA000
|
heap
|
page read and write
|
||
|
F70247B000
|
stack
|
page read and write
|
||
|
196306D0000
|
heap
|
page read and write
|
||
|
E1B567B000
|
stack
|
page read and write
|
||
|
2478B318000
|
heap
|
page read and write
|
||
|
19630881000
|
heap
|
page read and write
|
||
|
B5EBC8B000
|
stack
|
page read and write
|
||
|
140CF7F000
|
stack
|
page read and write
|
||
|
7FFA668B1000
|
unkown
|
page execute read
|
||
|
1F36F492000
|
heap
|
page read and write
|
||
|
1963084C000
|
heap
|
page read and write
|
||
|
D3AEF7E000
|
stack
|
page read and write
|
||
|
242A2799000
|
heap
|
page read and write
|
||
|
7FFA668DB000
|
unkown
|
page read and write
|
||
|
2AC93B02000
|
heap
|
page read and write
|
||
|
2478B202000
|
heap
|
page read and write
|
||
|
302BCFC000
|
stack
|
page read and write
|
||
|
1F36F6A0000
|
heap
|
page read and write
|
||
|
1F36F486000
|
heap
|
page read and write
|
||
|
2190000
|
heap
|
page read and write
|
||
|
262064B0000
|
heap
|
page readonly
|
||
|
2478FF00000
|
trusted library allocation
|
page read and write
|
||
|
1900E550000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
2005D812000
|
heap
|
page read and write
|
||
|
242A1C69000
|
heap
|
page read and write
|
||
|
242A1B80000
|
heap
|
page read and write
|
||
|
242A275F000
|
heap
|
page read and write
|
||
|
1AF9F760000
|
heap
|
page read and write
|
||
|
2478BF00000
|
trusted library allocation
|
page read and write
|
||
|
242A27C7000
|
heap
|
page read and write
|
||
|
802000
|
heap
|
page read and write
|
||
|
302BDF9000
|
stack
|
page read and write
|
||
|
2630000
|
remote allocation
|
page read and write
|
||
|
242A2C03000
|
heap
|
page read and write
|
||
|
1650F573000
|
heap
|
page read and write
|
||
|
18EA6563000
|
heap
|
page read and write
|
||
|
E1B557A000
|
stack
|
page read and write
|
||
|
242A2791000
|
heap
|
page read and write
|
||
|
242A1CD4000
|
heap
|
page read and write
|
||
|
7FFA668DB000
|
unkown
|
page read and write
|
||
|
2478FF80000
|
trusted library allocation
|
page read and write
|
||
|
242A2780000
|
heap
|
page read and write
|
||
|
242A1C61000
|
heap
|
page read and write
|
||
|
2005D822000
|
heap
|
page read and write
|
||
|
250000
|
heap
|
page read and write
|
||
|
1F36F430000
|
heap
|
page read and write
|
||
|
5EF5B7E000
|
stack
|
page read and write
|
||
|
24AD000
|
stack
|
page read and write
|
||
|
180030000
|
direct allocation
|
page readonly
|
||
|
2005D7D0000
|
heap
|
page read and write
|
||
|
242A2C02000
|
heap
|
page read and write
|
||
|
2AC93A00000
|
heap
|
page read and write
|
||
|
1900E679000
|
heap
|
page read and write
|
||
|
18EA6569000
|
heap
|
page read and write
|
||
|
1F36F470000
|
heap
|
page read and write
|
||
|
19630829000
|
heap
|
page read and write
|
||
|
2005E650000
|
trusted library allocation
|
page read and write
|
||
|
25AF000
|
stack
|
page read and write
|
||
|
2B94AE40000
|
heap
|
page read and write
|
||
|
1AF9F7A0000
|
heap
|
page read and write
|
||
|
D3AEC7B000
|
stack
|
page read and write
|
||
|
242A1CE5000
|
heap
|
page read and write
|
||
|
1963082E000
|
heap
|
page read and write
|
||
|
26206545000
|
heap
|
page read and write
|
||
|
26206540000
|
heap
|
page read and write
|
||
|
1AF9F78C000
|
heap
|
page read and write
|
||
|
30AF07B000
|
stack
|
page read and write
|
||
|
D3AF17E000
|
stack
|
page read and write
|
||
|
140CF7F000
|
stack
|
page read and write
|
||
|
22B8DF13000
|
heap
|
page read and write
|
||
|
802000
|
heap
|
page read and write
|
||
|
1FB0000
|
heap
|
page read and write
|
||
|
26206298000
|
heap
|
page read and write
|
||
|
2AC93A3E000
|
heap
|
page read and write
|
||
|
180030000
|
direct allocation
|
page readonly
|
||
|
242A1CB5000
|
heap
|
page read and write
|
||
|
18EA6564000
|
heap
|
page read and write
|
||
|
18472140000
|
heap
|
page read and write
|
||
|
E1B587B000
|
stack
|
page read and write
|
||
|
242A27A3000
|
heap
|
page read and write
|
||
|
1AF9F79D000
|
heap
|
page read and write
|
||
|
1900E65A000
|
heap
|
page read and write
|
||
|
302BA7B000
|
stack
|
page read and write
|
||
|
5EF56F7000
|
stack
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
305000
|
stack
|
page read and write
|
||
|
184705D0000
|
heap
|
page read and write
|
||
|
598000
|
heap
|
page read and write
|
||
|
622000
|
heap
|
page read and write
|
||
|
242A1CC7000
|
heap
|
page read and write
|
||
|
242A2799000
|
heap
|
page read and write
|
||
|
18EA6570000
|
heap
|
page read and write
|
||
|
242A278F000
|
heap
|
page read and write
|
||
|
190000
|
remote allocation
|
page read and write
|
||
|
654E97B000
|
stack
|
page read and write
|
||
|
18EA6573000
|
heap
|
page read and write
|
||
|
1AF9F78C000
|
heap
|
page read and write
|
||
|
18EA6573000
|
heap
|
page read and write
|
||
|
1900E4E0000
|
heap
|
page read and write
|
||
|
5EF5AF8000
|
stack
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
242A27A3000
|
heap
|
page read and write
|
||
|
7FFA668DB000
|
unkown
|
page read and write
|
||
|
26C0000
|
heap
|
page read and write
|
||
|
242A2799000
|
heap
|
page read and write
|
||
|
22B8DD40000
|
heap
|
page read and write
|
||
|
247900A8000
|
trusted library allocation
|
page read and write
|
||
|
E1B577E000
|
stack
|
page read and write
|
||
|
5FC000
|
heap
|
page read and write
|
||
|
2478AA13000
|
heap
|
page read and write
|
||
|
1AF9F779000
|
heap
|
page read and write
|
||
|
242A2727000
|
heap
|
page read and write
|
||
|
242A2761000
|
heap
|
page read and write
|
||
|
247900D0000
|
trusted library allocation
|
page read and write
|
||
|
242A27AC000
|
heap
|
page read and write
|
||
|
18EA6552000
|
heap
|
page read and write
|
||
|
5CD000
|
heap
|
page read and write
|
||
|
1F36F5B3000
|
heap
|
page read and write
|
||
|
22B8DD70000
|
trusted library allocation
|
page read and write
|
||
|
2B94AF13000
|
heap
|
page read and write
|
||
|
1AFA2AF3000
|
heap
|
page read and write
|
||
|
2005D790000
|
trusted library allocation
|
page read and write
|
||
|
22B8DE4D000
|
heap
|
page read and write
|
||
|
2478AB02000
|
heap
|
page read and write
|
||
|
26E8000
|
heap
|
page read and write
|
||
|
180030000
|
direct allocation
|
page readonly
|
||
|
247900A0000
|
trusted library allocation
|
page read and write
|
||
|
1900E713000
|
heap
|
page read and write
|
||
|
242A271A000
|
heap
|
page read and write
|
||
|
2478B215000
|
heap
|
page read and write
|
||
|
18EA6581000
|
heap
|
page read and write
|
||
|
2478A8A0000
|
heap
|
page read and write
|
||
|
2478AAFC000
|
heap
|
page read and write
|
||
|
247901C0000
|
trusted library allocation
|
page read and write
|
||
|
247904FB000
|
heap
|
page read and write
|
||
|
1F36F489000
|
heap
|
page read and write
|
||
|
2005D822000
|
heap
|
page read and write
|
||
|
262064B0000
|
heap
|
page readonly
|
||
|
7FFA668B0000
|
unkown
|
page readonly
|
||
|
247901D0000
|
trusted library allocation
|
page read and write
|
||
|
2478AA9C000
|
heap
|
page read and write
|
||
|
5EF547E000
|
stack
|
page read and write
|
||
|
7FFA668DB000
|
unkown
|
page read and write
|
||
|
7FFA668B1000
|
unkown
|
page execute read
|
||
|
1963083C000
|
heap
|
page read and write
|
||
|
30AF37B000
|
stack
|
page read and write
|
||
|
62E000
|
heap
|
page read and write
|
||
|
F474FBC000
|
stack
|
page read and write
|
||
|
2B94AD00000
|
heap
|
page read and write
|
||
|
7FFA668D2000
|
unkown
|
page readonly
|
||
|
1AF9F6E0000
|
heap
|
page read and write
|
||
|
242A1CF6000
|
heap
|
page read and write
|
||
|
30AF6FF000
|
stack
|
page read and write
|
||
|
1A0000
|
heap
|
page read and write
|
||
|
24790457000
|
heap
|
page read and write
|
||
|
30AF4F7000
|
stack
|
page read and write
|
||
|
2478B304000
|
heap
|
page read and write
|
||
|
1FAE000
|
stack
|
page read and write
|
||
|
22B8DE13000
|
heap
|
page read and write
|
||
|
26206510000
|
heap
|
page read and write
|
||
|
16A000
|
stack
|
page read and write
|
||
|
22B8DE81000
|
heap
|
page read and write
|
||
|
3F0000
|
heap
|
page readonly
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
18470860000
|
heap
|
page read and write
|
||
|
19630861000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
F70277B000
|
stack
|
page read and write
|
||
|
22B8DE3C000
|
heap
|
page read and write
|
||
|
22B8DF08000
|
heap
|
page read and write
|
||
|
140CEFF000
|
stack
|
page read and write
|
||
|
242A2C02000
|
heap
|
page read and write
|
||
|
24790464000
|
heap
|
page read and write
|
||
|
18470780000
|
heap
|
page readonly
|
||
|
51AC279000
|
stack
|
page read and write
|
||
|
242A2794000
|
heap
|
page read and write
|
||
|
242A27A7000
|
heap
|
page read and write
|
||
|
140CEFF000
|
stack
|
page read and write
|
||
|
26206545000
|
heap
|
page read and write
|
||
|
2478B200000
|
heap
|
page read and write
|
||
|
242A2763000
|
heap
|
page read and write
|
||
|
140CF7F000
|
stack
|
page read and write
|
||
|
2005D5D0000
|
trusted library allocation
|
page read and write
|
||
|
190000
|
remote allocation
|
page read and write
|
||
|
2478BA50000
|
trusted library allocation
|
page read and write
|
||
|
E1B5C79000
|
stack
|
page read and write
|
||
|
24790200000
|
remote allocation
|
page read and write
|
||
|
1AFA2AF0000
|
heap
|
page read and write
|
||
|
1F36F6AB000
|
heap
|
page read and write
|
||
|
5EF5BFF000
|
unkown
|
page read and write
|
||
|
19630760000
|
trusted library allocation
|
page read and write
|
||
|
242A279B000
|
heap
|
page read and write
|
||
|
2478B313000
|
heap
|
page read and write
|
||
|
242A2C02000
|
heap
|
page read and write
|
||
|
302BC79000
|
stack
|
page read and write
|
||
|
242A277A000
|
heap
|
page read and write
|
||
|
18470820000
|
heap
|
page read and write
|
||
|
2478AA6E000
|
heap
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
242A1C5C000
|
heap
|
page read and write
|
||
|
242A2799000
|
heap
|
page read and write
|
||
|
242A2777000
|
heap
|
page read and write
|
||
|
2AC93A31000
|
heap
|
page read and write
|
||
|
242A277D000
|
heap
|
page read and write
|
||
|
2B94AE28000
|
heap
|
page read and write
|
||
|
242A1C60000
|
heap
|
page read and write
|
||
|
242A277E000
|
heap
|
page read and write
|
||
|
24790500000
|
heap
|
page read and write
|
||
|
2005D720000
|
heap
|
page read and write
|
||
|
26206510000
|
heap
|
page read and write
|
||
|
2AC93A52000
|
heap
|
page read and write
|
||
|
7FFA668DF000
|
unkown
|
page readonly
|
||
|
2005D824000
|
heap
|
page read and write
|
||
|
1900E708000
|
heap
|
page read and write
|
||
|
18470648000
|
heap
|
page read and write
|
||
|
140CE7C000
|
stack
|
page read and write
|
||
|
2AC938F0000
|
heap
|
page read and write
|
||
|
26206520000
|
remote allocation
|
page read and write
|
||
|
18470490000
|
heap
|
page read and write
|
||
|
262061B0000
|
heap
|
page read and write
|
||
|
242A1C7F000
|
heap
|
page read and write
|
||
|
1E048FD000
|
stack
|
page read and write
|
||
|
2630000
|
remote allocation
|
page read and write
|
||
|
7FFA668B0000
|
unkown
|
page readonly
|
||
|
24790170000
|
trusted library allocation
|
page read and write
|
||
|
2478AA8A000
|
heap
|
page read and write
|
||
|
242A2753000
|
heap
|
page read and write
|
||
|
2479044C000
|
heap
|
page read and write
|
||
|
B5EBD8D000
|
stack
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
6CAF97F000
|
stack
|
page read and write
|
||
|
242A2791000
|
heap
|
page read and write
|
||
|
2478AA73000
|
heap
|
page read and write
|
||
|
2478AAAB000
|
heap
|
page read and write
|
||
|
1900E65F000
|
heap
|
page read and write
|
||
|
18EA656A000
|
heap
|
page read and write
|
||
|
18470740000
|
direct allocation
|
page execute and read and write
|
||
|
5EF59F9000
|
stack
|
page read and write
|
||
|
184705F0000
|
heap
|
page read and write
|
||
|
302BE7F000
|
stack
|
page read and write
|
||
|
7FFA668B1000
|
unkown
|
page execute read
|
||
|
7FFA668DF000
|
unkown
|
page readonly
|
||
|
18EA67A5000
|
heap
|
page read and write
|
||
|
A30000
|
heap
|
page read and write
|
||
|
22B8DE29000
|
heap
|
page read and write
|
||
|
242A2C20000
|
heap
|
page read and write
|
||
|
1F372EE0000
|
heap
|
page read and write
|
||
|
659000
|
heap
|
page read and write
|
||
|
26206290000
|
heap
|
page read and write
|
||
|
2380000
|
heap
|
page read and write
|
||
|
6CAF67E000
|
stack
|
page read and write
|
||
|
242A1CE8000
|
heap
|
page read and write
|
||
|
242A277B000
|
heap
|
page read and write
|
||
|
8A8B97E000
|
stack
|
page read and write
|
||
|
20CF000
|
stack
|
page read and write
|
||
|
19630850000
|
heap
|
page read and write
|
||
|
1900E652000
|
heap
|
page read and write
|
||
|
F47527F000
|
stack
|
page read and write
|
||
|
242A27B9000
|
heap
|
page read and write
|
||
|
26206240000
|
heap
|
page read and write
|
||
|
242A1C5B000
|
heap
|
page read and write
|
||
|
18470648000
|
heap
|
page read and write
|
||
|
1AF9F77E000
|
heap
|
page read and write
|
||
|
2630000
|
remote allocation
|
page read and write
|
||
|
19630902000
|
heap
|
page read and write
|
||
|
2478A900000
|
heap
|
page read and write
|
||
|
654EC7F000
|
stack
|
page read and write
|
||
|
2478B359000
|
heap
|
page read and write
|
||
|
1AF9F660000
|
heap
|
page read and write
|
||
|
242A1C00000
|
heap
|
page read and write
|
||
|
242A1D13000
|
heap
|
page read and write
|
||
|
242A2727000
|
heap
|
page read and write
|
||
|
30AF27B000
|
stack
|
page read and write
|
||
|
247900C1000
|
trusted library allocation
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
26206460000
|
direct allocation
|
page execute and read and write
|
||
|
2B94AF00000
|
heap
|
page read and write
|
||
|
242A2790000
|
heap
|
page read and write
|
||
|
19630730000
|
heap
|
page read and write
|
||
|
1AF9F782000
|
heap
|
page read and write
|
||
|
26206470000
|
heap
|
page read and write
|
||
|
2478BED1000
|
trusted library allocation
|
page read and write
|
||
|
1F36F5B0000
|
heap
|
page read and write
|
||
|
5D1000
|
heap
|
page read and write
|
||
|
654E67B000
|
stack
|
page read and write
|
||
|
247904FE000
|
heap
|
page read and write
|
||
|
6CAF09B000
|
stack
|
page read and write
|
||
|
242A2777000
|
heap
|
page read and write
|
||
|
242A2792000
|
heap
|
page read and write
|
||
|
26206520000
|
remote allocation
|
page read and write
|
||
|
2B94AE5A000
|
heap
|
page read and write
|
||
|
1AF9F776000
|
heap
|
page read and write
|
||
|
2478AA00000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
180030000
|
direct allocation
|
page readonly
|
||
|
2478B300000
|
heap
|
page read and write
|
||
|
7FFA668DB000
|
unkown
|
page read and write
|
||
|
24790200000
|
remote allocation
|
page read and write
|
||
|
18EA67A0000
|
heap
|
page read and write
|
||
|
18470490000
|
unkown
|
page read and write
|
||
|
18EA6548000
|
heap
|
page read and write
|
||
|
242A277A000
|
heap
|
page read and write
|
||
|
242A2793000
|
heap
|
page read and write
|
||
|
247900A0000
|
trusted library allocation
|
page read and write
|
||
|
242A2C02000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
6CAF19E000
|
stack
|
page read and write
|
||
|
26206220000
|
heap
|
page read and write
|
||
|
247904AB000
|
heap
|
page read and write
|
||
|
22B8DE51000
|
heap
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
242A2790000
|
heap
|
page read and write
|
||
|
242A2779000
|
heap
|
page read and write
|
||
|
247900AE000
|
trusted library allocation
|
page read and write
|
||
|
19630913000
|
heap
|
page read and write
|
||
|
18472140000
|
heap
|
page read and write
|
||
|
2005D5C0000
|
heap
|
page read and write
|
||
|
2479043F000
|
heap
|
page read and write
|
||
|
2B94AE13000
|
heap
|
page read and write
|
||
|
23AC000
|
stack
|
page read and write
|
||
|
1AFA29D0000
|
heap
|
page read and write
|
||
|
184705D0000
|
heap
|
page read and write
|
||
|
247904AD000
|
heap
|
page read and write
|
||
|
242A2763000
|
heap
|
page read and write
|
||
|
24790320000
|
trusted library allocation
|
page read and write
|
||
|
18EA6540000
|
heap
|
page read and write
|
||
|
18EA6557000
|
heap
|
page read and write
|
||
|
1F36F4A1000
|
heap
|
page read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
B0000
|
heap
|
page read and write
|
||
|
22B8E802000
|
trusted library allocation
|
page read and write
|
||
|
26AF000
|
stack
|
page read and write
|
||
|
19630800000
|
heap
|
page read and write
|
||
|
7FFA668B0000
|
unkown
|
page readonly
|
||
|
242A2779000
|
heap
|
page read and write
|
||
|
1F370F90000
|
heap
|
page read and write
|
||
|
7FFA668B0000
|
unkown
|
page readonly
|
||
|
2005E410000
|
trusted library allocation
|
page read and write
|
||
|
18470820000
|
heap
|
page read and write
|
||
|
242A1C86000
|
heap
|
page read and write
|
||
|
2005E670000
|
trusted library allocation
|
page read and write
|
||
|
1AF9F500000
|
heap
|
page read and write
|
||
|
7FFA668DB000
|
unkown
|
page read and write
|
||
|
F70297E000
|
stack
|
page read and write
|
||
|
2AC93890000
|
heap
|
page read and write
|
||
|
242A279D000
|
heap
|
page read and write
|
||
|
22B8DE52000
|
heap
|
page read and write
|
||
|
24790414000
|
heap
|
page read and write
|
||
|
2478FF90000
|
trusted library allocation
|
page read and write
|
||
|
1F36F49C000
|
heap
|
page read and write
|
||
|
18470780000
|
heap
|
page readonly
|
||
|
242A1C5E000
|
heap
|
page read and write
|
||
|
242A2779000
|
heap
|
page read and write
|
||
|
26206540000
|
heap
|
page read and write
|
||
|
2AC93A29000
|
heap
|
page read and write
|
||
|
A35000
|
heap
|
page read and write
|
||
|
242A27B9000
|
heap
|
page read and write
|
||
|
2478AA75000
|
heap
|
page read and write
|
||
|
E1B527B000
|
stack
|
page read and write
|
||
|
62A000
|
heap
|
page read and write
|
||
|
262E000
|
stack
|
page read and write
|
||
|
140CE7C000
|
stack
|
page read and write
|
||
|
184705D0000
|
heap
|
page read and write
|
||
|
24790502000
|
heap
|
page read and write
|
||
|
18EA6490000
|
heap
|
page read and write
|
||
|
26206290000
|
heap
|
page read and write
|
||
|
2478A890000
|
heap
|
page read and write
|
||
|
1F36F6A5000
|
heap
|
page read and write
|
||
|
2005E680000
|
trusted library allocation
|
page read and write
|
||
|
2478AA91000
|
heap
|
page read and write
|
||
|
F4752FF000
|
stack
|
page read and write
|
||
|
242A279B000
|
heap
|
page read and write
|
||
|
242A278E000
|
heap
|
page read and write
|
||
|
18470865000
|
heap
|
page read and write
|
||
|
22B8DE6D000
|
heap
|
page read and write
|
||
|
2478AA29000
|
heap
|
page read and write
|
||
|
1AF9FA10000
|
heap
|
page read and write
|
||
|
76B000
|
heap
|
page read and write
|
||
|
24790200000
|
trusted library allocation
|
page read and write
|
||
|
540000
|
trusted library allocation
|
page read and write
|
||
|
2005D7B0000
|
heap
|
page read and write
|
||
|
180030000
|
direct allocation
|
page readonly
|
||
|
1900E63C000
|
heap
|
page read and write
|
||
|
214E000
|
stack
|
page read and write
|
||
|
8A8B87E000
|
stack
|
page read and write
|
||
|
247904B1000
|
heap
|
page read and write
|
||
|
1900E629000
|
heap
|
page read and write
|
||
|
26206470000
|
heap
|
page read and write
|
||
|
7FFA668DB000
|
unkown
|
page read and write
|
||
|
7FFA668DF000
|
unkown
|
page readonly
|
||
|
2478AA78000
|
heap
|
page read and write
|
||
|
1650F360000
|
heap
|
page read and write
|
||
|
1900E613000
|
heap
|
page read and write
|
||
|
180030000
|
direct allocation
|
page readonly
|
||
|
242A2793000
|
heap
|
page read and write
|
||
|
2005D7A0000
|
trusted library allocation
|
page read and write
|
||
|
785000
|
heap
|
page read and write
|
||
|
51AC0FE000
|
stack
|
page read and write
|
||
|
242A27CA000
|
heap
|
page read and write
|
||
|
242A1BF0000
|
heap
|
page read and write
|
||
|
24790502000
|
heap
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page read and write
|
||
|
1AF9F640000
|
heap
|
page read and write
|
||
|
2005D7B9000
|
heap
|
page read and write
|
||
|
247904EE000
|
heap
|
page read and write
|
||
|
585000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
242A1D16000
|
heap
|
page read and write
|
||
|
247904F4000
|
heap
|
page read and write
|
||
|
221C000
|
stack
|
page read and write
|
||
|
242A1C67000
|
heap
|
page read and write
|
||
|
242A2550000
|
remote allocation
|
page read and write
|
||
|
180030000
|
direct allocation
|
page readonly
|
||
|
242A2C02000
|
heap
|
page read and write
|
||
|
22B8DE70000
|
heap
|
page read and write
|
||
|
1AF9F779000
|
heap
|
page read and write
|
||
|
1900E700000
|
heap
|
page read and write
|
||
|
1AF9F782000
|
heap
|
page read and write
|
||
|
6CAF4FB000
|
stack
|
page read and write
|
||
|
7FFA668DB000
|
unkown
|
page read and write
|
||
|
247900E4000
|
trusted library allocation
|
page read and write
|
||
|
242A1C6D000
|
heap
|
page read and write
|
||
|
242B000
|
stack
|
page read and write
|
||
|
654E6FE000
|
stack
|
page read and write
|
||
|
262064B0000
|
heap
|
page readonly
|
||
|
18470820000
|
heap
|
page read and write
|
||
|
26206290000
|
heap
|
page read and write
|
||
|
B5EBD0E000
|
stack
|
page read and write
|
||
|
242A279B000
|
heap
|
page read and write
|
||
|
242A277E000
|
heap
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
2478AA3D000
|
heap
|
page read and write
|
||
|
2005E660000
|
heap
|
page readonly
|
||
|
1F36F478000
|
heap
|
page read and write
|
||
|
26206220000
|
heap
|
page read and write
|
||
|
2B94AE00000
|
heap
|
page read and write
|
||
|
22B8DCE0000
|
heap
|
page read and write
|
||
|
22B8DCD0000
|
heap
|
page read and write
|
||
|
262061B0000
|
unkown
|
page read and write
|
||
|
1F36F4AD000
|
heap
|
page read and write
|
||
|
1F36F450000
|
heap
|
page read and write
|
||
|
E1B5D7B000
|
stack
|
page read and write
|
||
|
2B94AE6E000
|
heap
|
page read and write
|
||
|
242A2760000
|
heap
|
page read and write
|
||
|
2005D7B5000
|
heap
|
page read and write
|
||
|
7C2000
|
heap
|
page read and write
|
||
|
7FFA668B1000
|
unkown
|
page execute read
|
||
|
F47527F000
|
stack
|
page read and write
|
||
|
242A27AC000
|
heap
|
page read and write
|
||
|
2B94AD90000
|
trusted library allocation
|
page read and write
|
||
|
247902E0000
|
trusted library allocation
|
page read and write
|
||
|
1AF9F791000
|
heap
|
page read and write
|
||
|
7FFA668D2000
|
unkown
|
page readonly
|
||
|
2478AB02000
|
heap
|
page read and write
|
||
|
196306C0000
|
heap
|
page read and write
|
||
|
30AF3FE000
|
stack
|
page read and write
|
||
|
520000
|
heap
|
page readonly
|
||
|
26206470000
|
heap
|
page read and write
|
||
|
26206545000
|
heap
|
page read and write
|
||
|
2478B302000
|
heap
|
page read and write
|
||
|
2478AA8C000
|
heap
|
page read and write
|
||
|
2478AAFC000
|
heap
|
page read and write
|
||
|
242A279B000
|
heap
|
page read and write
|
||
|
2478BEF0000
|
trusted library allocation
|
page read and write
|
||
|
26206460000
|
direct allocation
|
page execute and read and write
|
||
|
242A279C000
|
heap
|
page read and write
|
||
|
7FFA668B1000
|
unkown
|
page execute read
|
||
|
5E3000
|
heap
|
page read and write
|
||
|
1F36F489000
|
heap
|
page read and write
|
||
|
51AC37E000
|
stack
|
page read and write
|
||
|
26206240000
|
heap
|
page read and write
|
||
|
7FFA668D2000
|
unkown
|
page readonly
|
||
|
247900D0000
|
trusted library allocation
|
page read and write
|
||
|
2478AAA2000
|
heap
|
page read and write
|
||
|
1900E600000
|
heap
|
page read and write
|
||
|
30AF5FE000
|
stack
|
page read and write
|
||
|
242A1D02000
|
heap
|
page read and write
|
||
|
1AF9FA1B000
|
heap
|
page read and write
|
||
|
2AC93A43000
|
heap
|
page read and write
|
||
|
2736000
|
heap
|
page read and write
|
||
|
1900E702000
|
heap
|
page read and write
|
||
|
7FFA668B0000
|
unkown
|
page readonly
|
||
|
2478BEF3000
|
trusted library allocation
|
page read and write
|
||
|
7FFA668D2000
|
unkown
|
page readonly
|
||
|
2B94AD60000
|
heap
|
page read and write
|
||
|
3B0000
|
direct allocation
|
page execute and read and write
|
||
|
1F36F498000
|
heap
|
page read and write
|
||
|
6CAF11E000
|
stack
|
page read and write
|
||
|
540000
|
trusted library allocation
|
page read and write
|
||
|
242A2764000
|
heap
|
page read and write
|
||
|
1F3726E0000
|
trusted library allocation
|
page read and write
|
||
|
242A2C19000
|
heap
|
page read and write
|
||
|
24790170000
|
trusted library allocation
|
page read and write
|
||
|
18470490000
|
unkown
|
page read and write
|
||
|
242A2788000
|
heap
|
page read and write
|
||
|
26206540000
|
heap
|
page read and write
|
||
|
242A1C5D000
|
heap
|
page read and write
|
||
|
2005D700000
|
heap
|
page read and write
|
||
|
231B000
|
stack
|
page read and write
|
||
|
2AC938A0000
|
heap
|
page read and write
|
||
|
242A277A000
|
heap
|
page read and write
|
||
|
242A2777000
|
heap
|
page read and write
|
||
|
7FFA668B0000
|
unkown
|
page readonly
|
||
|
2478AAA8000
|
heap
|
page read and write
|
||
|
26206240000
|
heap
|
page read and write
|
||
|
7FFA668B0000
|
unkown
|
page readonly
|
||
|
2478AA58000
|
heap
|
page read and write
|
||
|
18EA6557000
|
heap
|
page read and write
|
||
|
184707E0000
|
remote allocation
|
page read and write
|
||
|
1F36F48D000
|
heap
|
page read and write
|
||
|
242A27A3000
|
heap
|
page read and write
|
||
|
7FFA668B1000
|
unkown
|
page execute read
|
||
|
242A2793000
|
heap
|
page read and write
|
||
|
7FFA668B1000
|
unkown
|
page execute read
|
||
|
242A277C000
|
heap
|
page read and write
|
||
|
242A1C63000
|
heap
|
page read and write
|
||
|
247904DD000
|
heap
|
page read and write
|
||
|
6CAF87F000
|
stack
|
page read and write
|
||
|
340000
|
heap
|
page read and write
|
||
|
30AF17E000
|
stack
|
page read and write
|
||
|
24790170000
|
trusted library allocation
|
page read and write
|
||
|
242A1CE8000
|
heap
|
page read and write
|
||
|
242A2799000
|
heap
|
page read and write
|
||
|
2478AAAB000
|
heap
|
page read and write
|
||
|
19630908000
|
heap
|
page read and write
|
||
|
22B8DE00000
|
heap
|
page read and write
|
||
|
242A2750000
|
heap
|
page read and write
|
||
|
242A1C7F000
|
heap
|
page read and write
|
||
|
19631202000
|
trusted library allocation
|
page read and write
|
||
|
7FFA668DF000
|
unkown
|
page readonly
|
||
|
18470640000
|
heap
|
page read and write
|
||
|
247900C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFA668DF000
|
unkown
|
page readonly
|
||
|
360000
|
heap
|
page read and write
|
||
|
262061B0000
|
unkown
|
page read and write
|
||
|
242A1C13000
|
heap
|
page read and write
|
||
|
24790180000
|
trusted library allocation
|
page read and write
|
||
|
51AC1FE000
|
stack
|
page read and write
|
||
|
18470860000
|
heap
|
page read and write
|
||
|
1AF9F7A0000
|
heap
|
page read and write
|
||
|
5EF57F7000
|
stack
|
page read and write
|
||
|
302BD7E000
|
stack
|
page read and write
|
||
|
26206510000
|
heap
|
page read and write
|
||
|
6CAF777000
|
stack
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
1FE0000
|
heap
|
page read and write
|
||
|
2479042D000
|
heap
|
page read and write
|
||
|
51AC07A000
|
stack
|
page read and write
|
||
|
2478AB07000
|
heap
|
page read and write
|
||
|
F47527F000
|
stack
|
page read and write
|
||
|
247901F0000
|
trusted library allocation
|
page read and write
|
||
|
242A2792000
|
heap
|
page read and write
|
||
|
2005D8D0000
|
trusted library allocation
|
page read and write
|
||
|
22B8DF00000
|
heap
|
page read and write
|
||
|
184705F0000
|
heap
|
page read and write
|
||
|
242A1CC0000
|
heap
|
page read and write
|
||
|
247904F4000
|
heap
|
page read and write
|
||
|
242A2790000
|
heap
|
page read and write
|
||
|
18470865000
|
heap
|
page read and write
|
||
|
1963084D000
|
heap
|
page read and write
|
||
|
654E77E000
|
stack
|
page read and write
|
||
|
1F36F2F0000
|
heap
|
page read and write
|
||
|
247904DA000
|
heap
|
page read and write
|
||
|
7FFA668D2000
|
unkown
|
page readonly
|
||
|
22B8DE49000
|
heap
|
page read and write
|
||
|
247904F7000
|
heap
|
page read and write
|
||
|
2AC93A37000
|
heap
|
page read and write
|
||
|
242A277C000
|
heap
|
page read and write
|
||
|
242A27B3000
|
heap
|
page read and write
|
||
|
659000
|
heap
|
page read and write
|
||
|
2478B358000
|
heap
|
page read and write
|
||
|
242A2772000
|
heap
|
page read and write
|
||
|
1AFA2B00000
|
trusted library allocation
|
page read and write
|
||
|
140CEFF000
|
stack
|
page read and write
|
||
|
5D1000
|
heap
|
page read and write
|
There are 747 hidden memdumps, click here to show them.