Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
3vYbe1bYFd.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Network\Downloader\edb.chk
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
MPEG-4 LOAS
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage engine DataBase, version 0x620, checksum 0x780aa5ad, page size 16384, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_3vY_f7c53a6fd35771ba6462da16e6bcb2581a34718_e0906090_19c9e185\Report.wer
|
Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_3vY_f7c53a6fd35771ba6462da16e6bcb2581a34718_e0906090_19dde1f2\Report.wer
|
Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD56F.tmp.dmp
|
Mini DuMP crash report, 15 streams, Mon May 23 06:41:46 2022, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD59E.tmp.dmp
|
Mini DuMP crash report, 15 streams, Mon May 23 06:41:46 2022, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD85E.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD929.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDA53.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDB1E.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, 61480 bytes, 1 file
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
modified
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log
|
Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
|
modified
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_3vY_f2377edc972ec1548b57729b7c19e6e09b2f3f_e0906090_051c2651\Report.wer
|
Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_3vY_f2377edc972ec1548b57729b7c19e6e09b2f3f_e0906090_0f5825e4\Report.wer
|
Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA615.tmp.dmp
|
Mini DuMP crash report, 15 streams, Sun May 22 21:31:21 2022, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA72E.tmp.dmp
|
Mini DuMP crash report, 15 streams, Sun May 22 21:31:21 2022, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA933.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAA8C.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAB17.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERACDD.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
There are 15 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\regsvr32.exe
|
regsvr32.exe /s C:\Users\user\Desktop\3vYbe1bYFd.dll
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\3vYbe1bYFd.dll",#1
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\3vYbe1bYFd.dll,AddIn_FileTime
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\SyeNstLIaswClq\bXSPARJszx.dll"
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\3vYbe1bYFd.dll,AddIn_SystemTime
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\3vYbe1bYFd.dll,DllRegisterServer
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
|
|
|
|
C:\Windows\System32\svchost.exe
|
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
|
|
|
|
C:\Windows\System32\svchost.exe
|
c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k NetworkService -p
|
|
|
|
C:\Windows\System32\svchost.exe
|
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\ZhCaZiQILulll\dyxOJP.dll"
|
|
|
|
C:\Windows\System32\svchost.exe
|
c:\windows\system32\svchost.exe -k unistacksvcgroup
|
|
|
|
C:\Windows\System32\loaddll64.exe
|
loaddll64.exe "C:\Users\user\Desktop\3vYbe1bYFd.dll"
|
||
|
C:\Windows\System32\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\3vYbe1bYFd.dll",#1
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 6352 -s 324
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 6360 -s 316
|
||
|
C:\Windows\System32\SgrmBroker.exe
|
C:\Windows\system32\SgrmBroker.exe
|
||
|
C:\Program Files\Windows Defender\MpCmdRun.exe
|
"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 404 -s 336
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 4584 -s 328
|
There are 16 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://165.22.73.229/
|
unknown
|
|
|
|
https://165.22.73.229/:
|
unknown
|
|
|
|
https://165.22.73.229/X)
|
unknown
|
|
|
|
https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
|
unknown
|
||
|
https://www.disneyplus.com/legal/your-california-privacy-rights
|
unknown
|
||
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=
|
unknown
|
||
|
https://dev.ditu.live.com/REST/v1/Routes/
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Routes/Driving
|
unknown
|
||
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
|
unknown
|
||
|
https://dev.ditu.live.com/REST/v1/Transit/Stops/
|
unknown
|
||
|
https://t0.tiles.ditu.live.com/tiles/gen
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Routes/
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Traffic/Incidents/
|
unknown
|
||
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Routes/Walking
|
unknown
|
||
|
http://crl.ver)
|
unknown
|
||
|
https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
|
unknown
|
||
|
https://www.tiktok.com/legal/report/feedback
|
unknown
|
||
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
|
unknown
|
||
|
https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=
|
unknown
|
||
|
https://%s.xboxlive.com
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Locations
|
unknown
|
||
|
https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v=
|
unknown
|
||
|
https://dev.virtualearth.net/mapcontrol/logging.ashx
|
unknown
|
||
|
https://support.hotspotshield.com/
|
unknown
|
||
|
https://dev.ditu.live.com/mapcontrol/logging.ashx
|
unknown
|
||
|
https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
|
unknown
|
||
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
|
unknown
|
||
|
https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
|
unknown
|
||
|
https://www.disneyplus.com/legal/privacy-policy
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/JsonFilter/VenueMaps/data/
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Transit/Schedules/
|
unknown
|
||
|
https://165.22.73.229:8080/tem
|
unknown
|
||
|
https://dynamic.t
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Routes/Transit
|
unknown
|
||
|
https://165.22.73.229:8080/
|
unknown
|
||
|
https://www.hotspotshield.com/terms/
|
unknown
|
||
|
https://www.pango.co/privacy
|
unknown
|
||
|
https://disneyplus.com/legal.
|
unknown
|
||
|
https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
|
unknown
|
||
|
https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
|
unknown
|
||
|
https://activity.windows.com
|
unknown
|
||
|
http://www.bingmapsportal.com
|
unknown
|
||
|
https://dev.ditu.live.com/REST/v1/Locations
|
unknown
|
||
|
http://help.disneyplus.com.
|
unknown
|
||
|
https://165.22.73.229:8080/tg5
|
unknown
|
||
|
https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
|
unknown
|
||
|
https://%s.dnet.xboxlive.com
|
unknown
|
||
|
https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
|
unknown
|
||
|
https://dev.ditu.live.com/REST/v1/Traffic/Incidents/
|
unknown
|
||
|
https://www.tiktok.com/legal/report
|
unknown
|
||
|
https://165.22.73.229:8080/Num
|
unknown
|
||
|
https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/
|
unknown
|
There are 43 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
165.22.73.229
|
unknown
|
United States
|
|
|
|
127.0.0.1
|
unknown
|
unknown
|
||
|
192.168.2.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
|
cval
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
|
cval
|
|
|
|
\REGISTRY\A\{d2d47f4e-2c78-4e3b-04cf-0166548cd667}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProgramId
|
||
|
\REGISTRY\A\{d2d47f4e-2c78-4e3b-04cf-0166548cd667}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
FileId
|
||
|
\REGISTRY\A\{d2d47f4e-2c78-4e3b-04cf-0166548cd667}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{d2d47f4e-2c78-4e3b-04cf-0166548cd667}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LongPathHash
|
||
|
\REGISTRY\A\{d2d47f4e-2c78-4e3b-04cf-0166548cd667}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Name
|
||
|
\REGISTRY\A\{d2d47f4e-2c78-4e3b-04cf-0166548cd667}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Publisher
|
||
|
\REGISTRY\A\{d2d47f4e-2c78-4e3b-04cf-0166548cd667}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Version
|
||
|
\REGISTRY\A\{d2d47f4e-2c78-4e3b-04cf-0166548cd667}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinFileVersion
|
||
|
\REGISTRY\A\{d2d47f4e-2c78-4e3b-04cf-0166548cd667}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinaryType
|
||
|
\REGISTRY\A\{d2d47f4e-2c78-4e3b-04cf-0166548cd667}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductName
|
||
|
\REGISTRY\A\{d2d47f4e-2c78-4e3b-04cf-0166548cd667}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductVersion
|
||
|
\REGISTRY\A\{d2d47f4e-2c78-4e3b-04cf-0166548cd667}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LinkDate
|
||
|
\REGISTRY\A\{d2d47f4e-2c78-4e3b-04cf-0166548cd667}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinProductVersion
|
||
|
\REGISTRY\A\{d2d47f4e-2c78-4e3b-04cf-0166548cd667}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Size
|
||
|
\REGISTRY\A\{d2d47f4e-2c78-4e3b-04cf-0166548cd667}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Language
|
||
|
\REGISTRY\A\{d2d47f4e-2c78-4e3b-04cf-0166548cd667}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsPeFile
|
||
|
\REGISTRY\A\{d2d47f4e-2c78-4e3b-04cf-0166548cd667}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsOsComponent
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
0018800453F4626F
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
0018800453F4626F
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\System32\ci.dll,-100
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\System32\ci.dll,-101
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\system32\dnsapi.dll,-103
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\System32\fveui.dll,-843
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\System32\fveui.dll,-844
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\System32\wuaueng.dll,-400
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\system32\NgcRecovery.dll,-100
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage
|
MonthID
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
||
|
\REGISTRY\A\{fda3240c-d1cc-5f2b-a779-3b62ecae2519}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProgramId
|
||
|
\REGISTRY\A\{fda3240c-d1cc-5f2b-a779-3b62ecae2519}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
FileId
|
||
|
\REGISTRY\A\{fda3240c-d1cc-5f2b-a779-3b62ecae2519}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{fda3240c-d1cc-5f2b-a779-3b62ecae2519}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LongPathHash
|
||
|
\REGISTRY\A\{fda3240c-d1cc-5f2b-a779-3b62ecae2519}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Name
|
||
|
\REGISTRY\A\{fda3240c-d1cc-5f2b-a779-3b62ecae2519}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Publisher
|
||
|
\REGISTRY\A\{fda3240c-d1cc-5f2b-a779-3b62ecae2519}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Version
|
||
|
\REGISTRY\A\{fda3240c-d1cc-5f2b-a779-3b62ecae2519}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinFileVersion
|
||
|
\REGISTRY\A\{fda3240c-d1cc-5f2b-a779-3b62ecae2519}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinaryType
|
||
|
\REGISTRY\A\{fda3240c-d1cc-5f2b-a779-3b62ecae2519}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductName
|
||
|
\REGISTRY\A\{fda3240c-d1cc-5f2b-a779-3b62ecae2519}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductVersion
|
||
|
\REGISTRY\A\{fda3240c-d1cc-5f2b-a779-3b62ecae2519}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LinkDate
|
||
|
\REGISTRY\A\{fda3240c-d1cc-5f2b-a779-3b62ecae2519}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinProductVersion
|
||
|
\REGISTRY\A\{fda3240c-d1cc-5f2b-a779-3b62ecae2519}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Size
|
||
|
\REGISTRY\A\{fda3240c-d1cc-5f2b-a779-3b62ecae2519}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Language
|
||
|
\REGISTRY\A\{fda3240c-d1cc-5f2b-a779-3b62ecae2519}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsPeFile
|
||
|
\REGISTRY\A\{fda3240c-d1cc-5f2b-a779-3b62ecae2519}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsOsComponent
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f1\52C64B7E
|
@%SystemRoot%\System32\ci.dll,-100
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f1\52C64B7E
|
@%SystemRoot%\System32\ci.dll,-101
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f1\52C64B7E
|
@%SystemRoot%\system32\dnsapi.dll,-103
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f1\52C64B7E
|
@%SystemRoot%\System32\fveui.dll,-843
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f1\52C64B7E
|
@%SystemRoot%\System32\fveui.dll,-844
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f1\52C64B7E
|
@%SystemRoot%\System32\wuaueng.dll,-400
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f1\52C64B7E
|
@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f1\52C64B7E
|
@%SystemRoot%\system32\NgcRecovery.dll,-100
|
There are 51 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1E8B52C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
1290000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
1EF360C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
1E8B52C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
1E8B52C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
1EF360C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
1EF360C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
EE0000
|
direct allocation
|
page execute and read and write
|
|
|
|
14C9BB77000
|
heap
|
page read and write
|
||
|
180030000
|
direct allocation
|
page readonly
|
||
|
13CC9FF000
|
stack
|
page read and write
|
||
|
29038F04000
|
heap
|
page read and write
|
||
|
4AE2DBE000
|
stack
|
page read and write
|
||
|
3FE53DC000
|
stack
|
page read and write
|
||
|
1EF37B50000
|
heap
|
page read and write
|
||
|
7FFC66BBF000
|
unkown
|
page readonly
|
||
|
14C9BB8E000
|
heap
|
page read and write
|
||
|
14C9BBA3000
|
heap
|
page read and write
|
||
|
D8976C000
|
stack
|
page read and write
|
||
|
14C9B940000
|
remote allocation
|
page read and write
|
||
|
29033F00000
|
heap
|
page read and write
|
||
|
1EF361D0000
|
heap
|
page read and write
|
||
|
7CBBEFD000
|
stack
|
page read and write
|
||
|
7FFC66B90000
|
unkown
|
page readonly
|
||
|
29038E14000
|
heap
|
page read and write
|
||
|
24089039000
|
heap
|
page read and write
|
||
|
24089047000
|
heap
|
page read and write
|
||
|
29033F04000
|
heap
|
page read and write
|
||
|
26369913000
|
heap
|
page read and write
|
||
|
25B89949000
|
heap
|
page read and write
|
||
|
1E862213000
|
heap
|
page read and write
|
||
|
2380E110000
|
heap
|
page read and write
|
||
|
D89A7E000
|
stack
|
page read and write
|
||
|
1E8B52F0000
|
heap
|
page readonly
|
||
|
25B89910000
|
heap
|
page read and write
|
||
|
DB0000
|
remote allocation
|
page read and write
|
||
|
14C9B302000
|
heap
|
page read and write
|
||
|
27FF000
|
stack
|
page read and write
|
||
|
24089064000
|
heap
|
page read and write
|
||
|
14C9BB88000
|
heap
|
page read and write
|
||
|
14C9BB87000
|
heap
|
page read and write
|
||
|
4AE34FE000
|
stack
|
page read and write
|
||
|
29038B10000
|
trusted library allocation
|
page read and write
|
||
|
24089048000
|
heap
|
page read and write
|
||
|
1EF360F0000
|
heap
|
page readonly
|
||
|
1DC7184E000
|
heap
|
page read and write
|
||
|
863A14F000
|
stack
|
page read and write
|
||
|
14C9C003000
|
heap
|
page read and write
|
||
|
25B89940000
|
heap
|
page read and write
|
||
|
14C9BBAF000
|
heap
|
page read and write
|
||
|
306C000
|
stack
|
page read and write
|
||
|
25B89830000
|
heap
|
page read and write
|
||
|
14C9B313000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
341F000
|
heap
|
page read and write
|
||
|
33EF000
|
heap
|
page read and write
|
||
|
29038F02000
|
heap
|
page read and write
|
||
|
1EF36200000
|
heap
|
page read and write
|
||
|
24089042000
|
heap
|
page read and write
|
||
|
1FB1AC10000
|
heap
|
page read and write
|
||
|
25B89940000
|
heap
|
page read and write
|
||
|
1E8622B9000
|
heap
|
page read and write
|
||
|
23BF0EDA000
|
heap
|
page read and write
|
||
|
14C9B257000
|
heap
|
page read and write
|
||
|
14C9B2E2000
|
heap
|
page read and write
|
||
|
EC7735D000
|
stack
|
page read and write
|
||
|
1E862302000
|
heap
|
page read and write
|
||
|
1E862200000
|
heap
|
page read and write
|
||
|
B30C47E000
|
stack
|
page read and write
|
||
|
EC7787B000
|
stack
|
page read and write
|
||
|
1E34EC00000
|
heap
|
page read and write
|
||
|
1DAD47F0000
|
heap
|
page read and write
|
||
|
2922B84A000
|
heap
|
page read and write
|
||
|
1DC71900000
|
heap
|
page read and write
|
||
|
23BF4220000
|
heap
|
page read and write
|
||
|
180030000
|
direct allocation
|
page readonly
|
||
|
14C9BB8C000
|
heap
|
page read and write
|
||
|
341F000
|
heap
|
page read and write
|
||
|
1E8B3840000
|
unkown
|
page read and write
|
||
|
238113F0000
|
heap
|
page read and write
|
||
|
7CBBB7D000
|
stack
|
page read and write
|
||
|
7FFC66BB2000
|
unkown
|
page readonly
|
||
|
A6101FF000
|
stack
|
page read and write
|
||
|
14C9BB9C000
|
heap
|
page read and write
|
||
|
23BF10B5000
|
heap
|
page read and write
|
||
|
14C9BB7E000
|
heap
|
page read and write
|
||
|
29038C30000
|
remote allocation
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
2408904E000
|
heap
|
page read and write
|
||
|
1DAD4866000
|
heap
|
page read and write
|
||
|
23BF0EC0000
|
heap
|
page read and write
|
||
|
14C9BB84000
|
heap
|
page read and write
|
||
|
14C9B24B000
|
heap
|
page read and write
|
||
|
7CBB9FF000
|
stack
|
page read and write
|
||
|
14C9B23C000
|
heap
|
page read and write
|
||
|
2922B813000
|
heap
|
page read and write
|
||
|
119C000
|
heap
|
page read and write
|
||
|
1DC71800000
|
heap
|
page read and write
|
||
|
1E862229000
|
heap
|
page read and write
|
||
|
7FFC66B90000
|
unkown
|
page readonly
|
||
|
29033410000
|
heap
|
page read and write
|
||
|
7FFC66B91000
|
unkown
|
page execute read
|
||
|
14C9BB9B000
|
heap
|
page read and write
|
||
|
14C9BB86000
|
heap
|
page read and write
|
||
|
14C9B24F000
|
heap
|
page read and write
|
||
|
14C9B2F9000
|
heap
|
page read and write
|
||
|
14C9B289000
|
heap
|
page read and write
|
||
|
14C9BB78000
|
heap
|
page read and write
|
||
|
14FC8970000
|
heap
|
page read and write
|
||
|
1EF35FB0000
|
heap
|
page read and write
|
||
|
290389B0000
|
trusted library allocation
|
page read and write
|
||
|
EC77B7F000
|
stack
|
page read and write
|
||
|
14C9BB1A000
|
heap
|
page read and write
|
||
|
23BF0DD0000
|
heap
|
page read and write
|
||
|
1C917990000
|
heap
|
page read and write
|
||
|
1DAD487F000
|
heap
|
page read and write
|
||
|
D89CFB000
|
stack
|
page read and write
|
||
|
1E34EAD0000
|
heap
|
page read and write
|
||
|
24089075000
|
heap
|
page read and write
|
||
|
1EF360F0000
|
heap
|
page readonly
|
||
|
14C9BB77000
|
heap
|
page read and write
|
||
|
1DC71870000
|
heap
|
page read and write
|
||
|
119C000
|
heap
|
page read and write
|
||
|
1DC71891000
|
heap
|
page read and write
|
||
|
14C9BBAF000
|
heap
|
page read and write
|
||
|
23BF0EEA000
|
heap
|
page read and write
|
||
|
7CBB35C000
|
stack
|
page read and write
|
||
|
23BF0EE3000
|
heap
|
page read and write
|
||
|
1EF35E00000
|
unkown
|
page read and write
|
||
|
33DD000
|
heap
|
page read and write
|
||
|
1EF35E00000
|
unkown
|
page read and write
|
||
|
238113F3000
|
heap
|
page read and write
|
||
|
14C9B2EA000
|
heap
|
page read and write
|
||
|
B30C5FF000
|
stack
|
page read and write
|
||
|
DA2327D000
|
stack
|
page read and write
|
||
|
24089079000
|
heap
|
page read and write
|
||
|
1EF360F0000
|
heap
|
page readonly
|
||
|
33EC000
|
heap
|
page read and write
|
||
|
14C9BB18000
|
heap
|
page read and write
|
||
|
10EA000
|
heap
|
page read and write
|
||
|
14FC9660000
|
trusted library allocation
|
page read and write
|
||
|
7FFC66BB2000
|
unkown
|
page readonly
|
||
|
7FFC66B91000
|
unkown
|
page execute read
|
||
|
1FB1AD70000
|
trusted library allocation
|
page read and write
|
||
|
14C9C002000
|
heap
|
page read and write
|
||
|
14C9BB7E000
|
heap
|
page read and write
|
||
|
29033716000
|
heap
|
page read and write
|
||
|
1DAD4813000
|
heap
|
page read and write
|
||
|
7142A7B000
|
stack
|
page read and write
|
||
|
863A1CF000
|
stack
|
page read and write
|
||
|
29033400000
|
heap
|
page read and write
|
||
|
1DC71760000
|
heap
|
page read and write
|
||
|
F10000
|
heap
|
page read and write
|
||
|
DA2347E000
|
stack
|
page read and write
|
||
|
31EF000
|
stack
|
page read and write
|
||
|
2922B7A0000
|
trusted library allocation
|
page read and write
|
||
|
2636986A000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
29038B00000
|
trusted library allocation
|
page read and write
|
||
|
14C9B250000
|
heap
|
page read and write
|
||
|
29038E88000
|
heap
|
page read and write
|
||
|
29038BB0000
|
trusted library allocation
|
page read and write
|
||
|
24089032000
|
heap
|
page read and write
|
||
|
7142B7E000
|
stack
|
page read and write
|
||
|
2380E13A000
|
heap
|
page read and write
|
||
|
29038C30000
|
remote allocation
|
page read and write
|
||
|
29038E2E000
|
heap
|
page read and write
|
||
|
1E34EC3A000
|
heap
|
page read and write
|
||
|
29033657000
|
heap
|
page read and write
|
||
|
13CCC7D000
|
stack
|
page read and write
|
||
|
290E000
|
stack
|
page read and write
|
||
|
2922B83C000
|
heap
|
page read and write
|
||
|
26369790000
|
trusted library allocation
|
page read and write
|
||
|
2380E430000
|
heap
|
page read and write
|
||
|
2903369A000
|
heap
|
page read and write
|
||
|
114C000
|
heap
|
page read and write
|
||
|
4AE33FE000
|
stack
|
page read and write
|
||
|
340E000
|
heap
|
page read and write
|
||
|
1C917A13000
|
heap
|
page read and write
|
||
|
14C9B24D000
|
heap
|
page read and write
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
7FFC66BBB000
|
unkown
|
page read and write
|
||
|
1E8B3AA0000
|
heap
|
page read and write
|
||
|
1FB1ADA0000
|
remote allocation
|
page read and write
|
||
|
1E8B3AE0000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
14C9BB88000
|
heap
|
page read and write
|
||
|
1DAD485A000
|
heap
|
page read and write
|
||
|
1EF35F60000
|
heap
|
page read and write
|
||
|
14C9B2B0000
|
heap
|
page read and write
|
||
|
14FC96E0000
|
trusted library allocation
|
page read and write
|
||
|
1EF36205000
|
heap
|
page read and write
|
||
|
E52000
|
heap
|
page read and write
|
||
|
1120000
|
heap
|
page read and write
|
||
|
7FFC66BBB000
|
unkown
|
page read and write
|
||
|
288C000
|
stack
|
page read and write
|
||
|
4D9BB7F000
|
stack
|
page read and write
|
||
|
57ECEFB000
|
stack
|
page read and write
|
||
|
1E8B3AE0000
|
heap
|
page read and write
|
||
|
3418000
|
heap
|
page read and write
|
||
|
119C000
|
heap
|
page read and write
|
||
|
14C9C002000
|
heap
|
page read and write
|
||
|
B30C67F000
|
stack
|
page read and write
|
||
|
29038AD8000
|
trusted library allocation
|
page read and write
|
||
|
1E8B3AE5000
|
heap
|
page read and write
|
||
|
32EC000
|
stack
|
page read and write
|
||
|
4AE31FF000
|
stack
|
page read and write
|
||
|
23BF0EF0000
|
heap
|
page read and write
|
||
|
4D9B87E000
|
stack
|
page read and write
|
||
|
10F1000
|
heap
|
page read and write
|
||
|
23BF0DB0000
|
heap
|
page read and write
|
||
|
26369813000
|
heap
|
page read and write
|
||
|
14C9BB88000
|
heap
|
page read and write
|
||
|
10B0000
|
heap
|
page read and write
|
||
|
7FFC66BB2000
|
unkown
|
page readonly
|
||
|
14C9BB9A000
|
heap
|
page read and write
|
||
|
B30C1EE000
|
stack
|
page read and write
|
||
|
7A7697F000
|
stack
|
page read and write
|
||
|
14C9BB80000
|
heap
|
page read and write
|
||
|
3403000
|
heap
|
page read and write
|
||
|
D89B79000
|
stack
|
page read and write
|
||
|
A61047F000
|
stack
|
page read and write
|
||
|
7FFC66B91000
|
unkown
|
page execute read
|
||
|
14C9BBAA000
|
heap
|
page read and write
|
||
|
14C9BB5F000
|
heap
|
page read and write
|
||
|
1E8B3AA0000
|
heap
|
page read and write
|
||
|
24089083000
|
heap
|
page read and write
|
||
|
1DC71770000
|
heap
|
page read and write
|
||
|
29033DC0000
|
trusted library allocation
|
page read and write
|
||
|
3FE5AF8000
|
stack
|
page read and write
|
||
|
1FB1B602000
|
trusted library allocation
|
page read and write
|
||
|
7FFC66B90000
|
unkown
|
page readonly
|
||
|
29038EFC000
|
heap
|
page read and write
|
||
|
14C9B258000
|
heap
|
page read and write
|
||
|
1E8B52F0000
|
heap
|
page readonly
|
||
|
1E34EC5B000
|
heap
|
page read and write
|
||
|
DB0000
|
remote allocation
|
page read and write
|
||
|
1E8B3A80000
|
heap
|
page read and write
|
||
|
14C9B249000
|
heap
|
page read and write
|
||
|
14C9BB85000
|
heap
|
page read and write
|
||
|
496D8FF000
|
stack
|
page read and write
|
||
|
29038BF0000
|
trusted library allocation
|
page read and write
|
||
|
180030000
|
direct allocation
|
page readonly
|
||
|
29033F18000
|
heap
|
page read and write
|
||
|
29034500000
|
trusted library allocation
|
page read and write
|
||
|
7FFC66BBF000
|
unkown
|
page readonly
|
||
|
14C9BB8B000
|
heap
|
page read and write
|
||
|
A61017C000
|
stack
|
page read and write
|
||
|
29033F18000
|
heap
|
page read and write
|
||
|
D897ED000
|
stack
|
page read and write
|
||
|
2408904B000
|
heap
|
page read and write
|
||
|
1E34EC7E000
|
heap
|
page read and write
|
||
|
29038ADE000
|
trusted library allocation
|
page read and write
|
||
|
2922B871000
|
heap
|
page read and write
|
||
|
DA2337A000
|
stack
|
page read and write
|
||
|
23BF0ED7000
|
heap
|
page read and write
|
||
|
2922B900000
|
heap
|
page read and write
|
||
|
24089056000
|
heap
|
page read and write
|
||
|
29038C30000
|
remote allocation
|
page read and write
|
||
|
14C9BB77000
|
heap
|
page read and write
|
||
|
1E34EC61000
|
heap
|
page read and write
|
||
|
14C9BB79000
|
heap
|
page read and write
|
||
|
7142AFE000
|
stack
|
page read and write
|
||
|
26369874000
|
heap
|
page read and write
|
||
|
1EF36205000
|
heap
|
page read and write
|
||
|
3FE5CF8000
|
stack
|
page read and write
|
||
|
863A0CC000
|
stack
|
page read and write
|
||
|
2380E157000
|
heap
|
page read and write
|
||
|
14C9BB81000
|
heap
|
page read and write
|
||
|
3FE56FE000
|
stack
|
page read and write
|
||
|
14C9BB88000
|
heap
|
page read and write
|
||
|
3547000
|
heap
|
page read and write
|
||
|
1DC71829000
|
heap
|
page read and write
|
||
|
180030000
|
direct allocation
|
page readonly
|
||
|
14C9BB99000
|
heap
|
page read and write
|
||
|
2380E12B000
|
heap
|
page read and write
|
||
|
863A1CF000
|
stack
|
page read and write
|
||
|
2636987A000
|
heap
|
page read and write
|
||
|
12C0000
|
heap
|
page readonly
|
||
|
14C9C000000
|
heap
|
page read and write
|
||
|
1DC71902000
|
heap
|
page read and write
|
||
|
3546000
|
heap
|
page read and write
|
||
|
29038C20000
|
trusted library allocation
|
page read and write
|
||
|
2C20000
|
heap
|
page read and write
|
||
|
7CBB77C000
|
stack
|
page read and write
|
||
|
29033DE0000
|
trusted library allocation
|
page read and write
|
||
|
26369620000
|
heap
|
page read and write
|
||
|
24089067000
|
heap
|
page read and write
|
||
|
57ECF7E000
|
stack
|
page read and write
|
||
|
1FB1ADA0000
|
remote allocation
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
7A7687E000
|
stack
|
page read and write
|
||
|
24088D90000
|
heap
|
page read and write
|
||
|
114C000
|
heap
|
page read and write
|
||
|
14C9BBB2000
|
heap
|
page read and write
|
||
|
1E8B53F0000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
1EF36150000
|
remote allocation
|
page read and write
|
||
|
14C9BB8A000
|
heap
|
page read and write
|
||
|
29033613000
|
heap
|
page read and write
|
||
|
2922B84D000
|
heap
|
page read and write
|
||
|
23BF0EE3000
|
heap
|
page read and write
|
||
|
29033470000
|
heap
|
page read and write
|
||
|
23BF0E40000
|
heap
|
page read and write
|
||
|
A61047F000
|
stack
|
page read and write
|
||
|
24089000000
|
heap
|
page read and write
|
||
|
1DAD486A000
|
heap
|
page read and write
|
||
|
2408904D000
|
heap
|
page read and write
|
||
|
14C9BB88000
|
heap
|
page read and write
|
||
|
29033E15000
|
heap
|
page read and write
|
||
|
7FFC66BB2000
|
unkown
|
page readonly
|
||
|
3520000
|
heap
|
page read and write
|
||
|
3FE58FA000
|
stack
|
page read and write
|
||
|
1E862B12000
|
heap
|
page read and write
|
||
|
23BF4223000
|
heap
|
page read and write
|
||
|
1DAD4913000
|
heap
|
page read and write
|
||
|
7FFC66B91000
|
unkown
|
page execute read
|
||
|
14C9B2EB000
|
heap
|
page read and write
|
||
|
1E34ED08000
|
heap
|
page read and write
|
||
|
14FC9410000
|
trusted library allocation
|
page read and write
|
||
|
29038EDB000
|
heap
|
page read and write
|
||
|
1EF35F40000
|
heap
|
page read and write
|
||
|
25B89950000
|
heap
|
page read and write
|
||
|
2380E143000
|
heap
|
page read and write
|
||
|
1E862264000
|
heap
|
page read and write
|
||
|
24089044000
|
heap
|
page read and write
|
||
|
1E8B52F0000
|
heap
|
page readonly
|
||
|
1EF35E00000
|
heap
|
page read and write
|
||
|
14C9C002000
|
heap
|
page read and write
|
||
|
3FE59F7000
|
stack
|
page read and write
|
||
|
B5B567C000
|
stack
|
page read and write
|
||
|
14C9C019000
|
heap
|
page read and write
|
||
|
3403000
|
heap
|
page read and write
|
||
|
1EF35FB0000
|
heap
|
page read and write
|
||
|
341F000
|
heap
|
page read and write
|
||
|
1DAD4802000
|
heap
|
page read and write
|
||
|
2408907D000
|
heap
|
page read and write
|
||
|
DA238FC000
|
stack
|
page read and write
|
||
|
29038EFA000
|
heap
|
page read and write
|
||
|
180030000
|
direct allocation
|
page readonly
|
||
|
7FFC66BBF000
|
unkown
|
page readonly
|
||
|
1E34ED13000
|
heap
|
page read and write
|
||
|
29038E20000
|
heap
|
page read and write
|
||
|
1E34EC63000
|
heap
|
page read and write
|
||
|
14C9B253000
|
heap
|
page read and write
|
||
|
1EF35FB8000
|
heap
|
page read and write
|
||
|
2903363D000
|
heap
|
page read and write
|
||
|
14C9B229000
|
heap
|
page read and write
|
||
|
26369690000
|
heap
|
page read and write
|
||
|
14C9BBAC000
|
heap
|
page read and write
|
||
|
1DC71890000
|
heap
|
page read and write
|
||
|
14C9BA02000
|
heap
|
page read and write
|
||
|
14C9BB8F000
|
heap
|
page read and write
|
||
|
1E8B52B0000
|
direct allocation
|
page execute and read and write
|
||
|
1E8B3840000
|
heap
|
page read and write
|
||
|
24089102000
|
heap
|
page read and write
|
||
|
1EF36150000
|
remote allocation
|
page read and write
|
||
|
1DC72002000
|
trusted library allocation
|
page read and write
|
||
|
29038AF0000
|
trusted library allocation
|
page read and write
|
||
|
14C9C002000
|
heap
|
page read and write
|
||
|
2380E030000
|
heap
|
page read and write
|
||
|
23BF0EE3000
|
heap
|
page read and write
|
||
|
1DAD4800000
|
heap
|
page read and write
|
||
|
29038AD0000
|
trusted library allocation
|
page read and write
|
||
|
2D9C000
|
stack
|
page read and write
|
||
|
1E34ED00000
|
heap
|
page read and write
|
||
|
57ED17F000
|
stack
|
page read and write
|
||
|
2380E13E000
|
heap
|
page read and write
|
||
|
24088E00000
|
heap
|
page read and write
|
||
|
496D87E000
|
stack
|
page read and write
|
||
|
14C9BB96000
|
heap
|
page read and write
|
||
|
3500000
|
heap
|
page read and write
|
||
|
29033675000
|
heap
|
page read and write
|
||
|
14C9BB8D000
|
heap
|
page read and write
|
||
|
1FB1AE00000
|
heap
|
page read and write
|
||
|
2636983D000
|
heap
|
page read and write
|
||
|
496D58E000
|
stack
|
page read and write
|
||
|
1E8B3A80000
|
heap
|
page read and write
|
||
|
14FC8C40000
|
trusted library allocation
|
page read and write
|
||
|
DA23178000
|
stack
|
page read and write
|
||
|
2408902A000
|
heap
|
page read and write
|
||
|
2922B908000
|
heap
|
page read and write
|
||
|
25B89937000
|
heap
|
page read and write
|
||
|
EC7777F000
|
stack
|
page read and write
|
||
|
29038BE0000
|
trusted library allocation
|
page read and write
|
||
|
7A76A7F000
|
stack
|
page read and write
|
||
|
14C9B2C3000
|
heap
|
page read and write
|
||
|
25B896D0000
|
heap
|
page read and write
|
||
|
29038AF1000
|
trusted library allocation
|
page read and write
|
||
|
2380E130000
|
heap
|
page read and write
|
||
|
7FFC66BBF000
|
unkown
|
page readonly
|
||
|
29033629000
|
heap
|
page read and write
|
||
|
DA22DAF000
|
stack
|
page read and write
|
||
|
23BF0EE3000
|
heap
|
page read and write
|
||
|
14FC8C70000
|
trusted library allocation
|
page read and write
|
||
|
14C9BB89000
|
heap
|
page read and write
|
||
|
29038EFE000
|
heap
|
page read and write
|
||
|
7CBBFFE000
|
stack
|
page read and write
|
||
|
25B89800000
|
heap
|
page read and write
|
||
|
7FFC66B91000
|
unkown
|
page execute read
|
||
|
B30C579000
|
stack
|
page read and write
|
||
|
7CBBCFD000
|
stack
|
page read and write
|
||
|
14C9BB79000
|
heap
|
page read and write
|
||
|
2636987C000
|
heap
|
page read and write
|
||
|
29038D30000
|
trusted library allocation
|
page read and write
|
||
|
EC776FB000
|
stack
|
page read and write
|
||
|
24089030000
|
heap
|
page read and write
|
||
|
26369863000
|
heap
|
page read and write
|
||
|
14FC9420000
|
trusted library allocation
|
page read and write
|
||
|
29038D10000
|
trusted library allocation
|
page read and write
|
||
|
A61017C000
|
stack
|
page read and write
|
||
|
1EF360B0000
|
direct allocation
|
page execute and read and write
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
340E000
|
heap
|
page read and write
|
||
|
1EF35FB8000
|
heap
|
page read and write
|
||
|
F20000
|
heap
|
page readonly
|
||
|
14FC8C60000
|
heap
|
page read and write
|
||
|
24088FD0000
|
trusted library allocation
|
page read and write
|
||
|
13CC3CB000
|
stack
|
page read and write
|
||
|
14C9B2AB000
|
heap
|
page read and write
|
||
|
14C9B2A4000
|
heap
|
page read and write
|
||
|
DBB000
|
heap
|
page read and write
|
||
|
7FFC66BBF000
|
unkown
|
page readonly
|
||
|
326E000
|
stack
|
page read and write
|
||
|
107A000
|
stack
|
page read and write
|
||
|
7FFC66B90000
|
unkown
|
page readonly
|
||
|
7FFC66B91000
|
unkown
|
page execute read
|
||
|
7A7647D000
|
stack
|
page read and write
|
||
|
24089069000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
25B8994B000
|
heap
|
page read and write
|
||
|
1FB1AC00000
|
heap
|
page read and write
|
||
|
24089049000
|
heap
|
page read and write
|
||
|
3403000
|
heap
|
page read and write
|
||
|
1E862286000
|
heap
|
page read and write
|
||
|
29033DD0000
|
trusted library allocation
|
page read and write
|
||
|
A6101FF000
|
stack
|
page read and write
|
||
|
57EC9FB000
|
stack
|
page read and write
|
||
|
EC773DF000
|
stack
|
page read and write
|
||
|
14C9BBA8000
|
heap
|
page read and write
|
||
|
14C9BB80000
|
heap
|
page read and write
|
||
|
4D9BAFB000
|
stack
|
page read and write
|
||
|
23BF10BB000
|
heap
|
page read and write
|
||
|
1DC717D0000
|
heap
|
page read and write
|
||
|
1E8B3987000
|
heap
|
page read and write
|
||
|
7FFC66BBF000
|
unkown
|
page readonly
|
||
|
1DAD4790000
|
heap
|
page read and write
|
||
|
1C917A00000
|
heap
|
page read and write
|
||
|
14C9BBA0000
|
heap
|
page read and write
|
||
|
1EF36200000
|
heap
|
page read and write
|
||
|
14C9BB86000
|
heap
|
page read and write
|
||
|
FAE000
|
stack
|
page read and write
|
||
|
E37000
|
heap
|
page read and write
|
||
|
14C9BB75000
|
heap
|
page read and write
|
||
|
14C9C020000
|
heap
|
page read and write
|
||
|
B5B5A7B000
|
stack
|
page read and write
|
||
|
33EF000
|
heap
|
page read and write
|
||
|
13CC87E000
|
stack
|
page read and write
|
||
|
3501000
|
heap
|
page read and write
|
||
|
EC77A7F000
|
stack
|
page read and write
|
||
|
4D9B5CB000
|
stack
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
25B89840000
|
heap
|
page read and write
|
||
|
14C9BB77000
|
heap
|
page read and write
|
||
|
23BF0EDE000
|
heap
|
page read and write
|
||
|
14C9BB7E000
|
heap
|
page read and write
|
||
|
2380E134000
|
heap
|
page read and write
|
||
|
1DAD5002000
|
trusted library allocation
|
page read and write
|
||
|
4D9BE7F000
|
stack
|
page read and write
|
||
|
23810F10000
|
heap
|
page read and write
|
||
|
25B8994A000
|
heap
|
page read and write
|
||
|
29038BA0000
|
trusted library allocation
|
page read and write
|
||
|
2922B913000
|
heap
|
page read and write
|
||
|
14C9BBB9000
|
heap
|
page read and write
|
||
|
1E34EC13000
|
heap
|
page read and write
|
||
|
29033F59000
|
heap
|
page read and write
|
||
|
14C9B213000
|
heap
|
page read and write
|
||
|
14FC8C50000
|
trusted library allocation
|
page read and write
|
||
|
7A7667D000
|
stack
|
page read and write
|
||
|
29038C30000
|
trusted library allocation
|
page read and write
|
||
|
1E8B53F0000
|
heap
|
page read and write
|
||
|
7A761FB000
|
stack
|
page read and write
|
||
|
119C000
|
heap
|
page read and write
|
||
|
14C9BB86000
|
heap
|
page read and write
|
||
|
7FFC66BB2000
|
unkown
|
page readonly
|
||
|
290389C0000
|
trusted library allocation
|
page read and write
|
||
|
1E862B39000
|
heap
|
page read and write
|
||
|
1E8B52B0000
|
direct allocation
|
page execute and read and write
|
||
|
13CCB7F000
|
stack
|
page read and write
|
||
|
2380E435000
|
heap
|
page read and write
|
||
|
7FFC66BBB000
|
unkown
|
page read and write
|
||
|
863A0CC000
|
stack
|
page read and write
|
||
|
1E34EC02000
|
heap
|
page read and write
|
||
|
7CBBA7C000
|
stack
|
page read and write
|
||
|
1DAD4900000
|
heap
|
page read and write
|
||
|
3421000
|
heap
|
page read and write
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
EC772DB000
|
stack
|
page read and write
|
||
|
14C9BB00000
|
heap
|
page read and write
|
||
|
29038B10000
|
trusted library allocation
|
page read and write
|
||
|
1EF361D0000
|
heap
|
page read and write
|
||
|
1EF35F60000
|
heap
|
page read and write
|
||
|
290336FA000
|
heap
|
page read and write
|
||
|
2380E134000
|
heap
|
page read and write
|
||
|
14C9BBB0000
|
heap
|
page read and write
|
||
|
863A0CC000
|
stack
|
page read and write
|
||
|
14C9BB8C000
|
heap
|
page read and write
|
||
|
24089045000
|
heap
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
863A14F000
|
stack
|
page read and write
|
||
|
1E34EB40000
|
heap
|
page read and write
|
||
|
7FFC66B91000
|
unkown
|
page execute read
|
||
|
29033E00000
|
heap
|
page read and write
|
||
|
14C9BB88000
|
heap
|
page read and write
|
||
|
26369800000
|
heap
|
page read and write
|
||
|
2380E43B000
|
heap
|
page read and write
|
||
|
2408902D000
|
heap
|
page read and write
|
||
|
2922B630000
|
heap
|
page read and write
|
||
|
29038EF1000
|
heap
|
page read and write
|
||
|
1DC7184C000
|
heap
|
page read and write
|
||
|
2380E14F000
|
heap
|
page read and write
|
||
|
7FFC66BBB000
|
unkown
|
page read and write
|
||
|
7FFC66B90000
|
unkown
|
page readonly
|
||
|
2922B85E000
|
heap
|
page read and write
|
||
|
3546000
|
heap
|
page read and write
|
||
|
7CBBBFB000
|
stack
|
page read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
24089013000
|
heap
|
page read and write
|
||
|
2380E157000
|
heap
|
page read and write
|
||
|
1E8621C0000
|
trusted library allocation
|
page read and write
|
||
|
1DAD4826000
|
heap
|
page read and write
|
||
|
7FFC66BB2000
|
unkown
|
page readonly
|
||
|
23BF0EDA000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
113F000
|
heap
|
page read and write
|
||
|
290335E1000
|
trusted library allocation
|
page read and write
|
||
|
DA23DFE000
|
stack
|
page read and write
|
||
|
14FC9690000
|
trusted library allocation
|
page read and write
|
||
|
1DAD483F000
|
heap
|
page read and write
|
||
|
3FE5BFE000
|
stack
|
page read and write
|
||
|
29033F13000
|
heap
|
page read and write
|
||
|
33EF000
|
heap
|
page read and write
|
||
|
29038B14000
|
trusted library allocation
|
page read and write
|
||
|
2922B82A000
|
heap
|
page read and write
|
||
|
1EF35F40000
|
heap
|
page read and write
|
||
|
341C000
|
heap
|
page read and write
|
||
|
3397000
|
heap
|
page read and write
|
||
|
E13000
|
heap
|
page read and write
|
||
|
23BF0EEA000
|
heap
|
page read and write
|
||
|
2408902E000
|
heap
|
page read and write
|
||
|
114C000
|
heap
|
page read and write
|
||
|
14FC89BD000
|
heap
|
page read and write
|
||
|
1120000
|
heap
|
page read and write
|
||
|
1DC71908000
|
heap
|
page read and write
|
||
|
14C9B2D5000
|
heap
|
page read and write
|
||
|
14FC8850000
|
heap
|
page read and write
|
||
|
3403000
|
heap
|
page read and write
|
||
|
24089077000
|
heap
|
page read and write
|
||
|
24089066000
|
heap
|
page read and write
|
||
|
FD5000
|
heap
|
page read and write
|
||
|
1E8B3840000
|
unkown
|
page read and write
|
||
|
DF6000
|
heap
|
page read and write
|
||
|
14C9BB99000
|
heap
|
page read and write
|
||
|
1E34EC5D000
|
heap
|
page read and write
|
||
|
23811400000
|
trusted library allocation
|
page read and write
|
||
|
29033DC3000
|
trusted library allocation
|
page read and write
|
||
|
180030000
|
direct allocation
|
page readonly
|
||
|
14C9BB75000
|
heap
|
page read and write
|
||
|
DA2357B000
|
stack
|
page read and write
|
||
|
14C9BB80000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
14C9BB87000
|
heap
|
page read and write
|
||
|
1EF36200000
|
heap
|
page read and write
|
||
|
1E34EB70000
|
trusted library allocation
|
page read and write
|
||
|
1DC71854000
|
heap
|
page read and write
|
||
|
25B8991B000
|
heap
|
page read and write
|
||
|
1EF37B50000
|
heap
|
page read and write
|
||
|
14C9BB99000
|
heap
|
page read and write
|
||
|
1E8622C7000
|
heap
|
page read and write
|
||
|
14FC89B5000
|
heap
|
page read and write
|
||
|
29033702000
|
heap
|
page read and write
|
||
|
29038EFC000
|
heap
|
page read and write
|
||
|
23BF0EE4000
|
heap
|
page read and write
|
||
|
29033570000
|
trusted library allocation
|
page read and write
|
||
|
25B89835000
|
heap
|
page read and write
|
||
|
14FC8C65000
|
heap
|
page read and write
|
||
|
7FFC66B90000
|
unkown
|
page readonly
|
||
|
C76000
|
stack
|
page read and write
|
||
|
29038E00000
|
heap
|
page read and write
|
||
|
1E86223F000
|
heap
|
page read and write
|
||
|
14C9C002000
|
heap
|
page read and write
|
||
|
14C9BB92000
|
heap
|
page read and write
|
||
|
4D9BD7F000
|
stack
|
page read and write
|
||
|
3FE5D7E000
|
stack
|
page read and write
|
||
|
33B7000
|
heap
|
page read and write
|
||
|
1E8B3987000
|
heap
|
page read and write
|
||
|
14C9C002000
|
heap
|
page read and write
|
||
|
29033702000
|
heap
|
page read and write
|
||
|
4AE32FE000
|
stack
|
page read and write
|
||
|
2636A002000
|
trusted library allocation
|
page read and write
|
||
|
14C9BB7B000
|
heap
|
page read and write
|
||
|
10F1000
|
heap
|
page read and write
|
||
|
180030000
|
direct allocation
|
page readonly
|
||
|
14C9BB7E000
|
heap
|
page read and write
|
||
|
1EF35F60000
|
heap
|
page read and write
|
||
|
14C9BB8C000
|
heap
|
page read and write
|
||
|
14C9BBB0000
|
heap
|
page read and write
|
||
|
290336A9000
|
heap
|
page read and write
|
||
|
26369863000
|
heap
|
page read and write
|
||
|
23BF0EE0000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
14C9BBAC000
|
heap
|
page read and write
|
||
|
2C00000
|
remote allocation
|
page read and write
|
||
|
24089063000
|
heap
|
page read and write
|
||
|
1E8622E3000
|
heap
|
page read and write
|
||
|
1E34EC5F000
|
heap
|
page read and write
|
||
|
1E8B5420000
|
remote allocation
|
page read and write
|
||
|
358E000
|
heap
|
page read and write
|
||
|
29038F02000
|
heap
|
page read and write
|
||
|
7FFC66BBB000
|
unkown
|
page read and write
|
||
|
1E34EC3C000
|
heap
|
page read and write
|
||
|
13CC77C000
|
stack
|
page read and write
|
||
|
25B89934000
|
heap
|
page read and write
|
||
|
D89C79000
|
stack
|
page read and write
|
||
|
33DD000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
14C9B2E8000
|
heap
|
page read and write
|
||
|
23BF40F0000
|
heap
|
page read and write
|
||
|
14C9B200000
|
heap
|
page read and write
|
||
|
14C9BB86000
|
heap
|
page read and write
|
||
|
10B8000
|
heap
|
page read and write
|
||
|
29033688000
|
heap
|
page read and write
|
||
|
2380E13E000
|
heap
|
page read and write
|
||
|
24089046000
|
heap
|
page read and write
|
||
|
1DC71F30000
|
trusted library allocation
|
page read and write
|
||
|
24089062000
|
heap
|
page read and write
|
||
|
ED0000
|
direct allocation
|
page execute and read and write
|
||
|
7A7677F000
|
stack
|
page read and write
|
||
|
1E34F402000
|
trusted library allocation
|
page read and write
|
||
|
2FEF000
|
stack
|
page read and write
|
||
|
25B89955000
|
heap
|
page read and write
|
||
|
1E8B52A0000
|
heap
|
page read and write
|
||
|
1DAD4780000
|
heap
|
page read and write
|
||
|
4AE307E000
|
stack
|
page read and write
|
||
|
14C9BB54000
|
heap
|
page read and write
|
||
|
14FC8720000
|
trusted library allocation
|
page read and write
|
||
|
14C9BB88000
|
heap
|
page read and write
|
||
|
12E0000
|
heap
|
page read and write
|
||
|
4AE2D3B000
|
stack
|
page read and write
|
||
|
1DAD4F50000
|
trusted library allocation
|
page read and write
|
||
|
24089060000
|
heap
|
page read and write
|
||
|
1EF361D0000
|
heap
|
page read and write
|
||
|
1FB1AF02000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
7FFC66BBF000
|
unkown
|
page readonly
|
||
|
18002F000
|
direct allocation
|
page read and write
|
||
|
B30C4F8000
|
stack
|
page read and write
|
||
|
1E8B3987000
|
heap
|
page read and write
|
||
|
14FC89BD000
|
heap
|
page read and write
|
||
|
14C9BB7B000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
1FB1AE02000
|
heap
|
page read and write
|
||
|
26369902000
|
heap
|
page read and write
|
||
|
2C00000
|
remote allocation
|
page read and write
|
||
|
1DAD4902000
|
heap
|
page read and write
|
||
|
1E8B3980000
|
heap
|
page read and write
|
||
|
2922B85E000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
1E8B3AE0000
|
heap
|
page read and write
|
||
|
1FB1AE13000
|
heap
|
page read and write
|
||
|
25B89940000
|
heap
|
page read and write
|
||
|
29033F02000
|
heap
|
page read and write
|
||
|
14C9BB65000
|
heap
|
page read and write
|
||
|
12E5000
|
heap
|
page read and write
|
||
|
29038E86000
|
heap
|
page read and write
|
||
|
1EF360B0000
|
direct allocation
|
page execute and read and write
|
||
|
1E34EC5A000
|
heap
|
page read and write
|
||
|
863A1CF000
|
stack
|
page read and write
|
||
|
1E34EC52000
|
heap
|
page read and write
|
||
|
14C9BB85000
|
heap
|
page read and write
|
||
|
2C00000
|
remote allocation
|
page read and write
|
||
|
1DC71848000
|
heap
|
page read and write
|
||
|
14C9BB95000
|
heap
|
page read and write
|
||
|
1C917A0D000
|
heap
|
page read and write
|
||
|
14FC8870000
|
heap
|
page read and write
|
||
|
1120000
|
heap
|
page read and write
|
||
|
14C9BB7E000
|
heap
|
page read and write
|
||
|
26369802000
|
heap
|
page read and write
|
||
|
1EF35F40000
|
heap
|
page read and write
|
||
|
B5B5C7C000
|
stack
|
page read and write
|
||
|
23BF0C70000
|
heap
|
page read and write
|
||
|
29038BA0000
|
trusted library allocation
|
page read and write
|
||
|
DA22D2B000
|
stack
|
page read and write
|
||
|
14C9B308000
|
heap
|
page read and write
|
||
|
A61017C000
|
stack
|
page read and write
|
||
|
24089050000
|
heap
|
page read and write
|
||
|
29038B00000
|
trusted library allocation
|
page read and write
|
||
|
1FB1ADA0000
|
remote allocation
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page readonly
|
||
|
24089040000
|
heap
|
page read and write
|
||
|
14C9B940000
|
remote allocation
|
page read and write
|
||
|
1EF360B0000
|
direct allocation
|
page execute and read and write
|
||
|
1E8B53F0000
|
heap
|
page read and write
|
||
|
24089074000
|
heap
|
page read and write
|
||
|
29033707000
|
heap
|
page read and write
|
||
|
14FC8981000
|
heap
|
page read and write
|
||
|
23811C00000
|
heap
|
page read and write
|
||
|
14FC8710000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
2940000
|
heap
|
page read and write
|
||
|
14C9BB84000
|
heap
|
page read and write
|
||
|
14C9BB84000
|
heap
|
page read and write
|
||
|
B30C16A000
|
stack
|
page read and write
|
||
|
26369829000
|
heap
|
page read and write
|
||
|
26369630000
|
heap
|
page read and write
|
||
|
1E8620C0000
|
heap
|
page read and write
|
||
|
14C9B0B0000
|
heap
|
page read and write
|
||
|
1E8B52B0000
|
direct allocation
|
page execute and read and write
|
||
|
1E8B3A80000
|
heap
|
page read and write
|
||
|
14C9BB88000
|
heap
|
page read and write
|
||
|
D89BFF000
|
stack
|
page read and write
|
||
|
1E8B5420000
|
remote allocation
|
page read and write
|
||
|
1C917BD0000
|
heap
|
page read and write
|
||
|
1FB1AE29000
|
heap
|
page read and write
|
||
|
1196000
|
heap
|
page read and write
|
||
|
DA23AFD000
|
stack
|
page read and write
|
||
|
14C9B880000
|
trusted library allocation
|
page read and write
|
||
|
29033678000
|
heap
|
page read and write
|
||
|
1E8B52A0000
|
heap
|
page read and write
|
||
|
3371000
|
heap
|
page read and write
|
||
|
7142BFE000
|
stack
|
page read and write
|
||
|
14C9BB85000
|
heap
|
page read and write
|
||
|
14FC8C69000
|
heap
|
page read and write
|
||
|
14C9BBD7000
|
heap
|
page read and write
|
||
|
2922B84C000
|
heap
|
page read and write
|
||
|
1EF35FB0000
|
heap
|
page read and write
|
||
|
14FC89BD000
|
heap
|
page read and write
|
||
|
29038E4A000
|
heap
|
page read and write
|
||
|
7CBBDFE000
|
stack
|
page read and write
|
||
|
14C9B0C0000
|
heap
|
page read and write
|
||
|
25B89926000
|
heap
|
page read and write
|
||
|
2380E0A0000
|
heap
|
page read and write
|
||
|
2922B84F000
|
heap
|
page read and write
|
||
|
113F000
|
heap
|
page read and write
|
||
|
3458000
|
heap
|
page read and write
|
||
|
29033F58000
|
heap
|
page read and write
|
||
|
14C9BB80000
|
heap
|
page read and write
|
||
|
24089032000
|
heap
|
page read and write
|
||
|
1E8622E9000
|
heap
|
page read and write
|
||
|
14C9B27E000
|
heap
|
page read and write
|
||
|
14C9B120000
|
heap
|
page read and write
|
||
|
14FC8979000
|
heap
|
page read and write
|
||
|
7FFC66B91000
|
unkown
|
page execute read
|
||
|
29038E62000
|
heap
|
page read and write
|
||
|
2922B902000
|
heap
|
page read and write
|
||
|
57ECCFE000
|
stack
|
page read and write
|
||
|
2380E12B000
|
heap
|
page read and write
|
||
|
863A14F000
|
stack
|
page read and write
|
||
|
7A76B7F000
|
stack
|
page read and write
|
||
|
14FC9680000
|
trusted library allocation
|
page read and write
|
||
|
14C9B940000
|
remote allocation
|
page read and write
|
||
|
29038F04000
|
heap
|
page read and write
|
||
|
1E8B3AA0000
|
heap
|
page read and write
|
||
|
24089061000
|
heap
|
page read and write
|
||
|
1E8622CA000
|
heap
|
page read and write
|
||
|
1E8B3980000
|
heap
|
page read and write
|
||
|
7FFC66BBB000
|
unkown
|
page read and write
|
||
|
7FFC66B90000
|
unkown
|
page readonly
|
||
|
2408903D000
|
heap
|
page read and write
|
||
|
1E34ED02000
|
heap
|
page read and write
|
||
|
7FFC66BBB000
|
unkown
|
page read and write
|
||
|
25B89921000
|
heap
|
page read and write
|
||
|
1E862050000
|
heap
|
page read and write
|
||
|
14C9BB8D000
|
heap
|
page read and write
|
||
|
1280000
|
direct allocation
|
page execute and read and write
|
||
|
3411000
|
heap
|
page read and write
|
||
|
2D1E000
|
stack
|
page read and write
|
||
|
7A7637F000
|
stack
|
page read and write
|
||
|
25B89926000
|
heap
|
page read and write
|
||
|
336E000
|
stack
|
page read and write
|
||
|
29038C10000
|
trusted library allocation
|
page read and write
|
||
|
290336FA000
|
heap
|
page read and write
|
||
|
24089602000
|
trusted library allocation
|
page read and write
|
||
|
29033600000
|
heap
|
page read and write
|
||
|
2380E12F000
|
heap
|
page read and write
|
||
|
14C9BB8E000
|
heap
|
page read and write
|
||
|
13CC8FE000
|
stack
|
page read and write
|
||
|
14C9BB9F000
|
heap
|
page read and write
|
||
|
14C9B2CA000
|
heap
|
page read and write
|
||
|
29034980000
|
trusted library allocation
|
page read and write
|
||
|
1E34EAE0000
|
heap
|
page read and write
|
||
|
13CCAFD000
|
stack
|
page read and write
|
||
|
2903366E000
|
heap
|
page read and write
|
||
|
23BF0EC9000
|
heap
|
page read and write
|
||
|
7A75D8C000
|
stack
|
page read and write
|
||
|
1DC7183C000
|
heap
|
page read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
1DC71881000
|
heap
|
page read and write
|
||
|
29038EA7000
|
heap
|
page read and write
|
||
|
EC77977000
|
stack
|
page read and write
|
||
|
2922B849000
|
heap
|
page read and write
|
||
|
24088DA0000
|
heap
|
page read and write
|
||
|
B5B597B000
|
stack
|
page read and write
|
||
|
1EF36205000
|
heap
|
page read and write
|
||
|
2BD0000
|
trusted library allocation
|
page read and write
|
||
|
1FB1AE24000
|
heap
|
page read and write
|
||
|
8152AFD000
|
stack
|
page read and write
|
||
|
14C9B255000
|
heap
|
page read and write
|
||
|
1E862060000
|
heap
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page read and write
|
||
|
23BF0EE7000
|
heap
|
page read and write
|
||
|
29038EAA000
|
heap
|
page read and write
|
||
|
14FC9670000
|
heap
|
page readonly
|
||
|
2922B640000
|
heap
|
page read and write
|
||
|
1EF37B50000
|
heap
|
page read and write
|
||
|
1DC71913000
|
heap
|
page read and write
|
||
|
29033673000
|
heap
|
page read and write
|
||
|
23BF10B0000
|
heap
|
page read and write
|
||
|
1FB1AE5E000
|
heap
|
page read and write
|
||
|
340E000
|
heap
|
page read and write
|
||
|
14C9BB23000
|
heap
|
page read and write
|
||
|
2903368F000
|
heap
|
page read and write
|
||
|
2380E11E000
|
heap
|
page read and write
|
||
|
14C9C003000
|
heap
|
page read and write
|
||
|
A61047F000
|
stack
|
page read and write
|
||
|
3370000
|
heap
|
page read and write
|
||
|
29038EF7000
|
heap
|
page read and write
|
||
|
1E8B3AE5000
|
heap
|
page read and write
|
||
|
7FFC66BB2000
|
unkown
|
page readonly
|
||
|
14C9B2B7000
|
heap
|
page read and write
|
||
|
25B89957000
|
heap
|
page read and write
|
||
|
29038BA0000
|
trusted library allocation
|
page read and write
|
||
|
3FE567E000
|
stack
|
page read and write
|
||
|
14C9C002000
|
heap
|
page read and write
|
||
|
2408903A000
|
heap
|
page read and write
|
||
|
57ECC7E000
|
stack
|
page read and write
|
||
|
29038AD0000
|
trusted library allocation
|
page read and write
|
||
|
14C9BB77000
|
heap
|
page read and write
|
||
|
180030000
|
direct allocation
|
page readonly
|
||
|
29033E02000
|
heap
|
page read and write
|
||
|
342F000
|
heap
|
page read and write
|
||
|
14C9BB73000
|
heap
|
page read and write
|
||
|
14C9BBC1000
|
heap
|
page read and write
|
||
|
2380E0C0000
|
heap
|
page read and write
|
||
|
1E862B00000
|
heap
|
page read and write
|
||
|
7FFC66B90000
|
unkown
|
page readonly
|
||
|
29038E3D000
|
heap
|
page read and write
|
||
|
25B89936000
|
heap
|
page read and write
|
||
|
24089041000
|
heap
|
page read and write
|
||
|
1E34EC29000
|
heap
|
page read and write
|
||
|
14C9BB8E000
|
heap
|
page read and write
|
||
|
1E862313000
|
heap
|
page read and write
|
||
|
1FB1AC70000
|
heap
|
page read and write
|
||
|
1E8622E0000
|
heap
|
page read and write
|
||
|
2922C002000
|
trusted library allocation
|
page read and write
|
||
|
1E862A02000
|
heap
|
page read and write
|
||
|
1E8B3AE5000
|
heap
|
page read and write
|
||
|
30EB000
|
stack
|
page read and write
|
||
|
29038C00000
|
trusted library allocation
|
page read and write
|
||
|
4D9B9FC000
|
stack
|
page read and write
|
||
|
2922B877000
|
heap
|
page read and write
|
||
|
340E000
|
heap
|
page read and write
|
||
|
7FFC66BB2000
|
unkown
|
page readonly
|
||
|
14C9B271000
|
heap
|
page read and write
|
||
|
25B89952000
|
heap
|
page read and write
|
||
|
D89AF9000
|
stack
|
page read and write
|
||
|
7FFC66BBF000
|
unkown
|
page readonly
|
||
|
2922B6A0000
|
heap
|
page read and write
|
||
|
14C9BB7E000
|
heap
|
page read and write
|
||
|
2408907B000
|
heap
|
page read and write
|
||
|
14C9B316000
|
heap
|
page read and write
|
||
|
1E862266000
|
heap
|
page read and write
|
||
|
29038AF4000
|
trusted library allocation
|
page read and write
|
||
|
14C9B24C000
|
heap
|
page read and write
|
||
|
340F000
|
heap
|
page read and write
|
||
|
14C9BB8A000
|
heap
|
page read and write
|
||
|
2408907A000
|
heap
|
page read and write
|
||
|
14C9BB88000
|
heap
|
page read and write
|
||
|
14C9BB4B000
|
heap
|
page read and write
|
||
|
1E8B3980000
|
heap
|
page read and write
|
||
|
14C9BB73000
|
heap
|
page read and write
|
||
|
7FFC66BBB000
|
unkown
|
page read and write
|
||
|
A6101FF000
|
stack
|
page read and write
|
||
|
2B40000
|
heap
|
page read and write
|
||
|
2922B800000
|
heap
|
page read and write
|
||
|
1E8B52A0000
|
heap
|
page read and write
|
||
|
57ED27F000
|
stack
|
page read and write
|
||
|
14C9BBAA000
|
heap
|
page read and write
|
||
|
1EF35FB8000
|
heap
|
page read and write
|
||
|
25B89932000
|
heap
|
page read and write
|
||
|
14C9BB83000
|
heap
|
page read and write
|
||
|
57ED077000
|
stack
|
page read and write
|
||
|
2922B884000
|
heap
|
page read and write
|
||
|
23BF4230000
|
trusted library allocation
|
page read and write
|
||
|
25B89955000
|
heap
|
page read and write
|
||
|
B5B5B7E000
|
stack
|
page read and write
|
||
|
1DC71813000
|
heap
|
page read and write
|
||
|
14C9B252000
|
heap
|
page read and write
|
||
|
4D9B8FE000
|
stack
|
page read and write
|
||
|
D50000
|
heap
|
page read and write
|
||
|
1E34EC89000
|
heap
|
page read and write
|
||
|
DA23BFA000
|
stack
|
page read and write
|
||
|
DF8000
|
heap
|
page read and write
|
||
|
2B10000
|
trusted library allocation
|
page read and write
|
||
|
1FB1AE3D000
|
heap
|
page read and write
|
||
|
1E86226D000
|
heap
|
page read and write
|
||
|
14C9B24A000
|
heap
|
page read and write
|
||
|
2380E117000
|
heap
|
page read and write
|
||
|
7CBB8FF000
|
stack
|
page read and write
|
||
|
29038EE0000
|
heap
|
page read and write
|
||
|
2408907E000
|
heap
|
page read and write
|
||
|
2922B848000
|
heap
|
page read and write
|
||
|
496D50B000
|
stack
|
page read and write
|
||
|
4D9BC77000
|
stack
|
page read and write
|
||
|
14C9BB84000
|
heap
|
page read and write
|
There are 913 hidden memdumps, click here to show them.