Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
pzG0rkIchr.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_pzG_206411b7d18c8b51ef308e99261d801f59953bc0_4f0e5919_15ebd55f\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_pzG_738eef979a666465c6051ddd5fef4b7e70c91a_4f0e5919_15905d59\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER148A.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1BBF.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCC66.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu Nov 24 13:31:29 2022, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCF55.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD021.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDC43.tmp.dmp
|
Mini DuMP crash report, 15 streams, Thu Nov 24 13:31:09 2022, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_pzG_5df03237c245e7792ae728ba7af47d1bed8c47f7_4f0e5919_16399239\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_pzG_f6b0ff3966a3d6c74191edf638977ebb42334d7_4f0e5919_156d919c\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8047.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu Nov 24 04:19:45 2022, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER80D3.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu Nov 24 04:19:46 2022, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER848E.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8588.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8589.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8683.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
There are 7 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll64.exe
|
loaddll64.exe "C:\Users\user\Desktop\pzG0rkIchr.dll"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
regsvr32.exe /s C:\Users\user\Desktop\pzG0rkIchr.dll
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\pzG0rkIchr.dll",#1
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\pzG0rkIchr.dll,DllRegisterServer
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\pzG0rkIchr.dll,ItsnPq5v
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\pzG0rkIchr.dll,QlqYo259k
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\pzG0rkIchr.dll",#1
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 6044 -s 276
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 6136 -s 304
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 6136 -s 304
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 2100 -s 304
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 1308 -s 304
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 2100 -s 304
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 1308 -s 304
|
There are 5 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://gigimas.xyz
|
unknown
|
|
|
|
https://gigimas.xyz/index.html9Pu/Jl
|
unknown
|
|
|
|
https://gigimas.xyz/index.html5F
|
unknown
|
|
|
|
https://gigimas.xyz/index.html
|
unknown
|
|
|
|
https://gigimas.xyz/index.htmlT
|
unknown
|
|
|
|
https://gigimas.xyzhttps://reaso.xyz
|
unknown
|
|
|
|
https://gigimas.xyz/index.htmlm
|
unknown
|
|
|
|
https://gigimas.xyz/
|
unknown
|
|
|
|
https://gigimas.xyz:443/index.htmlY_
|
unknown
|
|
|
|
https://gigimas.xyz:443/index.html
|
unknown
|
|
|
|
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
|
unknown
|
||
|
https://sectigo.com/CPS0
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
|
unknown
|
||
|
http://ocsp.sectigo.com0
|
unknown
|
||
|
https://http://Mozilla/5.0
|
unknown
|
||
|
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
|
unknown
|
||
|
https://reaso.xyz
|
unknown
|
||
|
https://gigimas.xyz/index.html)I6
|
unknown
|
||
|
https://gigimas.xyz/92
|
unknown
|
||
|
https://gigimas.xyz/index.htmlr
|
unknown
|
||
|
https://gigimas.xyz/ic
|
unknown
|
||
|
https://gigimas.xyz/index.htmluH
|
unknown
|
||
|
https://gigimas.xyz/index.htmll
|
unknown
|
There are 16 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
gigimas.xyz
|
185.250.148.35
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.250.148.35
|
gigimas.xyz
|
Russian Federation
|
|
|
|
192.168.2.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{5a15be30-4994-9ade-150c-a3ec62400022}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProgramId
|
||
|
\REGISTRY\A\{5a15be30-4994-9ade-150c-a3ec62400022}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
FileId
|
||
|
\REGISTRY\A\{5a15be30-4994-9ade-150c-a3ec62400022}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{5a15be30-4994-9ade-150c-a3ec62400022}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LongPathHash
|
||
|
\REGISTRY\A\{5a15be30-4994-9ade-150c-a3ec62400022}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Name
|
||
|
\REGISTRY\A\{5a15be30-4994-9ade-150c-a3ec62400022}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Publisher
|
||
|
\REGISTRY\A\{5a15be30-4994-9ade-150c-a3ec62400022}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Version
|
||
|
\REGISTRY\A\{5a15be30-4994-9ade-150c-a3ec62400022}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinFileVersion
|
||
|
\REGISTRY\A\{5a15be30-4994-9ade-150c-a3ec62400022}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinaryType
|
||
|
\REGISTRY\A\{5a15be30-4994-9ade-150c-a3ec62400022}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductName
|
||
|
\REGISTRY\A\{5a15be30-4994-9ade-150c-a3ec62400022}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductVersion
|
||
|
\REGISTRY\A\{5a15be30-4994-9ade-150c-a3ec62400022}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LinkDate
|
||
|
\REGISTRY\A\{5a15be30-4994-9ade-150c-a3ec62400022}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinProductVersion
|
||
|
\REGISTRY\A\{5a15be30-4994-9ade-150c-a3ec62400022}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Size
|
||
|
\REGISTRY\A\{5a15be30-4994-9ade-150c-a3ec62400022}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Language
|
||
|
\REGISTRY\A\{5a15be30-4994-9ade-150c-a3ec62400022}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsPeFile
|
||
|
\REGISTRY\A\{5a15be30-4994-9ade-150c-a3ec62400022}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsOsComponent
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
00188008FC895625
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
00188008FC895625
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
\REGISTRY\A\{a8654e0f-a976-e283-25ad-ac4613afc19f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProgramId
|
||
|
\REGISTRY\A\{a8654e0f-a976-e283-25ad-ac4613afc19f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
FileId
|
||
|
\REGISTRY\A\{a8654e0f-a976-e283-25ad-ac4613afc19f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{a8654e0f-a976-e283-25ad-ac4613afc19f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LongPathHash
|
||
|
\REGISTRY\A\{a8654e0f-a976-e283-25ad-ac4613afc19f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Name
|
||
|
\REGISTRY\A\{a8654e0f-a976-e283-25ad-ac4613afc19f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Publisher
|
||
|
\REGISTRY\A\{a8654e0f-a976-e283-25ad-ac4613afc19f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Version
|
||
|
\REGISTRY\A\{a8654e0f-a976-e283-25ad-ac4613afc19f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinFileVersion
|
||
|
\REGISTRY\A\{a8654e0f-a976-e283-25ad-ac4613afc19f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinaryType
|
||
|
\REGISTRY\A\{a8654e0f-a976-e283-25ad-ac4613afc19f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductName
|
||
|
\REGISTRY\A\{a8654e0f-a976-e283-25ad-ac4613afc19f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductVersion
|
||
|
\REGISTRY\A\{a8654e0f-a976-e283-25ad-ac4613afc19f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LinkDate
|
||
|
\REGISTRY\A\{a8654e0f-a976-e283-25ad-ac4613afc19f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinProductVersion
|
||
|
\REGISTRY\A\{a8654e0f-a976-e283-25ad-ac4613afc19f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Size
|
||
|
\REGISTRY\A\{a8654e0f-a976-e283-25ad-ac4613afc19f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Language
|
||
|
\REGISTRY\A\{a8654e0f-a976-e283-25ad-ac4613afc19f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsPeFile
|
||
|
\REGISTRY\A\{a8654e0f-a976-e283-25ad-ac4613afc19f}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsOsComponent
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
00184006417502B9
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
00184006417502B9
|
There are 34 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1EA8D611000
|
heap
|
page read and write
|
||
|
22E737B0000
|
trusted library allocation
|
page read and write
|
||
|
1D9EDA13000
|
heap
|
page read and write
|
||
|
1EA8D3D0000
|
unkown
|
page readonly
|
||
|
7FFC130E0000
|
unkown
|
page readonly
|
||
|
17B358E3000
|
heap
|
page read and write
|
||
|
1EA8F2F8000
|
heap
|
page read and write
|
||
|
1D692A08000
|
heap
|
page read and write
|
||
|
22E7384F000
|
heap
|
page read and write
|
||
|
22E737D0000
|
trusted library allocation
|
page read and write
|
||
|
1BD4463C000
|
heap
|
page read and write
|
||
|
27A6BD30000
|
heap
|
page read and write
|
||
|
1EA8F331000
|
heap
|
page read and write
|
||
|
201A4292000
|
heap
|
page read and write
|
||
|
1EA8FE94000
|
heap
|
page read and write
|
||
|
1BD44657000
|
heap
|
page read and write
|
||
|
20164179000
|
heap
|
page read and write
|
||
|
7F9000
|
heap
|
page read and write
|
||
|
1D9EDA5A000
|
heap
|
page read and write
|
||
|
1EA8F356000
|
heap
|
page read and write
|
||
|
DF487B000
|
stack
|
page read and write
|
||
|
1EA8F33D000
|
heap
|
page read and write
|
||
|
7A9000
|
heap
|
page read and write
|
||
|
1BD44674000
|
heap
|
page read and write
|
||
|
6F556FF000
|
stack
|
page read and write
|
||
|
1EA8F311000
|
heap
|
page read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
DF4E7E000
|
stack
|
page read and write
|
||
|
A10000
|
heap
|
page read and write
|
||
|
1EA8D640000
|
trusted library allocation
|
page read and write
|
||
|
E88312B000
|
stack
|
page read and write
|
||
|
1D692900000
|
heap
|
page read and write
|
||
|
1BD44683000
|
heap
|
page read and write
|
||
|
1BD44665000
|
heap
|
page read and write
|
||
|
7FFC13126000
|
unkown
|
page readonly
|
||
|
27A6BDF0000
|
heap
|
page read and write
|
||
|
21A0000
|
heap
|
page read and write
|
||
|
1EA8D3C0000
|
unkown
|
page readonly
|
||
|
201A28D0000
|
heap
|
page read and write
|
||
|
22E73780000
|
heap
|
page read and write
|
||
|
19D63EF0000
|
heap
|
page read and write
|
||
|
7FFC13126000
|
unkown
|
page readonly
|
||
|
AE0A0FE000
|
stack
|
page read and write
|
||
|
2293BFD000
|
stack
|
page read and write
|
||
|
1EA8F2F1000
|
heap
|
page read and write
|
||
|
27DD000
|
stack
|
page read and write
|
||
|
E8834FD000
|
stack
|
page read and write
|
||
|
1EA8F2FE000
|
heap
|
page read and write
|
||
|
1D692A00000
|
heap
|
page read and write
|
||
|
78E000
|
heap
|
page read and write
|
||
|
19D6404E000
|
heap
|
page read and write
|
||
|
7FFC13126000
|
unkown
|
page readonly
|
||
|
1D692900000
|
heap
|
page read and write
|
||
|
1EA8D611000
|
heap
|
page read and write
|
||
|
1EA8F356000
|
heap
|
page read and write
|
||
|
7A9000
|
heap
|
page read and write
|
||
|
22E7382A000
|
heap
|
page read and write
|
||
|
148DC513000
|
heap
|
page read and write
|
||
|
1EA8D6A0000
|
heap
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
1F9D4802000
|
heap
|
page read and write
|
||
|
1EA8D627000
|
heap
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
1EA8D552000
|
heap
|
page read and write
|
||
|
1EA8F33D000
|
heap
|
page read and write
|
||
|
E88377C000
|
stack
|
page read and write
|
||
|
148DC500000
|
heap
|
page read and write
|
||
|
19D64013000
|
heap
|
page read and write
|
||
|
7FFC13119000
|
unkown
|
page write copy
|
||
|
1EA8D605000
|
heap
|
page read and write
|
||
|
20164127000
|
heap
|
page read and write
|
||
|
785000
|
heap
|
page read and write
|
||
|
201640F0000
|
heap
|
page read and write
|
||
|
496C9FF000
|
stack
|
page read and write
|
||
|
D7705FF000
|
stack
|
page read and write
|
||
|
7CF000
|
heap
|
page read and write
|
||
|
1EA8D4E0000
|
heap
|
page read and write
|
||
|
496CEFE000
|
stack
|
page read and write
|
||
|
DF4C7E000
|
stack
|
page read and write
|
||
|
1BD4467B000
|
heap
|
page read and write
|
||
|
1F9D40BF000
|
heap
|
page read and write
|
||
|
79C000
|
heap
|
page read and write
|
||
|
1D694400000
|
heap
|
page read and write
|
||
|
27A6BDF8000
|
heap
|
page read and write
|
||
|
A45000
|
heap
|
page read and write
|
||
|
1D9EDA6E000
|
heap
|
page read and write
|
||
|
7FFC130E0000
|
unkown
|
page readonly
|
||
|
1EA8D611000
|
heap
|
page read and write
|
||
|
1F9D4029000
|
heap
|
page read and write
|
||
|
20164410000
|
heap
|
page read and write
|
||
|
7FFC13103000
|
unkown
|
page readonly
|
||
|
7F9000
|
heap
|
page read and write
|
||
|
1D692955000
|
heap
|
page read and write
|
||
|
7F5000
|
heap
|
page read and write
|
||
|
684C5FE000
|
stack
|
page read and write
|
||
|
20E2000
|
heap
|
page read and write
|
||
|
E883CFD000
|
stack
|
page read and write
|
||
|
201A42B0000
|
heap
|
page read and write
|
||
|
1EA8FDB0000
|
remote allocation
|
page read and write
|
||
|
7FFC13103000
|
unkown
|
page readonly
|
||
|
1FC35229000
|
heap
|
page read and write
|
||
|
7273CFF000
|
stack
|
page read and write
|
||
|
1EA8D640000
|
trusted library allocation
|
page read and write
|
||
|
27A6BDF0000
|
heap
|
page read and write
|
||
|
E883BFE000
|
stack
|
page read and write
|
||
|
1BD445F0000
|
trusted library allocation
|
page read and write
|
||
|
1BD44661000
|
heap
|
page read and write
|
||
|
7DD000
|
heap
|
page read and write
|
||
|
21BD000
|
heap
|
page read and write
|
||
|
1BD44639000
|
heap
|
page read and write
|
||
|
2D6DFE13000
|
heap
|
page read and write
|
||
|
1EA8F31E000
|
heap
|
page read and write
|
||
|
17B374B1000
|
heap
|
page read and write
|
||
|
7FFC130E1000
|
unkown
|
page execute read
|
||
|
1EA8D637000
|
heap
|
page read and write
|
||
|
19D64971000
|
heap
|
page read and write
|
||
|
7FFC130E0000
|
unkown
|
page readonly
|
||
|
1FC35202000
|
heap
|
page read and write
|
||
|
1EA8D60C000
|
heap
|
page read and write
|
||
|
80C000
|
heap
|
page read and write
|
||
|
D7705FF000
|
stack
|
page read and write
|
||
|
275C000
|
stack
|
page read and write
|
||
|
201A27D0000
|
heap
|
page read and write
|
||
|
1EA8FE97000
|
heap
|
page read and write
|
||
|
7FFC13123000
|
unkown
|
page read and write
|
||
|
1BD4465B000
|
heap
|
page read and write
|
||
|
20164340000
|
heap
|
page read and write
|
||
|
17B358B0000
|
heap
|
page read and write
|
||
|
1EA8F31E000
|
heap
|
page read and write
|
||
|
1EA8F2E4000
|
heap
|
page read and write
|
||
|
1BD44600000
|
heap
|
page read and write
|
||
|
7FF000
|
heap
|
page read and write
|
||
|
1EA8D640000
|
trusted library allocation
|
page read and write
|
||
|
201A42C4000
|
heap
|
page read and write
|
||
|
1BD44668000
|
heap
|
page read and write
|
||
|
1EA8F33E000
|
heap
|
page read and write
|
||
|
1BD4467E000
|
heap
|
page read and write
|
||
|
148DC47E000
|
heap
|
page read and write
|
||
|
20164103000
|
heap
|
page read and write
|
||
|
7FFC13118000
|
unkown
|
page write copy
|
||
|
A00000
|
remote allocation
|
page read and write
|
||
|
1EA8F378000
|
heap
|
page read and write
|
||
|
19D64065000
|
heap
|
page read and write
|
||
|
19D63FF0000
|
trusted library allocation
|
page read and write
|
||
|
201A27A3000
|
heap
|
page read and write
|
||
|
20FD000
|
heap
|
page read and write
|
||
|
7273C7C000
|
stack
|
page read and write
|
||
|
20164342000
|
heap
|
page read and write
|
||
|
1BD44679000
|
heap
|
page read and write
|
||
|
1D9EDB13000
|
heap
|
page read and write
|
||
|
1EA8F2E0000
|
heap
|
page read and write
|
||
|
1EA8D609000
|
heap
|
page read and write
|
||
|
20164351000
|
heap
|
page read and write
|
||
|
17B35910000
|
heap
|
page read and write
|
||
|
D7704FC000
|
stack
|
page read and write
|
||
|
19D64074000
|
heap
|
page read and write
|
||
|
7FFC13118000
|
unkown
|
page write copy
|
||
|
27A6BD50000
|
heap
|
page read and write
|
||
|
1BD44647000
|
heap
|
page read and write
|
||
|
1EA8F6E7000
|
heap
|
page read and write
|
||
|
1EA8F324000
|
heap
|
page read and write
|
||
|
F351B7E000
|
stack
|
page read and write
|
||
|
27A6BD50000
|
heap
|
page read and write
|
||
|
7DD000
|
heap
|
page read and write
|
||
|
201A27D0000
|
heap
|
page read and write
|
||
|
1EA8F371000
|
heap
|
page read and write
|
||
|
1EA8F318000
|
heap
|
page read and write
|
||
|
26DC000
|
stack
|
page read and write
|
||
|
22934EB000
|
stack
|
page read and write
|
||
|
1EA8D60F000
|
heap
|
page read and write
|
||
|
7FF96FF000
|
stack
|
page read and write
|
||
|
7C3000
|
heap
|
page read and write
|
||
|
1EA8F30B000
|
heap
|
page read and write
|
||
|
9B3AAFC000
|
stack
|
page read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
27A6BD50000
|
heap
|
page read and write
|
||
|
1D9EDA02000
|
heap
|
page read and write
|
||
|
1EA8F311000
|
heap
|
page read and write
|
||
|
1EA8FDB0000
|
remote allocation
|
page read and write
|
||
|
1F9D3E20000
|
heap
|
page read and write
|
||
|
7FFC130E0000
|
unkown
|
page readonly
|
||
|
2D6DFE69000
|
heap
|
page read and write
|
||
|
1EA8F305000
|
heap
|
page read and write
|
||
|
1D9EDA52000
|
heap
|
page read and write
|
||
|
1EA8D563000
|
heap
|
page read and write
|
||
|
1EA8F367000
|
heap
|
page read and write
|
||
|
1EA8D60F000
|
heap
|
page read and write
|
||
|
7DA000
|
heap
|
page read and write
|
||
|
1EA8F331000
|
heap
|
page read and write
|
||
|
148DC457000
|
heap
|
page read and write
|
||
|
1EA8F6E7000
|
heap
|
page read and write
|
||
|
27A6C0D0000
|
heap
|
page read and write
|
||
|
1EA8D640000
|
trusted library allocation
|
page read and write
|
||
|
1EA8FD43000
|
heap
|
page read and write
|
||
|
27A6BD30000
|
heap
|
page read and write
|
||
|
7FFC13118000
|
unkown
|
page read and write
|
||
|
1F9D4900000
|
heap
|
page read and write
|
||
|
19D641E5000
|
heap
|
page read and write
|
||
|
1FC35030000
|
heap
|
page read and write
|
||
|
1EA8F331000
|
heap
|
page read and write
|
||
|
7FFC13123000
|
unkown
|
page read and write
|
||
|
1EA8D617000
|
heap
|
page read and write
|
||
|
2D6DFD90000
|
heap
|
page read and write
|
||
|
19D64055000
|
heap
|
page read and write
|
||
|
1EA8D4C0000
|
heap
|
page read and write
|
||
|
1EA8D640000
|
trusted library allocation
|
page read and write
|
||
|
7DC000
|
heap
|
page read and write
|
||
|
1EA8D640000
|
trusted library allocation
|
page read and write
|
||
|
1EA8D613000
|
heap
|
page read and write
|
||
|
7FFC13126000
|
unkown
|
page readonly
|
||
|
27A6BCC0000
|
heap
|
page read and write
|
||
|
1EA8F6E7000
|
heap
|
page read and write
|
||
|
1D9ED910000
|
heap
|
page read and write
|
||
|
21B4000
|
heap
|
page read and write
|
||
|
1D9EDA65000
|
heap
|
page read and write
|
||
|
1EA8D617000
|
heap
|
page read and write
|
||
|
2D6DFE00000
|
heap
|
page read and write
|
||
|
1EA8F337000
|
heap
|
page read and write
|
||
|
1EA8F2EA000
|
heap
|
page read and write
|
||
|
1EA8F324000
|
heap
|
page read and write
|
||
|
1EA8F371000
|
heap
|
page read and write
|
||
|
17B3732D000
|
heap
|
page read and write
|
||
|
22E7387E000
|
heap
|
page read and write
|
||
|
1BD4464E000
|
heap
|
page read and write
|
||
|
1EA8F377000
|
heap
|
page read and write
|
||
|
1EA8D60D000
|
heap
|
page read and write
|
||
|
17B358BE000
|
heap
|
page read and write
|
||
|
7A9000
|
heap
|
page read and write
|
||
|
1EA8F797000
|
heap
|
page read and write
|
||
|
1EA8F337000
|
heap
|
page read and write
|
||
|
1EA8F2F7000
|
heap
|
page read and write
|
||
|
7FC000
|
heap
|
page read and write
|
||
|
7A9000
|
heap
|
page read and write
|
||
|
AE09EFE000
|
stack
|
page read and write
|
||
|
2D6DFE2F000
|
heap
|
page read and write
|
||
|
1EA8D670000
|
trusted library allocation
|
page read and write
|
||
|
7FFC13119000
|
unkown
|
page write copy
|
||
|
148DC428000
|
heap
|
page read and write
|
||
|
22E73918000
|
heap
|
page read and write
|
||
|
1FC357C0000
|
remote allocation
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
1EA8F30B000
|
heap
|
page read and write
|
||
|
17B35940000
|
heap
|
page read and write
|
||
|
1FC35259000
|
heap
|
page read and write
|
||
|
1D692A08000
|
heap
|
page read and write
|
||
|
19D64A23000
|
heap
|
page read and write
|
||
|
1EA8F2EA000
|
heap
|
page read and write
|
||
|
19D64902000
|
heap
|
page read and write
|
||
|
1D692990000
|
remote allocation
|
page read and write
|
||
|
17B35850000
|
heap
|
page read and write
|
||
|
7E8000
|
heap
|
page read and write
|
||
|
27A6C0D5000
|
heap
|
page read and write
|
||
|
1EA8F873000
|
heap
|
page read and write
|
||
|
7E8000
|
heap
|
page read and write
|
||
|
1EA8F620000
|
heap
|
page read and write
|
||
|
1EA8D637000
|
heap
|
page read and write
|
||
|
1EA8D3E0000
|
unkown
|
page read and write
|
||
|
148DC469000
|
heap
|
page read and write
|
||
|
201A29F0000
|
heap
|
page read and write
|
||
|
7FFC130E1000
|
unkown
|
page execute read
|
||
|
1FC357C0000
|
remote allocation
|
page read and write
|
||
|
1EA8D640000
|
trusted library allocation
|
page read and write
|
||
|
1BD44677000
|
heap
|
page read and write
|
||
|
1EA8D60C000
|
heap
|
page read and write
|
||
|
7F9000
|
heap
|
page read and write
|
||
|
78D000
|
heap
|
page read and write
|
||
|
D77057F000
|
stack
|
page read and write
|
||
|
1BD44641000
|
heap
|
page read and write
|
||
|
808000
|
heap
|
page read and write
|
||
|
2D6DFD40000
|
heap
|
page read and write
|
||
|
1EA8D617000
|
heap
|
page read and write
|
||
|
19D64922000
|
heap
|
page read and write
|
||
|
7FFC13119000
|
unkown
|
page write copy
|
||
|
201640C0000
|
direct allocation
|
page execute and read and write
|
||
|
9B3A77C000
|
stack
|
page read and write
|
||
|
1D692900000
|
heap
|
page read and write
|
||
|
AE09D7E000
|
stack
|
page read and write
|
||
|
1EA8F358000
|
heap
|
page read and write
|
||
|
1EA8F344000
|
heap
|
page read and write
|
||
|
148DC350000
|
heap
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
27A6BDF8000
|
heap
|
page read and write
|
||
|
7FC000
|
heap
|
page read and write
|
||
|
2293D7D000
|
stack
|
page read and write
|
||
|
1EA8D63E000
|
heap
|
page read and write
|
||
|
1EA8D640000
|
trusted library allocation
|
page read and write
|
||
|
496CB79000
|
stack
|
page read and write
|
||
|
1F9D40E6000
|
heap
|
page read and write
|
||
|
1EA8D637000
|
heap
|
page read and write
|
||
|
1EA8D650000
|
heap
|
page read and write
|
||
|
2D6DFDC0000
|
trusted library allocation
|
page read and write
|
||
|
E88397E000
|
stack
|
page read and write
|
||
|
1EA8D637000
|
heap
|
page read and write
|
||
|
19D64922000
|
heap
|
page read and write
|
||
|
9B3A11C000
|
stack
|
page read and write
|
||
|
1EA8FD43000
|
heap
|
page read and write
|
||
|
1D9EDA00000
|
heap
|
page read and write
|
||
|
1D692920000
|
heap
|
page read and write
|
||
|
1EA8F378000
|
heap
|
page read and write
|
||
|
20164204000
|
heap
|
page read and write
|
||
|
22E7385F000
|
heap
|
page read and write
|
||
|
1EA8FD21000
|
heap
|
page read and write
|
||
|
27A6C0D5000
|
heap
|
page read and write
|
||
|
1EA8F2FE000
|
heap
|
page read and write
|
||
|
1BD44629000
|
heap
|
page read and write
|
||
|
201640A0000
|
heap
|
page read and write
|
||
|
7273CFF000
|
stack
|
page read and write
|
||
|
17B358CE000
|
heap
|
page read and write
|
||
|
19D64954000
|
heap
|
page read and write
|
||
|
1BD4466D000
|
heap
|
page read and write
|
||
|
1EA8F318000
|
heap
|
page read and write
|
||
|
229397F000
|
stack
|
page read and write
|
||
|
19D64943000
|
heap
|
page read and write
|
||
|
1D9EE070000
|
trusted library allocation
|
page read and write
|
||
|
1F9D3F90000
|
trusted library allocation
|
page read and write
|
||
|
19D64069000
|
heap
|
page read and write
|
||
|
19D64A13000
|
heap
|
page read and write
|
||
|
19D64087000
|
heap
|
page read and write
|
||
|
1EA8F2FC000
|
heap
|
page read and write
|
||
|
1EA8F35C000
|
heap
|
page read and write
|
||
|
19D6403C000
|
heap
|
page read and write
|
||
|
1EA8F318000
|
heap
|
page read and write
|
||
|
1EA8F2FE000
|
heap
|
page read and write
|
||
|
1EA8D627000
|
heap
|
page read and write
|
||
|
1EA8D380000
|
heap
|
page read and write
|
||
|
F351C79000
|
stack
|
page read and write
|
||
|
2293AFE000
|
stack
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
201A2800000
|
heap
|
page read and write
|
||
|
7A2000
|
heap
|
page read and write
|
||
|
7E8000
|
heap
|
page read and write
|
||
|
2016411C000
|
heap
|
page read and write
|
||
|
1EA900A0000
|
heap
|
page read and write
|
||
|
7FFC13126000
|
unkown
|
page readonly
|
||
|
1FC35200000
|
heap
|
page read and write
|
||
|
AE0A1FF000
|
stack
|
page read and write
|
||
|
1EA8D613000
|
heap
|
page read and write
|
||
|
27A6BDF8000
|
heap
|
page read and write
|
||
|
1EA8F35C000
|
heap
|
page read and write
|
||
|
D77057F000
|
stack
|
page read and write
|
||
|
17B374A2000
|
heap
|
page read and write
|
||
|
148DC413000
|
heap
|
page read and write
|
||
|
6F554FE000
|
stack
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
1BD44420000
|
heap
|
page read and write
|
||
|
1EA8D606000
|
heap
|
page read and write
|
||
|
17B35910000
|
heap
|
page read and write
|
||
|
278029C000
|
stack
|
page read and write
|
||
|
9B3A87C000
|
stack
|
page read and write
|
||
|
1D9EDA29000
|
heap
|
page read and write
|
||
|
A00000
|
remote allocation
|
page read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
1EA8F2E6000
|
heap
|
page read and write
|
||
|
6F558FF000
|
stack
|
page read and write
|
||
|
2D6E0602000
|
trusted library allocation
|
page read and write
|
||
|
17B358B7000
|
heap
|
page read and write
|
||
|
1EA8F32B000
|
heap
|
page read and write
|
||
|
19D64A02000
|
heap
|
page read and write
|
||
|
1D6927C0000
|
heap
|
page read and write
|
||
|
1EA8F745000
|
heap
|
page read and write
|
||
|
148DCC02000
|
trusted library allocation
|
page read and write
|
||
|
1EA8D619000
|
heap
|
page read and write
|
||
|
1F9D4113000
|
heap
|
page read and write
|
||
|
1F9D3E30000
|
heap
|
page read and write
|
||
|
19D649B3000
|
heap
|
page read and write
|
||
|
6F555FF000
|
stack
|
page read and write
|
||
|
1EA8D640000
|
trusted library allocation
|
page read and write
|
||
|
1EA8F358000
|
heap
|
page read and write
|
||
|
1EA8D640000
|
trusted library allocation
|
page read and write
|
||
|
1EA8D640000
|
trusted library allocation
|
page read and write
|
||
|
17B35710000
|
heap
|
page read and write
|
||
|
1EA8F2FE000
|
heap
|
page read and write
|
||
|
1EA8D61B000
|
heap
|
page read and write
|
||
|
2D6DFF02000
|
heap
|
page read and write
|
||
|
1EA8D640000
|
trusted library allocation
|
page read and write
|
||
|
E883A7E000
|
stack
|
page read and write
|
||
|
22E75330000
|
remote allocation
|
page read and write
|
||
|
1EA8D60A000
|
heap
|
page read and write
|
||
|
1EA8FE9A000
|
heap
|
page read and write
|
||
|
1D692A00000
|
heap
|
page read and write
|
||
|
1EA8D6A5000
|
heap
|
page read and write
|
||
|
80F000
|
heap
|
page read and write
|
||
|
1BD4467A000
|
heap
|
page read and write
|
||
|
2293DFE000
|
stack
|
page read and write
|
||
|
1D692920000
|
heap
|
page read and write
|
||
|
19D64670000
|
trusted library allocation
|
page read and write
|
||
|
1EA8F371000
|
heap
|
page read and write
|
||
|
1BD44643000
|
heap
|
page read and write
|
||
|
19D6408C000
|
heap
|
page read and write
|
||
|
1BD44663000
|
heap
|
page read and write
|
||
|
1D692955000
|
heap
|
page read and write
|
||
|
496C67C000
|
stack
|
page read and write
|
||
|
1EA8F30B000
|
heap
|
page read and write
|
||
|
1EA8F371000
|
heap
|
page read and write
|
||
|
1BD44613000
|
heap
|
page read and write
|
||
|
1EA8F371000
|
heap
|
page read and write
|
||
|
7FFC13118000
|
unkown
|
page read and write
|
||
|
808000
|
heap
|
page read and write
|
||
|
1F9D406E000
|
heap
|
page read and write
|
||
|
7E8000
|
heap
|
page read and write
|
||
|
1EA8D620000
|
heap
|
page read and write
|
||
|
9B3ADFE000
|
stack
|
page read and write
|
||
|
1BD44656000
|
heap
|
page read and write
|
||
|
201640CE000
|
direct allocation
|
page execute and read and write
|
||
|
1EA8D62E000
|
heap
|
page read and write
|
||
|
1EA8F305000
|
heap
|
page read and write
|
||
|
19D64113000
|
heap
|
page read and write
|
||
|
201A2600000
|
heap
|
page read and write
|
||
|
7FFC130E0000
|
unkown
|
page readonly
|
||
|
148DC481000
|
heap
|
page read and write
|
||
|
1D6927C0000
|
unkown
|
page read and write
|
||
|
1EA8D637000
|
heap
|
page read and write
|
||
|
22E73710000
|
heap
|
page read and write
|
||
|
148DC2F0000
|
heap
|
page read and write
|
||
|
1EA8F319000
|
heap
|
page read and write
|
||
|
684C3FE000
|
stack
|
page read and write
|
||
|
1EA8F344000
|
heap
|
page read and write
|
||
|
1EA8FE90000
|
heap
|
page read and write
|
||
|
17B359E0000
|
direct allocation
|
page execute and read and write
|
||
|
1EA8F2F8000
|
heap
|
page read and write
|
||
|
1D9EDA57000
|
heap
|
page read and write
|
||
|
7FFC13103000
|
unkown
|
page readonly
|
||
|
19D6405C000
|
heap
|
page read and write
|
||
|
27A6BDF0000
|
heap
|
page read and write
|
||
|
201A278E000
|
heap
|
page read and write
|
||
|
1BD4466F000
|
heap
|
page read and write
|
||
|
17B374A0000
|
heap
|
page read and write
|
||
|
496CF7E000
|
stack
|
page read and write
|
||
|
1F9D4000000
|
heap
|
page read and write
|
||
|
78D000
|
heap
|
page read and write
|
||
|
2D6DFE3C000
|
heap
|
page read and write
|
||
|
AE09C7B000
|
stack
|
page read and write
|
||
|
27A6D990000
|
heap
|
page read and write
|
||
|
7FFC13118000
|
unkown
|
page read and write
|
||
|
1EA8F2F1000
|
heap
|
page read and write
|
||
|
17B35A60000
|
heap
|
page read and write
|
||
|
2D6DFD30000
|
heap
|
page read and write
|
||
|
684BF0E000
|
unkown
|
page read and write
|
||
|
148DC440000
|
heap
|
page read and write
|
||
|
1EA8D603000
|
heap
|
page read and write
|
||
|
201A42A1000
|
heap
|
page read and write
|
||
|
1EA8D637000
|
heap
|
page read and write
|
||
|
19D64996000
|
heap
|
page read and write
|
||
|
7273CFF000
|
stack
|
page read and write
|
||
|
1EA8D603000
|
heap
|
page read and write
|
||
|
1EA8D5FE000
|
heap
|
page read and write
|
||
|
7FFC13123000
|
unkown
|
page read and write
|
||
|
1FC34FC0000
|
heap
|
page read and write
|
||
|
7A2000
|
heap
|
page read and write
|
||
|
27A6BDE0000
|
remote allocation
|
page read and write
|
||
|
1FC3523D000
|
heap
|
page read and write
|
||
|
2190000
|
heap
|
page read and write
|
||
|
201A278E000
|
heap
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
2D6DFE02000
|
heap
|
page read and write
|
||
|
D7705FF000
|
stack
|
page read and write
|
||
|
E88367C000
|
stack
|
page read and write
|
||
|
1EA8D3D0000
|
unkown
|
page readonly
|
||
|
1EA8F33D000
|
heap
|
page read and write
|
||
|
1BD4465F000
|
heap
|
page read and write
|
||
|
1D692990000
|
remote allocation
|
page read and write
|
||
|
7FFC13123000
|
unkown
|
page read and write
|
||
|
1F9D4040000
|
heap
|
page read and write
|
||
|
1EA8D670000
|
trusted library allocation
|
page read and write
|
||
|
17B35870000
|
heap
|
page read and write
|
||
|
1EA8F2F7000
|
heap
|
page read and write
|
||
|
1EA8D3E0000
|
unkown
|
page read and write
|
||
|
1EA8F311000
|
heap
|
page read and write
|
||
|
1F9D3E90000
|
heap
|
page read and write
|
||
|
1EA8F378000
|
heap
|
page read and write
|
||
|
798000
|
heap
|
page read and write
|
||
|
6F553FD000
|
stack
|
page read and write
|
||
|
2293C7F000
|
stack
|
page read and write
|
||
|
278031F000
|
stack
|
page read and write
|
||
|
201A2800000
|
heap
|
page read and write
|
||
|
1D692A08000
|
heap
|
page read and write
|
||
|
27A6BCC0000
|
unkown
|
page read and write
|
||
|
1EA8D640000
|
trusted library allocation
|
page read and write
|
||
|
1EA8D61B000
|
heap
|
page read and write
|
||
|
148DC380000
|
trusted library allocation
|
page read and write
|
||
|
1EA8D540000
|
heap
|
page read and write
|
||
|
2016420D000
|
heap
|
page read and write
|
||
|
1F9D40E3000
|
heap
|
page read and write
|
||
|
22E73885000
|
heap
|
page read and write
|
||
|
79C000
|
heap
|
page read and write
|
||
|
1D9EDB02000
|
heap
|
page read and write
|
||
|
19D6402A000
|
heap
|
page read and write
|
||
|
1EA8F32B000
|
heap
|
page read and write
|
||
|
73E000
|
direct allocation
|
page execute and read and write
|
||
|
27A6C0D5000
|
heap
|
page read and write
|
||
|
20164149000
|
heap
|
page read and write
|
||
|
1BD44660000
|
heap
|
page read and write
|
||
|
1EA8FE97000
|
heap
|
page read and write
|
||
|
79C000
|
heap
|
page read and write
|
||
|
7DD000
|
heap
|
page read and write
|
||
|
1EA8D608000
|
heap
|
page read and write
|
||
|
2016410E000
|
heap
|
page read and write
|
||
|
1EA8F311000
|
heap
|
page read and write
|
||
|
148DC2E0000
|
heap
|
page read and write
|
||
|
76B000
|
heap
|
page read and write
|
||
|
7FFC130E1000
|
unkown
|
page execute read
|
||
|
22E7383D000
|
heap
|
page read and write
|
||
|
1EA8D637000
|
heap
|
page read and write
|
||
|
7FFC13123000
|
unkown
|
page read and write
|
||
|
1EA8D637000
|
heap
|
page read and write
|
||
|
7FFC13123000
|
unkown
|
page read and write
|
||
|
1EA8F388000
|
heap
|
page read and write
|
||
|
1BD44658000
|
heap
|
page read and write
|
||
|
1EA8F371000
|
heap
|
page read and write
|
||
|
9B3A9FB000
|
stack
|
page read and write
|
||
|
1EA8FE91000
|
heap
|
page read and write
|
||
|
278039F000
|
stack
|
page read and write
|
||
|
7FF977F000
|
stack
|
page read and write
|
||
|
22E73913000
|
heap
|
page read and write
|
||
|
22E752B0000
|
trusted library allocation
|
page read and write
|
||
|
1EA8D640000
|
trusted library allocation
|
page read and write
|
||
|
1EA8FD31000
|
heap
|
page read and write
|
||
|
17B35940000
|
heap
|
page read and write
|
||
|
310000
|
heap
|
page read and write
|
||
|
7F9000
|
heap
|
page read and write
|
||
|
684BE83000
|
stack
|
page read and write
|
||
|
17B37324000
|
heap
|
page read and write
|
||
|
798000
|
heap
|
page read and write
|
||
|
1FC35302000
|
heap
|
page read and write
|
||
|
410E5FE000
|
stack
|
page read and write
|
||
|
F3513AB000
|
stack
|
page read and write
|
||
|
7FC000
|
heap
|
page read and write
|
||
|
1EA90170000
|
heap
|
page read and write
|
||
|
1BD44675000
|
heap
|
page read and write
|
||
|
201A2778000
|
heap
|
page read and write
|
||
|
22E7384F000
|
heap
|
page read and write
|
||
|
17B35AA5000
|
heap
|
page read and write
|
||
|
7E8000
|
heap
|
page read and write
|
||
|
1EA8F371000
|
heap
|
page read and write
|
||
|
217C000
|
stack
|
page read and write
|
||
|
F3517FF000
|
stack
|
page read and write
|
||
|
1EA8F525000
|
heap
|
page read and write
|
||
|
7FFC13119000
|
unkown
|
page write copy
|
||
|
1EA8D61C000
|
heap
|
page read and write
|
||
|
19D6407A000
|
heap
|
page read and write
|
||
|
17B358E3000
|
heap
|
page read and write
|
||
|
20F1000
|
heap
|
page read and write
|
||
|
1EA8FDB0000
|
remote allocation
|
page read and write
|
||
|
1EA8F311000
|
heap
|
page read and write
|
||
|
1EA8D6AA000
|
heap
|
page read and write
|
||
|
7F9000
|
heap
|
page read and write
|
||
|
201642F0000
|
heap
|
page read and write
|
||
|
27A6D990000
|
heap
|
page read and write
|
||
|
80C000
|
heap
|
page read and write
|
||
|
201A2870000
|
heap
|
page read and write
|
||
|
1BD443B0000
|
heap
|
page read and write
|
||
|
1D9ED8B0000
|
heap
|
page read and write
|
||
|
19D6406A000
|
heap
|
page read and write
|
||
|
1EA8F520000
|
heap
|
page read and write
|
||
|
17B359EE000
|
direct allocation
|
page execute and read and write
|
||
|
2D6DFE25000
|
heap
|
page read and write
|
||
|
20164179000
|
heap
|
page read and write
|
||
|
A00000
|
remote allocation
|
page read and write
|
||
|
1EA8F621000
|
heap
|
page read and write
|
||
|
1BD44702000
|
heap
|
page read and write
|
||
|
1EA8D548000
|
heap
|
page read and write
|
||
|
1D692950000
|
heap
|
page read and write
|
||
|
1EA8F2E6000
|
heap
|
page read and write
|
||
|
22E7385F000
|
heap
|
page read and write
|
||
|
79C000
|
heap
|
page read and write
|
||
|
1D692A00000
|
heap
|
page read and write
|
||
|
1FC35213000
|
heap
|
page read and write
|
||
|
496CE7E000
|
stack
|
page read and write
|
||
|
1EA8D640000
|
trusted library allocation
|
page read and write
|
||
|
813000
|
heap
|
page read and write
|
||
|
6F551FC000
|
stack
|
page read and write
|
||
|
1F9D4013000
|
heap
|
page read and write
|
||
|
1D9ED8A0000
|
heap
|
page read and write
|
||
|
1EA8F378000
|
heap
|
page read and write
|
||
|
27A6BCC0000
|
unkown
|
page read and write
|
||
|
22E73720000
|
heap
|
page read and write
|
||
|
19D64802000
|
heap
|
page read and write
|
||
|
D7704FC000
|
stack
|
page read and write
|
||
|
6F557FF000
|
stack
|
page read and write
|
||
|
19D64900000
|
heap
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
808000
|
heap
|
page read and write
|
||
|
17B37310000
|
heap
|
page read and write
|
||
|
19D6402C000
|
heap
|
page read and write
|
||
|
2D6DFE29000
|
heap
|
page read and write
|
||
|
27A6C0D0000
|
heap
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
148DC465000
|
heap
|
page read and write
|
||
|
1FC35802000
|
trusted library allocation
|
page read and write
|
||
|
22E73900000
|
heap
|
page read and write
|
||
|
1EA8F371000
|
heap
|
page read and write
|
||
|
1EA8F325000
|
heap
|
page read and write
|
||
|
1D692950000
|
heap
|
page read and write
|
||
|
17B35AA0000
|
heap
|
page read and write
|
||
|
1D694400000
|
heap
|
page read and write
|
||
|
7CF000
|
heap
|
page read and write
|
||
|
201A2800000
|
heap
|
page read and write
|
||
|
17B358CE000
|
heap
|
page read and write
|
||
|
20164149000
|
heap
|
page read and write
|
||
|
201641F0000
|
heap
|
page read and write
|
||
|
1EA8F374000
|
heap
|
page read and write
|
||
|
1EA8D619000
|
heap
|
page read and write
|
||
|
7FF000
|
heap
|
page read and write
|
||
|
19D64043000
|
heap
|
page read and write
|
||
|
201A2800000
|
heap
|
page read and write
|
||
|
1FC357C0000
|
remote allocation
|
page read and write
|
||
|
1FC35260000
|
heap
|
page read and write
|
||
|
1BD44C02000
|
trusted library allocation
|
page read and write
|
||
|
1D692920000
|
heap
|
page read and write
|
||
|
1BD44626000
|
heap
|
page read and write
|
||
|
7FFC130E0000
|
unkown
|
page readonly
|
||
|
27A6D990000
|
heap
|
page read and write
|
||
|
1EA8F337000
|
heap
|
page read and write
|
||
|
684C37F000
|
stack
|
page read and write
|
||
|
DF4B7B000
|
stack
|
page read and write
|
||
|
1EA8F6E9000
|
heap
|
page read and write
|
||
|
19D64077000
|
heap
|
page read and write
|
||
|
6F54F7A000
|
stack
|
page read and write
|
||
|
148DC400000
|
heap
|
page read and write
|
||
|
19D63E90000
|
heap
|
page read and write
|
||
|
9B3ACFC000
|
stack
|
page read and write
|
||
|
AE09FFE000
|
stack
|
page read and write
|
||
|
201A29F5000
|
heap
|
page read and write
|
||
|
7C6000
|
heap
|
page read and write
|
||
|
19D64000000
|
heap
|
page read and write
|
||
|
1D9EDA3F000
|
heap
|
page read and write
|
||
|
7FFC130E0000
|
unkown
|
page readonly
|
||
|
1D9EE202000
|
trusted library allocation
|
page read and write
|
||
|
7FFC13126000
|
unkown
|
page readonly
|
||
|
7FFC13126000
|
unkown
|
page readonly
|
||
|
7FFC13103000
|
unkown
|
page readonly
|
||
|
19D64094000
|
heap
|
page read and write
|
||
|
7DA000
|
heap
|
page read and write
|
||
|
813000
|
heap
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
1EA8F337000
|
heap
|
page read and write
|
||
|
201A2770000
|
heap
|
page read and write
|
||
|
1EA8D60F000
|
heap
|
page read and write
|
||
|
148DC402000
|
heap
|
page read and write
|
||
|
1EA8F37C000
|
heap
|
page read and write
|
||
|
1EA8F33D000
|
heap
|
page read and write
|
||
|
19D649BF000
|
heap
|
page read and write
|
||
|
496CAFB000
|
stack
|
page read and write
|
||
|
1EA8D640000
|
trusted library allocation
|
page read and write
|
||
|
1EA8F388000
|
heap
|
page read and write
|
||
|
1EA8D613000
|
heap
|
page read and write
|
||
|
808000
|
heap
|
page read and write
|
||
|
201A29AE000
|
direct allocation
|
page execute and read and write
|
||
|
2D6DFE54000
|
heap
|
page read and write
|
||
|
1EA8D600000
|
heap
|
page read and write
|
||
|
1EA8F821000
|
heap
|
page read and write
|
||
|
1EA8D637000
|
heap
|
page read and write
|
||
|
22E75330000
|
remote allocation
|
page read and write
|
||
|
22E75270000
|
trusted library allocation
|
page read and write
|
||
|
1EA8D619000
|
heap
|
page read and write
|
||
|
1EA8D7FB000
|
heap
|
page read and write
|
||
|
19D649CA000
|
heap
|
page read and write
|
||
|
684C2FB000
|
stack
|
page read and write
|
||
|
E88387E000
|
stack
|
page read and write
|
||
|
7FFC13103000
|
unkown
|
page readonly
|
||
|
7FF000
|
heap
|
page read and write
|
||
|
D7704FC000
|
stack
|
page read and write
|
||
|
17B35940000
|
heap
|
page read and write
|
||
|
1EA8F371000
|
heap
|
page read and write
|
||
|
20E0000
|
heap
|
page read and write
|
||
|
19D64A27000
|
heap
|
page read and write
|
||
|
22E7384B000
|
heap
|
page read and write
|
||
|
1D692955000
|
heap
|
page read and write
|
||
|
1EA8F797000
|
heap
|
page read and write
|
||
|
7FFC13123000
|
unkown
|
page read and write
|
||
|
1BD4467D000
|
heap
|
page read and write
|
||
|
7FF000
|
heap
|
page read and write
|
||
|
1EA8F344000
|
heap
|
page read and write
|
||
|
684C47E000
|
stack
|
page read and write
|
||
|
D77057F000
|
stack
|
page read and write
|
||
|
79C000
|
heap
|
page read and write
|
||
|
7C6000
|
heap
|
page read and write
|
||
|
1EA8F305000
|
heap
|
page read and write
|
||
|
1EA8D605000
|
heap
|
page read and write
|
||
|
1EA8D7C0000
|
heap
|
page read and write
|
||
|
27A6BDE0000
|
remote allocation
|
page read and write
|
||
|
1EA8D608000
|
heap
|
page read and write
|
||
|
1BD4465D000
|
heap
|
page read and write
|
||
|
1BD44630000
|
heap
|
page read and write
|
||
|
201640FD000
|
heap
|
page read and write
|
||
|
7FFC13118000
|
unkown
|
page read and write
|
||
|
1EA8F68F000
|
heap
|
page read and write
|
||
|
201A27A3000
|
heap
|
page read and write
|
||
|
6F54B2B000
|
stack
|
page read and write
|
||
|
7FFC130E1000
|
unkown
|
page execute read
|
||
|
9B3A97E000
|
stack
|
page read and write
|
||
|
1F9D4102000
|
heap
|
page read and write
|
||
|
7C6000
|
heap
|
page read and write
|
||
|
1EA8F377000
|
heap
|
page read and write
|
||
|
7FF967C000
|
stack
|
page read and write
|
||
|
2D6DFE37000
|
heap
|
page read and write
|
||
|
22E73800000
|
heap
|
page read and write
|
||
|
22E73813000
|
heap
|
page read and write
|
||
|
7273C7C000
|
stack
|
page read and write
|
||
|
1EA8F344000
|
heap
|
page read and write
|
||
|
20164110000
|
heap
|
page read and write
|
||
|
1EA8D640000
|
trusted library allocation
|
page read and write
|
||
|
1EA8D60A000
|
heap
|
page read and write
|
||
|
1D6927C0000
|
unkown
|
page read and write
|
||
|
9B3ABFF000
|
stack
|
page read and write
|
||
|
730000
|
direct allocation
|
page execute and read and write
|
||
|
1EA8F368000
|
heap
|
page read and write
|
||
|
1D9EDA86000
|
heap
|
page read and write
|
||
|
1EA8D63E000
|
heap
|
page read and write
|
||
|
410E6FF000
|
stack
|
page read and write
|
||
|
9B3A57E000
|
stack
|
page read and write
|
||
|
1BD443C0000
|
heap
|
page read and write
|
||
|
19D64A30000
|
heap
|
page read and write
|
||
|
2293EFD000
|
stack
|
page read and write
|
||
|
19D63E80000
|
heap
|
page read and write
|
||
|
19D64093000
|
heap
|
page read and write
|
||
|
1D692950000
|
heap
|
page read and write
|
||
|
7FFC13118000
|
unkown
|
page write copy
|
||
|
496CC7A000
|
stack
|
page read and write
|
||
|
1EA8FD20000
|
heap
|
page read and write
|
||
|
7FFC130E1000
|
unkown
|
page execute read
|
||
|
1EA8F2F3000
|
heap
|
page read and write
|
||
|
1EA8F30B000
|
heap
|
page read and write
|
||
|
1EA8D7F0000
|
heap
|
page read and write
|
||
|
1EA8D603000
|
heap
|
page read and write
|
||
|
1EA8D640000
|
trusted library allocation
|
page read and write
|
||
|
813000
|
heap
|
page read and write
|
||
|
22E75402000
|
trusted library allocation
|
page read and write
|
||
|
2D6DFE3A000
|
heap
|
page read and write
|
||
|
1EA8F337000
|
heap
|
page read and write
|
||
|
1EA8D7FE000
|
heap
|
page read and write
|
||
|
F351A7C000
|
stack
|
page read and write
|
||
|
1EA8F324000
|
heap
|
page read and write
|
||
|
DF4D7F000
|
stack
|
page read and write
|
||
|
1EA8F344000
|
heap
|
page read and write
|
||
|
1D694400000
|
heap
|
page read and write
|
||
|
1EA8F2EC000
|
heap
|
page read and write
|
||
|
27A6C0D0000
|
heap
|
page read and write
|
||
|
1EA8F31E000
|
heap
|
page read and write
|
||
|
27A6BD30000
|
heap
|
page read and write
|
||
|
1EA8D61B000
|
heap
|
page read and write
|
||
|
1EA8F820000
|
heap
|
page read and write
|
||
|
7FFC130E1000
|
unkown
|
page execute read
|
||
|
1F9D40B9000
|
heap
|
page read and write
|
||
|
1EA8D640000
|
trusted library allocation
|
page read and write
|
||
|
3CB000
|
stack
|
page read and write
|
||
|
410E2FD000
|
stack
|
page read and write
|
||
|
7E8000
|
heap
|
page read and write
|
||
|
1EA8F33D000
|
heap
|
page read and write
|
||
|
7DC000
|
heap
|
page read and write
|
||
|
22E73902000
|
heap
|
page read and write
|
||
|
1EA8D600000
|
heap
|
page read and write
|
||
|
7273C7C000
|
stack
|
page read and write
|
||
|
78D000
|
heap
|
page read and write
|
||
|
201A2740000
|
heap
|
page read and write
|
||
|
1F9D40CA000
|
heap
|
page read and write
|
||
|
F35197A000
|
stack
|
page read and write
|
||
|
1EA8D63E000
|
heap
|
page read and write
|
||
|
1BD4466C000
|
heap
|
page read and write
|
||
|
1EA8F305000
|
heap
|
page read and write
|
||
|
1BD44659000
|
heap
|
page read and write
|
||
|
1EA8D640000
|
trusted library allocation
|
page read and write
|
||
|
22939FC000
|
stack
|
page read and write
|
||
|
7FF000
|
heap
|
page read and write
|
||
|
496C87A000
|
stack
|
page read and write
|
||
|
17B35940000
|
heap
|
page read and write
|
||
|
684BF8D000
|
stack
|
page read and write
|
||
|
19D64A00000
|
heap
|
page read and write
|
||
|
201A42CD000
|
heap
|
page read and write
|
||
|
1EA8D3C0000
|
unkown
|
page readonly
|
||
|
1EA8F344000
|
heap
|
page read and write
|
||
|
2D6DFE47000
|
heap
|
page read and write
|
||
|
1EA8F379000
|
heap
|
page read and write
|
||
|
22E75330000
|
remote allocation
|
page read and write
|
||
|
148DC502000
|
heap
|
page read and write
|
||
|
7A9000
|
heap
|
page read and write
|
||
|
9B3A7FF000
|
stack
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
7FFC130E1000
|
unkown
|
page execute read
|
||
|
1EA8F30B000
|
heap
|
page read and write
|
||
|
1EA8F32B000
|
heap
|
page read and write
|
||
|
7FFC13103000
|
unkown
|
page readonly
|
||
|
19D641B9000
|
heap
|
page read and write
|
||
|
20163F60000
|
heap
|
page read and write
|
||
|
7FFC13103000
|
unkown
|
page readonly
|
||
|
1FC35790000
|
trusted library allocation
|
page read and write
|
||
|
6F550FF000
|
stack
|
page read and write
|
||
|
684C57B000
|
stack
|
page read and write
|
||
|
1EA8D61B000
|
heap
|
page read and write
|
||
|
19D6418E000
|
heap
|
page read and write
|
||
|
201A29A0000
|
direct allocation
|
page execute and read and write
|
||
|
1FC34FD0000
|
heap
|
page read and write
|
||
|
AE09CFE000
|
stack
|
page read and write
|
||
|
201A4290000
|
heap
|
page read and write
|
||
|
684C27E000
|
stack
|
page read and write
|
||
|
22E7385B000
|
heap
|
page read and write
|
||
|
1EA8F344000
|
heap
|
page read and write
|
||
|
1EA8FC20000
|
heap
|
page read and write
|
||
|
1EA8F344000
|
heap
|
page read and write
|
||
|
496CD7F000
|
stack
|
page read and write
|
||
|
1EA8D640000
|
trusted library allocation
|
page read and write
|
||
|
1EA8D611000
|
heap
|
page read and write
|
||
|
7C6000
|
heap
|
page read and write
|
There are 794 hidden memdumps, click here to show them.