Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Windows Defender.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Windows Defender_7e6cd544cbd8cf37341e36f3db8ac525bdf1ec51_b64cc9ab_d6a53279-b9f7-44f5-a62e-9c9642d99aab\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAD4A.tmp.dmp
|
Mini DuMP crash report, 15 streams, Mon Jul 22 11:58:45 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAE74.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAEA4.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve.LOG1
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Windows Defender.exe
|
"C:\Users\user\Desktop\Windows Defender.exe"
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 9212 -s 1632
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
rest-root.gl.at.ply.gg
|
|
||
|
http://upx.sf.net
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://ip-api.com/line/?fields=hosting
|
208.95.112.1
|
||
|
http://ip-api.com
|
unknown
|
||
|
http://ip-api.comd
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ip-api.com
|
208.95.112.1
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
208.95.112.1
|
ip-api.com
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Windows Defender_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Windows Defender_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Windows Defender_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Windows Defender_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Windows Defender_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Windows Defender_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Windows Defender_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Windows Defender_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Windows Defender_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Windows Defender_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Windows Defender_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Windows Defender_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Windows Defender_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Windows Defender_RASMANCS
|
FileDirectory
|
||
|
\REGISTRY\A\{b3e994da-5a39-5437-6763-e43a1f843f6d}\Root\InventoryApplicationFile\windows defender|6036f7e3917abdd1
|
ProgramId
|
||
|
\REGISTRY\A\{b3e994da-5a39-5437-6763-e43a1f843f6d}\Root\InventoryApplicationFile\windows defender|6036f7e3917abdd1
|
FileId
|
||
|
\REGISTRY\A\{b3e994da-5a39-5437-6763-e43a1f843f6d}\Root\InventoryApplicationFile\windows defender|6036f7e3917abdd1
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{b3e994da-5a39-5437-6763-e43a1f843f6d}\Root\InventoryApplicationFile\windows defender|6036f7e3917abdd1
|
LongPathHash
|
||
|
\REGISTRY\A\{b3e994da-5a39-5437-6763-e43a1f843f6d}\Root\InventoryApplicationFile\windows defender|6036f7e3917abdd1
|
Name
|
||
|
\REGISTRY\A\{b3e994da-5a39-5437-6763-e43a1f843f6d}\Root\InventoryApplicationFile\windows defender|6036f7e3917abdd1
|
OriginalFileName
|
||
|
\REGISTRY\A\{b3e994da-5a39-5437-6763-e43a1f843f6d}\Root\InventoryApplicationFile\windows defender|6036f7e3917abdd1
|
Publisher
|
||
|
\REGISTRY\A\{b3e994da-5a39-5437-6763-e43a1f843f6d}\Root\InventoryApplicationFile\windows defender|6036f7e3917abdd1
|
Version
|
||
|
\REGISTRY\A\{b3e994da-5a39-5437-6763-e43a1f843f6d}\Root\InventoryApplicationFile\windows defender|6036f7e3917abdd1
|
BinFileVersion
|
||
|
\REGISTRY\A\{b3e994da-5a39-5437-6763-e43a1f843f6d}\Root\InventoryApplicationFile\windows defender|6036f7e3917abdd1
|
BinaryType
|
||
|
\REGISTRY\A\{b3e994da-5a39-5437-6763-e43a1f843f6d}\Root\InventoryApplicationFile\windows defender|6036f7e3917abdd1
|
ProductName
|
||
|
\REGISTRY\A\{b3e994da-5a39-5437-6763-e43a1f843f6d}\Root\InventoryApplicationFile\windows defender|6036f7e3917abdd1
|
ProductVersion
|
||
|
\REGISTRY\A\{b3e994da-5a39-5437-6763-e43a1f843f6d}\Root\InventoryApplicationFile\windows defender|6036f7e3917abdd1
|
LinkDate
|
||
|
\REGISTRY\A\{b3e994da-5a39-5437-6763-e43a1f843f6d}\Root\InventoryApplicationFile\windows defender|6036f7e3917abdd1
|
BinProductVersion
|
||
|
\REGISTRY\A\{b3e994da-5a39-5437-6763-e43a1f843f6d}\Root\InventoryApplicationFile\windows defender|6036f7e3917abdd1
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{b3e994da-5a39-5437-6763-e43a1f843f6d}\Root\InventoryApplicationFile\windows defender|6036f7e3917abdd1
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{b3e994da-5a39-5437-6763-e43a1f843f6d}\Root\InventoryApplicationFile\windows defender|6036f7e3917abdd1
|
Size
|
||
|
\REGISTRY\A\{b3e994da-5a39-5437-6763-e43a1f843f6d}\Root\InventoryApplicationFile\windows defender|6036f7e3917abdd1
|
Language
|
||
|
\REGISTRY\A\{b3e994da-5a39-5437-6763-e43a1f843f6d}\Root\InventoryApplicationFile\windows defender|6036f7e3917abdd1
|
Usn
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018C00EB9068D78
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
There are 29 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
36B5000
|
trusted library allocation
|
page read and write
|
|
|
|
3691000
|
trusted library allocation
|
page read and write
|
|
|
|
50F0000
|
trusted library section
|
page read and write
|
|
|
|
28E0000
|
trusted library allocation
|
page read and write
|
|
|
|
2895000
|
trusted library allocation
|
page read and write
|
|
|
|
2783000
|
trusted library allocation
|
page read and write
|
||
|
68E000
|
heap
|
page read and write
|
||
|
2707000
|
trusted library allocation
|
page read and write
|
||
|
5070000
|
heap
|
page read and write
|
||
|
279A000
|
trusted library allocation
|
page read and write
|
||
|
2709000
|
trusted library allocation
|
page read and write
|
||
|
573E000
|
stack
|
page read and write
|
||
|
4B0E000
|
stack
|
page read and write
|
||
|
27EC000
|
trusted library allocation
|
page read and write
|
||
|
264E000
|
stack
|
page read and write
|
||
|
2735000
|
trusted library allocation
|
page read and write
|
||
|
5604000
|
heap
|
page read and write
|
||
|
2680000
|
heap
|
page execute and read and write
|
||
|
5600000
|
heap
|
page read and write
|
||
|
4F0B000
|
stack
|
page read and write
|
||
|
26E3000
|
trusted library allocation
|
page read and write
|
||
|
9F3000
|
trusted library allocation
|
page execute and read and write
|
||
|
2801000
|
trusted library allocation
|
page read and write
|
||
|
FF200000
|
trusted library allocation
|
page execute and read and write
|
||
|
27B7000
|
trusted library allocation
|
page read and write
|
||
|
26E6000
|
trusted library allocation
|
page read and write
|
||
|
26C4000
|
trusted library allocation
|
page read and write
|
||
|
688000
|
heap
|
page read and write
|
||
|
9FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2720000
|
trusted library allocation
|
page read and write
|
||
|
6F7000
|
heap
|
page read and write
|
||
|
26B4000
|
trusted library allocation
|
page read and write
|
||
|
50B0000
|
heap
|
page read and write
|
||
|
5615000
|
heap
|
page read and write
|
||
|
2691000
|
trusted library allocation
|
page read and write
|
||
|
26D1000
|
trusted library allocation
|
page read and write
|
||
|
27B1000
|
trusted library allocation
|
page read and write
|
||
|
273D000
|
trusted library allocation
|
page read and write
|
||
|
283D000
|
trusted library allocation
|
page read and write
|
||
|
288C000
|
trusted library allocation
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
CB0000
|
heap
|
page read and write
|
||
|
281C000
|
trusted library allocation
|
page read and write
|
||
|
558000
|
stack
|
page read and write
|
||
|
2777000
|
trusted library allocation
|
page read and write
|
||
|
283B000
|
trusted library allocation
|
page read and write
|
||
|
597E000
|
stack
|
page read and write
|
||
|
2781000
|
trusted library allocation
|
page read and write
|
||
|
27BE000
|
trusted library allocation
|
page read and write
|
||
|
27CF000
|
trusted library allocation
|
page read and write
|
||
|
51FD000
|
stack
|
page read and write
|
||
|
274E000
|
trusted library allocation
|
page read and write
|
||
|
279E000
|
trusted library allocation
|
page read and write
|
||
|
281A000
|
trusted library allocation
|
page read and write
|
||
|
CA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
26FF000
|
trusted library allocation
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
94E000
|
stack
|
page read and write
|
||
|
285E000
|
trusted library allocation
|
page read and write
|
||
|
2860000
|
trusted library allocation
|
page read and write
|
||
|
6F961000
|
unkown
|
page execute read
|
||
|
271E000
|
trusted library allocation
|
page read and write
|
||
|
478E000
|
stack
|
page read and write
|
||
|
587E000
|
stack
|
page read and write
|
||
|
2701000
|
trusted library allocation
|
page read and write
|
||
|
36CB000
|
trusted library allocation
|
page read and write
|
||
|
9F0000
|
trusted library allocation
|
page read and write
|
||
|
70A000
|
heap
|
page read and write
|
||
|
271C000
|
trusted library allocation
|
page read and write
|
||
|
27E8000
|
trusted library allocation
|
page read and write
|
||
|
B0E000
|
stack
|
page read and write
|
||
|
C3B000
|
trusted library allocation
|
page execute and read and write
|
||
|
271A000
|
trusted library allocation
|
page read and write
|
||
|
27AF000
|
trusted library allocation
|
page read and write
|
||
|
680000
|
heap
|
page read and write
|
||
|
5618000
|
heap
|
page read and write
|
||
|
2764000
|
trusted library allocation
|
page read and write
|
||
|
2756000
|
trusted library allocation
|
page read and write
|
||
|
45B000
|
stack
|
page read and write
|
||
|
27B9000
|
trusted library allocation
|
page read and write
|
||
|
2660000
|
trusted library allocation
|
page read and write
|
||
|
294C000
|
trusted library allocation
|
page read and write
|
||
|
9F4000
|
trusted library allocation
|
page read and write
|
||
|
2816000
|
trusted library allocation
|
page read and write
|
||
|
51BD000
|
stack
|
page read and write
|
||
|
6F976000
|
unkown
|
page readonly
|
||
|
55FF000
|
stack
|
page read and write
|
||
|
6A7000
|
heap
|
page read and write
|
||
|
2952000
|
trusted library allocation
|
page read and write
|
||
|
2847000
|
trusted library allocation
|
page read and write
|
||
|
2818000
|
trusted library allocation
|
page read and write
|
||
|
272F000
|
trusted library allocation
|
page read and write
|
||
|
274C000
|
trusted library allocation
|
page read and write
|
||
|
2871000
|
trusted library allocation
|
page read and write
|
||
|
2650000
|
trusted library allocation
|
page read and write
|
||
|
27D1000
|
trusted library allocation
|
page read and write
|
||
|
506D000
|
stack
|
page read and write
|
||
|
2869000
|
trusted library allocation
|
page read and write
|
||
|
2727000
|
trusted library allocation
|
page read and write
|
||
|
5610000
|
heap
|
page read and write
|
||
|
26AD000
|
trusted library allocation
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
2858000
|
trusted library allocation
|
page read and write
|
||
|
2822000
|
trusted library allocation
|
page read and write
|
||
|
27FF000
|
trusted library allocation
|
page read and write
|
||
|
27B3000
|
trusted library allocation
|
page read and write
|
||
|
774000
|
heap
|
page read and write
|
||
|
288E000
|
trusted library allocation
|
page read and write
|
||
|
2843000
|
trusted library allocation
|
page read and write
|
||
|
26A7000
|
trusted library allocation
|
page read and write
|
||
|
27B5000
|
trusted library allocation
|
page read and write
|
||
|
26F8000
|
trusted library allocation
|
page read and write
|
||
|
279C000
|
trusted library allocation
|
page read and write
|
||
|
6F97D000
|
unkown
|
page read and write
|
||
|
2873000
|
trusted library allocation
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
2758000
|
trusted library allocation
|
page read and write
|
||
|
26E1000
|
trusted library allocation
|
page read and write
|
||
|
4C0F000
|
stack
|
page read and write
|
||
|
275F000
|
trusted library allocation
|
page read and write
|
||
|
27EE000
|
trusted library allocation
|
page read and write
|
||
|
2890000
|
trusted library allocation
|
page read and write
|
||
|
C0F000
|
stack
|
page read and write
|
||
|
273B000
|
trusted library allocation
|
page read and write
|
||
|
C20000
|
trusted library allocation
|
page read and write
|
||
|
2962000
|
trusted library allocation
|
page read and write
|
||
|
54FF000
|
stack
|
page read and write
|
||
|
275A000
|
trusted library allocation
|
page read and write
|
||
|
2814000
|
trusted library allocation
|
page read and write
|
||
|
26FA000
|
trusted library allocation
|
page read and write
|
||
|
5621000
|
heap
|
page read and write
|
||
|
4F65000
|
heap
|
page read and write
|
||
|
C26000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D4E000
|
stack
|
page read and write
|
||
|
2841000
|
trusted library allocation
|
page read and write
|
||
|
281E000
|
trusted library allocation
|
page read and write
|
||
|
270C000
|
trusted library allocation
|
page read and write
|
||
|
295C000
|
trusted library allocation
|
page read and write
|
||
|
2560000
|
heap
|
page read and write
|
||
|
276E000
|
trusted library allocation
|
page read and write
|
||
|
27FD000
|
trusted library allocation
|
page read and write
|
||
|
27D4000
|
trusted library allocation
|
page read and write
|
||
|
2820000
|
trusted library allocation
|
page read and write
|
||
|
5120000
|
trusted library allocation
|
page execute and read and write
|
||
|
2825000
|
trusted library allocation
|
page read and write
|
||
|
4F50000
|
trusted library allocation
|
page read and write
|
||
|
26CA000
|
trusted library allocation
|
page read and write
|
||
|
27A0000
|
trusted library allocation
|
page read and write
|
||
|
2766000
|
trusted library allocation
|
page read and write
|
||
|
C37000
|
trusted library allocation
|
page execute and read and write
|
||
|
26F6000
|
trusted library allocation
|
page read and write
|
||
|
26B1000
|
trusted library allocation
|
page read and write
|
||
|
2805000
|
trusted library allocation
|
page read and write
|
||
|
2722000
|
trusted library allocation
|
page read and write
|
||
|
4C4E000
|
stack
|
page read and write
|
||
|
26C8000
|
trusted library allocation
|
page read and write
|
||
|
27F0000
|
trusted library allocation
|
page read and write
|
||
|
4F30000
|
trusted library allocation
|
page read and write
|
||
|
288A000
|
trusted library allocation
|
page read and write
|
||
|
26A9000
|
trusted library allocation
|
page read and write
|
||
|
2948000
|
trusted library allocation
|
page read and write
|
||
|
4F10000
|
heap
|
page read and write
|
||
|
583E000
|
stack
|
page read and write
|
||
|
2773000
|
trusted library allocation
|
page read and write
|
||
|
152000
|
unkown
|
page readonly
|
||
|
2768000
|
trusted library allocation
|
page read and write
|
||
|
278B000
|
trusted library allocation
|
page read and write
|
||
|
9AE000
|
stack
|
page read and write
|
||
|
255E000
|
stack
|
page read and write
|
||
|
285C000
|
trusted library allocation
|
page read and write
|
||
|
C2A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2798000
|
trusted library allocation
|
page read and write
|
||
|
2831000
|
trusted library allocation
|
page read and write
|
||
|
26CE000
|
trusted library allocation
|
page read and write
|
||
|
293B000
|
trusted library allocation
|
page read and write
|
||
|
2856000
|
trusted library allocation
|
page read and write
|
||
|
26FC000
|
trusted library allocation
|
page read and write
|
||
|
2750000
|
trusted library allocation
|
page read and write
|
||
|
27BB000
|
trusted library allocation
|
page read and write
|
||
|
26AF000
|
trusted library allocation
|
page read and write
|
||
|
26CC000
|
trusted library allocation
|
page read and write
|
||
|
26C6000
|
trusted library allocation
|
page read and write
|
||
|
27A2000
|
trusted library allocation
|
page read and write
|
||
|
282F000
|
trusted library allocation
|
page read and write
|
||
|
2787000
|
trusted library allocation
|
page read and write
|
||
|
4F60000
|
heap
|
page read and write
|
||
|
283F000
|
trusted library allocation
|
page read and write
|
||
|
6F97F000
|
unkown
|
page readonly
|
||
|
27E4000
|
trusted library allocation
|
page read and write
|
||
|
26F4000
|
trusted library allocation
|
page read and write
|
||
|
276C000
|
trusted library allocation
|
page read and write
|
||
|
2752000
|
trusted library allocation
|
page read and write
|
||
|
27EA000
|
trusted library allocation
|
page read and write
|
||
|
2879000
|
trusted library allocation
|
page read and write
|
||
|
2807000
|
trusted library allocation
|
page read and write
|
||
|
6F9000
|
heap
|
page read and write
|
||
|
6C1000
|
heap
|
page read and write
|
||
|
2733000
|
trusted library allocation
|
page read and write
|
||
|
C10000
|
trusted library allocation
|
page read and write
|
||
|
2839000
|
trusted library allocation
|
page read and write
|
||
|
67E000
|
stack
|
page read and write
|
||
|
2865000
|
trusted library allocation
|
page read and write
|
||
|
277F000
|
trusted library allocation
|
page read and write
|
||
|
63E000
|
stack
|
page read and write
|
||
|
4E8E000
|
stack
|
page read and write
|
||
|
276A000
|
trusted library allocation
|
page read and write
|
||
|
5170000
|
heap
|
page execute and read and write
|
||
|
26AB000
|
trusted library allocation
|
page read and write
|
||
|
2737000
|
trusted library allocation
|
page read and write
|
||
|
2863000
|
trusted library allocation
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
2845000
|
trusted library allocation
|
page read and write
|
||
|
6F960000
|
unkown
|
page readonly
|
||
|
26F2000
|
trusted library allocation
|
page read and write
|
||
|
2739000
|
trusted library allocation
|
page read and write
|
||
|
2837000
|
trusted library allocation
|
page read and write
|
||
|
4F20000
|
trusted library allocation
|
page read and write
|
||
|
2943000
|
trusted library allocation
|
page read and write
|
||
|
27E2000
|
trusted library allocation
|
page read and write
|
||
|
4D8E000
|
stack
|
page read and write
|
||
|
277D000
|
trusted library allocation
|
page read and write
|
||
|
2741000
|
trusted library allocation
|
page read and write
|
||
|
CB8000
|
heap
|
page read and write
|
||
|
C9E000
|
stack
|
page read and write
|
||
|
2754000
|
trusted library allocation
|
page read and write
|
||
|
150000
|
unkown
|
page readonly
|
||
|
77E000
|
heap
|
page read and write
|
||
|
2892000
|
trusted library allocation
|
page read and write
|
||
|
5110000
|
trusted library allocation
|
page read and write
|
||
|
2770000
|
trusted library allocation
|
page read and write
|
||
|
27F7000
|
trusted library allocation
|
page read and write
|
||
|
2785000
|
trusted library allocation
|
page read and write
|
||
|
269F000
|
trusted library allocation
|
page read and write
|
||
|
2705000
|
trusted library allocation
|
page read and write
|
||
|
27E6000
|
trusted library allocation
|
page read and write
|
||
|
2888000
|
trusted library allocation
|
page read and write
|
||
|
2703000
|
trusted library allocation
|
page read and write
|
||
|
C50000
|
trusted library allocation
|
page read and write
|
||
|
9E0000
|
trusted library allocation
|
page read and write
|
||
|
2809000
|
trusted library allocation
|
page read and write
|
||
|
2803000
|
trusted library allocation
|
page read and write
|
There are 231 hidden memdumps, click here to show them.