Name Pid Start End Tag Hits Protect wmiprvse.exe 1452 0x1d1d0000 0x1d1d3fff VadS 0 PAGE_EXECUTE_READWRITE Dumped to: out/wmiprvse.exe.2065c10.1d1d0000-1d1d3fff.dmp 0x1d1d0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x1d1d0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x1d1d0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x1d1d0030 00 00 00 00 28 00 28 00 01 00 00 00 00 00 00 00 ....(.(......... 0x1d1d0040 00 00 00 00 48 e0 09 61 48 e0 44 00 00 00 00 00 ....H..aH.D..... 0x1d1d0050 37 38 d1 10 d9 d9 1b 14 c8 e0 09 61 b2 e0 09 61 78.........a...a 0x1d1d0060 ed 8b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x1d1d0070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Disassembly: 1d1d0000: 0000 ADD [EAX], AL 1d1d0002: 0000 ADD [EAX], AL 1d1d0004: 0000 ADD [EAX], AL 1d1d0006: 0000 ADD [EAX], AL 1d1d0008: 0000 ADD [EAX], AL 1d1d000a: 0000 ADD [EAX], AL 1d1d000c: 0000 ADD [EAX], AL 1d1d000e: 0000 ADD [EAX], AL 1d1d0010: 0000 ADD [EAX], AL 1d1d0012: 0000 ADD [EAX], AL wmiprvse.exe 1452 0x01ee0000 0x1ee3fff0 VadS 0 PAGE_EXECUTE_READWRITE Dumped to: out/wmiprvse.exe.2065c10.01ee0000-01ee3fff.dmp 0x01ee0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x01ee0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x01ee0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x01ee0030 00 00 00 00 25 00 25 00 01 00 00 00 00 00 00 00 ....%.%......... 0x01ee0040 c4 1f 00 00 88 cb 09 61 88 cb 44 00 00 00 00 00 .......a..D..... 0x01ee0050 b9 d6 0b 38 4f 41 6d 92 f0 cb 09 61 da cb 09 61 ...8OAm....a...a 0x01ee0060 15 8c 00 00 03 00 00 00 00 00 00 00 00 00 00 00 ................ 0x01ee0070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Disassembly: 01ee0000: 0000 ADD [EAX], AL 01ee0002: 0000 ADD [EAX], AL 01ee0004: 0000 ADD [EAX], AL 01ee0006: 0000 ADD [EAX], AL 01ee0008: 0000 ADD [EAX], AL 01ee000a: 0000 ADD [EAX], AL 01ee000c: 0000 ADD [EAX], AL 01ee000e: 0000 ADD [EAX], AL 01ee0010: 0000 ADD [EAX], AL 01ee0012: 0000 ADD [EAX], AL wmiprvse.exe 1452 0x49170000 0x49173fff VadS 0 PAGE_EXECUTE_READWRITE Dumped to: out/wmiprvse.exe.2065c10.49170000-49173fff.dmp 0x49170000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x49170010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x49170020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x49170030 00 00 00 00 27 00 27 00 01 00 00 00 00 00 00 00 ....'.'......... 0x49170040 00 00 00 00 78 79 08 61 78 79 43 00 00 00 00 00 ....xy.axyC..... 0x49170050 89 6b b3 13 5f 27 ea 1d b8 79 08 61 a2 79 08 61 .k.._'...y.a.y.a 0x49170060 ed 8b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x49170070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Disassembly: 49170000: 0000 ADD [EAX], AL 49170002: 0000 ADD [EAX], AL 49170004: 0000 ADD [EAX], AL 49170006: 0000 ADD [EAX], AL 49170008: 0000 ADD [EAX], AL 4917000a: 0000 ADD [EAX], AL 4917000c: 0000 ADD [EAX], AL 4917000e: 0000 ADD [EAX], AL 49170010: 0000 ADD [EAX], AL 49170012: 0000 ADD [EAX], AL wmiprvse.exe 1452 0x4bf10000 0x4bf13fff VadS 0 PAGE_EXECUTE_READWRITE Dumped to: out/wmiprvse.exe.2065c10.4bf10000-4bf13fff.dmp 0x4bf10000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x4bf10010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x4bf10020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x4bf10030 00 00 00 00 24 00 24 00 01 00 00 00 00 00 00 00 ....$.$......... 0x4bf10040 00 00 00 00 70 9c 06 61 70 9c 41 00 00 00 00 00 ....p..ap.A..... 0x4bf10050 7f 96 eb b6 2d 35 f9 2a b0 9c 06 61 9a 9c 06 61 ....-5.*...a...a 0x4bf10060 ed 8b 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ................ 0x4bf10070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Disassembly: 4bf10000: 0000 ADD [EAX], AL 4bf10002: 0000 ADD [EAX], AL 4bf10004: 0000 ADD [EAX], AL 4bf10006: 0000 ADD [EAX], AL 4bf10008: 0000 ADD [EAX], AL 4bf1000a: 0000 ADD [EAX], AL 4bf1000c: 0000 ADD [EAX], AL 4bf1000e: 0000 ADD [EAX], AL 4bf10010: 0000 ADD [EAX], AL 4bf10012: 0000 ADD [EAX], AL wmiprvse.exe 1452 0x6d7a0000 0x6d7a3fff VadS 0 PAGE_EXECUTE_READWRITE Dumped to: out/wmiprvse.exe.2065c10.6d7a0000-6d7a3fff.dmp 0x6d7a0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x6d7a0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x6d7a0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x6d7a0030 00 00 00 00 2e 00 2e 00 01 00 00 00 00 00 00 00 ................ 0x6d7a0040 00 00 00 00 48 d6 09 61 48 d6 44 00 00 00 00 00 ....H..aH.D..... 0x6d7a0050 13 91 cd 1c f5 65 5d bf 28 d7 09 61 12 d7 09 61 .....e].(..a...a 0x6d7a0060 ed 8b 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................ 0x6d7a0070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Disassembly: 6d7a0000: 0000 ADD [EAX], AL 6d7a0002: 0000 ADD [EAX], AL 6d7a0004: 0000 ADD [EAX], AL 6d7a0006: 0000 ADD [EAX], AL 6d7a0008: 0000 ADD [EAX], AL 6d7a000a: 0000 ADD [EAX], AL 6d7a000c: 0000 ADD [EAX], AL 6d7a000e: 0000 ADD [EAX], AL 6d7a0010: 0000 ADD [EAX], AL 6d7a0012: 0000 ADD [EAX], AL