Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
Ye2vQ3fYBy.ps1
|
ASCII text, with very long lines (65312), with CRLF, LF line terminators
|
initial sample
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_powershell.exe_1b85c466a5a1fbc8a9b58f6186869cb1dda1ce47_bf5a3e5b_dc77e7f8-4a41-4312-a986-7fce059f7180\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
modified
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6D17.tmp.dmp
|
Mini DuMP crash report, 14 streams, Mon Dec 23 11:35:15 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9754.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9D8F.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4runs3g1.fbe.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_e0n4uer0.k51.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_oum21t3a.0qh.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rje2kntb.nik.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rwppr1nt.13q.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yt0lmtxq.tud.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDesusertions\590aee7bdd69b59b.customDesusertions-ms (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDesusertions\U6MJBOKBLC0T5NAE2RAO.temp
|
data
|
dropped
|
||
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 6 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\Ye2vQ3fYBy.ps1"
|
||
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -ex bypass -nonI C:\Users\user\Desktop\Ye2vQ3fYBy.ps1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 604 -s 2548
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://nuget.org/NuGet.exe
|
unknown
|
||
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
https://aka.ms/winsvr-2022-pshelp
|
unknown
|
||
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
http://schemas.xmlsoap.org/soap/encoding/
|
unknown
|
||
https://aka.ms/pscore6lB
|
unknown
|
||
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
http://crl.microh
|
unknown
|
||
http://schemas.xmlsoap.org/wsdl/
|
unknown
|
||
https://contoso.com/
|
unknown
|
||
https://nuget.org/nuget.exe
|
unknown
|
||
https://contoso.com/License
|
unknown
|
||
https://contoso.com/Icon
|
unknown
|
||
https://oneget.orgX
|
unknown
|
||
http://upx.sf.net
|
unknown
|
||
https://aka.ms/pscore68
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
https://github.com/Pester/Pester
|
unknown
|
||
https://oneget.org
|
unknown
|
There are 9 hidden URLs, click here to show them.
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
\REGISTRY\A\{c8971799-670b-8562-a00f-4697b95106b1}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
ProgramId
|
||
\REGISTRY\A\{c8971799-670b-8562-a00f-4697b95106b1}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
FileId
|
||
\REGISTRY\A\{c8971799-670b-8562-a00f-4697b95106b1}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
LowerCaseLongPath
|
||
\REGISTRY\A\{c8971799-670b-8562-a00f-4697b95106b1}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
LongPathHash
|
||
\REGISTRY\A\{c8971799-670b-8562-a00f-4697b95106b1}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
Name
|
||
\REGISTRY\A\{c8971799-670b-8562-a00f-4697b95106b1}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
OriginalFileName
|
||
\REGISTRY\A\{c8971799-670b-8562-a00f-4697b95106b1}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
Publisher
|
||
\REGISTRY\A\{c8971799-670b-8562-a00f-4697b95106b1}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
Version
|
||
\REGISTRY\A\{c8971799-670b-8562-a00f-4697b95106b1}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
BinFileVersion
|
||
\REGISTRY\A\{c8971799-670b-8562-a00f-4697b95106b1}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
BinaryType
|
||
\REGISTRY\A\{c8971799-670b-8562-a00f-4697b95106b1}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
ProductName
|
||
\REGISTRY\A\{c8971799-670b-8562-a00f-4697b95106b1}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
ProductVersion
|
||
\REGISTRY\A\{c8971799-670b-8562-a00f-4697b95106b1}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
LinkDate
|
||
\REGISTRY\A\{c8971799-670b-8562-a00f-4697b95106b1}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
BinProductVersion
|
||
\REGISTRY\A\{c8971799-670b-8562-a00f-4697b95106b1}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
AppxPackageFullName
|
||
\REGISTRY\A\{c8971799-670b-8562-a00f-4697b95106b1}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
AppxPackageRelativeId
|
||
\REGISTRY\A\{c8971799-670b-8562-a00f-4697b95106b1}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
Size
|
||
\REGISTRY\A\{c8971799-670b-8562-a00f-4697b95106b1}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
Language
|
||
\REGISTRY\A\{c8971799-670b-8562-a00f-4697b95106b1}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
IsOsComponent
|
||
\REGISTRY\A\{c8971799-670b-8562-a00f-4697b95106b1}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
Usn
|
There are 10 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
10016000
|
direct allocation
|
page execute read
|
||
6055000
|
trusted library allocation
|
page read and write
|
||
6011000
|
trusted library allocation
|
page read and write
|
||
6217000
|
trusted library allocation
|
page read and write
|
||
309D000
|
trusted library allocation
|
page execute and read and write
|
||
219825B0000
|
heap
|
page read and write
|
||
7910000
|
trusted library allocation
|
page read and write
|
||
25F537E000
|
stack
|
page read and write
|
||
25F507E000
|
stack
|
page read and write
|
||
97FC000
|
heap
|
page read and write
|
||
725B000
|
stack
|
page read and write
|
||
70DB000
|
stack
|
page read and write
|
||
2FFE000
|
stack
|
page read and write
|
||
6E9E000
|
stack
|
page read and write
|
||
9872000
|
trusted library allocation
|
page read and write
|
||
9B50000
|
trusted library allocation
|
page read and write
|
||
25F4DFE000
|
stack
|
page read and write
|
||
79A0000
|
trusted library allocation
|
page read and write
|
||
25F52FF000
|
stack
|
page read and write
|
||
9BBD000
|
trusted library allocation
|
page read and write
|
||
219804D0000
|
heap
|
page read and write
|
||
219831F2000
|
trusted library allocation
|
page read and write
|
||
7FF887C40000
|
trusted library allocation
|
page read and write
|
||
21980621000
|
heap
|
page read and write
|
||
78C0000
|
trusted library allocation
|
page read and write
|
||
4DF0000
|
trusted library allocation
|
page read and write
|
||
7FF887DA0000
|
trusted library allocation
|
page read and write
|
||
219805DB000
|
heap
|
page read and write
|
||
3090000
|
trusted library allocation
|
page read and write
|
||
7990000
|
trusted library allocation
|
page read and write
|
||
219925C1000
|
trusted library allocation
|
page read and write
|
||
7FF887B93000
|
trusted library allocation
|
page execute and read and write
|
||
21980538000
|
heap
|
page read and write
|
||
4DD0000
|
heap
|
page execute and read and write
|
||
219805B3000
|
heap
|
page read and write
|
||
9621000
|
trusted library allocation
|
page read and write
|
||
95C0000
|
trusted library allocation
|
page read and write
|
||
219925EA000
|
trusted library allocation
|
page read and write
|
||
6F05000
|
heap
|
page execute and read and write
|
||
9A40000
|
trusted library allocation
|
page read and write
|
||
25F62CE000
|
stack
|
page read and write
|
||
7FCA0000
|
trusted library allocation
|
page execute and read and write
|
||
30BA000
|
trusted library allocation
|
page execute and read and write
|
||
21981F40000
|
trusted library allocation
|
page read and write
|
||
7FF887E80000
|
trusted library allocation
|
page read and write
|
||
7FF887D41000
|
trusted library allocation
|
page read and write
|
||
2199A6A1000
|
heap
|
page read and write
|
||
700E000
|
stack
|
page read and write
|
||
721E000
|
stack
|
page read and write
|
||
4E10000
|
heap
|
page read and write
|
||
219808F5000
|
heap
|
page read and write
|
||
21992803000
|
trusted library allocation
|
page read and write
|
||
219804B0000
|
heap
|
page read and write
|
||
30F0000
|
trusted library allocation
|
page read and write
|
||
31BC000
|
heap
|
page read and write
|
||
9B40000
|
trusted library allocation
|
page read and write
|
||
25F5637000
|
stack
|
page read and write
|
||
729E000
|
stack
|
page read and write
|
||
10017000
|
direct allocation
|
page readonly
|
||
7960000
|
trusted library allocation
|
page read and write
|
||
10018000
|
direct allocation
|
page read and write
|
||
2198477A000
|
trusted library allocation
|
page read and write
|
||
7FF887D60000
|
trusted library allocation
|
page execute and read and write
|
||
30C0000
|
heap
|
page read and write
|
||
7FF887E70000
|
trusted library allocation
|
page read and write
|
||
9B70000
|
trusted library allocation
|
page read and write
|
||
9A10000
|
trusted library allocation
|
page read and write
|
||
7FF887D72000
|
trusted library allocation
|
page read and write
|
||
219808F0000
|
heap
|
page read and write
|
||
9C40000
|
trusted library allocation
|
page execute and read and write
|
||
5E21000
|
trusted library allocation
|
page read and write
|
||
8390000
|
trusted library allocation
|
page read and write
|
||
94A3000
|
trusted library allocation
|
page read and write
|
||
3094000
|
trusted library allocation
|
page read and write
|
||
5E49000
|
trusted library allocation
|
page read and write
|
||
6FCE000
|
stack
|
page read and write
|
||
25F517E000
|
stack
|
page read and write
|
||
2B98000
|
stack
|
page read and write
|
||
9799000
|
heap
|
page read and write
|
||
98B0000
|
trusted library allocation
|
page execute and read and write
|
||
7FF887B9D000
|
trusted library allocation
|
page execute and read and write
|
||
95CB000
|
trusted library allocation
|
page read and write
|
||
7FF887ED0000
|
trusted library allocation
|
page read and write
|
||
2199A642000
|
heap
|
page read and write
|
||
94A1000
|
trusted library allocation
|
page read and write
|
||
7920000
|
trusted library allocation
|
page read and write
|
||
21980623000
|
heap
|
page read and write
|
||
756E000
|
stack
|
page read and write
|
||
9C30000
|
trusted library allocation
|
page execute and read and write
|
||
5FDB000
|
trusted library allocation
|
page read and write
|
||
21982020000
|
trusted library allocation
|
page read and write
|
||
4E82000
|
trusted library allocation
|
page read and write
|
||
219805DD000
|
heap
|
page read and write
|
||
21981F80000
|
heap
|
page readonly
|
||
25F56BE000
|
stack
|
page read and write
|
||
219843D4000
|
trusted library allocation
|
page read and write
|
||
2199A767000
|
heap
|
page execute and read and write
|
||
7900000
|
trusted library allocation
|
page read and write
|
||
2F36000
|
heap
|
page read and write
|
||
96A5000
|
heap
|
page read and write
|
||
95D0000
|
trusted library allocation
|
page read and write
|
||
74EE000
|
stack
|
page read and write
|
||
94AF000
|
trusted library allocation
|
page read and write
|
||
219805F9000
|
heap
|
page read and write
|
||
3047000
|
heap
|
page read and write
|
||
7FF887DD0000
|
trusted library allocation
|
page read and write
|
||
78F0000
|
trusted library allocation
|
page read and write
|
||
4D80000
|
heap
|
page read and write
|
||
7DF4313D0000
|
trusted library allocation
|
page execute and read and write
|
||
31F1000
|
heap
|
page read and write
|
||
10001000
|
direct allocation
|
page execute and read and write
|
||
97CB000
|
heap
|
page read and write
|
||
77FE000
|
stack
|
page read and write
|
||
2199A890000
|
heap
|
page read and write
|
||
5FD6000
|
trusted library allocation
|
page read and write
|
||
7980000
|
trusted library allocation
|
page read and write
|
||
4D5F000
|
stack
|
page read and write
|
||
21980510000
|
heap
|
page read and write
|
||
2199A8DC000
|
heap
|
page read and write
|
||
957E000
|
stack
|
page read and write
|
||
7FF887D30000
|
trusted library allocation
|
page read and write
|
||
9699000
|
heap
|
page read and write
|
||
787E000
|
stack
|
page read and write
|
||
219825C1000
|
trusted library allocation
|
page read and write
|
||
6F8F000
|
stack
|
page read and write
|
||
25F547A000
|
stack
|
page read and write
|
||
21983BF2000
|
trusted library allocation
|
page read and write
|
||
25F51FB000
|
stack
|
page read and write
|
||
7FF887BAB000
|
trusted library allocation
|
page read and write
|
||
72E0000
|
heap
|
page read and write
|
||
4D60000
|
heap
|
page readonly
|
||
3040000
|
heap
|
page read and write
|
||
9BD0000
|
trusted library allocation
|
page read and write
|
||
715E000
|
stack
|
page read and write
|
||
2199287E000
|
trusted library allocation
|
page read and write
|
||
21983FCF000
|
trusted library allocation
|
page read and write
|
||
25F5537000
|
stack
|
page read and write
|
||
9600000
|
trusted library allocation
|
page read and write
|
||
7593000
|
heap
|
page read and write
|
||
8374000
|
stack
|
page read and write
|
||
219820C0000
|
heap
|
page execute and read and write
|
||
30A9000
|
trusted library allocation
|
page read and write
|
||
2199A6AB000
|
heap
|
page read and write
|
||
2199A644000
|
heap
|
page read and write
|
||
3070000
|
trusted library section
|
page read and write
|
||
30D0000
|
trusted library allocation
|
page read and write
|
||
98A0000
|
trusted library allocation
|
page read and write
|
||
79EC000
|
stack
|
page read and write
|
||
9BE0000
|
trusted library allocation
|
page read and write
|
||
2199A870000
|
heap
|
page read and write
|
||
4D70000
|
trusted library allocation
|
page read and write
|
||
8480000
|
heap
|
page read and write
|
||
3093000
|
trusted library allocation
|
page execute and read and write
|
||
25F53FD000
|
stack
|
page read and write
|
||
76C1000
|
heap
|
page read and write
|
||
9BB1000
|
trusted library allocation
|
page read and write
|
||
953C000
|
stack
|
page read and write
|
||
7FF887DB0000
|
trusted library allocation
|
page read and write
|
||
709D000
|
stack
|
page read and write
|
||
7FF887C46000
|
trusted library allocation
|
page read and write
|
||
9890000
|
trusted library allocation
|
page execute and read and write
|
||
2F2E000
|
unkown
|
page read and write
|
||
9B60000
|
trusted library allocation
|
page execute and read and write
|
||
25F50FD000
|
stack
|
page read and write
|
||
2199A66C000
|
heap
|
page read and write
|
||
7FF887E20000
|
trusted library allocation
|
page read and write
|
||
219820E5000
|
heap
|
page read and write
|
||
2199A760000
|
heap
|
page execute and read and write
|
||
96AD000
|
heap
|
page read and write
|
||
25F577E000
|
stack
|
page read and write
|
||
4E21000
|
trusted library allocation
|
page read and write
|
||
98AC000
|
trusted library allocation
|
page read and write
|
||
21983CE3000
|
trusted library allocation
|
page read and write
|
||
3030000
|
trusted library section
|
page read and write
|
||
4D1E000
|
stack
|
page read and write
|
||
21992783000
|
trusted library allocation
|
page read and write
|
||
72F0000
|
heap
|
page read and write
|
||
7680000
|
trusted library allocation
|
page read and write
|
||
2F7F000
|
unkown
|
page read and write
|
||
7FF887D90000
|
trusted library allocation
|
page read and write
|
||
25F573E000
|
stack
|
page read and write
|
||
9627000
|
trusted library allocation
|
page read and write
|
||
7FF887E10000
|
trusted library allocation
|
page read and write
|
||
9C11000
|
trusted library allocation
|
page read and write
|
||
7950000
|
trusted library allocation
|
page read and write
|
||
9A01000
|
trusted library allocation
|
page read and write
|
||
21982438000
|
heap
|
page read and write
|
||
9690000
|
heap
|
page read and write
|
||
3000000
|
heap
|
page read and write
|
||
2199A770000
|
heap
|
page read and write
|
||
7FF887E40000
|
trusted library allocation
|
page read and write
|
||
7570000
|
heap
|
page read and write
|
||
841D000
|
stack
|
page read and write
|
||
21981F70000
|
trusted library allocation
|
page read and write
|
||
6EDF000
|
stack
|
page read and write
|
||
21980626000
|
heap
|
page read and write
|
||
7FF887E30000
|
trusted library allocation
|
page read and write
|
||
7FF887E00000
|
trusted library allocation
|
page read and write
|
||
8491000
|
trusted library allocation
|
page read and write
|
||
2199A8BA000
|
heap
|
page read and write
|
||
21981F90000
|
trusted library allocation
|
page read and write
|
||
312B000
|
heap
|
page read and write
|
||
7FF887B94000
|
trusted library allocation
|
page read and write
|
||
9701000
|
heap
|
page read and write
|
||
783E000
|
stack
|
page read and write
|
||
21984775000
|
trusted library allocation
|
page read and write
|
||
30B0000
|
trusted library allocation
|
page read and write
|
||
3108000
|
heap
|
page read and write
|
||
21983D9B000
|
trusted library allocation
|
page read and write
|
||
30A0000
|
trusted library allocation
|
page read and write
|
||
219846B0000
|
trusted library allocation
|
page read and write
|
||
2E10000
|
heap
|
page read and write
|
||
219927E3000
|
trusted library allocation
|
page read and write
|
||
7FCB8000
|
trusted library allocation
|
page execute and read and write
|
||
7940000
|
trusted library allocation
|
page read and write
|
||
219820E0000
|
heap
|
page read and write
|
||
4F75000
|
trusted library allocation
|
page read and write
|
||
752E000
|
stack
|
page read and write
|
||
2199A6BA000
|
heap
|
page read and write
|
||
7930000
|
trusted library allocation
|
page read and write
|
||
83A0000
|
trusted library allocation
|
page read and write
|
||
9492000
|
trusted library allocation
|
page read and write
|
||
5013000
|
trusted library allocation
|
page read and write
|
||
9BB7000
|
trusted library allocation
|
page read and write
|
||
2199A605000
|
heap
|
page read and write
|
||
2199A5C0000
|
heap
|
page read and write
|
||
94FD000
|
stack
|
page read and write
|
||
9A05000
|
trusted library allocation
|
page read and write
|
||
219827F2000
|
trusted library allocation
|
page read and write
|
||
96D3000
|
heap
|
page read and write
|
||
9BC0000
|
trusted library allocation
|
page execute and read and write
|
||
9676000
|
heap
|
page read and write
|
||
317F000
|
heap
|
page read and write
|
||
7FF887E90000
|
trusted library allocation
|
page read and write
|
||
95BE000
|
stack
|
page read and write
|
||
7FF887C50000
|
trusted library allocation
|
page execute and read and write
|
||
7FF887E60000
|
trusted library allocation
|
page read and write
|
||
6F4E000
|
stack
|
page read and write
|
||
9B56000
|
trusted library allocation
|
page read and write
|
||
21981FE0000
|
heap
|
page execute and read and write
|
||
25F54BF000
|
stack
|
page read and write
|
||
711E000
|
stack
|
page read and write
|
||
7FF887EB0000
|
trusted library allocation
|
page read and write
|
||
7FF887C76000
|
trusted library allocation
|
page execute and read and write
|
||
72DD000
|
stack
|
page read and write
|
||
2198264A000
|
trusted library allocation
|
page read and write
|
||
962D000
|
trusted library allocation
|
page read and write
|
||
7FF887D50000
|
trusted library allocation
|
page execute and read and write
|
||
5E88000
|
trusted library allocation
|
page read and write
|
||
2199A790000
|
heap
|
page read and write
|
||
9610000
|
trusted library allocation
|
page read and write
|
||
9BA0000
|
trusted library allocation
|
page read and write
|
||
4DE0000
|
trusted library allocation
|
page execute and read and write
|
||
9743000
|
heap
|
page read and write
|
||
8672000
|
trusted library allocation
|
page read and write
|
||
8460000
|
trusted library allocation
|
page execute and read and write
|
||
9670000
|
heap
|
page read and write
|
||
21992944000
|
trusted library allocation
|
page read and write
|
||
2FBD000
|
stack
|
page read and write
|
||
969D000
|
heap
|
page read and write
|
||
3080000
|
trusted library allocation
|
page read and write
|
||
719E000
|
stack
|
page read and write
|
||
25F527F000
|
stack
|
page read and write
|
||
9B80000
|
trusted library allocation
|
page execute and read and write
|
||
6E5D000
|
stack
|
page read and write
|
||
96A9000
|
heap
|
page read and write
|
||
9745000
|
heap
|
page read and write
|
||
2198442F000
|
trusted library allocation
|
page read and write
|
||
7FF887B92000
|
trusted library allocation
|
page read and write
|
||
77B0000
|
heap
|
page execute and read and write
|
||
219805C0000
|
heap
|
page read and write
|
||
3100000
|
heap
|
page read and write
|
||
3137000
|
heap
|
page read and write
|
||
7FF887DE0000
|
trusted library allocation
|
page read and write
|
||
7970000
|
trusted library allocation
|
page read and write
|
||
98A6000
|
trusted library allocation
|
page read and write
|
||
78D0000
|
trusted library allocation
|
page execute and read and write
|
||
7FF887EC0000
|
trusted library allocation
|
page read and write
|
||
2B5C000
|
stack
|
page read and write
|
||
7FF887CB0000
|
trusted library allocation
|
page execute and read and write
|
||
25F58BB000
|
stack
|
page read and write
|
||
7FF887D80000
|
trusted library allocation
|
page execute and read and write
|
||
219805E1000
|
heap
|
page read and write
|
||
7FF887EA0000
|
trusted library allocation
|
page read and write
|
||
219843A8000
|
trusted library allocation
|
page read and write
|
||
5FEF000
|
trusted library allocation
|
page read and write
|
||
5FE3000
|
trusted library allocation
|
page read and write
|
||
78BD000
|
stack
|
page read and write
|
||
1001F000
|
direct allocation
|
page read and write
|
||
9B90000
|
trusted library allocation
|
page read and write
|
||
21983CE1000
|
trusted library allocation
|
page read and write
|
||
30C7000
|
heap
|
page read and write
|
||
8470000
|
heap
|
page read and write
|
||
845E000
|
stack
|
page read and write
|
||
8380000
|
trusted library allocation
|
page execute and read and write
|
||
95C7000
|
trusted library allocation
|
page read and write
|
||
219804A0000
|
heap
|
page read and write
|
||
10000000
|
direct allocation
|
page read and write
|
||
30D2000
|
trusted library allocation
|
page read and write
|
||
2199A875000
|
heap
|
page read and write
|
||
9A90000
|
trusted library allocation
|
page read and write
|
||
83D0000
|
trusted library allocation
|
page read and write
|
||
7FF887C4C000
|
trusted library allocation
|
page execute and read and write
|
||
9695000
|
heap
|
page read and write
|
||
4DCC000
|
stack
|
page read and write
|
||
219925D0000
|
trusted library allocation
|
page read and write
|
||
6F00000
|
heap
|
page execute and read and write
|
||
7FF887EE0000
|
trusted library allocation
|
page read and write
|
||
2199262F000
|
trusted library allocation
|
page read and write
|
||
7FF887DC0000
|
trusted library allocation
|
page read and write
|
||
9880000
|
trusted library allocation
|
page read and write
|
||
7FF887E50000
|
trusted library allocation
|
page read and write
|
||
75BF000
|
heap
|
page read and write
|
||
219805E5000
|
heap
|
page read and write
|
||
7FF887DF0000
|
trusted library allocation
|
page read and write
|
||
71DA000
|
stack
|
page read and write
|
||
7FF887D4A000
|
trusted library allocation
|
page read and write
|
||
78E0000
|
trusted library allocation
|
page read and write
|
||
25F4D75000
|
stack
|
page read and write
|
||
25F55B9000
|
stack
|
page read and write
|
||
2199279C000
|
trusted library allocation
|
page read and write
|
||
25F583E000
|
stack
|
page read and write
|
||
7FF887EF0000
|
trusted library allocation
|
page read and write
|
||
96A1000
|
heap
|
page read and write
|
||
9B5C000
|
trusted library allocation
|
page read and write
|
||
74AE000
|
stack
|
page read and write
|
||
2F30000
|
heap
|
page read and write
|
||
9A08000
|
trusted library allocation
|
page read and write
|
||
2199A8CA000
|
heap
|
page read and write
|
||
219805AE000
|
heap
|
page read and write
|
||
7FF887BA0000
|
trusted library allocation
|
page read and write
|
||
30D5000
|
trusted library allocation
|
page execute and read and write
|
||
21980530000
|
heap
|
page read and write
|
||
219805D9000
|
heap
|
page read and write
|
||
3050000
|
heap
|
page read and write
|
||
219808A0000
|
heap
|
page read and write
|
There are 326 hidden memdumps, click here to show them.