Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
0vM02qWRT9.ps1
|
ASCII text, with very long lines (65312), with CRLF, LF line terminators
|
initial sample
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_powershell.exe_1b85c466a5a1fbc8a9b58f6186869cb1dda1ce47_bf5a3e5b_391054a4-f221-468d-a41c-76d43c2108b4\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC320.tmp.dmp
|
Mini DuMP crash report, 14 streams, Mon Dec 23 11:36:16 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC92C.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC94C.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0w3anndb.3hz.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1mwawgns.ovc.psm1
|
ASCII text, with no line terminators
|
modified
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2gwwpj4v.3ed.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dbucu1ec.i5s.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_o0ypomzy.gzt.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ropct0cy.um1.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\JGA7KTWXD5MLG3W7DRVK.temp
|
data
|
dropped
|
||
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 5 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\0vM02qWRT9.ps1"
|
||
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -ex bypass -nonI C:\Users\user\Desktop\0vM02qWRT9.ps1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6740 -s 2668
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://nuget.org/NuGet.exe
|
unknown
|
||
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
https://aka.ms/winsvr-2022-pshelp
|
unknown
|
||
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
http://schemas.xmlsoap.org/soap/encoding/
|
unknown
|
||
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
http://schemas.xmlsoap.org/wsdl/
|
unknown
|
||
https://contoso.com/
|
unknown
|
||
https://nuget.org/nuget.exe
|
unknown
|
||
https://contoso.com/License
|
unknown
|
||
https://contoso.com/Icon
|
unknown
|
||
https://oneget.orgX
|
unknown
|
||
https://aka.ms/pscore6lBlq
|
unknown
|
||
http://upx.sf.net
|
unknown
|
||
https://aka.ms/pscore68
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
https://github.com/Pester/Pester
|
unknown
|
||
https://oneget.org
|
unknown
|
There are 8 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
bg.microsoft.map.fastly.net
|
199.232.210.172
|
||
fp2e7a.wpc.phicdn.net
|
192.229.221.95
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
\REGISTRY\A\{1347fd96-d577-6bed-a260-0ec783f448ed}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
ProgramId
|
||
\REGISTRY\A\{1347fd96-d577-6bed-a260-0ec783f448ed}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
FileId
|
||
\REGISTRY\A\{1347fd96-d577-6bed-a260-0ec783f448ed}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
LowerCaseLongPath
|
||
\REGISTRY\A\{1347fd96-d577-6bed-a260-0ec783f448ed}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
LongPathHash
|
||
\REGISTRY\A\{1347fd96-d577-6bed-a260-0ec783f448ed}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
Name
|
||
\REGISTRY\A\{1347fd96-d577-6bed-a260-0ec783f448ed}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
OriginalFileName
|
||
\REGISTRY\A\{1347fd96-d577-6bed-a260-0ec783f448ed}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
Publisher
|
||
\REGISTRY\A\{1347fd96-d577-6bed-a260-0ec783f448ed}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
Version
|
||
\REGISTRY\A\{1347fd96-d577-6bed-a260-0ec783f448ed}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
BinFileVersion
|
||
\REGISTRY\A\{1347fd96-d577-6bed-a260-0ec783f448ed}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
BinaryType
|
||
\REGISTRY\A\{1347fd96-d577-6bed-a260-0ec783f448ed}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
ProductName
|
||
\REGISTRY\A\{1347fd96-d577-6bed-a260-0ec783f448ed}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
ProductVersion
|
||
\REGISTRY\A\{1347fd96-d577-6bed-a260-0ec783f448ed}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
LinkDate
|
||
\REGISTRY\A\{1347fd96-d577-6bed-a260-0ec783f448ed}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
BinProductVersion
|
||
\REGISTRY\A\{1347fd96-d577-6bed-a260-0ec783f448ed}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
AppxPackageFullName
|
||
\REGISTRY\A\{1347fd96-d577-6bed-a260-0ec783f448ed}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
AppxPackageRelativeId
|
||
\REGISTRY\A\{1347fd96-d577-6bed-a260-0ec783f448ed}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
Size
|
||
\REGISTRY\A\{1347fd96-d577-6bed-a260-0ec783f448ed}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
Language
|
||
\REGISTRY\A\{1347fd96-d577-6bed-a260-0ec783f448ed}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
IsOsComponent
|
||
\REGISTRY\A\{1347fd96-d577-6bed-a260-0ec783f448ed}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
Usn
|
There are 10 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
93B7000
|
heap
|
page read and write
|
||
5DDE000
|
trusted library allocation
|
page read and write
|
||
5FA0000
|
trusted library allocation
|
page read and write
|
||
5D9A000
|
trusted library allocation
|
page read and write
|
||
10016000
|
direct allocation
|
page execute read
|
||
13907A55000
|
heap
|
page read and write
|
||
7FFE7E24A000
|
trusted library allocation
|
page read and write
|
||
9260000
|
heap
|
page read and write
|
||
97C0000
|
trusted library allocation
|
page read and write
|
||
1390B733000
|
trusted library allocation
|
page read and write
|
||
7510000
|
trusted library allocation
|
page read and write
|
||
1390B6D6000
|
trusted library allocation
|
page read and write
|
||
72D9000
|
heap
|
page read and write
|
||
710E000
|
stack
|
page read and write
|
||
9780000
|
trusted library allocation
|
page execute and read and write
|
||
4C0D000
|
trusted library allocation
|
page read and write
|
||
916E000
|
stack
|
page read and write
|
||
5BD9000
|
trusted library allocation
|
page read and write
|
||
748E000
|
stack
|
page read and write
|
||
9496000
|
trusted library allocation
|
page read and write
|
||
7FFE7E2B0000
|
trusted library allocation
|
page read and write
|
||
13919A95000
|
trusted library allocation
|
page read and write
|
||
2CA0000
|
trusted library allocation
|
page read and write
|
||
6E5E000
|
stack
|
page read and write
|
||
926C000
|
heap
|
page read and write
|
||
1390B05E000
|
trusted library allocation
|
page read and write
|
||
12BBAFE000
|
stack
|
page read and write
|
||
95F1000
|
trusted library allocation
|
page read and write
|
||
718E000
|
stack
|
page read and write
|
||
2C9A000
|
trusted library allocation
|
page execute and read and write
|
||
9730000
|
trusted library allocation
|
page read and write
|
||
95F5000
|
trusted library allocation
|
page read and write
|
||
BA6000
|
heap
|
page read and write
|
||
1390BA7A000
|
trusted library allocation
|
page read and write
|
||
12BB8FD000
|
stack
|
page read and write
|
||
BF0000
|
trusted library allocation
|
page read and write
|
||
6E1A000
|
stack
|
page read and write
|
||
7FFE7E380000
|
trusted library allocation
|
page read and write
|
||
9470000
|
trusted library allocation
|
page read and write
|
||
7E0000
|
heap
|
page read and write
|
||
1390BA7E000
|
trusted library allocation
|
page read and write
|
||
1390A4F2000
|
trusted library allocation
|
page read and write
|
||
139078BA000
|
heap
|
page read and write
|
||
9600000
|
trusted library allocation
|
page read and write
|
||
91B0000
|
trusted library allocation
|
page read and write
|
||
9200000
|
trusted library allocation
|
page read and write
|
||
97B0000
|
trusted library allocation
|
page execute and read and write
|
||
13909AF2000
|
trusted library allocation
|
page read and write
|
||
73C0000
|
trusted library allocation
|
page read and write
|
||
BD0000
|
trusted library section
|
page read and write
|
||
4D06000
|
trusted library allocation
|
page read and write
|
||
2C7D000
|
trusted library allocation
|
page execute and read and write
|
||
9285000
|
heap
|
page read and write
|
||
7560000
|
trusted library allocation
|
page read and write
|
||
7FFE7E2F0000
|
trusted library allocation
|
page read and write
|
||
91BB000
|
trusted library allocation
|
page read and write
|
||
2D18000
|
heap
|
page read and write
|
||
46BD000
|
stack
|
page read and write
|
||
12BB515000
|
stack
|
page read and write
|
||
139092B0000
|
heap
|
page readonly
|
||
7FFE7E3C0000
|
trusted library allocation
|
page read and write
|
||
13907880000
|
heap
|
page read and write
|
||
12BBD77000
|
stack
|
page read and write
|
||
13907812000
|
heap
|
page read and write
|
||
6D55000
|
heap
|
page execute and read and write
|
||
139198D0000
|
trusted library allocation
|
page read and write
|
||
74CD000
|
stack
|
page read and write
|
||
9091000
|
trusted library allocation
|
page read and write
|
||
2CA2000
|
trusted library allocation
|
page read and write
|
||
97A1000
|
trusted library allocation
|
page read and write
|
||
4820000
|
heap
|
page read and write
|
||
1390B6AA000
|
trusted library allocation
|
page read and write
|
||
13921A0C000
|
heap
|
page read and write
|
||
7580000
|
trusted library allocation
|
page read and write
|
||
12BB5DE000
|
stack
|
page read and write
|
||
13919929000
|
trusted library allocation
|
page read and write
|
||
12BBCF9000
|
stack
|
page read and write
|
||
139092A0000
|
trusted library allocation
|
page read and write
|
||
74E0000
|
trusted library allocation
|
page read and write
|
||
7FFE7E3A0000
|
trusted library allocation
|
page read and write
|
||
7FFE7E272000
|
trusted library allocation
|
page read and write
|
||
7FFE7E150000
|
trusted library allocation
|
page execute and read and write
|
||
B8F000
|
stack
|
page read and write
|
||
71D000
|
stack
|
page read and write
|
||
475E000
|
stack
|
page read and write
|
||
6D50000
|
heap
|
page execute and read and write
|
||
7FFE7E176000
|
trusted library allocation
|
page execute and read and write
|
||
13921A5B000
|
heap
|
page read and write
|
||
5C11000
|
trusted library allocation
|
page read and write
|
||
13921AB2000
|
heap
|
page read and write
|
||
7FFE7E1B0000
|
trusted library allocation
|
page execute and read and write
|
||
7FFE7E320000
|
trusted library allocation
|
page read and write
|
||
7FFE7E240000
|
trusted library allocation
|
page read and write
|
||
7FFE7E390000
|
trusted library allocation
|
page read and write
|
||
12BBE7E000
|
stack
|
page read and write
|
||
7DF4F33A0000
|
trusted library allocation
|
page execute and read and write
|
||
9771000
|
trusted library allocation
|
page read and write
|
||
926A000
|
heap
|
page read and write
|
||
1390B9B4000
|
trusted library allocation
|
page read and write
|
||
13921CF9000
|
heap
|
page read and write
|
||
7FFE7E250000
|
trusted library allocation
|
page execute and read and write
|
||
9291000
|
heap
|
page read and write
|
||
13907800000
|
heap
|
page read and write
|
||
139198EA000
|
trusted library allocation
|
page read and write
|
||
139079F0000
|
heap
|
page read and write
|
||
7FFE7E290000
|
trusted library allocation
|
page read and write
|
||
13909270000
|
trusted library allocation
|
page read and write
|
||
10018000
|
direct allocation
|
page read and write
|
||
7FFE7E0A0000
|
trusted library allocation
|
page read and write
|
||
7378000
|
heap
|
page read and write
|
||
7FFE7E2A0000
|
trusted library allocation
|
page read and write
|
||
6D3E000
|
stack
|
page read and write
|
||
2D0E000
|
stack
|
page read and write
|
||
1390B29E000
|
trusted library allocation
|
page read and write
|
||
13921CE3000
|
heap
|
page read and write
|
||
2C80000
|
trusted library allocation
|
page read and write
|
||
7FFE7E2C0000
|
trusted library allocation
|
page read and write
|
||
139078A2000
|
heap
|
page read and write
|
||
8060000
|
trusted library allocation
|
page execute and read and write
|
||
6D40000
|
heap
|
page execute and read and write
|
||
7FFE7E300000
|
trusted library allocation
|
page read and write
|
||
9295000
|
heap
|
page read and write
|
||
7FFE7E14C000
|
trusted library allocation
|
page execute and read and write
|
||
71B0000
|
trusted library allocation
|
page execute and read and write
|
||
13921C90000
|
heap
|
page read and write
|
||
7530000
|
trusted library allocation
|
page read and write
|
||
70CE000
|
stack
|
page read and write
|
||
6F1D000
|
stack
|
page read and write
|
||
7FD0000
|
trusted library allocation
|
page read and write
|
||
BB0000
|
heap
|
page read and write
|
||
7FFE7E093000
|
trusted library allocation
|
page execute and read and write
|
||
139097F0000
|
heap
|
page execute and read and write
|
||
13921C77000
|
heap
|
page execute and read and write
|
||
97AD000
|
trusted library allocation
|
page read and write
|
||
86CD000
|
trusted library allocation
|
page read and write
|
||
97D0000
|
trusted library allocation
|
page read and write
|
||
91AE000
|
stack
|
page read and write
|
||
9490000
|
trusted library allocation
|
page read and write
|
||
9211000
|
trusted library allocation
|
page read and write
|
||
2CC0000
|
trusted library allocation
|
page read and write
|
||
1390789C000
|
heap
|
page read and write
|
||
6F90000
|
heap
|
page read and write
|
||
6C2E000
|
stack
|
page read and write
|
||
46C0000
|
trusted library allocation
|
page read and write
|
||
2D60000
|
heap
|
page readonly
|
||
480E000
|
stack
|
page read and write
|
||
7570000
|
trusted library allocation
|
page read and write
|
||
2DCC000
|
stack
|
page read and write
|
||
1001F000
|
direct allocation
|
page read and write
|
||
10000000
|
direct allocation
|
page read and write
|
||
6DC000
|
stack
|
page read and write
|
||
9384000
|
heap
|
page read and write
|
||
6CBD000
|
stack
|
page read and write
|
||
7DD000
|
unkown
|
page read and write
|
||
139219D7000
|
heap
|
page read and write
|
||
12BBB7D000
|
stack
|
page read and write
|
||
139098C1000
|
trusted library allocation
|
page read and write
|
||
7F65000
|
stack
|
page read and write
|
||
1390B6F8000
|
trusted library allocation
|
page read and write
|
||
929D000
|
heap
|
page read and write
|
||
7FFE7E310000
|
trusted library allocation
|
page read and write
|
||
13921A0F000
|
heap
|
page read and write
|
||
6DDD000
|
stack
|
page read and write
|
||
9740000
|
trusted library allocation
|
page read and write
|
||
2E18000
|
heap
|
page read and write
|
||
744E000
|
stack
|
page read and write
|
||
139097B0000
|
heap
|
page execute and read and write
|
||
91F0000
|
trusted library allocation
|
page read and write
|
||
139198C1000
|
trusted library allocation
|
page read and write
|
||
479E000
|
stack
|
page read and write
|
||
9760000
|
trusted library allocation
|
page read and write
|
||
7FFE7E3B0000
|
trusted library allocation
|
page read and write
|
||
13921AF0000
|
heap
|
page read and write
|
||
7540000
|
trusted library allocation
|
page read and write
|
||
9746000
|
trusted library allocation
|
page read and write
|
||
91B7000
|
trusted library allocation
|
page read and write
|
||
9630000
|
trusted library allocation
|
page read and write
|
||
2D80000
|
heap
|
page read and write
|
||
5D77000
|
trusted library allocation
|
page read and write
|
||
7FA0000
|
trusted library allocation
|
page read and write
|
||
4867000
|
heap
|
page read and write
|
||
9280000
|
heap
|
page read and write
|
||
7FFE7E280000
|
trusted library allocation
|
page execute and read and write
|
||
75DC000
|
stack
|
page read and write
|
||
139078EB000
|
heap
|
page read and write
|
||
12BB9BF000
|
stack
|
page read and write
|
||
740E000
|
stack
|
page read and write
|
||
74F0000
|
trusted library allocation
|
page read and write
|
||
6D9F000
|
stack
|
page read and write
|
||
139218CD000
|
heap
|
page read and write
|
||
B4E000
|
stack
|
page read and write
|
||
7322000
|
heap
|
page read and write
|
||
2D10000
|
heap
|
page read and write
|
||
12BBBF6000
|
stack
|
page read and write
|
||
12BBF7E000
|
stack
|
page read and write
|
||
9480000
|
trusted library allocation
|
page execute and read and write
|
||
7F260000
|
trusted library allocation
|
page execute and read and write
|
||
2C73000
|
trusted library allocation
|
page execute and read and write
|
||
12BB97E000
|
stack
|
page read and write
|
||
90ED000
|
stack
|
page read and write
|
||
13909340000
|
trusted library allocation
|
page read and write
|
||
1390AEF2000
|
trusted library allocation
|
page read and write
|
||
7FFE7E0AB000
|
trusted library allocation
|
page read and write
|
||
2E0B000
|
heap
|
page read and write
|
||
9289000
|
heap
|
page read and write
|
||
1390AFB2000
|
trusted library allocation
|
page read and write
|
||
6FA0000
|
heap
|
page read and write
|
||
4860000
|
heap
|
page read and write
|
||
7FFE7E330000
|
trusted library allocation
|
page read and write
|
||
9750000
|
trusted library allocation
|
page execute and read and write
|
||
8081000
|
trusted library allocation
|
page read and write
|
||
2C89000
|
trusted library allocation
|
page read and write
|
||
12BBFFB000
|
stack
|
page read and write
|
||
6CFB000
|
stack
|
page read and write
|
||
12BBC78000
|
stack
|
page read and write
|
||
471E000
|
stack
|
page read and write
|
||
7590000
|
trusted library allocation
|
page read and write
|
||
139093F5000
|
heap
|
page read and write
|
||
7550000
|
trusted library allocation
|
page read and write
|
||
2DE0000
|
heap
|
page read and write
|
||
13921ACA000
|
heap
|
page read and write
|
||
91C0000
|
trusted library allocation
|
page read and write
|
||
97A7000
|
trusted library allocation
|
page read and write
|
||
12BB87E000
|
stack
|
page read and write
|
||
7FFE7E340000
|
trusted library allocation
|
page read and write
|
||
849F000
|
trusted library allocation
|
page read and write
|
||
9082000
|
trusted library allocation
|
page read and write
|
||
731F000
|
heap
|
page read and write
|
||
139093F0000
|
heap
|
page read and write
|
||
10017000
|
direct allocation
|
page readonly
|
||
12BBEFE000
|
stack
|
page read and write
|
||
7FFE7E3D0000
|
trusted library allocation
|
page read and write
|
||
7FFE7E09D000
|
trusted library allocation
|
page execute and read and write
|
||
71D2000
|
heap
|
page read and write
|
||
7FFE7E370000
|
trusted library allocation
|
page read and write
|
||
13919ADC000
|
trusted library allocation
|
page read and write
|
||
7500000
|
trusted library allocation
|
page read and write
|
||
718000
|
stack
|
page read and write
|
||
949C000
|
trusted library allocation
|
page read and write
|
||
805E000
|
stack
|
page read and write
|
||
95F8000
|
trusted library allocation
|
page read and write
|
||
921D000
|
trusted library allocation
|
page read and write
|
||
909E000
|
trusted library allocation
|
page read and write
|
||
13907A20000
|
heap
|
page read and write
|
||
7FFE7E230000
|
trusted library allocation
|
page read and write
|
||
7FFE7E094000
|
trusted library allocation
|
page read and write
|
||
13921C80000
|
heap
|
page read and write
|
||
5D6C000
|
trusted library allocation
|
page read and write
|
||
13919B77000
|
trusted library allocation
|
page read and write
|
||
13909330000
|
heap
|
page read and write
|
||
7FFE7E146000
|
trusted library allocation
|
page read and write
|
||
139078A4000
|
heap
|
page read and write
|
||
7FFE7E140000
|
trusted library allocation
|
page read and write
|
||
13919A7C000
|
trusted library allocation
|
page read and write
|
||
94A0000
|
trusted library allocation
|
page execute and read and write
|
||
97E0000
|
trusted library allocation
|
page read and write
|
||
9462000
|
trusted library allocation
|
page read and write
|
||
139078E4000
|
heap
|
page read and write
|
||
12BCA0B000
|
stack
|
page read and write
|
||
974C000
|
trusted library allocation
|
page read and write
|
||
9299000
|
heap
|
page read and write
|
||
2D5F000
|
stack
|
page read and write
|
||
7FFE7E245000
|
trusted library allocation
|
page read and write
|
||
7385000
|
heap
|
page read and write
|
||
912C000
|
stack
|
page read and write
|
||
2D70000
|
trusted library allocation
|
page read and write
|
||
801D000
|
stack
|
page read and write
|
||
5D64000
|
trusted library allocation
|
page read and write
|
||
13907808000
|
heap
|
page read and write
|
||
97F0000
|
trusted library allocation
|
page execute and read and write
|
||
71A0000
|
trusted library allocation
|
page read and write
|
||
7F278000
|
trusted library allocation
|
page execute and read and write
|
||
6BEE000
|
stack
|
page read and write
|
||
7F70000
|
heap
|
page read and write
|
||
7FFE7E350000
|
trusted library allocation
|
page read and write
|
||
7520000
|
trusted library allocation
|
page read and write
|
||
9790000
|
trusted library allocation
|
page read and write
|
||
92F0000
|
heap
|
page read and write
|
||
10001000
|
direct allocation
|
page execute and read and write
|
||
139092F0000
|
trusted library allocation
|
page read and write
|
||
9800000
|
trusted library allocation
|
page execute and read and write
|
||
4BB1000
|
trusted library allocation
|
page read and write
|
||
1390994B000
|
trusted library allocation
|
page read and write
|
||
1390AFB0000
|
trusted library allocation
|
page read and write
|
||
6EDE000
|
stack
|
page read and write
|
||
9262000
|
heap
|
page read and write
|
||
13907899000
|
heap
|
page read and write
|
||
5D5F000
|
trusted library allocation
|
page read and write
|
||
139098B0000
|
heap
|
page read and write
|
||
2C70000
|
trusted library allocation
|
page read and write
|
||
13921CD8000
|
heap
|
page read and write
|
||
938D000
|
heap
|
page read and write
|
||
12BBA7E000
|
stack
|
page read and write
|
||
139077E0000
|
heap
|
page read and write
|
||
7FFE7E360000
|
trusted library allocation
|
page read and write
|
||
790000
|
heap
|
page read and write
|
||
7FFE7E3E0000
|
trusted library allocation
|
page read and write
|
||
714E000
|
stack
|
page read and write
|
||
47C0000
|
heap
|
page execute and read and write
|
||
9680000
|
trusted library allocation
|
page read and write
|
||
92C3000
|
heap
|
page read and write
|
||
13921AB8000
|
heap
|
page read and write
|
||
13919C7E000
|
trusted library allocation
|
page read and write
|
||
13919935000
|
trusted library allocation
|
page read and write
|
||
928D000
|
heap
|
page read and write
|
||
7FFE7E092000
|
trusted library allocation
|
page read and write
|
||
13921A59000
|
heap
|
page read and write
|
||
2C90000
|
trusted library allocation
|
page read and write
|
||
12BB59E000
|
stack
|
page read and write
|
||
13921C8E000
|
heap
|
page read and write
|
||
6E9B000
|
stack
|
page read and write
|
||
13921C70000
|
heap
|
page execute and read and write
|
||
74D0000
|
trusted library allocation
|
page read and write
|
||
4DA2000
|
trusted library allocation
|
page read and write
|
||
80A8000
|
trusted library allocation
|
page read and write
|
||
2C74000
|
trusted library allocation
|
page read and write
|
||
7F90000
|
trusted library allocation
|
page read and write
|
||
BA0000
|
heap
|
page read and write
|
||
2DD0000
|
trusted library allocation
|
page execute and read and write
|
||
80C3000
|
trusted library allocation
|
page read and write
|
||
5BB1000
|
trusted library allocation
|
page read and write
|
||
9217000
|
trusted library allocation
|
page read and write
|
||
B0D000
|
unkown
|
page read and write
|
||
7FFE7E260000
|
trusted library allocation
|
page execute and read and write
|
||
7F80000
|
trusted library allocation
|
page execute and read and write
|
||
139079D0000
|
heap
|
page read and write
|
||
13921AB6000
|
heap
|
page read and write
|
||
8070000
|
heap
|
page read and write
|
||
139219D0000
|
heap
|
page read and write
|
||
13919AFC000
|
trusted library allocation
|
page read and write
|
||
12BBDFF000
|
stack
|
page read and write
|
||
13907A50000
|
heap
|
page read and write
|
||
7FFE7E2D0000
|
trusted library allocation
|
page read and write
|
||
2CA5000
|
trusted library allocation
|
page execute and read and write
|
||
7FFE7E2E0000
|
trusted library allocation
|
page read and write
|
||
BE0000
|
trusted library section
|
page read and write
|
||
2DE8000
|
heap
|
page read and write
|
There are 327 hidden memdumps, click here to show them.