Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
eszstwQPwq.ps1
|
ASCII text, with very long lines (65312), with CRLF, LF line terminators
|
initial sample
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_powershell.exe_5f3f215c54fd6621b18c8b4e1cd39209bc45a82_bf5a3e5b_3307fc83-cd0e-4f7d-b246-1c97fc22b6b5\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER460.tmp.dmp
|
Mini DuMP crash report, 14 streams, Mon Dec 23 11:36:17 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8D5.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER915.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hj01ibwg.2ce.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kv01mdww.x4a.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mzhgnmei.hn5.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nv2awu23.3uh.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_peipsmjg.lhd.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yopdqtol.ki3.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\0OWQKSSARKYG34DP7HEA.temp
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
\Device\ConDrv
|
ASCII text, with very long lines (352), with CRLF, LF line terminators
|
dropped
|
There are 6 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\eszstwQPwq.ps1"
|
||
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -ex bypass -nonI C:\Users\user\Desktop\eszstwQPwq.ps1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 2896
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://nuget.org/NuGet.exe
|
unknown
|
||
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
https://aka.ms/winsvr-2022-pshelp
|
unknown
|
||
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
http://schemas.xmlsoap.org/soap/encoding/
|
unknown
|
||
http://crl.microsoft
|
unknown
|
||
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
http://schemas.xmlsoap.org/wsdl/
|
unknown
|
||
https://contoso.com/
|
unknown
|
||
https://nuget.org/nuget.exe
|
unknown
|
||
https://contoso.com/License
|
unknown
|
||
https://contoso.com/Icon
|
unknown
|
||
http://upx.sf.net
|
unknown
|
||
https://aka.ms/pscore6
|
unknown
|
||
https://aka.ms/pscore68
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
https://github.com/Pester/Pester
|
unknown
|
||
https://oneget.org
|
unknown
|
There are 8 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
bg.microsoft.map.fastly.net
|
199.232.210.172
|
||
fp2e7a.wpc.phicdn.net
|
192.229.221.95
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
\REGISTRY\A\{6c04c149-c6ee-735a-ccee-613e5dd14930}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
ProgramId
|
||
\REGISTRY\A\{6c04c149-c6ee-735a-ccee-613e5dd14930}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
FileId
|
||
\REGISTRY\A\{6c04c149-c6ee-735a-ccee-613e5dd14930}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
LowerCaseLongPath
|
||
\REGISTRY\A\{6c04c149-c6ee-735a-ccee-613e5dd14930}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
LongPathHash
|
||
\REGISTRY\A\{6c04c149-c6ee-735a-ccee-613e5dd14930}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
Name
|
||
\REGISTRY\A\{6c04c149-c6ee-735a-ccee-613e5dd14930}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
OriginalFileName
|
||
\REGISTRY\A\{6c04c149-c6ee-735a-ccee-613e5dd14930}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
Publisher
|
||
\REGISTRY\A\{6c04c149-c6ee-735a-ccee-613e5dd14930}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
Version
|
||
\REGISTRY\A\{6c04c149-c6ee-735a-ccee-613e5dd14930}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
BinFileVersion
|
||
\REGISTRY\A\{6c04c149-c6ee-735a-ccee-613e5dd14930}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
BinaryType
|
||
\REGISTRY\A\{6c04c149-c6ee-735a-ccee-613e5dd14930}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
ProductName
|
||
\REGISTRY\A\{6c04c149-c6ee-735a-ccee-613e5dd14930}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
ProductVersion
|
||
\REGISTRY\A\{6c04c149-c6ee-735a-ccee-613e5dd14930}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
LinkDate
|
||
\REGISTRY\A\{6c04c149-c6ee-735a-ccee-613e5dd14930}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
BinProductVersion
|
||
\REGISTRY\A\{6c04c149-c6ee-735a-ccee-613e5dd14930}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
AppxPackageFullName
|
||
\REGISTRY\A\{6c04c149-c6ee-735a-ccee-613e5dd14930}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
AppxPackageRelativeId
|
||
\REGISTRY\A\{6c04c149-c6ee-735a-ccee-613e5dd14930}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
Size
|
||
\REGISTRY\A\{6c04c149-c6ee-735a-ccee-613e5dd14930}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
Language
|
||
\REGISTRY\A\{6c04c149-c6ee-735a-ccee-613e5dd14930}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
IsOsComponent
|
||
\REGISTRY\A\{6c04c149-c6ee-735a-ccee-613e5dd14930}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
Usn
|
There are 10 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
9387000
|
heap
|
page read and write
|
||
10016000
|
direct allocation
|
page execute read
|
||
5DEF000
|
trusted library allocation
|
page read and write
|
||
5DAA000
|
trusted library allocation
|
page read and write
|
||
6111000
|
trusted library allocation
|
page read and write
|
||
2C29000
|
unkown
|
page read and write
|
||
2C2F000
|
unkown
|
page read and write
|
||
7540000
|
trusted library allocation
|
page read and write
|
||
9369000
|
heap
|
page read and write
|
||
96C0000
|
trusted library allocation
|
page execute and read and write
|
||
92B0000
|
heap
|
page read and write
|
||
7FFE18610000
|
trusted library allocation
|
page read and write
|
||
9630000
|
trusted library allocation
|
page read and write
|
||
5BC1000
|
trusted library allocation
|
page read and write
|
||
19FFF7F000
|
stack
|
page read and write
|
||
1ADDA895000
|
heap
|
page read and write
|
||
7FFE18680000
|
trusted library allocation
|
page read and write
|
||
7FFE18580000
|
trusted library allocation
|
page read and write
|
||
2A90000
|
trusted library allocation
|
page read and write
|
||
7590000
|
trusted library allocation
|
page read and write
|
||
2C0B000
|
unkown
|
page read and write
|
||
94E0000
|
trusted library allocation
|
page read and write
|
||
7FFE18400000
|
trusted library allocation
|
page execute and read and write
|
||
19800FD000
|
stack
|
page read and write
|
||
1ADC0900000
|
heap
|
page read and write
|
||
96B0000
|
trusted library allocation
|
page read and write
|
||
4870000
|
heap
|
page read and write
|
||
6D75000
|
heap
|
page execute and read and write
|
||
7FFE183F0000
|
trusted library allocation
|
page read and write
|
||
2BAC000
|
trusted library allocation
|
page read and write
|
||
5FB1000
|
trusted library allocation
|
page read and write
|
||
92A8000
|
heap
|
page read and write
|
||
706E000
|
stack
|
page read and write
|
||
19802B9000
|
stack
|
page read and write
|
||
2C20000
|
unkown
|
page read and write
|
||
1ADC456B000
|
trusted library allocation
|
page read and write
|
||
2AB9000
|
trusted library allocation
|
page read and write
|
||
90C1000
|
trusted library allocation
|
page read and write
|
||
1ADC26B0000
|
trusted library allocation
|
page read and write
|
||
2FB9000
|
heap
|
page read and write
|
||
73D0000
|
trusted library allocation
|
page execute and read and write
|
||
2AA0000
|
trusted library allocation
|
page read and write
|
||
19FFE7E000
|
stack
|
page read and write
|
||
1ADDABD6000
|
heap
|
page read and write
|
||
94DC000
|
trusted library allocation
|
page read and write
|
||
7FFE18343000
|
trusted library allocation
|
page execute and read and write
|
||
7FFE184FA000
|
trusted library allocation
|
page read and write
|
||
75D0000
|
trusted library allocation
|
page read and write
|
||
1ADC0B95000
|
heap
|
page read and write
|
||
7B6000
|
heap
|
page read and write
|
||
94D6000
|
trusted library allocation
|
page read and write
|
||
1ADC26D0000
|
trusted library allocation
|
page read and write
|
||
7560000
|
trusted library allocation
|
page read and write
|
||
10001000
|
direct allocation
|
page execute and read and write
|
||
1ADC0920000
|
heap
|
page read and write
|
||
2AAD000
|
trusted library allocation
|
page execute and read and write
|
||
72B0000
|
heap
|
page read and write
|
||
761B000
|
stack
|
page read and write
|
||
7FFE18650000
|
trusted library allocation
|
page read and write
|
||
75A0000
|
trusted library allocation
|
page read and write
|
||
7FFE18350000
|
trusted library allocation
|
page read and write
|
||
1ADDABCF000
|
heap
|
page read and write
|
||
2C26000
|
unkown
|
page read and write
|
||
716E000
|
stack
|
page read and write
|
||
9323000
|
heap
|
page read and write
|
||
19FFEFB000
|
stack
|
page read and write
|
||
91F7000
|
trusted library allocation
|
page read and write
|
||
6FBB000
|
stack
|
page read and write
|
||
1ADD293D000
|
trusted library allocation
|
page read and write
|
||
2AB0000
|
trusted library allocation
|
page read and write
|
||
7FFE184E0000
|
trusted library allocation
|
page read and write
|
||
1ADC0A09000
|
heap
|
page read and write
|
||
1ADC2680000
|
trusted library allocation
|
page read and write
|
||
1ADDABA0000
|
heap
|
page execute and read and write
|
||
4DB2000
|
trusted library allocation
|
page read and write
|
||
2B4E000
|
stack
|
page read and write
|
||
8090000
|
trusted library allocation
|
page execute and read and write
|
||
94D0000
|
trusted library allocation
|
page read and write
|
||
7FFE186A0000
|
trusted library allocation
|
page read and write
|
||
5BE9000
|
trusted library allocation
|
page read and write
|
||
6D4E000
|
stack
|
page read and write
|
||
4C1A000
|
trusted library allocation
|
page read and write
|
||
91AE000
|
stack
|
page read and write
|
||
7FD0000
|
trusted library allocation
|
page read and write
|
||
482E000
|
stack
|
page read and write
|
||
80B1000
|
trusted library allocation
|
page read and write
|
||
2C2C000
|
unkown
|
page read and write
|
||
7DF40C1F0000
|
trusted library allocation
|
page execute and read and write
|
||
7FFE18570000
|
trusted library allocation
|
page read and write
|
||
2B90000
|
heap
|
page readonly
|
||
2BFC000
|
stack
|
page read and write
|
||
7FFE185D0000
|
trusted library allocation
|
page read and write
|
||
1ADDA890000
|
heap
|
page read and write
|
||
1ADC0932000
|
heap
|
page read and write
|
||
1ADC280B000
|
trusted library allocation
|
page read and write
|
||
7FFE185B0000
|
trusted library allocation
|
page read and write
|
||
2C1A000
|
unkown
|
page read and write
|
||
7FFE183F6000
|
trusted library allocation
|
page read and write
|
||
1ADC4596000
|
trusted library allocation
|
page read and write
|
||
474E000
|
stack
|
page read and write
|
||
7FFE18590000
|
trusted library allocation
|
page read and write
|
||
1980F8F000
|
stack
|
page read and write
|
||
5BC9000
|
trusted library allocation
|
page read and write
|
||
7FC0000
|
heap
|
page read and write
|
||
1ADC0B90000
|
heap
|
page read and write
|
||
7B0000
|
heap
|
page read and write
|
||
1ADC2781000
|
trusted library allocation
|
page read and write
|
||
1ADC4939000
|
trusted library allocation
|
page read and write
|
||
2ADA000
|
trusted library allocation
|
page execute and read and write
|
||
5D75000
|
trusted library allocation
|
page read and write
|
||
7FFE18426000
|
trusted library allocation
|
page execute and read and write
|
||
92E2000
|
heap
|
page read and write
|
||
1ADC09BE000
|
heap
|
page read and write
|
||
47EE000
|
stack
|
page read and write
|
||
1ADD29BD000
|
trusted library allocation
|
page read and write
|
||
9200000
|
trusted library allocation
|
page read and write
|
||
4BC1000
|
trusted library allocation
|
page read and write
|
||
94A2000
|
trusted library allocation
|
page read and write
|
||
7FFE1835B000
|
trusted library allocation
|
page read and write
|
||
92A4000
|
heap
|
page read and write
|
||
91F0000
|
trusted library allocation
|
page read and write
|
||
7510000
|
trusted library allocation
|
page read and write
|
||
979C000
|
trusted library allocation
|
page read and write
|
||
911E000
|
stack
|
page read and write
|
||
6CCD000
|
stack
|
page read and write
|
||
96E000
|
stack
|
page read and write
|
||
1ADDA90B000
|
heap
|
page read and write
|
||
7FFE186B0000
|
trusted library allocation
|
page read and write
|
||
942B000
|
heap
|
page read and write
|
||
2FC5000
|
heap
|
page read and write
|
||
730E000
|
heap
|
page read and write
|
||
198043F000
|
stack
|
page read and write
|
||
1ADC415A000
|
trusted library allocation
|
page read and write
|
||
1ADD27E9000
|
trusted library allocation
|
page read and write
|
||
46F0000
|
trusted library allocation
|
page read and write
|
||
737A000
|
heap
|
page read and write
|
||
7FFE18600000
|
trusted library allocation
|
page read and write
|
||
1ADDA90D000
|
heap
|
page read and write
|
||
7550000
|
trusted library allocation
|
page read and write
|
||
1ADD2956000
|
trusted library allocation
|
page read and write
|
||
198007E000
|
stack
|
page read and write
|
||
1ADD27AA000
|
trusted library allocation
|
page read and write
|
||
2C17000
|
unkown
|
page read and write
|
||
1ADDA8E1000
|
heap
|
page read and write
|
||
6D0B000
|
stack
|
page read and write
|
||
7FFE183FC000
|
trusted library allocation
|
page execute and read and write
|
||
7570000
|
trusted library allocation
|
page read and write
|
||
1ADDA97A000
|
heap
|
page read and write
|
||
1ADD2B3E000
|
trusted library allocation
|
page read and write
|
||
932A000
|
heap
|
page read and write
|
||
74AE000
|
stack
|
page read and write
|
||
1ADC099C000
|
heap
|
page read and write
|
||
1ADC0890000
|
heap
|
page read and write
|
||
7FFE18690000
|
trusted library allocation
|
page read and write
|
||
9880000
|
heap
|
page read and write
|
||
1ADDA788000
|
heap
|
page read and write
|
||
92E000
|
unkown
|
page read and write
|
||
7FFE185F0000
|
trusted library allocation
|
page read and write
|
||
1ADC33B2000
|
trusted library allocation
|
page read and write
|
||
97F0000
|
trusted library allocation
|
page read and write
|
||
9870000
|
trusted library allocation
|
page execute and read and write
|
||
8000000
|
trusted library allocation
|
page read and write
|
||
9796000
|
trusted library allocation
|
page read and write
|
||
7FFE18640000
|
trusted library allocation
|
page read and write
|
||
97B1000
|
trusted library allocation
|
page read and write
|
||
1ADC26C0000
|
heap
|
page readonly
|
||
2BA0000
|
trusted library allocation
|
page read and write
|
||
7FFE18500000
|
trusted library allocation
|
page execute and read and write
|
||
9B0000
|
heap
|
page read and write
|
||
9810000
|
trusted library allocation
|
page read and write
|
||
2A50000
|
heap
|
page read and write
|
||
90CE000
|
trusted library allocation
|
page read and write
|
||
9820000
|
trusted library allocation
|
page read and write
|
||
6DFE000
|
stack
|
page read and write
|
||
80A0000
|
heap
|
page read and write
|
||
2A80000
|
trusted library section
|
page read and write
|
||
1ADC45F2000
|
trusted library allocation
|
page read and write
|
||
9257000
|
trusted library allocation
|
page read and write
|
||
1ADC26F0000
|
heap
|
page execute and read and write
|
||
7FFE18510000
|
trusted library allocation
|
page execute and read and write
|
||
2AE5000
|
trusted library allocation
|
page execute and read and write
|
||
1ADC09B5000
|
heap
|
page read and write
|
||
10018000
|
direct allocation
|
page read and write
|
||
73E0000
|
heap
|
page execute and read and write
|
||
2C38000
|
unkown
|
page read and write
|
||
1ADC2730000
|
trusted library allocation
|
page read and write
|
||
2AD0000
|
trusted library allocation
|
page read and write
|
||
742E000
|
stack
|
page read and write
|
||
9770000
|
trusted library allocation
|
page read and write
|
||
9230000
|
trusted library allocation
|
page read and write
|
||
7326000
|
heap
|
page read and write
|
||
10017000
|
direct allocation
|
page readonly
|
||
7FA4000
|
stack
|
page read and write
|
||
74ED000
|
stack
|
page read and write
|
||
925D000
|
trusted library allocation
|
page read and write
|
||
2AC0000
|
heap
|
page read and write
|
||
2C32000
|
unkown
|
page read and write
|
||
92B8000
|
heap
|
page read and write
|
||
7FFE18530000
|
trusted library allocation
|
page execute and read and write
|
||
6C3E000
|
stack
|
page read and write
|
||
7FFE18540000
|
trusted library allocation
|
page read and write
|
||
1ADC0928000
|
heap
|
page read and write
|
||
46DE000
|
stack
|
page read and write
|
||
97AD000
|
trusted library allocation
|
page read and write
|
||
5D70000
|
trusted library allocation
|
page read and write
|
||
75C0000
|
trusted library allocation
|
page read and write
|
||
2AA4000
|
trusted library allocation
|
page read and write
|
||
1ADDABC0000
|
heap
|
page read and write
|
||
915D000
|
stack
|
page read and write
|
||
746E000
|
stack
|
page read and write
|
||
6BFE000
|
stack
|
page read and write
|
||
2C3B000
|
unkown
|
page read and write
|
||
92BC000
|
heap
|
page read and write
|
||
7FFE184F0000
|
trusted library allocation
|
page read and write
|
||
7FFE18630000
|
trusted library allocation
|
page read and write
|
||
19FFDFD000
|
stack
|
page read and write
|
||
91EE000
|
stack
|
page read and write
|
||
1980178000
|
stack
|
page read and write
|
||
92A0000
|
heap
|
page read and write
|
||
1ADC3DB2000
|
trusted library allocation
|
page read and write
|
||
1ADC0B65000
|
heap
|
page read and write
|
||
7FFE18660000
|
trusted library allocation
|
page read and write
|
||
19FFD7E000
|
stack
|
page read and write
|
||
7FFE18342000
|
trusted library allocation
|
page read and write
|
||
804D000
|
stack
|
page read and write
|
||
2AA3000
|
trusted library allocation
|
page execute and read and write
|
||
2C23000
|
unkown
|
page read and write
|
||
1ADC09C0000
|
heap
|
page read and write
|
||
9790000
|
trusted library allocation
|
page read and write
|
||
2C14000
|
unkown
|
page read and write
|
||
97D0000
|
trusted library allocation
|
page read and write
|
||
19801BF000
|
stack
|
page read and write
|
||
4D16000
|
trusted library allocation
|
page read and write
|
||
1ADDA9C7000
|
heap
|
page execute and read and write
|
||
9251000
|
trusted library allocation
|
page read and write
|
||
92AC000
|
heap
|
page read and write
|
||
7FFE18344000
|
trusted library allocation
|
page read and write
|
||
3082000
|
heap
|
page read and write
|
||
1ADC08A0000
|
heap
|
page read and write
|
||
2C11000
|
unkown
|
page read and write
|
||
2A70000
|
trusted library section
|
page read and write
|
||
7520000
|
trusted library allocation
|
page read and write
|
||
1ADC29B2000
|
trusted library allocation
|
page read and write
|
||
2AC8000
|
heap
|
page read and write
|
||
7FFE185E0000
|
trusted library allocation
|
page read and write
|
||
2C35000
|
unkown
|
page read and write
|
||
2B00000
|
trusted library allocation
|
page read and write
|
||
1ADC0B60000
|
heap
|
page read and write
|
||
1ADD2790000
|
trusted library allocation
|
page read and write
|
||
2BB0000
|
trusted library allocation
|
page read and write
|
||
1ADD299D000
|
trusted library allocation
|
page read and write
|
||
7D0000
|
heap
|
page read and write
|
||
7FFE1834D000
|
trusted library allocation
|
page execute and read and write
|
||
46E0000
|
trusted library allocation
|
page execute and read and write
|
||
1ADC09D6000
|
heap
|
page read and write
|
||
8EE000
|
unkown
|
page read and write
|
||
10000000
|
direct allocation
|
page read and write
|
||
4859000
|
heap
|
page read and write
|
||
2AE2000
|
trusted library allocation
|
page read and write
|
||
1ADC493D000
|
trusted library allocation
|
page read and write
|
||
6DBF000
|
stack
|
page read and write
|
||
5C21000
|
trusted library allocation
|
page read and write
|
||
2C1D000
|
unkown
|
page read and write
|
||
47A0000
|
heap
|
page execute and read and write
|
||
2C08000
|
unkown
|
page read and write
|
||
91FB000
|
trusted library allocation
|
page read and write
|
||
7530000
|
trusted library allocation
|
page read and write
|
||
70EE000
|
stack
|
page read and write
|
||
1ADC2770000
|
heap
|
page read and write
|
||
1980338000
|
stack
|
page read and write
|
||
19803BE000
|
stack
|
page read and write
|
||
4877000
|
heap
|
page read and write
|
||
6F7E000
|
stack
|
page read and write
|
||
1ADC0955000
|
heap
|
page read and write
|
||
7FFE18560000
|
trusted library allocation
|
page read and write
|
||
9240000
|
trusted library allocation
|
page read and write
|
||
7FFE18620000
|
trusted library allocation
|
page read and write
|
||
75B0000
|
trusted library allocation
|
page read and write
|
||
94B0000
|
trusted library allocation
|
page read and write
|
||
2B8F000
|
stack
|
page read and write
|
||
808E000
|
stack
|
page read and write
|
||
9840000
|
trusted library allocation
|
page execute and read and write
|
||
1001F000
|
direct allocation
|
page read and write
|
||
7FFE184F5000
|
trusted library allocation
|
page read and write
|
||
2F90000
|
heap
|
page read and write
|
||
478E000
|
stack
|
page read and write
|
||
2F98000
|
heap
|
page read and write
|
||
71C2000
|
heap
|
page read and write
|
||
97E0000
|
trusted library allocation
|
page read and write
|
||
1ADC0B50000
|
heap
|
page read and write
|
||
1ADC09B8000
|
heap
|
page read and write
|
||
70C000
|
stack
|
page read and write
|
||
7FB0000
|
trusted library allocation
|
page execute and read and write
|
||
1ADDAAC0000
|
heap
|
page read and write
|
||
7F6A0000
|
trusted library allocation
|
page execute and read and write
|
||
1ADDA9C0000
|
heap
|
page execute and read and write
|
||
1ADDAC2A000
|
heap
|
page read and write
|
||
1ADC4874000
|
trusted library allocation
|
page read and write
|
||
712F000
|
stack
|
page read and write
|
||
71AE000
|
stack
|
page read and write
|
||
2AE0000
|
trusted library allocation
|
page read and write
|
||
4850000
|
heap
|
page read and write
|
||
94C0000
|
trusted library allocation
|
page execute and read and write
|
||
19FFCFE000
|
stack
|
page read and write
|
||
97A7000
|
trusted library allocation
|
page read and write
|
||
5D7D000
|
trusted library allocation
|
page read and write
|
||
7FFE18460000
|
trusted library allocation
|
page execute and read and write
|
||
9800000
|
trusted library allocation
|
page execute and read and write
|
||
74F0000
|
trusted library allocation
|
page read and write
|
||
19805BB000
|
stack
|
page read and write
|
||
6E3D000
|
stack
|
page read and write
|
||
6D70000
|
heap
|
page execute and read and write
|
||
9780000
|
trusted library allocation
|
page execute and read and write
|
||
2BAF000
|
trusted library allocation
|
page read and write
|
||
2C0E000
|
unkown
|
page read and write
|
||
1ADD2781000
|
trusted library allocation
|
page read and write
|
||
7FFE184E9000
|
trusted library allocation
|
page read and write
|
||
7FFE18670000
|
trusted library allocation
|
page read and write
|
||
1ADDA974000
|
heap
|
page read and write
|
||
73C0000
|
trusted library allocation
|
page read and write
|
||
7FFE185A0000
|
trusted library allocation
|
page read and write
|
||
8302000
|
trusted library allocation
|
page read and write
|
||
7FFE18522000
|
trusted library allocation
|
page read and write
|
||
9160000
|
heap
|
page read and write
|
||
1ADDA956000
|
heap
|
page read and write
|
||
9830000
|
heap
|
page read and write
|
||
1ADC08C0000
|
heap
|
page read and write
|
||
19FFFFF000
|
stack
|
page read and write
|
||
5D88000
|
trusted library allocation
|
page read and write
|
||
7F6B8000
|
trusted library allocation
|
page execute and read and write
|
||
747000
|
stack
|
page read and write
|
||
7580000
|
trusted library allocation
|
page read and write
|
||
9375000
|
heap
|
page read and write
|
||
198053E000
|
stack
|
page read and write
|
||
1980236000
|
stack
|
page read and write
|
||
6E40000
|
heap
|
page read and write
|
||
7500000
|
trusted library allocation
|
page read and write
|
||
7FFE18550000
|
trusted library allocation
|
page read and write
|
||
97C0000
|
trusted library allocation
|
page execute and read and write
|
||
9640000
|
trusted library allocation
|
page read and write
|
||
7FFE185C0000
|
trusted library allocation
|
page read and write
|
||
1ADC0A00000
|
heap
|
page read and write
|
||
9AF000
|
stack
|
page read and write
|
||
97A1000
|
trusted library allocation
|
page read and write
|
||
72E9000
|
heap
|
page read and write
|
||
90B2000
|
trusted library allocation
|
page read and write
|
||
198033E000
|
stack
|
page read and write
|
||
70AB000
|
stack
|
page read and write
|
||
92B4000
|
heap
|
page read and write
|
||
19FFC75000
|
stack
|
page read and write
|
There are 340 hidden memdumps, click here to show them.