Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
DSR0987678900000.exe
|
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_DSR0987678900000_7e74b1b87155529a3ff0bd98fc2c8d3a6c378e49_a7480bc7_055a7e94-47cf-4121-8aa6-26f4dc22353a\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1637.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER16A6.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA6F.tmp.dmp
|
Mini DuMP crash report, 16 streams, Thu Sep 26 13:09:17 2024, 0x1205a4 type
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_i4ti4kez.vbv.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ka5pv3g1.2pp.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ljiicu1b.ymn.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rdt4hkkt.11g.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\DSR0987678900000.exe
|
"C:\Users\user\Desktop\DSR0987678900000.exe"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\DSR0987678900000.exe"
-Force
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 2756 -s 1224
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://upx.sf.net
|
unknown
|
||
|
http://ftp.antoniomayol.com
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://ip-api.com/line/?fields=hosting
|
208.95.112.1
|
||
|
http://ip-api.com
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ip-api.com
|
208.95.112.1
|
|
|
|
ftp.antoniomayol.com
|
15.197.240.20
|
|
|
|
241.42.69.40.in-addr.arpa
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
208.95.112.1
|
ip-api.com
|
United States
|
|
|
|
15.197.240.20
|
ftp.antoniomayol.com
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
|
EnableLUA
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance
|
Enabled
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
FileDirectory
|
||
|
\REGISTRY\A\{94e311d3-5054-4602-4a36-bc3fa223ecb9}\Root\InventoryApplicationFile\dsr0987678900000|97ab87626a47e8c1
|
ProgramId
|
||
|
\REGISTRY\A\{94e311d3-5054-4602-4a36-bc3fa223ecb9}\Root\InventoryApplicationFile\dsr0987678900000|97ab87626a47e8c1
|
FileId
|
||
|
\REGISTRY\A\{94e311d3-5054-4602-4a36-bc3fa223ecb9}\Root\InventoryApplicationFile\dsr0987678900000|97ab87626a47e8c1
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{94e311d3-5054-4602-4a36-bc3fa223ecb9}\Root\InventoryApplicationFile\dsr0987678900000|97ab87626a47e8c1
|
LongPathHash
|
||
|
\REGISTRY\A\{94e311d3-5054-4602-4a36-bc3fa223ecb9}\Root\InventoryApplicationFile\dsr0987678900000|97ab87626a47e8c1
|
Name
|
||
|
\REGISTRY\A\{94e311d3-5054-4602-4a36-bc3fa223ecb9}\Root\InventoryApplicationFile\dsr0987678900000|97ab87626a47e8c1
|
OriginalFileName
|
||
|
\REGISTRY\A\{94e311d3-5054-4602-4a36-bc3fa223ecb9}\Root\InventoryApplicationFile\dsr0987678900000|97ab87626a47e8c1
|
Publisher
|
||
|
\REGISTRY\A\{94e311d3-5054-4602-4a36-bc3fa223ecb9}\Root\InventoryApplicationFile\dsr0987678900000|97ab87626a47e8c1
|
Version
|
||
|
\REGISTRY\A\{94e311d3-5054-4602-4a36-bc3fa223ecb9}\Root\InventoryApplicationFile\dsr0987678900000|97ab87626a47e8c1
|
BinFileVersion
|
||
|
\REGISTRY\A\{94e311d3-5054-4602-4a36-bc3fa223ecb9}\Root\InventoryApplicationFile\dsr0987678900000|97ab87626a47e8c1
|
BinaryType
|
||
|
\REGISTRY\A\{94e311d3-5054-4602-4a36-bc3fa223ecb9}\Root\InventoryApplicationFile\dsr0987678900000|97ab87626a47e8c1
|
ProductName
|
||
|
\REGISTRY\A\{94e311d3-5054-4602-4a36-bc3fa223ecb9}\Root\InventoryApplicationFile\dsr0987678900000|97ab87626a47e8c1
|
ProductVersion
|
||
|
\REGISTRY\A\{94e311d3-5054-4602-4a36-bc3fa223ecb9}\Root\InventoryApplicationFile\dsr0987678900000|97ab87626a47e8c1
|
LinkDate
|
||
|
\REGISTRY\A\{94e311d3-5054-4602-4a36-bc3fa223ecb9}\Root\InventoryApplicationFile\dsr0987678900000|97ab87626a47e8c1
|
BinProductVersion
|
||
|
\REGISTRY\A\{94e311d3-5054-4602-4a36-bc3fa223ecb9}\Root\InventoryApplicationFile\dsr0987678900000|97ab87626a47e8c1
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{94e311d3-5054-4602-4a36-bc3fa223ecb9}\Root\InventoryApplicationFile\dsr0987678900000|97ab87626a47e8c1
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{94e311d3-5054-4602-4a36-bc3fa223ecb9}\Root\InventoryApplicationFile\dsr0987678900000|97ab87626a47e8c1
|
Size
|
||
|
\REGISTRY\A\{94e311d3-5054-4602-4a36-bc3fa223ecb9}\Root\InventoryApplicationFile\dsr0987678900000|97ab87626a47e8c1
|
Language
|
||
|
\REGISTRY\A\{94e311d3-5054-4602-4a36-bc3fa223ecb9}\Root\InventoryApplicationFile\dsr0987678900000|97ab87626a47e8c1
|
Usn
|
There are 26 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1EB8034D000
|
trusted library allocation
|
page read and write
|
|
|
|
3161000
|
trusted library allocation
|
page read and write
|
|
|
|
1EB90811000
|
trusted library allocation
|
page read and write
|
|
|
|
318E000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
1310000
|
heap
|
page read and write
|
||
|
1573EFE000
|
stack
|
page read and write
|
||
|
1740000
|
heap
|
page read and write
|
||
|
1349000
|
heap
|
page read and write
|
||
|
16C0000
|
trusted library allocation
|
page read and write
|
||
|
149B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EBEE170000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
3020000
|
heap
|
page execute and read and write
|
||
|
318C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7E2000
|
trusted library allocation
|
page read and write
|
||
|
15739FE000
|
stack
|
page read and write
|
||
|
1450000
|
trusted library allocation
|
page read and write
|
||
|
1EBEDF8C000
|
heap
|
page read and write
|
||
|
1EBEDE10000
|
unkown
|
page readonly
|
||
|
12EE000
|
stack
|
page read and write
|
||
|
1492000
|
trusted library allocation
|
page read and write
|
||
|
6CCF000
|
stack
|
page read and write
|
||
|
695D000
|
trusted library allocation
|
page read and write
|
||
|
69A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B7FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
5596000
|
trusted library allocation
|
page read and write
|
||
|
13E0000
|
heap
|
page read and write
|
||
|
649B000
|
heap
|
page read and write
|
||
|
1497000
|
trusted library allocation
|
page execute and read and write
|
||
|
5570000
|
trusted library allocation
|
page read and write
|
||
|
6C8E000
|
stack
|
page read and write
|
||
|
6AE0000
|
trusted library allocation
|
page read and write
|
||
|
69F7000
|
trusted library allocation
|
page read and write
|
||
|
1490000
|
trusted library allocation
|
page read and write
|
||
|
6E80000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EBEDF05000
|
heap
|
page read and write
|
||
|
1730000
|
trusted library allocation
|
page read and write
|
||
|
6930000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B890000
|
trusted library allocation
|
page read and write
|
||
|
134C000
|
heap
|
page read and write
|
||
|
1175000
|
heap
|
page read and write
|
||
|
6440000
|
heap
|
page read and write
|
||
|
69F0000
|
trusted library allocation
|
page read and write
|
||
|
31A2000
|
trusted library allocation
|
page read and write
|
||
|
1486000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F68000
|
trusted library allocation
|
page read and write
|
||
|
1EBEDFCE000
|
heap
|
page read and write
|
||
|
6900000
|
heap
|
page read and write
|
||
|
134E000
|
heap
|
page read and write
|
||
|
1190000
|
heap
|
page read and write
|
||
|
3131000
|
trusted library allocation
|
page read and write
|
||
|
1EBEFB20000
|
trusted library allocation
|
page read and write
|
||
|
146D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B80D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B89C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF4A8520000
|
trusted library allocation
|
page execute and read and write
|
||
|
14B0000
|
heap
|
page read and write
|
||
|
5582000
|
trusted library allocation
|
page read and write
|
||
|
1EBEE183000
|
trusted library allocation
|
page read and write
|
||
|
1EBEE04F000
|
heap
|
page read and write
|
||
|
1318000
|
heap
|
page read and write
|
||
|
1139000
|
stack
|
page read and write
|
||
|
1EBEFAC0000
|
heap
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
1EBF05AF000
|
heap
|
page read and write
|
||
|
17B0000
|
heap
|
page read and write
|
||
|
1EBEDF6C000
|
heap
|
page read and write
|
||
|
6A8E000
|
stack
|
page read and write
|
||
|
147D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EBEE150000
|
trusted library allocation
|
page read and write
|
||
|
1EB90001000
|
trusted library allocation
|
page read and write
|
||
|
648E000
|
heap
|
page read and write
|
||
|
5576000
|
trusted library allocation
|
page read and write
|
||
|
4131000
|
trusted library allocation
|
page read and write
|
||
|
1EBF0571000
|
heap
|
page read and write
|
||
|
15BF000
|
stack
|
page read and write
|
||
|
1EBF05A3000
|
heap
|
page read and write
|
||
|
103A000
|
stack
|
page read and write
|
||
|
6ACE000
|
stack
|
page read and write
|
||
|
7FFD9B804000
|
trusted library allocation
|
page read and write
|
||
|
5640000
|
heap
|
page execute and read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
1470000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7E3000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EB800D9000
|
trusted library allocation
|
page read and write
|
||
|
17A0000
|
trusted library allocation
|
page read and write
|
||
|
16BE000
|
stack
|
page read and write
|
||
|
557B000
|
trusted library allocation
|
page read and write
|
||
|
558A000
|
trusted library allocation
|
page read and write
|
||
|
312E000
|
stack
|
page read and write
|
||
|
15744FC000
|
stack
|
page read and write
|
||
|
17B6000
|
heap
|
page read and write
|
||
|
1573BFC000
|
stack
|
page read and write
|
||
|
1EBEE240000
|
heap
|
page read and write
|
||
|
1573FFE000
|
stack
|
page read and write
|
||
|
55A2000
|
trusted library allocation
|
page read and write
|
||
|
6950000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EBF03B0000
|
heap
|
page execute and read and write
|
||
|
7FFD9B9E0000
|
trusted library allocation
|
page read and write
|
||
|
6920000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EBEDF00000
|
heap
|
page read and write
|
||
|
15743FE000
|
stack
|
page read and write
|
||
|
7FFD9B9E7000
|
trusted library allocation
|
page read and write
|
||
|
7000000
|
heap
|
page read and write
|
||
|
6937000
|
trusted library allocation
|
page read and write
|
||
|
1EBEDF30000
|
heap
|
page read and write
|
||
|
55EC000
|
stack
|
page read and write
|
||
|
68FE000
|
stack
|
page read and write
|
||
|
589C000
|
stack
|
page read and write
|
||
|
329F000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9F1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B900000
|
trusted library allocation
|
page execute and read and write
|
||
|
170E000
|
stack
|
page read and write
|
||
|
6E30000
|
heap
|
page read and write
|
||
|
318A000
|
trusted library allocation
|
page read and write
|
||
|
1170000
|
heap
|
page read and write
|
||
|
1482000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7E4000
|
trusted library allocation
|
page read and write
|
||
|
1464000
|
trusted library allocation
|
page read and write
|
||
|
1573AFE000
|
stack
|
page read and write
|
||
|
12AE000
|
stack
|
page read and write
|
||
|
12F0000
|
heap
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
1EBEDF60000
|
heap
|
page read and write
|
||
|
7FFD9B9BE000
|
trusted library allocation
|
page read and write
|
||
|
133A000
|
heap
|
page read and write
|
||
|
7EE80000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EBEDE12000
|
unkown
|
page readonly
|
||
|
1346000
|
heap
|
page read and write
|
||
|
7FFD9B800000
|
trusted library allocation
|
page read and write
|
||
|
5591000
|
trusted library allocation
|
page read and write
|
||
|
6AD0000
|
trusted library allocation
|
page read and write
|
||
|
1EB80001000
|
trusted library allocation
|
page read and write
|
||
|
1EB90007000
|
trusted library allocation
|
page read and write
|
||
|
1463000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EBEDFA2000
|
heap
|
page read and write
|
||
|
7FFD9B999000
|
trusted library allocation
|
page read and write
|
||
|
1EBEDED0000
|
heap
|
page read and write
|
||
|
13E3000
|
heap
|
page read and write
|
||
|
1EBEFAE8000
|
heap
|
page read and write
|
||
|
1EBF02C0000
|
trusted library section
|
page read and write
|
||
|
6E0E000
|
stack
|
page read and write
|
||
|
1EBEDFD6000
|
heap
|
page read and write
|
||
|
7FFD9B83C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1480000
|
trusted library allocation
|
page read and write
|
||
|
1EBEDF66000
|
heap
|
page read and write
|
||
|
1EBF0380000
|
heap
|
page read and write
|
||
|
3495000
|
trusted library allocation
|
page read and write
|
||
|
644D000
|
heap
|
page read and write
|
||
|
1EB90B75000
|
trusted library allocation
|
page read and write
|
||
|
644B000
|
heap
|
page read and write
|
||
|
1EB8015D000
|
trusted library allocation
|
page read and write
|
||
|
1495000
|
trusted library allocation
|
page execute and read and write
|
||
|
3194000
|
trusted library allocation
|
page read and write
|
||
|
557E000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8C6000
|
trusted library allocation
|
page execute and read and write
|
||
|
56A0000
|
heap
|
page read and write
|
||
|
1EBEE200000
|
heap
|
page execute and read and write
|
||
|
67FE000
|
stack
|
page read and write
|
||
|
132E000
|
heap
|
page read and write
|
||
|
7FFD9B7E0000
|
trusted library allocation
|
page read and write
|
||
|
1EBF053E000
|
heap
|
page read and write
|
||
|
699D000
|
stack
|
page read and write
|
||
|
1EBEDF8A000
|
heap
|
page read and write
|
||
|
559D000
|
trusted library allocation
|
page read and write
|
||
|
1EBEDFA5000
|
heap
|
page read and write
|
||
|
1EBEDEE0000
|
heap
|
page read and write
|
||
|
1EB80041000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B80B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EBEE245000
|
heap
|
page read and write
|
||
|
66BD000
|
stack
|
page read and write
|
||
|
15738FE000
|
stack
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
13F3000
|
heap
|
page read and write
|
||
|
5690000
|
heap
|
page read and write
|
||
|
1573DFE000
|
stack
|
page read and write
|
||
|
1EB90AE4000
|
trusted library allocation
|
page read and write
|
||
|
64AE000
|
heap
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B994000
|
trusted library allocation
|
page read and write
|
||
|
1EBEDF10000
|
heap
|
page read and write
|
||
|
5693000
|
heap
|
page read and write
|
||
|
1720000
|
trusted library allocation
|
page read and write
|
||
|
419A000
|
trusted library allocation
|
page read and write
|
||
|
1EBF05A7000
|
heap
|
page read and write
|
||
|
1EB800C8000
|
trusted library allocation
|
page read and write
|
||
|
1EBEE180000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7F2000
|
trusted library allocation
|
page read and write
|
||
|
1EBF0500000
|
heap
|
page read and write
|
||
|
558E000
|
trusted library allocation
|
page read and write
|
||
|
1EBF05C3000
|
heap
|
page read and write
|
||
|
7FFD9B7F0000
|
trusted library allocation
|
page read and write
|
||
|
13A6000
|
heap
|
page read and write
|
||
|
7FFD9B9D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
522D000
|
stack
|
page read and write
|
||
|
1EBF055B000
|
heap
|
page read and write
|
||
|
178C000
|
stack
|
page read and write
|
||
|
1790000
|
trusted library allocation
|
page read and write
|
||
|
1420000
|
heap
|
page read and write
|
||
|
6D0E000
|
stack
|
page read and write
|
||
|
6918000
|
trusted library allocation
|
page read and write
|
||
|
1710000
|
trusted library allocation
|
page execute and read and write
|
||
|
1460000
|
trusted library allocation
|
page read and write
|
||
|
4159000
|
trusted library allocation
|
page read and write
|
||
|
1EBEDFD1000
|
heap
|
page read and write
|
||
|
15742FD000
|
stack
|
page read and write
|
||
|
13D8000
|
heap
|
page read and write
|
||
|
1EBEFAE0000
|
heap
|
page read and write
|
||
|
148A000
|
trusted library allocation
|
page execute and read and write
|
||
|
15735F3000
|
stack
|
page read and write
|
||
|
6910000
|
trusted library allocation
|
page read and write
|
||
|
69EE000
|
stack
|
page read and write
|
||
|
6940000
|
trusted library allocation
|
page read and write
|
||
|
67BE000
|
stack
|
page read and write
|
||
|
7FFD9B896000
|
trusted library allocation
|
page read and write
|
There are 208 hidden memdumps, click here to show them.