Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_1c947923c97269e597942e7aece28a80f0f0d23f_edd3b515_41559515-5a2b-4554-8fce-fd8cbc9dc473\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nexus.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Sat Dec 7 08:10:35
2019, mtime=Thu Oct 31 19:08:41 2024, atime=Sat Dec 7 08:10:35 2019, length=2759232, window=hide
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER13B0.tmp.dmp
|
Mini DuMP crash report, 16 streams, Thu Oct 31 20:08:42 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER16ED.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER173C.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_04yxs52c.woi.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4fjm5qhp.cyo.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4stnc4pu.iwx.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_monl2q3j.jvp.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uvuvjwne.55f.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wbxkkdip.byd.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 4 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\file.exe"
-Force
|
|
|
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
|
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
|
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell -Command "$ws = New-Object -ComObject WScript.Shell; $s = $ws.CreateShortcut('C:\Users\user\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\Nexus.lnk'); $s.TargetPath = 'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe'; $s.Save()"
|
|
|
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
|
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 1600 -s 1060
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 2 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
|
|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
|
|
|
https://go.micro
|
unknown
|
|
|
|
https://github.com/Pester/Pester
|
unknown
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://oneget.orgX
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://oneget.org
|
unknown
|
There are 5 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
18.31.95.13.in-addr.arpa
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.196.10.218
|
unknown
|
Switzerland
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
|
EnableLUA
|
|
|
|
\REGISTRY\A\{c7023f3d-207d-5ce6-270b-8d0070dae59d}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
|
ProgramId
|
|
|
|
\REGISTRY\A\{c7023f3d-207d-5ce6-270b-8d0070dae59d}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
|
FileId
|
|
|
|
\REGISTRY\A\{c7023f3d-207d-5ce6-270b-8d0070dae59d}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
|
LowerCaseLongPath
|
|
|
|
\REGISTRY\A\{c7023f3d-207d-5ce6-270b-8d0070dae59d}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
|
LongPathHash
|
|
|
|
\REGISTRY\A\{c7023f3d-207d-5ce6-270b-8d0070dae59d}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
|
Name
|
|
|
|
\REGISTRY\A\{c7023f3d-207d-5ce6-270b-8d0070dae59d}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
|
OriginalFileName
|
|
|
|
\REGISTRY\A\{c7023f3d-207d-5ce6-270b-8d0070dae59d}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
|
Publisher
|
|
|
|
\REGISTRY\A\{c7023f3d-207d-5ce6-270b-8d0070dae59d}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
|
Version
|
|
|
|
\REGISTRY\A\{c7023f3d-207d-5ce6-270b-8d0070dae59d}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
|
BinFileVersion
|
|
|
|
\REGISTRY\A\{c7023f3d-207d-5ce6-270b-8d0070dae59d}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
|
BinaryType
|
|
|
|
\REGISTRY\A\{c7023f3d-207d-5ce6-270b-8d0070dae59d}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
|
ProductName
|
|
|
|
\REGISTRY\A\{c7023f3d-207d-5ce6-270b-8d0070dae59d}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
|
ProductVersion
|
|
|
|
\REGISTRY\A\{c7023f3d-207d-5ce6-270b-8d0070dae59d}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
|
LinkDate
|
|
|
|
\REGISTRY\A\{c7023f3d-207d-5ce6-270b-8d0070dae59d}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
|
BinProductVersion
|
|
|
|
\REGISTRY\A\{c7023f3d-207d-5ce6-270b-8d0070dae59d}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
|
AppxPackageFullName
|
|
|
|
\REGISTRY\A\{c7023f3d-207d-5ce6-270b-8d0070dae59d}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
|
AppxPackageRelativeId
|
|
|
|
\REGISTRY\A\{c7023f3d-207d-5ce6-270b-8d0070dae59d}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
|
Size
|
|
|
|
\REGISTRY\A\{c7023f3d-207d-5ce6-270b-8d0070dae59d}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
|
Language
|
|
|
|
\REGISTRY\A\{c7023f3d-207d-5ce6-270b-8d0070dae59d}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
|
Usn
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance
|
Enabled
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018000DDABBE6B3
|
There are 15 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
22781CC8000
|
trusted library allocation
|
page read and write
|
|
|
|
28C6F6C0000
|
heap
|
page read and write
|
||
|
7FFD34534000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34570000
|
trusted library allocation
|
page read and write
|
||
|
28C57175000
|
heap
|
page read and write
|
||
|
9F9C7FD000
|
stack
|
page read and write
|
||
|
C000004000
|
direct allocation
|
page read and write
|
||
|
C000044000
|
direct allocation
|
page read and write
|
||
|
C000031000
|
direct allocation
|
page read and write
|
||
|
2279A172000
|
heap
|
page read and write
|
||
|
17EE1210000
|
direct allocation
|
page read and write
|
||
|
9F9D84F000
|
stack
|
page read and write
|
||
|
C0000BC000
|
direct allocation
|
page read and write
|
||
|
22793569000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34626000
|
trusted library allocation
|
page read and write
|
||
|
17E9BFB0000
|
direct allocation
|
page read and write
|
||
|
2279A730000
|
heap
|
page read and write
|
||
|
7FFD34572000
|
trusted library allocation
|
page read and write
|
||
|
C0000A6000
|
direct allocation
|
page read and write
|
||
|
28C58DA5000
|
trusted library allocation
|
page read and write
|
||
|
2279A160000
|
heap
|
page read and write
|
||
|
28779FF000
|
stack
|
page read and write
|
||
|
8E858FE000
|
stack
|
page read and write
|
||
|
C000006000
|
direct allocation
|
page read and write
|
||
|
7FFD347D0000
|
trusted library allocation
|
page read and write
|
||
|
C000194000
|
direct allocation
|
page read and write
|
||
|
C00005C000
|
direct allocation
|
page read and write
|
||
|
C00000E000
|
direct allocation
|
page read and write
|
||
|
7FFD34729000
|
trusted library allocation
|
page read and write
|
||
|
C00004D000
|
direct allocation
|
page read and write
|
||
|
28C58B79000
|
trusted library allocation
|
page read and write
|
||
|
C00008A000
|
direct allocation
|
page read and write
|
||
|
22781930000
|
heap
|
page read and write
|
||
|
7FFD345E6000
|
trusted library allocation
|
page read and write
|
||
|
C0000B2000
|
direct allocation
|
page read and write
|
||
|
28C6F4C0000
|
heap
|
page read and write
|
||
|
9F9C77E000
|
stack
|
page read and write
|
||
|
49DC3FF000
|
stack
|
page read and write
|
||
|
C000073000
|
direct allocation
|
page read and write
|
||
|
28C6F6B0000
|
heap
|
page execute and read and write
|
||
|
28C6F981000
|
heap
|
page read and write
|
||
|
C000188000
|
direct allocation
|
page read and write
|
||
|
9F9C3EE000
|
stack
|
page read and write
|
||
|
C000078000
|
direct allocation
|
page read and write
|
||
|
227FF190000
|
unkown
|
page readonly
|
||
|
7FFD34533000
|
trusted library allocation
|
page execute and read and write
|
||
|
227FF5E0000
|
heap
|
page read and write
|
||
|
9F9CBFE000
|
stack
|
page read and write
|
||
|
28C58AF2000
|
trusted library allocation
|
page read and write
|
||
|
8E852FF000
|
stack
|
page read and write
|
||
|
C000180000
|
direct allocation
|
page read and write
|
||
|
8E84DFE000
|
stack
|
page read and write
|
||
|
7FFD3458D000
|
trusted library allocation
|
page execute and read and write
|
||
|
C0000BE000
|
direct allocation
|
page read and write
|
||
|
C0000D0000
|
direct allocation
|
page read and write
|
||
|
1EF70403000
|
heap
|
page read and write
|
||
|
7FFD34594000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34714000
|
trusted library allocation
|
page read and write
|
||
|
1EF71D00000
|
direct allocation
|
page read and write
|
||
|
28C556C0000
|
trusted library allocation
|
page read and write
|
||
|
C0001A3000
|
direct allocation
|
page read and write
|
||
|
7FFD34540000
|
trusted library allocation
|
page read and write
|
||
|
28C55503000
|
heap
|
page read and write
|
||
|
227819CC000
|
trusted library allocation
|
page read and write
|
||
|
28C55770000
|
trusted library allocation
|
page read and write
|
||
|
227FF2C1000
|
heap
|
page read and write
|
||
|
7FFD34717000
|
trusted library allocation
|
page read and write
|
||
|
1EF71CC0000
|
direct allocation
|
page read and write
|
||
|
C00004B000
|
direct allocation
|
page read and write
|
||
|
28C554FB000
|
heap
|
page read and write
|
||
|
C000028000
|
direct allocation
|
page read and write
|
||
|
C0001A9000
|
direct allocation
|
page read and write
|
||
|
7FFD345EC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34656000
|
trusted library allocation
|
page execute and read and write
|
||
|
227FF450000
|
heap
|
page read and write
|
||
|
1EF70350000
|
heap
|
page read and write
|
||
|
22799970000
|
trusted library allocation
|
page read and write
|
||
|
C000184000
|
direct allocation
|
page read and write
|
||
|
C000076000
|
direct allocation
|
page read and write
|
||
|
22792F49000
|
trusted library allocation
|
page read and write
|
||
|
9F9CA79000
|
stack
|
page read and write
|
||
|
C000080000
|
direct allocation
|
page read and write
|
||
|
C000092000
|
direct allocation
|
page read and write
|
||
|
227FF2EC000
|
heap
|
page read and write
|
||
|
7FFD34800000
|
trusted library allocation
|
page read and write
|
||
|
1EF703F4000
|
heap
|
page read and write
|
||
|
28C590F0000
|
trusted library allocation
|
page read and write
|
||
|
9F9CC7F000
|
stack
|
page read and write
|
||
|
8E853FE000
|
stack
|
page read and write
|
||
|
28C6F9AF000
|
heap
|
page read and write
|
||
|
28C55680000
|
heap
|
page read and write
|
||
|
C00006E000
|
direct allocation
|
page read and write
|
||
|
C00001C000
|
direct allocation
|
page read and write
|
||
|
1EF703D8000
|
heap
|
page read and write
|
||
|
C000111000
|
direct allocation
|
page read and write
|
||
|
7FFD34890000
|
trusted library allocation
|
page read and write
|
||
|
C00005E000
|
direct allocation
|
page read and write
|
||
|
C000082000
|
direct allocation
|
page read and write
|
||
|
1EF71CCB000
|
direct allocation
|
page read and write
|
||
|
17E9BFB8000
|
direct allocation
|
page read and write
|
||
|
7FFD34790000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34650000
|
trusted library allocation
|
page execute and read and write
|
||
|
C000086000
|
direct allocation
|
page read and write
|
||
|
22791941000
|
trusted library allocation
|
page read and write
|
||
|
28C590EC000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3462C000
|
trusted library allocation
|
page execute and read and write
|
||
|
28C55450000
|
heap
|
page read and write
|
||
|
22781941000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34850000
|
trusted library allocation
|
page read and write
|
||
|
2877BFF000
|
stack
|
page read and write
|
||
|
7FFD34740000
|
trusted library allocation
|
page read and write
|
||
|
C00000C000
|
direct allocation
|
page read and write
|
||
|
C000096000
|
direct allocation
|
page read and write
|
||
|
C0000A2000
|
direct allocation
|
page read and write
|
||
|
C000016000
|
direct allocation
|
page read and write
|
||
|
7FFD346D0000
|
trusted library allocation
|
page read and write
|
||
|
28C6F6B6000
|
heap
|
page execute and read and write
|
||
|
7FFD34630000
|
trusted library allocation
|
page execute and read and write
|
||
|
28C55733000
|
trusted library allocation
|
page read and write
|
||
|
1EF71D17000
|
direct allocation
|
page read and write
|
||
|
17E9BFBC000
|
direct allocation
|
page read and write
|
||
|
28C6F6E0000
|
heap
|
page read and write
|
||
|
9F9C8FE000
|
stack
|
page read and write
|
||
|
7FFD34770000
|
trusted library allocation
|
page read and write
|
||
|
1EF703FB000
|
heap
|
page read and write
|
||
|
28C55730000
|
trusted library allocation
|
page read and write
|
||
|
28C6F4FE000
|
heap
|
page read and write
|
||
|
7FFD34720000
|
trusted library allocation
|
page read and write
|
||
|
9F9C6FE000
|
stack
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
28C557D0000
|
heap
|
page execute and read and write
|
||
|
62D000
|
remote allocation
|
page execute and read and write
|
||
|
1EF703FE000
|
heap
|
page read and write
|
||
|
28C6F96D000
|
heap
|
page read and write
|
||
|
7FFD346EA000
|
trusted library allocation
|
page read and write
|
||
|
227FF192000
|
unkown
|
page readonly
|
||
|
1EF71F30000
|
heap
|
page read and write
|
||
|
7FFD34770000
|
trusted library allocation
|
page read and write
|
||
|
17EE12B0000
|
direct allocation
|
page read and write
|
||
|
C00019C000
|
direct allocation
|
page read and write
|
||
|
28C557F0000
|
heap
|
page read and write
|
||
|
1EF70403000
|
heap
|
page read and write
|
||
|
8E857FE000
|
stack
|
page read and write
|
||
|
28C576F2000
|
trusted library allocation
|
page read and write
|
||
|
28C556E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34730000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34574000
|
trusted library allocation
|
page read and write
|
||
|
C000012000
|
direct allocation
|
page read and write
|
||
|
17E9BE70000
|
heap
|
page read and write
|
||
|
28C6753B000
|
trusted library allocation
|
page read and write
|
||
|
C00002A000
|
direct allocation
|
page read and write
|
||
|
9F9CB7A000
|
stack
|
page read and write
|
||
|
C000010000
|
direct allocation
|
page read and write
|
||
|
227FF250000
|
heap
|
page read and write
|
||
|
28C674C1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34720000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD345E0000
|
trusted library allocation
|
page read and write
|
||
|
C000018000
|
direct allocation
|
page read and write
|
||
|
1EF703FD000
|
heap
|
page read and write
|
||
|
C0000BA000
|
direct allocation
|
page read and write
|
||
|
227FF220000
|
heap
|
page read and write
|
||
|
7FFD34860000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34760000
|
trusted library allocation
|
page execute and read and write
|
||
|
C0001A7000
|
direct allocation
|
page read and write
|
||
|
7FFD345CC000
|
trusted library allocation
|
page execute and read and write
|
||
|
C00002C000
|
direct allocation
|
page read and write
|
||
|
28C555A1000
|
heap
|
page read and write
|
||
|
C000104000
|
direct allocation
|
page read and write
|
||
|
28C58D4A000
|
trusted library allocation
|
page read and write
|
||
|
C00000A000
|
direct allocation
|
page read and write
|
||
|
7FFD34690000
|
trusted library allocation
|
page execute and read and write
|
||
|
28C55440000
|
heap
|
page read and write
|
||
|
17E9BE45000
|
heap
|
page read and write
|
||
|
9F9C97D000
|
stack
|
page read and write
|
||
|
28C554E4000
|
heap
|
page read and write
|
||
|
28C6F55D000
|
heap
|
page read and write
|
||
|
227FF4C5000
|
heap
|
page read and write
|
||
|
9F9C3A3000
|
stack
|
page read and write
|
||
|
7FFD3459B000
|
trusted library allocation
|
page execute and read and write
|
||
|
17E9BE40000
|
heap
|
page read and write
|
||
|
7FFD34880000
|
trusted library allocation
|
page read and write
|
||
|
9F9CAF7000
|
stack
|
page read and write
|
||
|
1EF703D0000
|
heap
|
page read and write
|
||
|
C000002000
|
direct allocation
|
page read and write
|
||
|
227FF2EA000
|
heap
|
page read and write
|
||
|
9F9C67E000
|
stack
|
page read and write
|
||
|
7FFD34580000
|
trusted library allocation
|
page read and write
|
||
|
28C570D0000
|
heap
|
page read and write
|
||
|
695000
|
remote allocation
|
page execute and read and write
|
||
|
C000056000
|
direct allocation
|
page read and write
|
||
|
7FFD34582000
|
trusted library allocation
|
page read and write
|
||
|
17EE1233000
|
direct allocation
|
page read and write
|
||
|
8E854FE000
|
stack
|
page read and write
|
||
|
9F9CD7E000
|
stack
|
page read and write
|
||
|
227FF2F3000
|
heap
|
page read and write
|
||
|
1EF70270000
|
heap
|
page read and write
|
||
|
28C6F98F000
|
heap
|
page read and write
|
||
|
C000084000
|
direct allocation
|
page read and write
|
||
|
C00008C000
|
direct allocation
|
page read and write
|
||
|
22792C9E000
|
trusted library allocation
|
page read and write
|
||
|
22792B58000
|
trusted library allocation
|
page read and write
|
||
|
C00018A000
|
direct allocation
|
page read and write
|
||
|
17E9BE50000
|
heap
|
page read and write
|
||
|
227817F0000
|
trusted library allocation
|
page read and write
|
||
|
C00010D000
|
direct allocation
|
page read and write
|
||
|
8E850FC000
|
stack
|
page read and write
|
||
|
17E9BF70000
|
heap
|
page read and write
|
||
|
17EE1270000
|
direct allocation
|
page read and write
|
||
|
7FFD347E0000
|
trusted library allocation
|
page read and write
|
||
|
28C674CF000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34587000
|
trusted library allocation
|
page read and write
|
||
|
2279A240000
|
trusted library section
|
page read and write
|
||
|
C000090000
|
direct allocation
|
page read and write
|
||
|
699000
|
remote allocation
|
page execute and read and write
|
||
|
C000049000
|
direct allocation
|
page read and write
|
||
|
7FFD34616000
|
trusted library allocation
|
page execute and read and write
|
||
|
28C6F514000
|
heap
|
page read and write
|
||
|
9F9D7CE000
|
stack
|
page read and write
|
||
|
C0000B8000
|
direct allocation
|
page read and write
|
||
|
17E9BFBA000
|
direct allocation
|
page read and write
|
||
|
C000038000
|
direct allocation
|
page read and write
|
||
|
7FFD34620000
|
trusted library allocation
|
page read and write
|
||
|
17EE1230000
|
direct allocation
|
page read and write
|
||
|
1EF703E7000
|
heap
|
page read and write
|
||
|
7FFD346E1000
|
trusted library allocation
|
page read and write
|
||
|
28C554B0000
|
heap
|
page read and write
|
||
|
28C6F9A3000
|
heap
|
page read and write
|
||
|
C00003F000
|
direct allocation
|
page read and write
|
||
|
7FFD34740000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34750000
|
trusted library allocation
|
page read and write
|
||
|
1EF70403000
|
heap
|
page read and write
|
||
|
28C55546000
|
heap
|
page read and write
|
||
|
7DF4A8350000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34590000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3475D000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3459D000
|
trusted library allocation
|
page execute and read and write
|
||
|
28C55470000
|
heap
|
page read and write
|
||
|
1EF70370000
|
heap
|
page read and write
|
||
|
C0000A0000
|
direct allocation
|
page read and write
|
||
|
C00008E000
|
direct allocation
|
page read and write
|
||
|
49DB7FC000
|
stack
|
page read and write
|
||
|
28C67671000
|
trusted library allocation
|
page read and write
|
||
|
28C6F98C000
|
heap
|
page read and write
|
||
|
C0000AE000
|
direct allocation
|
page read and write
|
||
|
7FFD34573000
|
trusted library allocation
|
page execute and read and write
|
||
|
C00001E000
|
direct allocation
|
page read and write
|
||
|
C0000D2000
|
direct allocation
|
page read and write
|
||
|
C0000E2000
|
direct allocation
|
page read and write
|
||
|
22781982000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34730000
|
trusted library allocation
|
page read and write
|
||
|
227FF230000
|
heap
|
page read and write
|
||
|
22781803000
|
trusted library allocation
|
page read and write
|
||
|
28C57170000
|
heap
|
page read and write
|
||
|
17E9BE78000
|
heap
|
page read and write
|
||
|
22793969000
|
trusted library allocation
|
page read and write
|
||
|
22791947000
|
trusted library allocation
|
page read and write
|
||
|
C000052000
|
direct allocation
|
page read and write
|
||
|
28C6F960000
|
heap
|
page read and write
|
||
|
22792949000
|
trusted library allocation
|
page read and write
|
||
|
7FFD347B0000
|
trusted library allocation
|
page read and write
|
||
|
2279A147000
|
heap
|
page read and write
|
||
|
22781800000
|
trusted library allocation
|
page read and write
|
||
|
9F9CDFB000
|
stack
|
page read and write
|
||
|
28C58D1F000
|
trusted library allocation
|
page read and write
|
||
|
28777FA000
|
stack
|
page read and write
|
||
|
49DBDFF000
|
stack
|
page read and write
|
||
|
C000098000
|
direct allocation
|
page read and write
|
||
|
C0000D7000
|
direct allocation
|
page read and write
|
||
|
C000106000
|
direct allocation
|
page read and write
|
||
|
28C57130000
|
heap
|
page execute and read and write
|
||
|
28C55509000
|
heap
|
page read and write
|
||
|
1EF703FF000
|
heap
|
page read and write
|
||
|
8E84FFF000
|
stack
|
page read and write
|
||
|
7FFD3457D000
|
trusted library allocation
|
page execute and read and write
|
||
|
28C55542000
|
heap
|
page read and write
|
||
|
7FFD34810000
|
trusted library allocation
|
page read and write
|
||
|
28C554FF000
|
heap
|
page read and write
|
||
|
8E84EFE000
|
stack
|
page read and write
|
||
|
227817D0000
|
trusted library allocation
|
page read and write
|
||
|
227FF367000
|
heap
|
page read and write
|
||
|
7FFD34780000
|
trusted library allocation
|
page read and write
|
||
|
17E9BFA0000
|
heap
|
page readonly
|
||
|
28C6F4FC000
|
heap
|
page read and write
|
||
|
28C5717A000
|
heap
|
page read and write
|
||
|
227FF196000
|
unkown
|
page readonly
|
||
|
C0000DB000
|
direct allocation
|
page read and write
|
||
|
C00010F000
|
direct allocation
|
page read and write
|
||
|
17E9BE7E000
|
heap
|
page read and write
|
||
|
17E9BD60000
|
heap
|
page read and write
|
||
|
7FFD34712000
|
trusted library allocation
|
page read and write
|
||
|
49DC1FE000
|
stack
|
page read and write
|
||
|
7FFD34830000
|
trusted library allocation
|
page read and write
|
||
|
227FF2BF000
|
heap
|
page read and write
|
||
|
C000094000
|
direct allocation
|
page read and write
|
||
|
C000023000
|
direct allocation
|
page read and write
|
||
|
22791951000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34870000
|
trusted library allocation
|
page read and write
|
||
|
28C6F5B5000
|
heap
|
page read and write
|
||
|
6DF000
|
remote allocation
|
page execute and read and write
|
||
|
9F9C9F7000
|
stack
|
page read and write
|
||
|
28C6F9DE000
|
heap
|
page read and write
|
||
|
8E84CF3000
|
stack
|
page read and write
|
||
|
C0000B6000
|
direct allocation
|
page read and write
|
||
|
28C5551B000
|
heap
|
page read and write
|
||
|
28C6F950000
|
heap
|
page read and write
|
||
|
7FFD346F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD3454B000
|
trusted library allocation
|
page read and write
|
||
|
C000014000
|
direct allocation
|
page read and write
|
||
|
227FF4C0000
|
heap
|
page read and write
|
||
|
28C557F5000
|
heap
|
page read and write
|
||
|
7FFD34750000
|
trusted library allocation
|
page read and write
|
||
|
28C6752F000
|
trusted library allocation
|
page read and write
|
||
|
1EF706A0000
|
heap
|
page read and write
|
||
|
227818D0000
|
heap
|
page execute and read and write
|
||
|
28C5754A000
|
trusted library allocation
|
page read and write
|
||
|
C000190000
|
direct allocation
|
page read and write
|
||
|
C0000B4000
|
direct allocation
|
page read and write
|
||
|
2279A110000
|
heap
|
page read and write
|
||
|
28C556F0000
|
heap
|
page readonly
|
||
|
49DBFFE000
|
stack
|
page read and write
|
||
|
C00007C000
|
direct allocation
|
page read and write
|
||
|
7FFD34820000
|
trusted library allocation
|
page read and write
|
||
|
C000058000
|
direct allocation
|
page read and write
|
||
|
7FFD3453D000
|
trusted library allocation
|
page execute and read and write
|
||
|
28C6F98A000
|
heap
|
page read and write
|
||
|
7FFD347C0000
|
trusted library allocation
|
page read and write
|
||
|
C00003D000
|
direct allocation
|
page read and write
|
||
|
1EF703A0000
|
heap
|
page read and write
|
||
|
C00010A000
|
direct allocation
|
page read and write
|
||
|
C0000D9000
|
direct allocation
|
page read and write
|
||
|
28C574C1000
|
trusted library allocation
|
page read and write
|
||
|
227FF2AC000
|
heap
|
page read and write
|
||
|
2279A230000
|
heap
|
page execute and read and write
|
||
|
C00018E000
|
direct allocation
|
page read and write
|
||
|
227FF280000
|
heap
|
page read and write
|
||
|
7FFD34532000
|
trusted library allocation
|
page read and write
|
||
|
28C56FA9000
|
heap
|
page read and write
|
||
|
227FF5E5000
|
heap
|
page read and write
|
||
|
7FFD3474E000
|
trusted library allocation
|
page read and write
|
||
|
28C58B7B000
|
trusted library allocation
|
page read and write
|
||
|
227FF28C000
|
heap
|
page read and write
|
||
|
22794369000
|
trusted library allocation
|
page read and write
|
||
|
17E9BFB4000
|
direct allocation
|
page read and write
|
||
|
22781991000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34700000
|
trusted library allocation
|
page execute and read and write
|
||
|
28C6F97D000
|
heap
|
page read and write
|
||
|
C00019E000
|
direct allocation
|
page read and write
|
||
|
28C59027000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34840000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3458B000
|
trusted library allocation
|
page read and write
|
||
|
C0000C6000
|
direct allocation
|
page read and write
|
||
|
C00004F000
|
direct allocation
|
page read and write
|
||
|
7FFD34780000
|
trusted library allocation
|
page read and write
|
||
|
7FFD345F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34776000
|
trusted library allocation
|
page read and write
|
||
|
28C580F2000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34710000
|
trusted library allocation
|
page read and write
|
||
|
C00001A000
|
direct allocation
|
page read and write
|
||
|
7FFD347A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD347F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34760000
|
trusted library allocation
|
page read and write
|
||
|
9F9C87E000
|
stack
|
page read and write
|
There are 352 hidden memdumps, click here to show them.