Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
uEWHR2iblu.ps1
|
ASCII text, with very long lines (65312), with CRLF, LF line terminators
|
initial sample
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_powershell.exe_54fbedec6ccde30d8edfb4d9cdfdf4496eb42c_f0daf91c_8b7c30d9-4dd5-4e08-ba1f-6e603b9a30fd\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1AE8.tmp.dmp
|
Mini DuMP crash report, 14 streams, Mon Dec 23 11:36:14 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1FDB.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER200A.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4eeyybv3.ead.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ao51iryv.3tg.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_iavaccic.4yl.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vlntfxvg.giu.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_w5cpikiu.0b4.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xvbtkpm2.kcg.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\BX9XMVHZW7GE1X78X8W9.temp
|
data
|
dropped
|
||
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
\Device\ConDrv
|
ASCII text, with very long lines (352), with CRLF, LF line terminators
|
dropped
|
There are 6 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\uEWHR2iblu.ps1"
|
||
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -ex bypass -nonI C:\Users\user\Desktop\uEWHR2iblu.ps1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 3100
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://nuget.org/NuGet.exe
|
unknown
|
||
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
https://aka.ms/winsvr-2022-pshelp
|
unknown
|
||
http://pesterbdd.com/images/Pester.pngp
|
unknown
|
||
https://github.com/Pester/Pesterp
|
unknown
|
||
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
http://schemas.xmlsoap.org/soap/encoding/
|
unknown
|
||
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
http://pesterbdd.com/images/Pester.pngh
|
unknown
|
||
http://schemas.xmlsoap.org/wsdl/
|
unknown
|
||
https://contoso.com/
|
unknown
|
||
https://github.com/Pester/Pesterh
|
unknown
|
||
https://nuget.org/nuget.exe
|
unknown
|
||
https://contoso.com/License
|
unknown
|
||
http://www.apache.org/licenses/LICENSE-2.0.htmlh
|
unknown
|
||
https://contoso.com/Icon
|
unknown
|
||
https://oneget.orgx
|
unknown
|
||
http://upx.sf.net
|
unknown
|
||
https://aka.ms/pscore6
|
unknown
|
||
https://aka.ms/pscore68
|
unknown
|
||
http://www.apache.org/licenses/LICENSE-2.0.htmlp
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
https://github.com/Pester/Pester
|
unknown
|
||
https://oneget.org
|
unknown
|
There are 14 hidden URLs, click here to show them.
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
\REGISTRY\A\{ea04ec2e-a513-11e5-2ede-e132128e5c31}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
ProgramId
|
||
\REGISTRY\A\{ea04ec2e-a513-11e5-2ede-e132128e5c31}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
FileId
|
||
\REGISTRY\A\{ea04ec2e-a513-11e5-2ede-e132128e5c31}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
LowerCaseLongPath
|
||
\REGISTRY\A\{ea04ec2e-a513-11e5-2ede-e132128e5c31}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
LongPathHash
|
||
\REGISTRY\A\{ea04ec2e-a513-11e5-2ede-e132128e5c31}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
Name
|
||
\REGISTRY\A\{ea04ec2e-a513-11e5-2ede-e132128e5c31}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
OriginalFileName
|
||
\REGISTRY\A\{ea04ec2e-a513-11e5-2ede-e132128e5c31}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
Publisher
|
||
\REGISTRY\A\{ea04ec2e-a513-11e5-2ede-e132128e5c31}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
Version
|
||
\REGISTRY\A\{ea04ec2e-a513-11e5-2ede-e132128e5c31}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
BinFileVersion
|
||
\REGISTRY\A\{ea04ec2e-a513-11e5-2ede-e132128e5c31}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
BinaryType
|
||
\REGISTRY\A\{ea04ec2e-a513-11e5-2ede-e132128e5c31}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
ProductName
|
||
\REGISTRY\A\{ea04ec2e-a513-11e5-2ede-e132128e5c31}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
ProductVersion
|
||
\REGISTRY\A\{ea04ec2e-a513-11e5-2ede-e132128e5c31}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
LinkDate
|
||
\REGISTRY\A\{ea04ec2e-a513-11e5-2ede-e132128e5c31}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
BinProductVersion
|
||
\REGISTRY\A\{ea04ec2e-a513-11e5-2ede-e132128e5c31}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
AppxPackageFullName
|
||
\REGISTRY\A\{ea04ec2e-a513-11e5-2ede-e132128e5c31}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
AppxPackageRelativeId
|
||
\REGISTRY\A\{ea04ec2e-a513-11e5-2ede-e132128e5c31}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
Size
|
||
\REGISTRY\A\{ea04ec2e-a513-11e5-2ede-e132128e5c31}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
Language
|
||
\REGISTRY\A\{ea04ec2e-a513-11e5-2ede-e132128e5c31}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
IsOsComponent
|
||
\REGISTRY\A\{ea04ec2e-a513-11e5-2ede-e132128e5c31}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
|
Usn
|
There are 10 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
629B000
|
trusted library allocation
|
page read and write
|
||
6643000
|
trusted library allocation
|
page read and write
|
||
62E7000
|
trusted library allocation
|
page read and write
|
||
10016000
|
direct allocation
|
page execute read
|
||
1407E0D0000
|
heap
|
page read and write
|
||
75B4000
|
heap
|
page read and write
|
||
4FD6000
|
trusted library allocation
|
page read and write
|
||
734E000
|
stack
|
page read and write
|
||
752C000
|
heap
|
page read and write
|
||
7FFB11830000
|
trusted library allocation
|
page read and write
|
||
1401020A000
|
trusted library allocation
|
page read and write
|
||
140185FF000
|
heap
|
page read and write
|
||
140104A8000
|
trusted library allocation
|
page read and write
|
||
7FFB11B10000
|
trusted library allocation
|
page read and write
|
||
75C4000
|
heap
|
page read and write
|
||
7FFB11A70000
|
trusted library allocation
|
page read and write
|
||
8480000
|
trusted library allocation
|
page execute and read and write
|
||
89CC000
|
stack
|
page read and write
|
||
1407E1F5000
|
heap
|
page read and write
|
||
7FFB118E0000
|
trusted library allocation
|
page read and write
|
||
7FFB11710000
|
trusted library allocation
|
page read and write
|
||
32FD000
|
trusted library allocation
|
page read and write
|
||
8A10000
|
trusted library allocation
|
page read and write
|
||
2C70000
|
heap
|
page read and write
|
||
8B9B000
|
stack
|
page read and write
|
||
8D5F000
|
heap
|
page read and write
|
||
4FD0000
|
trusted library allocation
|
page read and write
|
||
AE20000
|
trusted library allocation
|
page read and write
|
||
8050000
|
trusted library allocation
|
page read and write
|
||
8EA0000
|
trusted library allocation
|
page read and write
|
||
7FFB11870000
|
trusted library allocation
|
page read and write
|
||
7FFB113FB000
|
trusted library allocation
|
page read and write
|
||
B0A1000
|
trusted library allocation
|
page read and write
|
||
7FFB116F0000
|
trusted library allocation
|
page execute and read and write
|
||
723E000
|
stack
|
page read and write
|
||
8EB0000
|
trusted library allocation
|
page execute and read and write
|
||
7FFB119C0000
|
trusted library allocation
|
page read and write
|
||
7FFB11B30000
|
trusted library allocation
|
page read and write
|
||
7FFB11A60000
|
trusted library allocation
|
page read and write
|
||
3398000
|
heap
|
page read and write
|
||
8150000
|
heap
|
page execute and read and write
|
||
7FFB11AA0000
|
trusted library allocation
|
page read and write
|
||
1401024D000
|
trusted library allocation
|
page read and write
|
||
8A60000
|
trusted library allocation
|
page read and write
|
||
8F00000
|
trusted library allocation
|
page execute and read and write
|
||
AFB0000
|
trusted library allocation
|
page read and write
|
||
7FFB11EB0000
|
trusted library allocation
|
page read and write
|
||
7FFB118AB000
|
trusted library allocation
|
page read and write
|
||
8B50000
|
trusted library allocation
|
page execute and read and write
|
||
8420000
|
trusted library allocation
|
page read and write
|
||
7F42000
|
heap
|
page read and write
|
||
1BBA7E000
|
stack
|
page read and write
|
||
7FFB11900000
|
trusted library allocation
|
page execute and read and write
|
||
14001BF8000
|
trusted library allocation
|
page read and write
|
||
14002156000
|
trusted library allocation
|
page read and write
|
||
1BBDBF000
|
stack
|
page read and write
|
||
1BBE3E000
|
stack
|
page read and write
|
||
3203000
|
trusted library allocation
|
page execute and read and write
|
||
8C5D000
|
heap
|
page read and write
|
||
8F31000
|
trusted library allocation
|
page read and write
|
||
894E000
|
stack
|
page read and write
|
||
1407E090000
|
heap
|
page read and write
|
||
B090000
|
trusted library allocation
|
page execute and read and write
|
||
1407E3D0000
|
trusted library allocation
|
page read and write
|
||
7FFB11A20000
|
trusted library allocation
|
page read and write
|
||
7DF454A60000
|
trusted library allocation
|
page execute and read and write
|
||
140001D0000
|
heap
|
page read and write
|
||
AB5E000
|
stack
|
page read and write
|
||
329E000
|
stack
|
page read and write
|
||
8A18000
|
trusted library allocation
|
page read and write
|
||
140023B3000
|
trusted library allocation
|
page read and write
|
||
9A30000
|
trusted library allocation
|
page execute and read and write
|
||
14018740000
|
heap
|
page execute and read and write
|
||
7FFB1168C000
|
trusted library allocation
|
page read and write
|
||
7FFB11CC0000
|
trusted library allocation
|
page read and write
|
||
3300000
|
trusted library allocation
|
page read and write
|
||
14018566000
|
heap
|
page read and write
|
||
7FFB11740000
|
trusted library allocation
|
page execute and read and write
|
||
7FFB11680000
|
trusted library allocation
|
page read and write
|
||
8A90000
|
trusted library allocation
|
page read and write
|
||
7FFB11A30000
|
trusted library allocation
|
page read and write
|
||
7FFB11D80000
|
trusted library allocation
|
page read and write
|
||
8EF0000
|
trusted library allocation
|
page read and write
|
||
8FFD000
|
stack
|
page read and write
|
||
7520000
|
heap
|
page read and write
|
||
1407E010000
|
heap
|
page read and write
|
||
A119000
|
trusted library allocation
|
page read and write
|
||
4FAD000
|
stack
|
page read and write
|
||
9AD5000
|
trusted library allocation
|
page read and write
|
||
7409000
|
stack
|
page read and write
|
||
3190000
|
heap
|
page read and write
|
||
14018540000
|
heap
|
page read and write
|
||
3213000
|
trusted library allocation
|
page read and write
|
||
8B00000
|
trusted library allocation
|
page read and write
|
||
3380000
|
heap
|
page read and write
|
||
1407E1B9000
|
heap
|
page read and write
|
||
B0C0000
|
trusted library allocation
|
page read and write
|
||
8450000
|
trusted library allocation
|
page execute and read and write
|
||
140182F6000
|
heap
|
page read and write
|
||
140103AD000
|
trusted library allocation
|
page read and write
|
||
1BBD36000
|
stack
|
page read and write
|
||
1401837D000
|
heap
|
page read and write
|
||
B060000
|
trusted library allocation
|
page read and write
|
||
8080000
|
trusted library allocation
|
page read and write
|
||
B121000
|
trusted library allocation
|
page read and write
|
||
8070000
|
trusted library allocation
|
page read and write
|
||
7FFB11650000
|
trusted library allocation
|
page read and write
|
||
B8B0000
|
heap
|
page read and write
|
||
9A91000
|
trusted library allocation
|
page read and write
|
||
7FFB118A0000
|
trusted library allocation
|
page read and write
|
||
ACB0000
|
trusted library allocation
|
page read and write
|
||
31F0000
|
heap
|
page read and write
|
||
344A000
|
heap
|
page read and write
|
||
140185C0000
|
heap
|
page read and write
|
||
1407E1B1000
|
heap
|
page read and write
|
||
8FA0000
|
trusted library allocation
|
page read and write
|
||
80DE000
|
trusted library allocation
|
page read and write
|
||
1401024A000
|
trusted library allocation
|
page read and write
|
||
AC67000
|
trusted library allocation
|
page read and write
|
||
1BB87E000
|
stack
|
page read and write
|
||
7524000
|
heap
|
page read and write
|
||
A1E6000
|
trusted library allocation
|
page read and write
|
||
322A000
|
trusted library allocation
|
page execute and read and write
|
||
50B1000
|
trusted library allocation
|
page read and write
|
||
3388000
|
heap
|
page read and write
|
||
8170000
|
trusted library allocation
|
page read and write
|
||
8AD0000
|
trusted library allocation
|
page read and write
|
||
1401040D000
|
trusted library allocation
|
page read and write
|
||
8060000
|
trusted library allocation
|
page read and write
|
||
6112000
|
trusted library allocation
|
page read and write
|
||
1BBC34000
|
stack
|
page read and write
|
||
8AB0000
|
trusted library allocation
|
page read and write
|
||
50A9000
|
heap
|
page read and write
|
||
7FFB11DE0000
|
trusted library allocation
|
page read and write
|
||
5207000
|
trusted library allocation
|
page read and write
|
||
1407FB30000
|
heap
|
page read and write
|
||
8F10000
|
trusted library allocation
|
page read and write
|
||
B0B0000
|
trusted library allocation
|
page read and write
|
||
7FFB11600000
|
trusted library allocation
|
page read and write
|
||
AFD0000
|
trusted library allocation
|
page execute and read and write
|
||
AFF0000
|
trusted library allocation
|
page execute and read and write
|
||
8470000
|
trusted library allocation
|
page read and write
|
||
B870000
|
trusted library allocation
|
page read and write
|
||
8C4E000
|
heap
|
page read and write
|
||
8BA0000
|
trusted library allocation
|
page read and write
|
||
320D000
|
trusted library allocation
|
page execute and read and write
|
||
7FFB11EA0000
|
trusted library allocation
|
page read and write
|
||
9020000
|
trusted library allocation
|
page execute and read and write
|
||
7FFB11CB0000
|
trusted library allocation
|
page read and write
|
||
1BC90E000
|
stack
|
page read and write
|
||
7FFB11C10000
|
trusted library allocation
|
page read and write
|
||
8A30000
|
trusted library allocation
|
page read and write
|
||
7518000
|
heap
|
page read and write
|
||
2CFC000
|
stack
|
page read and write
|
||
8A80000
|
trusted library allocation
|
page read and write
|
||
1407E1AA000
|
heap
|
page read and write
|
||
14000070000
|
trusted library allocation
|
page read and write
|
||
14018537000
|
heap
|
page execute and read and write
|
||
7FFB116C0000
|
trusted library allocation
|
page read and write
|
||
1401864B000
|
heap
|
page read and write
|
||
3230000
|
trusted library allocation
|
page read and write
|
||
1401042D000
|
trusted library allocation
|
page read and write
|
||
2DBE000
|
unkown
|
page read and write
|
||
9A50000
|
trusted library allocation
|
page read and write
|
||
744E000
|
stack
|
page read and write
|
||
7FFB11667000
|
trusted library allocation
|
page read and write
|
||
750C000
|
stack
|
page read and write
|
||
7FFB11580000
|
trusted library allocation
|
page read and write
|
||
AAA6000
|
trusted library allocation
|
page read and write
|
||
33C6000
|
heap
|
page read and write
|
||
1407E405000
|
heap
|
page read and write
|
||
7FFB11A80000
|
trusted library allocation
|
page read and write
|
||
1407E1CB000
|
heap
|
page read and write
|
||
1407DEC0000
|
heap
|
page read and write
|
||
751C000
|
heap
|
page read and write
|
||
7FFB11D50000
|
trusted library allocation
|
page read and write
|
||
14002066000
|
trusted library allocation
|
page read and write
|
||
7FFB11840000
|
trusted library allocation
|
page read and write
|
||
14000150000
|
heap
|
page execute and read and write
|
||
7FFB11839000
|
trusted library allocation
|
page read and write
|
||
7FFB11626000
|
trusted library allocation
|
page read and write
|
||
33BA000
|
heap
|
page read and write
|
||
9010000
|
trusted library allocation
|
page execute and read and write
|
||
71AE000
|
stack
|
page read and write
|
||
8100000
|
trusted library allocation
|
page read and write
|
||
14018353000
|
heap
|
page read and write
|
||
7FFB113F7000
|
trusted library allocation
|
page read and write
|
||
8B20000
|
trusted library allocation
|
page read and write
|
||
1BBF39000
|
stack
|
page read and write
|
||
7FFB11720000
|
trusted library allocation
|
page read and write
|
||
7FFB11B00000
|
trusted library allocation
|
page read and write
|
||
1BBBBE000
|
stack
|
page read and write
|
||
72CD000
|
stack
|
page read and write
|
||
310E000
|
stack
|
page read and write
|
||
14001FE0000
|
trusted library allocation
|
page read and write
|
||
1401056E000
|
trusted library allocation
|
page read and write
|
||
71B0000
|
heap
|
page execute and read and write
|
||
7FFB11490000
|
trusted library allocation
|
page read and write
|
||
8A40000
|
trusted library allocation
|
page read and write
|
||
B0AD000
|
trusted library allocation
|
page read and write
|
||
3305000
|
trusted library allocation
|
page read and write
|
||
7FFB11E90000
|
trusted library allocation
|
page read and write
|
||
60D2000
|
trusted library allocation
|
page read and write
|
||
140101F1000
|
trusted library allocation
|
page read and write
|
||
8E20000
|
trusted library allocation
|
page execute and read and write
|
||
8AE0000
|
trusted library allocation
|
page read and write
|
||
1BBCB7000
|
stack
|
page read and write
|
||
8E10000
|
trusted library allocation
|
page read and write
|
||
7FFB11C40000
|
trusted library allocation
|
page read and write
|
||
1401864E000
|
heap
|
page read and write
|
||
14001812000
|
trusted library allocation
|
page read and write
|
||
76B0000
|
heap
|
page read and write
|
||
748B000
|
stack
|
page read and write
|
||
7FFB1169A000
|
trusted library allocation
|
page read and write
|
||
7FFB11DF0000
|
trusted library allocation
|
page read and write
|
||
ADF0000
|
trusted library allocation
|
page execute and read and write
|
||
1407E1AD000
|
heap
|
page read and write
|
||
7FFB11BD0000
|
trusted library allocation
|
page read and write
|
||
8D18000
|
heap
|
page read and write
|
||
3204000
|
trusted library allocation
|
page read and write
|
||
89E0000
|
trusted library allocation
|
page read and write
|
||
7FFB11D70000
|
trusted library allocation
|
page execute and read and write
|
||
52A1000
|
trusted library allocation
|
page read and write
|
||
140185A3000
|
heap
|
page read and write
|
||
1400200B000
|
trusted library allocation
|
page read and write
|
||
14018633000
|
heap
|
page read and write
|
||
6267000
|
trusted library allocation
|
page read and write
|
||
32F9000
|
trusted library allocation
|
page read and write
|
||
73CD000
|
stack
|
page read and write
|
||
9A60000
|
trusted library allocation
|
page execute and read and write
|
||
33F0000
|
heap
|
page read and write
|
||
1407E40E000
|
heap
|
page read and write
|
||
ABA0000
|
trusted library allocation
|
page read and write
|
||
1BB6FE000
|
stack
|
page read and write
|
||
7FFB11790000
|
trusted library allocation
|
page read and write
|
||
7FFB11C90000
|
trusted library allocation
|
page read and write
|
||
14018605000
|
heap
|
page read and write
|
||
7FFB11AB0000
|
trusted library allocation
|
page read and write
|
||
5030000
|
trusted library allocation
|
page read and write
|
||
8C10000
|
heap
|
page read and write
|
||
8068000
|
trusted library allocation
|
page read and write
|
||
7FFB116B3000
|
trusted library allocation
|
page read and write
|
||
7FFB11AC0000
|
trusted library allocation
|
page read and write
|
||
1BB9F4000
|
stack
|
page read and write
|
||
7FFB11A90000
|
trusted library allocation
|
page read and write
|
||
14018644000
|
heap
|
page read and write
|
||
1407E118000
|
heap
|
page read and write
|
||
B0A7000
|
trusted library allocation
|
page read and write
|
||
140101E9000
|
trusted library allocation
|
page read and write
|
||
140181E7000
|
heap
|
page read and write
|
||
7FFB116B0000
|
trusted library allocation
|
page read and write
|
||
1BBAFE000
|
stack
|
page read and write
|
||
7FFB11B40000
|
trusted library allocation
|
page execute and read and write
|
||
7FFB119F0000
|
trusted library allocation
|
page read and write
|
||
60D9000
|
trusted library allocation
|
page read and write
|
||
8C7C000
|
heap
|
page read and write
|
||
1BB7FF000
|
stack
|
page read and write
|
||
7FFB1169D000
|
trusted library allocation
|
page read and write
|
||
898E000
|
stack
|
page read and write
|
||
7FFB113E0000
|
trusted library allocation
|
page read and write
|
||
1BBEBE000
|
stack
|
page read and write
|
||
5070000
|
trusted library allocation
|
page read and write
|
||
1401839C000
|
heap
|
page read and write
|
||
31C0000
|
heap
|
page read and write
|
||
7FFB11990000
|
trusted library allocation
|
page read and write
|
||
8118000
|
trusted library allocation
|
page read and write
|
||
7FFB11685000
|
trusted library allocation
|
page read and write
|
||
8431000
|
trusted library allocation
|
page read and write
|
||
8DB7000
|
heap
|
page read and write
|
||
7FFB118C0000
|
trusted library allocation
|
page read and write
|
||
7FFB118D0000
|
trusted library allocation
|
page read and write
|
||
8BF0000
|
trusted library allocation
|
page read and write
|
||
14018636000
|
heap
|
page read and write
|
||
7F05000
|
trusted library allocation
|
page read and write
|
||
7FFB116E0000
|
trusted library allocation
|
page read and write
|
||
14018609000
|
heap
|
page read and write
|
||
7FFB11BC0000
|
trusted library allocation
|
page read and write
|
||
3210000
|
trusted library allocation
|
page read and write
|
||
7FFB117A0000
|
trusted library allocation
|
page execute and read and write
|
||
7FFB11623000
|
trusted library allocation
|
page read and write
|
||
14018332000
|
heap
|
page read and write
|
||
7FFB11852000
|
trusted library allocation
|
page read and write
|
||
8BC0000
|
trusted library allocation
|
page execute and read and write
|
||
7FFB11A10000
|
trusted library allocation
|
page read and write
|
||
8A70000
|
trusted library allocation
|
page read and write
|
||
AC70000
|
trusted library allocation
|
page read and write
|
||
AB00000
|
trusted library allocation
|
page read and write
|
||
140000B0000
|
trusted library allocation
|
page read and write
|
||
7FFB11DB0000
|
trusted library allocation
|
page read and write
|
||
8E80000
|
trusted library allocation
|
page execute and read and write
|
||
7FFB11890000
|
trusted library allocation
|
page read and write
|
||
8410000
|
trusted library allocation
|
page execute and read and write
|
||
8A50000
|
trusted library allocation
|
page read and write
|
||
2DFE000
|
unkown
|
page read and write
|
||
14018530000
|
heap
|
page execute and read and write
|
||
AC60000
|
trusted library allocation
|
page read and write
|
||
AFA2000
|
trusted library allocation
|
page read and write
|
||
7FFB11AE0000
|
trusted library allocation
|
page read and write
|
||
8E90000
|
trusted library allocation
|
page read and write
|
||
76C0000
|
heap
|
page read and write
|
||
7552000
|
heap
|
page read and write
|
||
8104000
|
trusted library allocation
|
page read and write
|
||
7FFB11760000
|
trusted library allocation
|
page read and write
|
||
8FB0000
|
trusted library allocation
|
page execute and read and write
|
||
7FFB11496000
|
trusted library allocation
|
page read and write
|
||
1407E1BB000
|
heap
|
page read and write
|
||
7FFB11D60000
|
trusted library allocation
|
page read and write
|
||
7FFB1176E000
|
trusted library allocation
|
page read and write
|
||
7EF0000
|
trusted library allocation
|
page read and write
|
||
14018641000
|
heap
|
page read and write
|
||
7FFB11780000
|
trusted library allocation
|
page read and write
|
||
7528000
|
heap
|
page read and write
|
||
7FFB11C20000
|
trusted library allocation
|
page read and write
|
||
4FB0000
|
trusted library allocation
|
page read and write
|
||
7FFB116AC000
|
trusted library allocation
|
page read and write
|
||
3310000
|
heap
|
page execute and read and write
|
||
7FFB11630000
|
trusted library allocation
|
page read and write
|
||
7FFB11BF0000
|
trusted library allocation
|
page read and write
|
||
7EDE000
|
stack
|
page read and write
|
||
B890000
|
trusted library allocation
|
page execute and read and write
|
||
10001000
|
direct allocation
|
page execute and read and write
|
||
14000030000
|
heap
|
page readonly
|
||
8F26000
|
trusted library allocation
|
page read and write
|
||
140103C6000
|
trusted library allocation
|
page read and write
|
||
50A0000
|
heap
|
page read and write
|
||
B0CC000
|
trusted library allocation
|
page read and write
|
||
10000000
|
direct allocation
|
page read and write
|
||
810F000
|
trusted library allocation
|
page read and write
|
||
7FFB11500000
|
trusted library allocation
|
page execute and read and write
|
||
1407E0D5000
|
heap
|
page read and write
|
||
9A70000
|
trusted library allocation
|
page execute and read and write
|
||
76A0000
|
trusted library allocation
|
page read and write
|
||
32F0000
|
trusted library allocation
|
page read and write
|
||
AFC0000
|
trusted library allocation
|
page execute and read and write
|
||
1407E1FF000
|
heap
|
page read and write
|
||
7FFB11DDC000
|
trusted library allocation
|
page read and write
|
||
99C5000
|
stack
|
page read and write
|
||
730B000
|
stack
|
page read and write
|
||
14000020000
|
trusted library allocation
|
page read and write
|
||
80F0000
|
trusted library allocation
|
page execute and read and write
|
||
7FFB116C5000
|
trusted library allocation
|
page read and write
|
||
32E0000
|
heap
|
page readonly
|
||
7FFB119A3000
|
trusted library allocation
|
page read and write
|
||
8B10000
|
trusted library allocation
|
page read and write
|
||
7FFB119D0000
|
trusted library allocation
|
page read and write
|
||
7FFB11887000
|
trusted library allocation
|
page read and write
|
||
8C6F000
|
heap
|
page read and write
|
||
71B5000
|
heap
|
page execute and read and write
|
||
712E000
|
stack
|
page read and write
|
||
7FFB118F0000
|
trusted library allocation
|
page read and write
|
||
7FFB11B20000
|
trusted library allocation
|
page read and write
|
||
8160000
|
trusted library allocation
|
page read and write
|
||
7FFB11E00000
|
trusted library allocation
|
page read and write
|
||
32F6000
|
trusted library allocation
|
page read and write
|
||
B070000
|
trusted library allocation
|
page execute and read and write
|
||
314E000
|
stack
|
page read and write
|
||
8F90000
|
trusted library allocation
|
page read and write
|
||
AE10000
|
trusted library allocation
|
page read and write
|
||
7FFB11700000
|
trusted library allocation
|
page read and write
|
||
7FFB11750000
|
trusted library allocation
|
page read and write
|
||
8E40000
|
trusted library allocation
|
page read and write
|
||
7FFB1166C000
|
trusted library allocation
|
page read and write
|
||
7FFB11C70000
|
trusted library allocation
|
page read and write
|
||
14000412000
|
trusted library allocation
|
page read and write
|
||
3219000
|
trusted library allocation
|
page read and write
|
||
140101E1000
|
trusted library allocation
|
page read and write
|
||
AAB8000
|
trusted library allocation
|
page read and write
|
||
7FFB11820000
|
trusted library allocation
|
page read and write
|
||
8E70000
|
trusted library allocation
|
page execute and read and write
|
||
7FFB11C60000
|
trusted library allocation
|
page read and write
|
||
8AA0000
|
trusted library allocation
|
page read and write
|
||
7E5E000
|
stack
|
page read and write
|
||
14018623000
|
heap
|
page read and write
|
||
7FFB11C50000
|
trusted library allocation
|
page read and write
|
||
B100000
|
trusted library allocation
|
page read and write
|
||
85AE000
|
stack
|
page read and write
|
||
811C000
|
trusted library allocation
|
page read and write
|
||
14000E12000
|
trusted library allocation
|
page read and write
|
||
1BC98B000
|
stack
|
page read and write
|
||
7FFB11DA0000
|
trusted library allocation
|
page read and write
|
||
2C80000
|
heap
|
page read and write
|
||
74CD000
|
stack
|
page read and write
|
||
AF90000
|
trusted library allocation
|
page read and write
|
||
8BD0000
|
trusted library allocation
|
page read and write
|
||
7FFB113ED000
|
trusted library allocation
|
page execute and read and write
|
||
8AC0000
|
trusted library allocation
|
page read and write
|
||
8C00000
|
heap
|
page read and write
|
||
B130000
|
trusted library allocation
|
page execute and read and write
|
||
10017000
|
direct allocation
|
page readonly
|
||
B8E0000
|
trusted library allocation
|
page execute and read and write
|
||
AB10000
|
trusted library allocation
|
page execute and read and write
|
||
77EE000
|
stack
|
page read and write
|
||
335C000
|
stack
|
page read and write
|
||
70EE000
|
stack
|
page read and write
|
||
5111000
|
trusted library allocation
|
page read and write
|
||
10018000
|
direct allocation
|
page read and write
|
||
31C7000
|
heap
|
page read and write
|
||
AAD0000
|
trusted library allocation
|
page read and write
|
||
7FFB11620000
|
trusted library allocation
|
page read and write
|
||
611B000
|
trusted library allocation
|
page read and write
|
||
7FFB11880000
|
trusted library allocation
|
page read and write
|
||
89D0000
|
trusted library allocation
|
page read and write
|
||
7FFB11688000
|
trusted library allocation
|
page read and write
|
||
7FFB11663000
|
trusted library allocation
|
page read and write
|
||
7F01000
|
trusted library allocation
|
page read and write
|
||
31E0000
|
trusted library allocation
|
page read and write
|
||
7FFB11980000
|
trusted library allocation
|
page read and write
|
||
7FFB11AD0000
|
trusted library allocation
|
page read and write
|
||
B0D0000
|
trusted library allocation
|
page execute and read and write
|
||
1BBB7A000
|
stack
|
page read and write
|
||
A1F9000
|
trusted library allocation
|
page read and write
|
||
7FFB119E0000
|
trusted library allocation
|
page read and write
|
||
1407E193000
|
heap
|
page read and write
|
||
AAC0000
|
trusted library allocation
|
page read and write
|
||
3434000
|
heap
|
page read and write
|
||
8AF0000
|
trusted library allocation
|
page execute and read and write
|
||
8EE0000
|
trusted library allocation
|
page read and write
|
||
7E9E000
|
stack
|
page read and write
|
||
B940000
|
trusted library allocation
|
page read and write
|
||
ABC0000
|
trusted library allocation
|
page read and write
|
||
738E000
|
stack
|
page read and write
|
||
9A0F000
|
stack
|
page read and write
|
||
7FFB113E3000
|
trusted library allocation
|
page execute and read and write
|
||
AFA0000
|
trusted library allocation
|
page read and write
|
||
9A80000
|
trusted library allocation
|
page read and write
|
||
7FFB11A00000
|
trusted library allocation
|
page read and write
|
||
7FFB11730000
|
trusted library allocation
|
page read and write
|
||
9000000
|
trusted library allocation
|
page read and write
|
||
8066000
|
trusted library allocation
|
page read and write
|
||
7FFB11DD0000
|
trusted library allocation
|
page read and write
|
||
ABB0000
|
heap
|
page read and write
|
||
716E000
|
stack
|
page read and write
|
||
7FFB11BE0000
|
trusted library allocation
|
page read and write
|
||
B930000
|
trusted library allocation
|
page execute and read and write
|
||
7FFB116D0000
|
trusted library allocation
|
page read and write
|
||
8A20000
|
trusted library allocation
|
page read and write
|
||
B020000
|
trusted library allocation
|
page execute and read and write
|
||
7FFB11860000
|
trusted library allocation
|
page execute and read and write
|
||
AD10000
|
trusted library allocation
|
page read and write
|
||
3220000
|
trusted library allocation
|
page read and write
|
||
1401025B000
|
trusted library allocation
|
page read and write
|
||
1001F000
|
direct allocation
|
page read and write
|
||
8E30000
|
trusted library allocation
|
page read and write
|
||
7FFB113E4000
|
trusted library allocation
|
page read and write
|
||
7FFB11DC0000
|
trusted library allocation
|
page read and write
|
||
2D37000
|
stack
|
page read and write
|
||
ACA0000
|
trusted library allocation
|
page read and write
|
||
7FFB118B0000
|
trusted library allocation
|
page read and write
|
||
8040000
|
trusted library allocation
|
page read and write
|
||
B880000
|
trusted library allocation
|
page read and write
|
||
7FFB11682000
|
trusted library allocation
|
page read and write
|
||
31D0000
|
trusted library section
|
page read and write
|
||
1BB97F000
|
stack
|
page read and write
|
||
140022E9000
|
trusted library allocation
|
page read and write
|
||
8B30000
|
trusted library allocation
|
page execute and read and write
|
||
B0C6000
|
trusted library allocation
|
page read and write
|
||
14018440000
|
heap
|
page read and write
|
||
3200000
|
trusted library allocation
|
page read and write
|
||
1400026A000
|
trusted library allocation
|
page read and write
|
||
1BB8FE000
|
stack
|
page read and write
|
||
140182F0000
|
heap
|
page read and write
|
||
7FFB11C30000
|
trusted library allocation
|
page read and write
|
||
4FD3000
|
trusted library allocation
|
page read and write
|
||
7FFB11A50000
|
trusted library allocation
|
page read and write
|
||
8BB0000
|
trusted library allocation
|
page execute and read and write
|
||
7FFB11C80000
|
trusted library allocation
|
page read and write
|
||
AA92000
|
trusted library allocation
|
page read and write
|
||
7FFB11770000
|
trusted library allocation
|
page read and write
|
||
1407E400000
|
heap
|
page read and write
|
||
ACC0000
|
trusted library allocation
|
page read and write
|
||
1BB671000
|
stack
|
page read and write
|
||
140023AF000
|
trusted library allocation
|
page read and write
|
||
3370000
|
trusted library allocation
|
page read and write
|
||
7510000
|
heap
|
page read and write
|
||
65C7000
|
trusted library allocation
|
page read and write
|
||
7FFB119B0000
|
trusted library allocation
|
page read and write
|
||
31F6000
|
heap
|
page read and write
|
||
B860000
|
trusted library allocation
|
page read and write
|
||
14018584000
|
heap
|
page read and write
|
||
3250000
|
trusted library allocation
|
page read and write
|
||
AC6B000
|
trusted library allocation
|
page read and write
|
||
AE00000
|
trusted library allocation
|
page read and write
|
||
AB9B000
|
stack
|
page read and write
|
||
8F2B000
|
trusted library allocation
|
page read and write
|
||
7FFB11590000
|
trusted library allocation
|
page read and write
|
||
62E0000
|
trusted library allocation
|
page read and write
|
||
7F10000
|
trusted library allocation
|
page read and write
|
||
7FFB11E7A000
|
trusted library allocation
|
page read and write
|
||
B8A0000
|
trusted library allocation
|
page read and write
|
||
7FFB114C6000
|
trusted library allocation
|
page execute and read and write
|
||
AF80000
|
trusted library allocation
|
page read and write
|
||
1401838E000
|
heap
|
page read and write
|
||
3390000
|
heap
|
page read and write
|
||
140183D8000
|
heap
|
page read and write
|
||
7FFB1149C000
|
trusted library allocation
|
page execute and read and write
|
||
7F5C0000
|
trusted library allocation
|
page execute and read and write
|
||
8B40000
|
trusted library allocation
|
page execute and read and write
|
||
8CD3000
|
heap
|
page read and write
|
||
8440000
|
trusted library allocation
|
page execute and read and write
|
||
7FFB11EC0000
|
trusted library allocation
|
page read and write
|
||
80D0000
|
trusted library allocation
|
page read and write
|
||
7FFB11D90000
|
trusted library allocation
|
page read and write
|
||
7FFB11640000
|
trusted library allocation
|
page read and write
|
||
1BB77E000
|
stack
|
page read and write
|
||
3216000
|
trusted library allocation
|
page read and write
|
||
ADD0000
|
trusted library allocation
|
page read and write
|
||
B0E0000
|
trusted library allocation
|
page read and write
|
||
B11D000
|
trusted library allocation
|
page read and write
|
||
9A10000
|
heap
|
page read and write
|
||
8EC0000
|
trusted library allocation
|
page read and write
|
||
9A20000
|
trusted library allocation
|
page read and write
|
||
3424000
|
heap
|
page read and write
|
||
60B1000
|
trusted library allocation
|
page read and write
|
||
B117000
|
trusted library allocation
|
page read and write
|
||
3360000
|
trusted library allocation
|
page execute and read and write
|
||
8DBC000
|
heap
|
page read and write
|
||
4FC0000
|
trusted library allocation
|
page read and write
|
||
71FE000
|
stack
|
page read and write
|
||
9A40000
|
trusted library allocation
|
page execute and read and write
|
||
7FFB11660000
|
trusted library allocation
|
page read and write
|
||
8F20000
|
trusted library allocation
|
page read and write
|
||
31B0000
|
trusted library section
|
page read and write
|
||
4FE0000
|
trusted library allocation
|
page read and write
|
||
AC1E000
|
stack
|
page read and write
|
||
7FFB11A40000
|
trusted library allocation
|
page read and write
|
||
7FFB11670000
|
trusted library allocation
|
page read and write
|
||
7FFB113F0000
|
trusted library allocation
|
page read and write
|
||
1407E110000
|
heap
|
page read and write
|
||
ABD0000
|
trusted library allocation
|
page execute and read and write
|
||
8BE0000
|
trusted library allocation
|
page read and write
|
||
7FFB116A7000
|
trusted library allocation
|
page read and write
|
||
B0F0000
|
trusted library allocation
|
page execute and read and write
|
||
7FFB11AF0000
|
trusted library allocation
|
page read and write
|
||
1401865D000
|
heap
|
page read and write
|
||
7FFB11E80000
|
trusted library allocation
|
page read and write
|
||
AF70000
|
trusted library allocation
|
page read and write
|
||
AC5E000
|
stack
|
page read and write
|
||
7FFB115FB000
|
trusted library allocation
|
page read and write
|
||
7FFB11ED0000
|
trusted library allocation
|
page read and write
|
||
1407E050000
|
heap
|
page read and write
|
||
7FFB1160A000
|
trusted library allocation
|
page read and write
|
||
B111000
|
trusted library allocation
|
page read and write
|
||
1407E16D000
|
heap
|
page read and write
|
||
7F5D8000
|
trusted library allocation
|
page execute and read and write
|
||
3235000
|
trusted library allocation
|
page execute and read and write
|
||
7FFB11CD0000
|
trusted library allocation
|
page execute and read and write
|
||
ADE0000
|
trusted library allocation
|
page read and write
|
||
140001E1000
|
trusted library allocation
|
page read and write
|
||
7FFB11C00000
|
trusted library allocation
|
page read and write
|
||
80C0000
|
trusted library allocation
|
page read and write
|
||
62E4000
|
trusted library allocation
|
page read and write
|
||
8460000
|
trusted library allocation
|
page execute and read and write
|
||
7FFB11CA0000
|
trusted library allocation
|
page read and write
|
||
8ED0000
|
trusted library allocation
|
page execute and read and write
|
||
32DE000
|
stack
|
page read and write
|
||
B950000
|
heap
|
page read and write
|
||
B080000
|
trusted library allocation
|
page execute and read and write
|
There are 547 hidden memdumps, click here to show them.