IOC Report
uEWHR2iblu.ps1

loading gif

Files

File Path
Type
Category
Malicious
uEWHR2iblu.ps1
ASCII text, with very long lines (65312), with CRLF, LF line terminators
initial sample
malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_powershell.exe_54fbedec6ccde30d8edfb4d9cdfdf4496eb42c_f0daf91c_8b7c30d9-4dd5-4e08-ba1f-6e603b9a30fd\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1AE8.tmp.dmp
Mini DuMP crash report, 14 streams, Mon Dec 23 11:36:14 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1FDB.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER200A.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4eeyybv3.ead.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ao51iryv.3tg.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_iavaccic.4yl.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vlntfxvg.giu.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_w5cpikiu.0b4.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xvbtkpm2.kcg.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\BX9XMVHZW7GE1X78X8W9.temp
data
dropped
C:\Windows\appcompat\Programs\Amcache.hve
MS Windows registry file, NT/2000 or above
dropped
\Device\ConDrv
ASCII text, with very long lines (352), with CRLF, LF line terminators
dropped
There are 6 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\uEWHR2iblu.ps1"
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -ex bypass -nonI C:\Users\user\Desktop\uEWHR2iblu.ps1
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 3100

URLs

Name
IP
Malicious
http://nuget.org/NuGet.exe
unknown
http://www.apache.org/licenses/LICENSE-2.0
unknown
https://aka.ms/winsvr-2022-pshelp
unknown
http://pesterbdd.com/images/Pester.pngp
unknown
https://github.com/Pester/Pesterp
unknown
http://pesterbdd.com/images/Pester.png
unknown
http://schemas.xmlsoap.org/soap/encoding/
unknown
http://www.apache.org/licenses/LICENSE-2.0.html
unknown
http://pesterbdd.com/images/Pester.pngh
unknown
http://schemas.xmlsoap.org/wsdl/
unknown
https://contoso.com/
unknown
https://github.com/Pester/Pesterh
unknown
https://nuget.org/nuget.exe
unknown
https://contoso.com/License
unknown
http://www.apache.org/licenses/LICENSE-2.0.htmlh
unknown
https://contoso.com/Icon
unknown
https://oneget.orgx
unknown
http://upx.sf.net
unknown
https://aka.ms/pscore6
unknown
https://aka.ms/pscore68
unknown
http://www.apache.org/licenses/LICENSE-2.0.htmlp
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://github.com/Pester/Pester
unknown
https://oneget.org
unknown
There are 14 hidden URLs, click here to show them.

Registry

Path
Value
Malicious
\REGISTRY\A\{ea04ec2e-a513-11e5-2ede-e132128e5c31}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
ProgramId
\REGISTRY\A\{ea04ec2e-a513-11e5-2ede-e132128e5c31}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
FileId
\REGISTRY\A\{ea04ec2e-a513-11e5-2ede-e132128e5c31}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
LowerCaseLongPath
\REGISTRY\A\{ea04ec2e-a513-11e5-2ede-e132128e5c31}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
LongPathHash
\REGISTRY\A\{ea04ec2e-a513-11e5-2ede-e132128e5c31}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
Name
\REGISTRY\A\{ea04ec2e-a513-11e5-2ede-e132128e5c31}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
OriginalFileName
\REGISTRY\A\{ea04ec2e-a513-11e5-2ede-e132128e5c31}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
Publisher
\REGISTRY\A\{ea04ec2e-a513-11e5-2ede-e132128e5c31}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
Version
\REGISTRY\A\{ea04ec2e-a513-11e5-2ede-e132128e5c31}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
BinFileVersion
\REGISTRY\A\{ea04ec2e-a513-11e5-2ede-e132128e5c31}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
BinaryType
\REGISTRY\A\{ea04ec2e-a513-11e5-2ede-e132128e5c31}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
ProductName
\REGISTRY\A\{ea04ec2e-a513-11e5-2ede-e132128e5c31}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
ProductVersion
\REGISTRY\A\{ea04ec2e-a513-11e5-2ede-e132128e5c31}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
LinkDate
\REGISTRY\A\{ea04ec2e-a513-11e5-2ede-e132128e5c31}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
BinProductVersion
\REGISTRY\A\{ea04ec2e-a513-11e5-2ede-e132128e5c31}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
AppxPackageFullName
\REGISTRY\A\{ea04ec2e-a513-11e5-2ede-e132128e5c31}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
AppxPackageRelativeId
\REGISTRY\A\{ea04ec2e-a513-11e5-2ede-e132128e5c31}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
Size
\REGISTRY\A\{ea04ec2e-a513-11e5-2ede-e132128e5c31}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
Language
\REGISTRY\A\{ea04ec2e-a513-11e5-2ede-e132128e5c31}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
IsOsComponent
\REGISTRY\A\{ea04ec2e-a513-11e5-2ede-e132128e5c31}\Root\InventoryApplicationFile\powershell.exe|bdbb2c1d41b249e7
Usn
There are 10 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
629B000
trusted library allocation
page read and write
malicious
6643000
trusted library allocation
page read and write
malicious
62E7000
trusted library allocation
page read and write
malicious
10016000
direct allocation
page execute read
malicious
1407E0D0000
heap
page read and write
75B4000
heap
page read and write
4FD6000
trusted library allocation
page read and write
734E000
stack
page read and write
752C000
heap
page read and write
7FFB11830000
trusted library allocation
page read and write
1401020A000
trusted library allocation
page read and write
140185FF000
heap
page read and write
140104A8000
trusted library allocation
page read and write
7FFB11B10000
trusted library allocation
page read and write
75C4000
heap
page read and write
7FFB11A70000
trusted library allocation
page read and write
8480000
trusted library allocation
page execute and read and write
89CC000
stack
page read and write
1407E1F5000
heap
page read and write
7FFB118E0000
trusted library allocation
page read and write
7FFB11710000
trusted library allocation
page read and write
32FD000
trusted library allocation
page read and write
8A10000
trusted library allocation
page read and write
2C70000
heap
page read and write
8B9B000
stack
page read and write
8D5F000
heap
page read and write
4FD0000
trusted library allocation
page read and write
AE20000
trusted library allocation
page read and write
8050000
trusted library allocation
page read and write
8EA0000
trusted library allocation
page read and write
7FFB11870000
trusted library allocation
page read and write
7FFB113FB000
trusted library allocation
page read and write
B0A1000
trusted library allocation
page read and write
7FFB116F0000
trusted library allocation
page execute and read and write
723E000
stack
page read and write
8EB0000
trusted library allocation
page execute and read and write
7FFB119C0000
trusted library allocation
page read and write
7FFB11B30000
trusted library allocation
page read and write
7FFB11A60000
trusted library allocation
page read and write
3398000
heap
page read and write
8150000
heap
page execute and read and write
7FFB11AA0000
trusted library allocation
page read and write
1401024D000
trusted library allocation
page read and write
8A60000
trusted library allocation
page read and write
8F00000
trusted library allocation
page execute and read and write
AFB0000
trusted library allocation
page read and write
7FFB11EB0000
trusted library allocation
page read and write
7FFB118AB000
trusted library allocation
page read and write
8B50000
trusted library allocation
page execute and read and write
8420000
trusted library allocation
page read and write
7F42000
heap
page read and write
1BBA7E000
stack
page read and write
7FFB11900000
trusted library allocation
page execute and read and write
14001BF8000
trusted library allocation
page read and write
14002156000
trusted library allocation
page read and write
1BBDBF000
stack
page read and write
1BBE3E000
stack
page read and write
3203000
trusted library allocation
page execute and read and write
8C5D000
heap
page read and write
8F31000
trusted library allocation
page read and write
894E000
stack
page read and write
1407E090000
heap
page read and write
B090000
trusted library allocation
page execute and read and write
1407E3D0000
trusted library allocation
page read and write
7FFB11A20000
trusted library allocation
page read and write
7DF454A60000
trusted library allocation
page execute and read and write
140001D0000
heap
page read and write
AB5E000
stack
page read and write
329E000
stack
page read and write
8A18000
trusted library allocation
page read and write
140023B3000
trusted library allocation
page read and write
9A30000
trusted library allocation
page execute and read and write
14018740000
heap
page execute and read and write
7FFB1168C000
trusted library allocation
page read and write
7FFB11CC0000
trusted library allocation
page read and write
3300000
trusted library allocation
page read and write
14018566000
heap
page read and write
7FFB11740000
trusted library allocation
page execute and read and write
7FFB11680000
trusted library allocation
page read and write
8A90000
trusted library allocation
page read and write
7FFB11A30000
trusted library allocation
page read and write
7FFB11D80000
trusted library allocation
page read and write
8EF0000
trusted library allocation
page read and write
8FFD000
stack
page read and write
7520000
heap
page read and write
1407E010000
heap
page read and write
A119000
trusted library allocation
page read and write
4FAD000
stack
page read and write
9AD5000
trusted library allocation
page read and write
7409000
stack
page read and write
3190000
heap
page read and write
14018540000
heap
page read and write
3213000
trusted library allocation
page read and write
8B00000
trusted library allocation
page read and write
3380000
heap
page read and write
1407E1B9000
heap
page read and write
B0C0000
trusted library allocation
page read and write
8450000
trusted library allocation
page execute and read and write
140182F6000
heap
page read and write
140103AD000
trusted library allocation
page read and write
1BBD36000
stack
page read and write
1401837D000
heap
page read and write
B060000
trusted library allocation
page read and write
8080000
trusted library allocation
page read and write
B121000
trusted library allocation
page read and write
8070000
trusted library allocation
page read and write
7FFB11650000
trusted library allocation
page read and write
B8B0000
heap
page read and write
9A91000
trusted library allocation
page read and write
7FFB118A0000
trusted library allocation
page read and write
ACB0000
trusted library allocation
page read and write
31F0000
heap
page read and write
344A000
heap
page read and write
140185C0000
heap
page read and write
1407E1B1000
heap
page read and write
8FA0000
trusted library allocation
page read and write
80DE000
trusted library allocation
page read and write
1401024A000
trusted library allocation
page read and write
AC67000
trusted library allocation
page read and write
1BB87E000
stack
page read and write
7524000
heap
page read and write
A1E6000
trusted library allocation
page read and write
322A000
trusted library allocation
page execute and read and write
50B1000
trusted library allocation
page read and write
3388000
heap
page read and write
8170000
trusted library allocation
page read and write
8AD0000
trusted library allocation
page read and write
1401040D000
trusted library allocation
page read and write
8060000
trusted library allocation
page read and write
6112000
trusted library allocation
page read and write
1BBC34000
stack
page read and write
8AB0000
trusted library allocation
page read and write
50A9000
heap
page read and write
7FFB11DE0000
trusted library allocation
page read and write
5207000
trusted library allocation
page read and write
1407FB30000
heap
page read and write
8F10000
trusted library allocation
page read and write
B0B0000
trusted library allocation
page read and write
7FFB11600000
trusted library allocation
page read and write
AFD0000
trusted library allocation
page execute and read and write
AFF0000
trusted library allocation
page execute and read and write
8470000
trusted library allocation
page read and write
B870000
trusted library allocation
page read and write
8C4E000
heap
page read and write
8BA0000
trusted library allocation
page read and write
320D000
trusted library allocation
page execute and read and write
7FFB11EA0000
trusted library allocation
page read and write
9020000
trusted library allocation
page execute and read and write
7FFB11CB0000
trusted library allocation
page read and write
1BC90E000
stack
page read and write
7FFB11C10000
trusted library allocation
page read and write
8A30000
trusted library allocation
page read and write
7518000
heap
page read and write
2CFC000
stack
page read and write
8A80000
trusted library allocation
page read and write
1407E1AA000
heap
page read and write
14000070000
trusted library allocation
page read and write
14018537000
heap
page execute and read and write
7FFB116C0000
trusted library allocation
page read and write
1401864B000
heap
page read and write
3230000
trusted library allocation
page read and write
1401042D000
trusted library allocation
page read and write
2DBE000
unkown
page read and write
9A50000
trusted library allocation
page read and write
744E000
stack
page read and write
7FFB11667000
trusted library allocation
page read and write
750C000
stack
page read and write
7FFB11580000
trusted library allocation
page read and write
AAA6000
trusted library allocation
page read and write
33C6000
heap
page read and write
1407E405000
heap
page read and write
7FFB11A80000
trusted library allocation
page read and write
1407E1CB000
heap
page read and write
1407DEC0000
heap
page read and write
751C000
heap
page read and write
7FFB11D50000
trusted library allocation
page read and write
14002066000
trusted library allocation
page read and write
7FFB11840000
trusted library allocation
page read and write
14000150000
heap
page execute and read and write
7FFB11839000
trusted library allocation
page read and write
7FFB11626000
trusted library allocation
page read and write
33BA000
heap
page read and write
9010000
trusted library allocation
page execute and read and write
71AE000
stack
page read and write
8100000
trusted library allocation
page read and write
14018353000
heap
page read and write
7FFB113F7000
trusted library allocation
page read and write
8B20000
trusted library allocation
page read and write
1BBF39000
stack
page read and write
7FFB11720000
trusted library allocation
page read and write
7FFB11B00000
trusted library allocation
page read and write
1BBBBE000
stack
page read and write
72CD000
stack
page read and write
310E000
stack
page read and write
14001FE0000
trusted library allocation
page read and write
1401056E000
trusted library allocation
page read and write
71B0000
heap
page execute and read and write
7FFB11490000
trusted library allocation
page read and write
8A40000
trusted library allocation
page read and write
B0AD000
trusted library allocation
page read and write
3305000
trusted library allocation
page read and write
7FFB11E90000
trusted library allocation
page read and write
60D2000
trusted library allocation
page read and write
140101F1000
trusted library allocation
page read and write
8E20000
trusted library allocation
page execute and read and write
8AE0000
trusted library allocation
page read and write
1BBCB7000
stack
page read and write
8E10000
trusted library allocation
page read and write
7FFB11C40000
trusted library allocation
page read and write
1401864E000
heap
page read and write
14001812000
trusted library allocation
page read and write
76B0000
heap
page read and write
748B000
stack
page read and write
7FFB1169A000
trusted library allocation
page read and write
7FFB11DF0000
trusted library allocation
page read and write
ADF0000
trusted library allocation
page execute and read and write
1407E1AD000
heap
page read and write
7FFB11BD0000
trusted library allocation
page read and write
8D18000
heap
page read and write
3204000
trusted library allocation
page read and write
89E0000
trusted library allocation
page read and write
7FFB11D70000
trusted library allocation
page execute and read and write
52A1000
trusted library allocation
page read and write
140185A3000
heap
page read and write
1400200B000
trusted library allocation
page read and write
14018633000
heap
page read and write
6267000
trusted library allocation
page read and write
32F9000
trusted library allocation
page read and write
73CD000
stack
page read and write
9A60000
trusted library allocation
page execute and read and write
33F0000
heap
page read and write
1407E40E000
heap
page read and write
ABA0000
trusted library allocation
page read and write
1BB6FE000
stack
page read and write
7FFB11790000
trusted library allocation
page read and write
7FFB11C90000
trusted library allocation
page read and write
14018605000
heap
page read and write
7FFB11AB0000
trusted library allocation
page read and write
5030000
trusted library allocation
page read and write
8C10000
heap
page read and write
8068000
trusted library allocation
page read and write
7FFB116B3000
trusted library allocation
page read and write
7FFB11AC0000
trusted library allocation
page read and write
1BB9F4000
stack
page read and write
7FFB11A90000
trusted library allocation
page read and write
14018644000
heap
page read and write
1407E118000
heap
page read and write
B0A7000
trusted library allocation
page read and write
140101E9000
trusted library allocation
page read and write
140181E7000
heap
page read and write
7FFB116B0000
trusted library allocation
page read and write
1BBAFE000
stack
page read and write
7FFB11B40000
trusted library allocation
page execute and read and write
7FFB119F0000
trusted library allocation
page read and write
60D9000
trusted library allocation
page read and write
8C7C000
heap
page read and write
1BB7FF000
stack
page read and write
7FFB1169D000
trusted library allocation
page read and write
898E000
stack
page read and write
7FFB113E0000
trusted library allocation
page read and write
1BBEBE000
stack
page read and write
5070000
trusted library allocation
page read and write
1401839C000
heap
page read and write
31C0000
heap
page read and write
7FFB11990000
trusted library allocation
page read and write
8118000
trusted library allocation
page read and write
7FFB11685000
trusted library allocation
page read and write
8431000
trusted library allocation
page read and write
8DB7000
heap
page read and write
7FFB118C0000
trusted library allocation
page read and write
7FFB118D0000
trusted library allocation
page read and write
8BF0000
trusted library allocation
page read and write
14018636000
heap
page read and write
7F05000
trusted library allocation
page read and write
7FFB116E0000
trusted library allocation
page read and write
14018609000
heap
page read and write
7FFB11BC0000
trusted library allocation
page read and write
3210000
trusted library allocation
page read and write
7FFB117A0000
trusted library allocation
page execute and read and write
7FFB11623000
trusted library allocation
page read and write
14018332000
heap
page read and write
7FFB11852000
trusted library allocation
page read and write
8BC0000
trusted library allocation
page execute and read and write
7FFB11A10000
trusted library allocation
page read and write
8A70000
trusted library allocation
page read and write
AC70000
trusted library allocation
page read and write
AB00000
trusted library allocation
page read and write
140000B0000
trusted library allocation
page read and write
7FFB11DB0000
trusted library allocation
page read and write
8E80000
trusted library allocation
page execute and read and write
7FFB11890000
trusted library allocation
page read and write
8410000
trusted library allocation
page execute and read and write
8A50000
trusted library allocation
page read and write
2DFE000
unkown
page read and write
14018530000
heap
page execute and read and write
AC60000
trusted library allocation
page read and write
AFA2000
trusted library allocation
page read and write
7FFB11AE0000
trusted library allocation
page read and write
8E90000
trusted library allocation
page read and write
76C0000
heap
page read and write
7552000
heap
page read and write
8104000
trusted library allocation
page read and write
7FFB11760000
trusted library allocation
page read and write
8FB0000
trusted library allocation
page execute and read and write
7FFB11496000
trusted library allocation
page read and write
1407E1BB000
heap
page read and write
7FFB11D60000
trusted library allocation
page read and write
7FFB1176E000
trusted library allocation
page read and write
7EF0000
trusted library allocation
page read and write
14018641000
heap
page read and write
7FFB11780000
trusted library allocation
page read and write
7528000
heap
page read and write
7FFB11C20000
trusted library allocation
page read and write
4FB0000
trusted library allocation
page read and write
7FFB116AC000
trusted library allocation
page read and write
3310000
heap
page execute and read and write
7FFB11630000
trusted library allocation
page read and write
7FFB11BF0000
trusted library allocation
page read and write
7EDE000
stack
page read and write
B890000
trusted library allocation
page execute and read and write
10001000
direct allocation
page execute and read and write
14000030000
heap
page readonly
8F26000
trusted library allocation
page read and write
140103C6000
trusted library allocation
page read and write
50A0000
heap
page read and write
B0CC000
trusted library allocation
page read and write
10000000
direct allocation
page read and write
810F000
trusted library allocation
page read and write
7FFB11500000
trusted library allocation
page execute and read and write
1407E0D5000
heap
page read and write
9A70000
trusted library allocation
page execute and read and write
76A0000
trusted library allocation
page read and write
32F0000
trusted library allocation
page read and write
AFC0000
trusted library allocation
page execute and read and write
1407E1FF000
heap
page read and write
7FFB11DDC000
trusted library allocation
page read and write
99C5000
stack
page read and write
730B000
stack
page read and write
14000020000
trusted library allocation
page read and write
80F0000
trusted library allocation
page execute and read and write
7FFB116C5000
trusted library allocation
page read and write
32E0000
heap
page readonly
7FFB119A3000
trusted library allocation
page read and write
8B10000
trusted library allocation
page read and write
7FFB119D0000
trusted library allocation
page read and write
7FFB11887000
trusted library allocation
page read and write
8C6F000
heap
page read and write
71B5000
heap
page execute and read and write
712E000
stack
page read and write
7FFB118F0000
trusted library allocation
page read and write
7FFB11B20000
trusted library allocation
page read and write
8160000
trusted library allocation
page read and write
7FFB11E00000
trusted library allocation
page read and write
32F6000
trusted library allocation
page read and write
B070000
trusted library allocation
page execute and read and write
314E000
stack
page read and write
8F90000
trusted library allocation
page read and write
AE10000
trusted library allocation
page read and write
7FFB11700000
trusted library allocation
page read and write
7FFB11750000
trusted library allocation
page read and write
8E40000
trusted library allocation
page read and write
7FFB1166C000
trusted library allocation
page read and write
7FFB11C70000
trusted library allocation
page read and write
14000412000
trusted library allocation
page read and write
3219000
trusted library allocation
page read and write
140101E1000
trusted library allocation
page read and write
AAB8000
trusted library allocation
page read and write
7FFB11820000
trusted library allocation
page read and write
8E70000
trusted library allocation
page execute and read and write
7FFB11C60000
trusted library allocation
page read and write
8AA0000
trusted library allocation
page read and write
7E5E000
stack
page read and write
14018623000
heap
page read and write
7FFB11C50000
trusted library allocation
page read and write
B100000
trusted library allocation
page read and write
85AE000
stack
page read and write
811C000
trusted library allocation
page read and write
14000E12000
trusted library allocation
page read and write
1BC98B000
stack
page read and write
7FFB11DA0000
trusted library allocation
page read and write
2C80000
heap
page read and write
74CD000
stack
page read and write
AF90000
trusted library allocation
page read and write
8BD0000
trusted library allocation
page read and write
7FFB113ED000
trusted library allocation
page execute and read and write
8AC0000
trusted library allocation
page read and write
8C00000
heap
page read and write
B130000
trusted library allocation
page execute and read and write
10017000
direct allocation
page readonly
B8E0000
trusted library allocation
page execute and read and write
AB10000
trusted library allocation
page execute and read and write
77EE000
stack
page read and write
335C000
stack
page read and write
70EE000
stack
page read and write
5111000
trusted library allocation
page read and write
10018000
direct allocation
page read and write
31C7000
heap
page read and write
AAD0000
trusted library allocation
page read and write
7FFB11620000
trusted library allocation
page read and write
611B000
trusted library allocation
page read and write
7FFB11880000
trusted library allocation
page read and write
89D0000
trusted library allocation
page read and write
7FFB11688000
trusted library allocation
page read and write
7FFB11663000
trusted library allocation
page read and write
7F01000
trusted library allocation
page read and write
31E0000
trusted library allocation
page read and write
7FFB11980000
trusted library allocation
page read and write
7FFB11AD0000
trusted library allocation
page read and write
B0D0000
trusted library allocation
page execute and read and write
1BBB7A000
stack
page read and write
A1F9000
trusted library allocation
page read and write
7FFB119E0000
trusted library allocation
page read and write
1407E193000
heap
page read and write
AAC0000
trusted library allocation
page read and write
3434000
heap
page read and write
8AF0000
trusted library allocation
page execute and read and write
8EE0000
trusted library allocation
page read and write
7E9E000
stack
page read and write
B940000
trusted library allocation
page read and write
ABC0000
trusted library allocation
page read and write
738E000
stack
page read and write
9A0F000
stack
page read and write
7FFB113E3000
trusted library allocation
page execute and read and write
AFA0000
trusted library allocation
page read and write
9A80000
trusted library allocation
page read and write
7FFB11A00000
trusted library allocation
page read and write
7FFB11730000
trusted library allocation
page read and write
9000000
trusted library allocation
page read and write
8066000
trusted library allocation
page read and write
7FFB11DD0000
trusted library allocation
page read and write
ABB0000
heap
page read and write
716E000
stack
page read and write
7FFB11BE0000
trusted library allocation
page read and write
B930000
trusted library allocation
page execute and read and write
7FFB116D0000
trusted library allocation
page read and write
8A20000
trusted library allocation
page read and write
B020000
trusted library allocation
page execute and read and write
7FFB11860000
trusted library allocation
page execute and read and write
AD10000
trusted library allocation
page read and write
3220000
trusted library allocation
page read and write
1401025B000
trusted library allocation
page read and write
1001F000
direct allocation
page read and write
8E30000
trusted library allocation
page read and write
7FFB113E4000
trusted library allocation
page read and write
7FFB11DC0000
trusted library allocation
page read and write
2D37000
stack
page read and write
ACA0000
trusted library allocation
page read and write
7FFB118B0000
trusted library allocation
page read and write
8040000
trusted library allocation
page read and write
B880000
trusted library allocation
page read and write
7FFB11682000
trusted library allocation
page read and write
31D0000
trusted library section
page read and write
1BB97F000
stack
page read and write
140022E9000
trusted library allocation
page read and write
8B30000
trusted library allocation
page execute and read and write
B0C6000
trusted library allocation
page read and write
14018440000
heap
page read and write
3200000
trusted library allocation
page read and write
1400026A000
trusted library allocation
page read and write
1BB8FE000
stack
page read and write
140182F0000
heap
page read and write
7FFB11C30000
trusted library allocation
page read and write
4FD3000
trusted library allocation
page read and write
7FFB11A50000
trusted library allocation
page read and write
8BB0000
trusted library allocation
page execute and read and write
7FFB11C80000
trusted library allocation
page read and write
AA92000
trusted library allocation
page read and write
7FFB11770000
trusted library allocation
page read and write
1407E400000
heap
page read and write
ACC0000
trusted library allocation
page read and write
1BB671000
stack
page read and write
140023AF000
trusted library allocation
page read and write
3370000
trusted library allocation
page read and write
7510000
heap
page read and write
65C7000
trusted library allocation
page read and write
7FFB119B0000
trusted library allocation
page read and write
31F6000
heap
page read and write
B860000
trusted library allocation
page read and write
14018584000
heap
page read and write
3250000
trusted library allocation
page read and write
AC6B000
trusted library allocation
page read and write
AE00000
trusted library allocation
page read and write
AB9B000
stack
page read and write
8F2B000
trusted library allocation
page read and write
7FFB11590000
trusted library allocation
page read and write
62E0000
trusted library allocation
page read and write
7F10000
trusted library allocation
page read and write
7FFB11E7A000
trusted library allocation
page read and write
B8A0000
trusted library allocation
page read and write
7FFB114C6000
trusted library allocation
page execute and read and write
AF80000
trusted library allocation
page read and write
1401838E000
heap
page read and write
3390000
heap
page read and write
140183D8000
heap
page read and write
7FFB1149C000
trusted library allocation
page execute and read and write
7F5C0000
trusted library allocation
page execute and read and write
8B40000
trusted library allocation
page execute and read and write
8CD3000
heap
page read and write
8440000
trusted library allocation
page execute and read and write
7FFB11EC0000
trusted library allocation
page read and write
80D0000
trusted library allocation
page read and write
7FFB11D90000
trusted library allocation
page read and write
7FFB11640000
trusted library allocation
page read and write
1BB77E000
stack
page read and write
3216000
trusted library allocation
page read and write
ADD0000
trusted library allocation
page read and write
B0E0000
trusted library allocation
page read and write
B11D000
trusted library allocation
page read and write
9A10000
heap
page read and write
8EC0000
trusted library allocation
page read and write
9A20000
trusted library allocation
page read and write
3424000
heap
page read and write
60B1000
trusted library allocation
page read and write
B117000
trusted library allocation
page read and write
3360000
trusted library allocation
page execute and read and write
8DBC000
heap
page read and write
4FC0000
trusted library allocation
page read and write
71FE000
stack
page read and write
9A40000
trusted library allocation
page execute and read and write
7FFB11660000
trusted library allocation
page read and write
8F20000
trusted library allocation
page read and write
31B0000
trusted library section
page read and write
4FE0000
trusted library allocation
page read and write
AC1E000
stack
page read and write
7FFB11A40000
trusted library allocation
page read and write
7FFB11670000
trusted library allocation
page read and write
7FFB113F0000
trusted library allocation
page read and write
1407E110000
heap
page read and write
ABD0000
trusted library allocation
page execute and read and write
8BE0000
trusted library allocation
page read and write
7FFB116A7000
trusted library allocation
page read and write
B0F0000
trusted library allocation
page execute and read and write
7FFB11AF0000
trusted library allocation
page read and write
1401865D000
heap
page read and write
7FFB11E80000
trusted library allocation
page read and write
AF70000
trusted library allocation
page read and write
AC5E000
stack
page read and write
7FFB115FB000
trusted library allocation
page read and write
7FFB11ED0000
trusted library allocation
page read and write
1407E050000
heap
page read and write
7FFB1160A000
trusted library allocation
page read and write
B111000
trusted library allocation
page read and write
1407E16D000
heap
page read and write
7F5D8000
trusted library allocation
page execute and read and write
3235000
trusted library allocation
page execute and read and write
7FFB11CD0000
trusted library allocation
page execute and read and write
ADE0000
trusted library allocation
page read and write
140001E1000
trusted library allocation
page read and write
7FFB11C00000
trusted library allocation
page read and write
80C0000
trusted library allocation
page read and write
62E4000
trusted library allocation
page read and write
8460000
trusted library allocation
page execute and read and write
7FFB11CA0000
trusted library allocation
page read and write
8ED0000
trusted library allocation
page execute and read and write
32DE000
stack
page read and write
B950000
heap
page read and write
B080000
trusted library allocation
page execute and read and write
There are 547 hidden memdumps, click here to show them.