Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
MDE_File_Sample_e8a48b47bc6e903a5bcddebf2d9f99488f6556ac.zip
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\IXP000.TMP\azurebox16.ico
|
MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\IXP000.TMP\azurebox32.ico
|
MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\IXP000.TMP\azurevpnbanner.bmp
|
PC bitmap, Windows 3.x format, 330 x 140 x 24, resolution 3780 x 3780 px/m, cbSize 138934, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\IXP000.TMP\ce500069-adf3-426a-a91d-e5a0b4553b19.cer
|
Certificate, Version=3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\IXP000.TMP\ce500069-adf3-426a-a91d-e5a0b4553b19.cmp
|
Generic INItialization configuration [Connection Manager]
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\IXP000.TMP\ce500069-adf3-426a-a91d-e5a0b4553b19.cms
|
Generic INItialization configuration [ISP]
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\IXP000.TMP\ce500069-adf3-426a-a91d-e5a0b4553b19.inf
|
Windows setup INFormation
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\IXP000.TMP\ce500069-adf3-426a-a91d-e5a0b4553b19.pbk
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\IXP000.TMP\cmroute.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\IXP000.TMP\routes.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Vnet-Lab-WE (Single User).log
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Cm\SET109.tmp
|
Generic INItialization configuration [Connection Manager]
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Cm\SET5061.tmp
|
Generic INItialization configuration [Connection Manager]
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Cm\ce500069-adf3-426a-a91d-e5a0b4553b19.cmp (copy)
|
Generic INItialization configuration [Connection Manager]
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Cm\ce500069-adf3-426a-a91d-e5a0b4553b19\SET4FCB.tmp
|
MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Cm\ce500069-adf3-426a-a91d-e5a0b4553b19\SET4FCC.tmp
|
MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Cm\ce500069-adf3-426a-a91d-e5a0b4553b19\SET4FDD.tmp
|
PC bitmap, Windows 3.x format, 330 x 140 x 24, resolution 3780 x 3780 px/m, cbSize 138934, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Cm\ce500069-adf3-426a-a91d-e5a0b4553b19\SET500D.tmp
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Cm\ce500069-adf3-426a-a91d-e5a0b4553b19\SET501E.tmp
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Cm\ce500069-adf3-426a-a91d-e5a0b4553b19\SET503E.tmp
|
Certificate, Version=3
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Cm\ce500069-adf3-426a-a91d-e5a0b4553b19\SET503F.tmp
|
Generic INItialization configuration [ISP]
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Cm\ce500069-adf3-426a-a91d-e5a0b4553b19\SET504F.tmp
|
Windows setup INFormation
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Cm\ce500069-adf3-426a-a91d-e5a0b4553b19\SET5060.tmp
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Cm\ce500069-adf3-426a-a91d-e5a0b4553b19\SETB1.tmp
|
MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Cm\ce500069-adf3-426a-a91d-e5a0b4553b19\SETC2.tmp
|
MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Cm\ce500069-adf3-426a-a91d-e5a0b4553b19\SETC3.tmp
|
PC bitmap, Windows 3.x format, 330 x 140 x 24, resolution 3780 x 3780 px/m, cbSize 138934, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Cm\ce500069-adf3-426a-a91d-e5a0b4553b19\SETD4.tmp
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Cm\ce500069-adf3-426a-a91d-e5a0b4553b19\SETD5.tmp
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Cm\ce500069-adf3-426a-a91d-e5a0b4553b19\SETE5.tmp
|
Certificate, Version=3
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Cm\ce500069-adf3-426a-a91d-e5a0b4553b19\SETF6.tmp
|
Generic INItialization configuration [ISP]
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Cm\ce500069-adf3-426a-a91d-e5a0b4553b19\SETF7.tmp
|
Windows setup INFormation
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Cm\ce500069-adf3-426a-a91d-e5a0b4553b19\SETF8.tmp
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Cm\ce500069-adf3-426a-a91d-e5a0b4553b19\azurebox16.ico (copy)
|
MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Cm\ce500069-adf3-426a-a91d-e5a0b4553b19\azurebox32.ico (copy)
|
MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Cm\ce500069-adf3-426a-a91d-e5a0b4553b19\azurevpnbanner.bmp (copy)
|
PC bitmap, Windows 3.x format, 330 x 140 x 24, resolution 3780 x 3780 px/m, cbSize 138934, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Cm\ce500069-adf3-426a-a91d-e5a0b4553b19\ce500069-adf3-426a-a91d-e5a0b4553b19.cer
(copy)
|
Certificate, Version=3
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Cm\ce500069-adf3-426a-a91d-e5a0b4553b19\ce500069-adf3-426a-a91d-e5a0b4553b19.cms
(copy)
|
Generic INItialization configuration [ISP]
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Cm\ce500069-adf3-426a-a91d-e5a0b4553b19\ce500069-adf3-426a-a91d-e5a0b4553b19.inf
(copy)
|
Windows setup INFormation
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Cm\ce500069-adf3-426a-a91d-e5a0b4553b19\ce500069-adf3-426a-a91d-e5a0b4553b19.pbk
(copy)
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Cm\ce500069-adf3-426a-a91d-e5a0b4553b19\cmroute.dll (copy)
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Cm\ce500069-adf3-426a-a91d-e5a0b4553b19\routes.txt (copy)
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\OLD4FBC.tmp
|
MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
|
dropped
|
||
|
C:\Windows\Temp\OLD4FCC.tmp
|
MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
|
dropped
|
||
|
C:\Windows\Temp\OLD4FDD.tmp
|
PC bitmap, Windows 3.x format, 330 x 140 x 24, resolution 3780 x 3780 px/m, cbSize 138934, bits offset 54
|
dropped
|
||
|
C:\Windows\Temp\OLD500D.tmp
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\OLD500E.tmp
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Windows\Temp\OLD502E.tmp
|
Certificate, Version=3
|
dropped
|
||
|
C:\Windows\Temp\OLD503F.tmp
|
Generic INItialization configuration [ISP]
|
dropped
|
||
|
C:\Windows\Temp\OLD504F.tmp
|
Windows setup INFormation
|
dropped
|
||
|
C:\Windows\Temp\OLD5050.tmp
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\OLD5061.tmp
|
Generic INItialization configuration [Connection Manager]
|
dropped
|
There are 43 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\cmstp.exe
|
cmstp.exe /s /su /ns ce500069-adf3-426a-a91d-e5a0b4553b19.inf
|
|
|
|
C:\Windows\System32\reg.exe
|
reg add HKLM\SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP\13 /v SelectSelfSignedCert /t REG_DWORD /d 1 /f
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c certutil -addstore root %APPDATA%\Microsoft\Network\Connections\Cm\ce500069-adf3-426a-a91d-e5a0b4553b19\ce500069-adf3-426a-a91d-e5a0b4553b19.cer
|
|
|
|
C:\Windows\System32\certutil.exe
|
certutil -addstore root C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Cm\ce500069-adf3-426a-a91d-e5a0b4553b19\ce500069-adf3-426a-a91d-e5a0b4553b19.cer
|
|
|
|
C:\Windows\System32\cmstp.exe
|
cmstp.exe /s /su /ns ce500069-adf3-426a-a91d-e5a0b4553b19.inf
|
|
|
|
C:\Windows\System32\reg.exe
|
reg add HKLM\SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP\13 /v SelectSelfSignedCert /t REG_DWORD /d 1 /f
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /c certutil -addstore root %APPDATA%\Microsoft\Network\Connections\Cm\ce500069-adf3-426a-a91d-e5a0b4553b19\ce500069-adf3-426a-a91d-e5a0b4553b19.cer
|
|
|
|
C:\Windows\System32\certutil.exe
|
certutil -addstore root C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Cm\ce500069-adf3-426a-a91d-e5a0b4553b19\ce500069-adf3-426a-a91d-e5a0b4553b19.cer
|
|
|
|
C:\Windows\System32\rundll32.exe
|
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6}
-Embedding
|
||
|
C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_e8a48b47bc6e903a5bcddebf2d9f99488f6556ac.zip\VpnClientSetupAmd64.exe
|
"C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_e8a48b47bc6e903a5bcddebf2d9f99488f6556ac.zip\VpnClientSetupAmd64.exe"
|
||
|
C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_e8a48b47bc6e903a5bcddebf2d9f99488f6556ac.zip\VpnClientSetupAmd64.exe
|
"C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_e8a48b47bc6e903a5bcddebf2d9f99488f6556ac.zip\VpnClientSetupAmd64.exe"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_e8a48b47bc6e903a5bcddebf2d9f99488f6556ac.zip\VpnClientSetupAmd64.exe
|
"C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_e8a48b47bc6e903a5bcddebf2d9f99488f6556ac.zip\VpnClientSetupAmd64.exe"
|
||
|
C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_e8a48b47bc6e903a5bcddebf2d9f99488f6556ac.zip\VpnClientSetupAmd64.exe
|
"C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_e8a48b47bc6e903a5bcddebf2d9f99488f6556ac.zip\VpnClientSetupAmd64.exe"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\rasautou.exe
|
"C:\Windows\system32\rasautou.exe" -o -f "C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk" -e
"Vnet-Lab-WE"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 9 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://crl1.ame.gbl/crl/ameroot.crl
|
unknown
|
||
|
http://crl3.ame.gbl/crl/ameroot.crl
|
unknown
|
||
|
http://crl3.ame.gbl/aia/BY2PKICSCA01.AME.GBL_AME%20CS%20CA%2001(2).crt0R
|
unknown
|
||
|
http://crl2.ame.gbl/aia/BY2PKICSCA01.AME.GBL_AME%20CS%20CA%2001(2).crt0R
|
unknown
|
||
|
http://crl3.ame.gbl/aia/AMERoot_ameroot.crt07
|
unknown
|
||
|
http://crl1.ame.gbl/aia/BY2PKICSCA01.AME.GBL_AME%20CS%20CA%2001(2).crt0R
|
unknown
|
||
|
http://crl4.ame.gbl/aia/BY2PKICSCA01.AME.GBL_AME%20CS%20CA%2001(2).crt0
|
unknown
|
||
|
http://crl4.ame.gbl/crl/AME%20CS%20CA%2001(2).crl
|
unknown
|
||
|
http://crl1.ame.gbl/crl/AME%20CS%20CA%2001(2).crl
|
unknown
|
||
|
http://crl3.ame.gbl/crl/AME%20CS%20CA%2001(2).crl
|
unknown
|
||
|
http://crl2.ame.gbl/crl/AME%20CS%20CA%2001(2).crl
|
unknown
|
||
|
http://crl2.ame.gbl/aia/AMERoot_ameroot.crt07
|
unknown
|
||
|
http://crl2.ame.gbl/crl/ameroot.crl
|
unknown
|
||
|
http://crl1.ame.gbl/aia/AMERoot_ameroot.crt0
|
unknown
|
There are 4 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
|
wextract_cleanup0
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\CMSTP
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\CMSTP
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\CMSTP
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\CMSTP
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\CMSTP
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\CMSTP
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\CMSTP
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Connection Manager
|
ProfileInstallPath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
|
SM_AccessoriesName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
|
PF_AccessoriesName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion
|
SM_AccessoriesName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion
|
PF_AccessoriesName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Connection Manager\Mappings
|
Vnet-Lab-WE
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\cmstp_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\cmstp_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\cmstp_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\cmstp_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\cmstp_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\cmstp_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\cmstp_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\cmstp_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\cmstp_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\cmstp_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\cmstp_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\cmstp_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\cmstp_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\cmstp_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\VAN\{6705C562-0AE7-40EA-8474-F39DAB1813D0}
|
Active
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasMan\PPP\EAP\13
|
SelectSelfSignedCert
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.60.3.1!7
|
Name
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.60.3.2!7
|
Name
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.60.3.3!7
|
Name
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1f\417C44EB
|
@C:\Windows\System32\AppxPackaging.dll,-1001
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
|
wextract_cleanup0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Connection Manager
|
ProfileInstallPath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rasautou_RASDLG
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rasautou_RASDLG
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rasautou_RASDLG
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rasautou_RASDLG
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rasautou_RASDLG
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rasautou_RASDLG
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rasautou_RASDLG
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rasautou_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rasautou_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rasautou_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rasautou_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rasautou_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rasautou_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rasautou_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rasautou_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rasautou_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rasautou_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rasautou_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rasautou_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rasautou_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rasautou_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\CMDIAL32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\CMDIAL32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\CMDIAL32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\CMDIAL32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\CMDIAL32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\CMDIAL32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\CMDIAL32
|
FileDirectory
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1f\417C44EB
|
@%SystemRoot%\System32\SimAuth.dll,-1001
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1f\417C44EB
|
@%SystemRoot%\System32\TtlsCfg.dll,-1001
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1f\417C44EB
|
@%SystemRoot%\System32\SimAuth.dll,-1002
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1f\417C44EB
|
@%SystemRoot%\System32\SimAuth.dll,-1003
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1f\417C44EB
|
@%SystemRoot%\System32\EapTeapAuth.dll,-1001
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1f\417C44EB
|
@%SystemRoot%\system32\rastls.dll,-2001
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1f\417C44EB
|
@%SystemRoot%\system32\rastls.dll,-2002
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1f\417C44EB
|
@%SystemRoot%\system32\raschap.dll,-2002
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Connection Manager\SingleUserInfo\Vnet-Lab-WE
|
DialAutomatically
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Connection Manager\SingleUserInfo\Vnet-Lab-WE
|
RememberPassword
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Connection Manager\SingleUserInfo\Vnet-Lab-WE
|
RememberInternetPassword
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Connection Manager\SingleUserInfo\Vnet-Lab-WE
|
NoCustomActionElevationInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rasautou_RASTLSUI
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rasautou_RASTLSUI
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rasautou_RASTLSUI
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rasautou_RASTLSUI
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rasautou_RASTLSUI
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rasautou_RASTLSUI
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rasautou_RASTLSUI
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CertSelect
|
TickCount
|
There are 75 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1D7A8FFB000
|
heap
|
page read and write
|
||
|
25039A5C000
|
heap
|
page read and write
|
||
|
23910CB1000
|
heap
|
page read and write
|
||
|
1D7A8FEE000
|
heap
|
page read and write
|
||
|
1D7A9285000
|
heap
|
page read and write
|
||
|
172ED0F0000
|
heap
|
page read and write
|
||
|
59078FD000
|
stack
|
page read and write
|
||
|
1D7A900C000
|
heap
|
page read and write
|
||
|
1D7A8FFB000
|
heap
|
page read and write
|
||
|
25039A64000
|
heap
|
page read and write
|
||
|
1D7A9008000
|
heap
|
page read and write
|
||
|
25039A8D000
|
heap
|
page read and write
|
||
|
1D7A9008000
|
heap
|
page read and write
|
||
|
23910CCD000
|
heap
|
page read and write
|
||
|
23910DB5000
|
direct allocation
|
page read and write
|
||
|
ADE3AD3000
|
stack
|
page read and write
|
||
|
23912960000
|
heap
|
page read and write
|
||
|
172EF08B000
|
heap
|
page read and write
|
||
|
25039A68000
|
heap
|
page read and write
|
||
|
1D7A8FB8000
|
heap
|
page read and write
|
||
|
1D7A9001000
|
heap
|
page read and write
|
||
|
172ECF4C000
|
heap
|
page read and write
|
||
|
23910C31000
|
heap
|
page read and write
|
||
|
136C68FB000
|
heap
|
page read and write
|
||
|
23910DB0000
|
direct allocation
|
page read and write
|
||
|
25039A8A000
|
heap
|
page read and write
|
||
|
1D7A8FEF000
|
heap
|
page read and write
|
||
|
1D7A8FF4000
|
heap
|
page read and write
|
||
|
1C9632B0000
|
heap
|
page read and write
|
||
|
1D7A9001000
|
heap
|
page read and write
|
||
|
1D7A8FF4000
|
heap
|
page read and write
|
||
|
6CC517E000
|
stack
|
page read and write
|
||
|
2503B730000
|
trusted library allocation
|
page read and write
|
||
|
1D7A8FFA000
|
heap
|
page read and write
|
||
|
23913600000
|
heap
|
page read and write
|
||
|
23910DCF000
|
direct allocation
|
page read and write
|
||
|
25039A73000
|
heap
|
page read and write
|
||
|
23910DB0000
|
direct allocation
|
page read and write
|
||
|
25039A6D000
|
heap
|
page read and write
|
||
|
25039A68000
|
heap
|
page read and write
|
||
|
16B2C3C5000
|
heap
|
page read and write
|
||
|
1D7A9007000
|
heap
|
page read and write
|
||
|
25039A83000
|
heap
|
page read and write
|
||
|
25039A6D000
|
heap
|
page read and write
|
||
|
25039A68000
|
heap
|
page read and write
|
||
|
1D7A9280000
|
heap
|
page read and write
|
||
|
25039A6D000
|
heap
|
page read and write
|
||
|
1D7A900F000
|
heap
|
page read and write
|
||
|
17157900000
|
heap
|
page read and write
|
||
|
25039A72000
|
heap
|
page read and write
|
||
|
CA552D000
|
stack
|
page read and write
|
||
|
23910CB2000
|
heap
|
page read and write
|
||
|
136C6902000
|
heap
|
page read and write
|
||
|
25039A74000
|
heap
|
page read and write
|
||
|
136C6880000
|
heap
|
page read and write
|
||
|
6CC51FE000
|
stack
|
page read and write
|
||
|
1D7A8FF2000
|
heap
|
page read and write
|
||
|
172ECF5C000
|
heap
|
page read and write
|
||
|
7FF77FFB0000
|
unkown
|
page readonly
|
||
|
23910B10000
|
heap
|
page read and write
|
||
|
1D7A8FF5000
|
heap
|
page read and write
|
||
|
23910DCF000
|
direct allocation
|
page read and write
|
||
|
23910DBE000
|
direct allocation
|
page read and write
|
||
|
25039A78000
|
heap
|
page read and write
|
||
|
1D7A9001000
|
heap
|
page read and write
|
||
|
172ECDA0000
|
heap
|
page read and write
|
||
|
23910CAE000
|
heap
|
page read and write
|
||
|
7FF627459000
|
unkown
|
page readonly
|
||
|
590797F000
|
stack
|
page read and write
|
||
|
25039A7C000
|
heap
|
page read and write
|
||
|
1D7A9006000
|
heap
|
page read and write
|
||
|
25039920000
|
heap
|
page read and write
|
||
|
1D7A8FF4000
|
heap
|
page read and write
|
||
|
1D7A8FE6000
|
heap
|
page read and write
|
||
|
17157960000
|
heap
|
page read and write
|
||
|
CA54AC000
|
stack
|
page read and write
|
||
|
16B2C110000
|
heap
|
page read and write
|
||
|
25039A68000
|
heap
|
page read and write
|
||
|
25039A5C000
|
heap
|
page read and write
|
||
|
C1BF9E000
|
stack
|
page read and write
|
||
|
25039A5E000
|
heap
|
page read and write
|
||
|
1D7A8FFC000
|
heap
|
page read and write
|
||
|
25039A7E000
|
heap
|
page read and write
|
||
|
1D7A9002000
|
heap
|
page read and write
|
||
|
23910DB0000
|
direct allocation
|
page read and write
|
||
|
23910C62000
|
heap
|
page read and write
|
||
|
172ECF49000
|
heap
|
page read and write
|
||
|
23910CAA000
|
heap
|
page read and write
|
||
|
23910DB3000
|
direct allocation
|
page read and write
|
||
|
25039A61000
|
heap
|
page read and write
|
||
|
1C9612C0000
|
heap
|
page read and write
|
||
|
23910E1D000
|
heap
|
page read and write
|
||
|
172ECF67000
|
heap
|
page read and write
|
||
|
23910CD0000
|
heap
|
page read and write
|
||
|
172ECF56000
|
heap
|
page read and write
|
||
|
23910C47000
|
heap
|
page read and write
|
||
|
172ECF63000
|
heap
|
page read and write
|
||
|
23910CBA000
|
heap
|
page read and write
|
||
|
1D7A8FF6000
|
heap
|
page read and write
|
||
|
7FF62745C000
|
unkown
|
page read and write
|
||
|
23913620000
|
heap
|
page read and write
|
||
|
23910DC3000
|
direct allocation
|
page read and write
|
||
|
172ED0F5000
|
heap
|
page read and write
|
||
|
ED4A077000
|
stack
|
page read and write
|
||
|
1D7AADA0000
|
heap
|
page read and write
|
||
|
23910DCD000
|
direct allocation
|
page read and write
|
||
|
23910CB4000
|
heap
|
page read and write
|
||
|
ADE3EFD000
|
stack
|
page read and write
|
||
|
23910DCF000
|
direct allocation
|
page read and write
|
||
|
23910DB3000
|
direct allocation
|
page read and write
|
||
|
25039A60000
|
heap
|
page read and write
|
||
|
33418FE000
|
stack
|
page read and write
|
||
|
172ECFA0000
|
heap
|
page read and write
|
||
|
ADE3F7E000
|
stack
|
page read and write
|
||
|
CA587E000
|
stack
|
page read and write
|
||
|
1BB1A670000
|
heap
|
page read and write
|
||
|
136C6932000
|
heap
|
page read and write
|
||
|
23910E10000
|
heap
|
page read and write
|
||
|
1D7A900C000
|
heap
|
page read and write
|
||
|
25039A5C000
|
heap
|
page read and write
|
||
|
CA58FF000
|
stack
|
page read and write
|
||
|
136C6904000
|
heap
|
page read and write
|
||
|
1D7A9008000
|
heap
|
page read and write
|
||
|
23910DCD000
|
direct allocation
|
page read and write
|
||
|
23910CB2000
|
heap
|
page read and write
|
||
|
112B37E000
|
stack
|
page read and write
|
||
|
23910CAD000
|
heap
|
page read and write
|
||
|
25039A68000
|
heap
|
page read and write
|
||
|
136C872A000
|
heap
|
page read and write
|
||
|
23910CAC000
|
heap
|
page read and write
|
||
|
1BB1A339000
|
heap
|
page read and write
|
||
|
F4237E000
|
stack
|
page read and write
|
||
|
23910DCB000
|
direct allocation
|
page read and write
|
||
|
1D7A8FE6000
|
heap
|
page read and write
|
||
|
239135B0000
|
heap
|
page read and write
|
||
|
1C9632A0000
|
heap
|
page read and write
|
||
|
25039A76000
|
heap
|
page read and write
|
||
|
25039A5C000
|
heap
|
page read and write
|
||
|
23910CDB000
|
heap
|
page read and write
|
||
|
25039A7E000
|
heap
|
page read and write
|
||
|
6CC507D000
|
stack
|
page read and write
|
||
|
172ECF9B000
|
heap
|
page read and write
|
||
|
136C694D000
|
heap
|
page read and write
|
||
|
112B3FD000
|
stack
|
page read and write
|
||
|
25039A5A000
|
heap
|
page read and write
|
||
|
23910DCB000
|
direct allocation
|
page read and write
|
||
|
23910CB2000
|
heap
|
page read and write
|
||
|
172ECF52000
|
heap
|
page read and write
|
||
|
1D7A8FFB000
|
heap
|
page read and write
|
||
|
25039A72000
|
heap
|
page read and write
|
||
|
1D7A8FF7000
|
heap
|
page read and write
|
||
|
23910C50000
|
heap
|
page read and write
|
||
|
25039A20000
|
heap
|
page read and write
|
||
|
DCDD1FF000
|
stack
|
page read and write
|
||
|
112B27C000
|
stack
|
page read and write
|
||
|
172F06C0000
|
heap
|
page read and write
|
||
|
25039A6D000
|
heap
|
page read and write
|
||
|
1BB1A330000
|
heap
|
page read and write
|
||
|
25039A8A000
|
heap
|
page read and write
|
||
|
136C6908000
|
heap
|
page read and write
|
||
|
136C692F000
|
heap
|
page read and write
|
||
|
1D7A8F70000
|
heap
|
page read and write
|
||
|
ADE3B5F000
|
stack
|
page read and write
|
||
|
25039A7E000
|
heap
|
page read and write
|
||
|
136C6940000
|
heap
|
page read and write
|
||
|
136C85D0000
|
heap
|
page read and write
|
||
|
172ECF50000
|
heap
|
page read and write
|
||
|
1D7A8FFE000
|
heap
|
page read and write
|
||
|
136C9EF0000
|
trusted library allocation
|
page read and write
|
||
|
1D7A8F50000
|
heap
|
page read and write
|
||
|
ED4A37E000
|
stack
|
page read and write
|
||
|
23910DCF000
|
direct allocation
|
page read and write
|
||
|
239135B0000
|
heap
|
page read and write
|
||
|
ADE3E7E000
|
stack
|
page read and write
|
||
|
23910CCF000
|
heap
|
page read and write
|
||
|
25039A55000
|
heap
|
page read and write
|
||
|
17157A95000
|
heap
|
page read and write
|
||
|
17157820000
|
heap
|
page read and write
|
||
|
1BB1BFF0000
|
heap
|
page read and write
|
||
|
25039B20000
|
heap
|
page read and write
|
||
|
23912993000
|
heap
|
page read and write
|
||
|
17159740000
|
heap
|
page read and write
|
||
|
2503B730000
|
trusted library allocation
|
page read and write
|
||
|
23910CBB000
|
heap
|
page read and write
|
||
|
1C9613D0000
|
heap
|
page read and write
|
||
|
1BB1A2C0000
|
heap
|
page read and write
|
||
|
1D7A8FEC000
|
heap
|
page read and write
|
||
|
1D7A900F000
|
heap
|
page read and write
|
||
|
23910CC2000
|
heap
|
page read and write
|
||
|
25039A5C000
|
heap
|
page read and write
|
||
|
23913390000
|
heap
|
page read and write
|
||
|
25039A5E000
|
heap
|
page read and write
|
||
|
F4227E000
|
stack
|
page read and write
|
||
|
1D7A9000000
|
heap
|
page read and write
|
||
|
136C6932000
|
heap
|
page read and write
|
||
|
23910D50000
|
heap
|
page read and write
|
||
|
1D7A9006000
|
heap
|
page read and write
|
||
|
25039A66000
|
heap
|
page read and write
|
||
|
25039A81000
|
heap
|
page read and write
|
||
|
1D7A8FFD000
|
heap
|
page read and write
|
||
|
1BB1A2D0000
|
heap
|
page read and write
|
||
|
1BB1A675000
|
heap
|
page read and write
|
||
|
23910C5B000
|
heap
|
page read and write
|
||
|
17159580000
|
heap
|
page read and write
|
||
|
172ECF4C000
|
heap
|
page read and write
|
||
|
7FF62745C000
|
unkown
|
page write copy
|
||
|
23910CF0000
|
heap
|
page read and write
|
||
|
239136C0000
|
heap
|
page read and write
|
||
|
25039A5C000
|
heap
|
page read and write
|
||
|
F422FE000
|
stack
|
page read and write
|
||
|
23910DB3000
|
direct allocation
|
page read and write
|
||
|
25039A8D000
|
heap
|
page read and write
|
||
|
1D7A9002000
|
heap
|
page read and write
|
||
|
23910DB3000
|
direct allocation
|
page read and write
|
||
|
1D7A9001000
|
heap
|
page read and write
|
||
|
23910CBE000
|
heap
|
page read and write
|
||
|
25039A68000
|
heap
|
page read and write
|
||
|
23913650000
|
heap
|
page read and write
|
||
|
1D7A8FF4000
|
heap
|
page read and write
|
||
|
136C6927000
|
heap
|
page read and write
|
||
|
23910DCD000
|
direct allocation
|
page read and write
|
||
|
23910DB0000
|
direct allocation
|
page read and write
|
||
|
23910CD0000
|
heap
|
page read and write
|
||
|
16B2C120000
|
heap
|
page read and write
|
||
|
172F06C3000
|
heap
|
page read and write
|
||
|
26AD5F30000
|
heap
|
page read and write
|
||
|
334187C000
|
stack
|
page read and write
|
||
|
23910DCB000
|
direct allocation
|
page read and write
|
||
|
23910C4B000
|
heap
|
page read and write
|
||
|
1D7A8FFE000
|
heap
|
page read and write
|
||
|
26AD6305000
|
heap
|
page read and write
|
||
|
23910CB5000
|
heap
|
page read and write
|
||
|
C1C2FE000
|
stack
|
page read and write
|
||
|
172ECF69000
|
heap
|
page read and write
|
||
|
25039A5C000
|
heap
|
page read and write
|
||
|
23910DB5000
|
direct allocation
|
page read and write
|
||
|
25039A7E000
|
heap
|
page read and write
|
||
|
136C6810000
|
heap
|
page read and write
|
||
|
25039A60000
|
heap
|
page read and write
|
||
|
25039A8A000
|
heap
|
page read and write
|
||
|
25039A75000
|
heap
|
page read and write
|
||
|
23910CCD000
|
heap
|
page read and write
|
||
|
23910CC7000
|
heap
|
page read and write
|
||
|
16B2C3C0000
|
heap
|
page read and write
|
||
|
136C6916000
|
heap
|
page read and write
|
||
|
26AD6030000
|
heap
|
page read and write
|
||
|
23910C4F000
|
heap
|
page read and write
|
||
|
172ECF8A000
|
heap
|
page read and write
|
||
|
23910DB0000
|
direct allocation
|
page read and write
|
||
|
136C6AEA000
|
heap
|
page read and write
|
||
|
23910CA2000
|
heap
|
page read and write
|
||
|
23910DCF000
|
direct allocation
|
page read and write
|
||
|
ED4A3FF000
|
stack
|
page read and write
|
||
|
136C6911000
|
heap
|
page read and write
|
||
|
F41F9E000
|
stack
|
page read and write
|
||
|
23910DB0000
|
direct allocation
|
page read and write
|
||
|
23910DB3000
|
direct allocation
|
page read and write
|
||
|
1D7A8FF6000
|
heap
|
page read and write
|
||
|
1C961635000
|
heap
|
page read and write
|
||
|
23910DB8000
|
direct allocation
|
page read and write
|
||
|
6CC4D9E000
|
stack
|
page read and write
|
||
|
25039C40000
|
heap
|
page read and write
|
||
|
172ECF5A000
|
heap
|
page read and write
|
||
|
25039A5E000
|
heap
|
page read and write
|
||
|
25039A68000
|
heap
|
page read and write
|
||
|
112B47E000
|
stack
|
page read and write
|
||
|
1D7A8FFD000
|
heap
|
page read and write
|
||
|
136C68E0000
|
heap
|
page read and write
|
||
|
172ECF55000
|
heap
|
page read and write
|
||
|
23910CA1000
|
heap
|
page read and write
|
||
|
ED4A2FE000
|
stack
|
page read and write
|
||
|
23910C40000
|
heap
|
page read and write
|
||
|
23910CBA000
|
heap
|
page read and write
|
||
|
172ECE80000
|
heap
|
page read and write
|
||
|
23910DB0000
|
direct allocation
|
page read and write
|
||
|
1D7A8FF4000
|
heap
|
page read and write
|
||
|
23910DB0000
|
direct allocation
|
page read and write
|
||
|
33419FF000
|
stack
|
page read and write
|
||
|
1D7A8FF9000
|
heap
|
page read and write
|
||
|
172ECF59000
|
heap
|
page read and write
|
||
|
23910CE9000
|
heap
|
page read and write
|
||
|
25039A7C000
|
heap
|
page read and write
|
||
|
23910DCF000
|
direct allocation
|
page read and write
|
||
|
1D7A9001000
|
heap
|
page read and write
|
||
|
136C6907000
|
heap
|
page read and write
|
||
|
25039A75000
|
heap
|
page read and write
|
||
|
136C6890000
|
heap
|
page read and write
|
||
|
7FF627451000
|
unkown
|
page execute read
|
||
|
25039A7E000
|
heap
|
page read and write
|
||
|
25039C00000
|
heap
|
page read and write
|
||
|
25039A62000
|
heap
|
page read and write
|
||
|
23910DB0000
|
direct allocation
|
page read and write
|
||
|
17157A90000
|
heap
|
page read and write
|
||
|
23910DB0000
|
direct allocation
|
page read and write
|
||
|
C1C3FE000
|
stack
|
page read and write
|
||
|
C1C37E000
|
stack
|
page read and write
|
||
|
23910C0E000
|
heap
|
page read and write
|
||
|
1D7A8FF2000
|
heap
|
page read and write
|
||
|
23910CE4000
|
heap
|
page read and write
|
||
|
6CC4D1B000
|
stack
|
page read and write
|
||
|
25039A55000
|
heap
|
page read and write
|
||
|
136C6948000
|
heap
|
page read and write
|
||
|
23910CB8000
|
heap
|
page read and write
|
||
|
25039A5A000
|
heap
|
page read and write
|
||
|
25039A28000
|
heap
|
page read and write
|
||
|
23910CC6000
|
heap
|
page read and write
|
||
|
1D7A8FF4000
|
heap
|
page read and write
|
||
|
23910DB3000
|
direct allocation
|
page read and write
|
||
|
172ECF37000
|
heap
|
page read and write
|
||
|
23910DB0000
|
direct allocation
|
page read and write
|
||
|
6CC50FE000
|
stack
|
page read and write
|
||
|
25039A64000
|
heap
|
page read and write
|
||
|
DCDD07D000
|
stack
|
page read and write
|
||
|
1D7A900C000
|
heap
|
page read and write
|
||
|
136C6940000
|
heap
|
page read and write
|
||
|
1C961630000
|
heap
|
page read and write
|
||
|
23910DCD000
|
direct allocation
|
page read and write
|
||
|
1D7A8FF8000
|
heap
|
page read and write
|
||
|
23910CE4000
|
heap
|
page read and write
|
||
|
23910DCB000
|
direct allocation
|
page read and write
|
||
|
1D7A8FDA000
|
heap
|
page read and write
|
||
|
23913600000
|
heap
|
page read and write
|
||
|
23910DCD000
|
direct allocation
|
page read and write
|
||
|
136C9EE0000
|
heap
|
page read and write
|
||
|
23910DD6000
|
direct allocation
|
page read and write
|
||
|
ADE3FFF000
|
stack
|
page read and write
|
||
|
239135E0000
|
heap
|
page read and write
|
||
|
136C6710000
|
heap
|
page read and write
|
||
|
25039A5C000
|
heap
|
page read and write
|
||
|
7FF77FFBC000
|
unkown
|
page read and write
|
||
|
23910CAB000
|
heap
|
page read and write
|
||
|
25039A5E000
|
heap
|
page read and write
|
||
|
25039A66000
|
heap
|
page read and write
|
||
|
25039A8C000
|
heap
|
page read and write
|
||
|
136C6907000
|
heap
|
page read and write
|
||
|
25039A5E000
|
heap
|
page read and write
|
||
|
23910CC7000
|
heap
|
page read and write
|
||
|
25039A64000
|
heap
|
page read and write
|
||
|
25039A7E000
|
heap
|
page read and write
|
||
|
1D7A9001000
|
heap
|
page read and write
|
||
|
23910DCF000
|
direct allocation
|
page read and write
|
||
|
1D7A8FFA000
|
heap
|
page read and write
|
||
|
23910DB8000
|
direct allocation
|
page read and write
|
||
|
23910C67000
|
heap
|
page read and write
|
||
|
23910DB3000
|
direct allocation
|
page read and write
|
||
|
1D7A8FF5000
|
heap
|
page read and write
|
||
|
23910DB0000
|
direct allocation
|
page read and write
|
||
|
172ECF00000
|
heap
|
page read and write
|
||
|
7FF627450000
|
unkown
|
page readonly
|
||
|
25039C45000
|
heap
|
page read and write
|
||
|
25039A61000
|
heap
|
page read and write
|
||
|
1D7A9008000
|
heap
|
page read and write
|
||
|
239135C0000
|
heap
|
page read and write
|
||
|
136C9EE3000
|
heap
|
page read and write
|
||
|
25039A59000
|
heap
|
page read and write
|
||
|
23910DCB000
|
direct allocation
|
page read and write
|
||
|
23910DCB000
|
direct allocation
|
page read and write
|
||
|
25039A75000
|
heap
|
page read and write
|
||
|
23910CBA000
|
heap
|
page read and write
|
||
|
239135A0000
|
heap
|
page read and write
|
||
|
136C6AE5000
|
heap
|
page read and write
|
||
|
172ECF55000
|
heap
|
page read and write
|
||
|
7FF77FFB9000
|
unkown
|
page readonly
|
||
|
25039A64000
|
heap
|
page read and write
|
||
|
23910DB3000
|
direct allocation
|
page read and write
|
||
|
136C68FE000
|
heap
|
page read and write
|
||
|
25039A6A000
|
heap
|
page read and write
|
||
|
23910DCB000
|
direct allocation
|
page read and write
|
||
|
23910DCB000
|
direct allocation
|
page read and write
|
||
|
23910C54000
|
heap
|
page read and write
|
||
|
25039A68000
|
heap
|
page read and write
|
||
|
23910DB0000
|
direct allocation
|
page read and write
|
||
|
136C692B000
|
heap
|
page read and write
|
||
|
136C692F000
|
heap
|
page read and write
|
||
|
172ECFA1000
|
heap
|
page read and write
|
||
|
1D7A9000000
|
heap
|
page read and write
|
||
|
172EEA30000
|
heap
|
page read and write
|
||
|
1BB1A2F0000
|
heap
|
page read and write
|
||
|
23910DB3000
|
direct allocation
|
page read and write
|
||
|
25039A8C000
|
heap
|
page read and write
|
||
|
1C9613F7000
|
heap
|
page read and write
|
||
|
172ECF52000
|
heap
|
page read and write
|
||
|
172ECF30000
|
heap
|
page read and write
|
||
|
334197E000
|
stack
|
page read and write
|
||
|
1D7A8FB0000
|
heap
|
page read and write
|
||
|
25039A47000
|
heap
|
page read and write
|
||
|
25039A5B000
|
heap
|
page read and write
|
||
|
172ED0FA000
|
heap
|
page read and write
|
||
|
136C6AE0000
|
heap
|
page read and write
|
||
|
1D7A8FFB000
|
heap
|
page read and write
|
||
|
25039A61000
|
heap
|
page read and write
|
||
|
136C6936000
|
heap
|
page read and write
|
||
|
1C9613A0000
|
heap
|
page read and write
|
||
|
23910DB0000
|
direct allocation
|
page read and write
|
||
|
1D7A9002000
|
heap
|
page read and write
|
||
|
C1C27E000
|
stack
|
page read and write
|
||
|
1D7A8FFB000
|
heap
|
page read and write
|
||
|
25039A8D000
|
heap
|
page read and write
|
||
|
23910C00000
|
heap
|
page read and write
|
||
|
16B2C140000
|
heap
|
page read and write
|
||
|
172ECF93000
|
heap
|
page read and write
|
||
|
26AD6010000
|
heap
|
page read and write
|
||
|
7FF77FFB9000
|
unkown
|
page readonly
|
||
|
25039A5A000
|
heap
|
page read and write
|
||
|
25039A8A000
|
heap
|
page read and write
|
||
|
25039A5C000
|
heap
|
page read and write
|
||
|
23910DCD000
|
direct allocation
|
page read and write
|
||
|
1D7A8FFC000
|
heap
|
page read and write
|
||
|
23910DB3000
|
direct allocation
|
page read and write
|
||
|
172ECF76000
|
heap
|
page read and write
|
||
|
59079FF000
|
stack
|
page read and write
|
||
|
23910CE9000
|
heap
|
page read and write
|
||
|
7FF627459000
|
unkown
|
page readonly
|
||
|
23910CB5000
|
heap
|
page read and write
|
||
|
23910CB2000
|
heap
|
page read and write
|
||
|
25039A00000
|
heap
|
page read and write
|
||
|
23910C52000
|
heap
|
page read and write
|
||
|
1D7A8FFB000
|
heap
|
page read and write
|
||
|
25039A61000
|
heap
|
page read and write
|
||
|
25039A56000
|
heap
|
page read and write
|
||
|
112B2FE000
|
stack
|
page read and write
|
||
|
23910DD6000
|
direct allocation
|
page read and write
|
||
|
1D7A8FFD000
|
heap
|
page read and write
|
||
|
16B2C170000
|
heap
|
page read and write
|
||
|
136C68FE000
|
heap
|
page read and write
|
||
|
26AD6060000
|
heap
|
page read and write
|
||
|
F41E9A000
|
stack
|
page read and write
|
||
|
1D7A8FFB000
|
heap
|
page read and write
|
||
|
136C6932000
|
heap
|
page read and write
|
||
|
172ECF7F000
|
heap
|
page read and write
|
||
|
17157969000
|
heap
|
page read and write
|
||
|
25039A66000
|
heap
|
page read and write
|
||
|
172EED80000
|
heap
|
page read and write
|
||
|
23910CD1000
|
heap
|
page read and write
|
||
|
25039A61000
|
heap
|
page read and write
|
||
|
25039A73000
|
heap
|
page read and write
|
||
|
23910C5A000
|
heap
|
page read and write
|
||
|
172ECF55000
|
heap
|
page read and write
|
||
|
25039A61000
|
heap
|
page read and write
|
||
|
239136A0000
|
heap
|
page read and write
|
||
|
172ECF85000
|
heap
|
page read and write
|
||
|
1D7A9008000
|
heap
|
page read and write
|
||
|
172ECF8B000
|
heap
|
page read and write
|
||
|
23913640000
|
heap
|
page read and write
|
||
|
16B2C179000
|
heap
|
page read and write
|
||
|
1D7A9007000
|
heap
|
page read and write
|
||
|
172ECF5B000
|
heap
|
page read and write
|
||
|
DCDD0FF000
|
stack
|
page read and write
|
||
|
136C6938000
|
heap
|
page read and write
|
||
|
1D7A8FFF000
|
heap
|
page read and write
|
||
|
23910CB2000
|
heap
|
page read and write
|
||
|
CA55AE000
|
stack
|
page read and write
|
||
|
1D7A8E70000
|
heap
|
page read and write
|
||
|
23910C57000
|
heap
|
page read and write
|
||
|
DCDD17F000
|
stack
|
page read and write
|
||
|
1D7A8FFE000
|
heap
|
page read and write
|
||
|
23912990000
|
heap
|
page read and write
|
||
|
1D7A9000000
|
heap
|
page read and write
|
||
|
23910DB0000
|
direct allocation
|
page read and write
|
||
|
25039A7D000
|
heap
|
page read and write
|
||
|
23910CC5000
|
heap
|
page read and write
|
||
|
1D7A8FFB000
|
heap
|
page read and write
|
||
|
172ECF85000
|
heap
|
page read and write
|
||
|
23910C4A000
|
heap
|
page read and write
|
||
|
136C68E7000
|
heap
|
page read and write
|
||
|
172EEE8B000
|
heap
|
page read and write
|
||
|
136C6935000
|
heap
|
page read and write
|
||
|
1D7A8FFF000
|
heap
|
page read and write
|
||
|
17157930000
|
heap
|
page read and write
|
||
|
25039A64000
|
heap
|
page read and write
|
||
|
26AD6069000
|
heap
|
page read and write
|
||
|
25039A68000
|
heap
|
page read and write
|
||
|
25039A5C000
|
heap
|
page read and write
|
||
|
25039A64000
|
heap
|
page read and write
|
||
|
25039A64000
|
heap
|
page read and write
|
||
|
2503B730000
|
trusted library allocation
|
page read and write
|
||
|
23910DB3000
|
direct allocation
|
page read and write
|
||
|
25039A53000
|
heap
|
page read and write
|
||
|
F41F1E000
|
stack
|
page read and write
|
||
|
172ECEA0000
|
heap
|
page read and write
|
||
|
23910DB0000
|
direct allocation
|
page read and write
|
||
|
172ECF59000
|
heap
|
page read and write
|
||
|
25039A7F000
|
heap
|
page read and write
|
||
|
7FF62745E000
|
unkown
|
page readonly
|
||
|
136C6912000
|
heap
|
page read and write
|
||
|
136C67F0000
|
heap
|
page read and write
|
||
|
ADE3BDE000
|
stack
|
page read and write
|
||
|
172ECF5D000
|
heap
|
page read and write
|
||
|
ED4A27E000
|
stack
|
page read and write
|
||
|
136C6924000
|
heap
|
page read and write
|
||
|
172F06D0000
|
trusted library allocation
|
page read and write
|
||
|
1D7A9006000
|
heap
|
page read and write
|
||
|
23912B90000
|
trusted library allocation
|
page read and write
|
||
|
23910DCB000
|
direct allocation
|
page read and write
|
||
|
136C6923000
|
heap
|
page read and write
|
||
|
26AD6300000
|
heap
|
page read and write
|
||
|
1D7A8FFD000
|
heap
|
page read and write
|
||
|
23910DCD000
|
direct allocation
|
page read and write
|
||
|
23910D70000
|
heap
|
page read and write
|
||
|
1D7A8FF8000
|
heap
|
page read and write
|
||
|
172ECF93000
|
heap
|
page read and write
|
||
|
1D7A8FF2000
|
heap
|
page read and write
|
||
|
23910CAD000
|
heap
|
page read and write
|
||
|
23910E15000
|
heap
|
page read and write
|
||
|
1C9613F0000
|
heap
|
page read and write
|
||
|
C1BF13000
|
stack
|
page read and write
|
There are 496 hidden memdumps, click here to show them.