Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.Win32.MalwareX-gen.16395.23732.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Program Files\RDP Wrapper\rdpwrap.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\RDPWInst.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\RDP Wrapper\rdpwrap.ini
|
Generic INItialization configuration [SLPolicy]
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PQZFFJEVUNE1ASJZ_c565d4165b1cddd54ce69fdd41ea3e96af170_6949917b_04e90f10-59e5-485a-8fbc-2e65a023bd0f\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7437.tmp.dmp
|
Mini DuMP crash report, 15 streams, Tue Oct 8 01:31:00 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7581.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER75A1.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\System32\rfxvmt.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
\Device\ConDrv
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16395.23732.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.16395.23732.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"cmd.exe" /c "C:\Users\user\AppData\Local\Temp\RDPWInst.exe" -i
|
|
|
|
C:\Users\user\AppData\Local\Temp\RDPWInst.exe
|
C:\Users\user\AppData\Local\Temp\RDPWInst.exe -i
|
|
|
|
C:\Windows\System32\netsh.exe
|
netsh advfirewall firewall add rule name="Remote Desktop" dir=in protocol=tcp localport=3389 profile=any action=allow
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"cmd.exe" /c net user RDPUser_217d5074 DUF6g)aA2aiB /add
|
|
|
|
C:\Windows\SysWOW64\net.exe
|
net user RDPUser_217d5074 DUF6g)aA2aiB /add
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"cmd.exe" /c net localgroup
|
|
|
|
C:\Windows\SysWOW64\net.exe
|
net localgroup
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"cmd.exe" /c net localgroup "Administrators" RDPUser_217d5074 /add
|
|
|
|
C:\Windows\SysWOW64\net.exe
|
net localgroup "Administrators" RDPUser_217d5074 /add
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\drivers\rdpvideominiport.sys
|
|||
|
C:\Windows\System32\drivers\rdpdr.sys
|
|||
|
C:\Windows\System32\drivers\tsusbhub.sys
|
|||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\net1.exe
|
C:\Windows\system32\net1 user RDPUser_217d5074 DUF6g)aA2aiB /add
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\net1.exe
|
C:\Windows\system32\net1 localgroup
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\net1.exe
|
C:\Windows\system32\net1 localgroup "Administrators" RDPUser_217d5074 /add
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6468 -s 2488
|
There are 11 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://yalubluseks.eud
|
unknown
|
|
|
|
https://yalubluseks.eu/get_rdp.phpd
|
unknown
|
|
|
|
https://yalubluseks.eu/get_rdp.php
|
172.67.140.92
|
|
|
|
https://yalubluseks.eu
|
unknown
|
|
|
|
http://yalubluseks.eu
|
unknown
|
|
|
|
http://stascorp.com/load/1-1-0-62
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://147.45.44.104/prog/66f55533ca7d6_RDPWInst.exe
|
147.45.44.104
|
||
|
http://api.ipify.orgd
|
unknown
|
||
|
http://stascorp.comDVarFileInfo$
|
unknown
|
||
|
https://raw.githubusercontent.com/stascorp/rdpwrap/master/res/rdpwrap.iniU
|
unknown
|
||
|
http://www.apache.org/licenses/
|
unknown
|
||
|
https://raw.githubusercontent.com/stascorp/rdpwrap/master/res/rdpwrap.ini
|
unknown
|
||
|
http://api.ipify.org/
|
104.26.12.205
|
||
|
http://147.45.44.104/prog/66f55533ca7d6_RDPWInst.exeP
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
http://147.45.44.104
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://api.ipify.org
|
unknown
|
There are 9 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
api.ipify.org
|
104.26.12.205
|
||
|
yalubluseks.eu
|
172.67.140.92
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
104.26.12.205
|
api.ipify.org
|
United States
|
||
|
147.45.44.104
|
unknown
|
Russian Federation
|
||
|
172.67.140.92
|
yalubluseks.eu
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\Licensing Core
|
EnableConcurrentSessions
|
|
|
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TermService\Parameters
|
ServiceDll
|
|
|
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server
|
fDenyTSConnections
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
AllowMultipleTSSessions
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{81c87465-de07-4efc-9d93-61e891d52fd2}
|
Class
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{81c87465-de07-4efc-9d93-61e891d52fd2}
|
NoDisplayClass
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{81c87465-de07-4efc-9d93-61e891d52fd2}
|
NoUseClass
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{81c87465-de07-4efc-9d93-61e891d52fd2}\Properties
|
Security
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{cc41eba2-ab57-4f4e-8c3d-1bc33b1e74e3}
|
Class
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{cc41eba2-ab57-4f4e-8c3d-1bc33b1e74e3}
|
NoDisplayClass
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{cc41eba2-ab57-4f4e-8c3d-1bc33b1e74e3}
|
NoUseClass
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{cc41eba2-ab57-4f4e-8c3d-1bc33b1e74e3}\Properties
|
Security
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{091bc97e-2352-4362-a539-10a6d8ff7596}
|
Class
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{091bc97e-2352-4362-a539-10a6d8ff7596}
|
NoDisplayClass
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{091bc97e-2352-4362-a539-10a6d8ff7596}
|
NoUseClass
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{091bc97e-2352-4362-a539-10a6d8ff7596}\Properties
|
Security
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{cc41eba2-ab57-4f4e-8c3d-1bc33b1e74e3}\Properties
|
Security
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tsusbhub\Parameters\Wdf
|
WdfMajorVersion
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tsusbhub\Parameters\Wdf
|
WdfMinorVersion
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{191a5137-7c9d-43c0-a943-de4411f424f7}\##?#TS_USB_HUB_Enumerator#UMB#2&30d3618&0&TS_USB_HUB#{191a5137-7c9d-43c0-a943-de4411f424f7}
|
DeviceInstance
|
||
|
\REGISTRY\A\{4833fdb4-28ac-0752-a097-a8566da190e9}\Root\InventoryApplicationFile\securiteinfo.com|6fdc98689003c805
|
ProgramId
|
||
|
\REGISTRY\A\{4833fdb4-28ac-0752-a097-a8566da190e9}\Root\InventoryApplicationFile\securiteinfo.com|6fdc98689003c805
|
FileId
|
||
|
\REGISTRY\A\{4833fdb4-28ac-0752-a097-a8566da190e9}\Root\InventoryApplicationFile\securiteinfo.com|6fdc98689003c805
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{4833fdb4-28ac-0752-a097-a8566da190e9}\Root\InventoryApplicationFile\securiteinfo.com|6fdc98689003c805
|
LongPathHash
|
||
|
\REGISTRY\A\{4833fdb4-28ac-0752-a097-a8566da190e9}\Root\InventoryApplicationFile\securiteinfo.com|6fdc98689003c805
|
Name
|
||
|
\REGISTRY\A\{4833fdb4-28ac-0752-a097-a8566da190e9}\Root\InventoryApplicationFile\securiteinfo.com|6fdc98689003c805
|
OriginalFileName
|
||
|
\REGISTRY\A\{4833fdb4-28ac-0752-a097-a8566da190e9}\Root\InventoryApplicationFile\securiteinfo.com|6fdc98689003c805
|
Publisher
|
||
|
\REGISTRY\A\{4833fdb4-28ac-0752-a097-a8566da190e9}\Root\InventoryApplicationFile\securiteinfo.com|6fdc98689003c805
|
Version
|
||
|
\REGISTRY\A\{4833fdb4-28ac-0752-a097-a8566da190e9}\Root\InventoryApplicationFile\securiteinfo.com|6fdc98689003c805
|
BinFileVersion
|
||
|
\REGISTRY\A\{4833fdb4-28ac-0752-a097-a8566da190e9}\Root\InventoryApplicationFile\securiteinfo.com|6fdc98689003c805
|
BinaryType
|
||
|
\REGISTRY\A\{4833fdb4-28ac-0752-a097-a8566da190e9}\Root\InventoryApplicationFile\securiteinfo.com|6fdc98689003c805
|
ProductName
|
||
|
\REGISTRY\A\{4833fdb4-28ac-0752-a097-a8566da190e9}\Root\InventoryApplicationFile\securiteinfo.com|6fdc98689003c805
|
ProductVersion
|
||
|
\REGISTRY\A\{4833fdb4-28ac-0752-a097-a8566da190e9}\Root\InventoryApplicationFile\securiteinfo.com|6fdc98689003c805
|
LinkDate
|
||
|
\REGISTRY\A\{4833fdb4-28ac-0752-a097-a8566da190e9}\Root\InventoryApplicationFile\securiteinfo.com|6fdc98689003c805
|
BinProductVersion
|
||
|
\REGISTRY\A\{4833fdb4-28ac-0752-a097-a8566da190e9}\Root\InventoryApplicationFile\securiteinfo.com|6fdc98689003c805
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{4833fdb4-28ac-0752-a097-a8566da190e9}\Root\InventoryApplicationFile\securiteinfo.com|6fdc98689003c805
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{4833fdb4-28ac-0752-a097-a8566da190e9}\Root\InventoryApplicationFile\securiteinfo.com|6fdc98689003c805
|
Size
|
||
|
\REGISTRY\A\{4833fdb4-28ac-0752-a097-a8566da190e9}\Root\InventoryApplicationFile\securiteinfo.com|6fdc98689003c805
|
Language
|
||
|
\REGISTRY\A\{4833fdb4-28ac-0752-a097-a8566da190e9}\Root\InventoryApplicationFile\securiteinfo.com|6fdc98689003c805
|
Usn
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
There are 46 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
450000
|
unkown
|
page readonly
|
|
|
|
450000
|
unkown
|
page readonly
|
|
|
|
588F000
|
stack
|
page read and write
|
||
|
1274000
|
heap
|
page read and write
|
||
|
210000
|
heap
|
page read and write
|
||
|
B4C000
|
direct allocation
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
13CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
A84000
|
direct allocation
|
page read and write
|
||
|
303A000
|
trusted library allocation
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
11B4000
|
trusted library allocation
|
page read and write
|
||
|
2980000
|
heap
|
page read and write
|
||
|
11C0000
|
heap
|
page read and write
|
||
|
1CE000
|
stack
|
page read and write
|
||
|
B45000
|
direct allocation
|
page read and write
|
||
|
290F000
|
unkown
|
page read and write
|
||
|
3FC1000
|
trusted library allocation
|
page read and write
|
||
|
27AC000
|
heap
|
page read and write
|
||
|
28AE000
|
unkown
|
page read and write
|
||
|
B5D000
|
stack
|
page read and write
|
||
|
965000
|
heap
|
page read and write
|
||
|
5ED000
|
stack
|
page read and write
|
||
|
5D8E000
|
stack
|
page read and write
|
||
|
15D000
|
stack
|
page read and write
|
||
|
307A000
|
trusted library allocation
|
page read and write
|
||
|
23DE000
|
stack
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
1D0000
|
heap
|
page read and write
|
||
|
2CD0000
|
heap
|
page read and write
|
||
|
11D000
|
stack
|
page read and write
|
||
|
B3E000
|
direct allocation
|
page read and write
|
||
|
97E000
|
stack
|
page read and write
|
||
|
128C000
|
heap
|
page read and write
|
||
|
61DF000
|
stack
|
page read and write
|
||
|
2A0E000
|
stack
|
page read and write
|
||
|
28E0000
|
heap
|
page read and write
|
||
|
960000
|
heap
|
page read and write
|
||
|
A80000
|
direct allocation
|
page read and write
|
||
|
652E000
|
stack
|
page read and write
|
||
|
2EB0000
|
heap
|
page read and write
|
||
|
2FFD000
|
stack
|
page read and write
|
||
|
998000
|
heap
|
page read and write
|
||
|
220000
|
heap
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
B7F000
|
direct allocation
|
page read and write
|
||
|
2431000
|
direct allocation
|
page read and write
|
||
|
7FC20000
|
direct allocation
|
page read and write
|
||
|
32AE000
|
unkown
|
page read and write
|
||
|
5B4E000
|
stack
|
page read and write
|
||
|
27C5000
|
heap
|
page read and write
|
||
|
5E4E000
|
stack
|
page read and write
|
||
|
2770000
|
heap
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
27A0000
|
heap
|
page read and write
|
||
|
243C000
|
direct allocation
|
page read and write
|
||
|
1203000
|
heap
|
page read and write
|
||
|
447000
|
unkown
|
page read and write
|
||
|
5CD000
|
stack
|
page read and write
|
||
|
11BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E50000
|
heap
|
page execute and read and write
|
||
|
2662000
|
heap
|
page read and write
|
||
|
44C000
|
unkown
|
page write copy
|
||
|
1D0000
|
heap
|
page read and write
|
||
|
446000
|
unkown
|
page write copy
|
||
|
7FD70000
|
direct allocation
|
page read and write
|
||
|
13DA000
|
trusted library allocation
|
page execute and read and write
|
||
|
DD000
|
stack
|
page read and write
|
||
|
574F000
|
stack
|
page read and write
|
||
|
2925000
|
heap
|
page read and write
|
||
|
1090000
|
heap
|
page read and write
|
||
|
515E000
|
stack
|
page read and write
|
||
|
30AB000
|
trusted library allocation
|
page read and write
|
||
|
23DE000
|
unkown
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
BCE000
|
stack
|
page read and write
|
||
|
1A0000
|
heap
|
page read and write
|
||
|
365E000
|
unkown
|
page read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
B30000
|
direct allocation
|
page read and write
|
||
|
1447000
|
heap
|
page read and write
|
||
|
11B3000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
12B1000
|
heap
|
page read and write
|
||
|
410000
|
heap
|
page read and write
|
||
|
87E000
|
stack
|
page read and write
|
||
|
180000
|
heap
|
page read and write
|
||
|
154F000
|
stack
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
54E000
|
stack
|
page read and write
|
||
|
58E000
|
stack
|
page read and write
|
||
|
66E000
|
stack
|
page read and write
|
||
|
1400000
|
trusted library allocation
|
page read and write
|
||
|
2E9E000
|
stack
|
page read and write
|
||
|
308E000
|
trusted library allocation
|
page read and write
|
||
|
830000
|
heap
|
page read and write
|
||
|
44B000
|
unkown
|
page read and write
|
||
|
1420000
|
trusted library allocation
|
page read and write
|
||
|
3460000
|
heap
|
page read and write
|
||
|
76F000
|
stack
|
page read and write
|
||
|
56D000
|
stack
|
page read and write
|
||
|
BB1000
|
direct allocation
|
page read and write
|
||
|
642E000
|
stack
|
page read and write
|
||
|
2FC1000
|
trusted library allocation
|
page read and write
|
||
|
2920000
|
heap
|
page read and write
|
||
|
2988000
|
heap
|
page read and write
|
||
|
6FE000
|
stack
|
page read and write
|
||
|
B5B000
|
direct allocation
|
page read and write
|
||
|
1157000
|
heap
|
page read and write
|
||
|
1D0000
|
heap
|
page read and write
|
||
|
29B0000
|
heap
|
page read and write
|
||
|
30AF000
|
trusted library allocation
|
page read and write
|
||
|
1440000
|
heap
|
page read and write
|
||
|
27C1000
|
heap
|
page read and write
|
||
|
6CD0000
|
heap
|
page read and write
|
||
|
BA0000
|
unkown
|
page readonly
|
||
|
2E80000
|
heap
|
page read and write
|
||
|
3064000
|
trusted library allocation
|
page read and write
|
||
|
2EA0000
|
trusted library allocation
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
15D000
|
stack
|
page read and write
|
||
|
11B0000
|
trusted library allocation
|
page read and write
|
||
|
445000
|
unkown
|
page read and write
|
||
|
9D000
|
stack
|
page read and write
|
||
|
765000
|
heap
|
page read and write
|
||
|
13E2000
|
trusted library allocation
|
page read and write
|
||
|
44D000
|
unkown
|
page write copy
|
||
|
5DCE000
|
stack
|
page read and write
|
||
|
64F000
|
stack
|
page read and write
|
||
|
239D000
|
stack
|
page read and write
|
||
|
2665000
|
heap
|
page read and write
|
||
|
2E85000
|
heap
|
page read and write
|
||
|
220000
|
heap
|
page read and write
|
||
|
309E000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
304A000
|
trusted library allocation
|
page read and write
|
||
|
5CE000
|
stack
|
page read and write
|
||
|
21E000
|
unkown
|
page read and write
|
||
|
58CD000
|
stack
|
page read and write
|
||
|
3066000
|
trusted library allocation
|
page read and write
|
||
|
60DE000
|
stack
|
page read and write
|
||
|
13D2000
|
trusted library allocation
|
page read and write
|
||
|
346C000
|
heap
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
54F0000
|
trusted library allocation
|
page read and write
|
||
|
375F000
|
stack
|
page read and write
|
||
|
270E000
|
stack
|
page read and write
|
||
|
B69000
|
direct allocation
|
page read and write
|
||
|
239D000
|
stack
|
page read and write
|
||
|
61E000
|
stack
|
page read and write
|
||
|
3260000
|
heap
|
page read and write
|
||
|
239D000
|
stack
|
page read and write
|
||
|
11A0000
|
trusted library allocation
|
page read and write
|
||
|
126B000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
290E000
|
heap
|
page read and write
|
||
|
2FBF000
|
stack
|
page read and write
|
||
|
5E0E000
|
stack
|
page read and write
|
||
|
B28000
|
direct allocation
|
page read and write
|
||
|
66E000
|
stack
|
page read and write
|
||
|
1D0000
|
heap
|
page read and write
|
||
|
10DD000
|
stack
|
page read and write
|
||
|
27A0000
|
heap
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
1AD000
|
stack
|
page read and write
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
38E0000
|
heap
|
page read and write
|
||
|
67C0000
|
heap
|
page read and write
|
||
|
4F8000
|
heap
|
page read and write
|
||
|
890000
|
heap
|
page read and write
|
||
|
32F0000
|
heap
|
page read and write
|
||
|
190000
|
heap
|
page read and write
|
||
|
DD000
|
stack
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
54F000
|
stack
|
page read and write
|
||
|
A20000
|
heap
|
page read and write
|
||
|
180000
|
heap
|
page read and write
|
||
|
621D000
|
stack
|
page read and write
|
||
|
13C0000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2E2E000
|
stack
|
page read and write
|
||
|
5A0E000
|
stack
|
page read and write
|
||
|
BB8000
|
direct allocation
|
page read and write
|
||
|
5C4E000
|
stack
|
page read and write
|
||
|
13BE000
|
stack
|
page read and write
|
||
|
B0E000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
245B000
|
direct allocation
|
page read and write
|
||
|
1E5000
|
heap
|
page read and write
|
||
|
6BE000
|
stack
|
page read and write
|
||
|
5C8E000
|
stack
|
page read and write
|
||
|
3062000
|
trusted library allocation
|
page read and write
|
||
|
21E000
|
unkown
|
page read and write
|
||
|
E3C000
|
stack
|
page read and write
|
||
|
A27000
|
heap
|
page read and write
|
||
|
11CA000
|
heap
|
page read and write
|
||
|
11CE000
|
heap
|
page read and write
|
||
|
67B0000
|
heap
|
page read and write
|
||
|
880000
|
heap
|
page read and write
|
||
|
5500000
|
heap
|
page execute and read and write
|
||
|
27C3000
|
heap
|
page read and write
|
||
|
625E000
|
stack
|
page read and write
|
||
|
B4E000
|
stack
|
page read and write
|
||
|
54E000
|
stack
|
page read and write
|
||
|
62D000
|
stack
|
page read and write
|
||
|
6BE000
|
heap
|
page read and write
|
||
|
6BCE000
|
stack
|
page read and write
|
||
|
164E000
|
stack
|
page read and write
|
||
|
A10000
|
heap
|
page read and write
|
||
|
299F000
|
unkown
|
page read and write
|
||
|
28E7000
|
heap
|
page read and write
|
||
|
24A0000
|
direct allocation
|
page read and write
|
||
|
15D000
|
stack
|
page read and write
|
||
|
1242000
|
heap
|
page read and write
|
||
|
1080000
|
heap
|
page read and write
|
||
|
1150000
|
heap
|
page read and write
|
||
|
2E35000
|
heap
|
page read and write
|
||
|
B62000
|
direct allocation
|
page read and write
|
||
|
2E30000
|
heap
|
page read and write
|
||
|
13EB000
|
trusted library allocation
|
page execute and read and write
|
||
|
2EFD000
|
stack
|
page read and write
|
||
|
97F000
|
stack
|
page read and write
|
||
|
445000
|
unkown
|
page write copy
|
||
|
11F5000
|
heap
|
page read and write
|
||
|
54DD000
|
stack
|
page read and write
|
||
|
3060000
|
trusted library allocation
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
59CE000
|
stack
|
page read and write
|
||
|
13D0000
|
trusted library allocation
|
page read and write
|
||
|
6AF000
|
stack
|
page read and write
|
||
|
417000
|
heap
|
page read and write
|
||
|
578E000
|
stack
|
page read and write
|
||
|
54D000
|
stack
|
page read and write
|
||
|
1A0000
|
heap
|
page read and write
|
||
|
1410000
|
trusted library allocation
|
page execute and read and write
|
||
|
AA7000
|
direct allocation
|
page read and write
|
||
|
19B000
|
stack
|
page read and write
|
||
|
9D000
|
stack
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
B37000
|
direct allocation
|
page read and write
|
||
|
13E0000
|
trusted library allocation
|
page read and write
|
||
|
6D5000
|
heap
|
page read and write
|
||
|
111E000
|
stack
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
1283000
|
heap
|
page read and write
|
||
|
220000
|
heap
|
page read and write
|
||
|
1CE000
|
stack
|
page read and write
|
||
|
2620000
|
heap
|
page read and write
|
||
|
A7F000
|
stack
|
page read and write
|
||
|
5B0E000
|
stack
|
page read and write
|
||
|
13D7000
|
trusted library allocation
|
page execute and read and write
|
||
|
307D000
|
trusted library allocation
|
page read and write
|
||
|
119E000
|
stack
|
page read and write
|
||
|
29B8000
|
heap
|
page read and write
|
||
|
7FD00000
|
direct allocation
|
page read and write
|
||
|
BA2000
|
unkown
|
page readonly
|
||
|
6B0000
|
heap
|
page read and write
|
||
|
F39000
|
stack
|
page read and write
|
||
|
2A9F000
|
stack
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
6BA000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
15D000
|
stack
|
page read and write
|
||
|
127F000
|
heap
|
page read and write
|
||
|
126F000
|
heap
|
page read and write
|
||
|
2491000
|
direct allocation
|
page read and write
|
||
|
127D000
|
heap
|
page read and write
|
||
|
3481000
|
heap
|
page read and write
|
||
|
303F000
|
trusted library allocation
|
page read and write
|
||
|
32EE000
|
stack
|
page read and write
|
||
|
6CCE000
|
stack
|
page read and write
|
||
|
8B0000
|
heap
|
page read and write
|
||
|
1D0000
|
heap
|
page read and write
|
||
|
6EE000
|
stack
|
page read and write
|
||
|
77E000
|
stack
|
page read and write
|
||
|
2640000
|
heap
|
page read and write
|
||
|
BDE000
|
stack
|
page read and write
|
||
|
5F4E000
|
stack
|
page read and write
|
||
|
13E7000
|
trusted library allocation
|
page execute and read and write
|
||
|
264C000
|
heap
|
page read and write
|
||
|
2ADF000
|
stack
|
page read and write
|
||
|
1D0000
|
heap
|
page read and write
|
||
|
9FE000
|
stack
|
page read and write
|
||
|
7FDE0000
|
direct allocation
|
page read and write
|
||
|
B78000
|
direct allocation
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
11D000
|
stack
|
page read and write
|
||
|
23DE000
|
stack
|
page read and write
|
||
|
3483000
|
heap
|
page read and write
|
||
|
3320000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
There are 282 hidden memdumps, click here to show them.