Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
WggZw957eT.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\ahsqcnrtkaiwv
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Temp\dqatklnkhkik
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_WggZw957eT.exe_9ec955d78fe120ba231ab2a1329d2214fda0_b48c7581_bcd51baf-620c-4809-97ee-7e6859d938bb\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER95E5.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed May 1 15:21:45 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER96E0.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9C7E.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\9e2366f7
|
PNG image data, 2560 x 1156, 8-bit/color RGB, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\9fd507bc
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\a391ff10
|
PNG image data, 2560 x 1156, 8-bit/color RGB, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\a5236b63
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Tasks\SecurityComv4.job
|
data
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 5 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\WggZw957eT.exe
|
"C:\Users\user\Desktop\WggZw957eT.exe"
|
|
|
|
C:\Windows\SysWOW64\netsh.exe
|
C:\Windows\SysWOW64\netsh.exe
|
|
|
|
C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe
|
C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe
|
|
|
|
C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe
|
C:\Users\user\AppData\Roaming\Wmx_Launch_x64\XoWatcher.exe
|
|
|
|
C:\Windows\SysWOW64\netsh.exe
|
C:\Windows\SysWOW64\netsh.exe
|
|
|
|
C:\Windows\SysWOW64\explorer.exe
|
C:\Windows\SysWOW64\explorer.exe
|
|
|
|
C:\Windows\SysWOW64\explorer.exe
|
C:\Windows\SysWOW64\explorer.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 488
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
bestfitnessgymintheworld.com/8BvxwQdec3/index.php
|
|
||
|
http://crls.ssl.com/ssl.com-rsa-RootCA.crl0
|
unknown
|
||
|
http://cert.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.cer0Q
|
unknown
|
||
|
http://www.vmware.com/0
|
unknown
|
||
|
http://crls.ssl.com/SSL.com-timeStamping-I-RSA-R1.crl0
|
unknown
|
||
|
http://www.symauth.com/rpa00
|
unknown
|
||
|
https://www.ssl.com/repository0
|
unknown
|
||
|
http://ocsps.ssl.com0?
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/envelope/
|
unknown
|
||
|
http://www.info-zip.org/
|
unknown
|
||
|
http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0
|
unknown
|
||
|
http://www.aignes.com
|
unknown
|
||
|
http://www.aignes.comU
|
unknown
|
||
|
http://www.vmware.com/0/
|
unknown
|
||
|
http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0Q
|
unknown
|
||
|
http://ocsps.ssl.com0
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
http://www.aignes.comopen
|
unknown
|
||
|
http://schemas.micro
|
unknown
|
||
|
http://www.symauth.com/cps0(
|
unknown
|
||
|
http://crls.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.crl0
|
unknown
|
||
|
http://www.aignes.com/helpd/bugreport.htmU
|
unknown
|
There are 12 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{e6736048-98a3-e546-8ff6-1f3b5c9d0a1a}\Root\InventoryApplicationFile\explorer.exe|37c661b093cc19af
|
ProgramId
|
||
|
\REGISTRY\A\{e6736048-98a3-e546-8ff6-1f3b5c9d0a1a}\Root\InventoryApplicationFile\explorer.exe|37c661b093cc19af
|
FileId
|
||
|
\REGISTRY\A\{e6736048-98a3-e546-8ff6-1f3b5c9d0a1a}\Root\InventoryApplicationFile\explorer.exe|37c661b093cc19af
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{e6736048-98a3-e546-8ff6-1f3b5c9d0a1a}\Root\InventoryApplicationFile\explorer.exe|37c661b093cc19af
|
LongPathHash
|
||
|
\REGISTRY\A\{e6736048-98a3-e546-8ff6-1f3b5c9d0a1a}\Root\InventoryApplicationFile\explorer.exe|37c661b093cc19af
|
Name
|
||
|
\REGISTRY\A\{e6736048-98a3-e546-8ff6-1f3b5c9d0a1a}\Root\InventoryApplicationFile\explorer.exe|37c661b093cc19af
|
OriginalFileName
|
||
|
\REGISTRY\A\{e6736048-98a3-e546-8ff6-1f3b5c9d0a1a}\Root\InventoryApplicationFile\explorer.exe|37c661b093cc19af
|
Publisher
|
||
|
\REGISTRY\A\{e6736048-98a3-e546-8ff6-1f3b5c9d0a1a}\Root\InventoryApplicationFile\explorer.exe|37c661b093cc19af
|
Version
|
||
|
\REGISTRY\A\{e6736048-98a3-e546-8ff6-1f3b5c9d0a1a}\Root\InventoryApplicationFile\explorer.exe|37c661b093cc19af
|
BinFileVersion
|
||
|
\REGISTRY\A\{e6736048-98a3-e546-8ff6-1f3b5c9d0a1a}\Root\InventoryApplicationFile\explorer.exe|37c661b093cc19af
|
BinaryType
|
||
|
\REGISTRY\A\{e6736048-98a3-e546-8ff6-1f3b5c9d0a1a}\Root\InventoryApplicationFile\explorer.exe|37c661b093cc19af
|
ProductName
|
||
|
\REGISTRY\A\{e6736048-98a3-e546-8ff6-1f3b5c9d0a1a}\Root\InventoryApplicationFile\explorer.exe|37c661b093cc19af
|
ProductVersion
|
||
|
\REGISTRY\A\{e6736048-98a3-e546-8ff6-1f3b5c9d0a1a}\Root\InventoryApplicationFile\explorer.exe|37c661b093cc19af
|
LinkDate
|
||
|
\REGISTRY\A\{e6736048-98a3-e546-8ff6-1f3b5c9d0a1a}\Root\InventoryApplicationFile\explorer.exe|37c661b093cc19af
|
BinProductVersion
|
||
|
\REGISTRY\A\{e6736048-98a3-e546-8ff6-1f3b5c9d0a1a}\Root\InventoryApplicationFile\explorer.exe|37c661b093cc19af
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{e6736048-98a3-e546-8ff6-1f3b5c9d0a1a}\Root\InventoryApplicationFile\explorer.exe|37c661b093cc19af
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{e6736048-98a3-e546-8ff6-1f3b5c9d0a1a}\Root\InventoryApplicationFile\explorer.exe|37c661b093cc19af
|
Size
|
||
|
\REGISTRY\A\{e6736048-98a3-e546-8ff6-1f3b5c9d0a1a}\Root\InventoryApplicationFile\explorer.exe|37c661b093cc19af
|
Language
|
||
|
\REGISTRY\A\{e6736048-98a3-e546-8ff6-1f3b5c9d0a1a}\Root\InventoryApplicationFile\explorer.exe|37c661b093cc19af
|
IsOsComponent
|
||
|
\REGISTRY\A\{e6736048-98a3-e546-8ff6-1f3b5c9d0a1a}\Root\InventoryApplicationFile\explorer.exe|37c661b093cc19af
|
Usn
|
There are 10 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
171000
|
unkown
|
page execute read
|
|
|
|
2E81000
|
unkown
|
page execute read
|
|
|
|
5AF1000
|
heap
|
page read and write
|
|
|
|
5C5E000
|
trusted library allocation
|
page read and write
|
|
|
|
4EFC000
|
trusted library allocation
|
page read and write
|
|
|
|
4F9B000
|
trusted library allocation
|
page read and write
|
|
|
|
51E5000
|
trusted library allocation
|
page read and write
|
|
|
|
5770000
|
direct allocation
|
page read and write
|
|
|
|
6250000
|
direct allocation
|
page read and write
|
|
|
|
29CC000
|
direct allocation
|
page read and write
|
||
|
53FE000
|
stack
|
page read and write
|
||
|
124000
|
heap
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
3098000
|
heap
|
page read and write
|
||
|
2A23000
|
direct allocation
|
page read and write
|
||
|
2FA0000
|
heap
|
page read and write
|
||
|
29BD000
|
direct allocation
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
52C0000
|
direct allocation
|
page read and write
|
||
|
2E7C000
|
stack
|
page read and write
|
||
|
CE0000
|
heap
|
page read and write
|
||
|
2B94000
|
direct allocation
|
page read and write
|
||
|
124000
|
heap
|
page read and write
|
||
|
DA0000
|
heap
|
page read and write
|
||
|
2A06000
|
direct allocation
|
page read and write
|
||
|
124000
|
heap
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
C53000
|
heap
|
page read and write
|
||
|
53E9000
|
direct allocation
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
512C000
|
stack
|
page read and write
|
||
|
124000
|
heap
|
page read and write
|
||
|
4B41000
|
heap
|
page read and write
|
||
|
73F000
|
stack
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
6320000
|
trusted library allocation
|
page read and write
|
||
|
6449000
|
trusted library allocation
|
page read and write
|
||
|
2980000
|
direct allocation
|
page read and write
|
||
|
5350000
|
unkown
|
page read and write
|
||
|
5646000
|
heap
|
page read and write
|
||
|
762000
|
unkown
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
519D000
|
direct allocation
|
page read and write
|
||
|
5F7000
|
unkown
|
page execute read
|
||
|
13B5000
|
heap
|
page read and write
|
||
|
DEB000
|
heap
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
6626000
|
unkown
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
48E2000
|
direct allocation
|
page read and write
|
||
|
29FF000
|
direct allocation
|
page read and write
|
||
|
67D6000
|
unkown
|
page read and write
|
||
|
C2E000
|
stack
|
page read and write
|
||
|
11DF000
|
stack
|
page read and write
|
||
|
29C5000
|
direct allocation
|
page read and write
|
||
|
2D30000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
59DD000
|
heap
|
page read and write
|
||
|
48F2000
|
direct allocation
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
997000
|
unkown
|
page readonly
|
||
|
762000
|
unkown
|
page read and write
|
||
|
76F000
|
unkown
|
page read and write
|
||
|
DA7000
|
heap
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
1C0000
|
unkown
|
page readonly
|
||
|
59F5000
|
heap
|
page read and write
|
||
|
110000
|
heap
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
2BE5000
|
heap
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
5074000
|
heap
|
page read and write
|
||
|
12FD000
|
unkown
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
2ED0000
|
unkown
|
page readonly
|
||
|
2B54000
|
direct allocation
|
page read and write
|
||
|
2BB1000
|
direct allocation
|
page read and write
|
||
|
750000
|
unkown
|
page readonly
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
125000
|
heap
|
page read and write
|
||
|
2A45000
|
heap
|
page read and write
|
||
|
9A000
|
stack
|
page read and write
|
||
|
408000
|
unkown
|
page execute read
|
||
|
5352000
|
unkown
|
page read and write
|
||
|
29E5000
|
direct allocation
|
page read and write
|
||
|
29DB000
|
direct allocation
|
page read and write
|
||
|
5366000
|
unkown
|
page read and write
|
||
|
29AE000
|
direct allocation
|
page read and write
|
||
|
2A26000
|
direct allocation
|
page read and write
|
||
|
110000
|
heap
|
page read and write
|
||
|
E68000
|
heap
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
299F000
|
direct allocation
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
2AE1000
|
direct allocation
|
page read and write
|
||
|
583D000
|
heap
|
page read and write
|
||
|
50CC000
|
unkown
|
page read and write
|
||
|
2B37000
|
direct allocation
|
page read and write
|
||
|
2AA3000
|
direct allocation
|
page read and write
|
||
|
5EDE000
|
direct allocation
|
page read and write
|
||
|
BAD000
|
stack
|
page read and write
|
||
|
770000
|
unkown
|
page readonly
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
2A98000
|
direct allocation
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
75F000
|
unkown
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
6259000
|
unkown
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
5C15000
|
trusted library allocation
|
page read and write
|
||
|
55C9000
|
heap
|
page read and write
|
||
|
2A35000
|
direct allocation
|
page read and write
|
||
|
FE0000
|
unkown
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
2A8D000
|
direct allocation
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
76F000
|
unkown
|
page read and write
|
||
|
124000
|
heap
|
page read and write
|
||
|
75F000
|
unkown
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
514000
|
unkown
|
page execute read
|
||
|
125000
|
heap
|
page read and write
|
||
|
840000
|
unkown
|
page read and write
|
||
|
57AE000
|
unkown
|
page read and write
|
||
|
4EB3000
|
trusted library allocation
|
page read and write
|
||
|
780000
|
heap
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
2A31000
|
direct allocation
|
page read and write
|
||
|
2998000
|
direct allocation
|
page read and write
|
||
|
512C000
|
stack
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
776000
|
unkown
|
page readonly
|
||
|
2971000
|
direct allocation
|
page read and write
|
||
|
10AE000
|
unkown
|
page read and write
|
||
|
B20000
|
unkown
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
5132000
|
heap
|
page read and write
|
||
|
2A80000
|
heap
|
page read and write
|
||
|
2D00000
|
direct allocation
|
page execute and read and write
|
||
|
2A78000
|
direct allocation
|
page read and write
|
||
|
1400000
|
unkown
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
451E000
|
stack
|
page read and write
|
||
|
2AF0000
|
heap
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
2A9C000
|
direct allocation
|
page read and write
|
||
|
FDE000
|
stack
|
page read and write
|
||
|
D21000
|
heap
|
page read and write
|
||
|
124000
|
heap
|
page read and write
|
||
|
124000
|
heap
|
page read and write
|
||
|
4B52000
|
heap
|
page read and write
|
||
|
53ED000
|
direct allocation
|
page read and write
|
||
|
4A3B000
|
heap
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
BEE000
|
stack
|
page read and write
|
||
|
2BAA000
|
direct allocation
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
51F0000
|
heap
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
2BC0000
|
heap
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
2ACB000
|
direct allocation
|
page read and write
|
||
|
FF1000
|
unkown
|
page readonly
|
||
|
DEE000
|
heap
|
page read and write
|
||
|
508E000
|
unkown
|
page read and write
|
||
|
2B12000
|
heap
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
115E000
|
stack
|
page read and write
|
||
|
50FD000
|
direct allocation
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
2F70000
|
heap
|
page read and write
|
||
|
2AAC000
|
direct allocation
|
page read and write
|
||
|
29B5000
|
direct allocation
|
page read and write
|
||
|
48FA000
|
direct allocation
|
page read and write
|
||
|
60F0000
|
unkown
|
page read and write
|
||
|
451E000
|
stack
|
page read and write
|
||
|
124000
|
heap
|
page read and write
|
||
|
124000
|
heap
|
page read and write
|
||
|
1390000
|
unkown
|
page readonly
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
13B0000
|
heap
|
page read and write
|
||
|
1413000
|
unkown
|
page read and write
|
||
|
946000
|
unkown
|
page readonly
|
||
|
58F1000
|
heap
|
page read and write
|
||
|
545E000
|
direct allocation
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
29C2000
|
direct allocation
|
page read and write
|
||
|
58BA000
|
heap
|
page read and write
|
||
|
5769000
|
heap
|
page read and write
|
||
|
93B000
|
unkown
|
page readonly
|
||
|
D90000
|
direct allocation
|
page execute and read and write
|
||
|
124000
|
heap
|
page read and write
|
||
|
C06000
|
heap
|
page read and write
|
||
|
779000
|
unkown
|
page readonly
|
||
|
2B4C000
|
direct allocation
|
page read and write
|
||
|
5E69000
|
direct allocation
|
page read and write
|
||
|
2BBC000
|
stack
|
page read and write
|
||
|
E0B000
|
heap
|
page read and write
|
||
|
5549000
|
heap
|
page read and write
|
||
|
2B62000
|
direct allocation
|
page read and write
|
||
|
124000
|
heap
|
page read and write
|
||
|
66D5000
|
unkown
|
page read and write
|
||
|
124000
|
heap
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
1D5000
|
unkown
|
page read and write
|
||
|
F2B000
|
stack
|
page read and write
|
||
|
769000
|
unkown
|
page read and write
|
||
|
2D83000
|
heap
|
page read and write
|
||
|
870000
|
heap
|
page read and write
|
||
|
124000
|
heap
|
page read and write
|
||
|
100000
|
heap
|
page read and write
|
||
|
124000
|
heap
|
page read and write
|
||
|
2A06000
|
direct allocation
|
page read and write
|
||
|
2F7F000
|
stack
|
page read and write
|
||
|
330F000
|
stack
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
44F000
|
unkown
|
page execute read
|
||
|
124000
|
heap
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
3440000
|
heap
|
page read and write
|
||
|
532F000
|
unkown
|
page read and write
|
||
|
2F6E000
|
stack
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
13B7000
|
unkown
|
page read and write
|
||
|
2A0D000
|
direct allocation
|
page read and write
|
||
|
2D80000
|
heap
|
page read and write
|
||
|
12F2000
|
stack
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
2AB5000
|
direct allocation
|
page read and write
|
||
|
340F000
|
stack
|
page read and write
|
||
|
747000
|
unkown
|
page read and write
|
||
|
EA3000
|
heap
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
2A14000
|
direct allocation
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
58AF000
|
unkown
|
page read and write
|
||
|
2BC1000
|
heap
|
page read and write
|
||
|
124000
|
heap
|
page read and write
|
||
|
37D2000
|
heap
|
page read and write
|
||
|
5078000
|
heap
|
page read and write
|
||
|
49D0000
|
heap
|
page read and write
|
||
|
1D3000
|
unkown
|
page write copy
|
||
|
2AE6000
|
heap
|
page read and write
|
||
|
6213000
|
unkown
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
2B30000
|
direct allocation
|
page read and write
|
||
|
CE0000
|
heap
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
5343000
|
unkown
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
2EFE000
|
stack
|
page read and write
|
||
|
4440000
|
direct allocation
|
page execute and read and write
|
||
|
2BA3000
|
direct allocation
|
page read and write
|
||
|
5330000
|
unkown
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
124000
|
heap
|
page read and write
|
||
|
2B07000
|
direct allocation
|
page read and write
|
||
|
102C000
|
unkown
|
page read and write
|
||
|
63B000
|
stack
|
page read and write
|
||
|
F90000
|
heap
|
page read and write
|
||
|
4FE3000
|
heap
|
page read and write
|
||
|
769000
|
unkown
|
page read and write
|
||
|
520E000
|
direct allocation
|
page read and write
|
||
|
37A0000
|
heap
|
page read and write
|
||
|
4F59000
|
heap
|
page read and write
|
||
|
5343000
|
unkown
|
page read and write
|
||
|
11FF000
|
unkown
|
page read and write
|
||
|
29B6000
|
direct allocation
|
page read and write
|
||
|
29FF000
|
direct allocation
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
C60000
|
heap
|
page read and write
|
||
|
124000
|
heap
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
1300000
|
unkown
|
page read and write
|
||
|
624D000
|
unkown
|
page read and write
|
||
|
12FF000
|
stack
|
page read and write
|
||
|
5130000
|
heap
|
page read and write
|
||
|
2A2A000
|
direct allocation
|
page read and write
|
||
|
2A7F000
|
direct allocation
|
page read and write
|
||
|
1360000
|
heap
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
5670000
|
unkown
|
page read and write
|
||
|
124000
|
heap
|
page read and write
|
||
|
2E7D000
|
stack
|
page read and write
|
||
|
124000
|
heap
|
page read and write
|
||
|
125000
|
heap
|
page read and write
|
||
|
732000
|
stack
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
BC0000
|
unkown
|
page readonly
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
7D0000
|
unkown
|
page read and write
|
||
|
2AC9000
|
direct allocation
|
page read and write
|
||
|
BEE000
|
stack
|
page read and write
|
||
|
769000
|
unkown
|
page read and write
|
||
|
2ABA000
|
direct allocation
|
page read and write
|
||
|
3780000
|
heap
|
page read and write
|
||
|
2A86000
|
direct allocation
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
641B000
|
trusted library allocation
|
page read and write
|
||
|
64BE000
|
trusted library allocation
|
page read and write
|
||
|
2D73000
|
heap
|
page read and write
|
||
|
4B42000
|
heap
|
page read and write
|
||
|
4FD0000
|
direct allocation
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
2A2E000
|
direct allocation
|
page read and write
|
||
|
2AE0000
|
heap
|
page read and write
|
||
|
2F20000
|
heap
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
2A44000
|
direct allocation
|
page read and write
|
||
|
762000
|
unkown
|
page read and write
|
||
|
F70000
|
unkown
|
page readonly
|
||
|
5087000
|
heap
|
page read and write
|
||
|
106E000
|
unkown
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
49D0000
|
heap
|
page read and write
|
||
|
2EB0000
|
heap
|
page read and write
|
||
|
2BB8000
|
direct allocation
|
page read and write
|
||
|
2A62000
|
direct allocation
|
page read and write
|
||
|
6888000
|
unkown
|
page read and write
|
||
|
C28000
|
heap
|
page read and write
|
||
|
125000
|
heap
|
page read and write
|
||
|
1350000
|
unkown
|
page read and write
|
||
|
3530000
|
heap
|
page read and write
|
||
|
2B8D000
|
direct allocation
|
page read and write
|
||
|
124000
|
heap
|
page read and write
|
||
|
48F6000
|
direct allocation
|
page read and write
|
||
|
2A40000
|
heap
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
5070000
|
direct allocation
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
29AD000
|
direct allocation
|
page read and write
|
||
|
745000
|
heap
|
page read and write
|
||
|
2BC1000
|
heap
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
29E0000
|
direct allocation
|
page read and write
|
||
|
125000
|
heap
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
124000
|
heap
|
page read and write
|
||
|
1D7000
|
unkown
|
page readonly
|
||
|
5683000
|
heap
|
page read and write
|
||
|
100000
|
heap
|
page read and write
|
||
|
2B0C000
|
heap
|
page read and write
|
||
|
43F000
|
unkown
|
page execute read
|
||
|
124000
|
heap
|
page read and write
|
||
|
B1F000
|
unkown
|
page read and write
|
||
|
10B0000
|
direct allocation
|
page read and write
|
||
|
378A000
|
heap
|
page read and write
|
||
|
76F000
|
unkown
|
page read and write
|
||
|
2A70000
|
direct allocation
|
page read and write
|
||
|
522E000
|
unkown
|
page read and write
|
||
|
2A65000
|
direct allocation
|
page read and write
|
||
|
124000
|
heap
|
page read and write
|
||
|
2D70000
|
heap
|
page read and write
|
||
|
2B70000
|
direct allocation
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
2BC1000
|
heap
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
63E000
|
unkown
|
page execute read
|
||
|
5D40000
|
direct allocation
|
page read and write
|
||
|
4AB2000
|
heap
|
page read and write
|
||
|
937000
|
unkown
|
page readonly
|
||
|
2AB8000
|
direct allocation
|
page read and write
|
||
|
770000
|
unkown
|
page write copy
|
||
|
2A49000
|
heap
|
page read and write
|
||
|
801000
|
unkown
|
page readonly
|
||
|
3770000
|
direct allocation
|
page read and write
|
||
|
2A81000
|
heap
|
page read and write
|
||
|
644D000
|
trusted library allocation
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
D12000
|
heap
|
page read and write
|
||
|
15E000
|
stack
|
page read and write
|
||
|
10DF000
|
stack
|
page read and write
|
||
|
4D1A000
|
heap
|
page read and write
|
||
|
2AF1000
|
heap
|
page read and write
|
||
|
2F00000
|
heap
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
5E6D000
|
direct allocation
|
page read and write
|
||
|
BAD000
|
stack
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
4F8E000
|
unkown
|
page read and write
|
||
|
533E000
|
stack
|
page read and write
|
||
|
2E3C000
|
stack
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
124000
|
heap
|
page read and write
|
||
|
2AB1000
|
direct allocation
|
page read and write
|
||
|
2F3F000
|
stack
|
page read and write
|
||
|
29F8000
|
direct allocation
|
page read and write
|
||
|
2986000
|
direct allocation
|
page read and write
|
||
|
C5C000
|
heap
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
3020000
|
heap
|
page read and write
|
||
|
100000
|
heap
|
page read and write
|
||
|
2B0F000
|
heap
|
page read and write
|
||
|
2EED000
|
unkown
|
page write copy
|
||
|
75F000
|
unkown
|
page write copy
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
2A0E000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
1367000
|
heap
|
page read and write
|
||
|
2B78000
|
direct allocation
|
page read and write
|
||
|
124000
|
heap
|
page read and write
|
||
|
124000
|
heap
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
124000
|
heap
|
page read and write
|
||
|
D6E000
|
heap
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
2A38000
|
direct allocation
|
page read and write
|
||
|
48EE000
|
direct allocation
|
page read and write
|
||
|
4990000
|
heap
|
page read and write
|
||
|
14EF000
|
stack
|
page read and write
|
||
|
2B5B000
|
direct allocation
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
124000
|
heap
|
page read and write
|
||
|
BAD000
|
stack
|
page read and write
|
||
|
CEB000
|
heap
|
page read and write
|
||
|
548D000
|
heap
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
D16000
|
heap
|
page read and write
|
||
|
C49000
|
heap
|
page read and write
|
||
|
4E2F000
|
unkown
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
124000
|
heap
|
page read and write
|
||
|
1DD000
|
unkown
|
page write copy
|
||
|
D68000
|
heap
|
page read and write
|
||
|
2AC2000
|
direct allocation
|
page read and write
|
||
|
516E000
|
direct allocation
|
page read and write
|
||
|
29F0000
|
direct allocation
|
page read and write
|
||
|
3040000
|
heap
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
E6F000
|
heap
|
page read and write
|
||
|
51F4000
|
heap
|
page read and write
|
||
|
4F40000
|
unkown
|
page read and write
|
||
|
D72000
|
heap
|
page read and write
|
||
|
6170000
|
trusted library allocation
|
page read and write
|
||
|
471F000
|
stack
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
2B45000
|
direct allocation
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
2978000
|
direct allocation
|
page read and write
|
||
|
93E000
|
unkown
|
page readonly
|
||
|
338E000
|
stack
|
page read and write
|
||
|
2FEE000
|
stack
|
page read and write
|
||
|
E20000
|
heap
|
page read and write
|
||
|
933000
|
unkown
|
page readonly
|
||
|
C5B000
|
heap
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
124000
|
heap
|
page read and write
|
||
|
4BF7000
|
heap
|
page read and write
|
||
|
29C9000
|
direct allocation
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
F60000
|
unkown
|
page readonly
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
2AFA000
|
direct allocation
|
page read and write
|
||
|
7E0000
|
unkown
|
page read and write
|
||
|
124000
|
heap
|
page read and write
|
||
|
328F000
|
stack
|
page read and write
|
||
|
19E000
|
stack
|
page read and write
|
||
|
4990000
|
heap
|
page read and write
|
||
|
506C000
|
heap
|
page read and write
|
||
|
29F0000
|
direct allocation
|
page read and write
|
||
|
2A53000
|
direct allocation
|
page read and write
|
||
|
2990000
|
direct allocation
|
page read and write
|
||
|
4F52000
|
trusted library allocation
|
page read and write
|
||
|
2B3E000
|
direct allocation
|
page read and write
|
||
|
50E0000
|
heap
|
page read and write
|
||
|
2AF1000
|
heap
|
page read and write
|
||
|
158F000
|
unkown
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
2B65000
|
direct allocation
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
12DF000
|
stack
|
page read and write
|
||
|
3090000
|
heap
|
page read and write
|
||
|
29BB000
|
direct allocation
|
page read and write
|
||
|
75F000
|
unkown
|
page read and write
|
||
|
2B26000
|
heap
|
page read and write
|
||
|
29F8000
|
direct allocation
|
page read and write
|
||
|
68D1000
|
unkown
|
page read and write
|
||
|
55B0000
|
heap
|
page read and write
|
||
|
2A3D000
|
direct allocation
|
page read and write
|
||
|
2AAA000
|
direct allocation
|
page read and write
|
||
|
2AF2000
|
direct allocation
|
page read and write
|
||
|
2D70000
|
heap
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
2A5B000
|
direct allocation
|
page read and write
|
||
|
2B19000
|
direct allocation
|
page read and write
|
||
|
7CE000
|
unkown
|
page read and write
|
||
|
13FF000
|
unkown
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
13A0000
|
unkown
|
page readonly
|
||
|
C20000
|
heap
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
471F000
|
stack
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
297F000
|
direct allocation
|
page read and write
|
||
|
301E000
|
stack
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
29E2000
|
direct allocation
|
page read and write
|
||
|
2E3C000
|
stack
|
page read and write
|
||
|
29E9000
|
direct allocation
|
page read and write
|
||
|
2A69000
|
direct allocation
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
29D4000
|
direct allocation
|
page read and write
|
||
|
6FA0000
|
heap
|
page read and write
|
||
|
775000
|
unkown
|
page read and write
|
||
|
2B86000
|
direct allocation
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
2EE7000
|
unkown
|
page readonly
|
||
|
2CF0000
|
heap
|
page read and write
|
||
|
5068000
|
heap
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
10F0000
|
unkown
|
page read and write
|
||
|
3048000
|
heap
|
page read and write
|
||
|
2EE2000
|
unkown
|
page read and write
|
||
|
7080000
|
trusted library allocation
|
page read and write
|
||
|
924000
|
unkown
|
page readonly
|
||
|
4E90000
|
unkown
|
page read and write
|
||
|
F1F000
|
stack
|
page read and write
|
||
|
BD0000
|
unkown
|
page readonly
|
||
|
124000
|
heap
|
page read and write
|
||
|
2A80000
|
direct allocation
|
page read and write
|
||
|
2A94000
|
direct allocation
|
page read and write
|
||
|
2B9C000
|
direct allocation
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
29A6000
|
direct allocation
|
page read and write
|
||
|
97000
|
stack
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
2AF2000
|
heap
|
page read and write
|
||
|
760000
|
unkown
|
page readonly
|
||
|
507B000
|
heap
|
page read and write
|
||
|
CEE000
|
heap
|
page read and write
|
||
|
97000
|
stack
|
page read and write
|
||
|
1D2000
|
unkown
|
page read and write
|
||
|
CCC000
|
stack
|
page read and write
|
||
|
5400000
|
unkown
|
page read and write
|
||
|
6DA000
|
unkown
|
page execute read
|
||
|
124000
|
heap
|
page read and write
|
||
|
2F8F000
|
stack
|
page read and write
|
||
|
CBC000
|
stack
|
page read and write
|
||
|
60F1000
|
unkown
|
page read and write
|
||
|
942000
|
unkown
|
page readonly
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
51F4000
|
heap
|
page read and write
|
||
|
120000
|
heap
|
page read and write
|
||
|
FDE000
|
unkown
|
page read and write
|
||
|
51ED000
|
unkown
|
page read and write
|
||
|
DA6000
|
heap
|
page read and write
|
||
|
5199000
|
direct allocation
|
page read and write
|
||
|
2D33000
|
heap
|
page read and write
|
||
|
2A96000
|
direct allocation
|
page read and write
|
||
|
124000
|
heap
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
37C1000
|
heap
|
page read and write
|
||
|
2B69000
|
direct allocation
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
4C75000
|
heap
|
page read and write
|
||
|
F80000
|
unkown
|
page readonly
|
||
|
2B7F000
|
direct allocation
|
page read and write
|
||
|
90C000
|
unkown
|
page readonly
|
||
|
10C0000
|
heap
|
page read and write
|
||
|
48FE000
|
direct allocation
|
page read and write
|
||
|
125000
|
heap
|
page read and write
|
||
|
1413000
|
unkown
|
page read and write
|
||
|
1A0000
|
heap
|
page read and write
|
||
|
951000
|
unkown
|
page readonly
|
||
|
5671000
|
unkown
|
page read and write
|
||
|
85A000
|
heap
|
page read and write
|
||
|
124000
|
heap
|
page read and write
|
||
|
519C000
|
trusted library allocation
|
page read and write
|
||
|
2B27000
|
direct allocation
|
page read and write
|
||
|
2A18000
|
direct allocation
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
5070000
|
heap
|
page read and write
|
||
|
FDE000
|
unkown
|
page read and write
|
||
|
2B0E000
|
direct allocation
|
page read and write
|
||
|
4E36000
|
heap
|
page read and write
|
||
|
50F9000
|
direct allocation
|
page read and write
|
||
|
2991000
|
direct allocation
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
2A4C000
|
direct allocation
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
2A1C000
|
direct allocation
|
page read and write
|
There are 605 hidden memdumps, click here to show them.