Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
cnaniAxghZ.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\directory\name.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbs
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5434.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Jul 3 12:50:58 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER559C.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER55CC.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\aut4129.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\aut4188.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\aut708F.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\aut70DE.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\bhv5230.tmp
|
Extensible storage engine DataBase, version 0x620, checksum 0x1c4d7e57, page size 32768, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\differences
|
ASCII text, with very long lines (29748), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\ncqkhweaghcgworcchyfyhlbjpqn
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\semispinalis
|
data
|
dropped
|
There are 5 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\cnaniAxghZ.exe
|
"C:\Users\user\Desktop\cnaniAxghZ.exe"
|
|
|
|
C:\Users\user\AppData\Local\directory\name.exe
|
"C:\Users\user\Desktop\cnaniAxghZ.exe"
|
|
|
|
C:\Windows\SysWOW64\svchost.exe
|
"C:\Users\user\Desktop\cnaniAxghZ.exe"
|
|
|
|
C:\Windows\SysWOW64\svchost.exe
|
C:\Windows\SysWOW64\svchost.exe /stext "C:\Users\user\AppData\Local\Temp\ncqkhweaghcgworcchyfyhlbjpqn"
|
|
|
|
C:\Windows\SysWOW64\svchost.exe
|
C:\Windows\SysWOW64\svchost.exe /stext "C:\Users\user\AppData\Local\Temp\qwvdipptuputyufolskgjmgkrwiwkdi"
|
|
|
|
C:\Windows\SysWOW64\svchost.exe
|
C:\Windows\SysWOW64\svchost.exe /stext "C:\Users\user\AppData\Local\Temp\aybv"
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 8084 -s 1288
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
07.175.229.139
|
|
||
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
|
|
|
http://www.imvu.comr
|
unknown
|
||
|
https://M365CDN.nel.measure.office.net/api/report?FrontEnd=VerizonCDNWorldWide&DestinationEndpoint=W
|
unknown
|
||
|
https://ow1.res.office365.com/apc/trans.gif?29331761644ba41ebf9abf96ecc6fbad
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingth
|
unknown
|
||
|
https://86dd05e6f545b5502aade4a1946d3e9d.azr.footprintdns.com/apc/trans.gif?66601c3b572f284b9da07fcc
|
unknown
|
||
|
http://www.nirsoft.net
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingaotak
|
unknown
|
||
|
https://deff.nelreports.net/api/report?cat=msn
|
unknown
|
||
|
https://ecs.nel.measure.office.net?TenantId=ODSP_Sync_Client&DestinationEndpoint=Edge-Prod-BLUr5a&Fr
|
unknown
|
||
|
https://58293426822f9aaf9d7c729f28294583.azr.footprintdns.com/apc/trans.gif?fc66b8a78ab7a1394f56e742
|
unknown
|
||
|
https://ecs.nel.measure.office.net?TenantId=ODSP_Sync_Client&DestinationEndpoint=Edge-Prod-BL2r8e&Fr
|
unknown
|
||
|
http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
|
unknown
|
||
|
https://rum8.perf.linkedin.com/apc/trans.gif?fe61b216ccbcc1bca02cb20f2e94fb51
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://fp-afdx-bpdee4gtg6frejfd.z01.azurefd.net/apc/trans.gif?a9bddedb22fa9ee1d455a5d5a89b950c
|
unknown
|
||
|
http://geoplugin.net/json.gp/C
|
unknown
|
||
|
https://maps.windows.com/windows-app-web-link
|
unknown
|
||
|
https://cxcs.microsoft.net/api/settings/en-GB/xml/settings-tipset?release=20h1&sku=Professional&plat
|
unknown
|
||
|
https://fp-afdx-bpdee4gtg6frejfd.z01.azurefd.net/apc/trans.gif?60caefc8ca640843bccad421cfaadcc8
|
unknown
|
||
|
https://login.yahoo.com/config/login
|
unknown
|
||
|
http://www.nirsoft.net/
|
unknown
|
||
|
https://ow1.res.office365.com/apc/trans.gif?17a81fd4cdc7fc73a2b4cf5b67ff816d
|
unknown
|
||
|
https://86dd05e6f545b5502aade4a1946d3e9d.azr.footprintdns.com/apc/trans.gif?f67d919da1a9ba8a5672367d
|
unknown
|
||
|
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg
|
unknown
|
||
|
https://www.office.com/
|
unknown
|
||
|
https://ow1.res.office365.com/apc/trans.gif?2f153f40414852a5ead98f4103d563a8
|
unknown
|
||
|
https://acae307a6acdd4e64531be6276770618.azr.footprintdns.com/apc/trans.gif?a176b93f037f93b5720edf68
|
unknown
|
||
|
https://sin06prdapp01-canary-opaph.netmon.azure.com/apc/trans.gif?909b77fc750668f20e07288ff0ed43e2
|
unknown
|
||
|
https://18a72a1f5c7b170c6cc0a459d463264e.azr.footprintdns.com/apc/trans.gif?c9b5e9d2b836931c8ddd4e8d
|
unknown
|
||
|
https://18a72a1f5c7b170c6cc0a459d463264e.azr.footprintdns.com/apc/trans.gif?18b635b804a8d6ad0a1fa437
|
unknown
|
||
|
http://www.imvu.com
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=wsb
|
unknown
|
||
|
https://acae307a6acdd4e64531be6276770618.azr.footprintdns.com/apc/trans.gif?467894188c5d788807342326
|
unknown
|
||
|
http://geoplugin.net/json.gpSystem32
|
unknown
|
||
|
https://4c4f378c706610974da9cb9d99fe3116.azr.footprintdns.com/apc/trans.gif?1c89d9658c6af83a02d98b03
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingaot
|
unknown
|
||
|
https://login.windows.net/common/oauth2/authorize?response_type=code&client_id=d3590ed6-52b3-4102-ae
|
unknown
|
||
|
https://4c4f378c706610974da9cb9d99fe3116.azr.footprintdns.com/apc/trans.gif?74b620657ac570f7999e6ad7
|
unknown
|
||
|
https://ecs.nel.measure.office.net?TenantId=Skype&DestinationEndpoint=Edge-Prod-BL2r8e&FrontEnd=AFD
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingrms
|
unknown
|
||
|
https://rum8.perf.linkedin.com/apc/trans.gif?690daf9375f3d267a5b7b08fbc174993
|
unknown
|
||
|
https://www.google.com/accounts/servicelogin
|
unknown
|
||
|
https://58293426822f9aaf9d7c729f28294583.azr.footprintdns.com/apc/trans.gif?cf2d8bf3b68a3e37eef992d5
|
unknown
|
||
|
https://login.microsoftonline.com/common/oauth2/authorize?response_type=code&client_id=d3590ed6-52b3
|
unknown
|
||
|
https://ow1.res.office365.com/apc/trans.gif?a50e32ebd978eda4d21928b1dbc78135
|
unknown
|
||
|
https://sin06prdapp01-canary-opaph.netmon.azure.com/apc/trans.gif?c6931b9e725f95cf9c20849dd6498c59
|
unknown
|
||
|
http://www.ebuddy.com
|
unknown
|
There are 39 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
geoplugin.net
|
178.237.33.50
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
107.175.229.139
|
unknown
|
United States
|
|
|
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-TLPQMO
|
exepath
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-TLPQMO
|
licence
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-TLPQMO
|
time
|
|
|
|
\REGISTRY\A\{4aa6d926-536a-ec03-0a71-e95a421268ab}\Root\InventoryApplicationFile\svchost.exe|1260c7b0519b1406
|
ProgramId
|
||
|
\REGISTRY\A\{4aa6d926-536a-ec03-0a71-e95a421268ab}\Root\InventoryApplicationFile\svchost.exe|1260c7b0519b1406
|
FileId
|
||
|
\REGISTRY\A\{4aa6d926-536a-ec03-0a71-e95a421268ab}\Root\InventoryApplicationFile\svchost.exe|1260c7b0519b1406
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{4aa6d926-536a-ec03-0a71-e95a421268ab}\Root\InventoryApplicationFile\svchost.exe|1260c7b0519b1406
|
LongPathHash
|
||
|
\REGISTRY\A\{4aa6d926-536a-ec03-0a71-e95a421268ab}\Root\InventoryApplicationFile\svchost.exe|1260c7b0519b1406
|
Name
|
||
|
\REGISTRY\A\{4aa6d926-536a-ec03-0a71-e95a421268ab}\Root\InventoryApplicationFile\svchost.exe|1260c7b0519b1406
|
OriginalFileName
|
||
|
\REGISTRY\A\{4aa6d926-536a-ec03-0a71-e95a421268ab}\Root\InventoryApplicationFile\svchost.exe|1260c7b0519b1406
|
Publisher
|
||
|
\REGISTRY\A\{4aa6d926-536a-ec03-0a71-e95a421268ab}\Root\InventoryApplicationFile\svchost.exe|1260c7b0519b1406
|
Version
|
||
|
\REGISTRY\A\{4aa6d926-536a-ec03-0a71-e95a421268ab}\Root\InventoryApplicationFile\svchost.exe|1260c7b0519b1406
|
BinFileVersion
|
||
|
\REGISTRY\A\{4aa6d926-536a-ec03-0a71-e95a421268ab}\Root\InventoryApplicationFile\svchost.exe|1260c7b0519b1406
|
BinaryType
|
||
|
\REGISTRY\A\{4aa6d926-536a-ec03-0a71-e95a421268ab}\Root\InventoryApplicationFile\svchost.exe|1260c7b0519b1406
|
ProductName
|
||
|
\REGISTRY\A\{4aa6d926-536a-ec03-0a71-e95a421268ab}\Root\InventoryApplicationFile\svchost.exe|1260c7b0519b1406
|
ProductVersion
|
||
|
\REGISTRY\A\{4aa6d926-536a-ec03-0a71-e95a421268ab}\Root\InventoryApplicationFile\svchost.exe|1260c7b0519b1406
|
LinkDate
|
||
|
\REGISTRY\A\{4aa6d926-536a-ec03-0a71-e95a421268ab}\Root\InventoryApplicationFile\svchost.exe|1260c7b0519b1406
|
BinProductVersion
|
||
|
\REGISTRY\A\{4aa6d926-536a-ec03-0a71-e95a421268ab}\Root\InventoryApplicationFile\svchost.exe|1260c7b0519b1406
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{4aa6d926-536a-ec03-0a71-e95a421268ab}\Root\InventoryApplicationFile\svchost.exe|1260c7b0519b1406
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{4aa6d926-536a-ec03-0a71-e95a421268ab}\Root\InventoryApplicationFile\svchost.exe|1260c7b0519b1406
|
Size
|
||
|
\REGISTRY\A\{4aa6d926-536a-ec03-0a71-e95a421268ab}\Root\InventoryApplicationFile\svchost.exe|1260c7b0519b1406
|
Language
|
||
|
\REGISTRY\A\{4aa6d926-536a-ec03-0a71-e95a421268ab}\Root\InventoryApplicationFile\svchost.exe|1260c7b0519b1406
|
IsOsComponent
|
||
|
\REGISTRY\A\{4aa6d926-536a-ec03-0a71-e95a421268ab}\Root\InventoryApplicationFile\svchost.exe|1260c7b0519b1406
|
Usn
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
There are 15 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3000000
|
heap
|
page read and write
|
|
|
|
400000
|
system
|
page execute and read and write
|
|
|
|
3F20000
|
direct allocation
|
page read and write
|
|
|
|
3012000
|
heap
|
page read and write
|
|
|
|
9F000
|
unkown
|
page readonly
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
478000
|
system
|
page execute and read and write
|
||
|
1223000
|
heap
|
page read and write
|
||
|
4E5E000
|
stack
|
page read and write
|
||
|
1684000
|
heap
|
page read and write
|
||
|
473000
|
system
|
page execute and read and write
|
||
|
2FAF000
|
stack
|
page read and write
|
||
|
168000
|
unkown
|
page readonly
|
||
|
A90000
|
heap
|
page read and write
|
||
|
3077000
|
heap
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
11A3000
|
heap
|
page read and write
|
||
|
5D20000
|
unclassified section
|
page execute and read and write
|
||
|
5301000
|
heap
|
page read and write
|
||
|
12F000
|
unkown
|
page readonly
|
||
|
1399000
|
heap
|
page read and write
|
||
|
E9E000
|
stack
|
page read and write
|
||
|
5F76000
|
heap
|
page read and write
|
||
|
3197000
|
heap
|
page read and write
|
||
|
5400000
|
trusted library allocation
|
page read and write
|
||
|
3153000
|
heap
|
page read and write
|
||
|
4030000
|
direct allocation
|
page read and write
|
||
|
31AD000
|
heap
|
page read and write
|
||
|
11BC000
|
heap
|
page read and write
|
||
|
5F76000
|
heap
|
page read and write
|
||
|
3153000
|
heap
|
page read and write
|
||
|
13D8000
|
heap
|
page read and write
|
||
|
3FA0000
|
direct allocation
|
page read and write
|
||
|
46B3000
|
direct allocation
|
page read and write
|
||
|
960000
|
heap
|
page readonly
|
||
|
4FE0000
|
heap
|
page read and write
|
||
|
436E000
|
direct allocation
|
page read and write
|
||
|
E4E000
|
stack
|
page read and write
|
||
|
5E01000
|
heap
|
page read and write
|
||
|
5F01000
|
heap
|
page read and write
|
||
|
5E01000
|
heap
|
page read and write
|
||
|
340F000
|
heap
|
page read and write
|
||
|
3132000
|
heap
|
page read and write
|
||
|
3107000
|
heap
|
page read and write
|
||
|
180E000
|
heap
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
5E01000
|
heap
|
page read and write
|
||
|
13C8000
|
heap
|
page read and write
|
||
|
1235000
|
heap
|
page read and write
|
||
|
5E7A000
|
heap
|
page read and write
|
||
|
13C2000
|
heap
|
page read and write
|
||
|
101B000
|
stack
|
page read and write
|
||
|
5E01000
|
heap
|
page read and write
|
||
|
3112000
|
heap
|
page read and write
|
||
|
121B000
|
heap
|
page read and write
|
||
|
99C000
|
stack
|
page read and write
|
||
|
5E01000
|
heap
|
page read and write
|
||
|
1382000
|
heap
|
page read and write
|
||
|
3146000
|
heap
|
page read and write
|
||
|
45C000
|
system
|
page execute and read and write
|
||
|
5400000
|
trusted library allocation
|
page read and write
|
||
|
AE0000
|
heap
|
page read and write
|
||
|
3B70000
|
direct allocation
|
page read and write
|
||
|
1DBE000
|
stack
|
page read and write
|
||
|
41D0000
|
direct allocation
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
1398000
|
heap
|
page read and write
|
||
|
3046000
|
heap
|
page read and write
|
||
|
C31000
|
heap
|
page read and write
|
||
|
3176000
|
heap
|
page read and write
|
||
|
2FFE000
|
stack
|
page read and write
|
||
|
4030000
|
direct allocation
|
page read and write
|
||
|
5BBD000
|
stack
|
page read and write
|
||
|
3046000
|
heap
|
page read and write
|
||
|
3000000
|
heap
|
page read and write
|
||
|
A7C000
|
stack
|
page read and write
|
||
|
1399000
|
heap
|
page read and write
|
||
|
312E000
|
heap
|
page read and write
|
||
|
3100000
|
heap
|
page read and write
|
||
|
3145000
|
heap
|
page read and write
|
||
|
15F3000
|
heap
|
page read and write
|
||
|
5E01000
|
heap
|
page read and write
|
||
|
15FE000
|
heap
|
page read and write
|
||
|
2FA0000
|
heap
|
page read and write
|
||
|
1685000
|
heap
|
page read and write
|
||
|
2FEE000
|
stack
|
page read and write
|
||
|
50C0000
|
unclassified section
|
page execute and read and write
|
||
|
3132000
|
heap
|
page read and write
|
||
|
4269000
|
direct allocation
|
page read and write
|
||
|
13B8000
|
heap
|
page read and write
|
||
|
42FD000
|
direct allocation
|
page read and write
|
||
|
13FE000
|
stack
|
page read and write
|
||
|
4BA0000
|
heap
|
page read and write
|
||
|
3037000
|
heap
|
page read and write
|
||
|
1070000
|
heap
|
page read and write
|
||
|
3202000
|
heap
|
page read and write
|
||
|
3500000
|
heap
|
page read and write
|
||
|
3FA0000
|
direct allocation
|
page read and write
|
||
|
2250000
|
heap
|
page read and write
|
||
|
5E7A000
|
heap
|
page read and write
|
||
|
1E90000
|
heap
|
page read and write
|
||
|
17EF000
|
heap
|
page read and write
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
997000
|
stack
|
page read and write
|
||
|
3176000
|
heap
|
page read and write
|
||
|
313E000
|
heap
|
page read and write
|
||
|
3046000
|
heap
|
page read and write
|
||
|
1686000
|
heap
|
page read and write
|
||
|
3153000
|
heap
|
page read and write
|
||
|
A0000
|
unkown
|
page readonly
|
||
|
155000
|
unkown
|
page readonly
|
||
|
531D000
|
stack
|
page read and write
|
||
|
4F9E000
|
stack
|
page read and write
|
||
|
5EAE000
|
heap
|
page read and write
|
||
|
97C000
|
stack
|
page read and write
|
||
|
5E01000
|
heap
|
page read and write
|
||
|
1233000
|
heap
|
page read and write
|
||
|
5150000
|
unclassified section
|
page execute and read and write
|
||
|
163000
|
unkown
|
page write copy
|
||
|
15C0000
|
heap
|
page read and write
|
||
|
509F000
|
stack
|
page read and write
|
||
|
143C000
|
stack
|
page read and write
|
||
|
12F000
|
unkown
|
page readonly
|
||
|
3153000
|
heap
|
page read and write
|
||
|
3037000
|
heap
|
page read and write
|
||
|
2FC0000
|
heap
|
page read and write
|
||
|
15FE000
|
heap
|
page read and write
|
||
|
4140000
|
direct allocation
|
page read and write
|
||
|
3503000
|
heap
|
page read and write
|
||
|
579F000
|
stack
|
page read and write
|
||
|
A0B3000
|
direct allocation
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
4C01000
|
heap
|
page read and write
|
||
|
32FF000
|
stack
|
page read and write
|
||
|
511D000
|
unclassified section
|
page execute and read and write
|
||
|
31A4000
|
heap
|
page read and write
|
||
|
134B000
|
heap
|
page read and write
|
||
|
1170000
|
heap
|
page read and write
|
||
|
4E3F000
|
stack
|
page read and write
|
||
|
456000
|
system
|
page execute and read and write
|
||
|
5E7B000
|
heap
|
page read and write
|
||
|
3BA0000
|
direct allocation
|
page read and write
|
||
|
51A6000
|
unclassified section
|
page execute and read and write
|
||
|
A13000
|
heap
|
page read and write
|
||
|
42F9000
|
direct allocation
|
page read and write
|
||
|
15F2000
|
heap
|
page read and write
|
||
|
17BB000
|
heap
|
page read and write
|
||
|
1685000
|
heap
|
page read and write
|
||
|
180F000
|
heap
|
page read and write
|
||
|
3033000
|
heap
|
page read and write
|
||
|
6100000
|
heap
|
page read and write
|
||
|
316B000
|
heap
|
page read and write
|
||
|
3421000
|
heap
|
page read and write
|
||
|
181F000
|
heap
|
page read and write
|
||
|
5F76000
|
heap
|
page read and write
|
||
|
3031000
|
heap
|
page read and write
|
||
|
D8000
|
unkown
|
page readonly
|
||
|
31D7000
|
heap
|
page read and write
|
||
|
371E000
|
stack
|
page read and write
|
||
|
C02000
|
heap
|
page read and write
|
||
|
1480000
|
heap
|
page read and write
|
||
|
D10000
|
heap
|
page read and write
|
||
|
5E01000
|
heap
|
page read and write
|
||
|
15F000
|
unkown
|
page write copy
|
||
|
1E70000
|
direct allocation
|
page execute and read and write
|
||
|
5400000
|
trusted library allocation
|
page read and write
|
||
|
3412000
|
heap
|
page read and write
|
||
|
459000
|
system
|
page execute and read and write
|
||
|
182F000
|
heap
|
page read and write
|
||
|
3185000
|
heap
|
page read and write
|
||
|
5E01000
|
heap
|
page read and write
|
||
|
13C8000
|
heap
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
5F76000
|
heap
|
page read and write
|
||
|
C12000
|
heap
|
page read and write
|
||
|
3146000
|
heap
|
page read and write
|
||
|
1674000
|
heap
|
page read and write
|
||
|
1818000
|
heap
|
page read and write
|
||
|
11A6000
|
heap
|
page read and write
|
||
|
4F5F000
|
stack
|
page read and write
|
||
|
3012000
|
heap
|
page read and write
|
||
|
3160000
|
heap
|
page read and write
|
||
|
42F9000
|
direct allocation
|
page read and write
|
||
|
4140000
|
direct allocation
|
page read and write
|
||
|
50B3000
|
direct allocation
|
page read and write
|
||
|
3068000
|
heap
|
page read and write
|
||
|
1764000
|
heap
|
page read and write
|
||
|
11000
|
unkown
|
page execute read
|
||
|
3101000
|
heap
|
page read and write
|
||
|
310E000
|
heap
|
page read and write
|
||
|
3068000
|
heap
|
page read and write
|
||
|
82B3000
|
direct allocation
|
page read and write
|
||
|
3046000
|
heap
|
page read and write
|
||
|
3068000
|
heap
|
page read and write
|
||
|
1450000
|
heap
|
page read and write
|
||
|
5E7A000
|
heap
|
page read and write
|
||
|
11AD000
|
heap
|
page read and write
|
||
|
436E000
|
direct allocation
|
page read and write
|
||
|
5E01000
|
heap
|
page read and write
|
||
|
5E7A000
|
heap
|
page read and write
|
||
|
45D000
|
system
|
page execute and read and write
|
||
|
31B6000
|
heap
|
page read and write
|
||
|
5301000
|
heap
|
page read and write
|
||
|
2F2C000
|
stack
|
page read and write
|
||
|
17EF000
|
heap
|
page read and write
|
||
|
E7E000
|
stack
|
page read and write
|
||
|
5E01000
|
heap
|
page read and write
|
||
|
16A6000
|
heap
|
page read and write
|
||
|
1E50000
|
heap
|
page read and write
|
||
|
3824000
|
heap
|
page read and write
|
||
|
E10000
|
heap
|
page read and write
|
||
|
3174000
|
heap
|
page read and write
|
||
|
3BD0000
|
heap
|
page read and write
|
||
|
569F000
|
stack
|
page read and write
|
||
|
CF000
|
unkown
|
page read and write
|
||
|
312E000
|
heap
|
page read and write
|
||
|
5E01000
|
heap
|
page read and write
|
||
|
9AE000
|
stack
|
page read and write
|
||
|
5400000
|
trusted library allocation
|
page read and write
|
||
|
1100000
|
heap
|
page read and write
|
||
|
36D0000
|
heap
|
page readonly
|
||
|
100E000
|
stack
|
page read and write
|
||
|
C13000
|
heap
|
page read and write
|
||
|
11000
|
unkown
|
page execute read
|
||
|
5E7A000
|
heap
|
page read and write
|
||
|
305A000
|
heap
|
page read and write
|
||
|
3146000
|
heap
|
page read and write
|
||
|
40C3000
|
direct allocation
|
page read and write
|
||
|
11AD000
|
heap
|
page read and write
|
||
|
308E000
|
heap
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
3197000
|
heap
|
page read and write
|
||
|
3153000
|
heap
|
page read and write
|
||
|
5301000
|
heap
|
page read and write
|
||
|
C31000
|
heap
|
page read and write
|
||
|
141B000
|
stack
|
page read and write
|
||
|
4E1F000
|
stack
|
page read and write
|
||
|
5E01000
|
heap
|
page read and write
|
||
|
182F000
|
heap
|
page read and write
|
||
|
15C8000
|
heap
|
page read and write
|
||
|
42FD000
|
direct allocation
|
page read and write
|
||
|
5E01000
|
heap
|
page read and write
|
||
|
3063000
|
heap
|
page read and write
|
||
|
5200000
|
heap
|
page read and write
|
||
|
C13000
|
heap
|
page read and write
|
||
|
315A000
|
heap
|
page read and write
|
||
|
15F3000
|
heap
|
page read and write
|
||
|
1255000
|
heap
|
page read and write
|
||
|
51AC000
|
unclassified section
|
page execute and read and write
|
||
|
13A8000
|
heap
|
page read and write
|
||
|
C5000
|
unkown
|
page readonly
|
||
|
5400000
|
trusted library allocation
|
page read and write
|
||
|
2FA0000
|
heap
|
page read and write
|
||
|
CF000
|
unkown
|
page write copy
|
||
|
96B3000
|
direct allocation
|
page read and write
|
||
|
D18000
|
heap
|
page read and write
|
||
|
16A7000
|
heap
|
page read and write
|
||
|
3153000
|
heap
|
page read and write
|
||
|
318C000
|
heap
|
page read and write
|
||
|
591D000
|
stack
|
page read and write
|
||
|
5F76000
|
heap
|
page read and write
|
||
|
1234000
|
heap
|
page read and write
|
||
|
3144000
|
heap
|
page read and write
|
||
|
41D0000
|
direct allocation
|
page read and write
|
||
|
3820000
|
heap
|
page read and write
|
||
|
5133000
|
unclassified section
|
page execute and read and write
|
||
|
4BDB000
|
stack
|
page read and write
|
||
|
436E000
|
direct allocation
|
page read and write
|
||
|
880000
|
heap
|
page read and write
|
||
|
17EB000
|
heap
|
page read and write
|
||
|
3CA5000
|
direct allocation
|
page read and write
|
||
|
BC0000
|
heap
|
page readonly
|
||
|
4BB0000
|
trusted library allocation
|
page read and write
|
||
|
1178000
|
heap
|
page read and write
|
||
|
1694000
|
heap
|
page read and write
|
||
|
3144000
|
heap
|
page read and write
|
||
|
5E7A000
|
heap
|
page read and write
|
||
|
300D000
|
heap
|
page read and write
|
||
|
305A000
|
heap
|
page read and write
|
||
|
5BC000
|
stack
|
page read and write
|
||
|
15FE000
|
heap
|
page read and write
|
||
|
535B000
|
heap
|
page read and write
|
||
|
5374000
|
heap
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
9B3000
|
stack
|
page read and write
|
||
|
3174000
|
heap
|
page read and write
|
||
|
17D5000
|
heap
|
page read and write
|
||
|
42F9000
|
direct allocation
|
page read and write
|
||
|
9AF000
|
stack
|
page read and write
|
||
|
6010000
|
heap
|
page read and write
|
||
|
4140000
|
direct allocation
|
page read and write
|
||
|
10000
|
unkown
|
page readonly
|
||
|
4A9E000
|
stack
|
page read and write
|
||
|
569E000
|
stack
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
5E7B000
|
heap
|
page read and write
|
||
|
5400000
|
trusted library allocation
|
page read and write
|
||
|
E40000
|
heap
|
page read and write
|
||
|
30A0000
|
heap
|
page read and write
|
||
|
474000
|
system
|
page execute and read and write
|
||
|
31D8000
|
heap
|
page read and write
|
||
|
5E01000
|
heap
|
page read and write
|
||
|
11A2000
|
heap
|
page read and write
|
||
|
3146000
|
heap
|
page read and write
|
||
|
5EAE000
|
heap
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
4B9F000
|
stack
|
page read and write
|
||
|
1675000
|
heap
|
page read and write
|
||
|
4269000
|
direct allocation
|
page read and write
|
||
|
58DE000
|
stack
|
page read and write
|
||
|
42DE000
|
direct allocation
|
page read and write
|
||
|
11A2000
|
heap
|
page read and write
|
||
|
15F000
|
unkown
|
page read and write
|
||
|
1703000
|
heap
|
page read and write
|
||
|
17EF000
|
heap
|
page read and write
|
||
|
3820000
|
heap
|
page read and write
|
||
|
42DE000
|
direct allocation
|
page read and write
|
||
|
42DE000
|
direct allocation
|
page read and write
|
||
|
426D000
|
direct allocation
|
page read and write
|
||
|
5B6F000
|
stack
|
page read and write
|
||
|
5300000
|
heap
|
page read and write
|
||
|
3197000
|
heap
|
page read and write
|
||
|
3135000
|
heap
|
page read and write
|
||
|
3153000
|
heap
|
page read and write
|
||
|
5E7A000
|
heap
|
page read and write
|
||
|
1140000
|
heap
|
page read and write
|
||
|
1275000
|
heap
|
page read and write
|
||
|
12E5000
|
heap
|
page read and write
|
||
|
3CB3000
|
direct allocation
|
page read and write
|
||
|
308A000
|
heap
|
page read and write
|
||
|
41B000
|
system
|
page execute and read and write
|
||
|
5F76000
|
heap
|
page read and write
|
||
|
3153000
|
heap
|
page read and write
|
||
|
317E000
|
heap
|
page read and write
|
||
|
3144000
|
heap
|
page read and write
|
||
|
11AD000
|
heap
|
page read and write
|
||
|
40C3000
|
direct allocation
|
page read and write
|
||
|
3400000
|
heap
|
page read and write
|
||
|
159D000
|
stack
|
page read and write
|
||
|
103A000
|
stack
|
page read and write
|
||
|
5EBB000
|
heap
|
page read and write
|
||
|
3FA0000
|
direct allocation
|
page read and write
|
||
|
10000
|
unkown
|
page readonly
|
||
|
C13000
|
heap
|
page read and write
|
||
|
5E01000
|
heap
|
page read and write
|
||
|
30D1000
|
heap
|
page read and write
|
||
|
21FF000
|
stack
|
page read and write
|
||
|
5FA000
|
stack
|
page read and write
|
||
|
350C000
|
heap
|
page read and write
|
||
|
11000
|
unkown
|
page execute read
|
||
|
3132000
|
heap
|
page read and write
|
||
|
5001000
|
heap
|
page read and write
|
||
|
5E01000
|
heap
|
page read and write
|
||
|
140E000
|
stack
|
page read and write
|
||
|
C02000
|
heap
|
page read and write
|
||
|
4CDE000
|
stack
|
page read and write
|
||
|
5E00000
|
heap
|
page read and write
|
||
|
3037000
|
heap
|
page read and write
|
||
|
40C3000
|
direct allocation
|
page read and write
|
||
|
A02000
|
heap
|
page read and write
|
||
|
319A000
|
heap
|
page read and write
|
||
|
C5000
|
unkown
|
page readonly
|
||
|
3BD4000
|
heap
|
page read and write
|
||
|
5E01000
|
heap
|
page read and write
|
||
|
4BB0000
|
trusted library allocation
|
page read and write
|
||
|
15FB000
|
heap
|
page read and write
|
||
|
3146000
|
heap
|
page read and write
|
||
|
31D8000
|
heap
|
page read and write
|
||
|
155000
|
unkown
|
page readonly
|
||
|
3176000
|
heap
|
page read and write
|
||
|
3153000
|
heap
|
page read and write
|
||
|
306E000
|
heap
|
page read and write
|
||
|
381F000
|
stack
|
page read and write
|
||
|
4B9F000
|
stack
|
page read and write
|
||
|
A13000
|
heap
|
page read and write
|
||
|
5E7A000
|
heap
|
page read and write
|
||
|
426D000
|
direct allocation
|
page read and write
|
||
|
5119000
|
unclassified section
|
page execute and read and write
|
||
|
A1000
|
unkown
|
page execute read
|
||
|
1695000
|
heap
|
page read and write
|
||
|
559E000
|
stack
|
page read and write
|
||
|
3110000
|
heap
|
page read and write
|
||
|
5A1B000
|
stack
|
page read and write
|
||
|
5AB3000
|
direct allocation
|
page read and write
|
||
|
3130000
|
heap
|
page read and write
|
||
|
3177000
|
heap
|
page read and write
|
||
|
5E7A000
|
heap
|
page read and write
|
||
|
A0000
|
unkown
|
page readonly
|
||
|
3146000
|
heap
|
page read and write
|
||
|
FFF000
|
stack
|
page read and write
|
||
|
1243000
|
heap
|
page read and write
|
||
|
521D000
|
stack
|
page read and write
|
||
|
3135000
|
heap
|
page read and write
|
||
|
78B3000
|
direct allocation
|
page read and write
|
||
|
9F000
|
unkown
|
page readonly
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
4D1C000
|
stack
|
page read and write
|
||
|
313D000
|
heap
|
page read and write
|
||
|
D10000
|
heap
|
page read and write
|
||
|
426D000
|
direct allocation
|
page read and write
|
||
|
4030000
|
direct allocation
|
page read and write
|
||
|
5E01000
|
heap
|
page read and write
|
||
|
15A0000
|
heap
|
page read and write
|
||
|
1792000
|
heap
|
page read and write
|
||
|
42FD000
|
direct allocation
|
page read and write
|
||
|
D3000
|
unkown
|
page write copy
|
||
|
1244000
|
heap
|
page read and write
|
||
|
3B90000
|
direct allocation
|
page execute and read and write
|
||
|
1DFE000
|
stack
|
page read and write
|
||
|
318B000
|
heap
|
page read and write
|
||
|
1255000
|
heap
|
page read and write
|
||
|
1234000
|
heap
|
page read and write
|
||
|
3153000
|
heap
|
page read and write
|
||
|
4269000
|
direct allocation
|
page read and write
|
||
|
A3C000
|
stack
|
page read and write
|
||
|
309F000
|
heap
|
page read and write
|
||
|
2F80000
|
heap
|
page read and write
|
||
|
D8000
|
unkown
|
page readonly
|
||
|
E50000
|
heap
|
page readonly
|
||
|
E3D000
|
stack
|
page read and write
|
||
|
4153000
|
direct allocation
|
page read and write
|
||
|
4153000
|
direct allocation
|
page read and write
|
||
|
313D000
|
heap
|
page read and write
|
||
|
830000
|
heap
|
page read and write
|
||
|
5E01000
|
heap
|
page read and write
|
||
|
4153000
|
direct allocation
|
page read and write
|
||
|
5D3B000
|
unclassified section
|
page execute and read and write
|
||
|
3175000
|
heap
|
page read and write
|
||
|
2F6B000
|
stack
|
page read and write
|
||
|
3068000
|
heap
|
page read and write
|
||
|
30A0000
|
heap
|
page read and write
|
||
|
1336000
|
heap
|
page read and write
|
||
|
305A000
|
heap
|
page read and write
|
||
|
D03000
|
heap
|
page read and write
|
||
|
C3A000
|
stack
|
page read and write
|
||
|
5CBE000
|
stack
|
page read and write
|
||
|
3153000
|
heap
|
page read and write
|
||
|
168000
|
unkown
|
page readonly
|
||
|
5F00000
|
heap
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
30A0000
|
heap
|
page read and write
|
||
|
2FAF000
|
stack
|
page read and write
|
||
|
1256000
|
heap
|
page read and write
|
||
|
13B8000
|
heap
|
page read and write
|
||
|
3B70000
|
heap
|
page read and write
|
||
|
64B3000
|
direct allocation
|
page read and write
|
||
|
41D0000
|
direct allocation
|
page read and write
|
||
|
5301000
|
heap
|
page read and write
|
||
|
A1000
|
unkown
|
page execute read
|
||
|
8CB3000
|
direct allocation
|
page read and write
|
||
|
627B000
|
heap
|
page read and write
|
||
|
5F76000
|
heap
|
page read and write
|
||
|
5E01000
|
heap
|
page read and write
|
||
|
6EB3000
|
direct allocation
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
50A0000
|
heap
|
page read and write
|
||
|
627B000
|
heap
|
page read and write
|
||
|
31B5000
|
heap
|
page read and write
|
||
|
3154000
|
heap
|
page read and write
|
||
|
3030000
|
heap
|
page read and write
|
||
|
5E7A000
|
heap
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
5E7A000
|
heap
|
page read and write
|
||
|
5A6E000
|
stack
|
page read and write
|
||
|
30A0000
|
heap
|
page read and write
|
||
|
5E01000
|
heap
|
page read and write
|
||
|
4801000
|
heap
|
page read and write
|
||
|
5E01000
|
heap
|
page read and write
|
||
|
5F76000
|
heap
|
page read and write
|
||
|
3153000
|
heap
|
page read and write
|
||
|
3132000
|
heap
|
page read and write
|
||
|
3BF0000
|
direct allocation
|
page read and write
|
||
|
103C000
|
stack
|
page read and write
|
||
|
13D8000
|
heap
|
page read and write
|
||
|
350C000
|
heap
|
page read and write
|
||
|
31B6000
|
heap
|
page read and write
|
||
|
6200000
|
heap
|
page read and write
|
||
|
5F76000
|
heap
|
page read and write
|
||
|
5301000
|
heap
|
page read and write
|
||
|
17E0000
|
heap
|
page read and write
|
||
|
3132000
|
heap
|
page read and write
|
||
|
5367000
|
heap
|
page read and write
|
||
|
181F000
|
heap
|
page read and write
|
||
|
C13000
|
heap
|
page read and write
|
||
|
305A000
|
heap
|
page read and write
|
||
|
57DD000
|
stack
|
page read and write
|
There are 476 hidden memdumps, click here to show them.