Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
amneziawg-amd64-1.0.0.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: AmneziaWG: Fast, Modern, Secure VPN Tunnel, Author: Amnezia, Keywords: Installer, Comments: This installer
database contains the logic and data required to install AmneziaWG., Template: x64;1033, Revision Number: {A2D5D019-9934-4179-80B6-2BC1DC113919},
Create Time/Date: Wed Aug 21 23:07:50 2024, Last Saved Time/Date: Wed Aug 21 23:07:50 2024, Number of Pages: 500, Number of
Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.8722), Security: 4
|
initial sample
|
 |
|
|
C:\Program Files\AmneziaWG\amneziawg.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Config.Msi\5cf629.rbs
|
data
|
dropped
|
||
|
C:\Config.Msi\5cf62b.rbs
|
data
|
modified
|
||
|
C:\Program Files\AmneziaWG\Data\log.bin
|
data
|
dropped
|
||
|
C:\Program Files\AmneziaWG\awg.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Program Files\AmneziaWG\wintun.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AmneziaWG.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working
directory, Archive, ctime=Thu Aug 22 04:05:40 2024, mtime=Sun Oct 13 12:35:06 2024, atime=Thu Aug 22 04:05:40 2024, length=8231576,
window=hide
|
dropped
|
||
|
C:\Windows\Installer\5cf628.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: AmneziaWG: Fast, Modern, Secure VPN Tunnel, Author: Amnezia, Keywords: Installer, Comments: This installer
database contains the logic and data required to install AmneziaWG., Template: x64;1033, Revision Number: {A2D5D019-9934-4179-80B6-2BC1DC113919},
Create Time/Date: Wed Aug 21 23:07:50 2024, Last Saved Time/Date: Wed Aug 21 23:07:50 2024, Number of Pages: 500, Number of
Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.8722), Security: 4
|
dropped
|
||
|
C:\Windows\Installer\5cf62a.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: AmneziaWG: Fast, Modern, Secure VPN Tunnel, Author: Amnezia, Keywords: Installer, Comments: This installer
database contains the logic and data required to install AmneziaWG., Template: x64;1033, Revision Number: {A2D5D019-9934-4179-80B6-2BC1DC113919},
Create Time/Date: Wed Aug 21 23:07:50 2024, Last Saved Time/Date: Wed Aug 21 23:07:50 2024, Number of Pages: 500, Number of
Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.8722), Security: 4
|
dropped
|
||
|
C:\Windows\Installer\MSI31F.tmp
|
data
|
dropped
|
||
|
C:\Windows\Installer\MSIF78F.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSIF7DE.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSIF83D.tmp
|
data
|
dropped
|
||
|
C:\Windows\Installer\MSIF83E.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSIFEE6.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSIFF35.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSIFF55.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\SourceHash{58E70232-B95D-465F-878C-918D5D3FD706}
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Installer\inprogressinstallinfo.ipi
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Installer\{58E70232-B95D-465F-878C-918D5D3FD706}\wireguard.ico
|
MS Windows icon resource - 11 icons, 256x256 with PNG image data, 256 x 256, 16-bit/color RGBA, non-interlaced, 32 bits/pixel,
-64x-64, 32 bits/pixel
|
dropped
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\~DF171E38FEF6C7A7BE.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF19A44DD9D7690F1F.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF27D36527F66F01F3.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF2B40DB00FD8C43C1.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF3054A7DEFC3B566B.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF32FB9BB0FF2C5BDB.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF5120C57685445DB6.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF6FA7B47A9E598523.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF8537266379416B14.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFA9A777426A3B86CC.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DFAFDA2FDFEB2CB0CC.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFB07866E82BACF370.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DFF2E9B7069D91F4A0.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFFA6536A0857EB04D.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
There are 26 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\AmneziaWG\amneziawg.exe
|
"C:\Program Files\AmneziaWG\amneziawg.exe"
|
|
|
|
C:\Program Files\AmneziaWG\amneziawg.exe
|
"C:\Program Files\AmneziaWG\amneziawg.exe" /installmanagerservice
|
|
|
|
C:\Program Files\AmneziaWG\amneziawg.exe
|
"C:\Program Files\AmneziaWG\amneziawg.exe" /managerservice
|
|
|
|
C:\Program Files\AmneziaWG\amneziawg.exe
|
"C:\Program Files\AmneziaWG\amneziawg.exe" /ui 768 764 776 784
|
|
|
|
C:\Windows\System32\msiexec.exe
|
"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\amneziawg-amd64-1.0.0.msi"
|
||
|
C:\Windows\System32\msiexec.exe
|
C:\Windows\system32\msiexec.exe /V
|
||
|
C:\Windows\System32\msiexec.exe
|
C:\Windows\System32\MsiExec.exe -Embedding 737408F332C72DA581C627ECA815EDF4
|
||
|
C:\Windows\System32\msiexec.exe
|
C:\Windows\System32\MsiExec.exe -Embedding 038BD3729F1160F66BF25AB2649B1B39 E Global\MSI0000
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://www.wintun.net/D
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
|
unknown
|
||
|
https://sectigo.com/CPS
|
unknown
|
||
|
https://amnezia.org/D
|
unknown
|
||
|
https://sectigo.com/CPS0
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
|
unknown
|
||
|
http://ocsp.sectigo.com0
|
unknown
|
||
|
https://amnezia.org/wireguard-log-%s.txtTaskbarButtonCreatedreflect.Value.IsZeroreflect.Value.SetInt
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
|
unknown
|
||
|
https://www.wireguard.com/D
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
|
unknown
|
||
|
https://git.zx2c4.com/wireguard-tools/
|
unknown
|
||
|
https://www.wintun.net/
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
|
unknown
|
||
|
https://amnezia.org/
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
|
unknown
|
||
|
https://sectigo.com/CPS2.23.140.1.4.1
|
unknown
|
There are 9 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
|
GlobalAssocChangedCounter
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Config.Msi\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\5cf629.rbs
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\5cf629.rbsLow
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32D8053C2633EC74290223B1BDA1A1CC
|
23207E85D59BF56478C819D8D5F37D60
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\644FC0453CCF25449BBFBEC420872015
|
23207E85D59BF56478C819D8D5F37D60
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\804E88CA87B93BE4D9A29903F5E2A515
|
23207E85D59BF56478C819D8D5F37D60
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Program Files\AmneziaWG\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Windows\Installer\{58E70232-B95D-465F-878C-918D5D3FD706}\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\23207E85D59BF56478C819D8D5F37D60\InstallProperties
|
LocalPackage
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\23207E85D59BF56478C819D8D5F37D60\InstallProperties
|
AuthorizedCDFPrefix
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\23207E85D59BF56478C819D8D5F37D60\InstallProperties
|
Comments
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\23207E85D59BF56478C819D8D5F37D60\InstallProperties
|
Contact
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\23207E85D59BF56478C819D8D5F37D60\InstallProperties
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\23207E85D59BF56478C819D8D5F37D60\InstallProperties
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\23207E85D59BF56478C819D8D5F37D60\InstallProperties
|
HelpTelephone
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\23207E85D59BF56478C819D8D5F37D60\InstallProperties
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\23207E85D59BF56478C819D8D5F37D60\InstallProperties
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\23207E85D59BF56478C819D8D5F37D60\InstallProperties
|
InstallSource
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\23207E85D59BF56478C819D8D5F37D60\InstallProperties
|
ModifyPath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\23207E85D59BF56478C819D8D5F37D60\InstallProperties
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\23207E85D59BF56478C819D8D5F37D60\InstallProperties
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\23207E85D59BF56478C819D8D5F37D60\InstallProperties
|
Readme
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\23207E85D59BF56478C819D8D5F37D60\InstallProperties
|
Size
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\23207E85D59BF56478C819D8D5F37D60\InstallProperties
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\23207E85D59BF56478C819D8D5F37D60\InstallProperties
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\23207E85D59BF56478C819D8D5F37D60\InstallProperties
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\23207E85D59BF56478C819D8D5F37D60\InstallProperties
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\23207E85D59BF56478C819D8D5F37D60\InstallProperties
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\23207E85D59BF56478C819D8D5F37D60\InstallProperties
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\23207E85D59BF56478C819D8D5F37D60\InstallProperties
|
WindowsInstaller
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\23207E85D59BF56478C819D8D5F37D60\InstallProperties
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\23207E85D59BF56478C819D8D5F37D60\InstallProperties
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{58E70232-B95D-465F-878C-918D5D3FD706}
|
AuthorizedCDFPrefix
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{58E70232-B95D-465F-878C-918D5D3FD706}
|
Comments
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{58E70232-B95D-465F-878C-918D5D3FD706}
|
Contact
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{58E70232-B95D-465F-878C-918D5D3FD706}
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{58E70232-B95D-465F-878C-918D5D3FD706}
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{58E70232-B95D-465F-878C-918D5D3FD706}
|
HelpTelephone
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{58E70232-B95D-465F-878C-918D5D3FD706}
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{58E70232-B95D-465F-878C-918D5D3FD706}
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{58E70232-B95D-465F-878C-918D5D3FD706}
|
InstallSource
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{58E70232-B95D-465F-878C-918D5D3FD706}
|
ModifyPath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{58E70232-B95D-465F-878C-918D5D3FD706}
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{58E70232-B95D-465F-878C-918D5D3FD706}
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{58E70232-B95D-465F-878C-918D5D3FD706}
|
Readme
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{58E70232-B95D-465F-878C-918D5D3FD706}
|
Size
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{58E70232-B95D-465F-878C-918D5D3FD706}
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{58E70232-B95D-465F-878C-918D5D3FD706}
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{58E70232-B95D-465F-878C-918D5D3FD706}
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{58E70232-B95D-465F-878C-918D5D3FD706}
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{58E70232-B95D-465F-878C-918D5D3FD706}
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{58E70232-B95D-465F-878C-918D5D3FD706}
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{58E70232-B95D-465F-878C-918D5D3FD706}
|
WindowsInstaller
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{58E70232-B95D-465F-878C-918D5D3FD706}
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{58E70232-B95D-465F-878C-918D5D3FD706}
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\4E75B678094424449A3827E11E140BD0
|
23207E85D59BF56478C819D8D5F37D60
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\23207E85D59BF56478C819D8D5F37D60\InstallProperties
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{58E70232-B95D-465F-878C-918D5D3FD706}
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\23207E85D59BF56478C819D8D5F37D60
|
WireGuardFeature
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\23207E85D59BF56478C819D8D5F37D60\Features
|
WireGuardFeature
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\23207E85D59BF56478C819D8D5F37D60\Patches
|
AllPatches
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\23207E85D59BF56478C819D8D5F37D60
|
ProductName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\23207E85D59BF56478C819D8D5F37D60
|
PackageCode
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\23207E85D59BF56478C819D8D5F37D60
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\23207E85D59BF56478C819D8D5F37D60
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\23207E85D59BF56478C819D8D5F37D60
|
Assignment
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\23207E85D59BF56478C819D8D5F37D60
|
AdvertiseFlags
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\23207E85D59BF56478C819D8D5F37D60
|
ProductIcon
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\23207E85D59BF56478C819D8D5F37D60
|
InstanceType
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\23207E85D59BF56478C819D8D5F37D60
|
AuthorizedLUAApp
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\23207E85D59BF56478C819D8D5F37D60
|
DeploymentFlags
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\4E75B678094424449A3827E11E140BD0
|
23207E85D59BF56478C819D8D5F37D60
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\23207E85D59BF56478C819D8D5F37D60\SourceList
|
PackageName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\23207E85D59BF56478C819D8D5F37D60\SourceList\Net
|
1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\23207E85D59BF56478C819D8D5F37D60\SourceList\Media
|
1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\23207E85D59BF56478C819D8D5F37D60
|
Clients
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\23207E85D59BF56478C819D8D5F37D60\SourceList
|
LastUsedSource
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\5cf62b.rbs
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\5cf62b.rbsLow
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Environment
|
PATH
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings
|
StringCacheGeneration
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings
|
StringCacheGeneration
|
||
|
HKEY_USERS.DEFAULT\Software\Classes\Local Settings\MuiCache\20\417C44EB
|
@%SystemRoot%\System32\ci.dll,-100
|
||
|
HKEY_USERS.DEFAULT\Software\Classes\Local Settings\MuiCache\20\417C44EB
|
@%SystemRoot%\System32\ci.dll,-101
|
||
|
HKEY_USERS.DEFAULT\Software\Classes\Local Settings\MuiCache\20\417C44EB
|
@%SystemRoot%\system32\dnsapi.dll,-103
|
||
|
HKEY_USERS.DEFAULT\Software\Classes\Local Settings\MuiCache\20\417C44EB
|
@%SystemRoot%\System32\fveui.dll,-843
|
||
|
HKEY_USERS.DEFAULT\Software\Classes\Local Settings\MuiCache\20\417C44EB
|
@%SystemRoot%\System32\fveui.dll,-844
|
||
|
HKEY_USERS.DEFAULT\Software\Classes\Local Settings\MuiCache\20\417C44EB
|
@%SystemRoot%\System32\wuaueng.dll,-400
|
||
|
HKEY_USERS.DEFAULT\Software\Classes\Local Settings\MuiCache\20\417C44EB
|
@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124
|
||
|
HKEY_USERS.DEFAULT\Software\Classes\Local Settings\MuiCache\20\417C44EB
|
@%SystemRoot%\system32\NgcRecovery.dll,-100
|
There are 86 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
412000
|
unkown
|
page readonly
|
|
|
|
412000
|
unkown
|
page readonly
|
|
|
|
412000
|
unkown
|
page readonly
|
|
|
|
412000
|
unkown
|
page readonly
|
|
|
|
412000
|
unkown
|
page readonly
|
|
|
|
412000
|
unkown
|
page readonly
|
|
|
|
412000
|
unkown
|
page readonly
|
|
|
|
412000
|
unkown
|
page readonly
|
|
|
|
1BD79951000
|
direct allocation
|
page read and write
|
||
|
C000148000
|
direct allocation
|
page read and write
|
||
|
C00019C000
|
direct allocation
|
page read and write
|
||
|
C000018000
|
direct allocation
|
page read and write
|
||
|
C0000DE000
|
direct allocation
|
page read and write
|
||
|
C000025000
|
direct allocation
|
page read and write
|
||
|
C000018000
|
direct allocation
|
page read and write
|
||
|
1BD54490000
|
heap
|
page read and write
|
||
|
C0001DE000
|
direct allocation
|
page read and write
|
||
|
80B000
|
unkown
|
page read and write
|
||
|
C0000BE000
|
direct allocation
|
page read and write
|
||
|
1BD545CA000
|
direct allocation
|
page read and write
|
||
|
C0001AE000
|
direct allocation
|
page read and write
|
||
|
C000051000
|
direct allocation
|
page read and write
|
||
|
C00017E000
|
direct allocation
|
page read and write
|
||
|
C00010E000
|
direct allocation
|
page read and write
|
||
|
1F4E76C0000
|
direct allocation
|
page read and write
|
||
|
89C000
|
unkown
|
page readonly
|
||
|
C000060000
|
direct allocation
|
page read and write
|
||
|
808000
|
unkown
|
page write copy
|
||
|
C00000E000
|
direct allocation
|
page read and write
|
||
|
C000134000
|
direct allocation
|
page read and write
|
||
|
C0004DF000
|
direct allocation
|
page read and write
|
||
|
C000031000
|
direct allocation
|
page read and write
|
||
|
267420F0000
|
direct allocation
|
page read and write
|
||
|
C000060000
|
direct allocation
|
page read and write
|
||
|
C000242000
|
direct allocation
|
page read and write
|
||
|
1F4E7714000
|
direct allocation
|
page read and write
|
||
|
C00013A000
|
direct allocation
|
page read and write
|
||
|
C0000F4000
|
direct allocation
|
page read and write
|
||
|
26742098000
|
direct allocation
|
page read and write
|
||
|
C000031000
|
direct allocation
|
page read and write
|
||
|
1F4A25B0000
|
heap
|
page read and write
|
||
|
C00005E000
|
direct allocation
|
page read and write
|
||
|
C000110000
|
direct allocation
|
page read and write
|
||
|
C000208000
|
direct allocation
|
page read and write
|
||
|
C000018000
|
direct allocation
|
page read and write
|
||
|
C000142000
|
direct allocation
|
page read and write
|
||
|
C0001AA000
|
direct allocation
|
page read and write
|
||
|
1F4A2399000
|
heap
|
page read and write
|
||
|
FBC5FE000
|
stack
|
page read and write
|
||
|
C000094000
|
direct allocation
|
page read and write
|
||
|
8B5000
|
unkown
|
page readonly
|
||
|
C000084000
|
direct allocation
|
page read and write
|
||
|
C000140000
|
direct allocation
|
page read and write
|
||
|
C000218000
|
direct allocation
|
page read and write
|
||
|
C00000E000
|
direct allocation
|
page read and write
|
||
|
C000196000
|
direct allocation
|
page read and write
|
||
|
C0001C4000
|
direct allocation
|
page read and write
|
||
|
C000002000
|
direct allocation
|
page read and write
|
||
|
C000292000
|
direct allocation
|
page read and write
|
||
|
8B5000
|
unkown
|
page readonly
|
||
|
C000172000
|
direct allocation
|
page read and write
|
||
|
1BD54652000
|
heap
|
page read and write
|
||
|
C000014000
|
direct allocation
|
page read and write
|
||
|
C0000A8000
|
direct allocation
|
page read and write
|
||
|
C000046000
|
direct allocation
|
page read and write
|
||
|
1F4E7716000
|
direct allocation
|
page read and write
|
||
|
FBD1FB000
|
stack
|
page read and write
|
||
|
C0000B0000
|
direct allocation
|
page read and write
|
||
|
C0000D8000
|
direct allocation
|
page read and write
|
||
|
C00009E000
|
direct allocation
|
page read and write
|
||
|
C0001DC000
|
direct allocation
|
page read and write
|
||
|
C000138000
|
direct allocation
|
page read and write
|
||
|
1F4E770B000
|
direct allocation
|
page read and write
|
||
|
C000216000
|
direct allocation
|
page read and write
|
||
|
C000200000
|
direct allocation
|
page read and write
|
||
|
C00015A000
|
direct allocation
|
page read and write
|
||
|
C000010000
|
direct allocation
|
page read and write
|
||
|
C000094000
|
direct allocation
|
page read and write
|
||
|
C0001A0000
|
direct allocation
|
page read and write
|
||
|
1F4ECB7A000
|
heap
|
page read and write
|
||
|
C00001A000
|
direct allocation
|
page read and write
|
||
|
C0000A0000
|
direct allocation
|
page read and write
|
||
|
C0001C8000
|
direct allocation
|
page read and write
|
||
|
C00000E000
|
direct allocation
|
page read and write
|
||
|
C000002000
|
direct allocation
|
page read and write
|
||
|
C0001C6000
|
direct allocation
|
page read and write
|
||
|
1F4A25BC000
|
heap
|
page read and write
|
||
|
FBCDFE000
|
stack
|
page read and write
|
||
|
C00008A000
|
direct allocation
|
page read and write
|
||
|
C000062000
|
direct allocation
|
page read and write
|
||
|
C000098000
|
direct allocation
|
page read and write
|
||
|
C0001E6000
|
direct allocation
|
page read and write
|
||
|
C0000C8000
|
direct allocation
|
page read and write
|
||
|
C0000EE000
|
direct allocation
|
page read and write
|
||
|
C000051000
|
direct allocation
|
page read and write
|
||
|
7CA000
|
unkown
|
page write copy
|
||
|
C00010E000
|
direct allocation
|
page read and write
|
||
|
C000104000
|
direct allocation
|
page read and write
|
||
|
C0001D6000
|
direct allocation
|
page read and write
|
||
|
C0001F2000
|
direct allocation
|
page read and write
|
||
|
80D000
|
unkown
|
page write copy
|
||
|
C000188000
|
direct allocation
|
page read and write
|
||
|
C000004000
|
direct allocation
|
page read and write
|
||
|
C000149000
|
direct allocation
|
page read and write
|
||
|
121000
|
unkown
|
page execute read
|
||
|
C000100000
|
direct allocation
|
page read and write
|
||
|
C00008C000
|
direct allocation
|
page read and write
|
||
|
8C8000
|
unkown
|
page readonly
|
||
|
C00001E000
|
direct allocation
|
page read and write
|
||
|
C00009C000
|
direct allocation
|
page read and write
|
||
|
C0000B0000
|
direct allocation
|
page read and write
|
||
|
C0000C6000
|
direct allocation
|
page read and write
|
||
|
95025FE000
|
stack
|
page read and write
|
||
|
121000
|
unkown
|
page execute read
|
||
|
C00000E000
|
direct allocation
|
page read and write
|
||
|
C00001A000
|
direct allocation
|
page read and write
|
||
|
8B4000
|
unkown
|
page write copy
|
||
|
C00002C000
|
direct allocation
|
page read and write
|
||
|
C00023B000
|
direct allocation
|
page read and write
|
||
|
7F7000
|
unkown
|
page write copy
|
||
|
C00003F000
|
direct allocation
|
page read and write
|
||
|
C0002BC000
|
direct allocation
|
page read and write
|
||
|
C0001B0000
|
direct allocation
|
page read and write
|
||
|
1F4A23A1000
|
heap
|
page read and write
|
||
|
C00019C000
|
direct allocation
|
page read and write
|
||
|
C00004F000
|
direct allocation
|
page read and write
|
||
|
C000156000
|
direct allocation
|
page read and write
|
||
|
8B2E5FF000
|
stack
|
page read and write
|
||
|
C00003A000
|
direct allocation
|
page read and write
|
||
|
7CE000
|
unkown
|
page write copy
|
||
|
C0001A4000
|
direct allocation
|
page read and write
|
||
|
C00009A000
|
direct allocation
|
page read and write
|
||
|
C000228000
|
direct allocation
|
page read and write
|
||
|
E7DC5FE000
|
stack
|
page read and write
|
||
|
C000010000
|
direct allocation
|
page read and write
|
||
|
7FA000
|
unkown
|
page write copy
|
||
|
8C8000
|
unkown
|
page readonly
|
||
|
C0002B8000
|
direct allocation
|
page read and write
|
||
|
1F4A2300000
|
direct allocation
|
page read and write
|
||
|
7C5000
|
unkown
|
page read and write
|
||
|
7F8000
|
unkown
|
page read and write
|
||
|
C0001FB000
|
direct allocation
|
page read and write
|
||
|
1F4A22B0000
|
heap
|
page read and write
|
||
|
C0001A8000
|
direct allocation
|
page read and write
|
||
|
C000130000
|
direct allocation
|
page read and write
|
||
|
C0001F9000
|
direct allocation
|
page read and write
|
||
|
C000098000
|
direct allocation
|
page read and write
|
||
|
C0000BC000
|
direct allocation
|
page read and write
|
||
|
C0001D0000
|
direct allocation
|
page read and write
|
||
|
E7DCFFE000
|
stack
|
page read and write
|
||
|
95033FF000
|
stack
|
page read and write
|
||
|
C0000DA000
|
direct allocation
|
page read and write
|
||
|
20222104000
|
heap
|
page read and write
|
||
|
8B4000
|
unkown
|
page write copy
|
||
|
C00008B000
|
direct allocation
|
page read and write
|
||
|
C0000AC000
|
direct allocation
|
page read and write
|
||
|
C0001A6000
|
direct allocation
|
page read and write
|
||
|
7CA000
|
unkown
|
page write copy
|
||
|
C000058000
|
direct allocation
|
page read and write
|
||
|
26741F60000
|
heap
|
page read and write
|
||
|
C000170000
|
direct allocation
|
page read and write
|
||
|
1F4A23A9000
|
heap
|
page read and write
|
||
|
C00011E000
|
direct allocation
|
page read and write
|
||
|
C00001C000
|
direct allocation
|
page read and write
|
||
|
C000246000
|
direct allocation
|
page read and write
|
||
|
C000000000
|
direct allocation
|
page read and write
|
||
|
C0000F8000
|
direct allocation
|
page read and write
|
||
|
C00000C000
|
direct allocation
|
page read and write
|
||
|
C000154000
|
direct allocation
|
page read and write
|
||
|
C00029E000
|
direct allocation
|
page read and write
|
||
|
1F4E9470000
|
direct allocation
|
page read and write
|
||
|
C00012C000
|
direct allocation
|
page read and write
|
||
|
202221FA000
|
direct allocation
|
page read and write
|
||
|
C000084000
|
direct allocation
|
page read and write
|
||
|
C0001CC000
|
direct allocation
|
page read and write
|
||
|
C000024000
|
direct allocation
|
page read and write
|
||
|
C00010C000
|
direct allocation
|
page read and write
|
||
|
7F8000
|
unkown
|
page read and write
|
||
|
C000186000
|
direct allocation
|
page read and write
|
||
|
C0001EC000
|
direct allocation
|
page read and write
|
||
|
C0000C0000
|
direct allocation
|
page read and write
|
||
|
C000290000
|
direct allocation
|
page read and write
|
||
|
8B2E7FE000
|
stack
|
page read and write
|
||
|
C000041000
|
direct allocation
|
page read and write
|
||
|
E7DD3FE000
|
stack
|
page read and write
|
||
|
1F4A239F000
|
heap
|
page read and write
|
||
|
C000016000
|
direct allocation
|
page read and write
|
||
|
C00012E000
|
direct allocation
|
page read and write
|
||
|
95021FE000
|
stack
|
page read and write
|
||
|
E7DD5FE000
|
stack
|
page read and write
|
||
|
C0000BC000
|
direct allocation
|
page read and write
|
||
|
121000
|
unkown
|
page execute read
|
||
|
C0000CA000
|
direct allocation
|
page read and write
|
||
|
C0000F0000
|
direct allocation
|
page read and write
|
||
|
C00008D000
|
direct allocation
|
page read and write
|
||
|
C00001A000
|
direct allocation
|
page read and write
|
||
|
1F4E76C8000
|
direct allocation
|
page read and write
|
||
|
C00007E000
|
direct allocation
|
page read and write
|
||
|
7F7000
|
unkown
|
page write copy
|
||
|
FBBFFF000
|
stack
|
page read and write
|
||
|
E7DCDFC000
|
stack
|
page read and write
|
||
|
7C5000
|
unkown
|
page read and write
|
||
|
80E000
|
unkown
|
page read and write
|
||
|
FBCFFF000
|
stack
|
page read and write
|
||
|
1F4A238E000
|
heap
|
page read and write
|
||
|
C0000F4000
|
direct allocation
|
page read and write
|
||
|
C0000E0000
|
direct allocation
|
page read and write
|
||
|
120000
|
unkown
|
page readonly
|
||
|
120000
|
unkown
|
page readonly
|
||
|
C000031000
|
direct allocation
|
page read and write
|
||
|
C000222000
|
direct allocation
|
page read and write
|
||
|
7C5000
|
unkown
|
page write copy
|
||
|
C0001DA000
|
direct allocation
|
page read and write
|
||
|
C000060000
|
direct allocation
|
page read and write
|
||
|
C00012E000
|
direct allocation
|
page read and write
|
||
|
C000088000
|
direct allocation
|
page read and write
|
||
|
202679E0000
|
unkown
|
page read and write
|
||
|
8B5000
|
unkown
|
page readonly
|
||
|
C00003F000
|
direct allocation
|
page read and write
|
||
|
897000
|
unkown
|
page read and write
|
||
|
C000008000
|
direct allocation
|
page read and write
|
||
|
82F000
|
unkown
|
page read and write
|
||
|
2674209A000
|
direct allocation
|
page read and write
|
||
|
FBBDFE000
|
stack
|
page read and write
|
||
|
C00003A000
|
direct allocation
|
page read and write
|
||
|
202220C0000
|
heap
|
page read and write
|
||
|
89C000
|
unkown
|
page readonly
|
||
|
C000016000
|
direct allocation
|
page read and write
|
||
|
1F4A239A000
|
heap
|
page read and write
|
||
|
C000064000
|
direct allocation
|
page read and write
|
||
|
C0000AA000
|
direct allocation
|
page read and write
|
||
|
829000
|
unkown
|
page read and write
|
||
|
1F4E9510000
|
direct allocation
|
page read and write
|
||
|
C000158000
|
direct allocation
|
page read and write
|
||
|
C0000DC000
|
direct allocation
|
page read and write
|
||
|
7C5000
|
unkown
|
page write copy
|
||
|
C000058000
|
direct allocation
|
page read and write
|
||
|
120000
|
unkown
|
page readonly
|
||
|
C0000EA000
|
direct allocation
|
page read and write
|
||
|
C0000D4000
|
direct allocation
|
page read and write
|
||
|
1F4A2376000
|
heap
|
page read and write
|
||
|
C000033000
|
direct allocation
|
page read and write
|
||
|
C000068000
|
direct allocation
|
page read and write
|
||
|
C00008F000
|
direct allocation
|
page read and write
|
||
|
9502DFD000
|
stack
|
page read and write
|
||
|
C000012000
|
direct allocation
|
page read and write
|
||
|
7CD000
|
unkown
|
page read and write
|
||
|
7FB000
|
unkown
|
page read and write
|
||
|
8B2E3FD000
|
stack
|
page read and write
|
||
|
E7DC9FA000
|
stack
|
page read and write
|
||
|
C000080000
|
direct allocation
|
page read and write
|
||
|
8C8000
|
unkown
|
page readonly
|
||
|
C0000F0000
|
direct allocation
|
page read and write
|
||
|
1F4A21D0000
|
heap
|
page read and write
|
||
|
8B2E9FF000
|
stack
|
page read and write
|
||
|
202221F8000
|
direct allocation
|
page read and write
|
||
|
C000108000
|
direct allocation
|
page read and write
|
||
|
C000256000
|
direct allocation
|
page read and write
|
||
|
7CA000
|
unkown
|
page write copy
|
||
|
1F4ECB75000
|
heap
|
page read and write
|
||
|
8B4000
|
unkown
|
page write copy
|
||
|
20267530000
|
direct allocation
|
page read and write
|
||
|
C0001E4000
|
direct allocation
|
page read and write
|
||
|
C00019E000
|
direct allocation
|
page read and write
|
||
|
C000016000
|
direct allocation
|
page read and write
|
||
|
C000010000
|
direct allocation
|
page read and write
|
||
|
C00002F000
|
direct allocation
|
page read and write
|
||
|
C00008E000
|
direct allocation
|
page read and write
|
||
|
C0000D8000
|
direct allocation
|
page read and write
|
||
|
C00002C000
|
direct allocation
|
page read and write
|
||
|
C00004F000
|
direct allocation
|
page read and write
|
||
|
C0000CC000
|
direct allocation
|
page read and write
|
||
|
202220E8000
|
heap
|
page read and write
|
||
|
C0001CE000
|
direct allocation
|
page read and write
|
||
|
7FB000
|
unkown
|
page read and write
|
||
|
8C8000
|
unkown
|
page readonly
|
||
|
E7DC1FD000
|
stack
|
page read and write
|
||
|
7F5000
|
unkown
|
page read and write
|
||
|
C000186000
|
direct allocation
|
page read and write
|
||
|
7C5000
|
unkown
|
page write copy
|
||
|
C00003A000
|
direct allocation
|
page read and write
|
||
|
26742110000
|
direct allocation
|
page read and write
|
||
|
C00022A000
|
direct allocation
|
page read and write
|
||
|
9502BFE000
|
stack
|
page read and write
|
||
|
C0000FC000
|
direct allocation
|
page read and write
|
||
|
C00020E000
|
direct allocation
|
page read and write
|
||
|
C0000EE000
|
direct allocation
|
page read and write
|
||
|
8B4000
|
unkown
|
page write copy
|
||
|
7F6000
|
unkown
|
page read and write
|
||
|
C000186000
|
direct allocation
|
page read and write
|
||
|
C000002000
|
direct allocation
|
page read and write
|
||
|
C000150000
|
direct allocation
|
page read and write
|
||
|
1F4A2308000
|
direct allocation
|
page read and write
|
||
|
80D000
|
unkown
|
page write copy
|
||
|
1F4E91A0000
|
heap
|
page read and write
|
||
|
8B5000
|
unkown
|
page readonly
|
||
|
C0000BE000
|
direct allocation
|
page read and write
|
||
|
C0001A0000
|
direct allocation
|
page read and write
|
||
|
C000164000
|
direct allocation
|
page read and write
|
||
|
C000044000
|
direct allocation
|
page read and write
|
||
|
C0000F6000
|
direct allocation
|
page read and write
|
||
|
121000
|
unkown
|
page execute read
|
||
|
267421B0000
|
heap
|
page read and write
|
||
|
95031FE000
|
stack
|
page read and write
|
||
|
7CE000
|
unkown
|
page write copy
|
||
|
C000046000
|
direct allocation
|
page read and write
|
||
|
C0000F6000
|
direct allocation
|
page read and write
|
||
|
C000128000
|
direct allocation
|
page read and write
|
||
|
E7DC7FF000
|
stack
|
page read and write
|
||
|
C00029A000
|
direct allocation
|
page read and write
|
||
|
80D000
|
unkown
|
page write copy
|
||
|
20222290000
|
direct allocation
|
page read and write
|
||
|
C00019E000
|
direct allocation
|
page read and write
|
||
|
C000044000
|
direct allocation
|
page read and write
|
||
|
C0001FE000
|
direct allocation
|
page read and write
|
||
|
20221FE0000
|
heap
|
page read and write
|
||
|
C0001D4000
|
direct allocation
|
page read and write
|
||
|
C000078000
|
direct allocation
|
page read and write
|
||
|
1BD54830000
|
heap
|
page read and write
|
||
|
E7DCBFF000
|
stack
|
page read and write
|
||
|
C0002B4000
|
direct allocation
|
page read and write
|
||
|
FBC3FF000
|
stack
|
page read and write
|
||
|
89C000
|
unkown
|
page readonly
|
||
|
1BD545C0000
|
direct allocation
|
page read and write
|
||
|
C000004000
|
direct allocation
|
page read and write
|
||
|
26742040000
|
heap
|
page read and write
|
||
|
1F4A237B000
|
heap
|
page read and write
|
||
|
89C000
|
unkown
|
page readonly
|
||
|
89C000
|
unkown
|
page readonly
|
||
|
897000
|
unkown
|
page read and write
|
||
|
C00003F000
|
direct allocation
|
page read and write
|
||
|
8C8000
|
unkown
|
page readonly
|
||
|
26742060000
|
heap
|
page read and write
|
||
|
1F4ECB83000
|
heap
|
page read and write
|
||
|
1F4A23BE000
|
heap
|
page read and write
|
||
|
1F4A23B6000
|
heap
|
page read and write
|
||
|
8B5000
|
unkown
|
page readonly
|
||
|
C0001B2000
|
direct allocation
|
page read and write
|
||
|
C0000BE000
|
direct allocation
|
page read and write
|
||
|
C00009C000
|
direct allocation
|
page read and write
|
||
|
C00009C000
|
direct allocation
|
page read and write
|
||
|
C000178000
|
direct allocation
|
page read and write
|
||
|
1BD54608000
|
heap
|
page read and write
|
||
|
89C000
|
unkown
|
page readonly
|
||
|
C000094000
|
direct allocation
|
page read and write
|
||
|
C000084000
|
direct allocation
|
page read and write
|
||
|
C00005E000
|
direct allocation
|
page read and write
|
||
|
1F4ECB81000
|
heap
|
page read and write
|
||
|
9501FFF000
|
stack
|
page read and write
|
||
|
7CE000
|
unkown
|
page write copy
|
||
|
C000004000
|
direct allocation
|
page read and write
|
||
|
C0000DC000
|
direct allocation
|
page read and write
|
||
|
C000106000
|
direct allocation
|
page read and write
|
||
|
C00000C000
|
direct allocation
|
page read and write
|
||
|
7F8000
|
unkown
|
page read and write
|
||
|
C000041000
|
direct allocation
|
page read and write
|
||
|
C00006D000
|
direct allocation
|
page read and write
|
||
|
C000182000
|
direct allocation
|
page read and write
|
||
|
7FB000
|
unkown
|
page read and write
|
||
|
808000
|
unkown
|
page write copy
|
||
|
C000080000
|
direct allocation
|
page read and write
|
||
|
C000080000
|
direct allocation
|
page read and write
|
||
|
C0000C4000
|
direct allocation
|
page read and write
|
||
|
7F9000
|
unkown
|
page write copy
|
||
|
95035FE000
|
stack
|
page read and write
|
||
|
26741E67000
|
heap
|
page read and write
|
||
|
C000147000
|
direct allocation
|
page read and write
|
||
|
202222E0000
|
heap
|
page read and write
|
||
|
80E000
|
unkown
|
page read and write
|
||
|
C000089000
|
direct allocation
|
page read and write
|
||
|
82F000
|
unkown
|
page read and write
|
||
|
FBC7FF000
|
stack
|
page read and write
|
||
|
1BD54590000
|
heap
|
page read and write
|
||
|
C000056000
|
direct allocation
|
page read and write
|
||
|
26742090000
|
direct allocation
|
page read and write
|
||
|
C000041000
|
direct allocation
|
page read and write
|
||
|
C00000C000
|
direct allocation
|
page read and write
|
||
|
C000108000
|
direct allocation
|
page read and write
|
||
|
7C5000
|
unkown
|
page write copy
|
||
|
1F4A2304000
|
direct allocation
|
page read and write
|
||
|
C00010C000
|
direct allocation
|
page read and write
|
||
|
1F4A235E000
|
heap
|
page read and write
|
||
|
C0002BA000
|
direct allocation
|
page read and write
|
||
|
1F4ECA56000
|
heap
|
page read and write
|
||
|
2674209C000
|
direct allocation
|
page read and write
|
||
|
C0000EC000
|
direct allocation
|
page read and write
|
||
|
C0001B4000
|
direct allocation
|
page read and write
|
||
|
121000
|
unkown
|
page execute read
|
||
|
C000130000
|
direct allocation
|
page read and write
|
||
|
1F4A2340000
|
direct allocation
|
page read and write
|
||
|
C00022E000
|
direct allocation
|
page read and write
|
||
|
C000014000
|
direct allocation
|
page read and write
|
||
|
8B2EDFF000
|
stack
|
page read and write
|
||
|
C000112000
|
direct allocation
|
page read and write
|
||
|
C0000FA000
|
direct allocation
|
page read and write
|
||
|
C00023D000
|
direct allocation
|
page read and write
|
||
|
C00010A000
|
direct allocation
|
page read and write
|
||
|
C00028A000
|
direct allocation
|
page read and write
|
||
|
C000100000
|
direct allocation
|
page read and write
|
||
|
C0001D0000
|
direct allocation
|
page read and write
|
||
|
C000018000
|
direct allocation
|
page read and write
|
||
|
7F6000
|
unkown
|
page read and write
|
||
|
7CD000
|
unkown
|
page read and write
|
||
|
80B000
|
unkown
|
page read and write
|
||
|
C000004000
|
direct allocation
|
page read and write
|
||
|
C00009E000
|
direct allocation
|
page read and write
|
||
|
8B5000
|
unkown
|
page readonly
|
||
|
C000162000
|
direct allocation
|
page read and write
|
||
|
C000232000
|
direct allocation
|
page read and write
|
||
|
7FB000
|
unkown
|
page read and write
|
||
|
7C5000
|
unkown
|
page read and write
|
||
|
C000288000
|
direct allocation
|
page read and write
|
||
|
C000014000
|
direct allocation
|
page read and write
|
||
|
202221F4000
|
direct allocation
|
page read and write
|
||
|
1BD7B620000
|
heap
|
page read and write
|
||
|
C000080000
|
direct allocation
|
page read and write
|
||
|
1BD54570000
|
heap
|
page read and write
|
||
|
C00001A000
|
direct allocation
|
page read and write
|
||
|
C000239000
|
direct allocation
|
page read and write
|
||
|
1BD545C4000
|
direct allocation
|
page read and write
|
||
|
1BD79990000
|
direct allocation
|
page read and write
|
||
|
120000
|
unkown
|
page readonly
|
||
|
808000
|
unkown
|
page write copy
|
||
|
80B000
|
unkown
|
page read and write
|
||
|
1F4A2396000
|
heap
|
page read and write
|
||
|
C000014000
|
direct allocation
|
page read and write
|
||
|
897000
|
unkown
|
page read and write
|
||
|
95027FF000
|
stack
|
page read and write
|
||
|
1F4E9140000
|
heap
|
page read and write
|
||
|
7F9000
|
unkown
|
page write copy
|
||
|
C00014E000
|
direct allocation
|
page read and write
|
||
|
1F4E9490000
|
direct allocation
|
page read and write
|
||
|
202221F0000
|
direct allocation
|
page read and write
|
||
|
C00008E000
|
direct allocation
|
page read and write
|
||
|
C00005A000
|
direct allocation
|
page read and write
|
||
|
C00020A000
|
direct allocation
|
page read and write
|
||
|
C00004B000
|
direct allocation
|
page read and write
|
||
|
C000198000
|
direct allocation
|
page read and write
|
||
|
1F4A2358000
|
heap
|
page read and write
|
||
|
C0000E8000
|
direct allocation
|
page read and write
|
||
|
C0001C2000
|
direct allocation
|
page read and write
|
||
|
FBBBF7000
|
stack
|
page read and write
|
||
|
26741E60000
|
heap
|
page read and write
|
||
|
C0001B4000
|
direct allocation
|
page read and write
|
||
|
1F4E7852000
|
direct allocation
|
page read and write
|
||
|
C0000E0000
|
direct allocation
|
page read and write
|
||
|
C000248000
|
direct allocation
|
page read and write
|
||
|
1BD54600000
|
heap
|
page read and write
|
||
|
C000186000
|
direct allocation
|
page read and write
|
||
|
C000143000
|
direct allocation
|
page read and write
|
||
|
C0000A0000
|
direct allocation
|
page read and write
|
||
|
7F6000
|
unkown
|
page read and write
|
||
|
C000138000
|
direct allocation
|
page read and write
|
||
|
C00003A000
|
direct allocation
|
page read and write
|
||
|
C00011A000
|
direct allocation
|
page read and write
|
||
|
C000046000
|
direct allocation
|
page read and write
|
||
|
8B4000
|
unkown
|
page write copy
|
||
|
80E000
|
unkown
|
page read and write
|
||
|
120000
|
unkown
|
page readonly
|
||
|
C00002A000
|
direct allocation
|
page read and write
|
||
|
C00006C000
|
direct allocation
|
page read and write
|
||
|
C00012A000
|
direct allocation
|
page read and write
|
||
|
26768B60000
|
direct allocation
|
page read and write
|
||
|
120000
|
unkown
|
page readonly
|
||
|
C0002B0000
|
direct allocation
|
page read and write
|
||
|
121000
|
unkown
|
page execute read
|
||
|
C000096000
|
direct allocation
|
page read and write
|
||
|
FBC9FE000
|
stack
|
page read and write
|
||
|
C00001C000
|
direct allocation
|
page read and write
|
||
|
C000090000
|
direct allocation
|
page read and write
|
||
|
C00011C000
|
direct allocation
|
page read and write
|
||
|
1F4EBC10000
|
trusted library allocation
|
page read and write
|
||
|
C000284000
|
direct allocation
|
page read and write
|
||
|
C0000FE000
|
direct allocation
|
page read and write
|
||
|
C00029C000
|
direct allocation
|
page read and write
|
||
|
C0000E6000
|
direct allocation
|
page read and write
|
||
|
267421B5000
|
heap
|
page read and write
|
||
|
82F000
|
unkown
|
page read and write
|
||
|
121000
|
unkown
|
page execute read
|
||
|
C0003DB000
|
direct allocation
|
page read and write
|
||
|
897000
|
unkown
|
page read and write
|
||
|
8B4000
|
unkown
|
page write copy
|
||
|
C00002F000
|
direct allocation
|
page read and write
|
||
|
7CA000
|
unkown
|
page write copy
|
||
|
120000
|
unkown
|
page readonly
|
||
|
C000020000
|
direct allocation
|
page read and write
|
||
|
7F9000
|
unkown
|
page write copy
|
||
|
C000088000
|
direct allocation
|
page read and write
|
||
|
8B5000
|
unkown
|
page readonly
|
||
|
121000
|
unkown
|
page execute read
|
||
|
8B2EBFF000
|
stack
|
page read and write
|
||
|
C0000B3000
|
direct allocation
|
page read and write
|
||
|
C000086000
|
direct allocation
|
page read and write
|
||
|
1F4E7706000
|
direct allocation
|
page read and write
|
||
|
95023FE000
|
stack
|
page read and write
|
||
|
80D000
|
unkown
|
page write copy
|
||
|
C000010000
|
direct allocation
|
page read and write
|
||
|
1BD54835000
|
heap
|
page read and write
|
||
|
C000041000
|
direct allocation
|
page read and write
|
||
|
C0000C2000
|
direct allocation
|
page read and write
|
||
|
C0000D4000
|
direct allocation
|
page read and write
|
||
|
C000124000
|
direct allocation
|
page read and write
|
||
|
202220E0000
|
heap
|
page read and write
|
||
|
C0001DC000
|
direct allocation
|
page read and write
|
||
|
C00001C000
|
direct allocation
|
page read and write
|
||
|
C000074000
|
direct allocation
|
page read and write
|
||
|
C00009E000
|
direct allocation
|
page read and write
|
||
|
1F4A236F000
|
heap
|
page read and write
|
||
|
C0000A2000
|
direct allocation
|
page read and write
|
||
|
8B4000
|
unkown
|
page write copy
|
||
|
C0000A6000
|
direct allocation
|
page read and write
|
||
|
C0002D8000
|
direct allocation
|
page read and write
|
||
|
C0002A0000
|
direct allocation
|
page read and write
|
||
|
7F7000
|
unkown
|
page write copy
|
||
|
C00014E000
|
direct allocation
|
page read and write
|
||
|
C00002A000
|
direct allocation
|
page read and write
|
||
|
C0000E8000
|
direct allocation
|
page read and write
|
||
|
C00009A000
|
direct allocation
|
page read and write
|
||
|
8C8000
|
unkown
|
page readonly
|
||
|
C0001F7000
|
direct allocation
|
page read and write
|
||
|
C000058000
|
direct allocation
|
page read and write
|
||
|
C000096000
|
direct allocation
|
page read and write
|
||
|
7CE000
|
unkown
|
page write copy
|
||
|
121000
|
unkown
|
page execute read
|
||
|
26742094000
|
direct allocation
|
page read and write
|
||
|
C000066000
|
direct allocation
|
page read and write
|
||
|
20222250000
|
direct allocation
|
page read and write
|
||
|
8C8000
|
unkown
|
page readonly
|
||
|
C0000CE000
|
direct allocation
|
page read and write
|
||
|
80E000
|
unkown
|
page read and write
|
||
|
829000
|
unkown
|
page read and write
|
||
|
C00004A000
|
direct allocation
|
page read and write
|
||
|
C0000E4000
|
direct allocation
|
page read and write
|
||
|
C000102000
|
direct allocation
|
page read and write
|
||
|
C00010A000
|
direct allocation
|
page read and write
|
||
|
C000046000
|
direct allocation
|
page read and write
|
||
|
808000
|
unkown
|
page write copy
|
||
|
829000
|
unkown
|
page read and write
|
||
|
1BD545C8000
|
direct allocation
|
page read and write
|
||
|
120000
|
unkown
|
page readonly
|
||
|
C000012000
|
direct allocation
|
page read and write
|
||
|
C0001B0000
|
direct allocation
|
page read and write
|
||
|
121000
|
unkown
|
page execute read
|
||
|
C0000E4000
|
direct allocation
|
page read and write
|
||
|
C00006F000
|
direct allocation
|
page read and write
|
||
|
8B5000
|
unkown
|
page readonly
|
||
|
C000196000
|
direct allocation
|
page read and write
|
||
|
C000100000
|
direct allocation
|
page read and write
|
||
|
C0000F4000
|
direct allocation
|
page read and write
|
||
|
1F4E91A3000
|
heap
|
page read and write
|
||
|
121000
|
unkown
|
page execute read
|
||
|
1F4A22D0000
|
heap
|
page read and write
|
||
|
121000
|
unkown
|
page execute read
|
||
|
C0001AC000
|
direct allocation
|
page read and write
|
||
|
7C5000
|
unkown
|
page read and write
|
||
|
C00003F000
|
direct allocation
|
page read and write
|
||
|
C00020C000
|
direct allocation
|
page read and write
|
||
|
C00021A000
|
direct allocation
|
page read and write
|
||
|
FBC1FF000
|
stack
|
page read and write
|
||
|
1F4A25B5000
|
heap
|
page read and write
|
||
|
C00017D000
|
direct allocation
|
page read and write
|
||
|
7F7000
|
unkown
|
page write copy
|
||
|
C00015C000
|
direct allocation
|
page read and write
|
||
|
C000122000
|
direct allocation
|
page read and write
|
||
|
C000033000
|
direct allocation
|
page read and write
|
||
|
C00002A000
|
direct allocation
|
page read and write
|
||
|
C000020000
|
direct allocation
|
page read and write
|
||
|
C000020000
|
direct allocation
|
page read and write
|
||
|
8B2F1FD000
|
stack
|
page read and write
|
||
|
C0000D2000
|
direct allocation
|
page read and write
|
||
|
C000090000
|
direct allocation
|
page read and write
|
||
|
89C000
|
unkown
|
page readonly
|
||
|
20222270000
|
heap
|
page read and write
|
||
|
C0000C8000
|
direct allocation
|
page read and write
|
||
|
C000031000
|
direct allocation
|
page read and write
|
||
|
C0001C8000
|
direct allocation
|
page read and write
|
||
|
C000136000
|
direct allocation
|
page read and write
|
||
|
C00005C000
|
direct allocation
|
page read and write
|
||
|
1F4E7740000
|
unkown
|
page readonly
|
||
|
1F4E7850000
|
direct allocation
|
page read and write
|
||
|
C000043000
|
direct allocation
|
page read and write
|
||
|
C000106000
|
direct allocation
|
page read and write
|
||
|
C0001F5000
|
direct allocation
|
page read and write
|
||
|
C00016A000
|
direct allocation
|
page read and write
|
||
|
C000206000
|
direct allocation
|
page read and write
|
||
|
8B2EFFE000
|
stack
|
page read and write
|
||
|
8B4000
|
unkown
|
page write copy
|
||
|
7CD000
|
unkown
|
page read and write
|
||
|
FBCBFE000
|
stack
|
page read and write
|
||
|
1BD545CC000
|
direct allocation
|
page read and write
|
||
|
202222E5000
|
heap
|
page read and write
|
||
|
C000000000
|
direct allocation
|
page read and write
|
||
|
C00004F000
|
direct allocation
|
page read and write
|
||
|
1F4A2350000
|
heap
|
page read and write
|
||
|
8C8000
|
unkown
|
page readonly
|
||
|
C00000A000
|
direct allocation
|
page read and write
|
||
|
C0000CC000
|
direct allocation
|
page read and write
|
||
|
1BD54820000
|
direct allocation
|
page read and write
|
||
|
C000144000
|
direct allocation
|
page read and write
|
||
|
C000244000
|
direct allocation
|
page read and write
|
||
|
8B2F3FE000
|
stack
|
page read and write
|
||
|
C00000A000
|
direct allocation
|
page read and write
|
||
|
C00006A000
|
direct allocation
|
page read and write
|
||
|
C0001D2000
|
direct allocation
|
page read and write
|
||
|
C000230000
|
direct allocation
|
page read and write
|
||
|
C00013A000
|
direct allocation
|
page read and write
|
||
|
202221FC000
|
direct allocation
|
page read and write
|
||
|
1F4E91B0000
|
heap
|
page read and write
|
||
|
C000100000
|
direct allocation
|
page read and write
|
||
|
C0000D0000
|
direct allocation
|
page read and write
|
||
|
82F000
|
unkown
|
page read and write
|
||
|
9501BCE000
|
stack
|
page read and write
|
||
|
89C000
|
unkown
|
page readonly
|
||
|
80B000
|
unkown
|
page read and write
|
||
|
1F4A2399000
|
heap
|
page read and write
|
||
|
C00002F000
|
direct allocation
|
page read and write
|
||
|
829000
|
unkown
|
page read and write
|
||
|
C0000B2000
|
direct allocation
|
page read and write
|
||
|
C000072000
|
direct allocation
|
page read and write
|
||
|
7CD000
|
unkown
|
page read and write
|
||
|
C00000A000
|
direct allocation
|
page read and write
|
||
|
7F8000
|
unkown
|
page read and write
|
There are 612 hidden memdumps, click here to show them.