Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.Win32.Trojan.Kryptik.DQOJJU.32487.4625.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_Sec_847e5933c7b68f10fff588c9d4be4118d8c5e594_a132e67f_5dfd797d-ff43-4b78-8031-391bd555f2ca\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_Sec_84dfe926c8a473f70df6ff9eee142b124f3fe79_a132e67f_0cdc4759-0de7-40f8-8c28-aa5cc0333853\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_Sec_84dfe926c8a473f70df6ff9eee142b124f3fe79_a132e67f_23825486-2bbf-45fb-9b0a-6d8c1a4fbf60\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_Sec_84dfe926c8a473f70df6ff9eee142b124f3fe79_a132e67f_dea66e8e-942f-4a31-bba4-c04961d93161\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1718.tmp.dmp
|
Mini DuMP crash report, 15 streams, Fri Oct 25 10:46:02 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1787.tmp.dmp
|
Mini DuMP crash report, 15 streams, Fri Oct 25 10:46:02 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER17A6.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1805.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1A28.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1A67.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2215.tmp.dmp
|
Mini DuMP crash report, 15 streams, Fri Oct 25 10:46:05 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER23AC.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER23DC.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2DFC.tmp.dmp
|
Mini DuMP crash report, 15 streams, Fri Oct 25 10:46:08 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2F26.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2F55.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 8 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll64.exe
|
loaddll64.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Kryptik.DQOJJU.32487.4625.dll"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Kryptik.DQOJJU.32487.4625.dll",#1
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Kryptik.DQOJJU.32487.4625.dll,HTMLayoutCallBehaviorMethod
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Kryptik.DQOJJU.32487.4625.dll",#1
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 2084 -s 344
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 3844 -s 288
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Kryptik.DQOJJU.32487.4625.dll,HTMLayoutCreateElement
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 5416 -s 296
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Kryptik.DQOJJU.32487.4625.dll,HTMLayoutDataReady
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7248 -s 288
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Kryptik.DQOJJU.32487.4625.dll",HTMLayoutCallBehaviorMethod
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Kryptik.DQOJJU.32487.4625.dll",HTMLayoutCreateElement
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Kryptik.DQOJJU.32487.4625.dll",HTMLayoutDataReady
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Kryptik.DQOJJU.32487.4625.dll",sqlite3_step
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Kryptik.DQOJJU.32487.4625.dll",sqlite3_prepare_v2
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Kryptik.DQOJJU.32487.4625.dll",sqlite3_open16
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Kryptik.DQOJJU.32487.4625.dll",sqlite3_column_text
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Kryptik.DQOJJU.32487.4625.dll",sqlite3_close
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Kryptik.DQOJJU.32487.4625.dll",HTMLayout_UseElement
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Kryptik.DQOJJU.32487.4625.dll",HTMLayout_UnuseElement
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Kryptik.DQOJJU.32487.4625.dll",HTMLayoutWindowDetachEventHandler
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Kryptik.DQOJJU.32487.4625.dll",HTMLayoutWindowAttachEventHandler
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Kryptik.DQOJJU.32487.4625.dll",HTMLayoutVisitElements
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Kryptik.DQOJJU.32487.4625.dll",HTMLayoutUpdateWindow
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Kryptik.DQOJJU.32487.4625.dll",HTMLayoutUpdateElementEx
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Kryptik.DQOJJU.32487.4625.dll",HTMLayoutUpdateElement
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Kryptik.DQOJJU.32487.4625.dll",HTMLayoutSetupDebugOutput
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Kryptik.DQOJJU.32487.4625.dll",HTMLayoutSetStyleAttribute
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Kryptik.DQOJJU.32487.4625.dll",HTMLayoutSetOption
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Kryptik.DQOJJU.32487.4625.dll",HTMLayoutSetElementState
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Kryptik.DQOJJU.32487.4625.dll",HTMLayoutSetElementInnerText16
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Kryptik.DQOJJU.32487.4625.dll",HTMLayoutSetElementHtml
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.Kryptik.DQOJJU.32487.4625.dll",HTMLayoutSetCallback
|
There are 24 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://upx.sf.net
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{5b1b1107-ca74-5af0-c833-d29710b0674b}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProgramId
|
||
|
\REGISTRY\A\{5b1b1107-ca74-5af0-c833-d29710b0674b}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
FileId
|
||
|
\REGISTRY\A\{5b1b1107-ca74-5af0-c833-d29710b0674b}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{5b1b1107-ca74-5af0-c833-d29710b0674b}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LongPathHash
|
||
|
\REGISTRY\A\{5b1b1107-ca74-5af0-c833-d29710b0674b}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Name
|
||
|
\REGISTRY\A\{5b1b1107-ca74-5af0-c833-d29710b0674b}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
OriginalFileName
|
||
|
\REGISTRY\A\{5b1b1107-ca74-5af0-c833-d29710b0674b}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Publisher
|
||
|
\REGISTRY\A\{5b1b1107-ca74-5af0-c833-d29710b0674b}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Version
|
||
|
\REGISTRY\A\{5b1b1107-ca74-5af0-c833-d29710b0674b}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinFileVersion
|
||
|
\REGISTRY\A\{5b1b1107-ca74-5af0-c833-d29710b0674b}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinaryType
|
||
|
\REGISTRY\A\{5b1b1107-ca74-5af0-c833-d29710b0674b}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductName
|
||
|
\REGISTRY\A\{5b1b1107-ca74-5af0-c833-d29710b0674b}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductVersion
|
||
|
\REGISTRY\A\{5b1b1107-ca74-5af0-c833-d29710b0674b}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LinkDate
|
||
|
\REGISTRY\A\{5b1b1107-ca74-5af0-c833-d29710b0674b}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinProductVersion
|
||
|
\REGISTRY\A\{5b1b1107-ca74-5af0-c833-d29710b0674b}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{5b1b1107-ca74-5af0-c833-d29710b0674b}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{5b1b1107-ca74-5af0-c833-d29710b0674b}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Size
|
||
|
\REGISTRY\A\{5b1b1107-ca74-5af0-c833-d29710b0674b}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Language
|
||
|
\REGISTRY\A\{5b1b1107-ca74-5af0-c833-d29710b0674b}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsOsComponent
|
||
|
\REGISTRY\A\{5b1b1107-ca74-5af0-c833-d29710b0674b}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Usn
|
There are 10 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1ABCCC00000
|
heap
|
page read and write
|
||
|
21E693D0000
|
heap
|
page read and write
|
||
|
1ED442E5000
|
heap
|
page read and write
|
||
|
1B3C6EA0000
|
heap
|
page read and write
|
||
|
21CB5A50000
|
heap
|
page read and write
|
||
|
C8784FF000
|
stack
|
page read and write
|
||
|
2739B730000
|
heap
|
page readonly
|
||
|
2E7ECE1000
|
stack
|
page read and write
|
||
|
25642D20000
|
remote allocation
|
page read and write
|
||
|
F219A41000
|
stack
|
page read and write
|
||
|
146D27C000
|
stack
|
page read and write
|
||
|
2AD2A9A0000
|
heap
|
page read and write
|
||
|
23E353C3000
|
heap
|
page read and write
|
||
|
DA07C7F000
|
stack
|
page read and write
|
||
|
1ED44020000
|
heap
|
page read and write
|
||
|
19DC56F5000
|
heap
|
page read and write
|
||
|
1B3C6F30000
|
heap
|
page read and write
|
||
|
17B724D8000
|
heap
|
page read and write
|
||
|
1E9A3D65000
|
heap
|
page read and write
|
||
|
12587550000
|
heap
|
page read and write
|
||
|
2B28EBA0000
|
remote allocation
|
page read and write
|
||
|
3ACE07F000
|
stack
|
page read and write
|
||
|
DA079CC000
|
stack
|
page read and write
|
||
|
2B3B3390000
|
heap
|
page read and write
|
||
|
25642D90000
|
heap
|
page read and write
|
||
|
F219E7F000
|
stack
|
page read and write
|
||
|
21A14F90000
|
heap
|
page read and write
|
||
|
2452D0A0000
|
heap
|
page read and write
|
||
|
1B0A9F90000
|
heap
|
page readonly
|
||
|
2AD2ACA0000
|
heap
|
page read and write
|
||
|
27399E00000
|
heap
|
page read and write
|
||
|
7FFDE1660000
|
direct allocation
|
page execute read
|
||
|
3ACDD21000
|
stack
|
page read and write
|
||
|
1B0A8640000
|
heap
|
page read and write
|
||
|
24D6C180000
|
remote allocation
|
page read and write
|
||
|
2B28EBC5000
|
heap
|
page read and write
|
||
|
1C9F1570000
|
heap
|
page read and write
|
||
|
21A16900000
|
remote allocation
|
page read and write
|
||
|
149DB950000
|
remote allocation
|
page read and write
|
||
|
85F88F1000
|
stack
|
page read and write
|
||
|
24D6C040000
|
heap
|
page read and write
|
||
|
21CB5C80000
|
heap
|
page read and write
|
||
|
763CA7F000
|
stack
|
page read and write
|
||
|
21E696F5000
|
heap
|
page read and write
|
||
|
202CDB75000
|
heap
|
page read and write
|
||
|
2E7F07F000
|
stack
|
page read and write
|
||
|
1C9EFC60000
|
heap
|
page read and write
|
||
|
7FFDE1660000
|
direct allocation
|
page execute read
|
||
|
85F8D7F000
|
stack
|
page read and write
|
||
|
763C74F000
|
stack
|
page read and write
|
||
|
1ABCCCB0000
|
heap
|
page readonly
|
||
|
202CDB80000
|
heap
|
page readonly
|
||
|
1ABCCC45000
|
heap
|
page read and write
|
||
|
28CF7A80000
|
heap
|
page read and write
|
||
|
19DC5540000
|
heap
|
page read and write
|
||
|
19935758000
|
heap
|
page read and write
|
||
|
5FBDA7F000
|
stack
|
page read and write
|
||
|
2B28E7B0000
|
heap
|
page read and write
|
||
|
85F89EF000
|
stack
|
page read and write
|
||
|
BEFF18E000
|
stack
|
page read and write
|
||
|
24D6C200000
|
heap
|
page read and write
|
||
|
1E9A3AA0000
|
heap
|
page read and write
|
||
|
A2D7C7F000
|
stack
|
page read and write
|
||
|
CA97EFF000
|
stack
|
page read and write
|
||
|
7FFDE1660000
|
direct allocation
|
page execute read
|
||
|
2452E980000
|
heap
|
page read and write
|
||
|
2AD2AC20000
|
heap
|
page read and write
|
||
|
23E355C5000
|
heap
|
page read and write
|
||
|
7FFDE1660000
|
direct allocation
|
page execute read
|
||
|
2452CCF0000
|
heap
|
page read and write
|
||
|
2AD2AB18000
|
heap
|
page read and write
|
||
|
146D37F000
|
stack
|
page read and write
|
||
|
97758FE000
|
stack
|
page read and write
|
||
|
28CF60B0000
|
heap
|
page readonly
|
||
|
1CD42E90000
|
heap
|
page readonly
|
||
|
23E353A0000
|
heap
|
page read and write
|
||
|
7FFE1151F000
|
unkown
|
page read and write
|
||
|
A8EB1CF000
|
stack
|
page read and write
|
||
|
146D2FF000
|
stack
|
page read and write
|
||
|
1C9EFA60000
|
heap
|
page read and write
|
||
|
21E693A0000
|
heap
|
page read and write
|
||
|
1CD414E8000
|
heap
|
page read and write
|
||
|
7FFDE1660000
|
direct allocation
|
page execute read
|
||
|
AE59851000
|
stack
|
page read and write
|
||
|
1E9A3C30000
|
remote allocation
|
page read and write
|
||
|
1B3C6DA0000
|
heap
|
page read and write
|
||
|
5BB537E000
|
stack
|
page read and write
|
||
|
202CDBD8000
|
heap
|
page read and write
|
||
|
24D6C048000
|
heap
|
page read and write
|
||
|
2AD2AC40000
|
remote allocation
|
page read and write
|
||
|
202CDBF3000
|
heap
|
page read and write
|
||
|
2452CF90000
|
remote allocation
|
page read and write
|
||
|
7FFE11513000
|
unkown
|
page readonly
|
||
|
12588D30000
|
heap
|
page read and write
|
||
|
17B726C0000
|
heap
|
page read and write
|
||
|
1B0A9FC0000
|
heap
|
page read and write
|
||
|
1B3C6E80000
|
heap
|
page read and write
|
||
|
7FFE11501000
|
unkown
|
page execute read
|
||
|
9775411000
|
stack
|
page read and write
|
||
|
17B724C0000
|
heap
|
page read and write
|
||
|
24D6DAD0000
|
heap
|
page read and write
|
||
|
E2682B1000
|
stack
|
page read and write
|
||
|
5BB527F000
|
stack
|
page read and write
|
||
|
7FFDE1660000
|
direct allocation
|
page execute read
|
||
|
28CF6185000
|
heap
|
page read and write
|
||
|
1B0A8970000
|
heap
|
page read and write
|
||
|
21CB5AD0000
|
heap
|
page readonly
|
||
|
1C9EFA50000
|
heap
|
page read and write
|
||
|
AE59CFF000
|
stack
|
page read and write
|
||
|
5FBD621000
|
stack
|
page read and write
|
||
|
A8EB051000
|
stack
|
page read and write
|
||
|
202CDB90000
|
remote allocation
|
page read and write
|
||
|
1C9EFC30000
|
heap
|
page read and write
|
||
|
149DB838000
|
heap
|
page read and write
|
||
|
286389F0000
|
heap
|
page read and write
|
||
|
2B28E830000
|
heap
|
page read and write
|
||
|
21CB5AE8000
|
heap
|
page read and write
|
||
|
2B28EBC0000
|
heap
|
page read and write
|
||
|
21A14EB0000
|
heap
|
page read and write
|
||
|
2B28E780000
|
heap
|
page read and write
|
||
|
28638A10000
|
heap
|
page read and write
|
||
|
1B0A8688000
|
heap
|
page read and write
|
||
|
19935930000
|
heap
|
page read and write
|
||
|
12587450000
|
heap
|
page read and write
|
||
|
1ABCCB20000
|
heap
|
page read and write
|
||
|
2452CEE0000
|
heap
|
page read and write
|
||
|
202CD9F0000
|
heap
|
page read and write
|
||
|
E2683AF000
|
stack
|
page read and write
|
||
|
19DC56F0000
|
heap
|
page read and write
|
||
|
2B3B18B8000
|
heap
|
page read and write
|
||
|
25642AA0000
|
heap
|
page read and write
|
||
|
2739B7F0000
|
heap
|
page read and write
|
||
|
1B0A8975000
|
heap
|
page read and write
|
||
|
286389F8000
|
heap
|
page read and write
|
||
|
28CF6030000
|
heap
|
page read and write
|
||
|
1C9F1480000
|
heap
|
page readonly
|
||
|
1B3C6F20000
|
heap
|
page readonly
|
||
|
149DB940000
|
heap
|
page readonly
|
||
|
A2D7861000
|
stack
|
page read and write
|
||
|
23E353A8000
|
heap
|
page read and write
|
||
|
1E9A3CC0000
|
heap
|
page read and write
|
||
|
19DC6F60000
|
heap
|
page read and write
|
||
|
5BB52FF000
|
stack
|
page read and write
|
||
|
202CDBD0000
|
heap
|
page read and write
|
||
|
19935890000
|
remote allocation
|
page read and write
|
||
|
C3D7D7F000
|
stack
|
page read and write
|
||
|
1ED442E0000
|
heap
|
page read and write
|
||
|
3ACDF1F000
|
stack
|
page read and write
|
||
|
1E9A3AF0000
|
heap
|
page read and write
|
||
|
1CD41870000
|
heap
|
page read and write
|
||
|
19DC5548000
|
heap
|
page read and write
|
||
|
3ACE0FF000
|
stack
|
page read and write
|
||
|
1E9A3AF8000
|
heap
|
page read and write
|
||
|
17B72885000
|
heap
|
page read and write
|
||
|
7FFDE1660000
|
direct allocation
|
page execute read
|
||
|
1B0A8680000
|
heap
|
page read and write
|
||
|
5FBD71F000
|
stack
|
page read and write
|
||
|
977558E000
|
stack
|
page read and write
|
||
|
21E69460000
|
heap
|
page read and write
|
||
|
21AC9FF000
|
stack
|
page read and write
|
||
|
286389D0000
|
heap
|
page readonly
|
||
|
F5ADEFF000
|
stack
|
page read and write
|
||
|
1E9A3D60000
|
heap
|
page read and write
|
||
|
146D47F000
|
stack
|
page read and write
|
||
|
7FFDE1660000
|
direct allocation
|
page execute read
|
||
|
2D55CD90000
|
heap
|
page read and write
|
||
|
2B3B19E0000
|
heap
|
page read and write
|
||
|
28CF5E40000
|
heap
|
page read and write
|
||
|
28638930000
|
heap
|
page read and write
|
||
|
1B0A868E000
|
heap
|
page read and write
|
||
|
2AD2AB10000
|
heap
|
page read and write
|
||
|
27399E90000
|
heap
|
page read and write
|
||
|
28CF5E68000
|
heap
|
page read and write
|
||
|
14D57A08000
|
heap
|
page read and write
|
||
|
21CB5970000
|
heap
|
page read and write
|
||
|
7FFDE1660000
|
direct allocation
|
page execute read
|
||
|
A2D795F000
|
stack
|
page read and write
|
||
|
149DB6C0000
|
heap
|
page read and write
|
||
|
94785CE000
|
stack
|
page read and write
|
||
|
23E35350000
|
heap
|
page read and write
|
||
|
7FFE11500000
|
unkown
|
page readonly
|
||
|
19935700000
|
heap
|
page read and write
|
||
|
85F8C7F000
|
stack
|
page read and write
|
||
|
1ED43EF0000
|
heap
|
page read and write
|
||
|
C3D7C7C000
|
stack
|
page read and write
|
||
|
F5ADE01000
|
stack
|
page read and write
|
||
|
2D55E7E0000
|
remote allocation
|
page read and write
|
||
|
21E6B090000
|
heap
|
page read and write
|
||
|
DA07CFD000
|
stack
|
page read and write
|
||
|
7FFDE1660000
|
direct allocation
|
page execute read
|
||
|
2B28E790000
|
heap
|
page read and write
|
||
|
17B72750000
|
remote allocation
|
page read and write
|
||
|
1ED43FD0000
|
heap
|
page read and write
|
||
|
2E7F17E000
|
stack
|
page read and write
|
||
|
28CF6180000
|
heap
|
page read and write
|
||
|
14D578A0000
|
heap
|
page read and write
|
||
|
12588ED0000
|
heap
|
page read and write
|
||
|
2452CCF8000
|
heap
|
page read and write
|
||
|
149DB7A0000
|
heap
|
page read and write
|
||
|
849F061000
|
stack
|
page read and write
|
||
|
149DB830000
|
heap
|
page read and write
|
||
|
14D57C15000
|
heap
|
page read and write
|
||
|
1ABCCC40000
|
heap
|
page read and write
|
||
|
2B3B18D1000
|
heap
|
page read and write
|
||
|
2AD2ACA5000
|
heap
|
page read and write
|
||
|
26A87F000
|
stack
|
page read and write
|
||
|
21AC35C000
|
stack
|
page read and write
|
||
|
C87847F000
|
stack
|
page read and write
|
||
|
25642D95000
|
heap
|
page read and write
|
||
|
24D6C170000
|
heap
|
page readonly
|
||
|
87A107F000
|
stack
|
page read and write
|
||
|
14D579A0000
|
heap
|
page read and write
|
||
|
1CD414E0000
|
heap
|
page read and write
|
||
|
28638CC0000
|
heap
|
page read and write
|
||
|
19DC53D0000
|
heap
|
page read and write
|
||
|
1CD41490000
|
heap
|
page read and write
|
||
|
1ABCCCC0000
|
remote allocation
|
page read and write
|
||
|
19DC5650000
|
heap
|
page readonly
|
||
|
25642B18000
|
heap
|
page read and write
|
||
|
19DC5660000
|
remote allocation
|
page read and write
|
||
|
21E696F0000
|
heap
|
page read and write
|
||
|
26A5CF000
|
stack
|
page read and write
|
||
|
2B3B31B0000
|
heap
|
page readonly
|
||
|
1CD42F50000
|
heap
|
page read and write
|
||
|
7FFDE1660000
|
direct allocation
|
page execute read
|
||
|
1C9F1490000
|
remote allocation
|
page read and write
|
||
|
23E36F10000
|
heap
|
page read and write
|
||
|
AE5994F000
|
stack
|
page read and write
|
||
|
947897F000
|
stack
|
page read and write
|
||
|
1CD41875000
|
heap
|
page read and write
|
||
|
17B72740000
|
heap
|
page readonly
|
||
|
2B290210000
|
heap
|
page read and write
|
||
|
7FFDE1660000
|
direct allocation
|
page execute read
|
||
|
25642B10000
|
heap
|
page read and write
|
||
|
2AD2AA80000
|
heap
|
page read and write
|
||
|
1ABCCCE8000
|
heap
|
page read and write
|
||
|
12587370000
|
heap
|
page read and write
|
||
|
3A6F36F000
|
stack
|
page read and write
|
||
|
7FFDE1660000
|
direct allocation
|
page execute read
|
||
|
2AD2AAA0000
|
heap
|
page read and write
|
||
|
286389E0000
|
remote allocation
|
page read and write
|
||
|
2D55CFC0000
|
heap
|
page read and write
|
||
|
F3AAD1C000
|
stack
|
page read and write
|
||
|
947887E000
|
stack
|
page read and write
|
||
|
F219B3F000
|
stack
|
page read and write
|
||
|
26A4D1000
|
stack
|
page read and write
|
||
|
27399D00000
|
heap
|
page read and write
|
||
|
21E69468000
|
heap
|
page read and write
|
||
|
14D57A00000
|
heap
|
page read and write
|
||
|
7FFDE1660000
|
direct allocation
|
page execute read
|
||
|
19DC54D0000
|
heap
|
page read and write
|
||
|
2D55CFB5000
|
heap
|
page read and write
|
||
|
27399DE0000
|
heap
|
page read and write
|
||
|
A8EB14E000
|
stack
|
page read and write
|
||
|
202CF5F0000
|
heap
|
page read and write
|
||
|
21CB5AE0000
|
heap
|
page read and write
|
||
|
21A14FF0000
|
heap
|
page read and write
|
||
|
19935880000
|
heap
|
page readonly
|
||
|
202CDB70000
|
heap
|
page read and write
|
||
|
C3D7DFE000
|
stack
|
page read and write
|
||
|
149DD1B0000
|
heap
|
page read and write
|
||
|
7FFDE1660000
|
direct allocation
|
page execute read
|
||
|
7FFDE1660000
|
direct allocation
|
page execute read
|
||
|
19935600000
|
heap
|
page read and write
|
||
|
24D6C205000
|
heap
|
page read and write
|
||
|
849F1DF000
|
stack
|
page read and write
|
||
|
28CF60C0000
|
remote allocation
|
page read and write
|
||
|
24D6BFF0000
|
heap
|
page read and write
|
||
|
2B3B18B0000
|
heap
|
page read and write
|
||
|
1CD42EA0000
|
remote allocation
|
page read and write
|
||
|
21CB5D10000
|
heap
|
page read and write
|
||
|
F3AB07E000
|
stack
|
page read and write
|
||
|
21A16A40000
|
heap
|
page read and write
|
||
|
1E9A39A0000
|
heap
|
page read and write
|
||
|
28CF5E60000
|
heap
|
page read and write
|
||
|
27399E45000
|
heap
|
page read and write
|
||
|
27399E98000
|
heap
|
page read and write
|
||
|
F3AB0FF000
|
stack
|
page read and write
|
||
|
21A15155000
|
heap
|
page read and write
|
||
|
2B3B19E5000
|
heap
|
page read and write
|
||
|
CA97F7E000
|
stack
|
page read and write
|
||
|
23E35330000
|
heap
|
page read and write
|
||
|
1B0A8560000
|
heap
|
page read and write
|
||
|
14D57980000
|
heap
|
page read and write
|
||
|
7FFDE1660000
|
direct allocation
|
page execute read
|
||
|
7FFDE1660000
|
direct allocation
|
page execute read
|
||
|
3ACE27F000
|
stack
|
page read and write
|
||
|
F5AE07E000
|
stack
|
page read and write
|
||
|
199356E0000
|
heap
|
page read and write
|
||
|
3ACE2FE000
|
stack
|
page read and write
|
||
|
94784D1000
|
stack
|
page read and write
|
||
|
2739B740000
|
remote allocation
|
page read and write
|
||
|
23E355C0000
|
heap
|
page read and write
|
||
|
1E9A3B0F000
|
heap
|
page read and write
|
||
|
1ED45930000
|
remote allocation
|
page read and write
|
||
|
5E7273F000
|
stack
|
page read and write
|
||
|
2B28E838000
|
heap
|
page read and write
|
||
|
2863A400000
|
heap
|
page read and write
|
||
|
C3D7CFF000
|
stack
|
page read and write
|
||
|
1C9EFC55000
|
heap
|
page read and write
|
||
|
1ABCCCE0000
|
heap
|
page read and write
|
||
|
14D57C10000
|
heap
|
page read and write
|
||
|
24D6BEF0000
|
heap
|
page read and write
|
||
|
2E7EDDF000
|
stack
|
page read and write
|
||
|
7FFDE1660000
|
direct allocation
|
page execute read
|
||
|
19935750000
|
heap
|
page read and write
|
||
|
CA97E7E000
|
stack
|
page read and write
|
||
|
7FFE11521000
|
unkown
|
page readonly
|
||
|
1B3C70D0000
|
heap
|
page read and write
|
||
|
7FFDE1660000
|
direct allocation
|
page execute read
|
||
|
25642A70000
|
heap
|
page read and write
|
||
|
1ABCE5F0000
|
heap
|
page read and write
|
||
|
1C9EFA68000
|
heap
|
page read and write
|
||
|
1C9EFC50000
|
heap
|
page read and write
|
||
|
2D55E920000
|
heap
|
page read and write
|
||
|
2AD2AB2E000
|
heap
|
page read and write
|
||
|
21E693B0000
|
heap
|
page read and write
|
||
|
25642B33000
|
heap
|
page read and write
|
||
|
977550E000
|
stack
|
page read and write
|
||
|
21E69640000
|
remote allocation
|
page read and write
|
||
|
21A15150000
|
heap
|
page read and write
|
||
|
12587459000
|
heap
|
page read and write
|
||
|
21A14FB0000
|
heap
|
page read and write
|
||
|
2452D0A5000
|
heap
|
page read and write
|
||
|
1E9A3A80000
|
heap
|
page read and write
|
||
|
28638850000
|
heap
|
page read and write
|
||
|
F5ADF7E000
|
stack
|
page read and write
|
||
|
3ACE1FF000
|
stack
|
page read and write
|
||
|
24D6BFD0000
|
heap
|
page read and write
|
||
|
1ED43FF0000
|
heap
|
page read and write
|
||
|
19935935000
|
heap
|
page read and write
|
||
|
1258745D000
|
heap
|
page read and write
|
||
|
2B3B18BE000
|
heap
|
page read and write
|
||
|
2D55E7D0000
|
heap
|
page readonly
|
||
|
BEFF4FF000
|
stack
|
page read and write
|
||
|
25642A80000
|
heap
|
page read and write
|
||
|
17B726A0000
|
heap
|
page read and write
|
||
|
2452CE00000
|
heap
|
page read and write
|
||
|
CA97BCF000
|
stack
|
page read and write
|
||
|
7FFDE1660000
|
direct allocation
|
page execute read
|
||
|
202CDAD0000
|
heap
|
page read and write
|
||
|
C87814F000
|
stack
|
page read and write
|
||
|
19937240000
|
heap
|
page read and write
|
||
|
2D55CFB0000
|
heap
|
page read and write
|
||
|
F3AAD9F000
|
stack
|
page read and write
|
||
|
17B72880000
|
heap
|
page read and write
|
||
|
149DB7C0000
|
heap
|
page read and write
|
||
|
7FFDE1660000
|
direct allocation
|
page execute read
|
||
|
21A15013000
|
heap
|
page read and write
|
||
|
1B3C6F38000
|
heap
|
page read and write
|
||
|
21CB5AEF000
|
heap
|
page read and write
|
||
|
763C7CE000
|
stack
|
page read and write
|
||
|
2D55CEA0000
|
heap
|
page read and write
|
||
|
7FFDE1660000
|
direct allocation
|
page execute read
|
||
|
F219EFF000
|
stack
|
page read and write
|
||
|
A2D7CFE000
|
stack
|
page read and write
|
||
|
7FFDE1660000
|
direct allocation
|
page execute read
|
||
|
21A14FF8000
|
heap
|
page read and write
|
||
|
3A6F271000
|
stack
|
page read and write
|
||
|
7FFDE1660000
|
direct allocation
|
page execute read
|
||
|
763C6CC000
|
stack
|
page read and write
|
||
|
7FFDE1660000
|
direct allocation
|
page execute read
|
||
|
2B28EB90000
|
heap
|
page readonly
|
||
|
1B3C7030000
|
remote allocation
|
page read and write
|
||
|
19DC54B0000
|
heap
|
page read and write
|
||
|
849F15F000
|
stack
|
page read and write
|
||
|
21CB5A70000
|
heap
|
page read and write
|
||
|
2D55CF80000
|
heap
|
page read and write
|
||
|
17B741B0000
|
heap
|
page read and write
|
||
|
1B3C7145000
|
heap
|
page read and write
|
||
|
7FFDE1660000
|
direct allocation
|
page execute read
|
||
|
CA97AD1000
|
stack
|
page read and write
|
||
|
27399E40000
|
heap
|
page read and write
|
||
|
17B724D0000
|
heap
|
page read and write
|
||
|
2B3B1880000
|
heap
|
page read and write
|
||
|
2B3B17A0000
|
heap
|
page read and write
|
||
|
2D55CD98000
|
heap
|
page read and write
|
||
|
2AD2AC30000
|
heap
|
page readonly
|
||
|
1B3C7140000
|
heap
|
page read and write
|
||
|
2452CF80000
|
heap
|
page readonly
|
||
|
3A6F3EF000
|
stack
|
page read and write
|
||
|
BEFF47F000
|
stack
|
page read and write
|
||
|
1CD41470000
|
heap
|
page read and write
|
||
|
2452CF00000
|
heap
|
page read and write
|
||
|
5BB4F21000
|
stack
|
page read and write
|
||
|
21CB5D15000
|
heap
|
page read and write
|
||
|
23E354F0000
|
remote allocation
|
page read and write
|
||
|
149DB9A0000
|
heap
|
page read and write
|
||
|
14D57BE0000
|
heap
|
page read and write
|
||
|
202CDAF0000
|
heap
|
page read and write
|
||
|
C878051000
|
stack
|
page read and write
|
||
|
1B0A8660000
|
heap
|
page read and write
|
||
|
3ACDE21000
|
stack
|
page read and write
|
||
|
23E35250000
|
heap
|
page read and write
|
||
|
1ED44028000
|
heap
|
page read and write
|
||
|
28638CC5000
|
heap
|
page read and write
|
||
|
7FFDE1660000
|
direct allocation
|
page execute read
|
||
|
1E9A3C20000
|
heap
|
page readonly
|
||
|
87A0D71000
|
stack
|
page read and write
|
||
|
1ABCCC20000
|
heap
|
page read and write
|
||
|
2B3B19B0000
|
heap
|
page read and write
|
||
|
5E72641000
|
stack
|
page read and write
|
||
|
1ED45920000
|
heap
|
page readonly
|
||
|
28CF5E30000
|
heap
|
page read and write
|
||
|
1ED459C0000
|
heap
|
page read and write
|
||
|
1CD41460000
|
heap
|
page read and write
|
||
|
5FBDAFE000
|
stack
|
page read and write
|
||
|
25642CF0000
|
heap
|
page read and write
|
||
|
14D57B20000
|
heap
|
page readonly
|
||
|
BEFF091000
|
stack
|
page read and write
|
||
|
87A10FF000
|
stack
|
page read and write
|
||
|
7FFE11528000
|
unkown
|
page readonly
|
||
|
28638950000
|
heap
|
page read and write
|
||
|
DA07D7F000
|
stack
|
page read and write
|
||
|
149DB9A5000
|
heap
|
page read and write
|
||
|
AE59C7F000
|
stack
|
page read and write
|
There are 406 hidden memdumps, click here to show them.