IOC Report
krampus.exe

loading gif

Files

File Path
Type
Category
Malicious
krampus.exe
PE32+ executable (console) x86-64, for MS Windows
initial sample
C:\Users\user\Desktop\DVWHKMNFNN.docx.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Desktop\DVWHKMNFNN.xlsx.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Desktop\DVWHKMNFNN\DVWHKMNFNN.docx.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Desktop\DVWHKMNFNN\NIKHQAIQAU.pdf.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Desktop\DVWHKMNFNN\YPSIACHYXW.xlsx.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Desktop\HTAGVDFUIE.docx.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Desktop\HTAGVDFUIE.pdf.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Desktop\HTAGVDFUIE\HTAGVDFUIE.docx.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Desktop\HTAGVDFUIE\KZWFNRXYKI.pdf.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Desktop\HTAGVDFUIE\NWTVCDUMOB.xlsx.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Desktop\KATAXZVCPS.docx.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Desktop\KATAXZVCPS.xlsx.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Desktop\KATAXZVCPS\DVWHKMNFNN.xlsx.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Desktop\KATAXZVCPS\KATAXZVCPS.docx.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Desktop\KATAXZVCPS\NWTVCDUMOB.pdf.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Desktop\KZWFNRXYKI.pdf.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Desktop\NIKHQAIQAU.pdf.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Desktop\NWTVCDUMOB.pdf.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Desktop\NWTVCDUMOB.xlsx.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Desktop\UMMBDNEQBN.docx.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Desktop\UMMBDNEQBN\HTAGVDFUIE.pdf.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Desktop\UMMBDNEQBN\KATAXZVCPS.xlsx.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Desktop\UMMBDNEQBN\UMMBDNEQBN.docx.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Desktop\YPSIACHYXW.xlsx.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Documents\DVWHKMNFNN.docx.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Documents\DVWHKMNFNN.xlsx.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Documents\DVWHKMNFNN\DVWHKMNFNN.docx.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Documents\DVWHKMNFNN\NIKHQAIQAU.pdf.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Documents\DVWHKMNFNN\YPSIACHYXW.xlsx.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Documents\HTAGVDFUIE.docx.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Documents\HTAGVDFUIE.pdf.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Documents\HTAGVDFUIE\HTAGVDFUIE.docx.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Documents\HTAGVDFUIE\KZWFNRXYKI.pdf.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Documents\HTAGVDFUIE\NWTVCDUMOB.xlsx.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Documents\KATAXZVCPS.docx.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Documents\KATAXZVCPS.xlsx.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Documents\KATAXZVCPS\DVWHKMNFNN.xlsx.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Documents\KATAXZVCPS\KATAXZVCPS.docx.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Documents\KATAXZVCPS\NWTVCDUMOB.pdf.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Documents\KZWFNRXYKI.pdf.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Documents\NIKHQAIQAU.pdf.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Documents\NWTVCDUMOB.pdf.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Documents\NWTVCDUMOB.xlsx.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Documents\UMMBDNEQBN.docx.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Documents\UMMBDNEQBN\HTAGVDFUIE.pdf.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Documents\UMMBDNEQBN\KATAXZVCPS.xlsx.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Documents\UMMBDNEQBN\UMMBDNEQBN.docx.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Documents\YPSIACHYXW.xlsx.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Downloads\DVWHKMNFNN.docx.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Downloads\DVWHKMNFNN.xlsx.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Downloads\HTAGVDFUIE.docx.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Downloads\HTAGVDFUIE.pdf.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Downloads\KATAXZVCPS.docx.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Downloads\KATAXZVCPS.xlsx.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Downloads\KZWFNRXYKI.pdf.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Downloads\NIKHQAIQAU.pdf.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Downloads\NWTVCDUMOB.pdf.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Downloads\NWTVCDUMOB.xlsx.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Downloads\UMMBDNEQBN.docx.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
C:\Users\user\Downloads\YPSIACHYXW.xlsx.krampus
ASCII text, with very long lines (2752), with no line terminators
dropped
There are 51 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\krampus.exe
"C:\Users\user\Desktop\krampus.exe"
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

URLs

Name
IP
Malicious
https://nodejs.org/download/release/v14.20.0/node-v14.20.0-headers.tar.gzief
unknown
https://url.spec.whatwg.org/#concept-url-origin
unknown
https://github.com/joyent/node/issues/3295.
unknown
https://tools.ietf.org/html/rfc6455#section-1.3
unknown
https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRangesNoDash
unknown
https://www.ecma-international.org/ecma-262/8.0/#sec-atomescape
unknown
https://nodejs.org/download/release/v14.20.0/win-x64/node.libF
unknown
https://github.com/nodejs/node/pul
unknown
https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedPatternCharacter
unknown
https://url.spec.whatwg.org/#concept-urlencoded-byte-serializer
unknown
https://url.spec.whatwg.org/#special-scheme
unknown
https://www.ecma-international.org/ecma-262/8.0/#prod-Atom
unknown
https://www.ecma-international.org/ecma-262/8.0/#sec-term
unknown
https://gist.github.com/XVilka/8346728#gistcomment-2823421
unknown
https://github.com/nodejs/node-v0.x-archive/issues/2876.
unknown
http://www.3waylabs.com/nw/WWW/products/wizcon/vt220.html
unknown
https://heycam.github.io/webidl/#define-the-operations
unknown
https://www.ecma-international.org/ecma-262/#sec-timeclip
unknown
https://www.ecma-international.org/ecma-262/8.0/#prod-OctalDigit
unknown
https://bugs.chromium.org/p/v8/issues/detail?id=10704
unknown
https://console.spec.whatwg.org/#table
unknown
https://www.iana.org/assignments/tls-extensiontype-values
unknown
https://github.com/nodejs/node/issues/35475
unknown
https://github.com/nodejs/node/commit/ec2822adaad76b126b5cccdeaa1addf2376c9aa6
unknown
https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigit
unknown
https://github.com/chalk/ansi-regex/blob/HEAD/index.js
unknown
https://console.spec.whatwg.org/#console-namespace
unknown
https://no-color.org/
unknown
https://www.ecma-international.org/ecma-262/8.0/#prod-QuantifierPrefix
unknown
https://url.spec.whatwg.org/#url
unknown
https://html.spec.whatwg.org/multipage/browsers.html#ascii-serialisation-of-an-origin
unknown
https://www.ecma-international.org/ecma-262/8.0/#prod-HexEscapeSequence
unknown
https://encoding.spec.whatwg.org/#textencoder
unknown
https://url.spec.whatwg.org/#urlsearchparams-stringification-behavior
unknown
https://github.com/nodejs/node/issues/13435
unknown
https://html.spec.whatwg.org/multipage/webappapis.html#windoworworkerglobalscope
unknown
https://www.ecma-international.org/ecma-262/8.0/#prod-ClassAtomNoDash
unknown
https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-InvalidBracedQuantifier
unknown
https://github.com/tc39/proposal-weakrefs
unknown
https://goo.gl/t5IS6M).
unknown
https://tools.ietf.org/html/rfc7230#section-3.2.2
unknown
https://github.com/nodejs/node/pull/26334.
unknown
https://www.ecma-international.org/ecma-262/8.0/#prod-PatternCharacter
unknown
https://github.com/nodejs/node/commit/f7620fb96d339f704932f9bb9a0dceb9952df2d4
unknown
https://www.ecma-international.org/ecma-262/8.0/#prod-ClassAtom
unknown
https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Assertion
unknown
https://github.com/nodejs/node/pull/33229
unknown
https://console.spec.whatwg.org/#count-map
unknown
https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/repairES5.js
unknown
https://tc39.github.io/ecma262/#sec-%iteratorprototype%-object
unknown
https://url.spec.whatwg.org/#concept-urlencoded-serializer
unknown
https://github.com/nodejs/node/pull/38248
unknown
https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-CharacterEscape
unknown
https://wiki.squid-cache.org/SquidFaq/InnerWorkings#What_is_a_half-closed_filedescriptor.3F
unknown
https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-IdentityEscape
unknown
https://nodejs.org/api/fs.html
unknown
https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/startSES.js
unknown
https://github.com/nodejs/node/pull/21313
unknown
https://www.ecma-international.org/ecma-262/8.0/#prod-ClassRanges
unknown
https://github.com/nodejs/node/pull/35949#issuecomment-722496598
unknown
https://nodejs.org/download/release/v14.20.0/node-v14.20.0.tar.gzhttps://nodejs.org/download/release
unknown
https://tools.ietf.org/html/rfc3986#section-3.2.2
unknown
https://nodejs.org/download/release/v14.20.0/win-x64/node.lib
unknown
https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-LegacyOctalEscapeSequence
unknown
https://github.com/acornjs/acorn/blob/master/acorn/src/identifier.js#L23
unknown
https://github.com/mysticatea/abort-controller
unknown
https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRanges
unknown
http://www.midnight-commander.org/browser/lib/tty/key.c
unknown
https://nodejs.org/
unknown
https://tools.ietf.org/html/rfc7540#section-8.1.2.5
unknown
https://www.ecma-international.org/ecma-262/8.0/#prod-ControlEscape
unknown
https://www.ecma-international.org/ecma-262/8.0/#prod-Hex4Digits
unknown
http://www.squid-cache.org/Doc/config/half_closed_clients/
unknown
https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalEscape
unknown
https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassControlLetter
unknown
https://stackoverflow.com/a/5501711/3561
unknown
https://github.com/vercel/pkg/issues/1589
unknown
https://mathiasbynens.be/notes/javascript-encoding
unknown
https://github.com/nodejs/node/pull/33661
unknown
https://encoding.spec.whatwg.org/#textdecoder
unknown
https://www.ecma-international.org/ecma-262/8.0/#prod-CharacterClassEscape
unknown
http://narwhaljs.org)
unknown
https://github.com/nodejs/node/issues/3392
unknown
https://w3c.github.io/webappsec-subresource-integrity/#the-integrity-attribute
unknown
https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Term
unknown
https://www.ecma-international.org/ecma-262/#sec-promise.all
unknown
https://cs.chromium.org/chromium/src/v8/tools/SourceMap.js?rcl=dd10454c1d
unknown
https://nodejs.org/download/release/v14.20.0/node-v14.20.0.tar.gzI
unknown
https://invisible-island.net/ncurses/terminfo.ti.html#toc-_Specials
unknown
https://code.google.com/p/chromium/issues/detail?id=25916
unknown
https://github.com/isaacs/color-support.
unknown
https://github.com/tc39/ecma262/blob/HEAD/LICENSE.md
unknown
https://v8.dev/blog/v8-release-89
unknown
https://github.com/nodejs/node/issues/39707
unknown
https://www.ecma-international.org/ecma-262/8.0/#prod-Alternative
unknown
https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalDigits
unknown
https://github.com/nodejs/node/pull/12607
unknown
https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot
unknown
https://www.ecma-international.org/ecma-262/#sec-line-terminators
unknown
https://github.com/nodejs/node/issues/35981
unknown
There are 90 hidden URLs, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
18217659000
heap
page read and write
182175F4000
heap
page read and write
3DB54C00000
direct allocation
page read and write
18215C3B000
heap
page read and write
18215ACC000
heap
page read and write
18215CC5000
heap
page read and write
1A343237000
heap
page read and write
18217657000
heap
page read and write
18215B62000
heap
page read and write
18215BF3000
heap
page read and write
18215BE3000
heap
page read and write
18215C79000
heap
page read and write
18215B65000
heap
page read and write
18215C82000
heap
page read and write
18215BFF000
heap
page read and write
18215C2B000
heap
page read and write
18215C14000
heap
page read and write
182175D4000
heap
page read and write
18215BDC000
heap
page read and write
1A3431C0000
unkown
page read and write
31645480000
direct allocation
page read and write
18215C63000
heap
page read and write
2A181640000
direct allocation
page read and write
18215B73000
heap
page read and write
182175CD000
heap
page read and write
2220D40000
unkown
page read and write
18215C2B000
heap
page read and write
18215B68000
heap
page read and write
18215BF3000
heap
page read and write
18215C57000
heap
page read and write
18215C0D000
heap
page read and write
18215C4B000
heap
page read and write
1821761D000
heap
page read and write
18215C05000
heap
page read and write
182175C4000
heap
page read and write
1821764A000
heap
page read and write
18215AEA000
heap
page read and write
18215B37000
heap
page read and write
1A3479F0000
unkown
page read and write
18215C63000
heap
page read and write
1A3452A0000
unkown
page read and write
18215B61000
heap
page read and write
18215BF3000
heap
page read and write
18215C27000
heap
page read and write
F89DF80000
direct allocation
page read and write
1A343380000
unkown
page readonly
18215BDF000
heap
page read and write
18217618000
heap
page read and write
18215BF7000
heap
page read and write
18215AEB000
heap
page read and write
18215BF3000
heap
page read and write
18215C4B000
heap
page read and write
18215BE3000
heap
page read and write
18215B8E000
heap
page read and write
1A34529A000
unkown
page read and write
18217653000
heap
page read and write
18215BF6000
heap
page read and write
345670AC000
direct allocation
page read and write
18215C61000
heap
page read and write
18215B31000
heap
page read and write
182175DA000
heap
page read and write
1A3470F0000
unkown
page read and write
18215BF3000
heap
page read and write
7FF63C4BE000
unkown
page read and write
182175F0000
heap
page read and write
1821764F000
heap
page read and write
18215BEE000
heap
page read and write
182175D9000
heap
page read and write
18215B85000
heap
page read and write
182175E4000
heap
page read and write
18215C79000
heap
page read and write
18215BD4000
heap
page read and write
E7FA846000
direct allocation
page read and write
DFE22C0000
direct allocation
page read and write
1A3453B5000
unkown
page read and write
18215C21000
heap
page read and write
18215A98000
heap
page read and write
18215AD4000
heap
page read and write
18215B3F000
heap
page read and write
1A3453CC000
unkown
page read and write
22720D80000
direct allocation
page read and write
18215C21000
heap
page read and write
18215C83000
heap
page read and write
18215C0D000
heap
page read and write
18215B31000
heap
page read and write
182176AD000
heap
page read and write
18215C4B000
heap
page read and write
18215BE9000
heap
page read and write
18215C71000
heap
page read and write
18215BDC000
heap
page read and write
182175C9000
heap
page read and write
182176AB000
heap
page read and write
1A344BB0000
unkown
page read and write
18215BF3000
heap
page read and write
1A343230000
heap
page read and write
18215C15000
heap
page read and write
18215C00000
heap
page read and write
7FF63B1E1000
unkown
page execute read
1821761B000
heap
page read and write
18215AEB000
heap
page read and write
7FF63C4C2000
unkown
page read and write
220460C0000
direct allocation
page read and write
18215B06000
heap
page read and write
1A345102000
unkown
page read and write
1821764C000
heap
page read and write
18215C4F000
heap
page read and write
18217629000
heap
page read and write
18215C39000
heap
page read and write
3C184F40000
direct allocation
page read and write
18215C0D000
heap
page read and write
18215BB2000
heap
page read and write
1A345164000
unkown
page read and write
1BC44EC0000
direct allocation
page read and write
7FF63C232000
unkown
page readonly
18215ADC000
heap
page read and write
182175C1000
heap
page read and write
18217628000
heap
page read and write
22213FE000
unkown
page readonly
1821768E000
heap
page read and write
18215C11000
heap
page read and write
18215C20000
heap
page read and write
18217633000
heap
page read and write
18215C79000
heap
page read and write
18215BFA000
heap
page read and write
18217642000
heap
page read and write
18215AD2000
heap
page read and write
18215B17000
heap
page read and write
18215BDF000
heap
page read and write
18215BDC000
heap
page read and write
7FF63B1E1000
unkown
page execute read
182175E8000
heap
page read and write
18215BEF000
heap
page read and write
18215C4B000
heap
page read and write
18215BD8000
heap
page read and write
18215C21000
heap
page read and write
18215BDF000
heap
page read and write
18215B77000
heap
page read and write
182175C0000
heap
page read and write
1821761D000
heap
page read and write
18215C4F000
heap
page read and write
18215C11000
heap
page read and write
18215A90000
heap
page read and write
18215B30000
heap
page read and write
1DA7C5C0000
direct allocation
page read and write
1A3451C6000
unkown
page read and write
7FF63C765000
unkown
page read and write
18215C7D000
heap
page read and write
7FF63A7E1000
unkown
page execute read
7FF63C4D0000
unkown
page read and write
18215B8E000
heap
page read and write
18215C1D000
heap
page read and write
18215BD8000
heap
page read and write
18215BEE000
heap
page read and write
7FF63B832000
unkown
page readonly
18215C0D000
heap
page read and write
18215C0D000
heap
page read and write
1A345294000
unkown
page read and write
7061AFE000
stack
page read and write
18215ACA000
heap
page read and write
18215C10000
heap
page read and write
1821769C000
heap
page read and write
2220D38000
unkown
page read and write
18215B06000
heap
page read and write
1A345364000
unkown
page read and write
18215C57000
heap
page read and write
18215C82000
heap
page read and write
2C6CF1C0000
direct allocation
page read and write
18215C3B000
heap
page read and write
18215C8E000
heap
page read and write
7FF63C77D000
unkown
page read and write
1821767E000
heap
page read and write
18215C19000
heap
page read and write
18217628000
heap
page read and write
18215B30000
heap
page read and write
18215BD4000
heap
page read and write
18215BB6000
heap
page read and write
18217677000
heap
page read and write
1A34340B000
heap
page read and write
18215BEF000
heap
page read and write
18215B34000
heap
page read and write
18215BD4000
heap
page read and write
18215C7B000
heap
page read and write
18215C52000
heap
page read and write
18215C1F000
heap
page read and write
1A3453C8000
unkown
page read and write
182175E8000
heap
page read and write
70621FF000
stack
page read and write
18215B24000
heap
page read and write
18215AF1000
heap
page read and write
18215AD8000
heap
page read and write
18215BF3000
heap
page read and write
1821765E000
heap
page read and write
182175ED000
heap
page read and write
1A344C9E000
unkown
page read and write
18215AF3000
heap
page read and write
1A343330000
unkown
page readonly
124CD8C0000
direct allocation
page read and write
18215B32000
heap
page read and write
18215C63000
heap
page read and write
7FF63C787000
unkown
page readonly
2220D3E000
unkown
page read and write
7FF63C771000
unkown
page read and write
18215BEE000
heap
page read and write
18215B56000
heap
page read and write
18215C4D000
heap
page read and write
18215B53000
heap
page read and write
2E1AF080000
direct allocation
page read and write
18215B78000
heap
page read and write
3FDC7DC2000
direct allocation
page execute read
182175D3000
heap
page read and write
18215A30000
heap
page read and write
9FA8CC0000
direct allocation
page read and write
18215B52000
heap
page read and write
18215BE3000
heap
page read and write
182175C1000
heap
page read and write
18215C71000
heap
page read and write
27409040000
direct allocation
page read and write
1821762B000
heap
page read and write
18215C39000
heap
page read and write
18217659000
heap
page read and write
18215B60000
heap
page read and write
18215BE9000
heap
page read and write
1A3453DF000
unkown
page read and write
18215BCC000
heap
page read and write
1A34539E000
unkown
page read and write
18215BE3000
heap
page read and write
18215B76000
heap
page read and write
182176B7000
heap
page read and write
1821767E000
heap
page read and write
18215B5D000
heap
page read and write
18215C3A000
heap
page read and write
1A3453A7000
unkown
page read and write
1821761A000
heap
page read and write
18215C19000
heap
page read and write
3FDC7E82000
direct allocation
page execute read
18215C87000
heap
page read and write
18215BE1000
heap
page read and write
18215BFF000
heap
page read and write
7FF63C76A000
unkown
page read and write
1A3431A0000
unkown
page read and write
1821769E000
heap
page read and write
1A3456A0000
unkown
page readonly
18215AD1000
heap
page read and write
2220E7F000
stack
page read and write
18215CC0000
heap
page read and write
18215BB6000
heap
page read and write
18215B84000
heap
page read and write
182175DD000
heap
page read and write
18215C86000
heap
page read and write
22211FE000
unkown
page readonly
18215B07000
heap
page read and write
1821767F000
heap
page read and write
18215C06000
heap
page read and write
18215A10000
heap
page read and write
39F687C0000
direct allocation
page read and write
3407A780000
direct allocation
page read and write
18215B42000
heap
page read and write
18215B13000
heap
page read and write
18215BEF000
heap
page read and write
7FF63C232000
unkown
page readonly
18215BB6000
heap
page read and write
3E0E2C40000
direct allocation
page read and write
18215BD8000
heap
page read and write
1821769B000
heap
page read and write
1A3471F0000
unkown
page read and write
1A343200000
unkown
page read and write
18215BEF000
heap
page read and write
7FF63C779000
unkown
page read and write
18217618000
heap
page read and write
7FF63B832000
unkown
page readonly
18215C63000
heap
page read and write
70623FF000
stack
page read and write
1A343400000
heap
page read and write
182175DC000
heap
page read and write
18215C21000
heap
page read and write
182175C5000
heap
page read and write
1821764A000
heap
page read and write
18215B61000
heap
page read and write
18217628000
heap
page read and write
18215C2C000
heap
page read and write
18215C01000
heap
page read and write
18215BEE000
heap
page read and write
7FF63C4C8000
unkown
page write copy
E7FA840000
direct allocation
page read and write
18217618000
heap
page read and write
1821765E000
heap
page read and write
18215C0D000
heap
page read and write
2220F7E000
unkown
page read and write
18215C1B000
heap
page read and write
18215B85000
heap
page read and write
18215B83000
heap
page read and write
1851140000
direct allocation
page read and write
22210FE000
unkown
page readonly
18215B3F000
heap
page read and write
18215C57000
heap
page read and write
1A3433A0000
unkown
page readonly
18215C00000
heap
page read and write
18215C3B000
heap
page read and write
18215C19000
heap
page read and write
1A3430C0000
heap
page read and write
18215C39000
heap
page read and write
18215BB0000
heap
page read and write
1821762C000
heap
page read and write
222117C000
unkown
page read and write
182176A5000
heap
page read and write
18215B74000
heap
page read and write
18215C03000
heap
page read and write
18215BD0000
heap
page read and write
18215C16000
heap
page read and write
182175F8000
heap
page read and write
18217618000
heap
page read and write
18215C23000
heap
page read and write
18215AF5000
heap
page read and write
18215B9F000
heap
page read and write
18215BF6000
heap
page read and write
395400000
direct allocation
page read and write
1A345386000
unkown
page read and write
18215BAE000
heap
page read and write
18215BF3000
heap
page read and write
18215BE3000
heap
page read and write
18215B90000
heap
page read and write
18215B78000
heap
page read and write
18215C27000
heap
page read and write
182175DD000
heap
page read and write
222137E000
unkown
page read and write
1F303D40000
direct allocation
page read and write
1A3450A0000
unkown
page read and write
7FF63C4C1000
unkown
page write copy
18215C1B000
heap
page read and write
18215BDC000
heap
page read and write
CBF5640000
direct allocation
page read and write
1A345210000
unkown
page read and write
1A343405000
heap
page read and write
18215BE3000
heap
page read and write
18215AED000
heap
page read and write
18215B3F000
heap
page read and write
18217618000
heap
page read and write
18215B87000
heap
page read and write
18215C57000
heap
page read and write
1821767F000
heap
page read and write
18215BF3000
heap
page read and write
34567080000
direct allocation
page read and write
18215BE9000
heap
page read and write
18217626000
heap
page read and write
182175C6000
heap
page read and write
182175F4000
heap
page read and write
182175CF000
heap
page read and write
22212FE000
unkown
page readonly
18215BB6000
heap
page read and write
18215AD5000
heap
page read and write
18215C5F000
heap
page read and write
18215BDF000
heap
page read and write
18215C4F000
heap
page read and write
1821762C000
heap
page read and write
18217619000
heap
page read and write
70616F5000
stack
page read and write
18215B13000
heap
page read and write
18217618000
heap
page read and write
222107E000
unkown
page read and write
18215BF3000
heap
page read and write
18215AFC000
heap
page read and write
7FF63C4B6000
unkown
page read and write
18215C00000
heap
page read and write
1821764C000
heap
page read and write
18215B66000
heap
page read and write
18215C4B000
heap
page read and write
18215B74000
heap
page read and write
18215B11000
heap
page read and write
182176A5000
heap
page read and write
182175B0000
heap
page read and write
18215BE3000
heap
page read and write
18217650000
heap
page read and write
70619FE000
stack
page read and write
18215B13000
heap
page read and write
18215B83000
heap
page read and write
182176BE000
heap
page read and write
1A343350000
unkown
page read and write
7FF63C4B6000
unkown
page write copy
18215B83000
heap
page read and write
18215BD0000
heap
page read and write
7FF63C76E000
unkown
page read and write
18215B83000
heap
page read and write
1A344CA7000
unkown
page read and write
18215C39000
heap
page read and write
7FF63A7E0000
unkown
page readonly
18215C0D000
heap
page read and write
18217656000
heap
page read and write
18215C2B000
heap
page read and write
7FF63C4C7000
unkown
page write copy
2220FFE000
unkown
page readonly
1821769F000
heap
page read and write
18215C2B000
heap
page read and write
18217654000
heap
page read and write
18215B91000
heap
page read and write
1821767E000
heap
page read and write
18215930000
heap
page read and write
18215C21000
heap
page read and write
18215BB6000
heap
page read and write
2C0FE940000
direct allocation
page read and write
18215C3B000
heap
page read and write
18215BD0000
heap
page read and write
70622FF000
stack
page read and write
1A345302000
unkown
page read and write
18215C1E000
heap
page read and write
7061CFF000
stack
page read and write
18215B8A000
heap
page read and write
1821762C000
heap
page read and write
18215B77000
heap
page read and write
18215B01000
heap
page read and write
3FDC7D82000
direct allocation
page execute read
18215C2C000
heap
page read and write
18215B3C000
heap
page read and write
182176BA000
heap
page read and write
18215C5E000
heap
page read and write
70624FF000
stack
page read and write
18215BD8000
heap
page read and write
3FDC7E42000
direct allocation
page execute read
18215B14000
heap
page read and write
1821764A000
heap
page read and write
182175D4000
heap
page read and write
18215BF6000
heap
page read and write
70617FE000
stack
page read and write
1821769F000
heap
page read and write
18215C0D000
heap
page read and write
18215BE9000
heap
page read and write
18217618000
heap
page read and write
18215C4B000
heap
page read and write
18215C19000
heap
page read and write
1A34527A000
unkown
page read and write
1821765E000
heap
page read and write
182176BE000
heap
page read and write
18215BE3000
heap
page read and write
182176B2000
heap
page read and write
18217622000
heap
page read and write
7FF63A7E1000
unkown
page execute read
70618FE000
stack
page read and write
18215C71000
heap
page read and write
18215B46000
heap
page read and write
18215B71000
heap
page read and write
7FF63C787000
unkown
page readonly
3FDC7E02000
direct allocation
page execute read
1821762C000
heap
page read and write
18215B83000
heap
page read and write
182176C3000
heap
page read and write
18215BE0000
heap
page read and write
182175C6000
heap
page read and write
1A344D50000
heap
page read and write
DB1BC0000
direct allocation
page read and write
222127B000
unkown
page read and write
7FF63C4DB000
unkown
page read and write
18215C2F000
heap
page read and write
18215C00000
heap
page read and write
18215C8E000
heap
page read and write
182176DB000
heap
page read and write
172F40000
direct allocation
page read and write
18215BEF000
heap
page read and write
18215BE9000
heap
page read and write
182176A8000
heap
page read and write
182175EA000
heap
page read and write
1821764A000
heap
page read and write
7FF63A7E0000
unkown
page readonly
1A3430B0000
unkown
page readonly
18215BF3000
heap
page read and write
182175F0000
heap
page read and write
7FF63C4BD000
unkown
page write copy
18215BE9000
heap
page read and write
1821761D000
heap
page read and write
18215BB6000
heap
page read and write
18215BEE000
heap
page read and write
182175C6000
heap
page read and write
18215B5C000
heap
page read and write
18215C6E000
heap
page read and write
182175D6000
heap
page read and write
27908800000
direct allocation
page read and write
18215C0D000
heap
page read and write
18215BE0000
heap
page read and write
18215B56000
heap
page read and write
105DE440000
direct allocation
page read and write
18215C4C000
heap
page read and write
18215C20000
heap
page read and write
18215C27000
heap
page read and write
18215C27000
heap
page read and write
18215C1A000
heap
page read and write
5832200000
direct allocation
page read and write
18215C4B000
heap
page read and write
18215B51000
heap
page read and write
1A344D53000
heap
page read and write
1A3431E1000
unkown
page readonly
18215BE9000
heap
page read and write
18215BF4000
heap
page read and write
1821764B000
heap
page read and write
18215BCC000
heap
page read and write
18215C5D000
heap
page read and write
18215C4B000
heap
page read and write
18215C1B000
heap
page read and write
18215B85000
heap
page read and write
18215C14000
heap
page read and write
18215C4B000
heap
page read and write
18215BEE000
heap
page read and write
7FF63C4D4000
unkown
page write copy
18215B83000
heap
page read and write
18215BDF000
heap
page read and write
347BAAC0000
direct allocation
page read and write
1A345344000
unkown
page read and write
18215B51000
heap
page read and write
1821767E000
heap
page read and write
There are 496 hidden memdumps, click here to show them.