Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Loki.dll.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_Lok_854b105fcaad69833d11c726c849e131e599a12_f58d6082_9dba2821-f4e0-4848-8ddd-18ed2f9dbbed\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_Lok_854b105fcaad69833d11c726c849e131e599a12_f58d6082_c9cac7d9-4b98-4bd9-b74c-cc2857da2bb9\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_Lok_b782053f3f0ac26fd43d6671732ad0e6807ab3_f58d6082_22c71449-6dc8-4223-a80a-d0c15493f78c\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_Lok_b782053f3f0ac26fd43d6671732ad0e6807ab3_f58d6082_da67ddd5-614b-47ce-8b09-19e1b07a4e36\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER66B2.tmp.dmp
|
Mini DuMP crash report, 15 streams, Mon Oct 7 17:32:15 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7401.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER749E.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER88FF.tmp.dmp
|
Mini DuMP crash report, 15 streams, Mon Oct 7 17:32:21 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8B03.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8BC0.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB6B6.tmp.dmp
|
Mini DuMP crash report, 15 streams, Mon Oct 7 17:32:33 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB744.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB7A2.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC1C2.tmp.dmp
|
Mini DuMP crash report, 15 streams, Mon Oct 7 17:32:36 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC25F.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC28F.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 8 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll64.exe
|
loaddll64.exe "C:\Users\user\Desktop\Loki.dll.dll"
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\Loki.dll.dll,Finalize
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\Loki.dll.dll",#1
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\Loki.dll.dll,Initialize
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\Loki.dll.dll,InitializeDataA
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\Loki.dll.dll",Finalize
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\Loki.dll.dll",Initialize
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\Loki.dll.dll",InitializeDataA
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\Loki.dll.dll",InitializeDataW
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\Loki.dll.dll",#1
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 2496 -s 528
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 2496 -s 452
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 5448 -s 516
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 5448 -s 244
|
There are 5 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://myexternalip.com/rawOS=Wi
|
unknown
|
||
|
https://icanhazip.com
|
unknown
|
||
|
http://whatismyip.akamai.comly
|
unknown
|
||
|
https://curl.se/docs/http-cookies.html
|
unknown
|
||
|
https://icanhazip.comPCespace
|
unknown
|
||
|
https://api.myip.la
|
unknown
|
||
|
https://api.myip.laxe_Numom
|
unknown
|
||
|
https://ipinfo.io/ipon
|
unknown
|
||
|
https://myexternalip.com/rawITECT
|
unknown
|
||
|
http://whatismyip.akamai.comNGmem
|
unknown
|
||
|
https://myexternalip.com/raw6)=C:Mg#
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
https://curl.se/docs/alt-svc.html
|
unknown
|
||
|
https://api.ggn.live/api/configs/public-ip
|
unknown
|
||
|
https://myexternalip.com/raw
|
unknown
|
||
|
https://curl.se/docs/hsts.html
|
unknown
|
||
|
https://ipinfo.io/ipData
|
unknown
|
||
|
https://icanhazip.comonUsers
|
unknown
|
||
|
http://whatismyip.akamai.comem1.
|
unknown
|
||
|
http://whatismyip.akamai.comemILhg
|
unknown
|
||
|
https://api.myip.la07ilesCoNg
|
unknown
|
||
|
https://api.ggn.live/api/configs/public-ip85P
|
unknown
|
||
|
https://api.myip.laq
|
unknown
|
||
|
https://ipinfo.io/ipE=ALD64umCo
|
unknown
|
||
|
https://api.myip.la6)
|
unknown
|
||
|
https://ipinfo.io/iplRINGmS;.g
|
unknown
|
||
|
https://icanhazip.coms(x86)=C:
|
unknown
|
||
|
http://whatismyip.akamai.com
|
unknown
|
||
|
https://icanhazip.comamespacezg
|
unknown
|
||
|
https://api.myip.lall
|
unknown
|
||
|
https://ipinfo.io/ip
|
unknown
|
There are 21 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{bb294b0a-8b35-5c53-c9c9-fde54db8401c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProgramId
|
||
|
\REGISTRY\A\{bb294b0a-8b35-5c53-c9c9-fde54db8401c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
FileId
|
||
|
\REGISTRY\A\{bb294b0a-8b35-5c53-c9c9-fde54db8401c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{bb294b0a-8b35-5c53-c9c9-fde54db8401c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LongPathHash
|
||
|
\REGISTRY\A\{bb294b0a-8b35-5c53-c9c9-fde54db8401c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Name
|
||
|
\REGISTRY\A\{bb294b0a-8b35-5c53-c9c9-fde54db8401c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
OriginalFileName
|
||
|
\REGISTRY\A\{bb294b0a-8b35-5c53-c9c9-fde54db8401c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Publisher
|
||
|
\REGISTRY\A\{bb294b0a-8b35-5c53-c9c9-fde54db8401c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Version
|
||
|
\REGISTRY\A\{bb294b0a-8b35-5c53-c9c9-fde54db8401c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinFileVersion
|
||
|
\REGISTRY\A\{bb294b0a-8b35-5c53-c9c9-fde54db8401c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinaryType
|
||
|
\REGISTRY\A\{bb294b0a-8b35-5c53-c9c9-fde54db8401c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductName
|
||
|
\REGISTRY\A\{bb294b0a-8b35-5c53-c9c9-fde54db8401c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductVersion
|
||
|
\REGISTRY\A\{bb294b0a-8b35-5c53-c9c9-fde54db8401c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LinkDate
|
||
|
\REGISTRY\A\{bb294b0a-8b35-5c53-c9c9-fde54db8401c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinProductVersion
|
||
|
\REGISTRY\A\{bb294b0a-8b35-5c53-c9c9-fde54db8401c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{bb294b0a-8b35-5c53-c9c9-fde54db8401c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{bb294b0a-8b35-5c53-c9c9-fde54db8401c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Size
|
||
|
\REGISTRY\A\{bb294b0a-8b35-5c53-c9c9-fde54db8401c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Language
|
||
|
\REGISTRY\A\{bb294b0a-8b35-5c53-c9c9-fde54db8401c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsOsComponent
|
||
|
\REGISTRY\A\{bb294b0a-8b35-5c53-c9c9-fde54db8401c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Usn
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018000DDABBE6B3
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018000DDABBE6B3
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018000DDABBE6B3
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018000DDABBE6B3
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
There are 20 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2146D000000
|
direct allocation
|
page read and write
|
||
|
7FFD8F73A000
|
unkown
|
page execute read
|
||
|
2146B6E0000
|
heap
|
page read and write
|
||
|
18301960000
|
heap
|
page read and write
|
||
|
1D1C9315000
|
heap
|
page read and write
|
||
|
21815922000
|
direct allocation
|
page readonly
|
||
|
7FFD926E6000
|
unkown
|
page execute read
|
||
|
218132B0000
|
heap
|
page read and write
|
||
|
14A186FF000
|
direct allocation
|
page readonly
|
||
|
7FFD926E6000
|
unkown
|
page execute read
|
||
|
1B229AB6000
|
heap
|
page read and write
|
||
|
14A16C00000
|
heap
|
page read and write
|
||
|
21813660000
|
heap
|
page read and write
|
||
|
2D6821C2000
|
direct allocation
|
page readonly
|
||
|
7FFD930E6000
|
unkown
|
page execute read
|
||
|
7FFD8F553000
|
unkown
|
page execute read
|
||
|
A81EFC000
|
stack
|
page read and write
|
||
|
21815931000
|
direct allocation
|
page read and write
|
||
|
1B22C1C1000
|
direct allocation
|
page read and write
|
||
|
14A16D4B000
|
heap
|
page read and write
|
||
|
22B503F0000
|
trusted library allocation
|
page read and write
|
||
|
14A16D46000
|
heap
|
page read and write
|
||
|
7FFD8F553000
|
unkown
|
page execute read
|
||
|
2D6FCBC0000
|
heap
|
page read and write
|
||
|
7FFD91CE6000
|
unkown
|
page execute read
|
||
|
2146B546000
|
heap
|
page read and write
|
||
|
1B2299D0000
|
heap
|
page read and write
|
||
|
2181337C000
|
heap
|
page read and write
|
||
|
2146B760000
|
heap
|
page read and write
|
||
|
18301AA8000
|
direct allocation
|
page read and write
|
||
|
14A18910000
|
direct allocation
|
page read and write
|
||
|
1D1C93D3000
|
direct allocation
|
page read and write
|
||
|
857007E000
|
stack
|
page read and write
|
||
|
7FFD912E6000
|
unkown
|
page execute read
|
||
|
7FFD90164000
|
unkown
|
page execute read
|
||
|
75CEDFE000
|
stack
|
page read and write
|
||
|
21813510000
|
trusted library allocation
|
page read and write
|
||
|
1C53EF48000
|
heap
|
page read and write
|
||
|
75CECFE000
|
stack
|
page read and write
|
||
|
18301A50000
|
direct allocation
|
page read and write
|
||
|
14A16CDE000
|
heap
|
page read and write
|
||
|
7FFD8F526000
|
unkown
|
page execute read
|
||
|
7FFD8F713000
|
unkown
|
page read and write
|
||
|
2146B549000
|
heap
|
page read and write
|
||
|
2146B4A0000
|
trusted library allocation
|
page read and write
|
||
|
1B22B4A0000
|
heap
|
page read and write
|
||
|
218135B0000
|
heap
|
page read and write
|
||
|
DDB55FF000
|
stack
|
page read and write
|
||
|
1D1C914C000
|
direct allocation
|
page readonly
|
||
|
1B229AC0000
|
heap
|
page read and write
|
||
|
2D6FCC25000
|
heap
|
page read and write
|
||
|
1C53D4E0000
|
trusted library allocation
|
page read and write
|
||
|
2146D100000
|
heap
|
page read and write
|
||
|
1D1C7985000
|
heap
|
page read and write
|
||
|
7FFD8F764000
|
unkown
|
page execute read
|
||
|
1837E357000
|
heap
|
page read and write
|
||
|
183017D0000
|
trusted library allocation
|
page read and write
|
||
|
24CEE7D000
|
stack
|
page read and write
|
||
|
7FFD9319A000
|
unkown
|
page readonly
|
||
|
7FFD8F71B000
|
unkown
|
page read and write
|
||
|
2146D001000
|
direct allocation
|
page execute read
|
||
|
1B22C1B2000
|
direct allocation
|
page readonly
|
||
|
2146D01C000
|
direct allocation
|
page readonly
|
||
|
7FFD8F764000
|
unkown
|
page execute read
|
||
|
18F697F000
|
stack
|
page read and write
|
||
|
7FFD8F564000
|
unkown
|
page execute read
|
||
|
1C53D2E6000
|
heap
|
page read and write
|
||
|
1B229A20000
|
heap
|
page read and write
|
||
|
2146B480000
|
trusted library allocation
|
page read and write
|
||
|
1D1C9E96000
|
direct allocation
|
page readonly
|
||
|
7FFD8F72E000
|
unkown
|
page execute read
|
||
|
18301F40000
|
direct allocation
|
page read and write
|
||
|
1C53D4F0000
|
heap
|
page read and write
|
||
|
7FFD8F564000
|
unkown
|
page execute read
|
||
|
1B229A4B000
|
heap
|
page read and write
|
||
|
14A18A27000
|
heap
|
page read and write
|
||
|
1C318FF000
|
stack
|
page read and write
|
||
|
1C53D280000
|
heap
|
page read and write
|
||
|
14A18963000
|
direct allocation
|
page read and write
|
||
|
2D68216D000
|
direct allocation
|
page readonly
|
||
|
7FFD8F65B000
|
unkown
|
page readonly
|
||
|
18301B4B000
|
heap
|
page read and write
|
||
|
183020C6000
|
direct allocation
|
page readonly
|
||
|
1B229B50000
|
trusted library allocation
|
page read and write
|
||
|
1B229A57000
|
heap
|
page read and write
|
||
|
7FFD8F526000
|
unkown
|
page execute read
|
||
|
14A19421000
|
direct allocation
|
page read and write
|
||
|
18301AA3000
|
direct allocation
|
page read and write
|
||
|
1B22C1A6000
|
direct allocation
|
page read and write
|
||
|
1C53D27B000
|
heap
|
page read and write
|
||
|
1C3167C000
|
stack
|
page read and write
|
||
|
2D6FCC8B000
|
heap
|
page read and write
|
||
|
1C53EEE1000
|
direct allocation
|
page execute read
|
||
|
2D6FCCFC000
|
heap
|
page read and write
|
||
|
1B229A49000
|
heap
|
page read and write
|
||
|
70C57FD000
|
stack
|
page read and write
|
||
|
7FFD8F73A000
|
unkown
|
page execute read
|
||
|
18301CC3000
|
heap
|
page read and write
|
||
|
24CEEFF000
|
stack
|
page read and write
|
||
|
2D6818BC000
|
direct allocation
|
page readonly
|
||
|
1B229A28000
|
heap
|
page read and write
|
||
|
1C53D4C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD912E5000
|
unkown
|
page read and write
|
||
|
218134B0000
|
heap
|
page read and write
|
||
|
856FBDC000
|
stack
|
page read and write
|
||
|
7FFD8F526000
|
unkown
|
page execute read
|
||
|
183019BC000
|
direct allocation
|
page readonly
|
||
|
1C53F8ED000
|
direct allocation
|
page readonly
|
||
|
1B229C00000
|
heap
|
page read and write
|
||
|
1D1C9130000
|
direct allocation
|
page read and write
|
||
|
7FFD930E6000
|
unkown
|
page execute read
|
||
|
1837E180000
|
heap
|
page read and write
|
||
|
2146B4DE000
|
heap
|
page read and write
|
||
|
2146B4E6000
|
heap
|
page read and write
|
||
|
1C53EDD0000
|
heap
|
page read and write
|
||
|
DB96FAC000
|
stack
|
page read and write
|
||
|
7FFD8F679000
|
unkown
|
page readonly
|
||
|
21813310000
|
heap
|
page read and write
|
||
|
22B51DC0000
|
heap
|
page read and write
|
||
|
1C53D2EB000
|
heap
|
page read and write
|
||
|
1D1C76C0000
|
heap
|
page read and write
|
||
|
7FFD8F746000
|
unkown
|
page execute read
|
||
|
2146B680000
|
trusted library allocation
|
page read and write
|
||
|
1D1C7740000
|
trusted library allocation
|
page read and write
|
||
|
856FEFE000
|
stack
|
page read and write
|
||
|
7FFD912E5000
|
unkown
|
page read and write
|
||
|
1D1C9D11000
|
direct allocation
|
page execute read
|
||
|
2D6821D6000
|
direct allocation
|
page readonly
|
||
|
1D1C9131000
|
direct allocation
|
page execute read
|
||
|
2146B54B000
|
heap
|
page read and write
|
||
|
1D1C9E2D000
|
direct allocation
|
page readonly
|
||
|
14A16C20000
|
heap
|
page read and write
|
||
|
14A192A1000
|
direct allocation
|
page execute read
|
||
|
1837E2C8000
|
heap
|
page read and write
|
||
|
2D6821B6000
|
direct allocation
|
page read and write
|
||
|
1B22C15D000
|
direct allocation
|
page readonly
|
||
|
7FFD8F764000
|
unkown
|
page execute read
|
||
|
1C53EEFC000
|
direct allocation
|
page readonly
|
||
|
7FFD90164000
|
unkown
|
page execute read
|
||
|
2181512D000
|
heap
|
page read and write
|
||
|
2D6817D0000
|
trusted library allocation
|
page read and write
|
||
|
22B503E0000
|
trusted library allocation
|
page read and write
|
||
|
2146DC96000
|
direct allocation
|
page readonly
|
||
|
21814FB5000
|
heap
|
page read and write
|
||
|
218132EE000
|
heap
|
page read and write
|
||
|
1C53D250000
|
heap
|
page read and write
|
||
|
7FFD8F556000
|
unkown
|
page execute read
|
||
|
1D1C7950000
|
heap
|
page read and write
|
||
|
1D1C7980000
|
heap
|
page read and write
|
||
|
7FFD8F560000
|
unkown
|
page execute read
|
||
|
1B229ABB000
|
heap
|
page read and write
|
||
|
2D6FCCFD000
|
heap
|
page read and write
|
||
|
14A16CE6000
|
heap
|
page read and write
|
||
|
21815916000
|
direct allocation
|
page read and write
|
||
|
1B229AB7000
|
heap
|
page read and write
|
||
|
22B50380000
|
heap
|
page read and write
|
||
|
1D1C948D000
|
heap
|
page read and write
|
||
|
21815936000
|
direct allocation
|
page readonly
|
||
|
24CEF01000
|
stack
|
page read and write
|
||
|
22B503F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD8F556000
|
unkown
|
page execute read
|
||
|
1C53D2E9000
|
heap
|
page read and write
|
||
|
1C53D27F000
|
heap
|
page read and write
|
||
|
2D6FCBE0000
|
heap
|
page read and write
|
||
|
183019A0000
|
direct allocation
|
page read and write
|
||
|
7FFD8F740000
|
unkown
|
page execute read
|
||
|
2D6818CC000
|
direct allocation
|
page readonly
|
||
|
7FFD8F73A000
|
unkown
|
page execute read
|
||
|
14A19426000
|
direct allocation
|
page readonly
|
||
|
2146D00F000
|
direct allocation
|
page readonly
|
||
|
2D682050000
|
direct allocation
|
page read and write
|
||
|
856FE7F000
|
stack
|
page read and write
|
||
|
2146D11F000
|
heap
|
page read and write
|
||
|
18301F41000
|
direct allocation
|
page execute read
|
||
|
2D681810000
|
trusted library allocation
|
page read and write
|
||
|
1C317FE000
|
stack
|
page read and write
|
||
|
18F68FF000
|
stack
|
page read and write
|
||
|
7FFD91CE6000
|
unkown
|
page execute read
|
||
|
2146D0C3000
|
direct allocation
|
page read and write
|
||
|
7FFD8F730000
|
unkown
|
page execute read
|
||
|
2D681A52000
|
heap
|
page read and write
|
||
|
21814F00000
|
direct allocation
|
page read and write
|
||
|
22B51EF0000
|
heap
|
page read and write
|
||
|
1C53D258000
|
heap
|
page read and write
|
||
|
218158CD000
|
direct allocation
|
page readonly
|
||
|
1C53F7D1000
|
direct allocation
|
page execute read
|
||
|
2146B4B8000
|
heap
|
page read and write
|
||
|
7FFD8F528000
|
unkown
|
page execute read
|
||
|
2D6817D0000
|
heap
|
page read and write
|
||
|
7FFD8F736000
|
unkown
|
page execute read
|
||
|
7FFD8F54D000
|
unkown
|
page execute read
|
||
|
18F687F000
|
stack
|
page read and write
|
||
|
1D1C784B000
|
heap
|
page read and write
|
||
|
7FFD8F4D2000
|
unkown
|
page execute read
|
||
|
14A186F1000
|
direct allocation
|
page execute read
|
||
|
2146B400000
|
heap
|
page read and write
|
||
|
1D1C9E82000
|
direct allocation
|
page readonly
|
||
|
1C53D2E7000
|
heap
|
page read and write
|
||
|
7FFD912E6000
|
unkown
|
page execute read
|
||
|
14A192A0000
|
direct allocation
|
page read and write
|
||
|
14A16D49000
|
heap
|
page read and write
|
||
|
7FFD8F54D000
|
unkown
|
page execute read
|
||
|
14A16EF0000
|
heap
|
page read and write
|
||
|
1C53D279000
|
heap
|
page read and write
|
||
|
A81E7F000
|
stack
|
page read and write
|
||
|
1C53F956000
|
direct allocation
|
page readonly
|
||
|
1D1C9F07000
|
direct allocation
|
page read and write
|
||
|
218135CF000
|
direct allocation
|
page readonly
|
||
|
1B2299B0000
|
heap
|
page read and write
|
||
|
1837E2C0000
|
heap
|
page read and write
|
||
|
2D6FCC8D000
|
heap
|
page read and write
|
||
|
7FFD8F4C1000
|
unkown
|
page execute read
|
||
|
18301B30000
|
heap
|
page read and write
|
||
|
DB972FF000
|
stack
|
page read and write
|
||
|
1C53EEEC000
|
direct allocation
|
page readonly
|
||
|
14A18968000
|
direct allocation
|
page read and write
|
||
|
7FFD8F52F000
|
unkown
|
page execute read
|
||
|
2D681950000
|
heap
|
page read and write
|
||
|
7FFD8F553000
|
unkown
|
page execute read
|
||
|
7FFD8F71B000
|
unkown
|
page read and write
|
||
|
1D1C913C000
|
direct allocation
|
page readonly
|
||
|
1C53D286000
|
heap
|
page read and write
|
||
|
A81F7F000
|
stack
|
page read and write
|
||
|
1B22B4CC000
|
direct allocation
|
page readonly
|
||
|
7FFD8F713000
|
unkown
|
page read and write
|
||
|
7FFD90B64000
|
unkown
|
page execute read
|
||
|
7FFD8F556000
|
unkown
|
page execute read
|
||
|
7FFD8F538000
|
unkown
|
page execute read
|
||
|
1B229C05000
|
heap
|
page read and write
|
||
|
7FFD8F4C1000
|
unkown
|
page execute read
|
||
|
218135C1000
|
direct allocation
|
page execute read
|
||
|
75CE9FF000
|
stack
|
page read and write
|
||
|
1B229ABA000
|
heap
|
page read and write
|
||
|
14A16E80000
|
trusted library allocation
|
page read and write
|
||
|
7FFD8F538000
|
unkown
|
page execute read
|
||
|
18F6A7E000
|
stack
|
page read and write
|
||
|
14A188AF000
|
heap
|
page read and write
|
||
|
1B22C041000
|
direct allocation
|
page execute read
|
||
|
2D6821D1000
|
direct allocation
|
page read and write
|
||
|
1C53D440000
|
heap
|
page read and write
|
||
|
1D1C9210000
|
heap
|
page read and write
|
||
|
21813510000
|
trusted library allocation
|
page read and write
|
||
|
18F69FD000
|
stack
|
page read and write
|
||
|
2146B550000
|
heap
|
page read and write
|
||
|
7FFD8F736000
|
unkown
|
page execute read
|
||
|
22B5046D000
|
heap
|
page read and write
|
||
|
2D682051000
|
direct allocation
|
page execute read
|
||
|
7FFD8F528000
|
unkown
|
page execute read
|
||
|
1C53F942000
|
direct allocation
|
page readonly
|
||
|
2D6818BF000
|
direct allocation
|
page readonly
|
||
|
14A16C80000
|
trusted library allocation
|
page read and write
|
||
|
14A16BF0000
|
heap
|
page read and write
|
||
|
14A16E80000
|
trusted library allocation
|
page read and write
|
||
|
1B22B4B0000
|
direct allocation
|
page read and write
|
||
|
18F658C000
|
stack
|
page read and write
|
||
|
7FFD8F71B000
|
unkown
|
page read and write
|
||
|
1830205D000
|
direct allocation
|
page readonly
|
||
|
7FFD90164000
|
unkown
|
page execute read
|
||
|
7FFD91CE6000
|
unkown
|
page execute read
|
||
|
7FFD8F72E000
|
unkown
|
page execute read
|
||
|
1837E500000
|
heap
|
page read and write
|
||
|
24CED7E000
|
stack
|
page read and write
|
||
|
1C53F951000
|
direct allocation
|
page read and write
|
||
|
183020C1000
|
direct allocation
|
page read and write
|
||
|
2D681BCA000
|
heap
|
page read and write
|
||
|
1C53D520000
|
trusted library allocation
|
page read and write
|
||
|
21813377000
|
heap
|
page read and write
|
||
|
7FFD8F740000
|
unkown
|
page execute read
|
||
|
75CED7D000
|
stack
|
page read and write
|
||
|
2D681BF3000
|
direct allocation
|
page read and write
|
||
|
218135CC000
|
direct allocation
|
page readonly
|
||
|
1D1C9380000
|
direct allocation
|
page read and write
|
||
|
2146B4E6000
|
heap
|
page read and write
|
||
|
1D1C913F000
|
direct allocation
|
page readonly
|
||
|
14A16CB0000
|
heap
|
page read and write
|
||
|
183019A1000
|
direct allocation
|
page execute read
|
||
|
2D6FCC68000
|
heap
|
page read and write
|
||
|
7FFD8F72E000
|
unkown
|
page execute read
|
||
|
2146B4D5000
|
heap
|
page read and write
|
||
|
22B51DC0000
|
heap
|
page read and write
|
||
|
856FF7F000
|
stack
|
page read and write
|
||
|
2D6818B1000
|
direct allocation
|
page execute read
|
||
|
7FFD8F75E000
|
unkown
|
page read and write
|
||
|
856FFFD000
|
stack
|
page read and write
|
||
|
DB9727E000
|
stack
|
page read and write
|
||
|
2146B4D4000
|
heap
|
page read and write
|
||
|
7FFD8F560000
|
unkown
|
page execute read
|
||
|
1C53D27F000
|
heap
|
page read and write
|
||
|
2D682247000
|
direct allocation
|
page read and write
|
||
|
183020B2000
|
direct allocation
|
page readonly
|
||
|
218132E0000
|
heap
|
page read and write
|
||
|
2146B547000
|
heap
|
page read and write
|
||
|
21813530000
|
trusted library allocation
|
page read and write
|
||
|
24CECFF000
|
stack
|
page read and write
|
||
|
183020A6000
|
direct allocation
|
page read and write
|
||
|
218135C0000
|
direct allocation
|
page read and write
|
||
|
2D6FCCF9000
|
heap
|
page read and write
|
||
|
7FFD8F4C1000
|
unkown
|
page execute read
|
||
|
1D1C7740000
|
trusted library allocation
|
page read and write
|
||
|
18302137000
|
direct allocation
|
page read and write
|
||
|
1B229B50000
|
trusted library allocation
|
page read and write
|
||
|
1B22C1C6000
|
direct allocation
|
page readonly
|
||
|
183019AF000
|
direct allocation
|
page readonly
|
||
|
7FFD8F4C0000
|
unkown
|
page readonly
|
||
|
70C58E6000
|
stack
|
page read and write
|
||
|
2146B4B0000
|
heap
|
page read and write
|
||
|
22B503E0000
|
trusted library allocation
|
page read and write
|
||
|
70C577F000
|
stack
|
page read and write
|
||
|
14A16CB8000
|
heap
|
page read and write
|
||
|
7FFD8F4C0000
|
unkown
|
page readonly
|
||
|
1C53D4C0000
|
trusted library allocation
|
page read and write
|
||
|
22B502A0000
|
heap
|
page read and write
|
||
|
14A187A0000
|
heap
|
page read and write
|
||
|
14A186F0000
|
direct allocation
|
page read and write
|
||
|
1B2298D0000
|
heap
|
page read and write
|
||
|
7FFD8F4D2000
|
unkown
|
page execute read
|
||
|
1C53EE93000
|
direct allocation
|
page read and write
|
||
|
1C53F936000
|
direct allocation
|
page read and write
|
||
|
1C53EE40000
|
direct allocation
|
page read and write
|
||
|
1837E260000
|
heap
|
page read and write
|
||
|
14A16F40000
|
heap
|
page read and write
|
||
|
1C53D460000
|
heap
|
page read and write
|
||
|
2146B3F0000
|
heap
|
page read and write
|
||
|
7FFD8F736000
|
unkown
|
page execute read
|
||
|
7FFD912E5000
|
unkown
|
page read and write
|
||
|
24CEC7C000
|
stack
|
page read and write
|
||
|
7FFD8F746000
|
unkown
|
page execute read
|
||
|
2146B4D9000
|
heap
|
page read and write
|
||
|
218132C0000
|
heap
|
page read and write
|
||
|
1B22B7BD000
|
heap
|
page read and write
|
||
|
2D6FCC20000
|
heap
|
page read and write
|
||
|
22B503C0000
|
heap
|
page read and write
|
||
|
1D1C77B8000
|
heap
|
page read and write
|
||
|
7FFD8F52F000
|
unkown
|
page execute read
|
||
|
7FFD8F740000
|
unkown
|
page execute read
|
||
|
7FFD8F54D000
|
unkown
|
page execute read
|
||
|
2146B4DB000
|
heap
|
page read and write
|
||
|
2D6818B0000
|
direct allocation
|
page read and write
|
||
|
7FFD8F560000
|
unkown
|
page execute read
|
||
|
7FFD926E6000
|
unkown
|
page execute read
|
||
|
7FFD8F538000
|
unkown
|
page execute read
|
||
|
7FFD8F75E000
|
unkown
|
page read and write
|
||
|
2D6817D0000
|
trusted library allocation
|
page read and write
|
||
|
1837E280000
|
heap
|
page read and write
|
||
|
1B22B4BF000
|
direct allocation
|
page readonly
|
||
|
7FFD8F71C000
|
unkown
|
page readonly
|
||
|
7FFD9319A000
|
unkown
|
page readonly
|
||
|
22B5048C000
|
heap
|
page read and write
|
||
|
21814FA0000
|
heap
|
page read and write
|
||
|
7FFD8F71C000
|
unkown
|
page readonly
|
||
|
21813530000
|
trusted library allocation
|
page read and write
|
||
|
A81ACC000
|
stack
|
page read and write
|
||
|
7FFD8F730000
|
unkown
|
page execute read
|
||
|
22B503C0000
|
heap
|
page read and write
|
||
|
2D681810000
|
trusted library allocation
|
page read and write
|
||
|
7FFD8F71C000
|
unkown
|
page readonly
|
||
|
2146DC91000
|
direct allocation
|
page read and write
|
||
|
1C53D620000
|
heap
|
page read and write
|
||
|
7FFD8F528000
|
unkown
|
page execute read
|
||
|
14A19406000
|
direct allocation
|
page read and write
|
||
|
1B22B630000
|
heap
|
page read and write
|
||
|
7FFD8F65B000
|
unkown
|
page readonly
|
||
|
14A1870C000
|
direct allocation
|
page readonly
|
||
|
14A16CA0000
|
trusted library allocation
|
page read and write
|
||
|
183017D0000
|
trusted library allocation
|
page read and write
|
||
|
14A19412000
|
direct allocation
|
page readonly
|
||
|
21813665000
|
heap
|
page read and write
|
||
|
22B50469000
|
heap
|
page read and write
|
||
|
1D1C7847000
|
heap
|
page read and write
|
||
|
7FFD8F679000
|
unkown
|
page readonly
|
||
|
1C53F7D0000
|
direct allocation
|
page read and write
|
||
|
7FFD8F75E000
|
unkown
|
page read and write
|
||
|
7FFD90B64000
|
unkown
|
page execute read
|
||
|
1B22C040000
|
direct allocation
|
page read and write
|
||
|
2146D297000
|
heap
|
page read and write
|
||
|
7FFD90B64000
|
unkown
|
page execute read
|
||
|
14A186FC000
|
direct allocation
|
page readonly
|
||
|
14A16F45000
|
heap
|
page read and write
|
||
|
2146B420000
|
heap
|
page read and write
|
||
|
218135DC000
|
direct allocation
|
page readonly
|
||
|
75CEC7E000
|
stack
|
page read and write
|
||
|
1D1C9E76000
|
direct allocation
|
page read and write
|
||
|
1D1C77B0000
|
heap
|
page read and write
|
||
|
70C56FF000
|
stack
|
page read and write
|
||
|
DDB56FF000
|
stack
|
page read and write
|
||
|
2D681BA0000
|
direct allocation
|
page read and write
|
||
|
1D1C76E0000
|
heap
|
page read and write
|
||
|
1C53EEE0000
|
direct allocation
|
page read and write
|
||
|
1B22B4B1000
|
direct allocation
|
page execute read
|
||
|
1C53D5F0000
|
heap
|
page read and write
|
||
|
7FFD8F4D2000
|
unkown
|
page execute read
|
||
|
70C587E000
|
stack
|
page read and write
|
||
|
2146D070000
|
direct allocation
|
page read and write
|
||
|
7FFD8F713000
|
unkown
|
page read and write
|
||
|
7FFD930E6000
|
unkown
|
page execute read
|
||
|
2146DB11000
|
direct allocation
|
page execute read
|
||
|
14A16D47000
|
heap
|
page read and write
|
||
|
1B22B4BC000
|
direct allocation
|
page readonly
|
||
|
2146DC76000
|
direct allocation
|
page read and write
|
||
|
7FFD8F4C0000
|
unkown
|
page readonly
|
||
|
70C567C000
|
stack
|
page read and write
|
||
|
218157B0000
|
direct allocation
|
page read and write
|
||
|
1C3187D000
|
stack
|
page read and write
|
||
|
21813550000
|
unclassified section
|
page read and write
|
||
|
1C53EEEF000
|
direct allocation
|
page readonly
|
||
|
1837E35B000
|
heap
|
page read and write
|
||
|
7FFD8F65B000
|
unkown
|
page readonly
|
||
|
2D6FCCF9000
|
heap
|
page read and write
|
||
|
1837E505000
|
heap
|
page read and write
|
||
|
2146DC2D000
|
direct allocation
|
page readonly
|
||
|
2146B765000
|
heap
|
page read and write
|
||
|
2D6FCBB0000
|
heap
|
page read and write
|
||
|
7FFD8F564000
|
unkown
|
page execute read
|
||
|
218157B1000
|
direct allocation
|
page execute read
|
||
|
1D1C75E0000
|
heap
|
page read and write
|
||
|
2D6FCC60000
|
heap
|
page read and write
|
||
|
2146DC82000
|
direct allocation
|
page readonly
|
||
|
1D1C9D10000
|
direct allocation
|
page read and write
|
||
|
1B229A4E000
|
heap
|
page read and write
|
||
|
1B229B30000
|
trusted library allocation
|
page read and write
|
||
|
1C53D360000
|
heap
|
page read and write
|
||
|
7FFD9319A000
|
unkown
|
page readonly
|
||
|
7FFD8F746000
|
unkown
|
page execute read
|
||
|
14A193BD000
|
direct allocation
|
page readonly
|
||
|
7FFD8F730000
|
unkown
|
page execute read
|
||
|
7FFD8F52F000
|
unkown
|
page execute read
|
||
|
21814F53000
|
direct allocation
|
page read and write
|
||
|
1B229B30000
|
trusted library allocation
|
page read and write
|
||
|
2D681870000
|
heap
|
page read and write
|
||
|
DDB54FC000
|
stack
|
page read and write
|
||
|
1D1C9E91000
|
direct allocation
|
page read and write
|
||
|
218132E8000
|
heap
|
page read and write
|
||
|
2D6FCC87000
|
heap
|
page read and write
|
||
|
1C53D625000
|
heap
|
page read and write
|
||
|
2146DB10000
|
direct allocation
|
page read and write
|
||
|
7FFD912E6000
|
unkown
|
page execute read
|
||
|
183019AC000
|
direct allocation
|
page readonly
|
||
|
24CEDFF000
|
stack
|
page read and write
|
||
|
1B22B590000
|
direct allocation
|
page read and write
|
||
|
1B22B645000
|
heap
|
page read and write
|
||
|
2146D00C000
|
direct allocation
|
page readonly
|
||
|
75CE97C000
|
stack
|
page read and write
|
||
|
1B22B5E3000
|
direct allocation
|
page read and write
|
||
|
22B50460000
|
heap
|
page read and write
|
||
|
7FFD8F679000
|
unkown
|
page readonly
|
||
|
2146B680000
|
trusted library allocation
|
page read and write
|
There are 436 hidden memdumps, click here to show them.