Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
vulkan-1.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
initial sample
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_vul_8a98533a1ee59e3066e2be1dd9ba698f1f7c53_20b95fe6_efed0deb-ab6a-419b-abdf-f64dadf15c15\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_vul_8a98533a1ee59e3066e2be1dd9ba698f1f7c53_20b95fe6_f1d6bd2e-9a5c-402a-bf9b-fffb0991a373\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_vul_d2be42f9ca26f5b1c98ace275864247822806def_20b95fe6_fb6bb36d-6fd7-4e37-9ac7-808a63498779\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_vul_f81a78fb38adc0648cfeb4514965597f248381b_20b95fe6_2b7c5b8b-ad79-4160-9e69-1ee53bd9092b\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER677D.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Apr 24 12:40:22 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER67FB.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Apr 24 12:40:22 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6849.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6879.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6898.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6906.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7335.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Apr 24 12:40:25 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7430.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7460.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7F1C.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Apr 24 12:40:28 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7F7A.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7F9B.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 8 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll64.exe
|
loaddll64.exe "C:\Users\user\Desktop\vulkan-1.dll"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\vulkan-1.dll",#1
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\vulkan-1.dll,vkAcquireNextImage2KHR
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\vulkan-1.dll",#1
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7352 -s 316
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7368 -s 348
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\vulkan-1.dll,vkAcquireNextImageKHR
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7632 -s 340
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\vulkan-1.dll,vkAllocateCommandBuffers
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7776 -s 348
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\vulkan-1.dll",vkAcquireNextImage2KHR
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\vulkan-1.dll",vkAcquireNextImageKHR
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\vulkan-1.dll",vkAllocateCommandBuffers
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\vulkan-1.dll",vkWaitSemaphores
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\vulkan-1.dll",vkWaitForFences
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\vulkan-1.dll",vkUpdateDescriptorSets
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\vulkan-1.dll",vkUpdateDescriptorSetWithTemplate
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\vulkan-1.dll",vkUnmapMemory
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\vulkan-1.dll",vkTrimCommandPool
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\vulkan-1.dll",vkSignalSemaphore
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\vulkan-1.dll",vkSetPrivateData
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\vulkan-1.dll",vkSetEvent
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\vulkan-1.dll",vkResetQueryPool
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\vulkan-1.dll",vkResetFences
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\vulkan-1.dll",vkResetEvent
|
There are 16 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://upx.sf.net
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{ad7913db-2518-55c1-88f3-776aa89331e9}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProgramId
|
||
|
\REGISTRY\A\{ad7913db-2518-55c1-88f3-776aa89331e9}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
FileId
|
||
|
\REGISTRY\A\{ad7913db-2518-55c1-88f3-776aa89331e9}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{ad7913db-2518-55c1-88f3-776aa89331e9}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LongPathHash
|
||
|
\REGISTRY\A\{ad7913db-2518-55c1-88f3-776aa89331e9}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Name
|
||
|
\REGISTRY\A\{ad7913db-2518-55c1-88f3-776aa89331e9}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
OriginalFileName
|
||
|
\REGISTRY\A\{ad7913db-2518-55c1-88f3-776aa89331e9}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Publisher
|
||
|
\REGISTRY\A\{ad7913db-2518-55c1-88f3-776aa89331e9}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Version
|
||
|
\REGISTRY\A\{ad7913db-2518-55c1-88f3-776aa89331e9}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinFileVersion
|
||
|
\REGISTRY\A\{ad7913db-2518-55c1-88f3-776aa89331e9}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinaryType
|
||
|
\REGISTRY\A\{ad7913db-2518-55c1-88f3-776aa89331e9}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductName
|
||
|
\REGISTRY\A\{ad7913db-2518-55c1-88f3-776aa89331e9}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductVersion
|
||
|
\REGISTRY\A\{ad7913db-2518-55c1-88f3-776aa89331e9}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LinkDate
|
||
|
\REGISTRY\A\{ad7913db-2518-55c1-88f3-776aa89331e9}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinProductVersion
|
||
|
\REGISTRY\A\{ad7913db-2518-55c1-88f3-776aa89331e9}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{ad7913db-2518-55c1-88f3-776aa89331e9}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{ad7913db-2518-55c1-88f3-776aa89331e9}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Size
|
||
|
\REGISTRY\A\{ad7913db-2518-55c1-88f3-776aa89331e9}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Language
|
||
|
\REGISTRY\A\{ad7913db-2518-55c1-88f3-776aa89331e9}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsOsComponent
|
||
|
\REGISTRY\A\{ad7913db-2518-55c1-88f3-776aa89331e9}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Usn
|
There are 10 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
244CF8E9000
|
heap
|
page read and write
|
||
|
1BB3E7C000
|
stack
|
page read and write
|
||
|
1FAD1E30000
|
heap
|
page read and write
|
||
|
7FFDFF307000
|
unkown
|
page readonly
|
||
|
1F863390000
|
remote allocation
|
page read and write
|
||
|
17B50FB000
|
stack
|
page read and write
|
||
|
7FFDFF2F9000
|
unkown
|
page read and write
|
||
|
2348D3D0000
|
heap
|
page read and write
|
||
|
7FFDFF220000
|
unkown
|
page readonly
|
||
|
1E778010000
|
heap
|
page read and write
|
||
|
1CC0B6D8000
|
heap
|
page read and write
|
||
|
1E81A880000
|
heap
|
page read and write
|
||
|
7FFDFF2BA000
|
unkown
|
page readonly
|
||
|
17B51FF000
|
stack
|
page read and write
|
||
|
1E81AC90000
|
heap
|
page read and write
|
||
|
28A89068000
|
heap
|
page read and write
|
||
|
7FFDFF220000
|
unkown
|
page readonly
|
||
|
1305929E000
|
heap
|
page read and write
|
||
|
1B0C4440000
|
heap
|
page read and write
|
||
|
1CC0B6A0000
|
remote allocation
|
page read and write
|
||
|
1F8619C0000
|
heap
|
page read and write
|
||
|
7FFDFF307000
|
unkown
|
page readonly
|
||
|
2A0440FB000
|
heap
|
page read and write
|
||
|
1CC0B6D0000
|
heap
|
page read and write
|
||
|
E71C57F000
|
stack
|
page read and write
|
||
|
7FFDFF2FE000
|
unkown
|
page readonly
|
||
|
244CF7E0000
|
heap
|
page read and write
|
||
|
130D9750000
|
heap
|
page read and write
|
||
|
7FFDFF2F9000
|
unkown
|
page read and write
|
||
|
7FFDFF2FE000
|
unkown
|
page readonly
|
||
|
1DC53FE0000
|
heap
|
page read and write
|
||
|
4FB298F000
|
stack
|
page read and write
|
||
|
7FFDFF2FE000
|
unkown
|
page readonly
|
||
|
7FFDFF220000
|
unkown
|
page readonly
|
||
|
130DAEA0000
|
remote allocation
|
page read and write
|
||
|
244CFBD0000
|
heap
|
page read and write
|
||
|
7FFDFF221000
|
unkown
|
page execute read
|
||
|
1FAD3900000
|
heap
|
page read and write
|
||
|
7FFDFF221000
|
unkown
|
page execute read
|
||
|
7FFDFF221000
|
unkown
|
page execute read
|
||
|
7FFDFF220000
|
unkown
|
page readonly
|
||
|
1F861840000
|
heap
|
page read and write
|
||
|
8848DB000
|
stack
|
page read and write
|
||
|
1F8619B5000
|
heap
|
page read and write
|
||
|
7FFDFF2FE000
|
unkown
|
page readonly
|
||
|
1FAD1FF0000
|
remote allocation
|
page read and write
|
||
|
7FFDFF30C000
|
unkown
|
page readonly
|
||
|
7FFDFF2BA000
|
unkown
|
page readonly
|
||
|
130D9560000
|
heap
|
page read and write
|
||
|
E71C47C000
|
stack
|
page read and write
|
||
|
8505DBF000
|
stack
|
page read and write
|
||
|
7FFDFF2FE000
|
unkown
|
page readonly
|
||
|
7FFDFF30C000
|
unkown
|
page readonly
|
||
|
191AE840000
|
heap
|
page read and write
|
||
|
1F863270000
|
heap
|
page read and write
|
||
|
20A30A00000
|
heap
|
page read and write
|
||
|
11498FE000
|
stack
|
page read and write
|
||
|
C76B9F000
|
stack
|
page read and write
|
||
|
7FFDFF307000
|
unkown
|
page readonly
|
||
|
1DC523F8000
|
heap
|
page read and write
|
||
|
7FFDFF221000
|
unkown
|
page execute read
|
||
|
244CF9F0000
|
heap
|
page read and write
|
||
|
1E7781C5000
|
heap
|
page read and write
|
||
|
1EB55B85000
|
heap
|
page read and write
|
||
|
244CF9D0000
|
heap
|
page read and write
|
||
|
7FFDFF220000
|
unkown
|
page readonly
|
||
|
7FFDFF2F9000
|
unkown
|
page read and write
|
||
|
130D9430000
|
heap
|
page read and write
|
||
|
13059470000
|
heap
|
page read and write
|
||
|
7FFDFF221000
|
unkown
|
page execute read
|
||
|
1DC525C0000
|
heap
|
page read and write
|
||
|
7FFDFF30C000
|
unkown
|
page readonly
|
||
|
3D27CFE000
|
stack
|
page read and write
|
||
|
24DED4E0000
|
heap
|
page read and write
|
||
|
130591F0000
|
heap
|
page read and write
|
||
|
2E1280C0000
|
heap
|
page read and write
|
||
|
1CC0B5F0000
|
heap
|
page read and write
|
||
|
2E127F10000
|
heap
|
page read and write
|
||
|
7FFDFF2FE000
|
unkown
|
page readonly
|
||
|
1BB3EFF000
|
stack
|
page read and write
|
||
|
CF3D29C000
|
stack
|
page read and write
|
||
|
2082A180000
|
heap
|
page read and write
|
||
|
1E778018000
|
heap
|
page read and write
|
||
|
2082A120000
|
remote allocation
|
page read and write
|
||
|
244CFBD5000
|
heap
|
page read and write
|
||
|
A2D4F6C000
|
stack
|
page read and write
|
||
|
7FFDFF307000
|
unkown
|
page readonly
|
||
|
7FFDFF30C000
|
unkown
|
page readonly
|
||
|
28A8AA40000
|
heap
|
page read and write
|
||
|
7FFDFF221000
|
unkown
|
page execute read
|
||
|
7FFDFF221000
|
unkown
|
page execute read
|
||
|
CF3D31F000
|
stack
|
page read and write
|
||
|
7FFDFF307000
|
unkown
|
page readonly
|
||
|
84E7B9B000
|
stack
|
page read and write
|
||
|
1BEDFBD5000
|
heap
|
page read and write
|
||
|
114987E000
|
stack
|
page read and write
|
||
|
A43017F000
|
stack
|
page read and write
|
||
|
2A044080000
|
heap
|
page read and write
|
||
|
1B0C4448000
|
heap
|
page read and write
|
||
|
2082A220000
|
heap
|
page read and write
|
||
|
24DED580000
|
heap
|
page read and write
|
||
|
7FFDFF2F9000
|
unkown
|
page read and write
|
||
|
1F861920000
|
heap
|
page read and write
|
||
|
130D9468000
|
heap
|
page read and write
|
||
|
7FFDFF221000
|
unkown
|
page execute read
|
||
|
3D27C7E000
|
stack
|
page read and write
|
||
|
7FFDFF2BA000
|
unkown
|
page readonly
|
||
|
1CC0B5D0000
|
heap
|
page read and write
|
||
|
941C67C000
|
stack
|
page read and write
|
||
|
1B0C4410000
|
heap
|
page read and write
|
||
|
2E128025000
|
heap
|
page read and write
|
||
|
A2D4FEE000
|
stack
|
page read and write
|
||
|
7FFDFF220000
|
unkown
|
page readonly
|
||
|
1DC523F0000
|
heap
|
page read and write
|
||
|
7FFDFF220000
|
unkown
|
page readonly
|
||
|
1B0C4705000
|
heap
|
page read and write
|
||
|
20A309D0000
|
heap
|
page read and write
|
||
|
7FFDFF2BA000
|
unkown
|
page readonly
|
||
|
1DC523FE000
|
heap
|
page read and write
|
||
|
7FFDFF30C000
|
unkown
|
page readonly
|
||
|
2A043F80000
|
heap
|
page read and write
|
||
|
7FFDFF2FE000
|
unkown
|
page readonly
|
||
|
20A30D60000
|
heap
|
page read and write
|
||
|
8505D3F000
|
stack
|
page read and write
|
||
|
7FFDFF30C000
|
unkown
|
page readonly
|
||
|
7FFDFF30C000
|
unkown
|
page readonly
|
||
|
130D9755000
|
heap
|
page read and write
|
||
|
7FFDFF2BA000
|
unkown
|
page readonly
|
||
|
13059200000
|
heap
|
page read and write
|
||
|
7FFDFF2F9000
|
unkown
|
page read and write
|
||
|
84E7EFF000
|
stack
|
page read and write
|
||
|
1BEDF878000
|
heap
|
page read and write
|
||
|
130594E5000
|
heap
|
page read and write
|
||
|
7B4348B000
|
stack
|
page read and write
|
||
|
4FB290C000
|
stack
|
page read and write
|
||
|
7FFDFF220000
|
unkown
|
page readonly
|
||
|
1FAD1E90000
|
heap
|
page read and write
|
||
|
7FFDFF2F9000
|
unkown
|
page read and write
|
||
|
7FFDFF2F9000
|
unkown
|
page read and write
|
||
|
1F861940000
|
heap
|
page read and write
|
||
|
2E127FF0000
|
heap
|
page read and write
|
||
|
7FFDFF220000
|
unkown
|
page readonly
|
||
|
7FFDFF2F9000
|
unkown
|
page read and write
|
||
|
B15057F000
|
stack
|
page read and write
|
||
|
7FFDFF30C000
|
unkown
|
page readonly
|
||
|
84E7E7E000
|
stack
|
page read and write
|
||
|
C76A9B000
|
stack
|
page read and write
|
||
|
24DEEE90000
|
heap
|
page read and write
|
||
|
28A89060000
|
heap
|
page read and write
|
||
|
1E81A980000
|
heap
|
page read and write
|
||
|
7FFDFF221000
|
unkown
|
page execute read
|
||
|
7FFDFF2FE000
|
unkown
|
page readonly
|
||
|
20A30A08000
|
heap
|
page read and write
|
||
|
1CC0B4F0000
|
heap
|
page read and write
|
||
|
7FFDFF220000
|
unkown
|
page readonly
|
||
|
2348D3C0000
|
remote allocation
|
page read and write
|
||
|
7FFDFF221000
|
unkown
|
page execute read
|
||
|
A43007C000
|
stack
|
page read and write
|
||
|
7FFDFF307000
|
unkown
|
page readonly
|
||
|
7FFDFF2F9000
|
unkown
|
page read and write
|
||
|
7B4350F000
|
stack
|
page read and write
|
||
|
244CF8D8000
|
heap
|
page read and write
|
||
|
191AE820000
|
heap
|
page read and write
|
||
|
1BEDFBD0000
|
heap
|
page read and write
|
||
|
1B0C4310000
|
heap
|
page read and write
|
||
|
28A88FF0000
|
heap
|
page read and write
|
||
|
7FFDFF2BA000
|
unkown
|
page readonly
|
||
|
7FFDFF2FE000
|
unkown
|
page readonly
|
||
|
7FFDFF30C000
|
unkown
|
page readonly
|
||
|
7FFDFF2FE000
|
unkown
|
page readonly
|
||
|
7FFDFF220000
|
unkown
|
page readonly
|
||
|
7FFDFF2FE000
|
unkown
|
page readonly
|
||
|
A2D527F000
|
stack
|
page read and write
|
||
|
4FB2C7F000
|
stack
|
page read and write
|
||
|
1DC53F10000
|
remote allocation
|
page read and write
|
||
|
1BEE13B0000
|
heap
|
page read and write
|
||
|
1FAD1D50000
|
heap
|
page read and write
|
||
|
7FFDFF220000
|
unkown
|
page readonly
|
||
|
C1FD3CC000
|
stack
|
page read and write
|
||
|
7FFDFF2BA000
|
unkown
|
page readonly
|
||
|
2082A060000
|
heap
|
page read and write
|
||
|
E71C4FF000
|
stack
|
page read and write
|
||
|
7FFDFF2FE000
|
unkown
|
page readonly
|
||
|
7FFDFF30C000
|
unkown
|
page readonly
|
||
|
1E81A960000
|
heap
|
page read and write
|
||
|
24DED588000
|
heap
|
page read and write
|
||
|
7FFDFF2F9000
|
unkown
|
page read and write
|
||
|
88495E000
|
stack
|
page read and write
|
||
|
191AEA10000
|
heap
|
page read and write
|
||
|
2A0440B0000
|
heap
|
page read and write
|
||
|
7FFDFF2FE000
|
unkown
|
page readonly
|
||
|
1E777FC0000
|
heap
|
page read and write
|
||
|
7B4358F000
|
stack
|
page read and write
|
||
|
191AEAE0000
|
heap
|
page read and write
|
||
|
1E81A9F8000
|
heap
|
page read and write
|
||
|
B1504FE000
|
stack
|
page read and write
|
||
|
24DEEE50000
|
remote allocation
|
page read and write
|
||
|
7FFDFF220000
|
unkown
|
page readonly
|
||
|
7FFDFF307000
|
unkown
|
page readonly
|
||
|
1BEDF7B0000
|
heap
|
page read and write
|
||
|
28A88FE0000
|
heap
|
page read and write
|
||
|
7FFDFF2F9000
|
unkown
|
page read and write
|
||
|
2348D6C5000
|
heap
|
page read and write
|
||
|
1CC0B6DE000
|
heap
|
page read and write
|
||
|
7FFDFF2F9000
|
unkown
|
page read and write
|
||
|
7FFDFF30C000
|
unkown
|
page readonly
|
||
|
7FFDFF30C000
|
unkown
|
page readonly
|
||
|
20A309C0000
|
heap
|
page read and write
|
||
|
1DC525E0000
|
heap
|
page read and write
|
||
|
1E81A9F0000
|
heap
|
page read and write
|
||
|
7FFDFF2F9000
|
unkown
|
page read and write
|
||
|
1EB55B20000
|
heap
|
page read and write
|
||
|
7FFDFF220000
|
unkown
|
page readonly
|
||
|
20A326B0000
|
heap
|
page read and write
|
||
|
3EB711C000
|
stack
|
page read and write
|
||
|
1EB57670000
|
remote allocation
|
page read and write
|
||
|
1EB55B30000
|
heap
|
page read and write
|
||
|
130594E0000
|
heap
|
page read and write
|
||
|
24DED575000
|
heap
|
page read and write
|
||
|
7FFDFF2FE000
|
unkown
|
page readonly
|
||
|
11495BC000
|
stack
|
page read and write
|
||
|
1EB57560000
|
heap
|
page read and write
|
||
|
CF3D39F000
|
stack
|
page read and write
|
||
|
2A044060000
|
heap
|
page read and write
|
||
|
7FFDFF221000
|
unkown
|
page execute read
|
||
|
2348D220000
|
heap
|
page read and write
|
||
|
7FFDFF2F9000
|
unkown
|
page read and write
|
||
|
1BEE12F0000
|
remote allocation
|
page read and write
|
||
|
1F8619C8000
|
heap
|
page read and write
|
||
|
8505CBC000
|
stack
|
page read and write
|
||
|
7FFDFF2BA000
|
unkown
|
page readonly
|
||
|
7FFDFF307000
|
unkown
|
page readonly
|
||
|
7FFDFF2BA000
|
unkown
|
page readonly
|
||
|
20A30D65000
|
heap
|
page read and write
|
||
|
7FFDFF220000
|
unkown
|
page readonly
|
||
|
191AEAE5000
|
heap
|
page read and write
|
||
|
28A88EE0000
|
heap
|
page read and write
|
||
|
7FFDFF221000
|
unkown
|
page execute read
|
||
|
7FFDFF221000
|
unkown
|
page execute read
|
||
|
1E779B60000
|
heap
|
page read and write
|
||
|
244D1260000
|
heap
|
page read and write
|
||
|
7FFDFF30C000
|
unkown
|
page readonly
|
||
|
7FFDFF221000
|
unkown
|
page execute read
|
||
|
7FFDFF2BA000
|
unkown
|
page readonly
|
||
|
13059290000
|
heap
|
page read and write
|
||
|
2348EE40000
|
heap
|
page read and write
|
||
|
7FFDFF2F9000
|
unkown
|
page read and write
|
||
|
7FFDFF2BA000
|
unkown
|
page readonly
|
||
|
7FFDFF2BA000
|
unkown
|
page readonly
|
||
|
7FFDFF2FE000
|
unkown
|
page readonly
|
||
|
2348D3D8000
|
heap
|
page read and write
|
||
|
1CC0B990000
|
heap
|
page read and write
|
||
|
2082A080000
|
heap
|
page read and write
|
||
|
7FFDFF2FE000
|
unkown
|
page readonly
|
||
|
B15047B000
|
stack
|
page read and write
|
||
|
AABCF9C000
|
stack
|
page read and write
|
||
|
7FFDFF220000
|
unkown
|
page readonly
|
||
|
2E1280D0000
|
remote allocation
|
page read and write
|
||
|
3D2799B000
|
stack
|
page read and write
|
||
|
7FFDFF221000
|
unkown
|
page execute read
|
||
|
7FFDFF307000
|
unkown
|
page readonly
|
||
|
191AE848000
|
heap
|
page read and write
|
||
|
7FFDFF2FE000
|
unkown
|
page readonly
|
||
|
7FFDFF221000
|
unkown
|
page execute read
|
||
|
7FFDFF2BA000
|
unkown
|
page readonly
|
||
|
2E128020000
|
heap
|
page read and write
|
||
|
130DADA0000
|
heap
|
page read and write
|
||
|
24DED570000
|
heap
|
page read and write
|
||
|
1FAD2050000
|
heap
|
page read and write
|
||
|
7FFDFF2BA000
|
unkown
|
page readonly
|
||
|
1DC523D0000
|
heap
|
page read and write
|
||
|
1FAD1E50000
|
heap
|
page read and write
|
||
|
7FFDFF220000
|
unkown
|
page readonly
|
||
|
7FFDFF221000
|
unkown
|
page execute read
|
||
|
941C6FF000
|
stack
|
page read and write
|
||
|
7FFDFF30C000
|
unkown
|
page readonly
|
||
|
2A0440E0000
|
heap
|
page read and write
|
||
|
7FFDFF2F9000
|
unkown
|
page read and write
|
||
|
3EB719F000
|
stack
|
page read and write
|
||
|
7FFDFF2FE000
|
unkown
|
page readonly
|
||
|
7FFDFF30C000
|
unkown
|
page readonly
|
||
|
7FFDFF2FE000
|
unkown
|
page readonly
|
||
|
20A30BD0000
|
heap
|
page read and write
|
||
|
20829F60000
|
heap
|
page read and write
|
||
|
1E778180000
|
remote allocation
|
page read and write
|
||
|
7FFDFF221000
|
unkown
|
page execute read
|
||
|
7FFDFF220000
|
unkown
|
page readonly
|
||
|
191B03B0000
|
heap
|
page read and write
|
||
|
2E1280E0000
|
heap
|
page read and write
|
||
|
1F8619B0000
|
heap
|
page read and write
|
||
|
2A0440ED000
|
heap
|
page read and write
|
||
|
7FFDFF2BA000
|
unkown
|
page readonly
|
||
|
7FFDFF307000
|
unkown
|
page readonly
|
||
|
7FFDFF307000
|
unkown
|
page readonly
|
||
|
1B0C5E20000
|
heap
|
page read and write
|
||
|
1B0C43F0000
|
heap
|
page read and write
|
||
|
1E777FE0000
|
heap
|
page read and write
|
||
|
7FFDFF221000
|
unkown
|
page execute read
|
||
|
7FFDFF2F9000
|
unkown
|
page read and write
|
||
|
A4300FF000
|
stack
|
page read and write
|
||
|
2E1280E8000
|
heap
|
page read and write
|
||
|
24DED500000
|
heap
|
page read and write
|
||
|
8849DF000
|
stack
|
page read and write
|
||
|
C76B1F000
|
stack
|
page read and write
|
||
|
20829F67000
|
heap
|
page read and write
|
||
|
7FFDFF220000
|
unkown
|
page readonly
|
||
|
191AEA30000
|
heap
|
page read and write
|
||
|
1E7781C0000
|
heap
|
page read and write
|
||
|
7FFDFF307000
|
unkown
|
page readonly
|
||
|
7FFDFF221000
|
unkown
|
page execute read
|
||
|
1EB55B80000
|
heap
|
page read and write
|
||
|
1B0C4700000
|
heap
|
page read and write
|
||
|
7FFDFF307000
|
unkown
|
page readonly
|
||
|
1E81AC95000
|
heap
|
page read and write
|
||
|
1EB55BE8000
|
heap
|
page read and write
|
||
|
18321AF000
|
stack
|
page read and write
|
||
|
1BB3F7F000
|
stack
|
page read and write
|
||
|
7FFDFF30C000
|
unkown
|
page readonly
|
||
|
1BEDF7E0000
|
heap
|
page read and write
|
||
|
7FFDFF30C000
|
unkown
|
page readonly
|
||
|
2348D300000
|
heap
|
page read and write
|
||
|
1BEDF7C0000
|
heap
|
page read and write
|
||
|
7FFDFF2F9000
|
unkown
|
page read and write
|
||
|
13059220000
|
heap
|
page read and write
|
||
|
7FFDFF2BA000
|
unkown
|
page readonly
|
||
|
20829E80000
|
heap
|
page read and write
|
||
|
7FFDFF30C000
|
unkown
|
page readonly
|
||
|
7FFDFF307000
|
unkown
|
page readonly
|
||
|
183212C000
|
stack
|
page read and write
|
||
|
1DC52675000
|
heap
|
page read and write
|
||
|
7FFDFF2F9000
|
unkown
|
page read and write
|
||
|
7FFDFF220000
|
unkown
|
page readonly
|
||
|
7FFDFF307000
|
unkown
|
page readonly
|
||
|
28A88FC0000
|
heap
|
page read and write
|
||
|
3EB747F000
|
stack
|
page read and write
|
||
|
28A88FE5000
|
heap
|
page read and write
|
||
|
7FFDFF2FE000
|
unkown
|
page readonly
|
||
|
183247F000
|
stack
|
page read and write
|
||
|
1E777EE0000
|
heap
|
page read and write
|
||
|
130D9350000
|
heap
|
page read and write
|
||
|
7FFDFF307000
|
unkown
|
page readonly
|
||
|
1EB55BE0000
|
heap
|
page read and write
|
||
|
2348D320000
|
heap
|
page read and write
|
||
|
130D9460000
|
heap
|
page read and write
|
||
|
7FFDFF307000
|
unkown
|
page readonly
|
||
|
20A30D50000
|
remote allocation
|
page read and write
|
||
|
7FFDFF2BA000
|
unkown
|
page readonly
|
||
|
7FFDFF307000
|
unkown
|
page readonly
|
||
|
1EB55B50000
|
heap
|
page read and write
|
||
|
1FAD1E98000
|
heap
|
page read and write
|
||
|
7FFDFF307000
|
unkown
|
page readonly
|
||
|
7FFDFF30C000
|
unkown
|
page readonly
|
||
|
7FFDFF30C000
|
unkown
|
page readonly
|
||
|
C1FD67F000
|
stack
|
page read and write
|
||
|
1BEDF870000
|
heap
|
page read and write
|
||
|
1B0C5E60000
|
remote allocation
|
page read and write
|
||
|
2348D6C0000
|
heap
|
page read and write
|
||
|
7FFDFF2F9000
|
unkown
|
page read and write
|
||
|
941C77E000
|
stack
|
page read and write
|
||
|
7FFDFF2BA000
|
unkown
|
page readonly
|
||
|
7FFDFF2BA000
|
unkown
|
page readonly
|
||
|
1FAD2055000
|
heap
|
page read and write
|
||
|
244CF8D0000
|
heap
|
page read and write
|
||
|
24DED400000
|
heap
|
page read and write
|
||
|
1CC0B995000
|
heap
|
page read and write
|
||
|
7FFDFF2BA000
|
unkown
|
page readonly
|
||
|
13059298000
|
heap
|
page read and write
|
||
|
2082A225000
|
heap
|
page read and write
|
||
|
C1FD6FF000
|
stack
|
page read and write
|
||
|
1DC52670000
|
heap
|
page read and write
|
||
|
2E128030000
|
heap
|
page read and write
|
||
|
17B517F000
|
stack
|
page read and write
|
||
|
1CC0B690000
|
heap
|
page read and write
|
||
|
191AEAC0000
|
remote allocation
|
page read and write
|
||
|
1E81C440000
|
heap
|
page read and write
|
||
|
7FFDFF307000
|
unkown
|
page readonly
|
There are 366 hidden memdumps, click here to show them.