Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Ui6sm6N5JG.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\ET Ammeter Side 10.7.46\ET Ammeter Side 10.7.46.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-4LQ96.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-8RBIL.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-9HKT1.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-C1NKQ.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-CDC06.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-DPTDR.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-DSDH3.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-F43L8.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-FE0K6.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-IRD9M.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-LFUVE.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-MQ62A.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-P5UA0.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-QDATH.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-QEJVQ.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-R67ES.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-RO1GN.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-S75UE.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-S9QR6.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-UQ9I6.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\jennyvideoconverter.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libgcc_s_dw2-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libgdk-win32-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libgdk_pixbuf-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libgdkmm-2.4-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libglibmm-2.4-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libgmodule-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libgobject-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libgomp-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libintl-8.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libjpeg-8.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\liblcms2-2.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libpango-1.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libpangocairo-1.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libpangoft2-1.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libpangomm-1.4-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libpangowin32-1.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libpixman-1-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\librsvg-2-2.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libsigc-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libtiff-5.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\uninstall\is-A5OG2.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\uninstall\unins000.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-4CRD6.tmp\_isetup\_RegDLL.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-4CRD6.tmp\_isetup\_iscrypt.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-4CRD6.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-9FR6D.tmp\Ui6sm6N5JG.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\et107it46.dat
|
data
|
dropped
|
||
|
C:\ProgramData\et107rc46.dat
|
data
|
dropped
|
||
|
C:\ProgramData\et107resa.dat
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\ProgramData\et107resb.dat
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-6031D.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-AVIN4.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-B1CI2.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-BCL55.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-EHQOC.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-GEGLG.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-IHV98.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-NQ9HL.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\libgraphite2.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\libharfbuzz-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\liblzma-5.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\libpcre-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\libpng16-16.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\libwinpthread-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\uninstall\unins000.dat
|
InnoSetup Log Jenny Video Converter, version 0x30, 6004 bytes, 841618\user, "C:\Users\user\AppData\Local\Jenny Video Converter"
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\zlib1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-4CRD6.tmp\_isetup\_shfoldr.dll
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
There are 60 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Ui6sm6N5JG.exe
|
"C:\Users\user\Desktop\Ui6sm6N5JG.exe"
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\jennyvideoconverter.exe
|
"C:\Users\user\AppData\Local\Jenny Video Converter\jennyvideoconverter.exe" -i
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-9FR6D.tmp\Ui6sm6N5JG.tmp
|
"C:\Users\user\AppData\Local\Temp\is-9FR6D.tmp\Ui6sm6N5JG.tmp" /SL5="$203D2,4256353,54272,C:\Users\user\Desktop\Ui6sm6N5JG.exe"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
bfliimi.com
|
|
||
|
http://bfliimi.com/search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978fe71ea771795af8e05c445db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf713c9ed9c9d3f
|
185.208.158.248
|
|
|
|
http://www.innosetup.com/
|
unknown
|
||
|
http://tukaani.org/
|
unknown
|
||
|
http://www.remobjects.com/psU
|
unknown
|
||
|
http://tukaani.org/xz/
|
unknown
|
||
|
http://185.208.158.248/search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12e
|
unknown
|
||
|
http://mingw-w64.sourceforge.net/X
|
unknown
|
||
|
http://185.208.158.248/
|
unknown
|
||
|
http://185.208.158.248/search/?q=67e28dd83d5df2201606a51c7c27d78406abdd88be4b12ebb517aa5c96bd86ed82d
|
unknown
|
||
|
http://185.208.158.248/search/?q=67e28dd83d5df2201606a51c7c27d78
|
unknown
|
||
|
http://www.remobjects.com/ps
|
unknown
|
||
|
http://fsf.org/
|
unknown
|
||
|
http://185.208.1
|
unknown
|
||
|
http://www.gnu.org/licenses/
|
unknown
|
There are 5 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
bfliimi.com
|
185.208.158.248
|
|
|
|
18.31.95.13.in-addr.arpa
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.208.158.248
|
bfliimi.com
|
Switzerland
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFiles0000
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFilesHash
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
Inno Setup: Setup Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
Inno Setup: App Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
Inno Setup: Icon Group
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
Inno Setup: User
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
Inno Setup: Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
QuietUninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
NoRepair
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\SmallTour
|
et_ammeter_side_i46_10
|
There are 9 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
288D000
|
heap
|
page read and write
|
|
|
|
2CE1000
|
direct allocation
|
page execute and read and write
|
|
|
|
880000
|
heap
|
page read and write
|
||
|
34CD000
|
direct allocation
|
page read and write
|
||
|
630000
|
unkown
|
page write copy
|
||
|
4CA000
|
heap
|
page read and write
|
||
|
25E0000
|
heap
|
page read and write
|
||
|
525000
|
heap
|
page read and write
|
||
|
40B000
|
unkown
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
34BD000
|
direct allocation
|
page read and write
|
||
|
840000
|
heap
|
page read and write
|
||
|
33AE000
|
heap
|
page read and write
|
||
|
21B4000
|
direct allocation
|
page read and write
|
||
|
3469000
|
heap
|
page read and write
|
||
|
34C9000
|
direct allocation
|
page read and write
|
||
|
24B0000
|
direct allocation
|
page read and write
|
||
|
411000
|
unkown
|
page readonly
|
||
|
56A000
|
heap
|
page read and write
|
||
|
556000
|
heap
|
page read and write
|
||
|
647000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2990000
|
heap
|
page read and write
|
||
|
5A7000
|
heap
|
page read and write
|
||
|
50D000
|
heap
|
page read and write
|
||
|
22A0000
|
heap
|
page read and write
|
||
|
2290000
|
direct allocation
|
page read and write
|
||
|
409000
|
unkown
|
page execute and read and write
|
||
|
3190000
|
heap
|
page read and write
|
||
|
2560000
|
heap
|
page read and write
|
||
|
96B000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
400000
|
unkown
|
page readonly
|
||
|
556000
|
heap
|
page read and write
|
||
|
213C000
|
direct allocation
|
page read and write
|
||
|
3110000
|
direct allocation
|
page read and write
|
||
|
2130000
|
direct allocation
|
page read and write
|
||
|
3190000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
632000
|
unkown
|
page write copy
|
||
|
2700000
|
direct allocation
|
page read and write
|
||
|
34B0000
|
heap
|
page read and write
|
||
|
938000
|
heap
|
page read and write
|
||
|
870000
|
direct allocation
|
page read and write
|
||
|
3351000
|
direct allocation
|
page read and write
|
||
|
35BA000
|
heap
|
page read and write
|
||
|
3211000
|
heap
|
page read and write
|
||
|
34CF000
|
direct allocation
|
page read and write
|
||
|
310E000
|
stack
|
page read and write
|
||
|
21D4000
|
direct allocation
|
page read and write
|
||
|
56E000
|
heap
|
page read and write
|
||
|
2128000
|
direct allocation
|
page read and write
|
||
|
25F0000
|
heap
|
page read and write
|
||
|
34A5000
|
direct allocation
|
page read and write
|
||
|
872000
|
direct allocation
|
page read and write
|
||
|
2120000
|
direct allocation
|
page read and write
|
||
|
311E000
|
direct allocation
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
199000
|
stack
|
page read and write
|
||
|
551000
|
heap
|
page read and write
|
||
|
57CF000
|
stack
|
page read and write
|
||
|
33DA000
|
heap
|
page read and write
|
||
|
3310000
|
direct allocation
|
page read and write
|
||
|
320F000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute and write copy
|
||
|
34A9000
|
direct allocation
|
page read and write
|
||
|
24B0000
|
direct allocation
|
page read and write
|
||
|
C4E000
|
stack
|
page read and write
|
||
|
334E000
|
stack
|
page read and write
|
||
|
850000
|
direct allocation
|
page read and write
|
||
|
21C8000
|
direct allocation
|
page read and write
|
||
|
34AF000
|
direct allocation
|
page read and write
|
||
|
2117000
|
direct allocation
|
page read and write
|
||
|
214F000
|
direct allocation
|
page read and write
|
||
|
18D000
|
stack
|
page read and write
|
||
|
25E4000
|
heap
|
page read and write
|
||
|
7FE000
|
stack
|
page read and write
|
||
|
4AB000
|
unkown
|
page readonly
|
||
|
400000
|
unkown
|
page readonly
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
556000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
9B000
|
stack
|
page read and write
|
||
|
22A5000
|
heap
|
page read and write
|
||
|
95F000
|
heap
|
page read and write
|
||
|
33AF000
|
direct allocation
|
page read and write
|
||
|
2780000
|
direct allocation
|
page read and write
|
||
|
2D1A000
|
direct allocation
|
page execute and read and write
|
||
|
347A000
|
direct allocation
|
page read and write
|
||
|
34F2000
|
heap
|
page read and write
|
||
|
525000
|
heap
|
page read and write
|
||
|
499000
|
unkown
|
page read and write
|
||
|
49A000
|
unkown
|
page write copy
|
||
|
761000
|
unkown
|
page readonly
|
||
|
34C5000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
556000
|
heap
|
page read and write
|
||
|
35AE000
|
stack
|
page read and write
|
||
|
289D000
|
heap
|
page read and write
|
||
|
696000
|
unkown
|
page readonly
|
||
|
560000
|
heap
|
page read and write
|
||
|
2420000
|
heap
|
page read and write
|
||
|
21C0000
|
direct allocation
|
page read and write
|
||
|
3190000
|
heap
|
page read and write
|
||
|
214C000
|
direct allocation
|
page read and write
|
||
|
2530000
|
direct allocation
|
page read and write
|
||
|
525000
|
heap
|
page read and write
|
||
|
640000
|
heap
|
page read and write
|
||
|
2250000
|
heap
|
page read and write
|
||
|
34CB000
|
direct allocation
|
page read and write
|
||
|
525000
|
heap
|
page read and write
|
||
|
4CE000
|
heap
|
page read and write
|
||
|
49D000
|
unkown
|
page write copy
|
||
|
2FCE000
|
stack
|
page read and write
|
||
|
2790000
|
trusted library allocation
|
page read and write
|
||
|
2260000
|
heap
|
page read and write
|
||
|
2800000
|
direct allocation
|
page read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
25AC000
|
stack
|
page read and write
|
||
|
55E000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
28DC000
|
heap
|
page read and write
|
||
|
324E000
|
stack
|
page read and write
|
||
|
7BE000
|
stack
|
page read and write
|
||
|
34A3000
|
direct allocation
|
page read and write
|
||
|
33A0000
|
heap
|
page read and write
|
||
|
356E000
|
stack
|
page read and write
|
||
|
40D000
|
unkown
|
page write copy
|
||
|
19C000
|
stack
|
page read and write
|
||
|
2290000
|
direct allocation
|
page read and write
|
||
|
3190000
|
heap
|
page read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
3190000
|
heap
|
page read and write
|
||
|
21B0000
|
direct allocation
|
page read and write
|
||
|
888000
|
heap
|
page read and write
|
||
|
34AD000
|
direct allocation
|
page read and write
|
||
|
40B000
|
unkown
|
page write copy
|
||
|
4AB000
|
unkown
|
page readonly
|
||
|
50B000
|
heap
|
page read and write
|
||
|
22A9000
|
heap
|
page read and write
|
||
|
2440000
|
heap
|
page read and write
|
||
|
639000
|
unkown
|
page readonly
|
||
|
51F000
|
heap
|
page read and write
|
||
|
341D000
|
heap
|
page read and write
|
||
|
2110000
|
direct allocation
|
page read and write
|
||
|
551000
|
heap
|
page read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
B4D000
|
stack
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
3320000
|
direct allocation
|
page read and write
|
||
|
56D0000
|
trusted library allocation
|
page read and write
|
||
|
2220000
|
direct allocation
|
page execute and read and write
|
||
|
499000
|
unkown
|
page write copy
|
||
|
97C000
|
heap
|
page read and write
|
||
|
211C000
|
direct allocation
|
page read and write
|
||
|
860000
|
direct allocation
|
page read and write
|
||
|
3210000
|
heap
|
page read and write
|
||
|
556000
|
heap
|
page read and write
|
||
|
58CF000
|
stack
|
page read and write
|
||
|
96000
|
stack
|
page read and write
|
||
|
34D1000
|
direct allocation
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
343B000
|
direct allocation
|
page read and write
|
||
|
3463000
|
heap
|
page read and write
|
||
|
29B0000
|
heap
|
page read and write
|
||
|
3473000
|
heap
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
830000
|
heap
|
page read and write
|
||
|
722000
|
unkown
|
page readonly
|
||
|
2444000
|
heap
|
page read and write
|
||
|
551000
|
heap
|
page read and write
|
||
|
2611000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page execute and read and write
|
||
|
3110000
|
direct allocation
|
page read and write
|
||
|
3535000
|
heap
|
page read and write
|
||
|
34BF000
|
direct allocation
|
page read and write
|
||
|
2E8B000
|
stack
|
page read and write
|
||
|
34A7000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
646000
|
heap
|
page read and write
|
||
|
2360000
|
heap
|
page read and write
|
||
|
30CF000
|
stack
|
page read and write
|
||
|
62D000
|
unkown
|
page readonly
|
||
|
2118000
|
direct allocation
|
page read and write
|
||
|
2789000
|
direct allocation
|
page read and write
|
||
|
34C7000
|
direct allocation
|
page read and write
|
||
|
21C1000
|
direct allocation
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
2882000
|
heap
|
page read and write
|
||
|
3110000
|
heap
|
page read and write
|
||
|
49B000
|
unkown
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
2284000
|
direct allocation
|
page read and write
|
||
|
10002000
|
unkown
|
page readonly
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
411000
|
unkown
|
page readonly
|
There are 188 hidden memdumps, click here to show them.