Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
ZFllSoXpoT.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\ET Ammeter Side 10.7.46\ET Ammeter Side 10.7.46.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-1GTV3.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-2700D.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-4NH58.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-546FI.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-6D3ET.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-802JP.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-89P6A.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-A3JAA.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-C5452.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-CJ5EH.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-GVVRD.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-HU6GR.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-K6NUN.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-KPRR4.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-LKHV4.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-OBUNB.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-PC21V.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-RSP19.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-SKU3B.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-V1USB.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\jennyvideoconverter32.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libgcc_s_dw2-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libgdk-win32-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libgdk_pixbuf-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libgdkmm-2.4-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libglibmm-2.4-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libgmodule-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libgobject-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libgomp-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libintl-8.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libjpeg-8.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\liblcms2-2.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libpango-1.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libpangocairo-1.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libpangoft2-1.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libpangomm-1.4-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libpangowin32-1.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libpixman-1-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\librsvg-2-2.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libsigc-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libtiff-5.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\uninstall\is-GTTMJ.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\uninstall\unins000.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-11LMP.tmp\_isetup\_RegDLL.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-11LMP.tmp\_isetup\_iscrypt.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-11LMP.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-J24J8.tmp\ZFllSoXpoT.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\ProgramData\et107it46.dat
|
data
|
dropped
|
||
|
C:\ProgramData\et107rc46.dat
|
data
|
dropped
|
||
|
C:\ProgramData\et107resa.dat
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\ProgramData\et107resb.dat
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-68EAM.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-J93O6.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-JNPGG.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-K6ASR.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-K7E1C.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-K7K0E.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-QGIC5.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-UNA71.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\libgraphite2.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\libharfbuzz-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\liblzma-5.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\libpcre-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\libpng16-16.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\libwinpthread-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\uninstall\unins000.dat
|
InnoSetup Log Jenny Video Converter, version 0x30, 6042 bytes, 210979\user, "C:\Users\user\AppData\Local\Jenny Video Converter"
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\zlib1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-11LMP.tmp\_isetup\_shfoldr.dll
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
modified
|
There are 62 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\ZFllSoXpoT.exe
|
"C:\Users\user\Desktop\ZFllSoXpoT.exe"
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\system32\svchost.exe -k LocalService -s W32Time
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k wsappx -p -s ClipSVC
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\jennyvideoconverter32.exe
|
"C:\Users\user\AppData\Local\Jenny Video Converter\jennyvideoconverter32.exe" -i
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-J24J8.tmp\ZFllSoXpoT.tmp
|
"C:\Users\user~1\AppData\Local\Temp\is-J24J8.tmp\ZFllSoXpoT.tmp" /SL5="$10408,4236485,54272,C:\Users\user\Desktop\ZFllSoXpoT.exe"
|
||
|
C:\Windows\System32\SgrmBroker.exe
|
C:\Windows\system32\SgrmBroker.exe
|
||
|
C:\Program Files\Windows Defender\MpCmdRun.exe
|
"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 1 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
csnzndu.net
|
|
||
|
http://csnzndu.net/search/?q=67e28dd86f09f429110aa5197c27d78406abdd88be4b12eab517aa5c96bd86e8928e4f885a8bbc896c58e713bc90c91836b5281fc235a925ed3e54d6bd974a95129070b416e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d993bcd6b9317
|
185.208.158.248
|
|
|
|
http://csnzndu.net/search/?q=67e28dd86f09f429110aa5197c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4de8889b5e4fa9281ae978f771ea771795af8e05c445db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf712c0ef919f3a
|
185.208.158.248
|
|
|
|
http://www.innosetup.com/
|
unknown
|
||
|
http://tukaani.org/
|
unknown
|
||
|
http://www.remobjects.com/psU
|
unknown
|
||
|
http://tukaani.org/xz/
|
unknown
|
||
|
http://mingw-w64.sourceforge.net/X
|
unknown
|
||
|
http://185.208.158.248/search/?q=67e28dd86f09f429110aa5197c27d78406abdd88be4b12eab517aa5c96bd86e8928
|
unknown
|
||
|
http://185.208.158.248/search/?q=67e28dd86f09f429110aa5197c27d78406abdd88be4b12ebb517aa5c96bd86ed82d
|
unknown
|
||
|
http://www.remobjects.com/ps
|
unknown
|
||
|
http://fsf.org/
|
unknown
|
||
|
http://standards.iso.org/iso/19770/-2/2009/schema.xsd
|
unknown
|
||
|
http://www.gnu.org/licenses/
|
unknown
|
There are 4 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
csnzndu.net
|
185.208.158.248
|
|
|
|
time.windows.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.208.158.248
|
csnzndu.net
|
Switzerland
|
|
|
|
89.105.201.183
|
unknown
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
|
STATE
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
|
cval
|
|
|
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time\Config
|
LastKnownGoodTime
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFiles0000
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFilesHash
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
Inno Setup: Setup Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
Inno Setup: App Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
Inno Setup: Icon Group
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
Inno Setup: User
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
Inno Setup: Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
QuietUninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
NoRepair
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Security
|
c688cf83-9945-5ff6-0e1e-1ff1f8a2ec9a
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\SmallTour
|
et_ammeter_side_i46_12
|
There are 13 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2E21000
|
direct allocation
|
page execute and read and write
|
|
|
|
2D75000
|
heap
|
page read and write
|
|
|
|
1C9885E0000
|
heap
|
page read and write
|
||
|
59F000
|
unkown
|
page execute and write copy
|
||
|
27B4EDC0000
|
remote allocation
|
page read and write
|
||
|
27B4E858000
|
heap
|
page read and write
|
||
|
2784000
|
heap
|
page read and write
|
||
|
8F0000
|
direct allocation
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
20A1D932000
|
heap
|
page read and write
|
||
|
26D00A40000
|
heap
|
page read and write
|
||
|
27B4E630000
|
heap
|
page read and write
|
||
|
1D207FB000
|
stack
|
page read and write
|
||
|
20A1D802000
|
heap
|
page read and write
|
||
|
6B8CF5B000
|
stack
|
page read and write
|
||
|
1D20D7D000
|
stack
|
page read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
1C988616000
|
heap
|
page read and write
|
||
|
7F5000
|
heap
|
page read and write
|
||
|
26D009D0000
|
heap
|
page read and write
|
||
|
3710000
|
heap
|
page read and write
|
||
|
2130000
|
direct allocation
|
page read and write
|
||
|
27B4E813000
|
heap
|
page read and write
|
||
|
259C000
|
stack
|
page read and write
|
||
|
76A277E000
|
unkown
|
page readonly
|
||
|
822000
|
heap
|
page read and write
|
||
|
26E0000
|
direct allocation
|
page read and write
|
||
|
24D0000
|
heap
|
page read and write
|
||
|
20A1D048000
|
heap
|
page read and write
|
||
|
591000
|
unkown
|
page execute and write copy
|
||
|
1C988660000
|
heap
|
page read and write
|
||
|
6F9CBFD000
|
stack
|
page read and write
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
20A1D016000
|
heap
|
page read and write
|
||
|
26D01215000
|
heap
|
page read and write
|
||
|
5A5000
|
unkown
|
page execute and write copy
|
||
|
6F9CF7D000
|
stack
|
page read and write
|
||
|
26D00A5E000
|
heap
|
page read and write
|
||
|
21C4000
|
direct allocation
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
20A1D680000
|
trusted library allocation
|
page read and write
|
||
|
17931E28000
|
heap
|
page read and write
|
||
|
328E000
|
stack
|
page read and write
|
||
|
33A2000
|
heap
|
page read and write
|
||
|
7F5000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
6F9C2FE000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
822000
|
heap
|
page read and write
|
||
|
6F9C47E000
|
stack
|
page read and write
|
||
|
360E000
|
stack
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
1D2147E000
|
unkown
|
page readonly
|
||
|
8F2000
|
direct allocation
|
page read and write
|
||
|
33C8000
|
heap
|
page read and write
|
||
|
2148000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
324F000
|
stack
|
page read and write
|
||
|
76A15AB000
|
stack
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
1C98862D000
|
heap
|
page read and write
|
||
|
696000
|
unkown
|
page readonly
|
||
|
30F0000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
5DC0000
|
direct allocation
|
page read and write
|
||
|
20A1D013000
|
heap
|
page read and write
|
||
|
26D00A2B000
|
heap
|
page read and write
|
||
|
2235000
|
heap
|
page read and write
|
||
|
26D00A00000
|
heap
|
page read and write
|
||
|
76A247B000
|
stack
|
page read and write
|
||
|
1C988800000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
3393000
|
heap
|
page read and write
|
||
|
216F000
|
direct allocation
|
page read and write
|
||
|
27B4E710000
|
heap
|
page read and write
|
||
|
6F9C3FE000
|
unkown
|
page readonly
|
||
|
20A1D037000
|
heap
|
page read and write
|
||
|
6F9C1FE000
|
unkown
|
page readonly
|
||
|
76A217E000
|
unkown
|
page readonly
|
||
|
340C000
|
heap
|
page read and write
|
||
|
27B4E802000
|
heap
|
page read and write
|
||
|
281E000
|
heap
|
page read and write
|
||
|
6F9B91B000
|
stack
|
page read and write
|
||
|
17931E13000
|
heap
|
page read and write
|
||
|
8A0000
|
heap
|
page read and write
|
||
|
572F000
|
stack
|
page read and write
|
||
|
290D000
|
stack
|
page read and write
|
||
|
2108000
|
direct allocation
|
page read and write
|
||
|
20F0000
|
direct allocation
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
26D01202000
|
heap
|
page read and write
|
||
|
3390000
|
heap
|
page read and write
|
||
|
5DC2000
|
direct allocation
|
page read and write
|
||
|
AD8000
|
heap
|
page read and write
|
||
|
1D2167E000
|
unkown
|
page readonly
|
||
|
26D00B00000
|
heap
|
page read and write
|
||
|
76A257E000
|
unkown
|
page readonly
|
||
|
37D6000
|
heap
|
page read and write
|
||
|
7DE000
|
heap
|
page read and write
|
||
|
1C988613000
|
heap
|
page read and write
|
||
|
3451000
|
heap
|
page read and write
|
||
|
582F000
|
stack
|
page read and write
|
||
|
7E1000
|
heap
|
page read and write
|
||
|
5A9000
|
unkown
|
page execute and write copy
|
||
|
BC3000
|
heap
|
page read and write
|
||
|
27B4E860000
|
heap
|
page read and write
|
||
|
4AB000
|
unkown
|
page readonly
|
||
|
59D000
|
unkown
|
page execute and write copy
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
8D0000
|
direct allocation
|
page read and write
|
||
|
79E000
|
heap
|
page read and write
|
||
|
49D000
|
unkown
|
page write copy
|
||
|
6C0000
|
heap
|
page read and write
|
||
|
10002000
|
unkown
|
page readonly
|
||
|
5DA4000
|
direct allocation
|
page read and write
|
||
|
35CF000
|
stack
|
page read and write
|
||
|
27B4E84A000
|
heap
|
page read and write
|
||
|
5DBA000
|
direct allocation
|
page read and write
|
||
|
370F000
|
stack
|
page read and write
|
||
|
AD0000
|
heap
|
page read and write
|
||
|
2140000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
30F0000
|
direct allocation
|
page read and write
|
||
|
593000
|
unkown
|
page execute and write copy
|
||
|
BCC000
|
heap
|
page read and write
|
||
|
597000
|
unkown
|
page execute and write copy
|
||
|
2138000
|
direct allocation
|
page read and write
|
||
|
7EA000
|
heap
|
page read and write
|
||
|
1C988602000
|
heap
|
page read and write
|
||
|
6B8D7FE000
|
unkown
|
page readonly
|
||
|
6F9C4FE000
|
unkown
|
page readonly
|
||
|
1C9888E0000
|
heap
|
page read and write
|
||
|
20A1D926000
|
heap
|
page read and write
|
||
|
409000
|
unkown
|
page execute and read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
76A267E000
|
stack
|
page read and write
|
||
|
49B000
|
unkown
|
page read and write
|
||
|
216F000
|
direct allocation
|
page read and write
|
||
|
24AE000
|
stack
|
page read and write
|
||
|
7F1000
|
heap
|
page read and write
|
||
|
2330000
|
direct allocation
|
page read and write
|
||
|
A6E000
|
stack
|
page read and write
|
||
|
76A1B76000
|
stack
|
page read and write
|
||
|
20A1D000000
|
heap
|
page read and write
|
||
|
58A000
|
heap
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
900000
|
direct allocation
|
page read and write
|
||
|
26D01200000
|
heap
|
page read and write
|
||
|
1C988637000
|
heap
|
page read and write
|
||
|
7F1000
|
heap
|
page read and write
|
||
|
25D0000
|
heap
|
page read and write
|
||
|
314E000
|
stack
|
page read and write
|
||
|
26D00A73000
|
heap
|
page read and write
|
||
|
823000
|
heap
|
page read and write
|
||
|
17931DE0000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
580000
|
heap
|
page read and write
|
||
|
20A1D0AD000
|
heap
|
page read and write
|
||
|
27B4E860000
|
heap
|
page read and write
|
||
|
27B4E82B000
|
heap
|
page read and write
|
||
|
499000
|
unkown
|
page write copy
|
||
|
58E000
|
heap
|
page read and write
|
||
|
2720000
|
heap
|
page read and write
|
||
|
33BC000
|
heap
|
page read and write
|
||
|
58B000
|
unkown
|
page execute and write copy
|
||
|
5DD0000
|
direct allocation
|
page read and write
|
||
|
780000
|
direct allocation
|
page read and write
|
||
|
2920000
|
heap
|
page read and write
|
||
|
76A1C7E000
|
unkown
|
page readonly
|
||
|
1D20F7E000
|
stack
|
page read and write
|
||
|
17931E02000
|
heap
|
page read and write
|
||
|
499000
|
unkown
|
page read and write
|
||
|
BAF000
|
heap
|
page read and write
|
||
|
5A7000
|
unkown
|
page execute and write copy
|
||
|
25F1000
|
heap
|
page read and write
|
||
|
27B4E902000
|
heap
|
page read and write
|
||
|
24E0000
|
direct allocation
|
page read and write
|
||
|
6B8D5FE000
|
unkown
|
page readonly
|
||
|
1D2157E000
|
stack
|
page read and write
|
||
|
6F4000
|
heap
|
page read and write
|
||
|
2E5A000
|
direct allocation
|
page execute and read and write
|
||
|
27B4E822000
|
heap
|
page read and write
|
||
|
5B31000
|
heap
|
page read and write
|
||
|
26D009A0000
|
heap
|
page read and write
|
||
|
300E000
|
stack
|
page read and write
|
||
|
2770000
|
trusted library allocation
|
page read and write
|
||
|
1D20E7E000
|
unkown
|
page readonly
|
||
|
40D000
|
unkown
|
page write copy
|
||
|
822000
|
heap
|
page read and write
|
||
|
31B0000
|
heap
|
page read and write
|
||
|
26D00A76000
|
heap
|
page read and write
|
||
|
40B000
|
unkown
|
page read and write
|
||
|
2188000
|
direct allocation
|
page read and write
|
||
|
1D2137C000
|
stack
|
page read and write
|
||
|
5DD8000
|
direct allocation
|
page read and write
|
||
|
1C988658000
|
heap
|
page read and write
|
||
|
1C988D70000
|
trusted library allocation
|
page read and write
|
||
|
1C988702000
|
heap
|
page read and write
|
||
|
20A1D102000
|
heap
|
page read and write
|
||
|
5DCA000
|
direct allocation
|
page read and write
|
||
|
18E000
|
stack
|
page read and write
|
||
|
27B4EDC0000
|
remote allocation
|
page read and write
|
||
|
26D01130000
|
trusted library allocation
|
page read and write
|
||
|
6F9C7FE000
|
unkown
|
page readonly
|
||
|
6F9CA7E000
|
stack
|
page read and write
|
||
|
1C988600000
|
heap
|
page read and write
|
||
|
76A227E000
|
stack
|
page read and write
|
||
|
630000
|
unkown
|
page write copy
|
||
|
7D5000
|
heap
|
page read and write
|
||
|
27B4EDA0000
|
trusted library allocation
|
page read and write
|
||
|
26D009C0000
|
heap
|
page read and write
|
||
|
920000
|
heap
|
page read and write
|
||
|
A90000
|
heap
|
page read and write
|
||
|
B9F000
|
heap
|
page read and write
|
||
|
17931E26000
|
heap
|
page read and write
|
||
|
B8A000
|
heap
|
page read and write
|
||
|
6F9C8FD000
|
stack
|
page read and write
|
||
|
6F9CCFE000
|
unkown
|
page readonly
|
||
|
FC4637F000
|
stack
|
page read and write
|
||
|
26D00A8D000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
96000
|
stack
|
page read and write
|
||
|
1C988664000
|
heap
|
page read and write
|
||
|
7F5000
|
heap
|
page read and write
|
||
|
1D2127E000
|
unkown
|
page readonly
|
||
|
17931E00000
|
heap
|
page read and write
|
||
|
17931E2B000
|
heap
|
page read and write
|
||
|
37D8000
|
heap
|
page read and write
|
||
|
49A000
|
unkown
|
page write copy
|
||
|
2FCB000
|
stack
|
page read and write
|
||
|
76A237E000
|
unkown
|
page readonly
|
||
|
411000
|
unkown
|
page readonly
|
||
|
2114000
|
direct allocation
|
page read and write
|
||
|
20A1D068000
|
heap
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
27B4E83F000
|
heap
|
page read and write
|
||
|
26D00B13000
|
heap
|
page read and write
|
||
|
5DC6000
|
direct allocation
|
page read and write
|
||
|
26D00A02000
|
heap
|
page read and write
|
||
|
26D00A4B000
|
heap
|
page read and write
|
||
|
40B000
|
unkown
|
page write copy
|
||
|
7F5000
|
heap
|
page read and write
|
||
|
780000
|
direct allocation
|
page read and write
|
||
|
27B4E800000
|
heap
|
page read and write
|
||
|
6F9C6FE000
|
stack
|
page read and write
|
||
|
79A000
|
heap
|
page read and write
|
||
|
215C000
|
direct allocation
|
page read and write
|
||
|
31B0000
|
trusted library allocation
|
page read and write
|
||
|
30FE000
|
direct allocation
|
page read and write
|
||
|
20F4000
|
direct allocation
|
page read and write
|
||
|
7BD000
|
heap
|
page read and write
|
||
|
FC4667C000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute and write copy
|
||
|
62D000
|
unkown
|
page readonly
|
||
|
59B000
|
unkown
|
page execute and write copy
|
||
|
82B000
|
heap
|
page read and write
|
||
|
26D00A81000
|
heap
|
page read and write
|
||
|
6F9CFFE000
|
unkown
|
page readonly
|
||
|
697000
|
heap
|
page read and write
|
||
|
411000
|
unkown
|
page readonly
|
||
|
34CE000
|
stack
|
page read and write
|
||
|
3380000
|
heap
|
page read and write
|
||
|
2101000
|
direct allocation
|
page read and write
|
||
|
20A1D023000
|
heap
|
page read and write
|
||
|
6F9C5FE000
|
unkown
|
page readonly
|
||
|
5E61000
|
direct allocation
|
page read and write
|
||
|
20A1D048000
|
heap
|
page read and write
|
||
|
20A1CEF0000
|
heap
|
page read and write
|
||
|
20A1D087000
|
heap
|
page read and write
|
||
|
8E0000
|
direct allocation
|
page read and write
|
||
|
20A1D902000
|
heap
|
page read and write
|
||
|
334E000
|
stack
|
page read and write
|
||
|
27B4EE02000
|
trusted library allocation
|
page read and write
|
||
|
17931D00000
|
heap
|
page read and write
|
||
|
7F1000
|
heap
|
page read and write
|
||
|
17931F02000
|
heap
|
page read and write
|
||
|
26D00A13000
|
heap
|
page read and write
|
||
|
6B8D6FE000
|
stack
|
page read and write
|
||
|
2148000
|
direct allocation
|
page read and write
|
||
|
17931E45000
|
heap
|
page read and write
|
||
|
2150000
|
direct allocation
|
page read and write
|
||
|
5EBF000
|
direct allocation
|
page read and write
|
||
|
6F9C57E000
|
stack
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
2790000
|
direct allocation
|
page read and write
|
||
|
26D00A64000
|
heap
|
page read and write
|
||
|
27B4E610000
|
heap
|
page read and write
|
||
|
1C988648000
|
heap
|
page read and write
|
||
|
17932602000
|
trusted library allocation
|
page read and write
|
||
|
6B0000
|
heap
|
page read and write
|
||
|
27B4E849000
|
heap
|
page read and write
|
||
|
639000
|
unkown
|
page readonly
|
||
|
632000
|
unkown
|
page write copy
|
||
|
27B4E828000
|
heap
|
page read and write
|
||
|
339D000
|
heap
|
page read and write
|
||
|
310F000
|
stack
|
page read and write
|
||
|
2330000
|
direct allocation
|
page read and write
|
||
|
20A1D033000
|
heap
|
page read and write
|
||
|
6B8D4FC000
|
stack
|
page read and write
|
||
|
17932470000
|
trusted library allocation
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
4AB000
|
unkown
|
page readonly
|
||
|
26D00A3A000
|
heap
|
page read and write
|
||
|
1D2107E000
|
unkown
|
page readonly
|
||
|
5DB8000
|
direct allocation
|
page read and write
|
||
|
FC4607B000
|
stack
|
page read and write
|
||
|
2230000
|
heap
|
page read and write
|
||
|
30F0000
|
heap
|
page read and write
|
||
|
5AF000
|
unkown
|
page execute and write copy
|
||
|
2D6E000
|
stack
|
page read and write
|
||
|
5DD6000
|
direct allocation
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
822000
|
heap
|
page read and write
|
||
|
32B0000
|
direct allocation
|
page read and write
|
||
|
330E000
|
stack
|
page read and write
|
||
|
5DD4000
|
direct allocation
|
page read and write
|
||
|
26D00B02000
|
heap
|
page read and write
|
||
|
FC4647B000
|
stack
|
page read and write
|
||
|
338F000
|
stack
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
FC4657E000
|
stack
|
page read and write
|
||
|
6F9C9FE000
|
unkown
|
page readonly
|
||
|
5DCC000
|
direct allocation
|
page read and write
|
||
|
17931CE0000
|
heap
|
page read and write
|
||
|
7F5000
|
heap
|
page read and write
|
||
|
20A1CF10000
|
heap
|
page read and write
|
||
|
2780000
|
heap
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
5C30000
|
direct allocation
|
page read and write
|
||
|
2100000
|
direct allocation
|
page read and write
|
||
|
2239000
|
heap
|
page read and write
|
||
|
5B30000
|
heap
|
page read and write
|
||
|
2137000
|
direct allocation
|
page read and write
|
||
|
213C000
|
direct allocation
|
page read and write
|
||
|
5DDE000
|
direct allocation
|
page read and write
|
||
|
216C000
|
direct allocation
|
page read and write
|
||
|
20A1D92E000
|
heap
|
page read and write
|
||
|
1C988E02000
|
trusted library allocation
|
page read and write
|
||
|
26E9000
|
direct allocation
|
page read and write
|
||
|
696000
|
heap
|
page read and write
|
||
|
20A1CFF0000
|
heap
|
page read and write
|
||
|
20A1D93A000
|
heap
|
page read and write
|
||
|
76A1E7B000
|
stack
|
page read and write
|
||
|
17931E3F000
|
heap
|
page read and write
|
||
|
27B4EDC0000
|
remote allocation
|
page read and write
|
||
|
76A1F7E000
|
unkown
|
page readonly
|
||
|
20A1D900000
|
heap
|
page read and write
|
||
|
822000
|
heap
|
page read and write
|
||
|
76A207E000
|
stack
|
page read and write
|
||
|
5DCE000
|
direct allocation
|
page read and write
|
||
|
1D2117E000
|
stack
|
page read and write
|
||
|
670000
|
direct allocation
|
page execute and read and write
|
||
|
589000
|
unkown
|
page execute and write copy
|
||
|
6F9C0FD000
|
stack
|
page read and write
|
||
|
5A1000
|
unkown
|
page execute and write copy
|
||
|
6F9CAFE000
|
unkown
|
page readonly
|
||
|
7F2000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page execute and read and write
|
There are 350 hidden memdumps, click here to show them.