Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
jyU2NpOg5L.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\ET Ammeter Side 10.7.46\ET Ammeter Side 10.7.46.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-008N6.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-09E0C.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-4CRJH.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-73912.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-7KAH0.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-7T2P6.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-8PQMK.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-9DL1V.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-B5LL1.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-CC1JP.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-DP48L.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-H0NOD.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-JA411.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-LDF51.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-PQQIR.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-RVLO5.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-TBLNP.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-UFRG7.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-V1IGP.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-VUI7C.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\jennyvideoconverter32.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libgcc_s_dw2-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libgdk-win32-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libgdk_pixbuf-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libgdkmm-2.4-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libglibmm-2.4-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libgmodule-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libgobject-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libgomp-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libintl-8.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libjpeg-8.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\liblcms2-2.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libpango-1.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libpangocairo-1.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libpangoft2-1.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libpangomm-1.4-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libpangowin32-1.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libpixman-1-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\librsvg-2-2.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libsigc-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libtiff-5.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\uninstall\is-O41ML.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\uninstall\unins000.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-8RF35.tmp\jyU2NpOg5L.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-PEK7B.tmp\_isetup\_RegDLL.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-PEK7B.tmp\_isetup\_iscrypt.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-PEK7B.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\et107it46.dat
|
data
|
dropped
|
||
|
C:\ProgramData\et107rc46.dat
|
data
|
dropped
|
||
|
C:\ProgramData\et107resa.dat
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\ProgramData\et107resb.dat
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-95O1F.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-9FN1B.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-9UPQ4.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-I1MM7.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-NCE8H.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-P6NAN.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-QT7KU.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-VB2TG.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\libgraphite2.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\libharfbuzz-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\liblzma-5.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\libpcre-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\libpng16-16.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\libwinpthread-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\uninstall\unins000.dat
|
InnoSetup Log Jenny Video Converter, version 0x30, 5910 bytes, 767668\user, "C:\Users\user\AppData\Local\Jenny Video Converter"
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\zlib1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-PEK7B.tmp\_isetup\_shfoldr.dll
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
There are 60 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\jyU2NpOg5L.exe
|
"C:\Users\user\Desktop\jyU2NpOg5L.exe"
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\jennyvideoconverter32.exe
|
"C:\Users\user\AppData\Local\Jenny Video Converter\jennyvideoconverter32.exe" -i
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-8RF35.tmp\jyU2NpOg5L.tmp
|
"C:\Users\user\AppData\Local\Temp\is-8RF35.tmp\jyU2NpOg5L.tmp" /SL5="$10454,4254940,54272,C:\Users\user\Desktop\jyU2NpOg5L.exe"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://gwbnnsd.com/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f271ea771795af8e05c445db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf712c0ea929c3a
|
45.155.249.117
|
|
|
|
http://gwbnnsd.com/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b416e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d993bc8689017
|
45.155.249.117
|
|
|
|
gwbnnsd.com
|
|
||
|
http://bfjiqqr.com/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f271ea771795af8e05c445db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf712c0ea929c3a
|
185.196.8.214
|
|
|
|
http://www.innosetup.com/
|
unknown
|
||
|
http://tukaani.org/
|
unknown
|
||
|
http://www.remobjects.com/psU
|
unknown
|
||
|
http://tukaani.org/xz/
|
unknown
|
||
|
http://mingw-w64.sourceforge.net/X
|
unknown
|
||
|
http://45.155.249.117/
|
unknown
|
||
|
http://45.155.249.117/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee9481
|
unknown
|
||
|
http://45.155.249.117/uFd
|
unknown
|
||
|
http://www.remobjects.com/ps
|
unknown
|
||
|
http://fsf.org/
|
unknown
|
||
|
http://185.196.8.214/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df1
|
unknown
|
||
|
http://45.155.249.117/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df
|
unknown
|
||
|
http://www.gnu.org/licenses/
|
unknown
|
There are 7 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
bfjiqqr.com
|
185.196.8.214
|
|
|
|
gwbnnsd.com
|
45.155.249.117
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
45.155.249.117
|
gwbnnsd.com
|
Germany
|
|
|
|
185.196.8.214
|
bfjiqqr.com
|
Switzerland
|
|
|
|
89.105.201.183
|
unknown
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFiles0000
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFilesHash
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
Inno Setup: Setup Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
Inno Setup: App Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
Inno Setup: Icon Group
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
Inno Setup: User
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
Inno Setup: Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
QuietUninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
NoRepair
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\SmallTour
|
et_ammeter_side_i46_8
|
There are 9 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2CCE000
|
heap
|
page read and write
|
|
|
|
2D71000
|
direct allocation
|
page execute and read and write
|
|
|
|
73F000
|
heap
|
page read and write
|
||
|
499000
|
unkown
|
page read and write
|
||
|
632000
|
unkown
|
page write copy
|
||
|
554000
|
heap
|
page read and write
|
||
|
A02000
|
direct allocation
|
page read and write
|
||
|
554000
|
heap
|
page read and write
|
||
|
554000
|
heap
|
page read and write
|
||
|
315E000
|
heap
|
page read and write
|
||
|
2168000
|
direct allocation
|
page read and write
|
||
|
2360000
|
direct allocation
|
page read and write
|
||
|
411000
|
unkown
|
page readonly
|
||
|
409000
|
unkown
|
page execute and read and write
|
||
|
2320000
|
heap
|
page read and write
|
||
|
2DAA000
|
direct allocation
|
page execute and read and write
|
||
|
607F000
|
direct allocation
|
page read and write
|
||
|
250E000
|
stack
|
page read and write
|
||
|
96000
|
stack
|
page read and write
|
||
|
2F5B000
|
stack
|
page read and write
|
||
|
554000
|
heap
|
page read and write
|
||
|
3434000
|
heap
|
page read and write
|
||
|
2290000
|
direct allocation
|
page read and write
|
||
|
218C000
|
direct allocation
|
page read and write
|
||
|
40B000
|
unkown
|
page write copy
|
||
|
554000
|
heap
|
page read and write
|
||
|
554000
|
heap
|
page read and write
|
||
|
554000
|
heap
|
page read and write
|
||
|
49D000
|
unkown
|
page write copy
|
||
|
740000
|
heap
|
page read and write
|
||
|
2F9E000
|
stack
|
page read and write
|
||
|
5F72000
|
direct allocation
|
page read and write
|
||
|
554000
|
heap
|
page read and write
|
||
|
555000
|
heap
|
page read and write
|
||
|
713000
|
heap
|
page read and write
|
||
|
57F0000
|
trusted library allocation
|
page read and write
|
||
|
6B0000
|
heap
|
page read and write
|
||
|
4D0000
|
heap
|
page read and write
|
||
|
2680000
|
direct allocation
|
page read and write
|
||
|
357F000
|
stack
|
page read and write
|
||
|
2550000
|
heap
|
page read and write
|
||
|
33F0000
|
heap
|
page read and write
|
||
|
4AB000
|
unkown
|
page readonly
|
||
|
400000
|
unkown
|
page execute and read and write
|
||
|
554000
|
heap
|
page read and write
|
||
|
2571000
|
heap
|
page read and write
|
||
|
554000
|
heap
|
page read and write
|
||
|
58B1000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
689000
|
heap
|
page read and write
|
||
|
2689000
|
direct allocation
|
page read and write
|
||
|
2168000
|
direct allocation
|
page read and write
|
||
|
554000
|
heap
|
page read and write
|
||
|
554000
|
heap
|
page read and write
|
||
|
58B1000
|
heap
|
page read and write
|
||
|
554000
|
heap
|
page read and write
|
||
|
554000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
554000
|
heap
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
554000
|
heap
|
page read and write
|
||
|
6FF000
|
heap
|
page read and write
|
||
|
749000
|
heap
|
page read and write
|
||
|
4AB000
|
unkown
|
page readonly
|
||
|
24AE000
|
stack
|
page read and write
|
||
|
2290000
|
direct allocation
|
page read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
6BA000
|
heap
|
page read and write
|
||
|
554000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
5F78000
|
direct allocation
|
page read and write
|
||
|
554000
|
heap
|
page read and write
|
||
|
30DE000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2CBD000
|
stack
|
page read and write
|
||
|
713000
|
heap
|
page read and write
|
||
|
2130000
|
direct allocation
|
page read and write
|
||
|
2AC8000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2520000
|
heap
|
page read and write
|
||
|
554000
|
heap
|
page read and write
|
||
|
599000
|
unkown
|
page execute and write copy
|
||
|
6FA000
|
heap
|
page read and write
|
||
|
58B1000
|
heap
|
page read and write
|
||
|
890000
|
heap
|
page read and write
|
||
|
36FF000
|
stack
|
page read and write
|
||
|
554000
|
heap
|
page read and write
|
||
|
2144000
|
direct allocation
|
page read and write
|
||
|
2131000
|
direct allocation
|
page read and write
|
||
|
58F000
|
unkown
|
page execute and write copy
|
||
|
587000
|
unkown
|
page execute and write copy
|
||
|
401000
|
unkown
|
page execute read
|
||
|
5F74000
|
direct allocation
|
page read and write
|
||
|
554000
|
heap
|
page read and write
|
||
|
2157000
|
direct allocation
|
page read and write
|
||
|
554000
|
heap
|
page read and write
|
||
|
B08000
|
heap
|
page read and write
|
||
|
3120000
|
heap
|
page read and write
|
||
|
75B000
|
heap
|
page read and write
|
||
|
554000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
554000
|
heap
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
585000
|
unkown
|
page execute and write copy
|
||
|
9B000
|
stack
|
page read and write
|
||
|
347E000
|
stack
|
page read and write
|
||
|
3742000
|
heap
|
page read and write
|
||
|
554000
|
heap
|
page read and write
|
||
|
2170000
|
direct allocation
|
page read and write
|
||
|
680000
|
heap
|
page read and write
|
||
|
35BF000
|
stack
|
page read and write
|
||
|
31DF000
|
stack
|
page read and write
|
||
|
411000
|
unkown
|
page readonly
|
||
|
58B1000
|
heap
|
page read and write
|
||
|
630000
|
unkown
|
page write copy
|
||
|
680000
|
direct allocation
|
page execute and read and write
|
||
|
B4D000
|
heap
|
page read and write
|
||
|
57F0000
|
heap
|
page read and write
|
||
|
3700000
|
heap
|
page read and write
|
||
|
555000
|
heap
|
page read and write
|
||
|
5F76000
|
direct allocation
|
page read and write
|
||
|
554000
|
heap
|
page read and write
|
||
|
554000
|
heap
|
page read and write
|
||
|
554000
|
heap
|
page read and write
|
||
|
554000
|
heap
|
page read and write
|
||
|
589000
|
unkown
|
page execute and write copy
|
||
|
5F7C000
|
direct allocation
|
page read and write
|
||
|
2260000
|
heap
|
page read and write
|
||
|
554000
|
heap
|
page read and write
|
||
|
34BE000
|
stack
|
page read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
554000
|
heap
|
page read and write
|
||
|
4D0000
|
heap
|
page read and write
|
||
|
554000
|
heap
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
741000
|
heap
|
page read and write
|
||
|
35FE000
|
stack
|
page read and write
|
||
|
2329000
|
heap
|
page read and write
|
||
|
40D000
|
unkown
|
page write copy
|
||
|
2138000
|
direct allocation
|
page read and write
|
||
|
713000
|
heap
|
page read and write
|
||
|
5DF0000
|
direct allocation
|
page read and write
|
||
|
321E000
|
stack
|
page read and write
|
||
|
2360000
|
direct allocation
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
554000
|
heap
|
page read and write
|
||
|
583000
|
unkown
|
page execute and write copy
|
||
|
401000
|
unkown
|
page execute read
|
||
|
3381000
|
heap
|
page read and write
|
||
|
58B000
|
unkown
|
page execute and write copy
|
||
|
554000
|
heap
|
page read and write
|
||
|
554000
|
heap
|
page read and write
|
||
|
A00000
|
direct allocation
|
page read and write
|
||
|
73F000
|
heap
|
page read and write
|
||
|
2124000
|
direct allocation
|
page read and write
|
||
|
3376000
|
heap
|
page read and write
|
||
|
40B000
|
unkown
|
page read and write
|
||
|
22B4000
|
heap
|
page read and write
|
||
|
73F000
|
heap
|
page read and write
|
||
|
713000
|
heap
|
page read and write
|
||
|
554000
|
heap
|
page read and write
|
||
|
2325000
|
heap
|
page read and write
|
||
|
217C000
|
direct allocation
|
page read and write
|
||
|
5F88000
|
direct allocation
|
page read and write
|
||
|
3120000
|
direct allocation
|
page read and write
|
||
|
3436000
|
heap
|
page read and write
|
||
|
21F4000
|
direct allocation
|
page read and write
|
||
|
A30000
|
heap
|
page read and write
|
||
|
3420000
|
direct allocation
|
page read and write
|
||
|
554000
|
heap
|
page read and write
|
||
|
59EF000
|
stack
|
page read and write
|
||
|
5F90000
|
direct allocation
|
page read and write
|
||
|
2250000
|
heap
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
A50000
|
heap
|
page read and write
|
||
|
3321000
|
heap
|
page read and write
|
||
|
49B000
|
unkown
|
page read and write
|
||
|
554000
|
heap
|
page read and write
|
||
|
309F000
|
stack
|
page read and write
|
||
|
B43000
|
heap
|
page read and write
|
||
|
73F000
|
heap
|
page read and write
|
||
|
62D000
|
unkown
|
page readonly
|
||
|
9E0000
|
direct allocation
|
page read and write
|
||
|
B2C000
|
heap
|
page read and write
|
||
|
554000
|
heap
|
page read and write
|
||
|
215C000
|
direct allocation
|
page read and write
|
||
|
554000
|
heap
|
page read and write
|
||
|
18D000
|
stack
|
page read and write
|
||
|
58B1000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
3370000
|
heap
|
page read and write
|
||
|
499000
|
unkown
|
page write copy
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
22B0000
|
heap
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute and write copy
|
||
|
696000
|
unkown
|
page readonly
|
||
|
10002000
|
unkown
|
page readonly
|
||
|
73F000
|
heap
|
page read and write
|
||
|
639000
|
unkown
|
page readonly
|
||
|
554000
|
heap
|
page read and write
|
||
|
5F7E000
|
direct allocation
|
page read and write
|
||
|
5A1000
|
unkown
|
page execute and write copy
|
||
|
401000
|
unkown
|
page execute read
|
||
|
554000
|
heap
|
page read and write
|
||
|
27E0000
|
trusted library allocation
|
page read and write
|
||
|
880000
|
heap
|
page read and write
|
||
|
554000
|
heap
|
page read and write
|
||
|
713000
|
heap
|
page read and write
|
||
|
2120000
|
direct allocation
|
page read and write
|
||
|
2E5C000
|
stack
|
page read and write
|
||
|
9F0000
|
direct allocation
|
page read and write
|
||
|
2158000
|
direct allocation
|
page read and write
|
||
|
58D000
|
unkown
|
page execute and write copy
|
||
|
A10000
|
direct allocation
|
page read and write
|
||
|
2700000
|
direct allocation
|
page read and write
|
||
|
331E000
|
stack
|
page read and write
|
||
|
49A000
|
unkown
|
page write copy
|
||
|
5B3000
|
unkown
|
page execute and write copy
|
||
|
5F7A000
|
direct allocation
|
page read and write
|
||
|
2670000
|
heap
|
page read and write
|
||
|
68E000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2890000
|
heap
|
page read and write
|
||
|
554000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
2150000
|
direct allocation
|
page read and write
|
||
|
5FA2000
|
direct allocation
|
page read and write
|
||
|
6021000
|
direct allocation
|
page read and write
|
||
|
3320000
|
heap
|
page read and write
|
||
|
A58000
|
heap
|
page read and write
|
||
|
23F0000
|
direct allocation
|
page read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
554000
|
heap
|
page read and write
|
||
|
35BE000
|
stack
|
page read and write
|
||
|
218F000
|
direct allocation
|
page read and write
|
||
|
2BBE000
|
stack
|
page read and write
|
||
|
6BE000
|
heap
|
page read and write
|
||
|
24C0000
|
heap
|
page read and write
|
||
|
312E000
|
direct allocation
|
page read and write
|
||
|
3120000
|
direct allocation
|
page read and write
|
||
|
554000
|
heap
|
page read and write
|
||
|
554000
|
heap
|
page read and write
|
||
|
554000
|
heap
|
page read and write
|
||
|
554000
|
heap
|
page read and write
|
There are 236 hidden memdumps, click here to show them.