Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
etwSnBeIC2.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\ET Ammeter Side 10.7.45\ET Ammeter Side 10.7.45.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-17BMK.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-1N1JF.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-2DHLG.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-3MH90.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-4IH98.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-6ES77.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-7IMBQ.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-8F8OG.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-8IPC7.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-9O8U2.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-DNMH8.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-FLG21.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-JJ6AT.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-M5TJM.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-MRRC0.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-N1N9Q.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-NESP7.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-QAKC5.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-S9L3Q.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-T7CO0.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\jennyvideoconverter32.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libgcc_s_dw2-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libgdk-win32-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libgdk_pixbuf-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libgdkmm-2.4-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libglibmm-2.4-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libgmodule-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libgobject-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libgomp-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libintl-8.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libjpeg-8.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\liblcms2-2.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libpango-1.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libpangocairo-1.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libpangoft2-1.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libpangomm-1.4-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libpangowin32-1.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libpixman-1-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\librsvg-2-2.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libsigc-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\libtiff-5.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\uninstall\is-CMV2A.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\uninstall\unins000.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-MF78U.tmp\etwSnBeIC2.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-S55QC.tmp\_isetup\_RegDLL.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-S55QC.tmp\_isetup\_iscrypt.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-S55QC.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\et107it45.dat
|
data
|
dropped
|
||
|
C:\ProgramData\et107rc45.dat
|
data
|
dropped
|
||
|
C:\ProgramData\et107resa.dat
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\ProgramData\et107resb.dat
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-3C13B.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-8RAC0.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-CABM6.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-E6D02.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-FH9M5.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-GNC2U.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-HJPUM.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\is-R08OU.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\libgraphite2.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\libharfbuzz-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\liblzma-5.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\libpcre-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\libpng16-16.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\libwinpthread-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\uninstall\unins000.dat
|
InnoSetup Log Jenny Video Converter, version 0x30, 5926 bytes, 921702\user, "C:\Users\user\AppData\Local\Jenny Video Converter"
|
dropped
|
||
|
C:\Users\user\AppData\Local\Jenny Video Converter\zlib1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-S55QC.tmp\_isetup\_shfoldr.dll
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
There are 60 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\etwSnBeIC2.exe
|
"C:\Users\user\Desktop\etwSnBeIC2.exe"
|
|
|
|
C:\Users\user\AppData\Local\Jenny Video Converter\jennyvideoconverter32.exe
|
"C:\Users\user\AppData\Local\Jenny Video Converter\jennyvideoconverter32.exe" -i
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-MF78U.tmp\etwSnBeIC2.tmp
|
"C:\Users\user\AppData\Local\Temp\is-MF78U.tmp\etwSnBeIC2.tmp" /SL5="$2042C,4242250,54272,C:\Users\user\Desktop\etwSnBeIC2.exe"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
aqplodo.ru
|
|
||
|
http://aqplodo.ru/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d993acb69911f
|
185.208.158.248
|
|
|
|
http://aqplodo.ru/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f271ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf712c1e9939d32
|
185.208.158.248
|
|
|
|
http://www.innosetup.com/
|
unknown
|
||
|
http://185.208.1c8
|
unknown
|
||
|
http://tukaani.org/
|
unknown
|
||
|
http://www.remobjects.com/psU
|
unknown
|
||
|
http://tukaani.org/xz/
|
unknown
|
||
|
http://185.208.158.248/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82d
|
unknown
|
||
|
http://mingw-w64.sourceforge.net/X
|
unknown
|
||
|
http://185.208.158.248/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee948
|
unknown
|
||
|
http://www.remobjects.com/ps
|
unknown
|
||
|
http://fsf.org/
|
unknown
|
||
|
http://www.gnu.org/licenses/
|
unknown
|
There are 4 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
aqplodo.ru
|
185.208.158.248
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.208.158.248
|
aqplodo.ru
|
Switzerland
|
|
|
|
89.105.201.183
|
unknown
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFiles0000
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFilesHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
Inno Setup: Setup Version
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
Inno Setup: App Path
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
InstallLocation
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
Inno Setup: Icon Group
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
Inno Setup: User
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
Inno Setup: Language
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
DisplayName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
UninstallString
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
QuietUninstallString
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
NoModify
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
NoRepair
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
InstallDate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Jenny Video Converter_is1
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\BetaTour
|
et_ammeter_side_i45_4
|
There are 9 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2C83000
|
heap
|
page read and write
|
|
|
|
2D31000
|
direct allocation
|
page execute and read and write
|
|
|
|
544000
|
heap
|
page read and write
|
||
|
5D14000
|
direct allocation
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
2320000
|
direct allocation
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
4B9000
|
heap
|
page read and write
|
||
|
5D28000
|
direct allocation
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
40B000
|
unkown
|
page read and write
|
||
|
597000
|
unkown
|
page execute and write copy
|
||
|
4BE000
|
heap
|
page read and write
|
||
|
2144000
|
direct allocation
|
page read and write
|
||
|
B9C000
|
heap
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
545000
|
heap
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
544000
|
heap
|
page read and write
|
||
|
651000
|
heap
|
page read and write
|
||
|
10002000
|
unkown
|
page readonly
|
||
|
AA0000
|
heap
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
2730000
|
heap
|
page read and write
|
||
|
680000
|
heap
|
page read and write
|
||
|
2190000
|
direct allocation
|
page read and write
|
||
|
325E000
|
stack
|
page read and write
|
||
|
409000
|
unkown
|
page execute and read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
56B0000
|
heap
|
page read and write
|
||
|
5B80000
|
direct allocation
|
page read and write
|
||
|
40D000
|
unkown
|
page write copy
|
||
|
2320000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2230000
|
heap
|
page read and write
|
||
|
3634000
|
heap
|
page read and write
|
||
|
35FF000
|
stack
|
page read and write
|
||
|
A10000
|
heap
|
page read and write
|
||
|
58BC000
|
heap
|
page read and write
|
||
|
2640000
|
direct allocation
|
page read and write
|
||
|
4AB000
|
unkown
|
page readonly
|
||
|
544000
|
heap
|
page read and write
|
||
|
5A5000
|
unkown
|
page execute and write copy
|
||
|
2630000
|
heap
|
page read and write
|
||
|
B56000
|
heap
|
page read and write
|
||
|
D9D000
|
stack
|
page read and write
|
||
|
64C000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
2840000
|
direct allocation
|
page read and write
|
||
|
2770000
|
trusted library allocation
|
page read and write
|
||
|
36C0000
|
heap
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
227C000
|
direct allocation
|
page read and write
|
||
|
635000
|
heap
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
37C7000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
544000
|
heap
|
page read and write
|
||
|
324F000
|
stack
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
2248000
|
direct allocation
|
page read and write
|
||
|
89E000
|
stack
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
2088000
|
direct allocation
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
A50000
|
direct allocation
|
page read and write
|
||
|
30F0000
|
direct allocation
|
page read and write
|
||
|
5D22000
|
direct allocation
|
page read and write
|
||
|
49D000
|
unkown
|
page write copy
|
||
|
545000
|
heap
|
page read and write
|
||
|
2258000
|
direct allocation
|
page read and write
|
||
|
5771000
|
heap
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
5D1C000
|
direct allocation
|
page read and write
|
||
|
A40000
|
direct allocation
|
page read and write
|
||
|
5771000
|
heap
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
311E000
|
stack
|
page read and write
|
||
|
A30000
|
direct allocation
|
page read and write
|
||
|
28FE000
|
stack
|
page read and write
|
||
|
5D16000
|
direct allocation
|
page read and write
|
||
|
680000
|
heap
|
page read and write
|
||
|
2235000
|
heap
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
680000
|
heap
|
page read and write
|
||
|
314E000
|
stack
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
545000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
62D000
|
unkown
|
page readonly
|
||
|
19C000
|
stack
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
4AB000
|
unkown
|
page readonly
|
||
|
2258000
|
direct allocation
|
page read and write
|
||
|
632000
|
unkown
|
page write copy
|
||
|
544000
|
heap
|
page read and write
|
||
|
696000
|
unkown
|
page readonly
|
||
|
5D1A000
|
direct allocation
|
page read and write
|
||
|
338F000
|
stack
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
A42000
|
direct allocation
|
page read and write
|
||
|
33BE000
|
stack
|
page read and write
|
||
|
321F000
|
stack
|
page read and write
|
||
|
5B0000
|
direct allocation
|
page execute and read and write
|
||
|
5FE000
|
heap
|
page read and write
|
||
|
2770000
|
heap
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
593000
|
unkown
|
page execute and write copy
|
||
|
544000
|
heap
|
page read and write
|
||
|
226C000
|
direct allocation
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
49A000
|
unkown
|
page write copy
|
||
|
30DF000
|
stack
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
630000
|
unkown
|
page write copy
|
||
|
5771000
|
heap
|
page read and write
|
||
|
5FA000
|
heap
|
page read and write
|
||
|
2080000
|
direct allocation
|
page read and write
|
||
|
654000
|
heap
|
page read and write
|
||
|
411000
|
unkown
|
page readonly
|
||
|
544000
|
heap
|
page read and write
|
||
|
2C8D000
|
heap
|
page read and write
|
||
|
34FE000
|
stack
|
page read and write
|
||
|
5D10000
|
direct allocation
|
page read and write
|
||
|
440000
|
heap
|
page read and write
|
||
|
5A1000
|
unkown
|
page execute and write copy
|
||
|
400000
|
unkown
|
page execute and read and write
|
||
|
2751000
|
heap
|
page read and write
|
||
|
367A000
|
heap
|
page read and write
|
||
|
2240000
|
direct allocation
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
591000
|
unkown
|
page execute and write copy
|
||
|
8A0000
|
heap
|
page read and write
|
||
|
4B0000
|
heap
|
page read and write
|
||
|
5771000
|
heap
|
page read and write
|
||
|
599000
|
unkown
|
page execute and write copy
|
||
|
49B000
|
unkown
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
30FE000
|
direct allocation
|
page read and write
|
||
|
227F000
|
direct allocation
|
page read and write
|
||
|
63F000
|
heap
|
page read and write
|
||
|
2070000
|
direct allocation
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
5A3000
|
unkown
|
page execute and write copy
|
||
|
544000
|
heap
|
page read and write
|
||
|
2190000
|
direct allocation
|
page read and write
|
||
|
56B0000
|
trusted library allocation
|
page read and write
|
||
|
B92000
|
heap
|
page read and write
|
||
|
5D24000
|
direct allocation
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
A70000
|
heap
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
5A81000
|
heap
|
page read and write
|
||
|
2190000
|
heap
|
page read and write
|
||
|
59B000
|
unkown
|
page execute and write copy
|
||
|
544000
|
heap
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
335E000
|
stack
|
page read and write
|
||
|
5D12000
|
direct allocation
|
page read and write
|
||
|
5880000
|
heap
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
96000
|
stack
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
2EDB000
|
stack
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
5D20000
|
direct allocation
|
page read and write
|
||
|
4D0000
|
heap
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
34BF000
|
stack
|
page read and write
|
||
|
2649000
|
direct allocation
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
5771000
|
heap
|
page read and write
|
||
|
5A80000
|
heap
|
page read and write
|
||
|
25FC000
|
stack
|
page read and write
|
||
|
224C000
|
direct allocation
|
page read and write
|
||
|
5E0F000
|
direct allocation
|
page read and write
|
||
|
2D6A000
|
direct allocation
|
page execute and read and write
|
||
|
36D3000
|
heap
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
5D1E000
|
direct allocation
|
page read and write
|
||
|
654000
|
heap
|
page read and write
|
||
|
499000
|
unkown
|
page write copy
|
||
|
2930000
|
heap
|
page read and write
|
||
|
328E000
|
stack
|
page read and write
|
||
|
21A4000
|
heap
|
page read and write
|
||
|
18D000
|
stack
|
page read and write
|
||
|
595000
|
unkown
|
page execute and write copy
|
||
|
21A0000
|
heap
|
page read and write
|
||
|
5A9000
|
unkown
|
page execute and write copy
|
||
|
544000
|
heap
|
page read and write
|
||
|
680000
|
heap
|
page read and write
|
||
|
499000
|
unkown
|
page read and write
|
||
|
2081000
|
direct allocation
|
page read and write
|
||
|
68A000
|
heap
|
page read and write
|
||
|
682000
|
heap
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
A20000
|
direct allocation
|
page read and write
|
||
|
AA8000
|
heap
|
page read and write
|
||
|
411000
|
unkown
|
page readonly
|
||
|
30F0000
|
direct allocation
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
B78000
|
heap
|
page read and write
|
||
|
59D000
|
unkown
|
page execute and write copy
|
||
|
63B000
|
heap
|
page read and write
|
||
|
2094000
|
direct allocation
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
2074000
|
direct allocation
|
page read and write
|
||
|
40B000
|
unkown
|
page write copy
|
||
|
654000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
401000
|
unkown
|
page execute and write copy
|
||
|
30F0000
|
direct allocation
|
page read and write
|
||
|
2610000
|
heap
|
page read and write
|
||
|
2239000
|
heap
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
B67000
|
heap
|
page read and write
|
||
|
3700000
|
heap
|
page read and write
|
||
|
59F000
|
unkown
|
page execute and write copy
|
||
|
69C000
|
heap
|
page read and write
|
||
|
C9F000
|
stack
|
page read and write
|
||
|
36D5000
|
heap
|
page read and write
|
||
|
654000
|
heap
|
page read and write
|
||
|
639000
|
unkown
|
page readonly
|
||
|
544000
|
heap
|
page read and write
|
||
|
9FE000
|
stack
|
page read and write
|
||
|
2540000
|
direct allocation
|
page read and write
|
||
|
2160000
|
heap
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
2260000
|
direct allocation
|
page read and write
|
||
|
5DB1000
|
direct allocation
|
page read and write
|
||
|
2247000
|
direct allocation
|
page read and write
|
||
|
5D18000
|
direct allocation
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
There are 239 hidden memdumps, click here to show them.