Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
1iGYsIphmN.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\DP Free Video Converter 10.23.46\DP Free Video Converter 10.23.46.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\dpfreevideoconverter3264.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-14NDM.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-22RU2.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-29ID7.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-3GJGM.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-5KNMT.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-5NT2B.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-AAVDI.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-D04C6.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-H32UM.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-HGCFL.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-I40JV.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-J8SQ7.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-MAT0T.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-PA2IE.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-S28N5.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-SL8EF.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-T761O.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-TD2RN.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-UHH4I.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-VF2DQ.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\libgcc_s_dw2-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\libgdk-win32-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\libgdk_pixbuf-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\libgdkmm-2.4-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\libglibmm-2.4-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\libgmodule-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\libgobject-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\libgomp-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\libintl-8.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\libjpeg-8.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\liblcms2-2.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\libpango-1.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\libpangocairo-1.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\libpangoft2-1.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\libpangomm-1.4-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\libpangowin32-1.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\libpixman-1-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\librsvg-2-2.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\libsigc-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\libtiff-5.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\uninstall\is-DIJPO.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\uninstall\unins000.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-92VMD.tmp\1iGYsIphmN.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-OUH2D.tmp\_isetup\_RegDLL.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-OUH2D.tmp\_isetup\_iscrypt.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-OUH2D.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\dp1023it46.dat
|
data
|
dropped
|
||
|
C:\ProgramData\dp1023rc46.dat
|
data
|
dropped
|
||
|
C:\ProgramData\dp1023resa.dat
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\ProgramData\dp1023resb.dat
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-12LVF.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-C1BN7.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-CEHUB.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-E2R8F.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-F65BV.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-GTFMU.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-QN9PD.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-T4R81.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\DP Free Video Converter\libgraphite2.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\DP Free Video Converter\libharfbuzz-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\DP Free Video Converter\liblzma-5.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\DP Free Video Converter\libpcre-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\DP Free Video Converter\libpng16-16.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\DP Free Video Converter\libwinpthread-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\DP Free Video Converter\uninstall\unins000.dat
|
InnoSetup Log DP Free Video Converter, version 0x30, 5955 bytes, 675052\user, "C:\Users\user\AppData\Local\DP Free Video Converter"
|
dropped
|
||
|
C:\Users\user\AppData\Local\DP Free Video Converter\zlib1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-OUH2D.tmp\_isetup\_shfoldr.dll
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
There are 60 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\1iGYsIphmN.exe
|
"C:\Users\user\Desktop\1iGYsIphmN.exe"
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\dpfreevideoconverter3264.exe
|
"C:\Users\user\AppData\Local\DP Free Video Converter\dpfreevideoconverter3264.exe" -i
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-92VMD.tmp\1iGYsIphmN.tmp
|
"C:\Users\user\AppData\Local\Temp\is-92VMD.tmp\1iGYsIphmN.tmp" /SL5="$20470,3807573,53248,C:\Users\user\Desktop\1iGYsIphmN.exe"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://dluduxe.info/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f271ea771795af8e05c445db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf616c3e894923b
|
185.208.158.202
|
|
|
|
dluduxe.info
|
|
||
|
http://dluduxe.info/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec91854a875a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b416e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9c9d38ca6e9e16
|
185.208.158.202
|
|
|
|
http://www.innosetup.com/
|
unknown
|
||
|
http://tukaani.org/
|
unknown
|
||
|
http://tukaani.org/xz/
|
unknown
|
||
|
http://185.208.158.202/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eC
|
unknown
|
||
|
http://185.208.158.202/
|
unknown
|
||
|
http://mingw-w64.sourceforge.net/X
|
unknown
|
||
|
http://www.remobjects.com/?ps
|
unknown
|
||
|
http://185.208.158.202/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec918
|
unknown
|
||
|
http://fsf.org/
|
unknown
|
||
|
http://185.208.158.202/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82d
|
unknown
|
||
|
http://www.gnu.org/licenses/
|
unknown
|
||
|
http://www.remobjects.com/?psU
|
unknown
|
There are 5 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
dluduxe.info
|
185.208.158.202
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.208.158.202
|
dluduxe.info
|
Switzerland
|
|
|
|
89.105.201.183
|
unknown
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DP Free Video Converter_is1
|
Inno Setup: Setup Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DP Free Video Converter_is1
|
Inno Setup: App Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DP Free Video Converter_is1
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DP Free Video Converter_is1
|
Inno Setup: Icon Group
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DP Free Video Converter_is1
|
Inno Setup: User
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DP Free Video Converter_is1
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DP Free Video Converter_is1
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DP Free Video Converter_is1
|
QuietUninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DP Free Video Converter_is1
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DP Free Video Converter_is1
|
NoRepair
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DP Free Video Converter_is1
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\SmallTour
|
dp_free_video_converter_i46_6
|
There are 2 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
26BD000
|
heap
|
page read and write
|
|
|
|
2BD1000
|
direct allocation
|
page execute and read and write
|
|
|
|
793000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
A1E000
|
stack
|
page read and write
|
||
|
30F0000
|
direct allocation
|
page read and write
|
||
|
10002000
|
unkown
|
page readonly
|
||
|
BE0000
|
direct allocation
|
page read and write
|
||
|
57D000
|
unkown
|
page execute and write copy
|
||
|
19D000
|
stack
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
7DE000
|
heap
|
page read and write
|
||
|
27B0000
|
trusted library allocation
|
page read and write
|
||
|
83F000
|
heap
|
page read and write
|
||
|
799000
|
heap
|
page read and write
|
||
|
7B3000
|
heap
|
page read and write
|
||
|
216C000
|
direct allocation
|
page read and write
|
||
|
4C70000
|
direct allocation
|
page read and write
|
||
|
2D7B000
|
stack
|
page read and write
|
||
|
20A4000
|
direct allocation
|
page read and write
|
||
|
32CA000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
260F000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
740000
|
heap
|
page read and write
|
||
|
805000
|
heap
|
page read and write
|
||
|
849000
|
heap
|
page read and write
|
||
|
32BC000
|
heap
|
page read and write
|
||
|
2320000
|
direct allocation
|
page read and write
|
||
|
40D000
|
unkown
|
page write copy
|
||
|
597000
|
unkown
|
page execute and write copy
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
69D000
|
unkown
|
page readonly
|
||
|
24FB000
|
direct allocation
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
400000
|
unkown
|
page readonly
|
||
|
32FB000
|
heap
|
page read and write
|
||
|
26A0000
|
heap
|
page read and write
|
||
|
2148000
|
direct allocation
|
page read and write
|
||
|
24F0000
|
direct allocation
|
page read and write
|
||
|
344E000
|
stack
|
page read and write
|
||
|
40B000
|
unkown
|
page read and write
|
||
|
493000
|
unkown
|
page write copy
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2320000
|
direct allocation
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
830000
|
heap
|
page read and write
|
||
|
4C70000
|
trusted library allocation
|
page read and write
|
||
|
2750000
|
heap
|
page read and write
|
||
|
58B000
|
unkown
|
page execute and write copy
|
||
|
B60000
|
direct allocation
|
page read and write
|
||
|
4CA7000
|
direct allocation
|
page read and write
|
||
|
6B3000
|
unkown
|
page readonly
|
||
|
490000
|
unkown
|
page write copy
|
||
|
63D000
|
unkown
|
page readonly
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
23E4000
|
heap
|
page read and write
|
||
|
4DFC000
|
direct allocation
|
page read and write
|
||
|
80B000
|
heap
|
page read and write
|
||
|
268C000
|
stack
|
page read and write
|
||
|
62F000
|
unkown
|
page readonly
|
||
|
4DFE000
|
direct allocation
|
page read and write
|
||
|
2FFF000
|
stack
|
page read and write
|
||
|
4E02000
|
direct allocation
|
page read and write
|
||
|
C02000
|
direct allocation
|
page read and write
|
||
|
587000
|
unkown
|
page execute and write copy
|
||
|
4DF0000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page execute and read and write
|
||
|
2255000
|
heap
|
page read and write
|
||
|
2780000
|
heap
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
1D6000
|
heap
|
page read and write
|
||
|
337F000
|
stack
|
page read and write
|
||
|
3386000
|
heap
|
page read and write
|
||
|
665000
|
unkown
|
page readonly
|
||
|
368F000
|
stack
|
page read and write
|
||
|
58F000
|
unkown
|
page execute and write copy
|
||
|
212C000
|
direct allocation
|
page read and write
|
||
|
BF0000
|
direct allocation
|
page read and write
|
||
|
53E000
|
heap
|
page read and write
|
||
|
2126000
|
direct allocation
|
page read and write
|
||
|
2138000
|
direct allocation
|
page read and write
|
||
|
779000
|
heap
|
page read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
490000
|
unkown
|
page read and write
|
||
|
32C7000
|
heap
|
page read and write
|
||
|
2250000
|
heap
|
page read and write
|
||
|
633000
|
unkown
|
page write copy
|
||
|
2EFE000
|
stack
|
page read and write
|
||
|
2110000
|
direct allocation
|
page read and write
|
||
|
4CD0000
|
direct allocation
|
page read and write
|
||
|
2138000
|
direct allocation
|
page read and write
|
||
|
3102000
|
direct allocation
|
page read and write
|
||
|
589000
|
unkown
|
page execute and write copy
|
||
|
758000
|
heap
|
page read and write
|
||
|
96000
|
stack
|
page read and write
|
||
|
539000
|
heap
|
page read and write
|
||
|
1D0000
|
heap
|
page read and write
|
||
|
4A1000
|
unkown
|
page readonly
|
||
|
4D10000
|
direct allocation
|
page read and write
|
||
|
C00000
|
direct allocation
|
page read and write
|
||
|
71E000
|
stack
|
page read and write
|
||
|
411000
|
unkown
|
page readonly
|
||
|
7E1000
|
heap
|
page read and write
|
||
|
2115000
|
direct allocation
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
32AD000
|
stack
|
page read and write
|
||
|
2658000
|
heap
|
page read and write
|
||
|
4E00000
|
direct allocation
|
page read and write
|
||
|
354F000
|
stack
|
page read and write
|
||
|
2570000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
430000
|
heap
|
page read and write
|
||
|
315F000
|
stack
|
page read and write
|
||
|
58D000
|
unkown
|
page execute and write copy
|
||
|
40B000
|
unkown
|
page write copy
|
||
|
57B000
|
unkown
|
page execute and write copy
|
||
|
23D1000
|
heap
|
page read and write
|
||
|
2BCF000
|
stack
|
page read and write
|
||
|
2630000
|
heap
|
page read and write
|
||
|
32B0000
|
heap
|
page read and write
|
||
|
4D08000
|
direct allocation
|
page read and write
|
||
|
C10000
|
heap
|
page read and write
|
||
|
327E000
|
stack
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
793000
|
heap
|
page read and write
|
||
|
358E000
|
stack
|
page read and write
|
||
|
2118000
|
direct allocation
|
page read and write
|
||
|
490000
|
heap
|
page read and write
|
||
|
4DEE000
|
direct allocation
|
page read and write
|
||
|
18E000
|
stack
|
page read and write
|
||
|
7B3000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
20B1000
|
direct allocation
|
page read and write
|
||
|
599000
|
unkown
|
page execute and write copy
|
||
|
635000
|
unkown
|
page write copy
|
||
|
20B8000
|
direct allocation
|
page read and write
|
||
|
7DE000
|
heap
|
page read and write
|
||
|
4E10000
|
direct allocation
|
page read and write
|
||
|
2220000
|
direct allocation
|
page execute and read and write
|
||
|
4E0C000
|
direct allocation
|
page read and write
|
||
|
3381000
|
heap
|
page read and write
|
||
|
585000
|
unkown
|
page execute and write copy
|
||
|
4DF8000
|
direct allocation
|
page read and write
|
||
|
552000
|
unkown
|
page execute and write copy
|
||
|
2350000
|
heap
|
page read and write
|
||
|
24C0000
|
direct allocation
|
page read and write
|
||
|
313E000
|
stack
|
page read and write
|
||
|
2617000
|
heap
|
page read and write
|
||
|
2138000
|
direct allocation
|
page read and write
|
||
|
3690000
|
heap
|
page read and write
|
||
|
2360000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
4ADF000
|
stack
|
page read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
75E000
|
heap
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
20B1000
|
direct allocation
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
20C4000
|
direct allocation
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
59D000
|
unkown
|
page execute and write copy
|
||
|
3714000
|
heap
|
page read and write
|
||
|
211D000
|
direct allocation
|
page read and write
|
||
|
30F0000
|
direct allocation
|
page read and write
|
||
|
411000
|
unkown
|
page readonly
|
||
|
488E000
|
stack
|
page read and write
|
||
|
75A000
|
heap
|
page read and write
|
||
|
4E0A000
|
direct allocation
|
page read and write
|
||
|
262E000
|
stack
|
page read and write
|
||
|
6A5000
|
unkown
|
page readonly
|
||
|
323F000
|
stack
|
page read and write
|
||
|
2259000
|
heap
|
page read and write
|
||
|
4DE8000
|
direct allocation
|
page read and write
|
||
|
31AE000
|
stack
|
page read and write
|
||
|
4DFA000
|
direct allocation
|
page read and write
|
||
|
32B5000
|
heap
|
page read and write
|
||
|
20A0000
|
direct allocation
|
page read and write
|
||
|
4E0E000
|
direct allocation
|
page read and write
|
||
|
575000
|
unkown
|
page execute and write copy
|
||
|
2626000
|
heap
|
page read and write
|
||
|
23E0000
|
heap
|
page read and write
|
||
|
25FB000
|
heap
|
page read and write
|
||
|
4DC5000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
4A1000
|
unkown
|
page readonly
|
||
|
32C4000
|
heap
|
page read and write
|
||
|
2138000
|
direct allocation
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
2C0A000
|
direct allocation
|
page execute and read and write
|
||
|
24E0000
|
heap
|
page read and write
|
||
|
640000
|
heap
|
page read and write
|
||
|
40B000
|
unkown
|
page execute and read and write
|
||
|
305E000
|
stack
|
page read and write
|
||
|
262F000
|
heap
|
page read and write
|
||
|
498E000
|
stack
|
page read and write
|
||
|
49DE000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute and write copy
|
||
|
59B000
|
unkown
|
page execute and write copy
|
There are 191 hidden memdumps, click here to show them.