Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
hAyQbTcI0I.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\DP Free Video Converter 10.23.46\DP Free Video Converter 10.23.46.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\dpfreevideoconverter3264.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-2N4MA.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-2VULV.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-37I6M.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-4O0LJ.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-7TG8V.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-9LPV1.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-E9QJH.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-FBC4J.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-KGN1A.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-KPCIR.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-KSDHT.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-L3IUL.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-L5N62.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-LF8IA.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-NED7E.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-NOUEU.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-PPNQF.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-QIJO8.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-TFBPF.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-UUPB2.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\libgcc_s_dw2-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\libgdk-win32-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\libgdk_pixbuf-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\libgdkmm-2.4-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\libglibmm-2.4-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\libgmodule-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\libgobject-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\libgomp-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\libintl-8.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\libjpeg-8.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\liblcms2-2.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\libpango-1.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\libpangocairo-1.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\libpangoft2-1.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\libpangomm-1.4-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\libpangowin32-1.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\libpixman-1-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\librsvg-2-2.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\libsigc-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\libtiff-5.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\uninstall\is-6073S.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\uninstall\unins000.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-DSMCE.tmp\_isetup\_RegDLL.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-DSMCE.tmp\_isetup\_iscrypt.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-DSMCE.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-FR14S.tmp\hAyQbTcI0I.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\ProgramData\dp1023it46.dat
|
data
|
dropped
|
||
|
C:\ProgramData\dp1023rc46.dat
|
data
|
dropped
|
||
|
C:\ProgramData\dp1023resa.dat
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\ProgramData\dp1023resb.dat
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-6HFPG.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-G27H3.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-MLRBP.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-ND6Q4.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-QM5QU.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-RCC81.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-RNIQ6.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\DP Free Video Converter\is-S2ODS.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\DP Free Video Converter\libgraphite2.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\DP Free Video Converter\libharfbuzz-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\DP Free Video Converter\liblzma-5.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\DP Free Video Converter\libpcre-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\DP Free Video Converter\libpng16-16.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\DP Free Video Converter\libwinpthread-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\DP Free Video Converter\uninstall\unins000.dat
|
InnoSetup Log DP Free Video Converter, version 0x30, 6087 bytes, 284992\user, "C:\Users\user\AppData\Local\DP Free Video Converter"
|
dropped
|
||
|
C:\Users\user\AppData\Local\DP Free Video Converter\zlib1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-DSMCE.tmp\_isetup\_shfoldr.dll
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
There are 60 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\hAyQbTcI0I.exe
|
"C:\Users\user\Desktop\hAyQbTcI0I.exe"
|
|
|
|
C:\Users\user\AppData\Local\DP Free Video Converter\dpfreevideoconverter3264.exe
|
"C:\Users\user\AppData\Local\DP Free Video Converter\dpfreevideoconverter3264.exe" -i
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-FR14S.tmp\hAyQbTcI0I.tmp
|
"C:\Users\user~1\AppData\Local\Temp\is-FR14S.tmp\hAyQbTcI0I.tmp" /SL5="$1043E,4073274,53248,C:\Users\user\Desktop\hAyQbTcI0I.exe"
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://csvskfe.net/search/?q=67e28dd86f09f429110aa5197c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4de8889b5e4fa9281ae978f771ea771795af8e05c445db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf616c5ee9c9f3f
|
185.208.158.202
|
|
|
|
http://csvskfe.net/search/?q=67e28dd86f09f429110aa5197c27d78406abdd88be4b12eab517aa5c96bd86e9978f4a885a8bbc896c58e713bc90c91836b5281fc235a925ed3e54d6bd974a95129070b416e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9c9d3ecc669312
|
185.208.158.202
|
|
|
|
csvskfe.net
|
|
||
|
http://www.innosetup.com/
|
unknown
|
||
|
http://tukaani.org/
|
unknown
|
||
|
http://185.208.158.202/search/?q=67e28dd86f09f429110aa5197c27d78406abdd88be4b12eab517aa5c96bd86e9978
|
unknown
|
||
|
http://tukaani.org/xz/
|
unknown
|
||
|
http://mingw-w64.sourceforge.net/X
|
unknown
|
||
|
http://185.2
|
unknown
|
||
|
http://185.208.158.202/search/?q=67e28dd86f09f429110aa5197c27d78406abdd88be4b12ebb517aa5c96bd86ed82d
|
unknown
|
||
|
http://www.remobjects.com/?ps
|
unknown
|
||
|
http://185.208.158.202/sV
|
unknown
|
||
|
http://fsf.org/
|
unknown
|
||
|
http://www.gnu.org/licenses/
|
unknown
|
||
|
http://www.remobjects.com/?psU
|
unknown
|
There are 5 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
csvskfe.net
|
185.208.158.202
|
|
|
|
steamcommunity.com
|
104.102.49.254
|
||
|
s-part-0017.t-0009.fb-t-msedge.net
|
13.107.253.45
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.208.158.202
|
csvskfe.net
|
Switzerland
|
|
|
|
104.102.49.254
|
steamcommunity.com
|
United States
|
||
|
89.105.201.183
|
unknown
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DP Free Video Converter_is1
|
Inno Setup: Setup Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DP Free Video Converter_is1
|
Inno Setup: App Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DP Free Video Converter_is1
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DP Free Video Converter_is1
|
Inno Setup: Icon Group
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DP Free Video Converter_is1
|
Inno Setup: User
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DP Free Video Converter_is1
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DP Free Video Converter_is1
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DP Free Video Converter_is1
|
QuietUninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DP Free Video Converter_is1
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DP Free Video Converter_is1
|
NoRepair
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DP Free Video Converter_is1
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\SmallTour
|
dp_free_video_converter_i46_11
|
There are 2 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2C27000
|
heap
|
page read and write
|
|
|
|
2CD1000
|
direct allocation
|
page execute and read and write
|
|
|
|
57F000
|
unkown
|
page execute and write copy
|
||
|
493000
|
unkown
|
page write copy
|
||
|
6A5000
|
unkown
|
page readonly
|
||
|
48AE000
|
stack
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
2294000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2EBB000
|
stack
|
page read and write
|
||
|
29E5000
|
heap
|
page read and write
|
||
|
40D000
|
unkown
|
page write copy
|
||
|
9C000
|
stack
|
page read and write
|
||
|
3110000
|
direct allocation
|
page read and write
|
||
|
235C000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
D10000
|
direct allocation
|
page read and write
|
||
|
2FFF000
|
stack
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
2188000
|
direct allocation
|
page read and write
|
||
|
2280000
|
heap
|
page read and write
|
||
|
D00000
|
direct allocation
|
page read and write
|
||
|
36D2000
|
heap
|
page read and write
|
||
|
29F9000
|
heap
|
page read and write
|
||
|
31AE000
|
stack
|
page read and write
|
||
|
17FC1455000
|
heap
|
page read and write
|
||
|
587000
|
unkown
|
page execute and write copy
|
||
|
22D0000
|
heap
|
page read and write
|
||
|
7CA000
|
heap
|
page read and write
|
||
|
22B4000
|
direct allocation
|
page read and write
|
||
|
A13000
|
heap
|
page read and write
|
||
|
84F000
|
heap
|
page read and write
|
||
|
17FC1400000
|
heap
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
354F000
|
stack
|
page read and write
|
||
|
2C1D000
|
stack
|
page read and write
|
||
|
96000
|
stack
|
page read and write
|
||
|
2198000
|
direct allocation
|
page read and write
|
||
|
2188000
|
direct allocation
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
338E000
|
heap
|
page read and write
|
||
|
17FC1C02000
|
trusted library allocation
|
page read and write
|
||
|
219B000
|
direct allocation
|
page read and write
|
||
|
69D000
|
unkown
|
page readonly
|
||
|
9B000
|
stack
|
page read and write
|
||
|
2494000
|
heap
|
page read and write
|
||
|
696000
|
heap
|
page read and write
|
||
|
2620000
|
direct allocation
|
page read and write
|
||
|
7DE000
|
stack
|
page read and write
|
||
|
2188000
|
direct allocation
|
page read and write
|
||
|
826000
|
heap
|
page read and write
|
||
|
4A1000
|
unkown
|
page readonly
|
||
|
23B0000
|
direct allocation
|
page read and write
|
||
|
7E7000
|
heap
|
page read and write
|
||
|
49AE000
|
stack
|
page read and write
|
||
|
2169000
|
direct allocation
|
page read and write
|
||
|
7CE000
|
heap
|
page read and write
|
||
|
17FC1350000
|
heap
|
page read and write
|
||
|
24D0000
|
direct allocation
|
page read and write
|
||
|
4B17000
|
direct allocation
|
page read and write
|
||
|
21B8000
|
direct allocation
|
page read and write
|
||
|
69E397E000
|
stack
|
page read and write
|
||
|
17FC1402000
|
heap
|
page read and write
|
||
|
2260000
|
heap
|
page read and write
|
||
|
17FC1250000
|
heap
|
page read and write
|
||
|
22D9000
|
heap
|
page read and write
|
||
|
2930000
|
heap
|
page read and write
|
||
|
80B000
|
heap
|
page read and write
|
||
|
7E6000
|
heap
|
page read and write
|
||
|
22A1000
|
direct allocation
|
page read and write
|
||
|
869000
|
heap
|
page read and write
|
||
|
69E387E000
|
unkown
|
page readonly
|
||
|
A54000
|
heap
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
17FC1380000
|
trusted library allocation
|
page read and write
|
||
|
6B3000
|
unkown
|
page readonly
|
||
|
368F000
|
stack
|
page read and write
|
||
|
84E000
|
heap
|
page read and write
|
||
|
4370000
|
trusted library allocation
|
page read and write
|
||
|
3390000
|
heap
|
page read and write
|
||
|
577000
|
unkown
|
page execute and write copy
|
||
|
84E000
|
heap
|
page read and write
|
||
|
573000
|
unkown
|
page execute and write copy
|
||
|
17FC1413000
|
heap
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
22A0000
|
heap
|
page read and write
|
||
|
2290000
|
heap
|
page read and write
|
||
|
2294000
|
heap
|
page read and write
|
||
|
2490000
|
heap
|
page read and write
|
||
|
358E000
|
stack
|
page read and write
|
||
|
D20000
|
heap
|
page read and write
|
||
|
6C0000
|
heap
|
page read and write
|
||
|
D12000
|
direct allocation
|
page read and write
|
||
|
2790000
|
trusted library allocation
|
page read and write
|
||
|
33D7000
|
heap
|
page read and write
|
||
|
670000
|
direct allocation
|
page execute and read and write
|
||
|
56D000
|
unkown
|
page execute and write copy
|
||
|
633000
|
unkown
|
page write copy
|
||
|
2DBC000
|
stack
|
page read and write
|
||
|
306E000
|
stack
|
page read and write
|
||
|
2A10000
|
heap
|
page read and write
|
||
|
2A19000
|
heap
|
page read and write
|
||
|
17FC1439000
|
heap
|
page read and write
|
||
|
B4F000
|
stack
|
page read and write
|
||
|
17FC1270000
|
heap
|
page read and write
|
||
|
25A0000
|
direct allocation
|
page read and write
|
||
|
40B000
|
unkown
|
page write copy
|
||
|
69E318B000
|
stack
|
page read and write
|
||
|
17FC1502000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
3122000
|
direct allocation
|
page read and write
|
||
|
24D0000
|
direct allocation
|
page read and write
|
||
|
2168000
|
direct allocation
|
page read and write
|
||
|
63D000
|
unkown
|
page readonly
|
||
|
B5F000
|
stack
|
page read and write
|
||
|
2176000
|
direct allocation
|
page read and write
|
||
|
3317000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2A42000
|
heap
|
page read and write
|
||
|
4A0000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
17FC1443000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
8DF000
|
stack
|
page read and write
|
||
|
2165000
|
direct allocation
|
page read and write
|
||
|
3715000
|
heap
|
page read and write
|
||
|
344E000
|
stack
|
page read and write
|
||
|
40B000
|
unkown
|
page read and write
|
||
|
A19000
|
heap
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
2EFE000
|
stack
|
page read and write
|
||
|
56F000
|
unkown
|
page execute and write copy
|
||
|
411000
|
unkown
|
page readonly
|
||
|
69E377D000
|
stack
|
page read and write
|
||
|
69E3A7E000
|
unkown
|
page readonly
|
||
|
2D0A000
|
direct allocation
|
page execute and read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
331F000
|
heap
|
page read and write
|
||
|
217C000
|
direct allocation
|
page read and write
|
||
|
4B10000
|
direct allocation
|
page read and write
|
||
|
22A1000
|
direct allocation
|
page read and write
|
||
|
4AFF000
|
stack
|
page read and write
|
||
|
3110000
|
direct allocation
|
page read and write
|
||
|
2ADE000
|
stack
|
page read and write
|
||
|
583000
|
unkown
|
page execute and write copy
|
||
|
3328000
|
heap
|
page read and write
|
||
|
2360000
|
heap
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
45FF000
|
stack
|
page read and write
|
||
|
635000
|
unkown
|
page write copy
|
||
|
58F000
|
unkown
|
page execute and write copy
|
||
|
665000
|
unkown
|
page readonly
|
||
|
18D000
|
stack
|
page read and write
|
||
|
33DA000
|
heap
|
page read and write
|
||
|
960000
|
heap
|
page read and write
|
||
|
3348000
|
heap
|
page read and write
|
||
|
3690000
|
heap
|
page read and write
|
||
|
246E000
|
stack
|
page read and write
|
||
|
411000
|
unkown
|
page readonly
|
||
|
24B1000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page execute and read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
316F000
|
stack
|
page read and write
|
||
|
811000
|
heap
|
page read and write
|
||
|
597000
|
unkown
|
page execute and write copy
|
||
|
3314000
|
heap
|
page read and write
|
||
|
2290000
|
direct allocation
|
page read and write
|
||
|
25AB000
|
direct allocation
|
page read and write
|
||
|
44BF000
|
stack
|
page read and write
|
||
|
2340000
|
direct allocation
|
page read and write
|
||
|
10002000
|
unkown
|
page readonly
|
||
|
589000
|
unkown
|
page execute and write copy
|
||
|
4AA000
|
heap
|
page read and write
|
||
|
8F0000
|
heap
|
page read and write
|
||
|
69E3F7E000
|
stack
|
page read and write
|
||
|
2A01000
|
heap
|
page read and write
|
||
|
826000
|
heap
|
page read and write
|
||
|
A5B000
|
heap
|
page read and write
|
||
|
490000
|
unkown
|
page read and write
|
||
|
40B000
|
unkown
|
page execute and read and write
|
||
|
599000
|
unkown
|
page execute and write copy
|
||
|
17FC142B000
|
heap
|
page read and write
|
||
|
32AE000
|
stack
|
page read and write
|
||
|
2188000
|
direct allocation
|
page read and write
|
||
|
2B1E000
|
stack
|
page read and write
|
||
|
950000
|
heap
|
page read and write
|
||
|
A41000
|
heap
|
page read and write
|
||
|
33D2000
|
heap
|
page read and write
|
||
|
579000
|
unkown
|
page execute and write copy
|
||
|
22A8000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
22D5000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
968000
|
heap
|
page read and write
|
||
|
43BE000
|
stack
|
page read and write
|
||
|
490000
|
unkown
|
page write copy
|
||
|
93E000
|
stack
|
page read and write
|
||
|
440000
|
heap
|
page read and write
|
||
|
2160000
|
direct allocation
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
8ED000
|
stack
|
page read and write
|
||
|
44FE000
|
stack
|
page read and write
|
||
|
23A0000
|
heap
|
page read and write
|
||
|
4AE000
|
heap
|
page read and write
|
||
|
62F000
|
unkown
|
page readonly
|
||
|
866000
|
heap
|
page read and write
|
||
|
49FE000
|
stack
|
page read and write
|
||
|
CF0000
|
direct allocation
|
page read and write
|
||
|
69E407E000
|
unkown
|
page readonly
|
||
|
2370000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute and write copy
|
||
|
4A1000
|
unkown
|
page readonly
|
There are 204 hidden memdumps, click here to show them.