Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
iv2Mm5SEJF.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Draw Panel Cleaner 10.25.47\Draw Panel Cleaner 10.25.47.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Sigma Video Converter\is-02SS0.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Sigma Video Converter\is-3JQ4P.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Sigma Video Converter\is-4RR2F.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Sigma Video Converter\is-783NG.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Sigma Video Converter\is-9K7K3.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Sigma Video Converter\is-A0CCL.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Sigma Video Converter\is-ARDA9.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Sigma Video Converter\is-BPC4N.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Sigma Video Converter\is-BT44D.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Sigma Video Converter\is-C4SKQ.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Sigma Video Converter\is-DBBG7.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Sigma Video Converter\is-G6MP2.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Sigma Video Converter\is-HFR57.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Sigma Video Converter\is-IU0LB.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Sigma Video Converter\is-J7AJI.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Sigma Video Converter\is-KVVK2.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Sigma Video Converter\is-M3KHP.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Sigma Video Converter\is-MC48V.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Sigma Video Converter\is-U1UC2.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Sigma Video Converter\is-VSJ85.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Sigma Video Converter\libgcc_s_dw2-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Sigma Video Converter\libgdk-win32-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Sigma Video Converter\libgdk_pixbuf-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Sigma Video Converter\libgdkmm-2.4-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Sigma Video Converter\libglibmm-2.4-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Sigma Video Converter\libgmodule-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Sigma Video Converter\libgobject-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Sigma Video Converter\libgomp-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Sigma Video Converter\libintl-8.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Sigma Video Converter\libjpeg-8.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Sigma Video Converter\liblcms2-2.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Sigma Video Converter\libpango-1.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Sigma Video Converter\libpangocairo-1.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Sigma Video Converter\libpangoft2-1.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Sigma Video Converter\libpangomm-1.4-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Sigma Video Converter\libpangowin32-1.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Sigma Video Converter\libpixman-1-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Sigma Video Converter\librsvg-2-2.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Sigma Video Converter\libsigc-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Sigma Video Converter\libtiff-5.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Sigma Video Converter\sigmavideoconverter32_64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Sigma Video Converter\uninstall\is-G54RV.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Sigma Video Converter\uninstall\unins000.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-84H8I.tmp\_isetup\_RegDLL.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-84H8I.tmp\_isetup\_iscrypt.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-84H8I.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-ICEJ3.tmp\iv2Mm5SEJF.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\dr1025it47.dat
|
data
|
dropped
|
||
|
C:\ProgramData\dr1025rc47.dat
|
data
|
dropped
|
||
|
C:\ProgramData\dr1025resa.dat
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\ProgramData\dr1025resb.dat
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Sigma Video Converter\is-5ASRH.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Sigma Video Converter\is-8E2AL.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Sigma Video Converter\is-AO4E1.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Sigma Video Converter\is-BUQA8.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Sigma Video Converter\is-KAU6V.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Sigma Video Converter\is-P85R5.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Sigma Video Converter\is-U47N5.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Sigma Video Converter\is-VADGV.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Sigma Video Converter\libgraphite2.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Sigma Video Converter\libharfbuzz-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Sigma Video Converter\liblzma-5.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Sigma Video Converter\libpcre-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Sigma Video Converter\libpng16-16.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Sigma Video Converter\libwinpthread-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Sigma Video Converter\uninstall\unins000.dat
|
InnoSetup Log Sigma Video Converter, version 0x30, 5917 bytes, 579569\user, "C:\Users\user\AppData\Local\Sigma Video Converter"
|
dropped
|
||
|
C:\Users\user\AppData\Local\Sigma Video Converter\zlib1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-84H8I.tmp\_isetup\_shfoldr.dll
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
There are 60 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\iv2Mm5SEJF.exe
|
"C:\Users\user\Desktop\iv2Mm5SEJF.exe"
|
|
|
|
C:\Users\user\AppData\Local\Sigma Video Converter\sigmavideoconverter32_64.exe
|
"C:\Users\user\AppData\Local\Sigma Video Converter\sigmavideoconverter32_64.exe" -i
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-ICEJ3.tmp\iv2Mm5SEJF.tmp
|
"C:\Users\user\AppData\Local\Temp\is-ICEJ3.tmp\iv2Mm5SEJF.tmp" /SL5="$20440,3877545,54272,C:\Users\user\Desktop\iv2Mm5SEJF.exe"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://bxxfdpb.com/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f271ea771795af8e05c444db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf618c1e9909833
|
185.208.158.202
|
|
|
|
bxxfdpb.com
|
|
||
|
http://bxxfdpb.com/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e89d874f845a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9c933acb6a941e
|
185.208.158.202
|
|
|
|
http://www.innosetup.com/
|
unknown
|
||
|
http://tukaani.org/
|
unknown
|
||
|
http://www.remobjects.com/psU
|
unknown
|
||
|
http://tukaani.org/xz/
|
unknown
|
||
|
http://185.208.158.202/
|
unknown
|
||
|
http://mingw-w64.sourceforge.net/X
|
unknown
|
||
|
http://www.remobjects.com/ps
|
unknown
|
||
|
http://fsf.org/
|
unknown
|
||
|
http://185.208.158.202/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82d
|
unknown
|
||
|
http://185.208.158.202/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e89d8
|
unknown
|
||
|
http://www.gnu.org/licenses/
|
unknown
|
There are 4 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
bxxfdpb.com
|
185.208.158.202
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.208.158.202
|
bxxfdpb.com
|
Switzerland
|
|
|
|
89.105.201.183
|
unknown
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFiles0000
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFilesHash
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Sigma Video Converter_is1
|
Inno Setup: Setup Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Sigma Video Converter_is1
|
Inno Setup: App Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Sigma Video Converter_is1
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Sigma Video Converter_is1
|
Inno Setup: Icon Group
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Sigma Video Converter_is1
|
Inno Setup: User
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Sigma Video Converter_is1
|
Inno Setup: Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Sigma Video Converter_is1
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Sigma Video Converter_is1
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Sigma Video Converter_is1
|
QuietUninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Sigma Video Converter_is1
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Sigma Video Converter_is1
|
NoRepair
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Sigma Video Converter_is1
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Sigma Video Converter_is1
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\SigmaTuner
|
draw_panel_cleaner_i47_2
|
There are 9 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
26DB000
|
heap
|
page read and write
|
|
|
|
2C11000
|
direct allocation
|
page execute and read and write
|
|
|
|
72A000
|
heap
|
page read and write
|
||
|
6E1000
|
heap
|
page read and write
|
||
|
24D0000
|
heap
|
page read and write
|
||
|
24B0000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
72A000
|
heap
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
2138000
|
direct allocation
|
page read and write
|
||
|
703000
|
heap
|
page read and write
|
||
|
3636000
|
heap
|
page read and write
|
||
|
2633000
|
heap
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
96000
|
stack
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
363C000
|
heap
|
page read and write
|
||
|
72A000
|
heap
|
page read and write
|
||
|
20F0000
|
heap
|
page read and write
|
||
|
886000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
400000
|
unkown
|
page execute and read and write
|
||
|
22F4000
|
heap
|
page read and write
|
||
|
10002000
|
unkown
|
page readonly
|
||
|
575000
|
heap
|
page read and write
|
||
|
2110000
|
heap
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
2FFF000
|
stack
|
page read and write
|
||
|
5DAA000
|
direct allocation
|
page read and write
|
||
|
214C000
|
direct allocation
|
page read and write
|
||
|
2120000
|
direct allocation
|
page read and write
|
||
|
22F0000
|
heap
|
page read and write
|
||
|
5C10000
|
direct allocation
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
2158000
|
direct allocation
|
page read and write
|
||
|
5E42000
|
direct allocation
|
page read and write
|
||
|
342F000
|
stack
|
page read and write
|
||
|
830000
|
direct allocation
|
page read and write
|
||
|
3574000
|
heap
|
page read and write
|
||
|
5611000
|
heap
|
page read and write
|
||
|
2EFE000
|
stack
|
page read and write
|
||
|
59B000
|
unkown
|
page execute and write copy
|
||
|
2130000
|
direct allocation
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
593000
|
unkown
|
page execute and write copy
|
||
|
574000
|
heap
|
page read and write
|
||
|
703000
|
heap
|
page read and write
|
||
|
910000
|
direct allocation
|
page read and write
|
||
|
850000
|
direct allocation
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
5D9C000
|
direct allocation
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
25ED000
|
heap
|
page read and write
|
||
|
332E000
|
stack
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
5DA4000
|
direct allocation
|
page read and write
|
||
|
21F4000
|
direct allocation
|
page read and write
|
||
|
499000
|
unkown
|
page write copy
|
||
|
19D000
|
stack
|
page read and write
|
||
|
595000
|
unkown
|
page execute and write copy
|
||
|
574000
|
heap
|
page read and write
|
||
|
703000
|
heap
|
page read and write
|
||
|
35A7000
|
heap
|
page read and write
|
||
|
7BE000
|
stack
|
page read and write
|
||
|
58D000
|
unkown
|
page execute and write copy
|
||
|
574000
|
heap
|
page read and write
|
||
|
2270000
|
heap
|
page read and write
|
||
|
411000
|
unkown
|
page readonly
|
||
|
574000
|
heap
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
24F1000
|
heap
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute and write copy
|
||
|
401000
|
unkown
|
page execute read
|
||
|
49B000
|
unkown
|
page read and write
|
||
|
3190000
|
trusted library allocation
|
page read and write
|
||
|
346E000
|
stack
|
page read and write
|
||
|
3190000
|
heap
|
page read and write
|
||
|
65D000
|
unkown
|
page readonly
|
||
|
36F4000
|
heap
|
page read and write
|
||
|
4AB000
|
unkown
|
page readonly
|
||
|
72F000
|
heap
|
page read and write
|
||
|
356F000
|
stack
|
page read and write
|
||
|
303E000
|
stack
|
page read and write
|
||
|
6EA000
|
heap
|
page read and write
|
||
|
64E000
|
unkown
|
page readonly
|
||
|
217F000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
988000
|
heap
|
page read and write
|
||
|
575000
|
heap
|
page read and write
|
||
|
6E4000
|
heap
|
page read and write
|
||
|
880000
|
heap
|
page read and write
|
||
|
3290000
|
direct allocation
|
page read and write
|
||
|
689000
|
heap
|
page read and write
|
||
|
72F000
|
heap
|
page read and write
|
||
|
2147000
|
direct allocation
|
page read and write
|
||
|
703000
|
heap
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
680000
|
heap
|
page read and write
|
||
|
30F0000
|
direct allocation
|
page read and write
|
||
|
72F000
|
heap
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
214C000
|
direct allocation
|
page read and write
|
||
|
40D000
|
unkown
|
page write copy
|
||
|
574000
|
heap
|
page read and write
|
||
|
72F000
|
heap
|
page read and write
|
||
|
3633000
|
heap
|
page read and write
|
||
|
71E000
|
heap
|
page read and write
|
||
|
26C0000
|
heap
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
719000
|
heap
|
page read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
631000
|
unkown
|
page write copy
|
||
|
40B000
|
unkown
|
page execute and read and write
|
||
|
328E000
|
stack
|
page read and write
|
||
|
72F000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
40B000
|
unkown
|
page write copy
|
||
|
574000
|
heap
|
page read and write
|
||
|
2160000
|
direct allocation
|
page read and write
|
||
|
2430000
|
direct allocation
|
page read and write
|
||
|
3251000
|
heap
|
page read and write
|
||
|
31CD000
|
heap
|
page read and write
|
||
|
32EE000
|
stack
|
page read and write
|
||
|
3251000
|
heap
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
2148000
|
direct allocation
|
page read and write
|
||
|
3251000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2690000
|
heap
|
page read and write
|
||
|
890000
|
direct allocation
|
page read and write
|
||
|
62E000
|
unkown
|
page readonly
|
||
|
72A000
|
heap
|
page read and write
|
||
|
2260000
|
heap
|
page read and write
|
||
|
2C4A000
|
direct allocation
|
page execute and read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
574000
|
heap
|
page read and write
|
||
|
74B000
|
heap
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
5DA0000
|
direct allocation
|
page read and write
|
||
|
860000
|
direct allocation
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
216C000
|
direct allocation
|
page read and write
|
||
|
591000
|
unkown
|
page execute and write copy
|
||
|
2140000
|
direct allocation
|
page read and write
|
||
|
739000
|
heap
|
page read and write
|
||
|
265C000
|
stack
|
page read and write
|
||
|
A32000
|
heap
|
page read and write
|
||
|
A59000
|
heap
|
page read and write
|
||
|
72A000
|
heap
|
page read and write
|
||
|
690000
|
direct allocation
|
page execute and read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
980000
|
heap
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
318E000
|
stack
|
page read and write
|
||
|
40B000
|
unkown
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
633000
|
unkown
|
page write copy
|
||
|
2124000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
243B000
|
direct allocation
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
590F000
|
stack
|
page read and write
|
||
|
6CB000
|
heap
|
page read and write
|
||
|
30FE000
|
direct allocation
|
page read and write
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
2C0E000
|
stack
|
page read and write
|
||
|
5610000
|
heap
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
A38000
|
heap
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
2144000
|
direct allocation
|
page read and write
|
||
|
685000
|
heap
|
page read and write
|
||
|
2131000
|
direct allocation
|
page read and write
|
||
|
3251000
|
heap
|
page read and write
|
||
|
63B000
|
unkown
|
page readonly
|
||
|
332E000
|
stack
|
page read and write
|
||
|
18E000
|
stack
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
261F000
|
heap
|
page read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
22E0000
|
direct allocation
|
page read and write
|
||
|
363F000
|
heap
|
page read and write
|
||
|
852000
|
direct allocation
|
page read and write
|
||
|
5DA2000
|
direct allocation
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
A77000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
574000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
5E65000
|
direct allocation
|
page read and write
|
||
|
6AA000
|
heap
|
page read and write
|
||
|
2DBB000
|
stack
|
page read and write
|
||
|
2360000
|
direct allocation
|
page read and write
|
||
|
2642000
|
heap
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
6AE000
|
heap
|
page read and write
|
||
|
4AB000
|
unkown
|
page readonly
|
||
|
570000
|
heap
|
page read and write
|
||
|
6E4000
|
heap
|
page read and write
|
||
|
49A000
|
unkown
|
page write copy
|
||
|
574000
|
heap
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
5D9E000
|
direct allocation
|
page read and write
|
||
|
58F000
|
unkown
|
page execute and write copy
|
||
|
574000
|
heap
|
page read and write
|
||
|
580F000
|
stack
|
page read and write
|
||
|
3670000
|
heap
|
page read and write
|
||
|
3251000
|
heap
|
page read and write
|
||
|
3251000
|
heap
|
page read and write
|
||
|
217C000
|
direct allocation
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
30F0000
|
direct allocation
|
page read and write
|
||
|
703000
|
heap
|
page read and write
|
||
|
4D0000
|
heap
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
6F8000
|
heap
|
page read and write
|
||
|
731000
|
heap
|
page read and write
|
||
|
840000
|
direct allocation
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
31D0000
|
heap
|
page read and write
|
||
|
27B0000
|
trusted library allocation
|
page read and write
|
||
|
35EC000
|
heap
|
page read and write
|
||
|
261E000
|
stack
|
page read and write
|
||
|
6EE000
|
heap
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
499000
|
unkown
|
page read and write
|
||
|
2420000
|
heap
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
2360000
|
direct allocation
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
313F000
|
stack
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
22E0000
|
direct allocation
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
5E56000
|
direct allocation
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
27C0000
|
heap
|
page read and write
|
||
|
B7D000
|
stack
|
page read and write
|
||
|
411000
|
unkown
|
page readonly
|
||
|
49D000
|
unkown
|
page write copy
|
||
|
574000
|
heap
|
page read and write
|
There are 246 hidden memdumps, click here to show them.