Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.Trojan.Siggen21.62491.4036.26173.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Temp\tm_starter_dir\TMLauncher.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
 |
|
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\TurboMeeting.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\MagDetector.txt
|
ASCII text, with very long lines (320), with CRLF, CR line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\PCClient.zip
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\SVEDetector.txt
|
ASCII text, with very long lines (320), with CRLF, CR line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\TMInstaller.txt
|
ASCII text, with CRLF, CR line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\TMSetup.txt
|
ASCII text, with CRLF line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\rsp1024h.txt
|
ASCII text, with very long lines (459), with CRLF line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\tm_starter_dir\ClientDatabase
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tm_starter_dir\InstallService.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tm_starter_dir\PCStarter.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tm_starter_dir\PCStarterXP.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tm_starter_dir\Sss.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tm_starter_dir\TMDownloader.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tm_starter_dir\TMInstaller.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tm_starter_dir\TMRemover.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tm_starter_dir\TMResource.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tm_starter_dir\TMService.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tm_starter_dir\TurboMeeting.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tm_starter_dir\TurboMeeting.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tm_starter_dir\dbghelp.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tm_starter_dir\dictionary_client_CHI.tmd
|
Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tm_starter_dir\dictionary_client_CHIT.tmd
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tm_starter_dir\dictionary_client_DTH.tmd
|
Unicode text, UTF-8 text, with very long lines (548), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tm_starter_dir\dictionary_client_ENG.tmd
|
Unicode text, UTF-8 text, with very long lines (549), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tm_starter_dir\dictionary_client_FRE.tmd
|
Unicode text, UTF-8 text, with very long lines (640), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tm_starter_dir\dictionary_client_GER.tmd
|
Unicode text, UTF-8 text, with very long lines (554), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tm_starter_dir\dictionary_client_ITA.tmd
|
Unicode text, UTF-8 text, with very long lines (545), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tm_starter_dir\dictionary_client_JPN.tmd
|
Unicode text, UTF-8 text, with very long lines (317), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tm_starter_dir\dictionary_client_PRT.tmd
|
Unicode text, UTF-8 text, with very long lines (371), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tm_starter_dir\dictionary_client_SPA.tmd
|
Unicode text, UTF-8 text, with very long lines (616), with CRLF, CR line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tm_starter_dir\dictionary_client_TUR.tmd
|
Unicode text, UTF-8 text, with very long lines (555), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tm_starter_dir\image\ApplicationIcon.ico
|
MS Windows icon resource - 6 icons, 48x48, 8 bits/pixel, 32x32, 8 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tm_starter_dir\image\CTMeeting.ico
|
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tm_starter_dir\image\DummyWebcam.png
|
PNG image data, 64 x 64, 8-bit/color RGB, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tm_starter_dir\image\IMDefault.png
|
PNG image data, 56 x 56, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tm_starter_dir\image\MXmeeting.ico
|
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tm_starter_dir\image\ProfileInfoDialogBackground.bmp
|
PC bitmap, Windows 3.x format, 1 x 98 x 24, image size 394, resolution 2834 x 2834 px/m, cbSize 448, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tm_starter_dir\image\Separator1.png
|
PNG image data, 266 x 9, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tm_starter_dir\image\SeperatorLine.png
|
PNG image data, 260 x 1, 8-bit/color RGB, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tm_starter_dir\image\TurboMeetingWatermark.png
|
PNG image data, 274 x 312, 8-bit/color RGBA, interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tm_starter_dir\image\Ymeetee.ico
|
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tm_starter_dir\jsproxy.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tm_starter_dir\rsp1024hcmd.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tm_starter_dir\version.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tm_starter_dir\vistafunc.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TurboMeeting\TurboMeeting Start Meeting.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working
directory, Has command line arguments, Icon number=0, Archive, ctime=Thu Apr 18 03:25:36 2024, mtime=Thu Apr 18 05:15:10 2024,
atime=Thu Apr 18 03:25:31 2024, length=18097912, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TurboMeeting\TurboMeeting Uninstall.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\PCStarter.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\TMInstaller.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\TMLauncher.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\TMRemover.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\Cache.xml
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\ClientDatabase
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\Configure.xml
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\HookDLL\TM1713420902.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\HookDLL\TM1713420903.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\HookDLL\TM1713420905.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\InstallService.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\PCStarter.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\PCStarterXP.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\Sss.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\TMDownloader.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\TMInstaller.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\TMLauncher.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\TMRemover.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\TMResource.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\TMService.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\TurboMeeting.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\accessory_status.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\dbghelp.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\dictionary_client_CHI.tmd
|
Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\dictionary_client_CHIT.tmd
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\dictionary_client_DTH.tmd
|
Unicode text, UTF-8 text, with very long lines (548), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\dictionary_client_ENG.tmd
|
Unicode text, UTF-8 text, with very long lines (549), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\dictionary_client_FRE.tmd
|
Unicode text, UTF-8 text, with very long lines (640), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\dictionary_client_GER.tmd
|
Unicode text, UTF-8 text, with very long lines (554), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\dictionary_client_ITA.tmd
|
Unicode text, UTF-8 text, with very long lines (545), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\dictionary_client_JPN.tmd
|
Unicode text, UTF-8 text, with very long lines (317), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\dictionary_client_PRT.tmd
|
Unicode text, UTF-8 text, with very long lines (371), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\dictionary_client_SPA.tmd
|
Unicode text, UTF-8 text, with very long lines (616), with CRLF, CR line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\dictionary_client_TUR.tmd
|
Unicode text, UTF-8 text, with very long lines (555), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\image\ApplicationIcon.ico
|
MS Windows icon resource - 6 icons, 48x48, 8 bits/pixel, 32x32, 8 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\image\CTMeeting.ico
|
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\image\DummyWebcam.png
|
PNG image data, 64 x 64, 8-bit/color RGB, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\image\IMDefault.png
|
PNG image data, 56 x 56, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\image\MXmeeting.ico
|
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\image\ProfileInfoDialogBackground.bmp
|
PC bitmap, Windows 3.x format, 1 x 98 x 24, image size 394, resolution 2834 x 2834 px/m, cbSize 448, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\image\Separator1.png
|
PNG image data, 266 x 9, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\image\SeperatorLine.png
|
PNG image data, 260 x 1, 8-bit/color RGB, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\image\TurboMeetingWatermark.png
|
PNG image data, 274 x 312, 8-bit/color RGBA, interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\image\Ymeetee.ico
|
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\jsproxy.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\rsp1024hcmd.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\setup_status.txt
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\version.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\vistafunc.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\Desktop\TurboMeeting.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working
directory, Has command line arguments, Icon number=0, Archive, ctime=Thu Apr 18 03:25:36 2024, mtime=Thu Apr 18 05:15:05 2024,
atime=Thu Apr 18 03:25:31 2024, length=18097912, window=hide
|
dropped
|
There are 89 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.62491.4036.26173.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen21.62491.4036.26173.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\tm_starter_dir\TMLauncher.exe
|
"C:\Users\user\AppData\Local\Temp\tm_starter_dir\TMLauncher.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\TurboMeeting.exe
|
"C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\TurboMeeting.exe" --program C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\rsp1024hcmd.txt
|
|
|
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\TurboMeeting.exe
|
TurboMeeting.exe --MagDetect
|
|
|
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\TurboMeeting.exe
|
TurboMeeting.exe --VSEDetect
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.rhubcom.comRHUB
|
unknown
|
||
|
http://%s:%d/MeetingRegistration/user/update-meeting-info.php?sp=%s
|
unknown
|
||
|
http://ocsp.sectigo.com0
|
unknown
|
||
|
https://support.lockwoodbroadcast.com/as/wapi/get_client_size?client_type=0&xml_format=Y&client=pc&m
|
unknown
|
||
|
https://support.lockwoodbroadcast.com/as/wapi/get_client?client_type=0&client=pc&myrand11262017=1s4z
|
unknown
|
||
|
http://www.rhubcom.com.T
|
unknown
|
||
|
https://support.lockwoodbroadcast.com/as/wapi/get_client_size?client_type=0&xml_format=Y&client=pc&myrand11262017=fsOpyNl7RRDmyVQ8cYMYTocPl4347283&rdm=1713420883
|
8.18.62.6
|
||
|
http://ocsp.thawte.com0
|
unknown
|
||
|
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
|
unknown
|
||
|
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
|
unknown
|
||
|
https://mail.google.com/mail/u/0/?view=cm&fs=1&tf=1&to&su=https://compose.mail.yahoo.com/?To=&Subj=(
|
unknown
|
||
|
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
|
unknown
|
||
|
http://%s/forumpost.php?euid=%s&cuid=%s&first_name=%s&last_name=%s&from_server_ip=%s&timer_id=%sPMai
|
unknown
|
||
|
http://%s%shttp://%shttps://%s%shttps://%shttp://%s:%d%shttp://%s:%drhubcom.comgomeetnow.com.turbome
|
unknown
|
||
|
https://www.google.com/calendar/render?action=TEMPLATE&text=
|
unknown
|
||
|
http://%s%shttps://%s%shttp://%s:%d%shttp://%s:%drhubcom.comgomeetnow.com.turbomeet.comgosupportnow.
|
unknown
|
||
|
https://support.lockwoodbroadcast.com/
|
unknown
|
||
|
http://tools.ietf.org/html/draft-ietf-avtext-framemarking-07
|
unknown
|
||
|
http://%s/forumpost.php?euid=%s&cuid=%s&first_name=%s&last_name=%s&from_server_ip=%s&timer_id=%s
|
unknown
|
||
|
http://%s:%d/MeetingRegistration/user/update-meeting-info.php?sp=%ssURL
|
unknown
|
||
|
http://crl.thawte.com/ThawteTimestampingCA.crl0
|
unknown
|
||
|
https://streams.videolan.org/upload/
|
unknown
|
||
|
http://crl.thawte.com/ThawtePCA.crl0
|
unknown
|
||
|
http://www.rhubcom.
|
unknown
|
||
|
http://www.rhubcom.com
|
unknown
|
||
|
http://www.rhubcom.com0
|
unknown
|
||
|
https://sectigo.com/CPS0C
|
unknown
|
||
|
https://support.lockwoodbroadcast.com/as/wapi/get_client?client_type=0&client=pc&myrand11262017=1s4z4AVItfvg3fyyYjjDdD6L2c347284&rdm=1713420884
|
8.18.62.6
|
||
|
https://compose.mail.yahoo.com/?To=&Subj=
|
unknown
|
||
|
http://https://https://%shttp://%sPCGUI.CInviteAttendee_::OnInitDialog.JoinMessage2PCGUI.CInviteAtte
|
unknown
|
||
|
https://mail.google.com/mail/u/0/?view=cm&fs=1&tf=1&to&su=
|
unknown
|
There are 21 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
support.lockwoodbroadcast.com
|
8.18.62.6
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
8.18.62.6
|
support.lockwoodbroadcast.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\TurboMeeting
|
NULL
|
||
|
HKEY_CURRENT_USER_Classes\TurboMeeting
|
NULL
|
||
|
HKEY_CURRENT_USER_Classes\TurboMeeting
|
URL Protocol
|
||
|
HKEY_CURRENT_USER_Classes\TurboMeeting\shell\open\command
|
NULL
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\TurboMeeting
|
WarnOnOpen
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TurboMeeting
|
DisplayIcon
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TurboMeeting
|
DisplayName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TurboMeeting
|
DisplayVersion
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TurboMeeting
|
Publisher
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TurboMeeting
|
URLInfoAbout
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TurboMeeting
|
EstimatedSize
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TurboMeeting
|
UninstallString
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TurboMeeting
|
Inno Setup: Icon Group
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Users\user\AppData\Roaming\TurboMeeting\TurboMeeting\TurboMeeting.exe
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
998E000
|
heap
|
page read and write
|
||
|
F13000
|
heap
|
page read and write
|
||
|
41F1000
|
heap
|
page read and write
|
||
|
1040E000
|
heap
|
page read and write
|
||
|
14D1000
|
unkown
|
page execute read
|
||
|
CC74000
|
heap
|
page read and write
|
||
|
1920000
|
unkown
|
page read and write
|
||
|
D554000
|
heap
|
page read and write
|
||
|
D75C000
|
heap
|
page read and write
|
||
|
CC94000
|
heap
|
page read and write
|
||
|
70E000
|
heap
|
page read and write
|
||
|
2C70000
|
trusted library allocation
|
page read and write
|
||
|
CCA4000
|
heap
|
page read and write
|
||
|
98D0000
|
heap
|
page read and write
|
||
|
EA9000
|
unkown
|
page read and write
|
||
|
6EC43000
|
unkown
|
page read and write
|
||
|
192F000
|
unkown
|
page read and write
|
||
|
440000
|
heap
|
page read and write
|
||
|
6EC45000
|
unkown
|
page readonly
|
||
|
435F000
|
stack
|
page read and write
|
||
|
4120000
|
heap
|
page read and write
|
||
|
2306000
|
heap
|
page read and write
|
||
|
993F000
|
heap
|
page read and write
|
||
|
1933000
|
unkown
|
page read and write
|
||
|
76E000
|
stack
|
page read and write
|
||
|
E01000
|
unkown
|
page execute read
|
||
|
2CEE000
|
stack
|
page read and write
|
||
|
98B3000
|
heap
|
page read and write
|
||
|
1920000
|
unkown
|
page read and write
|
||
|
2ABE000
|
stack
|
page read and write
|
||
|
14D1000
|
unkown
|
page execute read
|
||
|
6FC3000
|
stack
|
page read and write
|
||
|
C0CF000
|
heap
|
page read and write
|
||
|
9909000
|
heap
|
page read and write
|
||
|
3E23000
|
heap
|
page read and write
|
||
|
CC5F000
|
heap
|
page read and write
|
||
|
4D6000
|
heap
|
page read and write
|
||
|
1914000
|
unkown
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
6EC31000
|
unkown
|
page execute read
|
||
|
1915000
|
unkown
|
page write copy
|
||
|
D080000
|
heap
|
page read and write
|
||
|
2891000
|
heap
|
page read and write
|
||
|
CC2B000
|
heap
|
page read and write
|
||
|
98AB000
|
heap
|
page read and write
|
||
|
3470000
|
heap
|
page read and write
|
||
|
221A000
|
heap
|
page read and write
|
||
|
2990000
|
trusted library allocation
|
page read and write
|
||
|
DA0000
|
heap
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
1904000
|
unkown
|
page read and write
|
||
|
CD5C000
|
heap
|
page read and write
|
||
|
7C4000
|
heap
|
page read and write
|
||
|
190A000
|
unkown
|
page write copy
|
||
|
4E6E000
|
stack
|
page read and write
|
||
|
36CA000
|
heap
|
page read and write
|
||
|
72C000
|
heap
|
page read and write
|
||
|
6EC45000
|
unkown
|
page readonly
|
||
|
4EAB000
|
stack
|
page read and write
|
||
|
45D1000
|
heap
|
page read and write
|
||
|
1150E000
|
heap
|
page read and write
|
||
|
7EE000
|
stack
|
page read and write
|
||
|
60BE000
|
stack
|
page read and write
|
||
|
C7E1000
|
heap
|
page read and write
|
||
|
7285000
|
heap
|
page read and write
|
||
|
F0B000
|
heap
|
page read and write
|
||
|
718000
|
heap
|
page read and write
|
||
|
72C000
|
heap
|
page read and write
|
||
|
4176000
|
heap
|
page read and write
|
||
|
98F0000
|
heap
|
page read and write
|
||
|
EA1000
|
unkown
|
page write copy
|
||
|
6EC43000
|
unkown
|
page read and write
|
||
|
2B20000
|
remote allocation
|
page read and write
|
||
|
6EC30000
|
unkown
|
page readonly
|
||
|
BF65000
|
heap
|
page read and write
|
||
|
F31000
|
heap
|
page read and write
|
||
|
A75E000
|
heap
|
page read and write
|
||
|
CD54000
|
heap
|
page read and write
|
||
|
2289000
|
heap
|
page read and write
|
||
|
98BB000
|
heap
|
page read and write
|
||
|
22F9000
|
heap
|
page read and write
|
||
|
984F000
|
heap
|
page read and write
|
||
|
726000
|
heap
|
page read and write
|
||
|
41F7000
|
heap
|
page read and write
|
||
|
33D0000
|
heap
|
page read and write
|
||
|
48AF000
|
stack
|
page read and write
|
||
|
9860000
|
heap
|
page read and write
|
||
|
597000
|
heap
|
page read and write
|
||
|
22F0000
|
heap
|
page read and write
|
||
|
7264000
|
heap
|
page read and write
|
||
|
16C2000
|
unkown
|
page readonly
|
||
|
10494000
|
heap
|
page read and write
|
||
|
CB2E000
|
heap
|
page read and write
|
||
|
CB29000
|
heap
|
page read and write
|
||
|
190C000
|
unkown
|
page write copy
|
||
|
BDFC000
|
heap
|
page read and write
|
||
|
AD1000
|
unkown
|
page execute read
|
||
|
47E000
|
heap
|
page read and write
|
||
|
22F6000
|
heap
|
page read and write
|
||
|
8598000
|
heap
|
page read and write
|
||
|
1937000
|
unkown
|
page read and write
|
||
|
1802000
|
unkown
|
page readonly
|
||
|
2B5E000
|
stack
|
page read and write
|
||
|
36FF000
|
heap
|
page read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
228B000
|
heap
|
page read and write
|
||
|
F7F000
|
heap
|
page read and write
|
||
|
3FF0000
|
heap
|
page read and write
|
||
|
728000
|
heap
|
page read and write
|
||
|
41D3000
|
heap
|
page read and write
|
||
|
D55A000
|
heap
|
page read and write
|
||
|
D94D000
|
heap
|
page read and write
|
||
|
3FF1000
|
heap
|
page read and write
|
||
|
4C9000
|
heap
|
page read and write
|
||
|
98A3000
|
heap
|
page read and write
|
||
|
2210000
|
heap
|
page read and write
|
||
|
63A000
|
heap
|
page read and write
|
||
|
44D0000
|
heap
|
page read and write
|
||
|
9961000
|
heap
|
page read and write
|
||
|
CBF3000
|
heap
|
page read and write
|
||
|
102D0000
|
heap
|
page read and write
|
||
|
3420000
|
trusted library allocation
|
page read and write
|
||
|
C677000
|
heap
|
page read and write
|
||
|
280E000
|
stack
|
page read and write
|
||
|
4774000
|
heap
|
page read and write
|
||
|
213A000
|
stack
|
page read and write
|
||
|
D53A000
|
heap
|
page read and write
|
||
|
240F000
|
stack
|
page read and write
|
||
|
21E5000
|
heap
|
page read and write
|
||
|
9922000
|
heap
|
page read and write
|
||
|
1C7000
|
heap
|
page read and write
|
||
|
44ED000
|
heap
|
page read and write
|
||
|
5FBC000
|
stack
|
page read and write
|
||
|
F7F000
|
heap
|
page read and write
|
||
|
7C4000
|
heap
|
page read and write
|
||
|
D4E000
|
unkown
|
page readonly
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
CB4A000
|
heap
|
page read and write
|
||
|
6EC31000
|
unkown
|
page execute read
|
||
|
2286000
|
heap
|
page read and write
|
||
|
50EF000
|
stack
|
page read and write
|
||
|
D37000
|
unkown
|
page write copy
|
||
|
CB50000
|
heap
|
page read and write
|
||
|
C3A3000
|
heap
|
page read and write
|
||
|
1922000
|
unkown
|
page read and write
|
||
|
ACD000
|
stack
|
page read and write
|
||
|
44F0000
|
heap
|
page read and write
|
||
|
36B0000
|
heap
|
page read and write
|
||
|
6EC3D000
|
unkown
|
page readonly
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
3473000
|
heap
|
page read and write
|
||
|
60FE000
|
stack
|
page read and write
|
||
|
395E000
|
stack
|
page read and write
|
||
|
4AEA000
|
stack
|
page read and write
|
||
|
6F7000
|
heap
|
page read and write
|
||
|
2310000
|
heap
|
page read and write
|
||
|
9C0F000
|
heap
|
page read and write
|
||
|
7C4000
|
heap
|
page read and write
|
||
|
A1B6000
|
heap
|
page read and write
|
||
|
49AD000
|
stack
|
page read and write
|
||
|
193B000
|
unkown
|
page read and write
|
||
|
4830000
|
trusted library allocation
|
page read and write
|
||
|
1889000
|
unkown
|
page readonly
|
||
|
4B3000
|
heap
|
page read and write
|
||
|
1046E000
|
heap
|
page read and write
|
||
|
4D6A000
|
stack
|
page read and write
|
||
|
16C2000
|
unkown
|
page readonly
|
||
|
9936000
|
heap
|
page read and write
|
||
|
4221000
|
heap
|
page read and write
|
||
|
10247000
|
heap
|
page read and write
|
||
|
F7F000
|
heap
|
page read and write
|
||
|
AEA000
|
stack
|
page read and write
|
||
|
203B000
|
stack
|
page read and write
|
||
|
190C000
|
unkown
|
page write copy
|
||
|
D10000
|
unkown
|
page readonly
|
||
|
AFD9000
|
heap
|
page read and write
|
||
|
706000
|
heap
|
page read and write
|
||
|
2292000
|
heap
|
page read and write
|
||
|
D57A000
|
heap
|
page read and write
|
||
|
9A08000
|
heap
|
page read and write
|
||
|
1D9000
|
stack
|
page read and write
|
||
|
3BEE000
|
stack
|
page read and write
|
||
|
EB4000
|
unkown
|
page readonly
|
||
|
21D0000
|
heap
|
page read and write
|
||
|
74B000
|
stack
|
page read and write
|
||
|
68B000
|
heap
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
688000
|
heap
|
page read and write
|
||
|
D754000
|
heap
|
page read and write
|
||
|
F7F000
|
heap
|
page read and write
|
||
|
D551000
|
heap
|
page read and write
|
||
|
50DE000
|
heap
|
page read and write
|
||
|
20B6000
|
heap
|
page read and write
|
||
|
F00000
|
heap
|
page read and write
|
||
|
1178B000
|
heap
|
page read and write
|
||
|
7C4000
|
heap
|
page read and write
|
||
|
10472000
|
heap
|
page read and write
|
||
|
BC92000
|
heap
|
page read and write
|
||
|
1A8A000
|
unkown
|
page readonly
|
||
|
CBEB000
|
heap
|
page read and write
|
||
|
AA31000
|
heap
|
page read and write
|
||
|
225D000
|
heap
|
page read and write
|
||
|
230C000
|
heap
|
page read and write
|
||
|
AD05000
|
heap
|
page read and write
|
||
|
1802000
|
unkown
|
page readonly
|
||
|
CB32000
|
heap
|
page read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
98DB000
|
heap
|
page read and write
|
||
|
4BA000
|
heap
|
page read and write
|
||
|
1BB2000
|
unkown
|
page readonly
|
||
|
F67E000
|
heap
|
page read and write
|
||
|
CE95000
|
heap
|
page read and write
|
||
|
596000
|
heap
|
page read and write
|
||
|
7C4000
|
heap
|
page read and write
|
||
|
AD1000
|
unkown
|
page execute read
|
||
|
1089C000
|
heap
|
page read and write
|
||
|
991E000
|
heap
|
page read and write
|
||
|
4782000
|
heap
|
page read and write
|
||
|
98C1000
|
heap
|
page read and write
|
||
|
4BEC000
|
stack
|
page read and write
|
||
|
C950000
|
heap
|
page read and write
|
||
|
23F0000
|
heap
|
page read and write
|
||
|
1CD5000
|
unkown
|
page readonly
|
||
|
6EC31000
|
unkown
|
page execute read
|
||
|
7237000
|
heap
|
page read and write
|
||
|
1914000
|
unkown
|
page read and write
|
||
|
1915000
|
unkown
|
page write copy
|
||
|
3FF1000
|
heap
|
page read and write
|
||
|
BB28000
|
heap
|
page read and write
|
||
|
381E000
|
stack
|
page read and write
|
||
|
190B000
|
unkown
|
page read and write
|
||
|
190A000
|
unkown
|
page write copy
|
||
|
1802000
|
unkown
|
page readonly
|
||
|
2281000
|
heap
|
page read and write
|
||
|
41CA000
|
heap
|
page read and write
|
||
|
3D80000
|
trusted library allocation
|
page read and write
|
||
|
7C5000
|
heap
|
page read and write
|
||
|
4BEE000
|
stack
|
page read and write
|
||
|
5BFA000
|
stack
|
page read and write
|
||
|
3735000
|
heap
|
page read and write
|
||
|
903000
|
stack
|
page read and write
|
||
|
984A000
|
heap
|
page read and write
|
||
|
40DF000
|
stack
|
page read and write
|
||
|
21E9000
|
heap
|
page read and write
|
||
|
1889000
|
unkown
|
page readonly
|
||
|
1904000
|
unkown
|
page read and write
|
||
|
2C70000
|
trusted library allocation
|
page read and write
|
||
|
EA8000
|
unkown
|
page write copy
|
||
|
A320000
|
heap
|
page read and write
|
||
|
101C4000
|
heap
|
page read and write
|
||
|
988D000
|
heap
|
page read and write
|
||
|
3707000
|
heap
|
page read and write
|
||
|
98AE000
|
heap
|
page read and write
|
||
|
FCCF000
|
heap
|
page read and write
|
||
|
9783000
|
heap
|
page read and write
|
||
|
9941000
|
heap
|
page read and write
|
||
|
22DC000
|
heap
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
70BD000
|
stack
|
page read and write
|
||
|
9876000
|
heap
|
page read and write
|
||
|
D597000
|
heap
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
9756000
|
heap
|
page read and write
|
||
|
98FE000
|
heap
|
page read and write
|
||
|
E01000
|
unkown
|
page execute read
|
||
|
CBDE000
|
heap
|
page read and write
|
||
|
C60000
|
heap
|
page read and write
|
||
|
2490000
|
heap
|
page read and write
|
||
|
CBD4000
|
heap
|
page read and write
|
||
|
2301000
|
heap
|
page read and write
|
||
|
22EF000
|
heap
|
page read and write
|
||
|
AD0000
|
unkown
|
page readonly
|
||
|
C80000
|
heap
|
page read and write
|
||
|
EA1000
|
unkown
|
page write copy
|
||
|
CB30000
|
heap
|
page read and write
|
||
|
1941000
|
unkown
|
page read and write
|
||
|
104E1000
|
heap
|
page read and write
|
||
|
21A0000
|
heap
|
page read and write
|
||
|
75D0000
|
trusted library allocation
|
page read and write
|
||
|
A5F4000
|
heap
|
page read and write
|
||
|
221A000
|
heap
|
page read and write
|
||
|
190B000
|
unkown
|
page read and write
|
||
|
715000
|
heap
|
page read and write
|
||
|
718000
|
heap
|
page read and write
|
||
|
41EC000
|
heap
|
page read and write
|
||
|
41CD000
|
heap
|
page read and write
|
||
|
2251000
|
heap
|
page read and write
|
||
|
99A3000
|
heap
|
page read and write
|
||
|
2C70000
|
trusted library allocation
|
page read and write
|
||
|
AD0000
|
unkown
|
page readonly
|
||
|
7C4000
|
heap
|
page read and write
|
||
|
5D3E000
|
stack
|
page read and write
|
||
|
A48A000
|
heap
|
page read and write
|
||
|
44EE000
|
stack
|
page read and write
|
||
|
EB4000
|
unkown
|
page readonly
|
||
|
889000
|
heap
|
page read and write
|
||
|
3E20000
|
heap
|
page read and write
|
||
|
1910000
|
unkown
|
page read and write
|
||
|
9934000
|
heap
|
page read and write
|
||
|
F366000
|
heap
|
page read and write
|
||
|
522000
|
heap
|
page read and write
|
||
|
11708000
|
heap
|
page read and write
|
||
|
6F7000
|
heap
|
page read and write
|
||
|
C50D000
|
heap
|
page read and write
|
||
|
43EE000
|
stack
|
page read and write
|
||
|
193B000
|
unkown
|
page read and write
|
||
|
2335000
|
heap
|
page read and write
|
||
|
7C4000
|
heap
|
page read and write
|
||
|
3A9B000
|
stack
|
page read and write
|
||
|
68F000
|
heap
|
page read and write
|
||
|
4140000
|
heap
|
page read and write
|
||
|
9898000
|
heap
|
page read and write
|
||
|
2891000
|
heap
|
page read and write
|
||
|
D570000
|
heap
|
page read and write
|
||
|
41CA000
|
heap
|
page read and write
|
||
|
4FAD000
|
stack
|
page read and write
|
||
|
7C4000
|
heap
|
page read and write
|
||
|
CD11000
|
heap
|
page read and write
|
||
|
4240000
|
trusted library allocation
|
page read and write
|
||
|
8E5F000
|
heap
|
page read and write
|
||
|
3732000
|
heap
|
page read and write
|
||
|
986E000
|
heap
|
page read and write
|
||
|
C4D000
|
stack
|
page read and write
|
||
|
98B0000
|
heap
|
page read and write
|
||
|
F7F000
|
heap
|
page read and write
|
||
|
9FC000
|
stack
|
page read and write
|
||
|
450000
|
heap
|
page read and write
|
||
|
F7F000
|
heap
|
page read and write
|
||
|
AD0000
|
unkown
|
page readonly
|
||
|
42EE000
|
stack
|
page read and write
|
||
|
CCAB000
|
heap
|
page read and write
|
||
|
4760000
|
heap
|
page read and write
|
||
|
AA2000
|
stack
|
page read and write
|
||
|
1A8A000
|
unkown
|
page readonly
|
||
|
413C000
|
heap
|
page read and write
|
||
|
F7F000
|
heap
|
page read and write
|
||
|
DD50000
|
heap
|
page read and write
|
||
|
10396000
|
heap
|
page read and write
|
||
|
72D8000
|
heap
|
page read and write
|
||
|
2B20000
|
remote allocation
|
page read and write
|
||
|
192F000
|
unkown
|
page read and write
|
||
|
CD29000
|
heap
|
page read and write
|
||
|
44AE000
|
stack
|
page read and write
|
||
|
AD1000
|
unkown
|
page execute read
|
||
|
72A0000
|
heap
|
page read and write
|
||
|
937C000
|
heap
|
page read and write
|
||
|
F7F000
|
heap
|
page read and write
|
||
|
16C2000
|
unkown
|
page readonly
|
||
|
98C6000
|
heap
|
page read and write
|
||
|
2891000
|
heap
|
page read and write
|
||
|
D546000
|
heap
|
page read and write
|
||
|
E79000
|
unkown
|
page readonly
|
||
|
E00000
|
unkown
|
page readonly
|
||
|
4BB000
|
heap
|
page read and write
|
||
|
16C2000
|
unkown
|
page readonly
|
||
|
425E000
|
stack
|
page read and write
|
||
|
1933000
|
unkown
|
page read and write
|
||
|
1802000
|
unkown
|
page readonly
|
||
|
AE6F000
|
heap
|
page read and write
|
||
|
A80000
|
heap
|
page read and write
|
||
|
3B5E000
|
stack
|
page read and write
|
||
|
CC3B000
|
heap
|
page read and write
|
||
|
4460000
|
heap
|
page read and write
|
||
|
7C4000
|
heap
|
page read and write
|
||
|
CB25000
|
heap
|
page read and write
|
||
|
CA1000
|
unkown
|
page execute read
|
||
|
10354000
|
heap
|
page read and write
|
||
|
41BC000
|
heap
|
page read and write
|
||
|
4C9000
|
heap
|
page read and write
|
||
|
6700000
|
trusted library allocation
|
page read and write
|
||
|
E79000
|
unkown
|
page readonly
|
||
|
16C2000
|
unkown
|
page readonly
|
||
|
1802000
|
unkown
|
page readonly
|
||
|
4192000
|
heap
|
page read and write
|
||
|
113A4000
|
heap
|
page read and write
|
||
|
CF48000
|
heap
|
page read and write
|
||
|
22D7000
|
heap
|
page read and write
|
||
|
CC6C000
|
heap
|
page read and write
|
||
|
98E2000
|
heap
|
page read and write
|
||
|
630000
|
heap
|
page read and write
|
||
|
686000
|
heap
|
page read and write
|
||
|
7C4000
|
heap
|
page read and write
|
||
|
CC0B000
|
heap
|
page read and write
|
||
|
1941000
|
unkown
|
page read and write
|
||
|
2B20000
|
remote allocation
|
page read and write
|
||
|
9982000
|
heap
|
page read and write
|
||
|
4220000
|
heap
|
page read and write
|
||
|
1047E000
|
heap
|
page read and write
|
||
|
21E0000
|
heap
|
page read and write
|
||
|
CDBE000
|
heap
|
page read and write
|
||
|
AD1000
|
unkown
|
page execute read
|
||
|
728000
|
heap
|
page read and write
|
||
|
F7F000
|
heap
|
page read and write
|
||
|
7C4000
|
heap
|
page read and write
|
||
|
1BB2000
|
unkown
|
page readonly
|
||
|
4C60000
|
heap
|
page read and write
|
||
|
61FF000
|
stack
|
page read and write
|
||
|
6EC43000
|
unkown
|
page read and write
|
||
|
977C000
|
heap
|
page read and write
|
||
|
1913000
|
unkown
|
page write copy
|
||
|
9963000
|
heap
|
page read and write
|
||
|
6AF0000
|
unkown
|
page read and write
|
||
|
20E3000
|
stack
|
page read and write
|
||
|
2255000
|
heap
|
page read and write
|
||
|
D10000
|
unkown
|
page readonly
|
||
|
1889000
|
unkown
|
page readonly
|
||
|
70AF000
|
stack
|
page read and write
|
||
|
9B5000
|
stack
|
page read and write
|
||
|
41DF000
|
heap
|
page read and write
|
||
|
287D000
|
stack
|
page read and write
|
||
|
9912000
|
heap
|
page read and write
|
||
|
D45000
|
heap
|
page read and write
|
||
|
190A000
|
unkown
|
page write copy
|
||
|
6EC30000
|
unkown
|
page readonly
|
||
|
670000
|
heap
|
page read and write
|
||
|
5BBD000
|
stack
|
page read and write
|
||
|
372A000
|
heap
|
page read and write
|
||
|
33C0000
|
heap
|
page read and write
|
||
|
B580000
|
heap
|
page read and write
|
||
|
AD1000
|
unkown
|
page execute read
|
||
|
1BB2000
|
unkown
|
page readonly
|
||
|
2990000
|
trusted library allocation
|
page read and write
|
||
|
CCDD000
|
heap
|
page read and write
|
||
|
D20000
|
heap
|
page read and write
|
||
|
2127000
|
stack
|
page read and write
|
||
|
7C4000
|
heap
|
page read and write
|
||
|
E254000
|
heap
|
page read and write
|
||
|
706000
|
heap
|
page read and write
|
||
|
441E000
|
stack
|
page read and write
|
||
|
373C000
|
heap
|
page read and write
|
||
|
4AAD000
|
stack
|
page read and write
|
||
|
CACE000
|
heap
|
page read and write
|
||
|
CB92000
|
heap
|
page read and write
|
||
|
1941000
|
unkown
|
page read and write
|
||
|
AD1000
|
unkown
|
page execute read
|
||
|
1904000
|
unkown
|
page write copy
|
||
|
2320000
|
heap
|
page read and write
|
||
|
1A8A000
|
unkown
|
page readonly
|
||
|
1937000
|
unkown
|
page read and write
|
||
|
AD0000
|
unkown
|
page readonly
|
||
|
9EE000
|
stack
|
page read and write
|
||
|
1A7D000
|
unkown
|
page read and write
|
||
|
44CF000
|
stack
|
page read and write
|
||
|
6EB000
|
heap
|
page read and write
|
||
|
14D1000
|
unkown
|
page execute read
|
||
|
983F000
|
heap
|
page read and write
|
||
|
3A60000
|
trusted library allocation
|
page read and write
|
||
|
CA1000
|
unkown
|
page execute read
|
||
|
68F000
|
heap
|
page read and write
|
||
|
10430000
|
heap
|
page read and write
|
||
|
486B000
|
stack
|
page read and write
|
||
|
98F3000
|
heap
|
page read and write
|
||
|
346A000
|
stack
|
page read and write
|
||
|
2267000
|
heap
|
page read and write
|
||
|
1802000
|
unkown
|
page readonly
|
||
|
7C4000
|
heap
|
page read and write
|
||
|
A70000
|
heap
|
page read and write
|
||
|
7288000
|
heap
|
page read and write
|
||
|
103B6000
|
heap
|
page read and write
|
||
|
462E000
|
stack
|
page read and write
|
||
|
4FB000
|
stack
|
page read and write
|
||
|
7C4000
|
heap
|
page read and write
|
||
|
3B1A000
|
stack
|
page read and write
|
||
|
9929000
|
heap
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
6F7000
|
heap
|
page read and write
|
||
|
270E000
|
stack
|
page read and write
|
||
|
470000
|
heap
|
page read and write
|
||
|
DF2D000
|
heap
|
page read and write
|
||
|
2309000
|
heap
|
page read and write
|
||
|
98B9000
|
heap
|
page read and write
|
||
|
1910000
|
unkown
|
page read and write
|
||
|
F7F000
|
heap
|
page read and write
|
||
|
7C4000
|
heap
|
page read and write
|
||
|
981E000
|
heap
|
page read and write
|
||
|
98F6000
|
heap
|
page read and write
|
||
|
1A89000
|
unkown
|
page read and write
|
||
|
3E30000
|
heap
|
page read and write
|
||
|
B2AD000
|
heap
|
page read and write
|
||
|
67D000
|
heap
|
page read and write
|
||
|
9892000
|
heap
|
page read and write
|
||
|
F7F000
|
heap
|
page read and write
|
||
|
1BB2000
|
unkown
|
page readonly
|
||
|
103A6000
|
heap
|
page read and write
|
||
|
CC23000
|
heap
|
page read and write
|
||
|
9866000
|
heap
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
D4E000
|
unkown
|
page readonly
|
||
|
726000
|
heap
|
page read and write
|
||
|
F7F000
|
heap
|
page read and write
|
||
|
AF4000
|
stack
|
page read and write
|
||
|
67B000
|
heap
|
page read and write
|
||
|
98C4000
|
heap
|
page read and write
|
||
|
1A8A000
|
unkown
|
page readonly
|
||
|
9EE2000
|
heap
|
page read and write
|
||
|
D624000
|
heap
|
page read and write
|
||
|
AB9B000
|
heap
|
page read and write
|
||
|
10555000
|
heap
|
page read and write
|
||
|
3E2E000
|
stack
|
page read and write
|
||
|
CC5C000
|
heap
|
page read and write
|
||
|
8085000
|
heap
|
page read and write
|
||
|
874A000
|
heap
|
page read and write
|
||
|
1069F000
|
heap
|
page read and write
|
||
|
2F59000
|
heap
|
page read and write
|
||
|
7C4000
|
heap
|
page read and write
|
||
|
3ADE000
|
stack
|
page read and write
|
||
|
7C4000
|
heap
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
2180000
|
heap
|
page read and write
|
||
|
CCD7000
|
heap
|
page read and write
|
||
|
70E000
|
heap
|
page read and write
|
||
|
98B6000
|
heap
|
page read and write
|
||
|
4141000
|
heap
|
page read and write
|
||
|
9904000
|
heap
|
page read and write
|
||
|
F03E000
|
heap
|
page read and write
|
||
|
1904000
|
unkown
|
page write copy
|
||
|
F7F000
|
heap
|
page read and write
|
||
|
16C2000
|
unkown
|
page readonly
|
||
|
2337000
|
heap
|
page read and write
|
||
|
411E000
|
stack
|
page read and write
|
||
|
1DBE000
|
stack
|
page read and write
|
||
|
1889000
|
unkown
|
page readonly
|
||
|
2170000
|
heap
|
page read and write
|
||
|
F7F000
|
heap
|
page read and write
|
||
|
7C4000
|
heap
|
page read and write
|
||
|
CD0F000
|
heap
|
page read and write
|
||
|
47AE000
|
stack
|
page read and write
|
||
|
2890000
|
heap
|
page read and write
|
||
|
F36000
|
heap
|
page read and write
|
||
|
86E000
|
stack
|
page read and write
|
||
|
5F7E000
|
stack
|
page read and write
|
||
|
D734000
|
heap
|
page read and write
|
||
|
190B000
|
unkown
|
page read and write
|
||
|
7297000
|
heap
|
page read and write
|
||
|
7C4000
|
heap
|
page read and write
|
||
|
98FC000
|
heap
|
page read and write
|
||
|
1922000
|
unkown
|
page read and write
|
||
|
CC08000
|
heap
|
page read and write
|
||
|
22FA000
|
heap
|
page read and write
|
||
|
D8000
|
stack
|
page read and write
|
||
|
B9BE000
|
heap
|
page read and write
|
||
|
4149000
|
heap
|
page read and write
|
||
|
391F000
|
stack
|
page read and write
|
||
|
44EE000
|
stack
|
page read and write
|
||
|
9855000
|
heap
|
page read and write
|
||
|
1CD5000
|
unkown
|
page readonly
|
||
|
29BE000
|
stack
|
page read and write
|
||
|
496E000
|
stack
|
page read and write
|
||
|
8D4F000
|
stack
|
page read and write
|
||
|
52B000
|
heap
|
page read and write
|
||
|
CF50000
|
heap
|
page read and write
|
||
|
9945000
|
heap
|
page read and write
|
||
|
7C4000
|
heap
|
page read and write
|
||
|
1C5000
|
heap
|
page read and write
|
||
|
9858000
|
heap
|
page read and write
|
||
|
7230000
|
heap
|
page read and write
|
||
|
4EF000
|
stack
|
page read and write
|
||
|
991A000
|
heap
|
page read and write
|
||
|
F7F000
|
heap
|
page read and write
|
||
|
D37000
|
unkown
|
page write copy
|
||
|
41ED000
|
stack
|
page read and write
|
||
|
1BB2000
|
unkown
|
page readonly
|
||
|
4A4000
|
stack
|
page read and write
|
||
|
20B0000
|
heap
|
page read and write
|
||
|
72C000
|
heap
|
page read and write
|
||
|
CC1A000
|
heap
|
page read and write
|
||
|
CF39000
|
heap
|
page read and write
|
||
|
43CE000
|
stack
|
page read and write
|
||
|
D549000
|
heap
|
page read and write
|
||
|
AD0000
|
unkown
|
page readonly
|
||
|
14D1000
|
unkown
|
page execute read
|
||
|
CE1F000
|
heap
|
page read and write
|
||
|
4131000
|
heap
|
page read and write
|
||
|
104B2000
|
heap
|
page read and write
|
||
|
706000
|
heap
|
page read and write
|
||
|
EAE000
|
unkown
|
page read and write
|
||
|
7C4000
|
heap
|
page read and write
|
||
|
F99000
|
heap
|
page read and write
|
||
|
CB45000
|
heap
|
page read and write
|
||
|
413B000
|
heap
|
page read and write
|
||
|
CCF9000
|
heap
|
page read and write
|
||
|
41D0000
|
heap
|
page read and write
|
||
|
522000
|
heap
|
page read and write
|
||
|
70CB000
|
stack
|
page read and write
|
||
|
1044E000
|
heap
|
page read and write
|
||
|
4D6000
|
heap
|
page read and write
|
||
|
2330000
|
heap
|
page read and write
|
||
|
105D9000
|
heap
|
page read and write
|
||
|
3CEE000
|
stack
|
page read and write
|
||
|
F9AC000
|
heap
|
page read and write
|
||
|
CBED000
|
heap
|
page read and write
|
||
|
46DE000
|
heap
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
103AA000
|
heap
|
page read and write
|
||
|
6AE000
|
stack
|
page read and write
|
||
|
CA0000
|
unkown
|
page readonly
|
||
|
98ED000
|
heap
|
page read and write
|
||
|
41D2000
|
heap
|
page read and write
|
||
|
98A5000
|
heap
|
page read and write
|
||
|
3DFC000
|
stack
|
page read and write
|
||
|
2A30000
|
heap
|
page read and write
|
||
|
999E000
|
heap
|
page read and write
|
||
|
F7F000
|
heap
|
page read and write
|
||
|
6EC30000
|
unkown
|
page readonly
|
||
|
CCC6000
|
heap
|
page read and write
|
||
|
CCDF000
|
heap
|
page read and write
|
||
|
9993000
|
heap
|
page read and write
|
||
|
5E7A000
|
stack
|
page read and write
|
||
|
3FDE000
|
stack
|
page read and write
|
||
|
522000
|
heap
|
page read and write
|
||
|
524E000
|
stack
|
page read and write
|
||
|
B143000
|
heap
|
page read and write
|
||
|
D6A8000
|
heap
|
page read and write
|
||
|
1BB2000
|
unkown
|
page readonly
|
||
|
2223000
|
heap
|
page read and write
|
||
|
1904000
|
unkown
|
page write copy
|
||
|
3D80000
|
trusted library allocation
|
page read and write
|
||
|
984C000
|
heap
|
page read and write
|
||
|
9977000
|
heap
|
page read and write
|
||
|
33F0000
|
heap
|
page read and write
|
||
|
A8C7000
|
heap
|
page read and write
|
||
|
D3C000
|
unkown
|
page read and write
|
||
|
885000
|
heap
|
page read and write
|
||
|
52B000
|
heap
|
page read and write
|
||
|
1063C000
|
heap
|
page read and write
|
||
|
9D78000
|
heap
|
page read and write
|
||
|
442E000
|
stack
|
page read and write
|
||
|
CEC5000
|
heap
|
page read and write
|
||
|
357F000
|
stack
|
page read and write
|
||
|
1040A000
|
heap
|
page read and write
|
||
|
EA6000
|
unkown
|
page read and write
|
||
|
D46000
|
unkown
|
page read and write
|
||
|
522000
|
heap
|
page read and write
|
||
|
2210000
|
heap
|
page read and write
|
||
|
41E8000
|
heap
|
page read and write
|
||
|
5E3E000
|
stack
|
page read and write
|
||
|
3A5F000
|
stack
|
page read and write
|
||
|
F7F000
|
heap
|
page read and write
|
||
|
CEE9000
|
heap
|
page read and write
|
||
|
8E4F000
|
stack
|
page read and write
|
||
|
9808000
|
heap
|
page read and write
|
||
|
108AD000
|
heap
|
page read and write
|
||
|
6470000
|
trusted library allocation
|
page read and write
|
||
|
14D1000
|
unkown
|
page execute read
|
||
|
724A000
|
heap
|
page read and write
|
||
|
2136000
|
stack
|
page read and write
|
||
|
C0E000
|
stack
|
page read and write
|
||
|
4D2E000
|
stack
|
page read and write
|
||
|
98E7000
|
heap
|
page read and write
|
||
|
103EA000
|
heap
|
page read and write
|
||
|
193B000
|
unkown
|
page read and write
|
||
|
1A8A000
|
unkown
|
page readonly
|
||
|
B854000
|
heap
|
page read and write
|
||
|
4FEE000
|
stack
|
page read and write
|
||
|
D557000
|
heap
|
page read and write
|
||
|
6EC45000
|
unkown
|
page readonly
|
||
|
718000
|
heap
|
page read and write
|
||
|
1043C000
|
heap
|
page read and write
|
||
|
A04C000
|
heap
|
page read and write
|
||
|
CC03000
|
heap
|
page read and write
|
||
|
1913000
|
unkown
|
page write copy
|
||
|
F7F000
|
heap
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
190C000
|
unkown
|
page write copy
|
||
|
45D0000
|
heap
|
page read and write
|
||
|
726000
|
heap
|
page read and write
|
||
|
104F7000
|
heap
|
page read and write
|
||
|
4141000
|
heap
|
page read and write
|
||
|
7C4000
|
heap
|
page read and write
|
||
|
7C4000
|
heap
|
page read and write
|
||
|
D40000
|
heap
|
page read and write
|
||
|
2495000
|
heap
|
page read and write
|
||
|
B6EA000
|
heap
|
page read and write
|
||
|
1913000
|
unkown
|
page write copy
|
||
|
192F000
|
unkown
|
page read and write
|
||
|
E00000
|
unkown
|
page readonly
|
||
|
1CD5000
|
unkown
|
page readonly
|
||
|
2C5F000
|
stack
|
page read and write
|
||
|
14D1000
|
unkown
|
page execute read
|
||
|
B416000
|
heap
|
page read and write
|
||
|
AD1000
|
unkown
|
page execute read
|
||
|
297C000
|
stack
|
page read and write
|
||
|
22E8000
|
heap
|
page read and write
|
||
|
1889000
|
unkown
|
page readonly
|
||
|
5CFE000
|
stack
|
page read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
DFB0000
|
heap
|
page read and write
|
||
|
3DBE000
|
stack
|
page read and write
|
||
|
1CD5000
|
unkown
|
page readonly
|
||
|
CB3E000
|
heap
|
page read and write
|
||
|
513000
|
heap
|
page read and write
|
||
|
4770000
|
heap
|
page read and write
|
||
|
3E70000
|
heap
|
page read and write
|
||
|
41D0000
|
heap
|
page read and write
|
||
|
CCA8000
|
heap
|
page read and write
|
||
|
1915000
|
unkown
|
page write copy
|
||
|
7C5000
|
heap
|
page read and write
|
||
|
CBFB000
|
heap
|
page read and write
|
||
|
98E0000
|
heap
|
page read and write
|
||
|
CE80000
|
heap
|
page read and write
|
||
|
715000
|
heap
|
page read and write
|
||
|
41D9000
|
heap
|
page read and write
|
||
|
452A000
|
stack
|
page read and write
|
||
|
9871000
|
heap
|
page read and write
|
||
|
10859000
|
heap
|
page read and write
|
||
|
D6F2000
|
heap
|
page read and write
|
||
|
8EF000
|
stack
|
page read and write
|
||
|
421F000
|
stack
|
page read and write
|
||
|
9917000
|
heap
|
page read and write
|
||
|
9852000
|
heap
|
page read and write
|
||
|
513000
|
heap
|
page read and write
|
||
|
1920000
|
unkown
|
page read and write
|
||
|
6EC3D000
|
unkown
|
page readonly
|
||
|
540000
|
heap
|
page read and write
|
||
|
E2D7000
|
heap
|
page read and write
|
||
|
18B000
|
stack
|
page read and write
|
||
|
427A000
|
stack
|
page read and write
|
||
|
1041A000
|
heap
|
page read and write
|
||
|
20B7000
|
heap
|
page read and write
|
||
|
CA0000
|
unkown
|
page readonly
|
||
|
9768000
|
heap
|
page read and write
|
||
|
4E2000
|
heap
|
page read and write
|
||
|
3716000
|
heap
|
page read and write
|
||
|
4F3000
|
heap
|
page read and write
|
||
|
2263000
|
heap
|
page read and write
|
||
|
992E000
|
heap
|
page read and write
|
||
|
F7F000
|
heap
|
page read and write
|
||
|
52B000
|
heap
|
page read and write
|
||
|
1C7000
|
heap
|
page read and write
|
||
|
CC13000
|
heap
|
page read and write
|
||
|
4F6000
|
stack
|
page read and write
|
||
|
36E4000
|
heap
|
page read and write
|
||
|
106E2000
|
heap
|
page read and write
|
||
|
AD1000
|
unkown
|
page execute read
|
||
|
98CC000
|
heap
|
page read and write
|
||
|
23F3000
|
heap
|
page read and write
|
||
|
7C4000
|
heap
|
page read and write
|
||
|
41A4000
|
heap
|
page read and write
|
||
|
F8A000
|
heap
|
page read and write
|
||
|
D538000
|
heap
|
page read and write
|
||
|
1889000
|
unkown
|
page readonly
|
||
|
E077000
|
heap
|
page read and write
|
||
|
CC44000
|
heap
|
page read and write
|
||
|
476D000
|
stack
|
page read and write
|
||
|
1A8A000
|
unkown
|
page readonly
|
||
|
1914000
|
unkown
|
page read and write
|
||
|
2EC0000
|
heap
|
page read and write
|
||
|
CC54000
|
heap
|
page read and write
|
||
|
6EC3D000
|
unkown
|
page readonly
|
||
|
10312000
|
heap
|
page read and write
|
||
|
CC79000
|
heap
|
page read and write
|
||
|
226F000
|
heap
|
page read and write
|
||
|
1937000
|
unkown
|
page read and write
|
||
|
F7F000
|
heap
|
page read and write
|
||
|
70E000
|
heap
|
page read and write
|
||
|
986B000
|
heap
|
page read and write
|
||
|
36B7000
|
heap
|
page read and write
|
||
|
52B000
|
heap
|
page read and write
|
||
|
1904000
|
unkown
|
page read and write
|
||
|
AD1000
|
unkown
|
page execute read
|
||
|
1CD5000
|
unkown
|
page readonly
|
||
|
513000
|
heap
|
page read and write
|
||
|
1CD5000
|
unkown
|
page readonly
|
||
|
CBFF000
|
heap
|
page read and write
|
||
|
3D2E000
|
stack
|
page read and write
|
||
|
FFCA000
|
heap
|
page read and write
|
||
|
4221000
|
heap
|
page read and write
|
||
|
CB14000
|
heap
|
page read and write
|
||
|
11393000
|
stack
|
page read and write
|
||
|
7C4000
|
heap
|
page read and write
|
||
|
D580000
|
heap
|
page read and write
|
||
|
1933000
|
unkown
|
page read and write
|
||
|
2337000
|
heap
|
page read and write
|
||
|
D582000
|
heap
|
page read and write
|
||
|
72F1000
|
heap
|
page read and write
|
||
|
228D000
|
heap
|
page read and write
|
||
|
2289000
|
heap
|
page read and write
|
||
|
103CC000
|
heap
|
page read and write
|
||
|
D4C000
|
unkown
|
page read and write
|
||
|
2190000
|
heap
|
page read and write
|
||
|
4C2E000
|
stack
|
page read and write
|
||
|
3731000
|
heap
|
page read and write
|
||
|
2270000
|
heap
|
page read and write
|
||
|
22EC000
|
heap
|
page read and write
|
||
|
3E73000
|
heap
|
page read and write
|
||
|
990F000
|
heap
|
page read and write
|
||
|
C239000
|
heap
|
page read and write
|
||
|
98F9000
|
heap
|
page read and write
|
||
|
466C000
|
stack
|
page read and write
|
||
|
D666000
|
heap
|
page read and write
|
||
|
104D3000
|
heap
|
page read and write
|
||
|
68F000
|
heap
|
page read and write
|
||
|
728000
|
heap
|
page read and write
|
||
|
CEA1000
|
heap
|
page read and write
|
||
|
880000
|
heap
|
page read and write
|
||
|
CB23000
|
heap
|
page read and write
|
||
|
2C70000
|
trusted library allocation
|
page read and write
|
||
|
1910000
|
unkown
|
page read and write
|
||
|
47A000
|
heap
|
page read and write
|
||
|
20B7000
|
heap
|
page read and write
|
||
|
4138000
|
heap
|
page read and write
|
||
|
437C000
|
stack
|
page read and write
|
||
|
41E3000
|
heap
|
page read and write
|
||
|
AD0000
|
unkown
|
page readonly
|
||
|
CBE2000
|
heap
|
page read and write
|
||
|
989F000
|
heap
|
page read and write
|
||
|
9882000
|
heap
|
page read and write
|
||
|
9766000
|
heap
|
page read and write
|
||
|
715000
|
heap
|
page read and write
|
||
|
7AE000
|
stack
|
page read and write
|
There are 800 hidden memdumps, click here to show them.