Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
I9IKjqeBAs.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\ClientAdvanced\WCLDll.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\ClientAdvanced\msvcp140.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\ClientAdvanced\ptInst.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\ClientAdvanced\vcruntime140.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\tjl
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\ClientAdvanced\WCLDll.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\ClientAdvanced\msvcp140.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\ClientAdvanced\ptInst.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\ClientAdvanced\vcruntime140.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\ClientAdvanced\malacia.mpeg
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\ClientAdvanced\statoscope.mpg
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\be190d6d
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\ClientAdvanced\malacia.mpeg
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\ClientAdvanced\statoscope.mpg
|
data
|
dropped
|
There are 5 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\I9IKjqeBAs.exe
|
"C:\Users\user\Desktop\I9IKjqeBAs.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\ClientAdvanced\ptInst.exe
|
C:\Users\user\AppData\Local\Temp\ClientAdvanced\ptInst.exe
|
|
|
|
C:\Users\user\AppData\Roaming\ClientAdvanced\ptInst.exe
|
C:\Users\user\AppData\Roaming\ClientAdvanced\ptInst.exe
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\SysWOW64\cmd.exe
|
|
|
|
C:\Windows\SysWOW64\explorer.exe
|
C:\Windows\SysWOW64\explorer.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://193.163.7.88/a69d09b357e06b52.php
|
|
||
|
https://%s/orion/ptmeeting.do?username=%s&ticket=%s&action=joinbynumber&rnd=%lu
|
unknown
|
||
|
http://www.vmware.com/0
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
|
unknown
|
||
|
http://ocsp.sectigo.com0
|
unknown
|
||
|
https://%s/%s/mywebex/tool/frame/mywebexframe.php?MWAT=mw&strUserName=%s&%s=%s&UTF8=1&SubMenu=PTPMR
|
unknown
|
||
|
https://%s/%s/mywebex/site/forgotpwd.php?EFlag=1&Rnd=%lu
|
unknown
|
||
|
https://supportforums.cisco.com/community/12156681/cisco-proximitySiteNamedwMsitypedwRetCTEUpdate::I
|
unknown
|
||
|
https://%s/%s/mywebex/tool/frame/mywebexframe.php?MWAT=mw&strUserName=%s&TK=%s&UTF8=1&SubMenu=MPSP
|
unknown
|
||
|
https://%s/%s/user.php
|
unknown
|
||
|
http://www.codeproject.com/www.codeguru.comhttp://www.codeguru.com/Several
|
unknown
|
||
|
https://%s/orion/ptmeeting.do?username=%s&ticket=%s&rnd=%lu
|
unknown
|
||
|
https://%s/%s/e.php?AT=OCS&IT=1
|
unknown
|
||
|
http://crl3.digicert.co(m/D
|
unknown
|
||
|
https://%s/%s/pt.php
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
|
unknown
|
||
|
https://%s/%s/changePassword.php?PT=1
|
unknown
|
||
|
https://%s/%s/e.php?AT=FPNF
|
unknown
|
||
|
https://%s/orion/ptmeeting.do?username=%s&ticket=%s&rnd=%luhttps://%s/orion/profile.do?PT=1&username
|
unknown
|
||
|
https://supportforums.cisco.com/community/12156681/cisco-proximity
|
unknown
|
||
|
http://c0rl.m
|
unknown
|
||
|
http://www.softechsoftware.it/RegEx
|
unknown
|
||
|
https://%s/%s/mywebex/tool/frame/mywebexframe.php?MWAT=mw&strUserName=%s&%s=%s&UTF8=1&SubMenu=PTIMS&
|
unknown
|
||
|
https://%s/%s/w.php?AT=JO&MK=%s&isUTF8=1&IT=1&CallbackNumber=%s&PTDisclaimer=1
|
unknown
|
||
|
http://ocsp.digicert.
|
unknown
|
||
|
http://sv.sym
|
unknown
|
||
|
http://ocsp.digicert
|
unknown
|
||
|
https://%s/%s/e.php?AT=CM
|
unknown
|
||
|
https://&<>"'%s_%s.mymy%s.%s%s/%sThe
|
unknown
|
||
|
http://www.artpol-software.com/CrystalEdit
|
unknown
|
||
|
https://%s/dispatcher/CIAuthService.do?cmd=login&siteurl=%s&from=PT&locale=%s&email=%s
|
unknown
|
||
|
https://onedrive.live.com/about/en-us/0
|
unknown
|
||
|
https://%s/%s/joinMeetingByNumber.php?PT=1&languageID=1
|
unknown
|
||
|
https://hm1gla-rvproxy.qa.webex.com/gla/GLAServicehttps://meetings-api.webex.com/gla/GLAServiceCSCvf
|
unknown
|
||
|
https://%s/%s/servicerds.php?SP=MC
|
unknown
|
||
|
http://ourworld.compuserve.com/homepages/John_Maddock/ZipArchive
|
unknown
|
||
|
https://%s/%s/surl.php
|
unknown
|
||
|
https://%s/%s/teleconfaccount.php?resFunction=0&form=&backUrl=0&serviceType=MW¤tIndex=0&PT=1
|
unknown
|
||
|
https://%s/%s/e.php?AT=MO&isUTF8=1
|
unknown
|
||
|
https://%s/%s/p.php?AT=LI&isUTF8=1&SK=%s&WID=%s&MU=%s
|
unknown
|
||
|
https://%s/%s/sac/e.php?AT=CM
|
unknown
|
||
|
https://%s/dispatcher/CIAuthService.do?cmd=login&siteurl=%s&from=PT&locale=null
|
unknown
|
||
|
https://%s/%s/outlook.php
|
unknown
|
||
|
https://sectigo.com/CPS0
|
unknown
|
||
|
https://%s/%s/p.php?AT=LI&WID=%s&TK=%s&SPL=1&MU=
|
unknown
|
||
|
https://%s/%s/ipphone.php
|
unknown
|
||
|
https://%s/%s/onstage/e.php?AT=CM
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
|
unknown
|
||
|
http://www.vmware.com/0/
|
unknown
|
||
|
https://%s/%s/featureconfig.php
|
unknown
|
||
|
https://%s/%s/mywebex/tool/frame/mywebexframe.php?MWAT=mw&strUserName=%s&%s=%s&UTF8=1&SubMenu=PTPMRh
|
unknown
|
||
|
https://%s/%s/w.php?AT=HO&MK=%s&BI=%s&isUTF8=1
|
unknown
|
||
|
https://%s/dispatcher/FederatedSSO.do?siteurl=%s&AT=config&TYPE=PT
|
unknown
|
||
|
http://www.grigsoft.com
|
unknown
|
||
|
https://%s/dispatcher/CIAuthService.do?cmd=login&siteurl=%s&from=PT&locale=%s&email=%shttps://%s/%s/
|
unknown
|
||
|
https://meetings-api.webex.com/gla/GLAService
|
unknown
|
||
|
http://c0rl.m%L
|
unknown
|
||
|
http://www.symauth.com/cps0(
|
unknown
|
||
|
https://%s/%s/pt.php?AT=HELP&LanguageID=%sstrFmt.c_str()OpenHelp--URLntdll.dllNtSetInformationProces
|
unknown
|
||
|
https://%s/%s/w.php?AT=JO&MK=%s&isUTF8=1&IT=1&MHAtteID=%u&PTDisclaimer=1
|
unknown
|
||
|
https://%s/orion/ptmeeting.do?username=%s&ticket=%s&action=schedule&rnd=%lu
|
unknown
|
||
|
https://%s/orion/ptmeeting.do?username=%s&ticket=%s&action=recording&rnd=%lu
|
unknown
|
||
|
https://%s/dispatcher/getSiteName.php
|
unknown
|
||
|
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
|
unknown
|
||
|
http://www.webex.com/schemas/2002/06/service
|
unknown
|
||
|
https://%s/%s/mywebex/tool/frame/mywebexframe.php?MWAT=mw&strUserName=%s&TK=%s&UTF8=1
|
unknown
|
||
|
https://%s/%s/p.php?AT=LI&isUTF8=1&TK=%s&WID=%s&MU=%s
|
unknown
|
||
|
http://www.grigsoft.com/wc3addin.htm
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
|
unknown
|
||
|
https://%s/orion/profile.do?PT=1&username=%s&ticket=%s&IsLogin=1&rnd=%lu
|
unknown
|
||
|
http://www.grigsoft.com/
|
unknown
|
||
|
http://www.symauth.com/rpa00
|
unknown
|
||
|
https://hm1gla-rvproxy.qa.webex.com/gla/GLAService
|
unknown
|
||
|
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
|
unknown
|
||
|
http://www.softidentity.com/this
|
unknown
|
||
|
https://%s/%s/pt.php?AT=HELP&LanguageID=%s
|
unknown
|
||
|
http://www.info-zip.org/
|
unknown
|
||
|
https://%s/%s/w.php
|
unknown
|
||
|
https://%s/%s/k2/e.php?AT=CM
|
unknown
|
||
|
https://%s/%s/nobrowser.php?
|
unknown
|
||
|
HTTPS://PT32.9_TM_0003
|
unknown
|
||
|
https://%s/%s/e.php?AT=MO
|
unknown
|
There are 72 hidden URLs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2E31000
|
unkown
|
page execute and write copy
|
|
|
|
27B0000
|
direct allocation
|
page read and write
|
|
|
|
B84000
|
heap
|
page read and write
|
||
|
2D90000
|
heap
|
page read and write
|
||
|
AC4000
|
heap
|
page read and write
|
||
|
4FD0000
|
direct allocation
|
page read and write
|
||
|
50F9000
|
direct allocation
|
page read and write
|
||
|
6CB34000
|
unkown
|
page write copy
|
||
|
31D0000
|
heap
|
page read and write
|
||
|
6CA40000
|
unkown
|
page readonly
|
||
|
3DF0000
|
unkown
|
page read and write
|
||
|
3215000
|
heap
|
page read and write
|
||
|
27F4000
|
unkown
|
page read and write
|
||
|
3051000
|
heap
|
page read and write
|
||
|
308C000
|
heap
|
page read and write
|
||
|
574000
|
unkown
|
page read and write
|
||
|
6CAA4000
|
unkown
|
page readonly
|
||
|
2B9000
|
unkown
|
page write copy
|
||
|
A8E000
|
stack
|
page read and write
|
||
|
B9C000
|
heap
|
page read and write
|
||
|
6CD81000
|
unkown
|
page read and write
|
||
|
904000
|
heap
|
page read and write
|
||
|
A9B000
|
heap
|
page read and write
|
||
|
6CD01000
|
unkown
|
page execute read
|
||
|
27F4000
|
unkown
|
page read and write
|
||
|
3700000
|
trusted library allocation
|
page read and write
|
||
|
E8E000
|
heap
|
page read and write
|
||
|
3157000
|
heap
|
page read and write
|
||
|
AC4000
|
heap
|
page read and write
|
||
|
AA0000
|
heap
|
page read and write
|
||
|
6CD87000
|
unkown
|
page readonly
|
||
|
6CA20000
|
unkown
|
page readonly
|
||
|
DA5000
|
unkown
|
page readonly
|
||
|
1083000
|
heap
|
page read and write
|
||
|
2DD1000
|
heap
|
page read and write
|
||
|
B20000
|
heap
|
page read and write
|
||
|
87D000
|
stack
|
page read and write
|
||
|
6CDF6000
|
unkown
|
page readonly
|
||
|
26B7000
|
heap
|
page read and write
|
||
|
3491000
|
heap
|
page read and write
|
||
|
2E4B000
|
unkown
|
page readonly
|
||
|
83C000
|
stack
|
page read and write
|
||
|
DA5000
|
unkown
|
page readonly
|
||
|
2BE000
|
unkown
|
page readonly
|
||
|
27F4000
|
unkown
|
page read and write
|
||
|
8BE000
|
stack
|
page read and write
|
||
|
ECE000
|
heap
|
page read and write
|
||
|
904000
|
heap
|
page read and write
|
||
|
900000
|
heap
|
page read and write
|
||
|
3036000
|
heap
|
page read and write
|
||
|
2AF0000
|
unkown
|
page read and write
|
||
|
3247000
|
heap
|
page read and write
|
||
|
507000
|
unkown
|
page execute and write copy
|
||
|
50D000
|
unkown
|
page readonly
|
||
|
220000
|
unkown
|
page readonly
|
||
|
2DD0000
|
heap
|
page read and write
|
||
|
290D000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
26FF000
|
unkown
|
page read and write
|
||
|
592000
|
unkown
|
page readonly
|
||
|
DD4000
|
heap
|
page read and write
|
||
|
4B5D000
|
direct allocation
|
page read and write
|
||
|
C2F000
|
stack
|
page read and write
|
||
|
9A000
|
stack
|
page read and write
|
||
|
3DF1000
|
unkown
|
page read and write
|
||
|
6CD20000
|
unkown
|
page readonly
|
||
|
3520000
|
heap
|
page read and write
|
||
|
2B9000
|
unkown
|
page write copy
|
||
|
2730000
|
direct allocation
|
page read and write
|
||
|
2DD1000
|
heap
|
page read and write
|
||
|
1130000
|
heap
|
page read and write
|
||
|
578000
|
unkown
|
page write copy
|
||
|
D8C000
|
stack
|
page read and write
|
||
|
6CE18000
|
unkown
|
page read and write
|
||
|
306B000
|
unkown
|
page write copy
|
||
|
117D000
|
stack
|
page read and write
|
||
|
3D5F000
|
unkown
|
page read and write
|
||
|
2A05000
|
heap
|
page read and write
|
||
|
25A0000
|
heap
|
page read and write
|
||
|
904000
|
heap
|
page read and write
|
||
|
2B61000
|
heap
|
page read and write
|
||
|
A30000
|
heap
|
page read and write
|
||
|
47FD000
|
heap
|
page read and write
|
||
|
4EE7000
|
unkown
|
page read and write
|
||
|
2831000
|
heap
|
page read and write
|
||
|
579000
|
unkown
|
page read and write
|
||
|
AC4000
|
heap
|
page read and write
|
||
|
2955000
|
trusted library allocation
|
page read and write
|
||
|
357F000
|
trusted library allocation
|
page read and write
|
||
|
84B000
|
unkown
|
page readonly
|
||
|
25A3000
|
heap
|
page read and write
|
||
|
3050000
|
heap
|
page read and write
|
||
|
3066000
|
unkown
|
page readonly
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2E53000
|
unkown
|
page write copy
|
||
|
27E0000
|
heap
|
page read and write
|
||
|
3537000
|
trusted library allocation
|
page read and write
|
||
|
2830000
|
heap
|
page read and write
|
||
|
32B3000
|
heap
|
page read and write
|
||
|
6CAB0000
|
unkown
|
page readonly
|
||
|
6CD10000
|
unkown
|
page read and write
|
||
|
2D63000
|
heap
|
page read and write
|
||
|
6CA30000
|
unkown
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
DE9000
|
unkown
|
page write copy
|
||
|
E38000
|
heap
|
page read and write
|
||
|
2FE0000
|
heap
|
page read and write
|
||
|
6CB16000
|
unkown
|
page readonly
|
||
|
507000
|
unkown
|
page execute and write copy
|
||
|
6CB3A000
|
unkown
|
page readonly
|
||
|
58E000
|
unkown
|
page read and write
|
||
|
27F4000
|
unkown
|
page read and write
|
||
|
904000
|
heap
|
page read and write
|
||
|
FFE000
|
stack
|
page read and write
|
||
|
2ED0000
|
heap
|
page read and write
|
||
|
27F4000
|
unkown
|
page read and write
|
||
|
D11000
|
unkown
|
page execute read
|
||
|
6CD84000
|
unkown
|
page readonly
|
||
|
46DA000
|
heap
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
6CD90000
|
unkown
|
page readonly
|
||
|
3D00000
|
unkown
|
page read and write
|
||
|
A56000
|
heap
|
page read and write
|
||
|
3051000
|
heap
|
page read and write
|
||
|
27F4000
|
unkown
|
page read and write
|
||
|
2BA000
|
unkown
|
page read and write
|
||
|
84B000
|
unkown
|
page readonly
|
||
|
6CD21000
|
unkown
|
page execute read
|
||
|
DD4000
|
heap
|
page read and write
|
||
|
200000
|
unkown
|
page readonly
|
||
|
19C000
|
stack
|
page read and write
|
||
|
83E000
|
unkown
|
page readonly
|
||
|
8FE000
|
stack
|
page read and write
|
||
|
23FE000
|
unkown
|
page read and write
|
||
|
6CB38000
|
unkown
|
page read and write
|
||
|
B9C000
|
heap
|
page read and write
|
||
|
904000
|
heap
|
page read and write
|
||
|
3124000
|
heap
|
page read and write
|
||
|
AC4000
|
heap
|
page read and write
|
||
|
E30000
|
heap
|
page read and write
|
||
|
27D5000
|
direct allocation
|
page read and write
|
||
|
3DF1000
|
unkown
|
page read and write
|
||
|
6CE1A000
|
unkown
|
page readonly
|
||
|
83E000
|
unkown
|
page readonly
|
||
|
3829000
|
trusted library allocation
|
page read and write
|
||
|
DE9000
|
unkown
|
page write copy
|
||
|
79C000
|
stack
|
page read and write
|
||
|
230000
|
heap
|
page read and write
|
||
|
23B0000
|
unkown
|
page read and write
|
||
|
DD4000
|
heap
|
page read and write
|
||
|
577000
|
unkown
|
page write copy
|
||
|
2580000
|
unkown
|
page read and write
|
||
|
6CD11000
|
unkown
|
page readonly
|
||
|
B33000
|
heap
|
page read and write
|
||
|
870000
|
heap
|
page read and write
|
||
|
DD4000
|
heap
|
page read and write
|
||
|
3BA3000
|
unkown
|
page read and write
|
||
|
A20000
|
heap
|
page read and write
|
||
|
AC4000
|
heap
|
page read and write
|
||
|
2831000
|
heap
|
page read and write
|
||
|
37F0000
|
trusted library allocation
|
page read and write
|
||
|
35B4000
|
heap
|
page read and write
|
||
|
4D9F000
|
heap
|
page read and write
|
||
|
DEA000
|
unkown
|
page read and write
|
||
|
B7E000
|
heap
|
page read and write
|
||
|
3395000
|
heap
|
page read and write
|
||
|
1E1000
|
unkown
|
page execute read
|
||
|
AC4000
|
heap
|
page read and write
|
||
|
210000
|
unkown
|
page readonly
|
||
|
904000
|
heap
|
page read and write
|
||
|
DEB000
|
unkown
|
page write copy
|
||
|
29F0000
|
heap
|
page read and write
|
||
|
33AB000
|
heap
|
page read and write
|
||
|
B9B000
|
heap
|
page read and write
|
||
|
27F4000
|
unkown
|
page read and write
|
||
|
EC9000
|
heap
|
page read and write
|
||
|
592000
|
unkown
|
page readonly
|
||
|
A00000
|
heap
|
page read and write
|
||
|
DD4000
|
heap
|
page read and write
|
||
|
1E0000
|
unkown
|
page readonly
|
||
|
860000
|
heap
|
page read and write
|
||
|
391D000
|
trusted library allocation
|
page read and write
|
||
|
8B0000
|
heap
|
page read and write
|
||
|
275000
|
unkown
|
page readonly
|
||
|
69C000
|
stack
|
page read and write
|
||
|
103E000
|
stack
|
page read and write
|
||
|
CC000
|
stack
|
page read and write
|
||
|
35AD000
|
trusted library allocation
|
page read and write
|
||
|
A4E000
|
stack
|
page read and write
|
||
|
A3A000
|
heap
|
page read and write
|
||
|
113E000
|
stack
|
page read and write
|
||
|
338E000
|
stack
|
page read and write
|
||
|
3650000
|
heap
|
page read and write
|
||
|
D10000
|
unkown
|
page readonly
|
||
|
DEE000
|
unkown
|
page readonly
|
||
|
3AC4000
|
unkown
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
D11000
|
unkown
|
page execute read
|
||
|
293D000
|
heap
|
page read and write
|
||
|
6CA41000
|
unkown
|
page execute read
|
||
|
389E000
|
trusted library allocation
|
page read and write
|
||
|
6CAA7000
|
unkown
|
page readonly
|
||
|
50FD000
|
direct allocation
|
page read and write
|
||
|
3378000
|
heap
|
page read and write
|
||
|
6CD91000
|
unkown
|
page execute read
|
||
|
3E0D000
|
unkown
|
page read and write
|
||
|
2D70000
|
heap
|
page read and write
|
||
|
3BE7000
|
unkown
|
page read and write
|
||
|
DD4000
|
heap
|
page read and write
|
||
|
1CA000
|
stack
|
page read and write
|
||
|
4DE0000
|
unkown
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
E93000
|
heap
|
page read and write
|
||
|
2B15000
|
unkown
|
page read and write
|
||
|
26BD000
|
heap
|
page read and write
|
||
|
2AB4000
|
heap
|
page read and write
|
||
|
DD4000
|
heap
|
page read and write
|
||
|
35A9000
|
trusted library allocation
|
page read and write
|
||
|
E10000
|
heap
|
page read and write
|
||
|
127E000
|
stack
|
page read and write
|
||
|
AC4000
|
heap
|
page read and write
|
||
|
4EE2000
|
unkown
|
page read and write
|
||
|
4DE1000
|
unkown
|
page read and write
|
||
|
577000
|
unkown
|
page read and write
|
||
|
1E1000
|
unkown
|
page execute read
|
||
|
2570000
|
heap
|
page read and write
|
||
|
AC4000
|
heap
|
page read and write
|
||
|
27F0000
|
heap
|
page read and write
|
||
|
348F000
|
stack
|
page read and write
|
||
|
539000
|
unkown
|
page write copy
|
||
|
28EB000
|
heap
|
page read and write
|
||
|
2BB000
|
unkown
|
page write copy
|
||
|
3E55000
|
unkown
|
page read and write
|
||
|
382D000
|
trusted library allocation
|
page read and write
|
||
|
32E2000
|
heap
|
page read and write
|
||
|
3480000
|
trusted library allocation
|
page read and write
|
||
|
2F92000
|
heap
|
page read and write
|
||
|
539000
|
unkown
|
page write copy
|
||
|
D2F000
|
stack
|
page read and write
|
||
|
AD5000
|
heap
|
page read and write
|
||
|
3CC6000
|
unkown
|
page read and write
|
||
|
DEE000
|
unkown
|
page readonly
|
||
|
6CAA1000
|
unkown
|
page read and write
|
||
|
275000
|
unkown
|
page readonly
|
||
|
3370000
|
heap
|
page read and write
|
||
|
A3E000
|
heap
|
page read and write
|
||
|
904000
|
heap
|
page read and write
|
||
|
50D000
|
unkown
|
page readonly
|
||
|
AC4000
|
heap
|
page read and write
|
||
|
27F4000
|
unkown
|
page read and write
|
||
|
23AE000
|
unkown
|
page read and write
|
||
|
1E0000
|
unkown
|
page readonly
|
||
|
516E000
|
direct allocation
|
page read and write
|
||
|
27F4000
|
unkown
|
page read and write
|
||
|
6CA31000
|
unkown
|
page readonly
|
||
|
361E000
|
trusted library allocation
|
page read and write
|
||
|
3919000
|
trusted library allocation
|
page read and write
|
||
|
6CA21000
|
unkown
|
page execute read
|
||
|
398E000
|
trusted library allocation
|
page read and write
|
||
|
4A30000
|
direct allocation
|
page read and write
|
||
|
2550000
|
heap
|
page read and write
|
||
|
AC4000
|
heap
|
page read and write
|
||
|
904000
|
heap
|
page read and write
|
||
|
2BE000
|
unkown
|
page readonly
|
||
|
6CAB1000
|
unkown
|
page execute read
|
||
|
3C77000
|
unkown
|
page read and write
|
||
|
28FF000
|
unkown
|
page read and write
|
||
|
13B0000
|
heap
|
page read and write
|
||
|
4BCE000
|
direct allocation
|
page read and write
|
||
|
B28000
|
heap
|
page read and write
|
||
|
2B10000
|
unkown
|
page read and write
|
||
|
A90000
|
heap
|
page read and write
|
||
|
EFE000
|
stack
|
page read and write
|
||
|
6CD00000
|
unkown
|
page readonly
|
||
|
131F000
|
heap
|
page read and write
|
||
|
26B0000
|
heap
|
page read and write
|
||
|
6CE14000
|
unkown
|
page write copy
|
||
|
D10000
|
unkown
|
page readonly
|
||
|
34CE000
|
heap
|
page read and write
|
||
|
4DE1000
|
unkown
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
3051000
|
heap
|
page read and write
|
||
|
6CE13000
|
unkown
|
page read and write
|
||
|
AC4000
|
heap
|
page read and write
|
||
|
C8C000
|
stack
|
page read and write
|
||
|
6CB33000
|
unkown
|
page read and write
|
||
|
DD4000
|
heap
|
page read and write
|
||
|
3309000
|
heap
|
page read and write
|
||
|
4B59000
|
direct allocation
|
page read and write
|
||
|
4C7C000
|
heap
|
page read and write
|
||
|
AC0000
|
heap
|
page read and write
|
||
|
29FB000
|
heap
|
page read and write
|
There are 282 hidden memdumps, click here to show them.