Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
FortiClientVPNOnlineInstaller.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
|
C:\ProgramData\Applications\Cache\{0DC51760-4FB7-41F3-8967-D3DEC9D320EB}\7.4.0.1658\FortiClient.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: FortiClient VPN, Author: Fortinet Technologies Inc, Keywords: Installer, Comments: This installer database
contains the logic and data required to install FortiClient VPN., Template: x64;1033, Revision Number: {F999948D-39F6-4A38-BD43-BD7510C19B77},
Create Time/Date: Tue Apr 30 23:57:30 2024, Last Saved Time/Date: Tue Apr 30 23:57:30 2024, Number of Pages: 500, Number of
Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.8.1128.0), Security: 2
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1
|
Certificate, Version=3
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4
|
Certificate, Version=3
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\FCTInstall.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\FCT_{625BC4BA-AC3E-4E4B-9996-EEED9D4287C3}\{37F86F81-CEE2-4981-BF24-D0AAFBE74BFB}\FortiClient.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: FortiClient VPN, Author: Fortinet Technologies Inc, Keywords: Installer, Comments: This installer database
contains the logic and data required to install FortiClient VPN., Template: x64;1033, Revision Number: {F999948D-39F6-4A38-BD43-BD7510C19B77},
Create Time/Date: Tue Apr 30 23:57:30 2024, Last Saved Time/Date: Tue Apr 30 23:57:30 2024, Number of Pages: 500, Number of
Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.8.1128.0), Security: 2
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\FCT_{625BC4BA-AC3E-4E4B-9996-EEED9D4287C3}\{37F86F81-CEE2-4981-BF24-D0AAFBE74BFB}\FortiClientInstaller.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\FCT_{625BC4BA-AC3E-4E4B-9996-EEED9D4287C3}\{37F86F81-CEE2-4981-BF24-D0AAFBE74BFB}\configuration.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\FCT_{625BC4BA-AC3E-4E4B-9996-EEED9D4287C3}\{37F86F81-CEE2-4981-BF24-D0AAFBE74BFB}\orchestrator.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\FortiClient00000.log
|
Unicode text, UTF-16, little-endian text, with very long lines (500), with CRLF, LF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\FortiClientVPN.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSI88FD.tmp
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSI8A46.tmp
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSI8B12.tmp
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSI8C1C.tmp
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\obj_1_a05988
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\obj_1_a05988__unpacked
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DFB96228BA219DC387.TMP
|
data
|
dropped
|
There are 10 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\FortiClientVPNOnlineInstaller.exe
|
"C:\Users\user\Desktop\FortiClientVPNOnlineInstaller.exe"
|
 |
|
|
C:\Users\user\AppData\Local\Temp\FortiClientVPN.exe
|
C:\Users\user\AppData\Local\Temp\FortiClientVPN.exe
|
|
|
|
C:\Windows\System32\msiexec.exe
|
C:\Windows\system32\msiexec.exe /V
|
||
|
C:\Windows\System32\msiexec.exe
|
C:\Windows\System32\MsiExec.exe -Embedding 451EC6BB5F916B7CCFDA9FD6E2C98FE7 C
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://repo.fortinet.com/repo/forticlient/extensions/pam/firefox/%7B9984e753-9122-4cbc-b198-dccd534
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
173.243.138.76
|
unknown
|
United States
|
||
|
192.229.221.95
|
unknown
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8052F904-874D-4d28-9380-AA9BDBF13AFD}\InProcServer32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8052F904-874D-4d28-9380-AA9BDBF13AFD}\InProcServer32
|
ThreadingModel
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8052F904-874D-4d28-9380-AA9BDBF13AFD}\InProcServer32
|
AppID
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
|
Blob
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2CF4000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
3A0000
|
unkown
|
page readonly
|
||
|
2CF5000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2C5A000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
2C35000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
3047000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
4D00000
|
trusted library section
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
605000
|
unkown
|
page readonly
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2C90000
|
heap
|
page read and write
|
||
|
2C72000
|
heap
|
page read and write
|
||
|
6EBE000
|
stack
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
5FC000
|
unkown
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2C76000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
4BE2000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2C59000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2C76000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
30000
|
unkown
|
page readonly
|
||
|
6C7D000
|
stack
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2C00000
|
heap
|
page read and write
|
||
|
2B80000
|
heap
|
page read and write
|
||
|
48A0000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
3A1000
|
unkown
|
page execute read
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2C52000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2C70000
|
heap
|
page read and write
|
||
|
2CF0000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
5FE000
|
unkown
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2B3C000
|
stack
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2C3C000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2BDD000
|
heap
|
page read and write
|
||
|
3A1000
|
unkown
|
page execute read
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
7184000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2C7B000
|
heap
|
page read and write
|
||
|
2CE0000
|
heap
|
page read and write
|
||
|
670E000
|
unkown
|
page readonly
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
701A000
|
heap
|
page read and write
|
||
|
2C4E000
|
heap
|
page read and write
|
||
|
2C6F000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2C7B000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
605000
|
unkown
|
page write copy
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
3F0E000
|
unkown
|
page readonly
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2C7B000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2D5000
|
unkown
|
page write copy
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
7184000
|
heap
|
page read and write
|
||
|
2B0E000
|
unkown
|
page readonly
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
48B0000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2C59000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
7279000
|
heap
|
page read and write
|
||
|
530E000
|
unkown
|
page readonly
|
||
|
2C3B000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
48C0000
|
heap
|
page read and write
|
||
|
710E000
|
unkown
|
page readonly
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
350E000
|
unkown
|
page readonly
|
||
|
2A39000
|
stack
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
566000
|
unkown
|
page readonly
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
47F0000
|
trusted library allocation
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2C76000
|
heap
|
page read and write
|
||
|
5FD000
|
unkown
|
page write copy
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
170E000
|
unkown
|
page readonly
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
4A00000
|
heap
|
page read and write
|
||
|
48E0000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2C7B000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
2C59000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
7B0E000
|
unkown
|
page readonly
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
7180000
|
heap
|
page read and write
|
||
|
704E000
|
stack
|
page read and write
|
||
|
2C59000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
606000
|
unkown
|
page readonly
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2C65000
|
heap
|
page read and write
|
||
|
3040000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
4CF0000
|
trusted library section
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
5D0E000
|
unkown
|
page readonly
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
48E3000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
7275000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2C34000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
7174000
|
heap
|
page read and write
|
||
|
2C76000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
D0E000
|
unkown
|
page readonly
|
||
|
2C53000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
6EFE000
|
stack
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
2C6F000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2C6F000
|
heap
|
page read and write
|
||
|
5FC000
|
unkown
|
page write copy
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
210E000
|
unkown
|
page readonly
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
6D7D000
|
stack
|
page read and write
|
||
|
4BE0000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
71F2000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
7176000
|
heap
|
page read and write
|
||
|
2C59000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2C67000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2C5C000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
599F000
|
stack
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2B88000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
7170000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
5050000
|
trusted library allocation
|
page read and write
|
||
|
714F000
|
stack
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2C65000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
6FFF000
|
stack
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
4800000
|
heap
|
page read and write
|
||
|
239000
|
unkown
|
page readonly
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
7150000
|
remote allocation
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
4CE0000
|
trusted library section
|
page read and write
|
||
|
2CF4000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
58BC000
|
stack
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
566000
|
unkown
|
page readonly
|
||
|
7150000
|
remote allocation
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
3A0000
|
unkown
|
page readonly
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
7019000
|
heap
|
page read and write
|
||
|
601000
|
unkown
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
6DBD000
|
stack
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
490E000
|
unkown
|
page readonly
|
||
|
2C55000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
7150000
|
remote allocation
|
page read and write
|
||
|
30E000
|
unkown
|
page readonly
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F0000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
49F1000
|
heap
|
page read and write
|
||
|
31000
|
unkown
|
page execute read
|
There are 404 hidden memdumps, click here to show them.