Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
KcFVz0y2si.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B87D9160-964E-11EB-90EB-ECF4BBEA1588}.dat
|
Microsoft Word Document
|
dropped
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D2E72912-964E-11EB-90EB-ECF4BBEA1588}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E0E69387-964E-11EB-90EB-ECF4BBEA1588}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B87D9162-964E-11EB-90EB-ECF4BBEA1588}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D2E72914-964E-11EB-90EB-ECF4BBEA1588}.dat
|
Microsoft Word Document
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D2E72916-964E-11EB-90EB-ECF4BBEA1588}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E0E69389-964E-11EB-90EB-ECF4BBEA1588}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.dat
|
data
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Jl2vUSlEIqWjk-99MuYp4W74zvQ[1].svg
|
SVG Scalable Vector Graphics image
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\MstqcgNaYngCBavkktAoSE0--po.gz[1].js
|
ASCII text, with very long lines, with no line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\N55Tc-oLNOuzZam9OghLsR0GD5U[1].jpg
|
[TIFF image data, little-endian, direntries=6, xresolution=86, yresolution=94, resolutionunit=2, software=GIMP 2.10.18, datetime=2020:04:16
19:04:38], progressive, precision 8, 160x160, frames 3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\NewErrorPageTemplate[1]
|
UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\ZcieD[1].htm
|
gzip compressed data, max speed, from TOPS/20
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\bLULVERLX4vU6bjspboNMw9vl_0.gz[1].js
|
very short file (no magic)
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\down[1]
|
PNG image data, 15 x 15, 8-bit colormap, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\eRYlUYIMYsB_Pt8B7FTik-pl5cs.gz[1].js
|
ASCII text, with no line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\eaMqCdNxIXjLc0ATep7tsFkfmSA.gz[1].js
|
ASCII text, with very long lines, with no line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\errorPageStrings[1]
|
UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\gDsOfTXNZVl18jxNDvhXqAdf2tM.gz[1].js
|
ASCII text, with very long lines, with no line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\httpErrorPagesScripts[1]
|
UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\kBH4DSEA84cgV7IKw7_Bwvm2NpI[1].jpg
|
[TIFF image data, little-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2, software=GIMP 2.10.8, datetime=2019:07:31
17:58:04], progressive, precision 8, 160x160, frames 3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\model[1].json
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\msnpopularnow[1].json
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\mw5FvbmnxUiS8Gbwzw9L14Ee8F8.gz[1].js
|
ASCII text, with very long lines, with no line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\sbi[1].htm
|
HTML document, ASCII text, with very long lines, with CRLF, LF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\th[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 150x150,
frames 3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\th[2].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 150x150, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\th[3].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 150x150, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\th[4].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 150x150, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\th[5].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 150x150, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\4L4QdyjTv0HYE2Ig2ol9eYoqxg8[1].svg
|
SVG Scalable Vector Graphics image
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\5rqGloMo94v3vwNVR5OsxDNd8d0[1].svg
|
SVG Scalable Vector Graphics image
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\CMm2G4GK3T9XHTMByeN2QI1OVUs[1].jpg
|
[TIFF image data, little-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2, software=GIMP 2.10.8, datetime=2019:07:31
17:51:08], progressive, precision 8, 160x158, frames 3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\ELqKWpA6KkapLUFbOLS-IQ2zfXc[1].jpg
|
[TIFF image data, little-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2, software=GIMP 2.10.8, datetime=2019:08:01
11:43:45], progressive, precision 8, 160x160, frames 3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\MDr1f9aJs4rBVf1F5DAtlALvweY.gz[1].js
|
ASCII text, with no line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\RXZtj0lYpFm5XDPMpuGSsNG8i9I.gz[1].js
|
ASCII text, with very long lines, with no line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\RrvsBuqGHDpqG7NAz4Q0BMOqQBg.gz[1].js
|
ASCII text, with very long lines, with no line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\ULJCe4CXM2DCjZgELMGm2K4PcPo[1].png
|
PNG image data, 1642 x 116, 8-bit colormap, non-interlaced
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\Xp-HPHGHOZznHBwdn7OWdva404Y.gz[1].js
|
ASCII text, with very long lines, with no line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\XvRHqJwJt19aXQca73hQTfvNMxk[1].svg
|
SVG Scalable Vector Graphics image
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\b4Jy0kwhnsWcsDQyuzAEsN7RmhQ[1].jpg
|
[TIFF image data, little-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2, software=GIMP 2.10.8, datetime=2019:07:31
17:59:08], progressive, precision 8, 160x160, frames 3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\fdVZU4ttbw8NDRm6H3I5BW3_vCo[1].svg
|
SVG Scalable Vector Graphics image
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\n1U5gwBiwMo7s-fWOh2kSe3Kils[1].jpg
|
[TIFF image data, little-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2, software=GIMP 2.10.8, datetime=2019:07:31
17:53:43], progressive, precision 8, 160x160, frames 3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\n8-O_KIRNSMPFWQWrGjn0BRH6SM.gz[1].js
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\ozS3T0fsBUPZy4zlY0UX_e0TUwY.gz[1].js
|
ASCII text, with no line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\pXscrbCrewUD-UetJTvW5F7YMxo.gz[1].js
|
ASCII text, with very long lines, with no line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\test[1].htm
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\th[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 150x150, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\th[2].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 150x150,
frames 3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\th[3].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 150x150, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\th[4].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 150x150,
frames 3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\th[5].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 150x150,
frames 3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\th[6].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 150x150, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\th[7].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 150x150, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\6sxhavkE4_SZHA_K4rwWmg67vF0.gz[1].js
|
ASCII text, with very long lines
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\BJp5dDFvoQm12CHBfp4PC6aiyg4.gz[1].css
|
ASCII text, with very long lines, with no line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\HEBN3BKD.htm
|
HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\H_VmuFPRwWZ4UrVl0mPztnf3z5U[1].jpg
|
[TIFF image data, little-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2, software=GIMP 2.10.8, datetime=2019:08:01
11:38:22], progressive, precision 8, 160x160, frames 3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\JDHEvZVDnqsG9UcxzgIdtGb6thw.gz[1].js
|
ASCII text, with very long lines, with no line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\NewErrorPageTemplate[1]
|
UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\NewErrorPageTemplate[2]
|
UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\NnFHhz2jL6yzChtIhaB5IIVKY5k[1].svg
|
SVG Scalable Vector Graphics image
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\PA3TC2iNXZkiG2C3IJp5VAvC_yY.gz[1].js
|
ASCII text, with very long lines, with no line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\a282eRIAnHsW_URoyogdzsukm_o.gz[1].js
|
ASCII text, with very long lines, with no line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\dnserror[1]
|
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\dnserror[2]
|
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\down[1]
|
PNG image data, 15 x 15, 8-bit colormap, non-interlaced
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\errorPageStrings[1]
|
UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\favicon-2x[1].ico
|
MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\hceflue5sqxkKta9dP3R-IFtPuY.gz[1].js
|
ASCII text, with very long lines, with no line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\httpErrorPagesScripts[1]
|
UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\n_C4vBfAV3O9RfkGjfduaZoxjAs[1].jpg
|
[TIFF image data, little-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2, software=GIMP 2.10.8, datetime=2019:08:01
11:40:12], progressive, precision 8, 160x160, frames 3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\sjm7ZxOOdUKgLq2Lulikx_Lt20I.gz[1].js
|
exported SGML document, ASCII text, with very long lines, with no line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\svI82uPNFRD54V4bMLaeahXQXBI.gz[1].js
|
ASCII text, with very long lines, with no line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\th[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 150x150, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\th[2].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 150x150, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\th[3].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 150x150, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\Fsa_OI0AplCnVoXGca8ALOo0S0s[1].svg
|
SVG Scalable Vector Graphics image
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\GiGr-rA9TBhE2c3LJn7PvDweiOo.gz[1].js
|
ASCII text, with very long lines
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\HdepnBaFj-yarvouFUIlfV4Q9D8.gz[1].js
|
ASCII text, with very long lines, with no line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\KC_nX2_tPPyFvVw1RK20Yu1FyDk[1].svg
|
SVG Scalable Vector Graphics image
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\NGDGShwgz5vCvyjNFyZiaPlHGCE.gz[1].js
|
ASCII text, with no line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\P3LN8DHh0udC9Pbh8UHnw5FJ8R8.gz[1].js
|
ASCII text, with very long lines, with no line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\Passport[1].htm
|
HTML document, ASCII text
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\UYtUYDcn1oZlFG-YfBPz59zejYI[1].svg
|
SVG Scalable Vector Graphics image
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\dnserror[1]
|
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\down[1]
|
PNG image data, 15 x 15, 8-bit colormap, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\hqx6FcD0hjfzrON5oLgx2RMMD1s.gz[1].js
|
ASCII text, with very long lines, with no line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\k5oM71-Oyo7w7ptkcB_2S5dIr7I.gz[1].js
|
ASCII text, with very long lines, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\lK_FmcR4naKX9hpIwfe9ify1hf4.gz[1].js
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\sTWC0LplwPyIP_jw8VjHps800ZQ.gz[1].js
|
ASCII text, with very long lines, with no line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\swyt_VnIjJDWZW5KEq7a8l_1AEw.gz[1].js
|
ASCII text, with very long lines, with no line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\th[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 1920x1080, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\th[1].png
|
PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\th[2].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 150x150, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\th[3].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 150x150, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\th[4].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 150x150, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\th[5].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 150x150, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\th[6].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 640x640, segment length 16, baseline, precision 8, 150x150,
frames 3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\uYzy_SF_Qx-quOm8IecsaqSoOd0[1].svg
|
SVG Scalable Vector Graphics image
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log
|
ASCII text, with CRLF line terminators
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF1CBEE400806503ED.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF3CCEFA9C6D079283.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF3D1717B6AEE1212D.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DFACE307DCA8751CFF.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DFB4B54F0F959EF8BA.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DFD254BC66F83ED0AF.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DFD970B53B2236AC2A.TMP
|
data
|
dropped
|
|
There are 99 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe 'C:\Users\user\Desktop\KcFVz0y2si.dll'
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\KcFVz0y2si.dll,StartService
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe 'C:\Users\user\Desktop\KcFVz0y2si.dll',#1
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\KcFVz0y2si.dll',#1
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5740 CREDAT:17410 /prefetch:2
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2212 CREDAT:17410 /prefetch:2
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2212 CREDAT:17414 /prefetch:2
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1076 CREDAT:17410 /prefetch:2
|
|
There are 1 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://www.msn.com/de-ch/news/other/inzidenz-vor-allem-in-istanbul-hoch-erneut-mehr-als-40-000-coro
|
unknown
|
|
|
|
https://www.msn.com/de-ch/news/other/sind-die-500-wegweisungen-rechtlich-vertretbar/ar-BB1fkglv?ocid
|
unknown
|
|
|
|
https://www.msn.com/de-ch/nachrichten/vermischtes/querdenken-in-stuttgart-es-geht-um-selbsterm
|
unknown
|
|
|
|
https://www.msn.com/de-ch/nachrichten/international/zweiter-weltkrieg-in-griechenland-die-zweite-sch
|
unknown
|
|
|
|
https://www.msn.com/de-ch/news/other/admirale-begehren-auf-gegen-das-verr
|
unknown
|
|
|
|
https://www.msn.com/de-ch/news/other/bei-gebet-zum-ostermontag-papst-franziskus-erinnert-an-menschen
|
unknown
|
|
|
|
https://www.msn.com/de-ch/news/other/gaga-regel-trotz-fallzahl-sinkflug-warum-steht-israel-immer-noc
|
unknown
|
|
|
|
https://www.msn.com/de-ch/nachrichten/coronavirus/die-neusten-entwicklungen-coronavirus-weltweit-ab-
|
unknown
|
|
|
|
https://www.msn.com/de-ch/news/other/eine-stadt-feiert-ihre-vergessenen-heldinnen/ar-BB1fkih4?ocid=B
|
unknown
|
|
|
|
http://under17.com/joomla/RnasiUAhJh/oSxo5X5EIKvwU8Ag1/uMFl7HC_2Fjl/9ltc89lzleE/s0K70MqQow8SbX/RmoUq
|
unknown
|
|
|
|
https://www.msn.com/de-ch/news/other/pappa-rechtfertigt-polizeieins
|
unknown
|
|
|
|
http://under17.com
|
unknown
|
|
|
|
https://www.msn.com/de-ch/nachrichten/politik/coronakrise-laschet-fordert-harten-br
|
unknown
|
|
|
|
https://www.msn.com/de-ch/news/other/vjosa-osmani-neue-staatspr
|
unknown
|
|
|
|
https://www.msn.com/de-ch/nachrichten/schweiz/
|
unknown
|
|
|
|
https://www.msn.com/de-ch/nachrichten/politik/konflikt-mit-russland-borrell-sichert-ukraine-unterst
|
unknown
|
|
|
|
https://www.msn.com/de-ch/news/other/nawalny-gesundheitszustand-im-straflager-weiter-verschlechtert/
|
unknown
|
|
|
|
https://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e
|
unknown
|
|
|
|
https://www.msn.com/de-ch/finanzen/top-stories/globalisierung-ohne-die-weltwirtschaft-w
|
unknown
|
|
|
|
https://www.msn.com/de-ch/news/other/russland-putin-erlaubt-sich-selbst-das-weiterregieren-bis-2036/
|
unknown
|
|
|
|
https://www.msn.com/de-ch/news/other/miss-burma-stellt-die-junta-an-den-pranger/ar-BB1fk4ie?ocid=Bin
|
unknown
|
|
|
|
https://www.msn.com/de-ch/news/other/grossbritannien-boris-johnson-will-am-12-april-erstes-bier-im-b
|
unknown
|
|
|
|
http://feross.org
|
unknown
|
|
|
|
https://www.msn.com/de-ch/news/other/eine-woche-lockdown-in-bangladesch-h
|
unknown
|
|
|
|
http://under17.com/joomla/lIbeNmys4TdjSx_2FdVt/zKr90P9Hk_2BiF_2Ff8/DQfv4eLCQELbftpFrLH4_2/BewGR13P5J
|
unknown
|
|
|
|
https://www.msn.com/de-ch/nachrichten/politik/wie-die-allianz-draghi-macron-europa-ver
|
unknown
|
|
There are 16 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
under17.com
|
185.243.114.196
|
|
|
|
login.microsoftonline.com
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.243.114.196
|
under17.com
|
Netherlands
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\internet explorer\iexplore.exe
|
{B87D9160-964E-11EB-90EB-ECF4BBEA1588}
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
DecayDateQueue
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LastProcessed
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
CVListPingLastYMD
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
{D2E72912-964E-11EB-90EB-ECF4BBEA1588}
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Window_Placement
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
DecayDateQueue
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LastProcessed
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
DecayDateQueue
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LastProcessed
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
{E0E69387-964E-11EB-90EB-ECF4BBEA1588}
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
DecayDateQueue
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LastProcessed
|
|
There are 39 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
4D38000
|
heap private
|
page read and write
|
|
|
|
4D38000
|
heap private
|
page read and write
|
|
|
|
3ACB000
|
heap private
|
page read and write
|
|
|
|
1180000
|
unkown
|
page read and write
|
|
|
|
4D38000
|
heap private
|
page read and write
|
|
|
|
3ACB000
|
heap private
|
page read and write
|
|
|
|
3ACB000
|
heap private
|
page read and write
|
|
|
|
3ACB000
|
heap private
|
page read and write
|
|
|
|
1D0000
|
unkown
|
page read and write
|
|
|
|
3ACB000
|
heap private
|
page read and write
|
|
|
|
4D38000
|
heap private
|
page read and write
|
|
|
|
4D38000
|
heap private
|
page read and write
|
|
|
|
4D38000
|
heap private
|
page read and write
|
|
|
|
3ACB000
|
heap private
|
page read and write
|
|
|
|
11D0000
|
unkown
|
page read and write
|
|
|
|
39CD000
|
heap private
|
page read and write
|
|
|
|
4D38000
|
heap private
|
page read and write
|
|
|
|
4D38000
|
heap private
|
page read and write
|
|
|
|
1B0000
|
unkown
|
page readonly
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
4D3B000
|
heap private
|
page read and write
|
|
|
|
4D3B000
|
heap private
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
3040000
|
unkown
|
page readonly
|
|
|
|
30F8000
|
unkown
|
page readonly
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
2FAF000
|
unkown
|
page readonly
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
3C4A000
|
heap private
|
page read and write
|
|
|
|
13C5000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
13D6000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
3010000
|
heap private
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
3033000
|
unkown
|
page readonly
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
4A6D000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
FE0000
|
unkown
|
page read and write
|
|
|
|
2FED000
|
unkown
|
page readonly
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
1224000
|
unkown
|
page read and write
|
|
|
|
3210000
|
heap private
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
2FA0000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
11CE000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
3033000
|
unkown
|
page readonly
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
12B8000
|
heap private
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
1F0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
400000
|
unkown
|
page readonly
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
4940000
|
heap private
|
page read and write
|
|
|
|
AFD000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
10005000
|
unkown image
|
page execute and read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
121B000
|
unkown
|
page read and write
|
|
|
|
121F000
|
unkown
|
page read and write
|
|
|
|
1C0000
|
heap private
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
3049000
|
unkown
|
page readonly
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
319E000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
3340000
|
unkown
|
page readonly
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
1239000
|
heap private
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
EBE000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
F9A000
|
heap private
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
1170000
|
unkown
|
page readonly
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
593000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
3055000
|
unkown
|
page readonly
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
4D3A000
|
heap private
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
F97000
|
heap private
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
47CF000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
33A000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
37F8000
|
heap private
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
3063000
|
unkown
|
page readonly
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
3400000
|
heap private
|
page read and write
|
|
|
|
135B000
|
heap default
|
page read and write
|
|
|
|
303C000
|
unkown
|
page readonly
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
2F34000
|
unkown
|
page readonly
|
|
|
|
3055000
|
unkown
|
page readonly
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
30D1000
|
unkown
|
page readonly
|
|
|
|
9B0000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
409F000
|
unkown
|
page read and write
|
|
|
|
2E95000
|
unkown
|
page readonly
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49C0000
|
heap private
|
page read and write
|
|
|
|
10001000
|
unkown image
|
page execute and read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
4D50000
|
unkown
|
page readonly
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
4E0000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
3025000
|
unkown
|
page readonly
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
CBB000
|
unkown
|
page read and write
|
|
|
|
B7E000
|
unkown
|
page read and write
|
|
|
|
6B10000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
4ED000
|
unkown
|
page read and write
|
|
|
|
2FF9000
|
unkown
|
page readonly
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
130F000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
13D6000
|
heap default
|
page read and write
|
|
|
|
305D000
|
unkown
|
page readonly
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
160000
|
heap default
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
13C6000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
BCA000
|
stack
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
170000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
30D1000
|
unkown
|
page readonly
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
610000
|
unkown
|
page readonly
|
|
|
|
300A000
|
unkown
|
page readonly
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
306A000
|
unkown
|
page readonly
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
593000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
593000
|
heap default
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
D7F000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
31DE000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
1223000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
311E000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
F90000
|
heap private
|
page read and write
|
|
|
|
2F08000
|
unkown
|
page readonly
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
BC000
|
unkown
|
page read and write
|
|
|
|
2F4D000
|
unkown
|
page execute and read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
3850000
|
heap private
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
305F000
|
unkown
|
page readonly
|
|
|
|
51A000
|
heap default
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
13C6000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
E3E000
|
unkown
|
page read and write
|
|
|
|
2FA1000
|
unkown
|
page execute read
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
4EC000
|
unkown
|
page readonly
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
3003000
|
unkown
|
page readonly
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
33E000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
F00000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
1300000
|
unkown
|
page readonly
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
2F30000
|
unkown
|
page readonly
|
|
|
|
315E000
|
unkown
|
page read and write
|
|
|
|
67D0000
|
unkown
|
page readonly
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
308B000
|
unkown
|
page readonly
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
305F000
|
unkown
|
page readonly
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
121B000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
3040000
|
unkown
|
page readonly
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
30F8000
|
unkown
|
page readonly
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
6710000
|
unkown
|
page readonly
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
B80000
|
unkown
|
page readonly
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
583000
|
unkown
|
page read and write
|
|
|
|
FF0000
|
heap default
|
page read and write
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
FA000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
190000
|
unkown
|
page readonly
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
2FF9000
|
unkown
|
page readonly
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
2F34000
|
unkown
|
page readonly
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
49E8000
|
unkown
|
page execute and read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
F03000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
4B34000
|
heap private
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
331B000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
4B30000
|
heap private
|
page read and write
|
|
|
|
ABD000
|
unkown
|
page execute and read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
2EF0000
|
unkown
|
page execute and read and write
|
|
|
|
2EFD000
|
unkown
|
page readonly
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
3C48000
|
heap private
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
4BB0000
|
heap private
|
page read and write
|
|
|
|
30F2000
|
unkown
|
page readonly
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
3779000
|
heap private
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
303B000
|
unkown
|
page readonly
|
|
|
|
F20000
|
unkown
|
page readonly
|
|
|
|
3C48000
|
heap private
|
page read and write
|
|
|
|
13DF000
|
heap default
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
F30000
|
unkown
|
page readonly
|
|
|
|
308B000
|
unkown
|
page readonly
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
3025000
|
unkown
|
page readonly
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
4AAF000
|
stack
|
page read and write
|
|
|
|
1AE0000
|
unkown
|
page readonly
|
|
|
|
4D38000
|
heap private
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
2FAD000
|
unkown
|
page read and write
|
|
|
|
583000
|
unkown
|
page read and write
|
|
|
|
A60000
|
unkown
|
page execute and read and write
|
|
|
|
419F000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
3103000
|
unkown
|
page readonly
|
|
|
|
2FAC000
|
unkown
|
page readonly
|
|
|
|
4D3B000
|
heap private
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
300A000
|
unkown
|
page readonly
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
3103000
|
unkown
|
page readonly
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
30D5000
|
unkown
|
page readonly
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
3049000
|
unkown
|
page readonly
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
301D000
|
unkown
|
page readonly
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
2FFC000
|
unkown
|
page readonly
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
13DF000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
581000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
498E000
|
stack
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
11A0000
|
heap default
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
3C4A000
|
heap private
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49D0000
|
unkown
|
page execute and read and write
|
|
|
|
F7E000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
EC0000
|
heap private
|
page read and write
|
|
|
|
F80000
|
unkown
|
page readonly
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
3082000
|
unkown
|
page readonly
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
3082000
|
unkown
|
page readonly
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
4EF000
|
unkown
|
page readonly
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
3103000
|
unkown
|
page readonly
|
|
|
|
D74000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
2FE2000
|
unkown
|
page readonly
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
583000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
C7C000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
306F000
|
unkown
|
page readonly
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
4E1000
|
unkown
|
page execute read
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
13DE000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
10005000
|
unkown image
|
page execute and read and write
|
|
|
|
E30000
|
unkown
|
page readonly
|
|
|
|
49A0000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
302C000
|
unkown
|
page readonly
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
3003000
|
unkown
|
page readonly
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
4990000
|
unkown
|
page read and write
|
|
|
|
2E3F000
|
unkown
|
page readonly
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
306F000
|
unkown
|
page readonly
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
3BC9000
|
heap private
|
page read and write
|
|
|
|
429F000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
1223000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
49A0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
A78000
|
unkown
|
page execute and read and write
|
|
|
|
3063000
|
unkown
|
page readonly
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
13D6000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
CFE000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
B10000
|
unkown
|
page readonly
|
|
|
|
2F08000
|
unkown
|
page execute and read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
2FE2000
|
unkown
|
page readonly
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
1223000
|
unkown
|
page read and write
|
|
|
|
1120000
|
unkown
|
page read and write
|
|
|
|
1A0000
|
unkown
|
page readonly
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
4D3A000
|
heap private
|
page read and write
|
|
|
|
1750000
|
unkown
|
page readonly
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
B30000
|
heap private
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
1220000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
133D000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
EFF000
|
unkown
|
page read and write
|
|
|
|
B8A000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
3086000
|
unkown
|
page readonly
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
165000
|
heap default
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
30E4000
|
unkown
|
page readonly
|
|
|
|
1223000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
30D5000
|
unkown
|
page readonly
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
10FA000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
2E9E000
|
unkown
|
page readonly
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
1350000
|
heap default
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
11FA000
|
heap default
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
301D000
|
unkown
|
page readonly
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
3071000
|
unkown
|
page readonly
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
11B0000
|
unkown
|
page readonly
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
139A000
|
unkown
|
page read and write
|
|
|
|
3103000
|
unkown
|
page readonly
|
|
|
|
31F0000
|
heap private
|
page read and write
|
|
|
|
13A1000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
4A2D000
|
unkown
|
page execute and read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
DEC000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
510000
|
heap default
|
page read and write
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
9D0000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
3057000
|
unkown
|
page readonly
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
30F2000
|
unkown
|
page readonly
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
2E9E000
|
unkown
|
page readonly
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
2F8C000
|
unkown
|
page read and write
|
|
|
|
D78000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
30E4000
|
unkown
|
page readonly
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
13DF000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
FDE000
|
stack
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
3C60000
|
unkown
|
page readonly
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
D30000
|
heap private
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
3086000
|
unkown
|
page readonly
|
|
|
|
49A0000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
2E92000
|
unkown
|
page readonly
|
|
|
|
4D3A000
|
heap private
|
page read and write
|
|
|
|
3057000
|
unkown
|
page readonly
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
123F000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
10001000
|
unkown image
|
page execute and read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
3071000
|
unkown
|
page readonly
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
E7F000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
302C000
|
unkown
|
page readonly
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
3340000
|
unkown
|
page readonly
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
13D6000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
1310000
|
unkown
|
page readonly
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
4AB0000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
13DD000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
306A000
|
unkown
|
page readonly
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
305D000
|
unkown
|
page readonly
|
|
|
|
123F000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
1340000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
11F0000
|
heap default
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
478E000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
49B0000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
13C5000
|
unkown
|
page read and write
|
|
There are 865 hidden memdumps, click here to show them.