Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
racial.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\E5F0NRSV\www.msn[2].xml
|
ASCII text, with no line terminators
|
dropped
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\URW0GA4Q\contextual.media[1].xml
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{077FFF94-C485-11EB-90EB-ECF4BBEA1588}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{077FFF96-C485-11EB-90EB-ECF4BBEA1588}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
|
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
|
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
|
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
|
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
|
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
|
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
|
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
|
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
|
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.dat
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\2d-0e97d4-185735b[1].css
|
UTF-8 Unicode text, with very long lines
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\52-478955-68ddb2ab[1].js
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\AAKF6YD[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x250, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\AAKFFeZ[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\AAKFH7n[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\AAKFPFy[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\AAKFtNg[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\BB1dCSOZ[1].png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\BBPfCZL[1].png
|
GIF image data, version 89a, 50 x 50
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\BBRUB0d[1].png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\auction[1].htm
|
HTML document, ASCII text, with very long lines, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\http___cdn.taboola.com_libtrc_static_thumbnails_e7ae454c7acb9331f45addbd7bc80364[1].jpg
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\jquery-2.1.1.min[1].js
|
ASCII text, with very long lines, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\medianet[1].htm
|
HTML document, ASCII text, with very long lines
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\medianet[2].htm
|
HTML document, ASCII text, with very long lines
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\otBannerSdk[1].js
|
ASCII text, with very long lines, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\otFlat[1].json
|
ASCII text, with very long lines, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\otPcCenter[1].json
|
ASCII text, with very long lines, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\17-361657-68ddb2ab[1].js
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\AAKDiAr[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\AAKFBPA[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\AAKFG5U[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\AAKFggi[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\BB10MkbM[1].png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\BB14EN7h[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\BB14hq0P[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\BB1aXITZ[1].png
|
PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\BB1ftEY0[1].png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\BB1kvzy[1].png
|
PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\BB7gRE[1].png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\cfdbd9[1].png
|
PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\checksync[1].htm
|
HTML document, ASCII text, with very long lines
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\checksync[2].htm
|
HTML document, ASCII text, with very long lines
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\checksync[3].htm
|
HTML document, ASCII text, with very long lines
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\checksync[4].htm
|
HTML document, ASCII text, with very long lines
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\http___cdn.taboola.com_libtrc_static_thumbnails_bb08781aa271862226e3d45146478e49[1].jpg
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\otSDKStub[1].js
|
ASCII text, with very long lines, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\46a64e19-d1cf-494e-8a93-1a179ccdaae9[1].jpg
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\AAKF3dk[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\AAKFGPg[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\AAKFesV[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\AAKFgOM[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\AAKFwN9[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\AAKiuLK[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\BB1gqGZR[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\BBVuddh[1].png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\BBX2afX[1].png
|
PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\BBY7ARN[1].png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\BBkwUr[1].png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\a27dc85a-9c49-4090-8fd6-fcbafa39577a[1].jpg
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\a5ea21[1].ico
|
PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\e151e5[1].gif
|
GIF image data, version 89a, 1 x 1
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\http___cdn.taboola.com_libtrc_static_thumbnails_27fb98c971ab2a7fd8fb1b93d6f09452[1].jpg
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\http___cdn.taboola.com_libtrc_static_thumbnails_67e22d8aae58f404575f6c0627b07d0b[1].jpg
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\location[1].js
|
ASCII text, with no line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\nrrV56260[1].js
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\nrrV56260[2].js
|
ASCII text, with very long lines, with no line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\4996b9[1].woff
|
Web Open Font Format, TrueType, length 45633, version 1.0
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\55a804ab-e5c6-4b97-9319-86263d365d28[1].json
|
ASCII text, with very long lines, with no line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\AAKF3od[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\AAKF4cY[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\AAKFC6D[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\AAKFGrV[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\AAKFIla[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\AAKFNiv[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\AAKFUAE[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x250, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\AAKp8YX[1].png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\BB1cEP3G[1].png
|
PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\BB1cG73h[1].png
|
PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\BB7hg4[1].png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\BBnYSFZ[1].png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\a8a064[1].gif
|
GIF image data, version 89a, 28 x 28
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\de-ch[1].htm
|
HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\de-ch[1].json
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\http___cdn.taboola.com_libtrc_static_thumbnails_858913b40c4df9463261f35e7072478e[1].jpg
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\http___cdn.taboola.com_libtrc_static_thumbnails_GETTY_IMAGES_DV_1277176177__I1XLOQhP[1].jpg
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames
3
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\iab2Data[1].json
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\otTCF-ie[1].js
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF612651A5ED27DC43.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DFC82D4C0C8742B1C1.TMP
|
data
|
dropped
|
|
There are 85 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe 'C:\Users\user\Desktop\racial.dll'
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
regsvr32.exe /s C:\Users\user\Desktop\racial.dll
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe 'C:\Users\user\Desktop\racial.dll',#1
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\racial.dll,DllRegisterServer
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\racial.dll',#1
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
C:\Program Files\Internet Explorer\iexplore.exe
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:7040 CREDAT:17410 /prefetch:2
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://searchads.msn.net/.cfm?&&kp=1&
|
unknown
|
|
|
|
https://contextual.media.net/medianet.php?cid=8CU157172
|
unknown
|
|
|
|
https://www.msn.com/de-ch/nachrichten/coronareisen
|
unknown
|
|
|
|
https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&mid=46130&u1=dech_promotionalstripe_na
|
unknown
|
|
|
|
https://onedrive.live.com;Fotos
|
unknown
|
|
|
|
https://www.msn.com/de-ch/sport?ocid=StripeOCID
|
unknown
|
|
|
|
https://www.msn.com/de-ch/nachrichten/z%c3%bcrich/26-j%c3%a4hriger-mann-stirbt-nach-sturz-auf-vorpla
|
unknown
|
|
|
|
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_TopMenu&auth=1&wdorigin=msn
|
unknown
|
|
|
|
https://office.live.com/start/Word.aspx?WT.mc_id=MSN_site;Excel
|
unknown
|
|
|
|
http://ogp.me/ns/fb#
|
unknown
|
|
|
|
https://www.awin1.com/cread.php?awinmid=15168&awinaffid=696593&clickref=de-ch-ss&ued=htt
|
unknown
|
|
|
|
https://outlook.live.com/mail/deeplink/compose;Kalender
|
unknown
|
|
|
|
https://res-a.akamaihd.net/__media__/pics/8000/72/941/fallback1.jpg
|
unknown
|
|
|
|
https://www.skyscanner.net/g/referrals/v1/cars/home?associateid=API_B2B_19305_00002
|
unknown
|
|
|
|
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_Recent&auth=1&wdorigin=msn
|
unknown
|
|
|
|
https://www.msn.com/de-ch/sport/nachrichten/schweiz-unterliegt-deutschland-im-penaltyschiessen/ar-AA
|
unknown
|
|
|
|
https://www.msn.com/de-ch/nachrichten/z%c3%bcrich/mehr-sicherheit-und-weniger-versp%c3%a4tungen-im-f
|
unknown
|
|
|
|
http://www.reddit.com/
|
unknown
|
|
|
|
https://www.skype.com/
|
unknown
|
|
|
|
https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ce_sharpen%2Ch_311%2Cw_207%2Cc_fill%
|
unknown
|
|
|
|
https://sp.booking.com/index.html?aid=1589774&label=travelnavlink
|
unknown
|
|
|
|
https://www.msn.com/de-ch/nachrichten/regional
|
unknown
|
|
|
|
https://onedrive.live.com/?qt=allmyphotos;Aktuelle
|
unknown
|
|
|
|
https://amzn.to/2TTxhNg
|
unknown
|
|
|
|
https://www.skype.com/go/onedrivepromo.download?cm_mmc=MSFT_2390_MSN-com
|
unknown
|
|
|
|
https://client-s.gateway.messenger.live.com
|
unknown
|
|
|
|
https://www.msn.com/de-ch/
|
unknown
|
|
|
|
https://www.msn.com/de-ch/news/other/gr%c3%bcne-fordern-regierung-soll-zeitungen-f%c3%b6rdern/ar-AAK
|
unknown
|
|
|
|
https://office.live.com/start/PowerPoint.aspx?WT.mc_id=MSN_site
|
unknown
|
|
|
|
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
|
unknown
|
|
|
|
https://www.awin1.com/cread.php?awinmid=15168&awinaffid=696593&clickref=de-ch-edge-dhp-river
|
unknown
|
|
|
|
https://www.msn.com/de-ch
|
unknown
|
|
|
|
https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&mid=46130&u1=dech_mestripe_store&m
|
unknown
|
|
|
|
https://twitter.com/i/notifications;Ich
|
unknown
|
|
|
|
https://www.awin1.com/cread.php?awinmid=11518&awinaffid=696593&clickref=dech-edge-dhp-infopa
|
unknown
|
|
|
|
https://www.msn.com/de-ch/news/other/walt-disney-sprach-ihn-an-und-pl%c3%b6tzlich-stand-sein-leben-k
|
unknown
|
|
|
|
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&http
|
unknown
|
|
|
|
https://www.sway.com/?WT.mc_id=MSN_site&utm_source=MSN&utm_medium=Topnav&utm_campaign=link;PowerPoin
|
unknown
|
|
|
|
https://www.msn.com/de-ch/?ocid=iehp&item=deferred_page%3a1&ignorejs=webcore%2fmodules%2fjsb
|
unknown
|
|
|
|
http://www.youtube.com/
|
unknown
|
|
|
|
http://ogp.me/ns#
|
unknown
|
|
|
|
https://onedrive.live.com/?qt=mru;OneDrive-App
|
unknown
|
|
|
|
https://www.skype.com/de
|
unknown
|
|
|
|
https://www.msn.com/de-ch/nachrichten/z%c3%bcrich/k%c3%b6nnen-seil-oder-hochbahnen-z%c3%bcrichs-verk
|
unknown
|
|
|
|
https://www.msn.com/de-ch/nachrichten/z%c3%bcrich/wer-bekommt-im-kanton-z%c3%bcrich-pr%c3%a4mienverb
|
unknown
|
|
|
|
https://sp.booking.com/index.html?aid=1589774&label=dech-prime-hp-me
|
unknown
|
|
|
|
https://tools.applemediaservices.com/api/badges/download-on-the-app-store/black/de-de?"
|
unknown
|
|
|
|
https://www.skype.com/de/download-skype
|
unknown
|
|
|
|
https://onedrive.live.com/?wt.mc_id=oo_msn_msnhomepage_header
|
unknown
|
|
|
|
http://www.hotmail.msn.com/pii/ReadOutlookEmail/
|
unknown
|
|
|
|
https://onedrive.live.com;OneDrive-App
|
unknown
|
|
|
|
https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&mid=46130&u1=dech_mestripe_office&
|
unknown
|
|
|
|
https://clkde.tradedoubler.com/click?p=295926&a=3064090&g=24886692
|
unknown
|
|
|
|
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
|
unknown
|
|
|
|
http://www.amazon.com/
|
unknown
|
|
|
|
https://www.msn.com/de-ch/nachrichten/z%c3%bcrich/eye-tracking-bei-online-pr%c3%bcfungen-keiner-%c3%
|
unknown
|
|
|
|
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_QuickNote&auth=1
|
unknown
|
|
|
|
http://www.twitter.com/
|
unknown
|
|
|
|
https://office.live.com/start/Excel.aspx?WT.mc_id=MSN_site;Sway
|
unknown
|
|
|
|
https://cdn.cookielaw.org/vendorlist/googleData.json
|
unknown
|
|
|
|
https://outlook.com/
|
unknown
|
|
|
|
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
|
unknown
|
|
|
|
https://www.stroeer.com/fileadmin/com/StroeerDSP_deviceStorage.json
|
unknown
|
|
|
|
https://cdn.cookielaw.org/vendorlist/iabData.json
|
unknown
|
|
|
|
https://www.msn.com/de-ch/homepage/api/pdp/updatepdpdata"
|
unknown
|
|
|
|
https://cdn.cookielaw.org/vendorlist/iab2Data.json
|
unknown
|
|
|
|
https://onedrive.live.com/?qt=mru;Aktuelle
|
unknown
|
|
|
|
https://www.msn.com/de-ch/?ocid=iehp
|
unknown
|
|
|
|
https://sp.booking.com/index.html?aid=1589774&label=dech-prime-hp-shoppingstripe-nav
|
unknown
|
|
|
|
https://www.ebay.ch/?mkcid=1&mkrid=5222-53480-19255-0&siteid=193&campid=5338626668&t
|
unknown
|
|
|
|
https://www.msn.com/de-ch/homepage/api/modules/fetch"
|
unknown
|
|
|
|
https://mem.gfx.ms/meversion/?partner=msn&market=de-ch"
|
unknown
|
|
|
|
http://www.nytimes.com/
|
unknown
|
|
|
|
https://web.vortex.data.msn.com/collect/v1/t.gif?name=%27Ms.Webi.PageView%27&ver=%272.1%27&a
|
unknown
|
|
|
|
https://www.stroeer.de/konvergenz-konzepte/daten-technologien/stroeer-ssp/datenschutz-ssp.html
|
unknown
|
|
|
|
https://www.bidstack.com/privacy-policy/
|
unknown
|
|
|
|
https://onedrive.live.com/about/en/download/
|
unknown
|
|
|
|
http://popup.taboola.com/german
|
unknown
|
|
|
|
https://www.msn.com/de-ch/news/other/junger-mann-stirbt-nach-sturz-von-einer-mauer-bei-der-eth/ar-AA
|
unknown
|
|
|
|
https://www.ricardo.ch/?utm_source=msn&utm_medium=affiliate&utm_campaign=msn_mestripe_logo_d
|
unknown
|
|
|
|
https://twitter.com/
|
unknown
|
|
|
|
https://clkde.tradedoubler.com/click?p=245744&a=3064090&g=24903118&epi=ch-de
|
unknown
|
|
|
|
https://outlook.live.com/calendar
|
unknown
|
|
|
|
https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:au
|
unknown
|
|
|
|
https://onedrive.live.com/#qt=mru
|
unknown
|
|
|
|
https://api.taboola.com/2.0/json/msn-ch-de-home/recommendations.notify-click?app.type=desktop&ap
|
unknown
|
|
|
|
https://www.msn.com?form=MY01O4&OCID=MY01O4
|
unknown
|
|
|
|
https://support.skype.com
|
unknown
|
|
|
|
https://www.skyscanner.net/flights?associateid=API_B2B_19305_00001&vertical=custom&pageType=
|
unknown
|
|
|
|
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1
|
unknown
|
|
|
|
https://clk.tradedoubler.com/click?p=245744&a=3064090&g=21863656
|
unknown
|
|
|
|
http://www.wikipedia.com/
|
unknown
|
|
|
|
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&http
|
unknown
|
|
|
|
https://www.ricardo.ch/?utm_source=msn&utm_medium=affiliate&utm_campaign=msn_shop_de&utm
|
unknown
|
|
|
|
http://www.live.com/
|
unknown
|
|
|
|
https://login.skype.com/login/oauth/microsoft?client_id=738133
|
unknown
|
|
|
|
https://onedrive.live.com?wt.mc_id=oo_msn_msnhomepage_header
|
unknown
|
|
There are 87 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
contextual.media.net
|
23.57.80.37
|
|
|
|
tls13.taboola.map.fastly.net
|
151.101.1.44
|
|
|
|
hblg.media.net
|
23.57.80.37
|
|
|
|
lg3.media.net
|
23.57.80.37
|
|
|
|
geolocation.onetrust.com
|
104.20.185.68
|
|
|
|
web.vortex.data.msn.com
|
unknown
|
|
|
|
www.msn.com
|
unknown
|
|
|
|
srtb.msn.com
|
unknown
|
|
|
|
img.img-taboola.com
|
unknown
|
|
|
|
cvision.media.net
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
104.20.185.68
|
geolocation.onetrust.com
|
United States
|
|
|
|
151.101.1.44
|
tls13.taboola.map.fastly.net
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\internet explorer\iexplore.exe
|
{077FFF94-C485-11EB-90EB-ECF4BBEA1588}
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
CVListPingLastYMD
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
DecayDateQueue
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LastProcessed
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
DecayDateQueue
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LastProcessed
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
NextUpdateDate
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NumberOfSubdomains
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
Total
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
Total
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
Total
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
Total
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
Total
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
Total
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
Total
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
Total
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
Total
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
Total
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
Total
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
Total
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
Total
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
Total
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
Total
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
Total
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
Total
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
Total
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
Total
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
Total
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
Total
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
Total
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
Total
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NULL
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
Total
|
|
There are 76 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
820000
|
unkown
|
page execute and read and write
|
|
|
|
2E00000
|
unkown
|
page execute and read and write
|
|
|
|
31F0000
|
unkown
|
page execute and read and write
|
|
|
|
3320000
|
unkown
|
page execute and read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
2A42000
|
unkown
|
page readonly
|
|
|
|
2D22000
|
unkown
|
page readonly
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
30A0000
|
heap private
|
page read and write
|
|
|
|
3170000
|
unkown
|
page read and write
|
|
|
|
32D0000
|
unkown
|
page execute and read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
2B58000
|
unkown
|
page readonly
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
2A85000
|
unkown
|
page readonly
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
272C000
|
unkown
|
page readonly
|
|
|
|
F4B000
|
unkown
|
page read and write
|
|
|
|
B1FF4FB000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
2960000
|
unkown
|
page readonly
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
27153E13000
|
unkown
|
page read and write
|
|
|
|
2B90000
|
unkown
|
page readonly
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
6D4EE000
|
unkown image
|
page execute read
|
|
|
|
7FA000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
6D561000
|
unkown image
|
page execute and read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
B70000
|
unkown
|
page readonly
|
|
|
|
330A000
|
heap default
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
2BE0000
|
unkown
|
page readonly
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
7FF5CF1AC000
|
unkown
|
page readonly
|
|
|
|
276F000
|
unkown
|
page readonly
|
|
|
|
2CB6000
|
unkown
|
page readonly
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
27D1000
|
unkown
|
page readonly
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
6D539000
|
unkown image
|
page readonly
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
2C85000
|
unkown
|
page readonly
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
6D4E0000
|
unkown image
|
page readonly
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
6D4E1000
|
unkown image
|
page execute read
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
27153E8A000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
32B0000
|
heap private
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
2A87000
|
unkown
|
page readonly
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
27153D00000
|
heap private
|
page read and write
|
|
|
|
2AA1000
|
unkown
|
page readonly
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
30A0000
|
unkown
|
page readonly
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
27153E29000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
2C93000
|
unkown
|
page readonly
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
270C000
|
unkown
|
page readonly
|
|
|
|
2D8A000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
2763000
|
unkown
|
page readonly
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
490F000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
7FF5CF228000
|
unkown
|
page readonly
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
2A9F000
|
unkown
|
page readonly
|
|
|
|
7FF5CF2A4000
|
unkown
|
page readonly
|
|
|
|
2A3C000
|
unkown
|
page readonly
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
7FF5CF1BA000
|
unkown
|
page readonly
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
2B0B000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
7FF5CF20A000
|
unkown
|
page readonly
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
2AB2000
|
unkown
|
page readonly
|
|
|
|
2E80000
|
heap default
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
301E000
|
unkown
|
page read and write
|
|
|
|
27D5000
|
unkown
|
page readonly
|
|
|
|
2C63000
|
unkown
|
page readonly
|
|
|
|
7FF5CF22E000
|
unkown
|
page readonly
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
3000000
|
unkown
|
page readonly
|
|
|
|
3300000
|
heap default
|
page read and write
|
|
|
|
7FF5CF0A1000
|
unkown
|
page readonly
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
2CBB000
|
unkown
|
page readonly
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
25D0000
|
heap private
|
page read and write
|
|
|
|
7F1000
|
unkown
|
page execute read
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
2C4B000
|
unkown
|
page readonly
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
3498000
|
heap private
|
page read and write
|
|
|
|
6D4E3000
|
unkown image
|
page readonly
|
|
|
|
498F000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
2C42000
|
unkown
|
page readonly
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
2975000
|
unkown
|
page readonly
|
|
|
|
7FF5CF0BB000
|
unkown
|
page readonly
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
6D56C000
|
unkown image
|
page read and write
|
|
|
|
2712000
|
unkown
|
page readonly
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
27153E3C000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
2733000
|
unkown
|
page readonly
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
2490000
|
heap private
|
page read and write
|
|
|
|
7FF5CF236000
|
unkown
|
page readonly
|
|
|
|
B1FF677000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
6D4E6000
|
unkown image
|
page readonly
|
|
|
|
7FF5CEA1D000
|
unkown
|
page readonly
|
|
|
|
2F1E000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
6D4E5000
|
unkown image
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
2C87000
|
unkown
|
page readonly
|
|
|
|
23F0000
|
heap private
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
4C90000
|
heap private
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
7FF5CF1C5000
|
unkown
|
page readonly
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
4A8E000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
2A70000
|
unkown
|
page readonly
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
860000
|
heap default
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
271B000
|
unkown
|
page readonly
|
|
|
|
31E0000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
3790000
|
unkown
|
page readonly
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
2A29000
|
unkown
|
page readonly
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
6D4E6000
|
unkown image
|
page readonly
|
|
|
|
7FF5CF21F000
|
unkown
|
page readonly
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
6D4E0000
|
unkown image
|
page readonly
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
3380000
|
unkown
|
page readonly
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
6D560000
|
unkown image
|
page read and write
|
|
|
|
2B05000
|
unkown
|
page readonly
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
6D4EE000
|
unkown image
|
page execute read
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
329D000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
6D560000
|
unkown image
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
2A93000
|
unkown
|
page readonly
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
26F9000
|
unkown
|
page readonly
|
|
|
|
31D0000
|
heap default
|
page read and write
|
|
|
|
9A0000
|
unkown
|
page readonly
|
|
|
|
2D86000
|
unkown
|
page read and write
|
|
|
|
2BF0000
|
unkown
|
page readonly
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
3430000
|
heap default
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
7FF5CF063000
|
unkown
|
page readonly
|
|
|
|
7FF5CF204000
|
unkown
|
page readonly
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
2B14000
|
unkown
|
page readonly
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
810000
|
unkown
|
page readonly
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
27153F02000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
6D56D000
|
unkown image
|
page readonly
|
|
|
|
2D05000
|
unkown
|
page readonly
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
2D14000
|
unkown
|
page readonly
|
|
|
|
31C0000
|
unkown
|
page execute and read and write
|
|
|
|
B1FEFBB000
|
unkown
|
page read and write
|
|
|
|
B1FF87F000
|
unkown
|
page read and write
|
|
|
|
27153D60000
|
heap default
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
7FF5CF10D000
|
unkown
|
page readonly
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
5180000
|
unkown
|
page readonly
|
|
|
|
2AC6000
|
unkown
|
page readonly
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
2A6B000
|
unkown
|
page readonly
|
|
|
|
2A5C000
|
unkown
|
page readonly
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
2A79000
|
unkown
|
page readonly
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
27E4000
|
unkown
|
page readonly
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
6D4E0000
|
unkown image
|
page readonly
|
|
|
|
F30000
|
unkown
|
page readonly
|
|
|
|
7FC000
|
unkown
|
page readonly
|
|
|
|
4AEF000
|
unkown
|
page read and write
|
|
|
|
303B000
|
unkown
|
page read and write
|
|
|
|
6D561000
|
unkown image
|
page execute and read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
2FF0000
|
heap default
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
2CB2000
|
unkown
|
page readonly
|
|
|
|
4D0E000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
2D01000
|
unkown
|
page readonly
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
75C000
|
unkown
|
page read and write
|
|
|
|
4F10000
|
heap private
|
page read and write
|
|
|
|
27153E55000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
7FF5CF214000
|
unkown
|
page readonly
|
|
|
|
275D000
|
unkown
|
page readonly
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
2645000
|
unkown
|
page readonly
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
AED000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
6D4EE000
|
unkown image
|
page execute read
|
|
|
|
2C70000
|
unkown
|
page readonly
|
|
|
|
7FF5CF1EF000
|
unkown
|
page readonly
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
5280000
|
heap private
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
4D40000
|
heap private
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
27154602000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
4990000
|
unkown
|
page readonly
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
4C5E000
|
unkown
|
page read and write
|
|
|
|
6D539000
|
unkown image
|
page readonly
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
2771000
|
unkown
|
page readonly
|
|
|
|
F0C000
|
unkown
|
page read and write
|
|
|
|
2D33000
|
unkown
|
page readonly
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
2D28000
|
unkown
|
page readonly
|
|
|
|
6D539000
|
unkown image
|
page readonly
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
2AB6000
|
unkown
|
page readonly
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
6D56D000
|
unkown image
|
page readonly
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
2D33000
|
unkown
|
page readonly
|
|
|
|
27153F13000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
AAE000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
2596000
|
unkown
|
page readonly
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
27153F08000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
2FC0000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
2C55000
|
unkown
|
page readonly
|
|
|
|
2755000
|
unkown
|
page readonly
|
|
|
|
2B75000
|
unkown
|
page readonly
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
6D56C000
|
unkown image
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
6D56C000
|
unkown image
|
page read and write
|
|
|
|
2FF0000
|
unkown
|
page readonly
|
|
|
|
276A000
|
unkown
|
page readonly
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
7C0000
|
unkown
|
page read and write
|
|
|
|
27153E7E000
|
unkown
|
page read and write
|
|
|
|
3650000
|
unkown
|
page readonly
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
27F8000
|
unkown
|
page readonly
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
B1FF27D000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
4C1F000
|
unkown
|
page read and write
|
|
|
|
2B70000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
27154000000
|
unkown
|
page readonly
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
271540D0000
|
unkown
|
page readonly
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
2A63000
|
unkown
|
page readonly
|
|
|
|
6D4E0000
|
unkown image
|
page readonly
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
4D70000
|
heap private
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
2E8A000
|
heap default
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
4AA0000
|
heap private
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
7FF5CF011000
|
unkown
|
page readonly
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
2BB0000
|
unkown
|
page execute and read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
3022000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
7D0000
|
unkown
|
page execute and read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
7FF5CF0BE000
|
unkown
|
page readonly
|
|
|
|
2C8F000
|
unkown
|
page readonly
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
6D560000
|
unkown image
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
6D4E1000
|
unkown image
|
page execute read
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
2A4B000
|
unkown
|
page readonly
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
2B60000
|
unkown
|
page readonly
|
|
|
|
6D4E6000
|
unkown image
|
page readonly
|
|
|
|
32E0000
|
unkown
|
page execute and read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
2C79000
|
unkown
|
page readonly
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
2749000
|
unkown
|
page readonly
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
2C9F000
|
unkown
|
page readonly
|
|
|
|
27154B40000
|
unkown
|
page readonly
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
29C8000
|
heap private
|
page read and write
|
|
|
|
7FF5CF124000
|
unkown
|
page readonly
|
|
|
|
2AE0000
|
unkown
|
page readonly
|
|
|
|
2C9A000
|
unkown
|
page readonly
|
|
|
|
2C8D000
|
unkown
|
page readonly
|
|
|
|
2A55000
|
unkown
|
page readonly
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
85D000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
6D4E5000
|
unkown image
|
page read and write
|
|
|
|
27153F00000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
2BC0000
|
unkown
|
page execute and read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
7FF5CF113000
|
unkown
|
page readonly
|
|
|
|
7FF5CF2B1000
|
unkown
|
page readonly
|
|
|
|
273B000
|
unkown
|
page readonly
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
278B000
|
unkown
|
page readonly
|
|
|
|
65C000
|
unkown
|
page read and write
|
|
|
|
259F000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
3370000
|
heap private
|
page read and write
|
|
|
|
7FF5CF23D000
|
unkown
|
page readonly
|
|
|
|
356D000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
6D560000
|
unkown image
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
2725000
|
unkown
|
page readonly
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
6D4E5000
|
unkown image
|
page read and write
|
|
|
|
6D4E1000
|
unkown image
|
page execute read
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
7FF5CF2B2000
|
unkown
|
page readonly
|
|
|
|
27153D80000
|
unkown
|
page readonly
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
343A000
|
heap default
|
page read and write
|
|
|
|
2C6B000
|
unkown
|
page readonly
|
|
|
|
2C3C000
|
unkown
|
page readonly
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
B1FF77F000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
2786000
|
unkown
|
page readonly
|
|
|
|
2A9A000
|
unkown
|
page readonly
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
39E0000
|
unkown
|
page readonly
|
|
|
|
7FF5CF1D7000
|
unkown
|
page readonly
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
3270000
|
heap private
|
page read and write
|
|
|
|
6D56C000
|
unkown image
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
6D4E0000
|
unkown image
|
page readonly
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
2A8D000
|
unkown
|
page readonly
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
2B22000
|
unkown
|
page readonly
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
4CCF000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
990000
|
heap default
|
page read and write
|
|
|
|
2BC0000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
6D4E5000
|
unkown image
|
page read and write
|
|
|
|
275F000
|
unkown
|
page readonly
|
|
|
|
6D4EE000
|
unkown image
|
page execute read
|
|
|
|
34C0000
|
unkown
|
page readonly
|
|
|
|
7FF5CED86000
|
unkown
|
page readonly
|
|
|
|
2ADE000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
27153E00000
|
unkown
|
page read and write
|
|
|
|
7FF5CEF37000
|
unkown
|
page readonly
|
|
|
|
6D4E0000
|
unkown image
|
page readonly
|
|
|
|
2782000
|
unkown
|
page readonly
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
3310000
|
heap default
|
page read and write
|
|
|
|
2CA1000
|
unkown
|
page readonly
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
27153E46000
|
unkown
|
page read and write
|
|
|
|
2630000
|
unkown
|
page readonly
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
2B33000
|
unkown
|
page readonly
|
|
|
|
527F000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
35AF000
|
unkown
|
page read and write
|
|
|
|
2B01000
|
unkown
|
page readonly
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
6D561000
|
unkown image
|
page execute and read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
6D4E0000
|
unkown image
|
page readonly
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
7FF5CF2AA000
|
unkown
|
page readonly
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
2803000
|
unkown
|
page readonly
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
6D561000
|
unkown image
|
page execute and read and write
|
|
|
|
2ABB000
|
unkown
|
page readonly
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
2DFC000
|
unkown
|
page read and write
|
|
|
|
7FF5CF1AA000
|
unkown
|
page readonly
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
5A1000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
27153E6F000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
27154800000
|
unkown
|
page readonly
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
B1FF2FE000
|
unkown
|
page read and write
|
|
|
|
31E0000
|
unkown
|
page execute and read and write
|
|
|
|
2FE0000
|
unkown
|
page readonly
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
6D4E3000
|
unkown image
|
page readonly
|
|
|
|
2803000
|
unkown
|
page readonly
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
7FF5CEF40000
|
unkown
|
page readonly
|
|
|
|
2B33000
|
unkown
|
page readonly
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
6D4E0000
|
unkown image
|
page readonly
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
7F9000
|
unkown
|
page readonly
|
|
|
|
3200000
|
unkown
|
page readonly
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
28C6000
|
unkown
|
page readonly
|
|
|
|
2E8B000
|
unkown
|
page read and write
|
|
|
|
7FF5CF1C0000
|
unkown
|
page readonly
|
|
|
|
2740000
|
unkown
|
page readonly
|
|
|
|
B1FF3F5000
|
unkown
|
page read and write
|
|
|
|
2BA0000
|
unkown
|
page readonly
|
|
|
|
6D56D000
|
unkown image
|
page readonly
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
32C0000
|
unkown
|
page readonly
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
86B000
|
heap default
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
31A0000
|
unkown
|
page readonly
|
|
|
|
2C5C000
|
unkown
|
page readonly
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
7FF5CF12C000
|
unkown
|
page readonly
|
|
|
|
6D4E3000
|
unkown image
|
page readonly
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
6D4E1000
|
unkown image
|
page execute read
|
|
|
|
27153D70000
|
unkown
|
page readonly
|
|
|
|
4C80000
|
heap private
|
page read and write
|
|
|
|
31B0000
|
unkown
|
page readonly
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
7FF5CF1F7000
|
unkown
|
page readonly
|
|
|
|
3640000
|
heap private
|
page read and write
|
|
|
|
7F0000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
3400000
|
unkown
|
page readonly
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
2ACC000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
27153E4F000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
27F2000
|
unkown
|
page readonly
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
2757000
|
unkown
|
page readonly
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
7FF5CF1BE000
|
unkown
|
page readonly
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
3200000
|
unkown
|
page readonly
|
|
|
|
7FF5CED95000
|
unkown
|
page readonly
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
4BDD000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
2949000
|
heap private
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
3190000
|
unkown
|
page readonly
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
27153E8D000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page execute and read and write
|
|
|
|
2B28000
|
unkown
|
page readonly
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
2A8F000
|
unkown
|
page readonly
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
7FF5CED80000
|
unkown
|
page readonly
|
|
|
|
6D4E3000
|
unkown image
|
page readonly
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
B1FF57F000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
5A5000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
2C29000
|
unkown
|
page readonly
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
27153D90000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
7FF5CF1EC000
|
unkown
|
page readonly
|
|
|
|
7FF5CF239000
|
unkown
|
page readonly
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
7FF5CF1CB000
|
unkown
|
page readonly
|
|
|
|
2E8F000
|
unkown
|
page read and write
|
|
|
|
494E000
|
unkown
|
page read and write
|
|
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
6D4E6000
|
unkown image
|
page readonly
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
6D539000
|
unkown image
|
page readonly
|
|
|
|
6D56D000
|
unkown image
|
page readonly
|
|
There are 763 hidden memdumps, click here to show them.