Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
https://protect-au.mimecast.com/s/0cIYC2xZY3ho5XqGtgUIfa?domain=securemailcenter.citigroup.com
|
URL
|
initial url
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E5BD9985-CABB-11EB-90E5-ECF4BB570DC9}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E5BD9987-CABB-11EB-90E5-ECF4BB570DC9}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EFE6561E-CABB-11EB-90E5-ECF4BB570DC9}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\dikxvqf\imagestore.dat
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\all.min-76cb46c10b6c0293433b371bae2414b2[1].css
|
ASCII text, with very long lines
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\brand[1].txt
|
ASCII text, with no line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\brand[2].txt
|
ASCII text, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\citilogo_branding_60x35[1].png
|
PNG image data, 60 x 35, 8-bit/color RGBA, non-interlaced
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\container-ebcbb67d3e3830e928959eb68045e5c6[1].css
|
ASCII text, with very long lines
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\favicon[1].xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\jquery-ui.min-0b5729a931d113be34b6fac13bcf5b29[1].css
|
ASCII text, with very long lines
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\jquery-ui.structure.min-5581d20aa5062ed5c0b6048f68e76055[1].css
|
ASCII text, with very long lines
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\bg[1].png
|
PNG image data, 1 x 1207, 8-bit/color RGB, non-interlaced
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\brand[1].css
|
ASCII text
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\brand[1].txt
|
HTML document, ASCII text, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\emx-617aee75668310c75d23aee0c3b39470[1].css
|
ASCII text, with very long lines
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\fa-solid-900-a0369ea57eb6d3843d6474c035111f29[1].eot
|
Embedded OpenType (EOT), Font Awesome 5 Free Solid family
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\favicon[1].ico
|
MS Windows icon resource - 5 icons, 16x16, 8 bits/pixel, 32x32, 8 bits/pixel
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\favicon[1].xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\jquery-ui.theme.min-c12cac44216cf877fd0c6903f3794407[1].css
|
ASCII text, with very long lines
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\login[1].htm
|
HTML document, ASCII text, with very long lines
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\style_blue-62aab9b147a532d65ecd3031f51671a2[1].css
|
ASCII text, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\brand[1].css
|
ASCII text, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\brand[1].js
|
ASCII text, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\button-f601f344cd1fe72eb18eb9d46d2eaeae[1].css
|
ASCII text, with very long lines
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\emx.min-2cf685886a94f456479db5fbbe946265[1].js
|
ASCII text, with very long lines
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\jquery-ui.min-c15b1008dec3c8967ea657a7bb4baaec[1].js
|
ASCII text, with very long lines
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\jquery.min-dc5e7f18c8d36ac1d3d4753a87c98d0a[1].js
|
ASCII text, with very long lines
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\web_logo-6e1cb94279f139aac29029f22288696d[1].gif
|
GIF image data, version 89a, 225 x 88
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\autocomplete-86435ad2c45f02f39e1514f9ade336ae[1].css
|
ASCII text, with very long lines
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\brand[1].gif
|
GIF image data, version 89a, 150 x 68
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\brand[1].htm
|
HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\brand[2].gif
|
GIF image data, version 89a, 15 x 16
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\brand[2].htm
|
HTML document, ASCII text, with very long lines, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\custom-0c2e751c8b7e800ef063b8af7d7ab037[1].css
|
ASCII text
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\enterprise-4ef20b6c3169ffa786832a9c1310290a[1].css
|
ASCII text, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\fa-regular-400-261d666b0147c6c5cda07265f98b8f8c[1].eot
|
Embedded OpenType (EOT), Font Awesome 5 Free Regular family
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF9D7E413ECA02EC73.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DFA46A22FA4A4C0DF7.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DFFD565B6E1FBCC1BC.TMP
|
data
|
dropped
|
|
There are 31 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\internet explorer\iexplore.exe
|
'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5972 CREDAT:17410 /prefetch:2
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://fontawesome.com
|
unknown
|
|
|
|
http://developer.yahoo.net/yui/license.txt
|
unknown
|
|
|
|
https://securemailcenter.citigroup.com/branding/citi/en_US/images/favicon.ico~
|
unknown
|
|
|
|
https://securemailcenter.citigroup.com/login.hRoot
|
unknown
|
|
|
|
http://jqueryui.com
|
unknown
|
|
|
|
http://yui.yahooapis.com/2.7.0/build/button/assets/skins/sam/split-button-arrow-disabled.png);
|
unknown
|
|
|
|
http://yui.yahooapis.com/2.7.0/build/button/assets/skins/sam/split-button-arrow-hover.png);
|
unknown
|
|
|
|
http://yui.yahooapis.com/2.7.0/build/button/assets/skins/sam/split-button-arrow.png);
|
unknown
|
|
|
|
http://yui.yahooapis.com/2.7.0/build/button/assets/skins/sam/menu-button-arrow-disabled.png);
|
unknown
|
|
|
|
http://yui.yahooapis.com/2.7.0/build/button/assets/skins/sam/split-button-arrow-active.png);
|
unknown
|
|
|
|
https://fontawesome.comhttps://fontawesome.comFont
|
unknown
|
|
|
|
https://pr.ssm.echowor
|
unknown
|
|
|
|
https://pr.ssm.echoworx.net/brand?act=download&enRoot
|
unknown
|
|
|
|
https://fontawesome.com/license/free
|
unknown
|
|
|
|
http://yui.yahooapis.com/2.7.0/build/assets/skins/sam/sprite.png)
|
unknown
|
|
|
|
http://yui.yahooapis.com/2.7.0/build/button/assets/skins/sam/menu-button-arrow.png);
|
unknown
|
|
|
|
http://yui.yahooapis.com/2.7.0/build/button/assets/skins/sam/split-button-arrow-focus.png);
|
unknown
|
|
|
|
https://securemailcenter.citigroup.com/branding/citi/en_US/images/favicon.ico
|
unknown
|
|
There are 8 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
alb-echoworx-v00-907380543.us-east-2.elb.amazonaws.com
|
3.17.15.199
|
|
|
|
securemailcenter.citigroup.com
|
192.193.154.4
|
|
|
|
protect-au.mimecast.com
|
124.47.150.19
|
|
|
|
pr.ssm.echoworx.net
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
124.47.150.19
|
protect-au.mimecast.com
|
Australia
|
|
|
|
192.193.154.4
|
securemailcenter.citigroup.com
|
United States
|
|
|
|
3.17.15.199
|
alb-echoworx-v00-907380543.us-east-2.elb.amazonaws.com
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\internet explorer\iexplore.exe
|
{E5BD9985-CABB-11EB-90E5-ECF4BB570DC9}
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
DecayDateQueue
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LastProcessed
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
DecayDateQueue
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LastProcessed
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
CVListPingLastYMD
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
@C:\Windows\System32\ieframe.dll,-912
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
@C:\Windows\System32\ieframe.dll,-904
|
|
There are 16 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7FF59E415000
|
unkown
|
page readonly
|
|
|
|
D9D88FC000
|
unkown
|
page read and write
|
|
|
|
21D179B0000
|
unkown
|
page read and write
|
|
|
|
7FF59E3E5000
|
unkown
|
page readonly
|
|
|
|
7FF548EED000
|
unkown
|
page readonly
|
|
|
|
7FF50BE1B000
|
unkown
|
page readonly
|
|
|
|
D8C4E7E000
|
unkown
|
page read and write
|
|
|
|
7FF59E242000
|
unkown
|
page readonly
|
|
|
|
D8C527F000
|
unkown
|
page read and write
|
|
|
|
C6AAF8E000
|
unkown
|
page read and write
|
|
|
|
7FF50BDFE000
|
unkown
|
page readonly
|
|
|
|
7FF54914D000
|
unkown
|
page readonly
|
|
|
|
2B4D0A02000
|
unkown
|
page read and write
|
|
|
|
21D136F3000
|
unkown
|
page read and write
|
|
|
|
206A0390000
|
unkown
|
page readonly
|
|
|
|
1DBA5400000
|
unkown
|
page readonly
|
|
|
|
2B4D0FC0000
|
unkown
|
page read and write
|
|
|
|
7FF50BB7D000
|
unkown
|
page readonly
|
|
|
|
C6ABAFE000
|
unkown
|
page read and write
|
|
|
|
7FF59E39C000
|
unkown
|
page readonly
|
|
|
|
7FF5A205B000
|
unkown
|
page readonly
|
|
|
|
1DBA5860000
|
unkown
|
page write copy
|
|
|
|
2B4D07D0000
|
heap private
|
page read and write
|
|
|
|
1DBA5B32000
|
unkown
|
page read and write
|
|
|
|
7FF5A2054000
|
unkown
|
page readonly
|
|
|
|
7FF5C1F0D000
|
unkown
|
page readonly
|
|
|
|
7FF548EE2000
|
unkown
|
page readonly
|
|
|
|
21D12502000
|
unkown
|
page read and write
|
|
|
|
7FF559964000
|
unkown
|
page readonly
|
|
|
|
7FF59D326000
|
unkown
|
page readonly
|
|
|
|
7FF59CE0F000
|
unkown
|
page readonly
|
|
|
|
7FF59D220000
|
unkown
|
page readonly
|
|
|
|
E14F47D000
|
unkown
|
page read and write
|
|
|
|
21D17A24000
|
unkown
|
page read and write
|
|
|
|
E14F5FE000
|
unkown
|
page read and write
|
|
|
|
C6AB9FF000
|
unkown
|
page read and write
|
|
|
|
7FF548ADE000
|
unkown
|
page readonly
|
|
|
|
21D129B0000
|
unkown
|
page read and write
|
|
|
|
7FF4ECDD0000
|
unkown
|
page readonly
|
|
|
|
21D13380000
|
unkown
|
page readonly
|
|
|
|
7FF50B995000
|
unkown
|
page readonly
|
|
|
|
1E7EB4E0000
|
heap private
|
page read and write
|
|
|
|
7FF54907D000
|
unkown
|
page readonly
|
|
|
|
7FF59D051000
|
unkown
|
page readonly
|
|
|
|
1DBA526F000
|
unkown
|
page read and write
|
|
|
|
E14F07E000
|
unkown
|
page read and write
|
|
|
|
2B4D0C00000
|
unkown
|
page readonly
|
|
|
|
7FF50BE2F000
|
unkown
|
page readonly
|
|
|
|
C6AAE8C000
|
unkown
|
page read and write
|
|
|
|
E14EBBB000
|
unkown
|
page read and write
|
|
|
|
7FF59D28D000
|
unkown
|
page readonly
|
|
|
|
D8C4AFB000
|
unkown
|
page read and write
|
|
|
|
7FF59CFEA000
|
unkown
|
page readonly
|
|
|
|
2B4D0A40000
|
unkown
|
page read and write
|
|
|
|
229D0E40000
|
unkown
|
page read and write
|
|
|
|
7FF5C2326000
|
unkown
|
page readonly
|
|
|
|
7FF5C228D000
|
unkown
|
page readonly
|
|
|
|
7FF4EC9ED000
|
unkown
|
page readonly
|
|
|
|
229D0E58000
|
unkown
|
page read and write
|
|
|
|
7FF50BDEF000
|
unkown
|
page readonly
|
|
|
|
21D13390000
|
unkown
|
page readonly
|
|
|
|
D8C478E000
|
unkown
|
page read and write
|
|
|
|
21D13170000
|
unkown
|
page read and write
|
|
|
|
7FF549024000
|
unkown
|
page readonly
|
|
|
|
1DE4303A000
|
unkown
|
page read and write
|
|
|
|
206A045A000
|
unkown
|
page read and write
|
|
|
|
D8C4F7E000
|
unkown
|
page read and write
|
|
|
|
7FF59D230000
|
unkown
|
page readonly
|
|
|
|
7FF549085000
|
unkown
|
page readonly
|
|
|
|
7FF5C20FD000
|
unkown
|
page readonly
|
|
|
|
21D178E4000
|
unkown
|
page read and write
|
|
|
|
21D179A0000
|
unkown
|
page read and write
|
|
|
|
C6ABE7F000
|
unkown
|
page read and write
|
|
|
|
1E7E9A5C000
|
heap default
|
page read and write
|
|
|
|
C0BF53C000
|
unkown
|
page read and write
|
|
|
|
7FF59E3DD000
|
unkown
|
page readonly
|
|
|
|
21D12429000
|
unkown
|
page read and write
|
|
|
|
1DBA5313000
|
unkown
|
page read and write
|
|
|
|
7FF5C2299000
|
unkown
|
page readonly
|
|
|
|
7FF59E4AF000
|
unkown
|
page readonly
|
|
|
|
7FF59E32E000
|
unkown
|
page readonly
|
|
|
|
7FF5A1D26000
|
unkown
|
page readonly
|
|
|
|
206A0600000
|
unkown
|
page readonly
|
|
|
|
7FF5A19F3000
|
unkown
|
page readonly
|
|
|
|
1E7E9A20000
|
heap default
|
page read and write
|
|
|
|
7FF50BBA7000
|
unkown
|
page readonly
|
|
|
|
A975A7F000
|
unkown
|
page read and write
|
|
|
|
7FF5A1F9D000
|
unkown
|
page readonly
|
|
|
|
7FF5C234E000
|
unkown
|
page readonly
|
|
|
|
21D12A00000
|
unkown
|
page read and write
|
|
|
|
D8C517E000
|
unkown
|
page read and write
|
|
|
|
7FF4ECC9F000
|
unkown
|
page readonly
|
|
|
|
D8C547E000
|
unkown
|
page read and write
|
|
|
|
7FF5C226C000
|
unkown
|
page readonly
|
|
|
|
21D12600000
|
unkown
|
page readonly
|
|
|
|
7FF50BE2F000
|
unkown
|
page readonly
|
|
|
|
7FF59D267000
|
unkown
|
page readonly
|
|
|
|
7FF59D118000
|
unkown
|
page readonly
|
|
|
|
7FF59D35D000
|
unkown
|
page readonly
|
|
|
|
7FF59D002000
|
unkown
|
page readonly
|
|
|
|
7FF59CF31000
|
unkown
|
page readonly
|
|
|
|
7FF50BB75000
|
unkown
|
page readonly
|
|
|
|
21D12990000
|
unkown
|
page readonly
|
|
|
|
7FF4ECD39000
|
unkown
|
page readonly
|
|
|
|
1E7E98B0000
|
unkown
|
page readonly
|
|
|
|
2B4D0840000
|
unkown
|
page readonly
|
|
|
|
1DE4303D000
|
unkown
|
page read and write
|
|
|
|
229D1200000
|
unkown
|
page readonly
|
|
|
|
7FF59D217000
|
unkown
|
page readonly
|
|
|
|
206A03A0000
|
unkown
|
page readonly
|
|
|
|
2B4D0F90000
|
unkown
|
page read and write
|
|
|
|
206A0A60000
|
unkown
|
page readonly
|
|
|
|
21D17C60000
|
unkown
|
page readonly
|
|
|
|
7FF5C235F000
|
unkown
|
page readonly
|
|
|
|
2DC07FB000
|
unkown
|
page read and write
|
|
|
|
7FF55997F000
|
unkown
|
page readonly
|
|
|
|
C6AB4FB000
|
unkown
|
page read and write
|
|
|
|
7FF50BD37000
|
unkown
|
page readonly
|
|
|
|
1E4A0000000
|
unkown
|
page read and write
|
|
|
|
2DC01CE000
|
unkown
|
page read and write
|
|
|
|
7FF54909A000
|
unkown
|
page readonly
|
|
|
|
1DBA5C00000
|
unkown
|
page readonly
|
|
|
|
7FF59E49B000
|
unkown
|
page readonly
|
|
|
|
C0BF5BE000
|
unkown
|
page read and write
|
|
|
|
7FF59E480000
|
unkown
|
page readonly
|
|
|
|
7FF4ECD63000
|
unkown
|
page readonly
|
|
|
|
7FF50BCCD000
|
unkown
|
page readonly
|
|
|
|
7FF59D238000
|
unkown
|
page readonly
|
|
|
|
7FF59DE3E000
|
unkown
|
page readonly
|
|
|
|
7FF5A2040000
|
unkown
|
page readonly
|
|
|
|
21D178A8000
|
unkown
|
page read and write
|
|
|
|
1E7E9A00000
|
unkown
|
page read and write
|
|
|
|
7FF50BE2D000
|
unkown
|
page readonly
|
|
|
|
229D0E79000
|
unkown
|
page read and write
|
|
|
|
21D17C40000
|
unkown
|
page readonly
|
|
|
|
21D13700000
|
unkown
|
page read and write
|
|
|
|
1E7E9CD5000
|
heap private
|
page read and write
|
|
|
|
7FF59D0F4000
|
unkown
|
page readonly
|
|
|
|
21D179F0000
|
unkown
|
page read and write
|
|
|
|
1DBA5200000
|
unkown
|
page read and write
|
|
|
|
7FF59E494000
|
unkown
|
page readonly
|
|
|
|
1E7E9EE0000
|
unkown
|
page readonly
|
|
|
|
21D12400000
|
unkown
|
page read and write
|
|
|
|
A975AFF000
|
unkown
|
page read and write
|
|
|
|
7FF549116000
|
unkown
|
page readonly
|
|
|
|
21D17A64000
|
unkown
|
page read and write
|
|
|
|
7FF59CE91000
|
unkown
|
page readonly
|
|
|
|
229D0E28000
|
unkown
|
page read and write
|
|
|
|
7FF50BDF6000
|
unkown
|
page readonly
|
|
|
|
7FF4EC9F6000
|
unkown
|
page readonly
|
|
|
|
1E7EB6DF000
|
heap private
|
page read and write
|
|
|
|
7FF549093000
|
unkown
|
page readonly
|
|
|
|
C6AB5FF000
|
unkown
|
page read and write
|
|
|
|
21D12458000
|
unkown
|
page read and write
|
|
|
|
D9D8BFF000
|
unkown
|
page read and write
|
|
|
|
229D0E02000
|
unkown
|
page read and write
|
|
|
|
7FF59D01F000
|
unkown
|
page readonly
|
|
|
|
21D13360000
|
unkown
|
page readonly
|
|
|
|
21D17D20000
|
unkown
|
page readonly
|
|
|
|
7FF4ECDEB000
|
unkown
|
page readonly
|
|
|
|
21D12513000
|
unkown
|
page read and write
|
|
|
|
C0BFAFE000
|
unkown
|
page read and write
|
|
|
|
C6ABA7F000
|
unkown
|
page read and write
|
|
|
|
1DE43200000
|
unkown
|
page readonly
|
|
|
|
2DC014E000
|
unkown
|
page read and write
|
|
|
|
206A0471000
|
unkown
|
page read and write
|
|
|
|
21D1243F000
|
unkown
|
page read and write
|
|
|
|
229D1000000
|
unkown
|
page readonly
|
|
|
|
7FF59CED4000
|
unkown
|
page readonly
|
|
|
|
7FF5C2013000
|
unkown
|
page readonly
|
|
|
|
D9D89FF000
|
unkown
|
page read and write
|
|
|
|
7FF50BBFE000
|
unkown
|
page readonly
|
|
|
|
E14EE7E000
|
unkown
|
page read and write
|
|
|
|
1DBA52B9000
|
unkown
|
page read and write
|
|
|
|
1DE4302A000
|
unkown
|
page read and write
|
|
|
|
C6AB8FF000
|
unkown
|
page read and write
|
|
|
|
7FF59D33D000
|
unkown
|
page readonly
|
|
|
|
1DBA5790000
|
unkown
|
page readonly
|
|
|
|
1DE43013000
|
unkown
|
page read and write
|
|
|
|
1E49FFE0000
|
unkown
|
page read and write
|
|
|
|
1DE42F00000
|
heap private
|
page read and write
|
|
|
|
7FF5A206F000
|
unkown
|
page readonly
|
|
|
|
2B4D0A5C000
|
unkown
|
page read and write
|
|
|
|
1DBA5302000
|
unkown
|
page read and write
|
|
|
|
2B4D0FC0000
|
unkown
|
page read and write
|
|
|
|
21D178D0000
|
unkown
|
page read and write
|
|
|
|
7FF59D12C000
|
unkown
|
page readonly
|
|
|
|
1DE43000000
|
unkown
|
page read and write
|
|
|
|
7FF5C2344000
|
unkown
|
page readonly
|
|
|
|
C6AB3FA000
|
unkown
|
page read and write
|
|
|
|
B75B7FF000
|
unkown
|
page read and write
|
|
|
|
7FF5C1CE8000
|
unkown
|
page readonly
|
|
|
|
D8C4D7E000
|
unkown
|
page read and write
|
|
|
|
7FF5C2257000
|
unkown
|
page readonly
|
|
|
|
7FF59E4AB000
|
unkown
|
page readonly
|
|
|
|
7FF5A206D000
|
unkown
|
page readonly
|
|
|
|
21D129A0000
|
unkown
|
page read and write
|
|
|
|
7FF59D35F000
|
unkown
|
page readonly
|
|
|
|
C6ABC7D000
|
unkown
|
page read and write
|
|
|
|
21D12456000
|
unkown
|
page read and write
|
|
|
|
1E7E99E0000
|
unkown
|
page read and write
|
|
|
|
7FF55996B000
|
unkown
|
page readonly
|
|
|
|
7FF59D32E000
|
unkown
|
page readonly
|
|
|
|
229D0F13000
|
unkown
|
page read and write
|
|
|
|
7FF59D34E000
|
unkown
|
page readonly
|
|
|
|
E14EEFE000
|
unkown
|
page read and write
|
|
|
|
D9D8AFD000
|
unkown
|
page read and write
|
|
|
|
7FF4ECD35000
|
unkown
|
page readonly
|
|
|
|
7FF59D113000
|
unkown
|
page readonly
|
|
|
|
21D12330000
|
unkown
|
page readonly
|
|
|
|
7FF4ECDC6000
|
unkown
|
page readonly
|
|
|
|
7FF548F66000
|
unkown
|
page readonly
|
|
|
|
229D0CC0000
|
heap private
|
page read and write
|
|
|
|
7FF549045000
|
unkown
|
page readonly
|
|
|
|
7FF4ECD43000
|
unkown
|
page readonly
|
|
|
|
7FF59D197000
|
unkown
|
page readonly
|
|
|
|
21D17750000
|
unkown
|
page readonly
|
|
|
|
7FF59D2A3000
|
unkown
|
page readonly
|
|
|
|
7FF50BD5D000
|
unkown
|
page readonly
|
|
|
|
A9759FE000
|
unkown
|
page read and write
|
|
|
|
2B4D09F0000
|
unkown
|
page readonly
|
|
|
|
7FF5A1F40000
|
unkown
|
page readonly
|
|
|
|
7FF50BD3C000
|
unkown
|
page readonly
|
|
|
|
7FF5A2028000
|
unkown
|
page readonly
|
|
|
|
7FF4ECC67000
|
unkown
|
page readonly
|
|
|
|
7FF54914B000
|
unkown
|
page readonly
|
|
|
|
1DE42F70000
|
unkown
|
page readonly
|
|
|
|
206A03B0000
|
unkown
|
page read and write
|
|
|
|
7FF50BD69000
|
unkown
|
page readonly
|
|
|
|
21D17C50000
|
unkown
|
page readonly
|
|
|
|
206A0320000
|
heap private
|
page read and write
|
|
|
|
21D12250000
|
unkown
|
page readonly
|
|
|
|
7FF5A205E000
|
unkown
|
page readonly
|
|
|
|
7FF59D04C000
|
unkown
|
page readonly
|
|
|
|
7FF5C2278000
|
unkown
|
page readonly
|
|
|
|
1DE42F80000
|
unkown
|
page readonly
|
|
|
|
7FF59D35F000
|
unkown
|
page readonly
|
|
|
|
21D178A0000
|
unkown
|
page read and write
|
|
|
|
21D17974000
|
unkown
|
page readonly
|
|
|
|
206A0466000
|
unkown
|
page read and write
|
|
|
|
1E7E9910000
|
unkown
|
page readonly
|
|
|
|
206A0469000
|
unkown
|
page read and write
|
|
|
|
21D13250000
|
unkown
|
page read and write
|
|
|
|
7FF548E28000
|
unkown
|
page readonly
|
|
|
|
21D17790000
|
unkown
|
page read and write
|
|
|
|
206A03D0000
|
unkown
|
page readonly
|
|
|
|
21D178C0000
|
unkown
|
page read and write
|
|
|
|
21D12477000
|
unkown
|
page read and write
|
|
|
|
7FF54911B000
|
unkown
|
page readonly
|
|
|
|
D8C470D000
|
unkown
|
page read and write
|
|
|
|
21D179C0000
|
unkown
|
page read and write
|
|
|
|
D9D85FE000
|
unkown
|
page read and write
|
|
|
|
7FF5C1CE6000
|
unkown
|
page readonly
|
|
|
|
7FF59E384000
|
unkown
|
page readonly
|
|
|
|
1DBA5B00000
|
unkown
|
page read and write
|
|
|
|
7FF4ECDFB000
|
unkown
|
page readonly
|
|
|
|
7FF59E392000
|
unkown
|
page readonly
|
|
|
|
1E4A0380000
|
unkown
|
page readonly
|
|
|
|
7FF55993F000
|
unkown
|
page readonly
|
|
|
|
2DC00CB000
|
unkown
|
page read and write
|
|
|
|
7FF559950000
|
unkown
|
page readonly
|
|
|
|
E14F37F000
|
unkown
|
page read and write
|
|
|
|
D8C4C7D000
|
unkown
|
page read and write
|
|
|
|
21D17AAF000
|
unkown
|
page read and write
|
|
|
|
21D17A00000
|
unkown
|
page read and write
|
|
|
|
7FF4ECD6D000
|
unkown
|
page readonly
|
|
|
|
1DBA5090000
|
heap default
|
page read and write
|
|
|
|
7FF5A1FA9000
|
unkown
|
page readonly
|
|
|
|
21D136D1000
|
unkown
|
page read and write
|
|
|
|
229D0F02000
|
unkown
|
page read and write
|
|
|
|
7FF50BE14000
|
unkown
|
page readonly
|
|
|
|
7FF54905C000
|
unkown
|
page readonly
|
|
|
|
1E7EB320000
|
unkown
|
page readonly
|
|
|
|
1E7E9A48000
|
heap default
|
page read and write
|
|
|
|
C6AB6FA000
|
unkown
|
page read and write
|
|
|
|
206A0400000
|
unkown
|
page read and write
|
|
|
|
D8C537F000
|
unkown
|
page read and write
|
|
|
|
21D12B13000
|
unkown
|
page read and write
|
|
|
|
1DBA523E000
|
unkown
|
page read and write
|
|
|
|
D8C557E000
|
unkown
|
page read and write
|
|
|
|
C0BF8FD000
|
unkown
|
page read and write
|
|
|
|
7FF4ECDDD000
|
unkown
|
page readonly
|
|
|
|
206A0424000
|
unkown
|
page read and write
|
|
|
|
229D1800000
|
unkown
|
page readonly
|
|
|
|
7FF59E276000
|
unkown
|
page readonly
|
|
|
|
7FF59D081000
|
unkown
|
page readonly
|
|
|
|
7FF4ECDE4000
|
unkown
|
page readonly
|
|
|
|
7FF59E3F3000
|
unkown
|
page readonly
|
|
|
|
7FF59D35B000
|
unkown
|
page readonly
|
|
|
|
206A0413000
|
unkown
|
page read and write
|
|
|
|
A97587F000
|
unkown
|
page read and write
|
|
|
|
7FF549047000
|
unkown
|
page readonly
|
|
|
|
7FF59E3B8000
|
unkown
|
page readonly
|
|
|
|
7FF5A1F77000
|
unkown
|
page readonly
|
|
|
|
7FF50BD7A000
|
unkown
|
page readonly
|
|
|
|
21D17CE0000
|
unkown
|
page readonly
|
|
|
|
7FF59D253000
|
unkown
|
page readonly
|
|
|
|
7FF59CEE0000
|
unkown
|
page readonly
|
|
|
|
21D12B59000
|
unkown
|
page read and write
|
|
|
|
7FF50BCDD000
|
unkown
|
page readonly
|
|
|
|
21D1248D000
|
unkown
|
page read and write
|
|
|
|
E14F57F000
|
unkown
|
page read and write
|
|
|
|
7FF50BD1C000
|
unkown
|
page readonly
|
|
|
|
7FF59E468000
|
unkown
|
page readonly
|
|
|
|
21D179A0000
|
unkown
|
page read and write
|
|
|
|
7FF59CB30000
|
unkown
|
page readonly
|
|
|
|
229D13A0000
|
unkown
|
page readonly
|
|
|
|
7FF4ECCF7000
|
unkown
|
page readonly
|
|
|
|
7FF55997F000
|
unkown
|
page readonly
|
|
|
|
7FF59E47B000
|
unkown
|
page readonly
|
|
|
|
7FF50BDFB000
|
unkown
|
page readonly
|
|
|
|
7FF59D0B0000
|
unkown
|
page readonly
|
|
|
|
7FF5C235F000
|
unkown
|
page readonly
|
|
|
|
7FF59D1AF000
|
unkown
|
page readonly
|
|
|
|
206A0380000
|
heap default
|
page read and write
|
|
|
|
1E7E9CB0000
|
unkown
|
page readonly
|
|
|
|
7FF5A1F53000
|
unkown
|
page readonly
|
|
|
|
7FF59E3A3000
|
unkown
|
page readonly
|
|
|
|
B75B6FF000
|
unkown
|
page read and write
|
|
|
|
21D136F0000
|
unkown
|
page read and write
|
|
|
|
21D17AB1000
|
unkown
|
page read and write
|
|
|
|
C6AB87E000
|
unkown
|
page read and write
|
|
|
|
1E4A0020000
|
unkown
|
page readonly
|
|
|
|
7FF50BD95000
|
unkown
|
page readonly
|
|
|
|
7FF5A1F7D000
|
unkown
|
page readonly
|
|
|
|
21D177A0000
|
unkown
|
page read and write
|
|
|
|
206A0513000
|
unkown
|
page read and write
|
|
|
|
C6ABB7F000
|
unkown
|
page read and write
|
|
|
|
1DE43660000
|
unkown
|
page readonly
|
|
|
|
7FF5A1FD5000
|
unkown
|
page readonly
|
|
|
|
21D12240000
|
heap default
|
page read and write
|
|
|
|
7FF59CD00000
|
unkown
|
page readonly
|
|
|
|
7FF559946000
|
unkown
|
page readonly
|
|
|
|
21D12320000
|
unkown
|
page readonly
|
|
|
|
7FF59D0FD000
|
unkown
|
page readonly
|
|
|
|
7FF59D318000
|
unkown
|
page readonly
|
|
|
|
229D0F00000
|
unkown
|
page read and write
|
|
|
|
21D17987000
|
unkown
|
page write copy
|
|
|
|
7FF59D2AA000
|
unkown
|
page readonly
|
|
|
|
7FF54913E000
|
unkown
|
page readonly
|
|
|
|
1E49FF80000
|
unkown
|
page readonly
|
|
|
|
7FF59D295000
|
unkown
|
page readonly
|
|
|
|
7FF50BD73000
|
unkown
|
page readonly
|
|
|
|
21D17D00000
|
unkown
|
page readonly
|
|
|
|
7FF59D31F000
|
unkown
|
page readonly
|
|
|
|
7FF50BD65000
|
unkown
|
page readonly
|
|
|
|
2B4D1200000
|
unkown
|
page read and write
|
|
|
|
7FF59E48D000
|
unkown
|
page readonly
|
|
|
|
2B4D0A00000
|
unkown
|
page read and write
|
|
|
|
21D17A52000
|
unkown
|
page read and write
|
|
|
|
D8C567E000
|
unkown
|
page read and write
|
|
|
|
D9D84FE000
|
unkown
|
page read and write
|
|
|
|
21D17A45000
|
unkown
|
page read and write
|
|
|
|
D9D7EEB000
|
unkown
|
page read and write
|
|
|
|
2DC08FF000
|
unkown
|
page read and write
|
|
|
|
7FF5A1FBA000
|
unkown
|
page readonly
|
|
|
|
7FF548BFF000
|
unkown
|
page readonly
|
|
|
|
21D17984000
|
unkown
|
page write copy
|
|
|
|
7FF59D257000
|
unkown
|
page readonly
|
|
|
|
7FF549108000
|
unkown
|
page readonly
|
|
|
|
7FF50B961000
|
unkown
|
page readonly
|
|
|
|
7FF549089000
|
unkown
|
page readonly
|
|
|
|
7FF59CEDA000
|
unkown
|
page readonly
|
|
|
|
7FF50BCE0000
|
unkown
|
page readonly
|
|
|
|
2DC06FE000
|
unkown
|
page read and write
|
|
|
|
7FF55995D000
|
unkown
|
page readonly
|
|
|
|
7FF4ECD2D000
|
unkown
|
page readonly
|
|
|
|
21D12A15000
|
unkown
|
page read and write
|
|
|
|
7FF59D04A000
|
unkown
|
page readonly
|
|
|
|
2B4D0830000
|
heap default
|
page read and write
|
|
|
|
7FF5C2330000
|
unkown
|
page readonly
|
|
|
|
1E7E9CD0000
|
heap private
|
page read and write
|
|
|
|
1DBA5229000
|
unkown
|
page read and write
|
|
|
|
7FF59CFDD000
|
unkown
|
page readonly
|
|
|
|
1DE43030000
|
unkown
|
page read and write
|
|
|
|
7FF54903C000
|
unkown
|
page readonly
|
|
|
|
E14F1FE000
|
unkown
|
page read and write
|
|
|
|
7FF4ECDFF000
|
unkown
|
page readonly
|
|
|
|
7FF59E13A000
|
unkown
|
page readonly
|
|
|
|
C6ABD7D000
|
unkown
|
page read and write
|
|
|
|
7FF59D2C5000
|
unkown
|
page readonly
|
|
|
|
7FF50BD12000
|
unkown
|
page readonly
|
|
|
|
2DC05FB000
|
unkown
|
page read and write
|
|
|
|
21D178E0000
|
unkown
|
page read and write
|
|
|
|
206A0470000
|
unkown
|
page read and write
|
|
|
|
1E7EB340000
|
unkown
|
page readonly
|
|
|
|
1DE43057000
|
unkown
|
page read and write
|
|
|
|
7FF59E1B7000
|
unkown
|
page readonly
|
|
|
|
1DBA5180000
|
unkown
|
page readonly
|
|
|
|
7FF5A1D68000
|
unkown
|
page readonly
|
|
|
|
7FF54914F000
|
unkown
|
page readonly
|
|
|
|
7FF54912D000
|
unkown
|
page readonly
|
|
|
|
7FF55996E000
|
unkown
|
page readonly
|
|
|
|
7FF50BE1E000
|
unkown
|
page readonly
|
|
|
|
7FF54913B000
|
unkown
|
page readonly
|
|
|
|
7FF59E24D000
|
unkown
|
page readonly
|
|
|
|
D9D87FB000
|
unkown
|
page read and write
|
|
|
|
7FF4ECDBF000
|
unkown
|
page readonly
|
|
|
|
1DBA58B0000
|
unkown
|
page readonly
|
|
|
|
206A0502000
|
unkown
|
page read and write
|
|
|
|
21D179E0000
|
unkown
|
page read and write
|
|
|
|
7FF55988E000
|
unkown
|
page readonly
|
|
|
|
7FF59D05D000
|
unkown
|
page readonly
|
|
|
|
7FF5A1F30000
|
unkown
|
page readonly
|
|
|
|
7FF59CEC5000
|
unkown
|
page readonly
|
|
|
|
B75B1BC000
|
unkown
|
page read and write
|
|
|
|
1E7EB360000
|
heap private
|
page read and write
|
|
|
|
7FF548F5D000
|
unkown
|
page readonly
|
|
|
|
21D13350000
|
unkown
|
page readonly
|
|
|
|
7FF59E26C000
|
unkown
|
page readonly
|
|
|
|
7FF4EC9DB000
|
unkown
|
page readonly
|
|
|
|
229D0D20000
|
heap default
|
page read and write
|
|
|
|
21D12B18000
|
unkown
|
page read and write
|
|
|
|
E14F2FD000
|
unkown
|
page read and write
|
|
|
|
7FF59D242000
|
unkown
|
page readonly
|
|
|
|
7FF5A204D000
|
unkown
|
page readonly
|
|
|
|
21D17710000
|
unkown
|
page read and write
|
|
|
|
7FF4ECD18000
|
unkown
|
page readonly
|
|
|
|
21D17AB3000
|
unkown
|
page read and write
|
|
|
|
1DE43084000
|
unkown
|
page read and write
|
|
|
|
7FF5598E5000
|
unkown
|
page readonly
|
|
|
|
7FF4ECDB8000
|
unkown
|
page readonly
|
|
|
|
206A06D0000
|
unkown
|
page readonly
|
|
|
|
7FF5A2036000
|
unkown
|
page readonly
|
|
|
|
7FF548E16000
|
unkown
|
page readonly
|
|
|
|
7FF50BE0D000
|
unkown
|
page readonly
|
|
|
|
21D17A31000
|
unkown
|
page read and write
|
|
|
|
21D124A0000
|
unkown
|
page read and write
|
|
|
|
7FF50BDE8000
|
unkown
|
page readonly
|
|
|
|
206A043F000
|
unkown
|
page read and write
|
|
|
|
206A0E00000
|
unkown
|
page readonly
|
|
|
|
21D178AE000
|
unkown
|
page read and write
|
|
|
|
21D17C00000
|
unkown
|
page readonly
|
|
|
|
D9D82FC000
|
unkown
|
page read and write
|
|
|
|
21D17A00000
|
unkown
|
page read and write
|
|
|
|
1DBA51C0000
|
unkown
|
page readonly
|
|
|
|
206A0402000
|
unkown
|
page read and write
|
|
|
|
21D179A0000
|
unkown
|
page readonly
|
|
|
|
7FF59D278000
|
unkown
|
page readonly
|
|
|
|
7FF59D234000
|
unkown
|
page readonly
|
|
|
|
21D13340000
|
unkown
|
page readonly
|
|
|
|
A9755AC000
|
unkown
|
page read and write
|
|
|
|
7FF5A1FB3000
|
unkown
|
page readonly
|
|
|
|
1DE43802000
|
unkown
|
page read and write
|
|
|
|
229D1470000
|
unkown
|
page readonly
|
|
|
|
D9D837E000
|
unkown
|
page read and write
|
|
|
|
7FF5A1FA5000
|
unkown
|
page readonly
|
|
|
|
21D13330000
|
unkown
|
page readonly
|
|
|
|
7FF548994000
|
unkown
|
page readonly
|
|
|
|
D9D7F6D000
|
unkown
|
page read and write
|
|
|
|
7FF4ECDFF000
|
unkown
|
page readonly
|
|
|
|
7FF59E3BC000
|
unkown
|
page readonly
|
|
|
|
7FF59D067000
|
unkown
|
page readonly
|
|
|
|
7FF59CE66000
|
unkown
|
page readonly
|
|
|
|
7FF4ECAA5000
|
unkown
|
page readonly
|
|
|
|
206A0C02000
|
unkown
|
page read and write
|
|
|
|
1E4A0030000
|
heap default
|
page read and write
|
|
|
|
7FF59E1AD000
|
unkown
|
page readonly
|
|
|
|
7FF54914F000
|
unkown
|
page readonly
|
|
|
|
1DBA5190000
|
unkown
|
page read and write
|
|
|
|
21D17AC6000
|
unkown
|
page read and write
|
|
|
|
21D17970000
|
unkown
|
page read and write
|
|
|
|
7FF59DE38000
|
unkown
|
page readonly
|
|
|
|
7FF59D053000
|
unkown
|
page readonly
|
|
|
|
C0BF9FE000
|
unkown
|
page read and write
|
|
|
|
7FF5C22A3000
|
unkown
|
page readonly
|
|
|
|
21D17C03000
|
unkown
|
page readonly
|
|
|
|
7FF5598AD000
|
unkown
|
page readonly
|
|
|
|
7FF59D26C000
|
unkown
|
page readonly
|
|
|
|
7FF5A1F67000
|
unkown
|
page readonly
|
|
|
|
7FF59CF3C000
|
unkown
|
page readonly
|
|
|
|
7FF548F72000
|
unkown
|
page readonly
|
|
|
|
21D178A0000
|
unkown
|
page read and write
|
|
|
|
21D12B58000
|
unkown
|
page read and write
|
|
|
|
1E4A0130000
|
unkown
|
page readonly
|
|
|
|
7FF59E3A7000
|
unkown
|
page readonly
|
|
|
|
7FF549068000
|
unkown
|
page readonly
|
|
|
|
1DE43102000
|
unkown
|
page read and write
|
|
|
|
21D121E0000
|
heap private
|
page read and write
|
|
|
|
7FF59D210000
|
unkown
|
page readonly
|
|
|
|
1E7E9CE0000
|
unkown
|
page readonly
|
|
|
|
7FF50BB46000
|
unkown
|
page readonly
|
|
|
|
7FF50B674000
|
unkown
|
page readonly
|
|
|
|
229D0E68000
|
unkown
|
page read and write
|
|
|
|
7FF59D34B000
|
unkown
|
page readonly
|
|
|
|
7FF59D299000
|
unkown
|
page readonly
|
|
|
|
7FF4ECD10000
|
unkown
|
page readonly
|
|
|
|
229D0E00000
|
unkown
|
page read and write
|
|
|
|
7FF549134000
|
unkown
|
page readonly
|
|
|
|
2B4D1002000
|
unkown
|
page read and write
|
|
|
|
B75B8FF000
|
unkown
|
page read and write
|
|
|
|
7FF59D083000
|
unkown
|
page readonly
|
|
|
|
7FF59D344000
|
unkown
|
page readonly
|
|
|
|
21D179A0000
|
unkown
|
page read and write
|
|
|
|
7FF59D32B000
|
unkown
|
page readonly
|
|
|
|
7FF5C232B000
|
unkown
|
page readonly
|
|
|
|
D9D867C000
|
unkown
|
page read and write
|
|
|
|
7FF5490B5000
|
unkown
|
page readonly
|
|
|
|
7FF548CAA000
|
unkown
|
page readonly
|
|
|
|
1E4A003B000
|
heap default
|
page read and write
|
|
|
|
1DBA5170000
|
unkown
|
page readonly
|
|
|
|
21D17AA2000
|
unkown
|
page read and write
|
|
|
|
2B4D0FC0000
|
unkown
|
page read and write
|
|
|
|
7FF559938000
|
unkown
|
page readonly
|
|
|
|
2B4D0910000
|
unkown
|
page readonly
|
|
|
|
7FF5C2295000
|
unkown
|
page readonly
|
|
|
|
7FF548DCD000
|
unkown
|
page readonly
|
|
|
|
21D124FD000
|
unkown
|
page read and write
|
|
|
|
7FF59E49E000
|
unkown
|
page readonly
|
|
|
|
7FF59E3C8000
|
unkown
|
page readonly
|
|
|
|
7FF4ECD65000
|
unkown
|
page readonly
|
|
|
|
7FF59CF1B000
|
unkown
|
page readonly
|
|
|
|
7FF59D24C000
|
unkown
|
page readonly
|
|
|
|
C6AB2F7000
|
unkown
|
page read and write
|
|
|
|
1DE43002000
|
unkown
|
page read and write
|
|
|
|
7FF5A206F000
|
unkown
|
page readonly
|
|
|
|
1DBA50A0000
|
unkown
|
page readonly
|
|
|
|
1DBA5A02000
|
unkown
|
page read and write
|
|
|
|
7FF4ECCA3000
|
unkown
|
page readonly
|
|
|
|
7FF4ECAE3000
|
unkown
|
page readonly
|
|
|
|
1DBA52C2000
|
unkown
|
page read and write
|
|
|
|
1DBA5213000
|
unkown
|
page read and write
|
|
|
|
21D17CF0000
|
unkown
|
page read and write
|
|
|
|
21D17780000
|
unkown
|
page read and write
|
|
|
|
229D1602000
|
unkown
|
page read and write
|
|
|
|
7FF59E3FA000
|
unkown
|
page readonly
|
|
|
|
D9D7FEE000
|
unkown
|
page read and write
|
|
|
|
7FF59CF03000
|
unkown
|
page readonly
|
|
|
|
1DBA52CA000
|
unkown
|
page read and write
|
|
|
|
7FF4ECDCB000
|
unkown
|
page readonly
|
|
|
|
B75B4FE000
|
unkown
|
page read and write
|
|
|
|
7FF5C1F2F000
|
unkown
|
page readonly
|
|
|
|
7FF59E4AD000
|
unkown
|
page readonly
|
|
|
|
7FF59CF16000
|
unkown
|
page readonly
|
|
|
|
1E7E9A45000
|
heap default
|
page read and write
|
|
|
|
C6AAF0E000
|
unkown
|
page read and write
|
|
|
|
21D1248B000
|
unkown
|
page read and write
|
|
|
|
7FF54911E000
|
unkown
|
page readonly
|
|
|
|
7FF549043000
|
unkown
|
page readonly
|
|
|
|
7FF59E476000
|
unkown
|
page readonly
|
|
|
|
1DE432D0000
|
unkown
|
page readonly
|
|
|
|
2B4D0B02000
|
unkown
|
page read and write
|
|
|
|
7FF5598C3000
|
unkown
|
page readonly
|
|
|
|
D8C507D000
|
unkown
|
page read and write
|
|
|
|
E14F0FE000
|
unkown
|
page read and write
|
|
|
|
21D12413000
|
unkown
|
page read and write
|
|
|
|
7FF59CCF6000
|
unkown
|
page readonly
|
|
|
|
7FF5C235B000
|
unkown
|
page readonly
|
|
|
|
7FF4ECDEE000
|
unkown
|
page readonly
|
|
|
|
7FF50BCE7000
|
unkown
|
page readonly
|
|
|
|
7FF5C2318000
|
unkown
|
page readonly
|
|
|
|
7FF5598E3000
|
unkown
|
page readonly
|
|
|
|
1E4A0370000
|
heap private
|
page read and write
|
|
|
|
7FF59D1F2000
|
unkown
|
page readonly
|
|
|
|
C0BFA7C000
|
unkown
|
page read and write
|
|
|
|
21D12A02000
|
unkown
|
page read and write
|
|
|
|
21D12472000
|
unkown
|
page read and write
|
|
|
|
1E7EB330000
|
unkown
|
page readonly
|
|
|
|
229D0E56000
|
unkown
|
page read and write
|
|
|
|
7FF549057000
|
unkown
|
page readonly
|
|
|
|
21D12B02000
|
unkown
|
page read and write
|
|
|
|
21D17970000
|
unkown
|
page write copy
|
|
|
|
7FF59E4AF000
|
unkown
|
page readonly
|
|
|
|
7FF59E3E9000
|
unkown
|
page readonly
|
|
|
|
D9D877C000
|
unkown
|
page read and write
|
|
|
|
7FF5598B5000
|
unkown
|
page readonly
|
|
|
|
7FF5A203B000
|
unkown
|
page readonly
|
|
|
|
21D12494000
|
unkown
|
page read and write
|
|
|
|
21D178C4000
|
unkown
|
page read and write
|
|
|
|
206A0477000
|
unkown
|
page read and write
|
|
|
|
C6AB97E000
|
unkown
|
page read and write
|
|
|
|
21D12B00000
|
unkown
|
page read and write
|
|
|
|
C6AB7FB000
|
unkown
|
page read and write
|
|
|
|
7FF548FCE000
|
unkown
|
page readonly
|
|
|
|
1E7EB380000
|
unkown
|
page readonly
|
|
|
|
7FF59CEEF000
|
unkown
|
page readonly
|
|
|
|
7FF50BD27000
|
unkown
|
page readonly
|
|
|
|
1DBA5030000
|
heap private
|
page read and write
|
|
|
|
7FF4ECD0C000
|
unkown
|
page readonly
|
|
|
|
229D0D30000
|
unkown
|
page readonly
|
|
|
|
21D1247B000
|
unkown
|
page read and write
|
|
|
|
C0BF87E000
|
unkown
|
page read and write
|
|
|
|
7FF5A202F000
|
unkown
|
page readonly
|
|
|
|
7FF5A1D18000
|
unkown
|
page readonly
|
|
|
|
7FF549032000
|
unkown
|
page readonly
|
|
|
|
B75B47E000
|
unkown
|
page read and write
|
|
|
|
21D12B18000
|
unkown
|
page read and write
|
|
|
|
21D178C1000
|
unkown
|
page read and write
|
|
|
|
2B4D0920000
|
unkown
|
page readonly
|
|
|
|
7FF5C234B000
|
unkown
|
page readonly
|
|
|
|
21D179D0000
|
unkown
|
page read and write
|
|
|
|
1E7E9CC0000
|
unkown
|
page readonly
|
|
|
|
7FF548FC4000
|
unkown
|
page readonly
|
|
|
|
D8C468B000
|
unkown
|
page read and write
|
|
|
|
A9758FE000
|
unkown
|
page read and write
|
|
|
|
7FF4ECCAA000
|
unkown
|
page readonly
|
|
|
|
229D0E13000
|
unkown
|
page read and write
|
|
|
|
206A042A000
|
unkown
|
page read and write
|
|
|
|
21D178D0000
|
unkown
|
page read and write
|
|
|
|
21D17700000
|
unkown
|
page read and write
|
|
|
|
7FF50BABA000
|
unkown
|
page readonly
|
|
|
|
2B4D0A13000
|
unkown
|
page read and write
|
|
|
|
7FF59E015000
|
unkown
|
page readonly
|
|
|
|
7FF5598B9000
|
unkown
|
page readonly
|
|
|
|
7FF5C231F000
|
unkown
|
page readonly
|
|
|
|
1DE42F90000
|
unkown
|
page read and write
|
|
|
|
206A0466000
|
unkown
|
page read and write
|
|
|
|
7FF59D1D4000
|
unkown
|
page readonly
|
|
|
|
1E7EB370000
|
heap private
|
page read and write
|
|
|
|
21D17A11000
|
unkown
|
page read and write
|
|
|
|
7FF59E27F000
|
unkown
|
page readonly
|
|
|
|
1DE42F60000
|
heap default
|
page read and write
|
|
|
|
229D1480000
|
unkown
|
page read and write
|
|
|
|
7FF5C22AA000
|
unkown
|
page readonly
|
|
|
|
7FF54910F000
|
unkown
|
page readonly
|
|
|
|
1E7EB5E0000
|
heap private
|
page read and write
|
|
|
|
7FF5A1E0D000
|
unkown
|
page readonly
|
|
|
|
1E4A0375000
|
heap private
|
page read and write
|
|
|
|
21D17C0C000
|
unkown
|
page write copy
|
|
|
|
7FF5C22C5000
|
unkown
|
page readonly
|
|
|
|
1E7E9A2B000
|
heap default
|
page read and write
|
|
|
|
7FF50B936000
|
unkown
|
page readonly
|
|
|
|
D8C4B7E000
|
unkown
|
page read and write
|
|
|
|
7FF59E46F000
|
unkown
|
page readonly
|
|
|
|
2B4D0A2A000
|
unkown
|
page read and write
|
|
|
|
7FF59D20D000
|
unkown
|
page readonly
|
|
|
|
21D13370000
|
unkown
|
page readonly
|
|
|
|
7FF548CAE000
|
unkown
|
page readonly
|
|
There are 618 hidden memdumps, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://pr.ssm.echoworx.net/brand?act=download&entp=citi&locale=en_US&cat=Resource_Center&f=emx/help/notice_privacy.html
|
|
|
|
https://securemailcenter.citigroup.com/login.html?questionId=797493ef0b040cb9&locale=en_US
|
|
|
|
https://pr.ssm.echoworx.net/brand?act=download&entp=citi&locale=en_US&cat=Resource_Center&f=emx/help/index.html
|
|