Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
2CW1YLhNIS.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\2CW1YLhNIS.exe.log
|
ASCII text, with CRLF line terminators
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Temp\tmp9D57.tmp
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\UieOsrSocP.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\UieOsrSocP.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\C79A3B\B52B3F.lck
|
very short file (no magic)
|
dropped
|
 |
|
|
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\bc49718863ee53e026d805ec372039e9_d06ed635-68f6-4e9a-955c-4899f5f57b9a
|
data
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\2CW1YLhNIS.exe
|
'C:\Users\user\Desktop\2CW1YLhNIS.exe'
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\UieOsrSocP' /XML 'C:\Users\user\AppData\Local\Temp\tmp9D57.tmp'
|
|
|
|
C:\Users\user\Desktop\2CW1YLhNIS.exe
|
C:\Users\user\Desktop\2CW1YLhNIS.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://kbfvzoboss.bid/alien/fre.php
|
|
||
|
http://63.141.228.141/32.php/QQojJUjm8ByeT
|
63.141.228.141
|
|
|
|
http://alphastand.win/alien/fre.php
|
|
||
|
http://alphastand.trade/alien/fre.php
|
|
||
|
http://alphastand.top/alien/fre.php
|
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
|
|
|
http://www.ibsensoftware.com/
|
unknown
|
|
|
|
https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
63.141.228.141
|
unknown
|
United States
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2D91000
|
unkown
|
page read and write
|
|
|
|
3D19000
|
unkown
|
page read and write
|
|
|
|
400000
|
unkown
|
page execute and read and write
|
|
|
|
B7B0000
|
unkown
|
page read and write
|
|
|
|
1169000
|
unkown
|
page read and write
|
|
|
|
C26D000
|
unkown
|
page read and write
|
|
|
|
5210000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
11C0000
|
unkown
|
page readonly
|
|
|
|
51F0000
|
unkown
|
page read and write
|
|
|
|
B7EE000
|
unkown
|
page read and write
|
|
|
|
53F0000
|
unkown
|
page read and write
|
|
|
|
5400000
|
unkown
|
page read and write
|
|
|
|
5400000
|
unkown
|
page execute and read and write
|
|
|
|
7FF5BF3D4000
|
unkown
|
page readonly
|
|
|
|
B7E9000
|
unkown
|
page read and write
|
|
|
|
87C0000
|
unkown
|
page read and write
|
|
|
|
5860000
|
unkown
|
page read and write
|
|
|
|
2B6C000
|
unkown
|
page read and write
|
|
|
|
5400000
|
unkown
|
page read and write
|
|
|
|
5330000
|
unkown
|
page read and write
|
|
|
|
22FD9610000
|
unkown
|
page readonly
|
|
|
|
5860000
|
unkown
|
page read and write
|
|
|
|
CF9000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
57C0000
|
unkown
|
page read and write
|
|
|
|
5270000
|
unkown
|
page read and write
|
|
|
|
C270000
|
unkown
|
page read and write
|
|
|
|
56F0000
|
unkown
|
page read and write
|
|
|
|
5280000
|
unkown
|
page read and write
|
|
|
|
5700000
|
unkown
|
page read and write
|
|
|
|
2DFE000
|
unkown
|
page read and write
|
|
|
|
53F0000
|
unkown
|
page read and write
|
|
|
|
5250000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
7FF5BF47A000
|
unkown
|
page readonly
|
|
|
|
5260000
|
unkown
|
page read and write
|
|
|
|
14C0000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
7FF5BF3F8000
|
unkown
|
page readonly
|
|
|
|
116D000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
C150000
|
unkown
|
page read and write
|
|
|
|
9D206CB000
|
unkown
|
page read and write
|
|
|
|
5250000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
11F0000
|
unkown
|
page read and write
|
|
|
|
14D0000
|
heap private
|
page read and write
|
|
|
|
5340000
|
unkown
|
page execute and read and write
|
|
|
|
1170000
|
unkown
|
page read and write
|
|
|
|
7FF5BF3A7000
|
unkown
|
page readonly
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
32CE000
|
unkown
|
page read and write
|
|
|
|
115B000
|
unkown
|
page read and write
|
|
|
|
2C9E000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
5860000
|
unkown
|
page read and write
|
|
|
|
22FDA000000
|
unkown
|
page readonly
|
|
|
|
151E000
|
unkown
|
page read and write
|
|
|
|
7FF5BF38E000
|
unkown
|
page readonly
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
5220000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
BD2E000
|
unkown
|
page read and write
|
|
|
|
22FD9849000
|
unkown
|
page read and write
|
|
|
|
B7B0000
|
unkown
|
page read and write
|
|
|
|
113F000
|
heap default
|
page read and write
|
|
|
|
11AD000
|
unkown
|
page read and write
|
|
|
|
CE3000
|
unkown
|
page read and write
|
|
|
|
105C000
|
unkown
|
page read and write
|
|
|
|
5210000
|
unkown
|
page read and write
|
|
|
|
6260000
|
unkown
|
page read and write
|
|
|
|
22FD9900000
|
unkown
|
page read and write
|
|
|
|
22FD9913000
|
unkown
|
page read and write
|
|
|
|
5280000
|
unkown
|
page read and write
|
|
|
|
5330000
|
unkown
|
page read and write
|
|
|
|
2E07000
|
unkown
|
page read and write
|
|
|
|
53F0000
|
unkown
|
page read and write
|
|
|
|
5330000
|
unkown
|
page read and write
|
|
|
|
11AD000
|
unkown
|
page read and write
|
|
|
|
CF6000
|
unkown
|
page read and write
|
|
|
|
22FD988C000
|
unkown
|
page read and write
|
|
|
|
5331000
|
unkown
|
page read and write
|
|
|
|
56D0000
|
unkown
|
page read and write
|
|
|
|
116E000
|
unkown
|
page read and write
|
|
|
|
11B6000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
5280000
|
unkown
|
page read and write
|
|
|
|
5210000
|
unkown
|
page read and write
|
|
|
|
57D0000
|
unkown
|
page read and write
|
|
|
|
22FDA340000
|
unkown
|
page readonly
|
|
|
|
1100000
|
heap default
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
BE80000
|
unkown
|
page readonly
|
|
|
|
7FF5BF28B000
|
unkown
|
page readonly
|
|
|
|
2B90000
|
heap private
|
page read and write
|
|
|
|
2DAF000
|
unkown
|
page read and write
|
|
|
|
7FF5BEBFD000
|
unkown
|
page readonly
|
|
|
|
1190000
|
unkown
|
page read and write
|
|
|
|
D14000
|
unkown
|
page read and write
|
|
|
|
7FF5BF2FC000
|
unkown
|
page readonly
|
|
|
|
4D10000
|
unkown
|
page read and write
|
|
|
|
5240000
|
unkown
|
page read and write
|
|
|
|
5FA1000
|
unkown
|
page read and write
|
|
|
|
5280000
|
unkown
|
page readonly
|
|
|
|
5210000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
5400000
|
unkown
|
page read and write
|
|
|
|
5400000
|
unkown
|
page read and write
|
|
|
|
A0C000
|
unkown image
|
page readonly
|
|
|
|
11A6000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
1174000
|
unkown
|
page read and write
|
|
|
|
9D20E77000
|
unkown
|
page read and write
|
|
|
|
7FF5BF390000
|
unkown
|
page readonly
|
|
|
|
1490000
|
unkown
|
page read and write
|
|
|
|
2D11000
|
unkown
|
page read and write
|
|
|
|
C160000
|
unkown
|
page read and write
|
|
|
|
FB0000
|
unkown
|
page read and write
|
|
|
|
116E000
|
unkown
|
page read and write
|
|
|
|
BED0000
|
unkown
|
page readonly
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
11CE000
|
heap default
|
page read and write
|
|
|
|
BC2D000
|
unkown
|
page read and write
|
|
|
|
CF3000
|
unkown
|
page read and write
|
|
|
|
7FF5BF2E3000
|
unkown
|
page readonly
|
|
|
|
9D20C7F000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
5860000
|
unkown
|
page read and write
|
|
|
|
4D30000
|
unkown
|
page read and write
|
|
|
|
7FF5BF1E1000
|
unkown
|
page readonly
|
|
|
|
2CE0000
|
unkown
|
page read and write
|
|
|
|
56F0000
|
unkown
|
page read and write
|
|
|
|
22FD9855000
|
unkown
|
page read and write
|
|
|
|
56E0000
|
unkown
|
page read and write
|
|
|
|
C92000
|
unkown image
|
page readonly
|
|
|
|
FC4000
|
unkown
|
page read and write
|
|
|
|
5220000
|
unkown
|
page read and write
|
|
|
|
8F0000
|
unkown image
|
page readonly
|
|
|
|
7FF5BF40D000
|
unkown
|
page readonly
|
|
|
|
5350000
|
unkown
|
page read and write
|
|
|
|
1497000
|
unkown
|
page execute and read and write
|
|
|
|
5860000
|
unkown
|
page read and write
|
|
|
|
5280000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
A0C000
|
unkown image
|
page readonly
|
|
|
|
56F0000
|
unkown
|
page readonly
|
|
|
|
1190000
|
unkown
|
page read and write
|
|
|
|
C90000
|
unkown image
|
page readonly
|
|
|
|
CE7000
|
unkown
|
page read and write
|
|
|
|
22FD986C000
|
unkown
|
page read and write
|
|
|
|
6260000
|
unkown
|
page read and write
|
|
|
|
7FF5BF474000
|
unkown
|
page readonly
|
|
|
|
49F000
|
unkown
|
page execute and read and write
|
|
|
|
9D20BFB000
|
unkown
|
page read and write
|
|
|
|
7FF5BF481000
|
unkown
|
page readonly
|
|
|
|
57E0000
|
unkown
|
page read and write
|
|
|
|
7FF5BF37A000
|
unkown
|
page readonly
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
5250000
|
unkown
|
page read and write
|
|
|
|
11E0000
|
heap default
|
page read and write
|
|
|
|
C130000
|
unkown
|
page read and write
|
|
|
|
2E80000
|
heap private
|
page read and write
|
|
|
|
115B000
|
unkown
|
page read and write
|
|
|
|
2CAB000
|
unkown
|
page read and write
|
|
|
|
5220000
|
unkown
|
page read and write
|
|
|
|
7FF5BEF50000
|
unkown
|
page readonly
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
56D2000
|
unkown
|
page read and write
|
|
|
|
DAC000
|
unkown image
|
page readonly
|
|
|
|
5330000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
C11C000
|
unkown
|
page read and write
|
|
|
|
5200000
|
unkown
|
page read and write
|
|
|
|
14D9000
|
heap private
|
page read and write
|
|
|
|
117C000
|
unkown
|
page read and write
|
|
|
|
22FD9E02000
|
unkown
|
page read and write
|
|
|
|
5860000
|
unkown
|
page read and write
|
|
|
|
5280000
|
unkown
|
page read and write
|
|
|
|
5260000
|
unkown
|
page read and write
|
|
|
|
4D10000
|
unkown
|
page read and write
|
|
|
|
8F0000
|
unkown image
|
page readonly
|
|
|
|
FCD000
|
unkown
|
page execute and read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
10EE000
|
unkown
|
page read and write
|
|
|
|
56E0000
|
unkown
|
page read and write
|
|
|
|
629E000
|
unkown
|
page read and write
|
|
|
|
1179000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
5230000
|
unkown
|
page read and write
|
|
|
|
32D7000
|
unkown
|
page read and write
|
|
|
|
118F000
|
unkown
|
page read and write
|
|
|
|
9D20D7C000
|
unkown
|
page read and write
|
|
|
|
C271000
|
unkown
|
page read and write
|
|
|
|
5D70000
|
unkown
|
page read and write
|
|
|
|
2CA4000
|
unkown
|
page read and write
|
|
|
|
5360000
|
heap private
|
page read and write
|
|
|
|
11E5000
|
heap default
|
page read and write
|
|
|
|
C16D000
|
unkown
|
page read and write
|
|
|
|
5230000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
56D0000
|
unkown
|
page read and write
|
|
|
|
5330000
|
unkown
|
page read and write
|
|
|
|
22FD97C0000
|
unkown
|
page readonly
|
|
|
|
C270000
|
unkown
|
page read and write
|
|
|
|
119D000
|
unkown
|
page read and write
|
|
|
|
2E3D000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
10F0000
|
unkown
|
page read and write
|
|
|
|
1195000
|
unkown
|
page read and write
|
|
|
|
11B2000
|
unkown
|
page read and write
|
|
|
|
11C1000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
6260000
|
unkown
|
page read and write
|
|
|
|
7FF5BF409000
|
unkown
|
page readonly
|
|
|
|
5250000
|
unkown
|
page read and write
|
|
|
|
56E0000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
FE0000
|
heap private
|
page read and write
|
|
|
|
10F2000
|
unkown
|
page read and write
|
|
|
|
119C000
|
unkown
|
page read and write
|
|
|
|
2CA0000
|
unkown
|
page read and write
|
|
|
|
14B0000
|
unkown
|
page read and write
|
|
|
|
7FF5BEA98000
|
unkown
|
page readonly
|
|
|
|
B7B0000
|
unkown
|
page read and write
|
|
|
|
5330000
|
unkown
|
page read and write
|
|
|
|
CF0000
|
unkown
|
page read and write
|
|
|
|
5330000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
57BC000
|
unkown
|
page read and write
|
|
|
|
12FE000
|
unkown
|
page read and write
|
|
|
|
8503000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
5263000
|
unkown
|
page read and write
|
|
|
|
6260000
|
unkown
|
page read and write
|
|
|
|
4D10000
|
unkown
|
page read and write
|
|
|
|
2DEF000
|
unkown
|
page read and write
|
|
|
|
5210000
|
unkown
|
page read and write
|
|
|
|
5350000
|
unkown
|
page read and write
|
|
|
|
7FF5BF3BC000
|
unkown
|
page readonly
|
|
|
|
D05000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page execute and read and write
|
|
|
|
1131000
|
heap default
|
page read and write
|
|
|
|
1169000
|
unkown
|
page read and write
|
|
|
|
3D11000
|
unkown
|
page read and write
|
|
|
|
4D20000
|
unkown
|
page read and write
|
|
|
|
C270000
|
unkown
|
page read and write
|
|
|
|
DAC000
|
unkown image
|
page readonly
|
|
|
|
22FD986C000
|
unkown
|
page read and write
|
|
|
|
1199000
|
unkown
|
page read and write
|
|
|
|
7FF5BEF65000
|
unkown
|
page readonly
|
|
|
|
E16000
|
unkown
|
page read and write
|
|
|
|
B7C4000
|
unkown
|
page read and write
|
|
|
|
BBEF000
|
unkown
|
page read and write
|
|
|
|
2B80000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
5210000
|
unkown
|
page read and write
|
|
|
|
2E00000
|
unkown
|
page read and write
|
|
|
|
5330000
|
unkown
|
page read and write
|
|
|
|
55E0000
|
unkown
|
page readonly
|
|
|
|
1178000
|
unkown
|
page read and write
|
|
|
|
1171000
|
unkown
|
page read and write
|
|
|
|
C90000
|
unkown image
|
page readonly
|
|
|
|
5F6E000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
7FF5BF3E4000
|
unkown
|
page readonly
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
C90000
|
unkown image
|
page readonly
|
|
|
|
4EAB000
|
unkown
|
page read and write
|
|
|
|
7FF5BF3FE000
|
unkown
|
page readonly
|
|
|
|
4D10000
|
unkown
|
page read and write
|
|
|
|
5350000
|
unkown
|
page read and write
|
|
|
|
57D0000
|
unkown
|
page read and write
|
|
|
|
C92000
|
unkown image
|
page readonly
|
|
|
|
1169000
|
unkown
|
page read and write
|
|
|
|
BE6E000
|
unkown
|
page read and write
|
|
|
|
56E0000
|
unkown
|
page read and write
|
|
|
|
7FF5BF482000
|
unkown
|
page readonly
|
|
|
|
7FF5BF2DD000
|
unkown
|
page readonly
|
|
|
|
2B2E000
|
unkown
|
page read and write
|
|
|
|
119D000
|
unkown
|
page read and write
|
|
|
|
4D10000
|
unkown
|
page read and write
|
|
|
|
5280000
|
unkown
|
page read and write
|
|
|
|
7FF5BF406000
|
unkown
|
page readonly
|
|
|
|
9D20F7F000
|
unkown
|
page read and write
|
|
|
|
1179000
|
unkown
|
page read and write
|
|
|
|
4D4E000
|
unkown
|
page read and write
|
|
|
|
119D000
|
unkown
|
page read and write
|
|
|
|
BA7000
|
unkown
|
page read and write
|
|
|
|
5280000
|
unkown
|
page read and write
|
|
|
|
11B0000
|
unkown
|
page read and write
|
|
|
|
BF0000
|
unkown
|
page read and write
|
|
|
|
BD6E000
|
unkown
|
page read and write
|
|
|
|
4D10000
|
unkown
|
page read and write
|
|
|
|
5260000
|
unkown
|
page read and write
|
|
|
|
CFF000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
8760000
|
unkown
|
page read and write
|
|
|
|
56E0000
|
unkown
|
page read and write
|
|
|
|
54B0000
|
unkown
|
page readonly
|
|
|
|
D11000
|
unkown
|
page read and write
|
|
|
|
7FF5BF37C000
|
unkown
|
page readonly
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
1190000
|
unkown
|
page read and write
|
|
|
|
5770000
|
heap private
|
page read and write
|
|
|
|
63A0000
|
unkown
|
page read and write
|
|
|
|
7FF5BEF56000
|
unkown
|
page readonly
|
|
|
|
5FB0000
|
heap private
|
page read and write
|
|
|
|
1210000
|
heap default
|
page read and write
|
|
|
|
56F0000
|
unkown
|
page read and write
|
|
|
|
5280000
|
unkown
|
page read and write
|
|
|
|
1310000
|
unkown
|
page readonly
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
5210000
|
unkown
|
page read and write
|
|
|
|
11AD000
|
unkown
|
page read and write
|
|
|
|
5280000
|
unkown
|
page read and write
|
|
|
|
4D10000
|
unkown
|
page read and write
|
|
|
|
149B000
|
unkown
|
page execute and read and write
|
|
|
|
2CFF000
|
unkown
|
page read and write
|
|
|
|
56E3000
|
unkown
|
page read and write
|
|
|
|
E20000
|
unkown
|
page readonly
|
|
|
|
117B000
|
unkown
|
page read and write
|
|
|
|
1186000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
2CC5000
|
unkown
|
page read and write
|
|
|
|
1218000
|
heap default
|
page read and write
|
|
|
|
5230000
|
unkown
|
page read and write
|
|
|
|
53AD000
|
unkown
|
page read and write
|
|
|
|
2CF0000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
4D10000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
22FD9902000
|
unkown
|
page read and write
|
|
|
|
D0E000
|
unkown
|
page read and write
|
|
|
|
9D207CF000
|
unkown
|
page read and write
|
|
|
|
116B000
|
unkown
|
page read and write
|
|
|
|
53F0000
|
unkown
|
page read and write
|
|
|
|
118E000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
4D10000
|
unkown
|
page read and write
|
|
|
|
BEE0000
|
unkown
|
page readonly
|
|
|
|
2B70000
|
unkown
|
page execute and read and write
|
|
|
|
119C000
|
unkown
|
page read and write
|
|
|
|
528A000
|
unkown
|
page read and write
|
|
|
|
8F2000
|
unkown image
|
page readonly
|
|
|
|
B7B0000
|
unkown
|
page read and write
|
|
|
|
6250000
|
unkown
|
page read and write
|
|
|
|
87B0000
|
unkown
|
page read and write
|
|
|
|
5220000
|
unkown
|
page read and write
|
|
|
|
5363000
|
heap private
|
page read and write
|
|
|
|
D02000
|
unkown
|
page read and write
|
|
|
|
BFA0000
|
unkown
|
page read and write
|
|
|
|
BAAF000
|
unkown
|
page read and write
|
|
|
|
C4AE000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
5280000
|
unkown
|
page read and write
|
|
|
|
11BB000
|
unkown
|
page read and write
|
|
|
|
10F6000
|
unkown
|
page execute and read and write
|
|
|
|
5280000
|
unkown
|
page read and write
|
|
|
|
2D00000
|
heap private
|
page execute and read and write
|
|
|
|
119F000
|
unkown
|
page read and write
|
|
|
|
61C0000
|
unkown
|
page read and write
|
|
|
|
7FF5BF28E000
|
unkown
|
page readonly
|
|
|
|
BAEE000
|
unkown
|
page read and write
|
|
|
|
22FD9A00000
|
unkown
|
page readonly
|
|
|
|
5210000
|
unkown
|
page read and write
|
|
|
|
2CBD000
|
unkown
|
page read and write
|
|
|
|
B7E9000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
5260000
|
unkown
|
page read and write
|
|
|
|
11A6000
|
unkown
|
page read and write
|
|
|
|
4D10000
|
unkown
|
page read and write
|
|
|
|
7FF5BF233000
|
unkown
|
page readonly
|
|
|
|
7FF5BF3EF000
|
unkown
|
page readonly
|
|
|
|
56D0000
|
unkown
|
page read and write
|
|
|
|
5330000
|
unkown
|
page read and write
|
|
|
|
5FC0000
|
unkown
|
page read and write
|
|
|
|
119C000
|
unkown
|
page read and write
|
|
|
|
B7D7000
|
unkown
|
page read and write
|
|
|
|
9D2074E000
|
unkown
|
page read and write
|
|
|
|
5210000
|
unkown
|
page read and write
|
|
|
|
5330000
|
unkown
|
page read and write
|
|
|
|
7FF5BF38A000
|
unkown
|
page readonly
|
|
|
|
53EF000
|
unkown
|
page read and write
|
|
|
|
1190000
|
unkown
|
page read and write
|
|
|
|
4D10000
|
unkown
|
page read and write
|
|
|
|
63B0000
|
unkown
|
page read and write
|
|
|
|
22FD986F000
|
unkown
|
page read and write
|
|
|
|
22FD9908000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
5860000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
22FD97D0000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
57D0000
|
unkown
|
page read and write
|
|
|
|
FC3000
|
unkown
|
page execute and read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
5330000
|
unkown
|
page read and write
|
|
|
|
5860000
|
unkown
|
page read and write
|
|
|
|
2CD1000
|
unkown
|
page read and write
|
|
|
|
119C000
|
unkown
|
page read and write
|
|
|
|
116E000
|
unkown
|
page read and write
|
|
|
|
F24000
|
unkown
|
page read and write
|
|
|
|
C4B0000
|
unkown
|
page read and write
|
|
|
|
4D10000
|
unkown
|
page read and write
|
|
|
|
1520000
|
unkown
|
page readonly
|
|
|
|
4D8E000
|
unkown
|
page read and write
|
|
|
|
11AD000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
1178000
|
unkown
|
page read and write
|
|
|
|
7FF5BF3C7000
|
unkown
|
page readonly
|
|
|
|
2CCC000
|
unkown
|
page read and write
|
|
|
|
4D10000
|
unkown
|
page read and write
|
|
|
|
5400000
|
unkown
|
page read and write
|
|
|
|
22FD9600000
|
heap default
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
F6E000
|
unkown
|
page read and write
|
|
|
|
119D000
|
unkown
|
page read and write
|
|
|
|
B9AE000
|
unkown
|
page read and write
|
|
|
|
EF0000
|
unkown
|
page readonly
|
|
|
|
C271000
|
unkown
|
page read and write
|
|
|
|
3E1A000
|
unkown
|
page read and write
|
|
|
|
5220000
|
unkown
|
page read and write
|
|
|
|
1175000
|
unkown
|
page read and write
|
|
|
|
C270000
|
unkown
|
page read and write
|
|
|
|
4EB0000
|
unkown
|
page readonly
|
|
|
|
5860000
|
unkown
|
page read and write
|
|
|
|
22FD9829000
|
unkown
|
page read and write
|
|
|
|
22FD9802000
|
unkown
|
page read and write
|
|
|
|
3E4E000
|
unkown
|
page read and write
|
|
|
|
5210000
|
unkown
|
page read and write
|
|
|
|
6260000
|
unkown
|
page read and write
|
|
|
|
8F2000
|
unkown image
|
page readonly
|
|
|
|
AAB000
|
unkown
|
page read and write
|
|
|
|
5210000
|
unkown
|
page read and write
|
|
|
|
5210000
|
unkown
|
page read and write
|
|
|
|
C01E000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
BE70000
|
unkown
|
page readonly
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
11A6000
|
unkown
|
page read and write
|
|
|
|
B7B1000
|
unkown
|
page read and write
|
|
|
|
7FF5BF2F4000
|
unkown
|
page readonly
|
|
|
|
5280000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
119F000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
7FF5BF3DA000
|
unkown
|
page readonly
|
|
|
|
1177000
|
unkown
|
page read and write
|
|
|
|
116D000
|
unkown
|
page read and write
|
|
|
|
22FD9800000
|
unkown
|
page read and write
|
|
|
|
5330000
|
unkown
|
page read and write
|
|
|
|
5210000
|
unkown
|
page read and write
|
|
|
|
BF80000
|
unkown
|
page readonly
|
|
|
|
5350000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
C140000
|
unkown
|
page read and write
|
|
|
|
5210000
|
unkown
|
page read and write
|
|
|
|
7F5E0000
|
unkown
|
page execute and read and write
|
|
|
|
22FD95A0000
|
heap private
|
page read and write
|
|
|
|
22FD984F000
|
unkown
|
page read and write
|
|
|
|
4D18000
|
unkown
|
page read and write
|
|
|
|
4D10000
|
unkown
|
page read and write
|
|
|
|
141E000
|
unkown
|
page read and write
|
|
|
|
5400000
|
unkown
|
page read and write
|
|
|
|
2CC0000
|
unkown
|
page read and write
|
|
|
|
7FF5BF107000
|
unkown
|
page readonly
|
|
|
|
2B9B000
|
heap private
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
5400000
|
unkown
|
page read and write
|
|
|
|
22FD9813000
|
unkown
|
page read and write
|
|
|
|
CFC000
|
unkown
|
page read and write
|
|
|
|
FDD000
|
unkown
|
page execute and read and write
|
|
|
|
5220000
|
unkown
|
page readonly
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
C3AE000
|
unkown
|
page read and write
|
|
|
|
5330000
|
unkown
|
page read and write
|
|
|
|
5400000
|
unkown
|
page read and write
|
|
|
|
E12000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
22FD983C000
|
unkown
|
page read and write
|
|
|
|
2E90000
|
unkown
|
page readonly
|
|
|
|
22FD96E0000
|
unkown
|
page readonly
|
|
|
|
2DB1000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
639E000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
7FF5BF395000
|
unkown
|
page readonly
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
1492000
|
unkown
|
page read and write
|
|
|
|
FAE000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
2CB7000
|
unkown
|
page read and write
|
|
|
|
F24000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
113C000
|
heap default
|
page read and write
|
|
|
|
117F000
|
unkown
|
page read and write
|
|
|
|
8F0000
|
unkown image
|
page readonly
|
|
|
|
2CFE000
|
unkown
|
page read and write
|
|
|
|
D08000
|
unkown
|
page read and write
|
|
|
|
4D10000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
4D17000
|
unkown
|
page read and write
|
|
|
|
14E0000
|
unkown
|
page readonly
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
F20000
|
heap default
|
page read and write
|
|
|
|
10FA000
|
unkown
|
page execute and read and write
|
|
|
|
FD0000
|
unkown
|
page read and write
|
|
|
|
D0B000
|
unkown
|
page read and write
|
|
|
|
55D0000
|
heap private
|
page execute and read and write
|
|
|
|
57D0000
|
unkown
|
page read and write
|
|
|
|
7FF5BF39B000
|
unkown
|
page readonly
|
|
|
|
119D000
|
unkown
|
page read and write
|
|
|
|
117E000
|
unkown
|
page read and write
|
|
|
|
1198000
|
heap default
|
page read and write
|
|
|
|
4D10000
|
unkown
|
page read and write
|
|
|
|
56D0000
|
unkown
|
page read and write
|
|
|
|
5330000
|
unkown
|
page read and write
|
|
|
|
5FA0000
|
unkown
|
page read and write
|
|
|
|
7FF5BF271000
|
unkown
|
page readonly
|
|
|
|
5330000
|
unkown
|
page read and write
|
|
|
|
7FF5BF3BF000
|
unkown
|
page readonly
|
|
There are 523 hidden memdumps, click here to show them.