Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
jZi1ff38Qb.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Network\Downloader\edb.chk
|
data
|
dropped
|
 |
|
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
MPEG-4 LOAS
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage engine DataBase, version 0x620, checksum 0xf9caf670, page size 16384, Windows version 10.0
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\DURNCK2N\www.msn[2].xml
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\QALADACS\contextual.media[1].xml
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A15D0487-5416-11EC-90E5-ECF4BB570DC9}.dat
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A15D0489-5416-11EC-90E5-ECF4BB570DC9}.dat
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
|
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
|
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
|
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
|
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
|
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
|
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
|
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
|
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
|
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\dikxvqf\imagestore.dat
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\264bf325-c7e4-4939-8912-2424a7abe532[1].jpg
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\4996b9[1].woff
|
Web Open Font Format, TrueType, length 45633, version 1.0
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AA5Wkdg[1].png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AAMqFmF[1].png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AAPXV6f[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AARkL8h[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AARlAXA[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AARlY5u[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AARlk9e[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AARlmVR[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AARm2bN[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AAuTnto[1].png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\BB6Ma4a[1].png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\BBK9Hzy[1].png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\cfdbd9[1].png
|
PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\de-ch[1].json
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\iab2Data[2].json
|
UTF-8 Unicode text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\otCommonStyles[1].css
|
ASCII text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\otFlat[2].json
|
ASCII text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\otPcCenter[2].json
|
ASCII text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\otSDKStub[1].js
|
ASCII text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\otTCF-ie[1].js
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\px[1].gif
|
GIF image data, version 89a, 1 x 1
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\17-361657-68ddb2ab[1].js
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\55a804ab-e5c6-4b97-9319-86263d365d28[1].json
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AARlK6L[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AARlKcO[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AARlNEA[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AARlOdR[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AARm0KA[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AARm3Az[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AARm3dD[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AARmbBr[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AARmger[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AARmlyN[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AARmvNW[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AARmyym[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\BB1ftEY0[1].png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\BBVuddh[1].png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\a5ea21[1].ico
|
PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\checksync[2].htm
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\checksync[3].htm
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\checksync[4].htm
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\favicon[1].ico
|
MS Windows icon resource - 2 icons, 16x16, 16 colors, 32x32, 16 colors
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\nrrV52461[1].js
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\otBannerSdk[1].js
|
UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AA6wTdK[1].png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AAKp8YX[1].png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AANuZgF[1].png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AAOdxvW[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AAPFmi4[1].png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AAPwrS4[1].png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AAQCgDb[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AARjTo7[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AARl0hy[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AARlAkD[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AARlKWc[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AARlU0z[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AARlo9i[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AARlt06[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AARm2qY[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AARm6r5[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x250, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AARmL62[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x250, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AARmagQ[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AARmdP1[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AARmqzU[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\BB1gyTJJ[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\BB7gRE[1].png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\checksync[3].htm
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\medianet[1].htm
|
HTML document, ASCII text, with very long lines
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\medianet[2].htm
|
HTML document, ASCII text, with very long lines
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\tag[1].js
|
ASCII text, with very long lines
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\2d-0e97d4-185735b[1].css
|
UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\52-478955-68ddb2ab[1].js
|
UTF-8 Unicode text, with very long lines
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\AAPwesU[1].png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\AAQby46[1].png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\AARfw7b[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames
3
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\AARlHk9[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\AARlJ4T[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\AARlMfv[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\AARlT6t[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\AARluon[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\AARm1Gs[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\BB1aXBV1[1].png
|
PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\BB1cEP3G[1].png
|
PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\BB1cG73h[1].png
|
PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\BB1gyWh5[1].jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\BB1kKVy[1].png
|
PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\BB7hjL[1].png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\BBH3Kvo[1].png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\BBPfCZL[1].png
|
GIF image data, version 89a, 50 x 50
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\BBX2afX[1].png
|
PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\a8a064[2].gif
|
GIF image data, version 89a, 28 x 28
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\de-ch[1].htm
|
HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\e151e5[1].gif
|
GIF image data, version 89a, 1 x 1
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\jquery-2.1.1.min[1].js
|
ASCII text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DFA775405F5EA47FE1.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DFFB56E4ABD0130B6A.TMP
|
data
|
dropped
|
|
|
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log
|
Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
|
modified
|
|
|
|
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\DeliveryOptimization\Logs\dosvc.20211203_085531_640.etl
|
data
|
dropped
|
|
There are 110 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
|
|
|
C:\Windows\System32\svchost.exe
|
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
|
|
|
|
C:\Windows\System32\svchost.exe
|
c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k NetworkService -p
|
|
|
|
C:\Windows\System32\svchost.exe
|
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
|
|
|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\jZi1ff38Qb.dll"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\jZi1ff38Qb.dll",#1
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
regsvr32.exe /s C:\Users\user\Desktop\jZi1ff38Qb.dll
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\jZi1ff38Qb.dll",#1
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
C:\Program Files\Internet Explorer\iexplore.exe
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\jZi1ff38Qb.dll,DllRegisterServer
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4464 CREDAT:17410 /prefetch:2
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\jZi1ff38Qb.dll,asbiqstaeqzsycc
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\jZi1ff38Qb.dll,atwuhkycfybkj
|
|
|
|
C:\Windows\System32\SgrmBroker.exe
|
C:\Windows\system32\SgrmBroker.exe
|
|
|
|
C:\Program Files\Windows Defender\MpCmdRun.exe
|
"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
There are 7 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://assets.msn.com/staticsb/statics/latest/oneTrust/1.2/consent/55a804ab-e5c6-4b97-9319-86263d36
|
unknown
|
|
|
|
http://searchads.msn.net/.cfm?&&kp=1&
|
unknown
|
|
|
|
https://contextual.media.net/medianet.php?cid=8CU157172
|
unknown
|
|
|
|
https://www.msn.com/de-ch/nachrichten/coronareisen
|
unknown
|
|
|
|
https://dev.ditu.live.com/REST/v1/Routes/
|
unknown
|
|
|
|
https://dev.ditu.live.com/REST/v1/Traffic/Incidents/
|
unknown
|
|
|
|
https://t0.tiles.ditu.live.com/tiles/gen
|
unknown
|
|
|
|
https://www.msn.com/de-ch/news/other/z%c3%bcrich-zahlt-f%c3%bcr-gr%c3%bcne-hausw%c3%a4nde/ar-AARnq3Z
|
unknown
|
|
|
|
https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&mid=46130&u1=dech_promotionalstripe_na
|
unknown
|
|
|
|
https://onedrive.live.com;Fotos
|
unknown
|
|
|
|
https://www.msn.com/de-ch/sport?ocid=StripeOCID
|
unknown
|
|
|
|
https://dev.virtualearth.net/REST/v1/Routes/Walking
|
unknown
|
|
|
|
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_TopMenu&auth=1&wdorigin=msn
|
unknown
|
|
|
|
https://office.live.com/start/Word.aspx?WT.mc_id=MSN_site;Excel
|
unknown
|
|
|
|
http://ogp.me/ns/fb#
|
unknown
|
|
|
|
https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
|
unknown
|
|
|
|
https://www.botman.ninja/privacy-policy
|
unknown
|
|
|
|
https://dev.virtualearth.net/REST/v1/Transit/Schedules/
|
unknown
|
|
|
|
https://outlook.live.com/mail/deeplink/compose;Kalender
|
unknown
|
|
|
|
https://res-a.akamaihd.net/__media__/pics/8000/72/941/fallback1.jpg
|
unknown
|
|
|
|
https://www.msn.com/de-ch/news/other/traurig-und-primitiv-rettungswagen-w%c3%a4hrend-einsatz-verspra
|
unknown
|
|
|
|
https://www.queryclick.com/privacy-policy
|
unknown
|
|
|
|
https://www.skyscanner.net/g/referrals/v1/cars/home?associateid=API_B2B_19305_00002
|
unknown
|
|
|
|
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_Recent&auth=1&wdorigin=msn
|
unknown
|
|
|
|
https://www.msn.com/de-ch/?ocid=iehp#
|
unknown
|
|
|
|
https://www.msn.com/de-ch/news/other/wird-etwas-enger-im-bus-werden-die-kapazit%c3%a4t-aber-stemmen-
|
unknown
|
|
|
|
https://btloader.com/tag?o=6208086025961472&upapi=true
|
104.26.6.139
|
|
|
|
http://www.reddit.com/
|
unknown
|
|
|
|
https://www.skype.com/
|
unknown
|
|
|
|
http://www.bingmapsportal.com
|
unknown
|
|
|
|
https://sp.booking.com/index.html?aid=1589774&label=travelnavlink
|
unknown
|
|
|
|
https://www.msn.com/de-ch/nachrichten/regional
|
unknown
|
|
|
|
https://www.stroeer.de/werben-mit-stroeer/onlinewerbung/programmatic-data/sdi-datenschutz-b2c
|
unknown
|
|
|
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=
|
unknown
|
|
|
|
https://onedrive.live.com/?qt=allmyphotos;Aktuelle
|
unknown
|
|
|
|
https://www.msn.com/de-ch/news/other/die-provisorische-kantonsschule-auf-dem-irchel-kann-2024-starte
|
unknown
|
|
|
|
https://dev.virtualearth.net/REST/v1/Routes/
|
unknown
|
|
|
|
https://amzn.to/2TTxhNg
|
unknown
|
|
|
|
https://www.skype.com/go/onedrivepromo.download?cm_mmc=MSFT_2390_MSN-com
|
unknown
|
|
|
|
https://client-s.gateway.messenger.live.com
|
unknown
|
|
|
|
https://secure.adnxs.com/clktrb?id=764680&t=1
|
unknown
|
|
|
|
https://www.msn.com/de-ch/
|
unknown
|
|
|
|
https://office.live.com/start/PowerPoint.aspx?WT.mc_id=MSN_site
|
unknown
|
|
|
|
http://crl.ver)
|
unknown
|
|
|
|
https://www.msn.com/de-ch/news/other/lage-dramatisch-zugespitzt-%c3%b6v-in-winterthur-wird-teilweise
|
unknown
|
|
|
|
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
|
unknown
|
|
|
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
|
unknown
|
|
|
|
https://www.msn.com/de-ch
|
unknown
|
|
|
|
https://%s.xboxlive.com
|
unknown
|
|
|
|
https://www.tippsundtricks.co/gesundheit/stueck-seife-bettwasche/?utm_campaign=DECH-bedsoap&utm_
|
unknown
|
|
|
|
https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&mid=46130&u1=dech_mestripe_store&m
|
unknown
|
|
|
|
https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v=
|
unknown
|
|
|
|
https://twitter.com/i/notifications;Ich
|
unknown
|
|
|
|
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&http
|
unknown
|
|
|
|
https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250
|
142.250.203.102
|
|
|
|
https://nextmillennium.io/privacy-policy/
|
unknown
|
|
|
|
https://silvermob.com/privacy
|
unknown
|
|
|
|
https://dev.virtualearth.net/REST/v1/JsonFilter/VenueMaps/data/
|
unknown
|
|
|
|
https://browser.events.data.msn.com/OneCollector/1.0/t.js?qsp=true&anoncknm=%22%22&name=%22MS.News.W
|
unknown
|
|
|
|
https://clkde.tradedoubler.com/click?p=273363&a=3064090&g=24940322
|
unknown
|
|
|
|
https://dynamic.t
|
unknown
|
|
|
|
https://www.sway.com/?WT.mc_id=MSN_site&utm_source=MSN&utm_medium=Topnav&utm_campaign=link;PowerPoin
|
unknown
|
|
|
|
https://www.msn.com/de-ch/?ocid=iehp&item=deferred_page%3a1&ignorejs=webcore%2fmodules%2fjsb
|
unknown
|
|
|
|
http://www.youtube.com/
|
unknown
|
|
|
|
https://dev.virtualearth.net/REST/v1/Routes/Transit
|
unknown
|
|
|
|
http://ogp.me/ns#
|
unknown
|
|
|
|
https://www.linkedin.com:443/news/story/gibt-es-einen-impfstoffmangel-5630362/?li=BBqfZdV
|
unknown
|
|
|
|
https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
|
unknown
|
|
|
|
https://play.google.com/store/apps/details?id=com.microsoft.amp.apps.bingnews&hl=de-ch&refer
|
unknown
|
|
|
|
https://msasg.visualstudio.com/Shared%20Data/_git/1DS.JavaScript?version=GBnubenja%2Fcustom-package
|
unknown
|
|
|
|
https://onedrive.live.com/?qt=mru;OneDrive-App
|
unknown
|
|
|
|
https://www.skype.com/de
|
unknown
|
|
|
|
https://www.tippsundtricks.co/lifehacks/schwamm-kuhlschrank/?utm_campaign=DECH-schwamm&utm_sourc
|
unknown
|
|
|
|
https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/
|
unknown
|
|
|
|
https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
|
unknown
|
|
|
|
https://sp.booking.com/index.html?aid=1589774&label=dech-prime-hp-me
|
unknown
|
|
|
|
https://tools.applemediaservices.com/api/badges/download-on-the-app-store/black/de-de?"
|
unknown
|
|
|
|
https://www.skype.com/de/download-skype
|
unknown
|
|
|
|
https://onedrive.live.com/?wt.mc_id=oo_msn_msnhomepage_header
|
unknown
|
|
|
|
https://dev.virtualearth.net/REST/v1/Routes/Driving
|
unknown
|
|
|
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
|
unknown
|
|
|
|
http://www.hotmail.msn.com/pii/ReadOutlookEmail/
|
unknown
|
|
|
|
https://onedrive.live.com;OneDrive-App
|
unknown
|
|
|
|
https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&mid=46130&u1=dech_mestripe_office&
|
unknown
|
|
|
|
https://www.msn.com/de-ch/news/other/erste-best%c3%a4tigte-ansteckung-zwei-weitere-verdachtsf%c3%a4l
|
unknown
|
|
|
|
https://clkde.tradedoubler.com/click?p=295926&a=3064090&g=24886692
|
unknown
|
|
|
|
https://www.google.com/chrome/static/images/favicons/favicon-16x16.png
|
unknown
|
|
|
|
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
|
unknown
|
|
|
|
http://www.amazon.com/
|
unknown
|
|
|
|
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_QuickNote&auth=1
|
unknown
|
|
|
|
https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=
|
unknown
|
|
|
|
http://www.twitter.com/
|
unknown
|
|
|
|
https://office.live.com/start/Excel.aspx?WT.mc_id=MSN_site;Sway
|
unknown
|
|
|
|
https://dev.ditu.live.com/mapcontrol/logging.ashx
|
unknown
|
|
|
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
|
unknown
|
|
|
|
https://ad-delivery.net/px.gif?ch=1&e=0.14307797429571534
|
104.26.2.70
|
|
|
|
https://cdn.cookielaw.org/vendorlist/googleData.json
|
unknown
|
|
|
|
https://outlook.com/
|
unknown
|
|
|
|
https://play.google.com/intl/en_us/badges/images/generic/de_badge_web_generic.png"
|
unknown
|
|
|
|
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
|
unknown
|
|
There are 90 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
contextual.media.net
|
23.211.6.95
|
|
|
|
dart.l.doubleclick.net
|
142.250.203.102
|
|
|
|
hblg.media.net
|
23.211.6.95
|
|
|
|
lg3.media.net
|
23.211.6.95
|
|
|
|
btloader.com
|
104.26.6.139
|
|
|
|
ad-delivery.net
|
104.26.2.70
|
|
|
|
assets.msn.com
|
unknown
|
|
|
|
www.msn.com
|
unknown
|
|
|
|
ad.doubleclick.net
|
unknown
|
|
|
|
cvision.media.net
|
unknown
|
|
|
|
browser.events.data.msn.com
|
unknown
|
|
There are 1 hidden domains, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
104.26.2.70
|
ad-delivery.net
|
United States
|
|
|
|
142.250.203.102
|
dart.l.doubleclick.net
|
United States
|
|
|
|
127.0.0.1
|
unknown
|
unknown
|
|
|
|
104.26.6.139
|
btloader.com
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
|
cval
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
|
cval
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\AdminActive
|
{A15D0487-5416-11EC-90E5-ECF4BB570DC9}
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\iexplore
|
Count
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\iexplore
|
Time
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\iexplore
|
Blocked
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
|
Count
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
|
Time
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
|
Count
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
|
Time
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
|
LoadTimeArray
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
|
LoadTimeArray
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
|
CVListPingLastYMD
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
|
CVListPingBitmap
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
|
CVListPingRandomizedBitmap
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
|
DecayDateQueue
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
|
LastProcessed
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DomainSuggestion
|
NextUpdateDate
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
|
DecayDateQueue
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
|
LastProcessed
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\www.msn.com
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\msn.com
|
Total
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\msn.com
|
NumberOfSubdomains
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
|
Total
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
|
Total
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
|
Total
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
|
Total
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
|
Total
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
|
Total
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
|
Total
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
|
Total
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
|
Total
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
|
Total
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
|
Total
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
|
Total
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
|
Total
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
|
Total
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
|
Total
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
|
Total
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
|
Total
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
|
Total
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
|
Total
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
|
Total
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
|
Total
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
|
Total
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
|
Total
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
|
NULL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
|
|
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\System32\ci.dll,-100
|
|
|
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\System32\ci.dll,-101
|
|
|
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\system32\dnsapi.dll,-103
|
|
|
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\System32\fveui.dll,-843
|
|
|
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\System32\fveui.dll,-844
|
|
|
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\System32\wuaueng.dll,-400
|
|
|
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124
|
|
|
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\system32\NgcRecovery.dll,-100
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage
|
MonthID
|
|
There are 93 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2252B85C000
|
unkown
|
page read and write
|
|
|
|
7F170000
|
unkown image
|
page readonly
|
|
|
|
6ECF0000
|
unkown image
|
page readonly
|
|
|
|
2252B902000
|
unkown
|
page read and write
|
|
|
|
239D5540000
|
unkown image
|
page readonly
|
|
|
|
1E29F380000
|
unkown
|
page read and write
|
|
|
|
2252B87F000
|
unkown
|
page read and write
|
|
|
|
7FF53C834000
|
unkown image
|
page readonly
|
|
|
|
23A0C426000
|
unkown
|
page read and write
|
|
|
|
7FF5E1EE8000
|
unkown image
|
page readonly
|
|
|
|
7FEF0000
|
unkown image
|
page readonly
|
|
|
|
9C5FB7F000
|
stack
|
page read and write
|
|
|
|
181837C0000
|
unkown image
|
page readonly
|
|
|
|
1958C0D0000
|
unkown image
|
page readonly
|
|
|
|
2F47000
|
unkown image
|
page readonly
|
|
|
|
1E29F260000
|
unkown
|
page read and write
|
|
|
|
5E274FF000
|
stack
|
page read and write
|
|
|
|
7FF10000
|
unkown image
|
page readonly
|
|
|
|
9C5F87D000
|
stack
|
page read and write
|
|
|
|
7DF5F89A0000
|
unkown image
|
page readonly
|
|
|
|
2252B864000
|
unkown
|
page read and write
|
|
|
|
7DF5F8982000
|
unkown image
|
page readonly
|
|
|
|
7DF552150000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1CBC000
|
unkown image
|
page readonly
|
|
|
|
7FF53C548000
|
unkown image
|
page readonly
|
|
|
|
181837B0000
|
heap private
|
page read and write
|
|
|
|
9C5F6FD000
|
stack
|
page read and write
|
|
|
|
7FF5E1E7D000
|
unkown image
|
page readonly
|
|
|
|
7DF552140000
|
unkown image
|
page readonly
|
|
|
|
2252B857000
|
unkown
|
page read and write
|
|
|
|
9C5FA7C000
|
stack
|
page read and write
|
|
|
|
7FF5E1D83000
|
unkown image
|
page readonly
|
|
|
|
239D5C30000
|
unkown
|
page read and write
|
|
|
|
7FF5E1E44000
|
unkown image
|
page readonly
|
|
|
|
1E29F3A0000
|
unkown
|
page read and write
|
|
|
|
7DF552142000
|
unkown image
|
page readonly
|
|
|
|
7F0D0000
|
unkown image
|
page readonly
|
|
|
|
239D5895000
|
heap private
|
page read and write
|
|
|
|
7FF5E1806000
|
unkown image
|
page readonly
|
|
|
|
239D56BB000
|
unkown
|
page read and write
|
|
|
|
7FF5E1D69000
|
unkown image
|
page readonly
|
|
|
|
7DF50B7D2000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1F09000
|
unkown image
|
page readonly
|
|
|
|
1E29F45F000
|
unkown
|
page read and write
|
|
|
|
7FF5E1B01000
|
unkown image
|
page readonly
|
|
|
|
7DF59AE92000
|
unkown image
|
page readonly
|
|
|
|
7FF53C84F000
|
unkown image
|
page readonly
|
|
|
|
1E29AC63000
|
unkown
|
page read and write
|
|
|
|
7DF552150000
|
unkown image
|
page readonly
|
|
|
|
2252B863000
|
unkown
|
page read and write
|
|
|
|
1E299CA0000
|
unkown image
|
page read and write
|
|
|
|
7FF53C789000
|
unkown image
|
page readonly
|
|
|
|
7FF5E2D8D000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1F96000
|
unkown image
|
page readonly
|
|
|
|
7FF58503F000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1F9B000
|
unkown image
|
page readonly
|
|
|
|
1E29F700000
|
unkown
|
page read and write
|
|
|
|
1E29F4BB000
|
unkown
|
page read and write
|
|
|
|
1B0000
|
unkown image
|
page readonly
|
|
|
|
1E29F490000
|
unkown
|
page read and write
|
|
|
|
7FF585329000
|
unkown image
|
page readonly
|
|
|
|
2252BE50000
|
unkown image
|
page readonly
|
|
|
|
2252B760000
|
heap private
|
page read and write
|
|
|
|
7FF5E2F9C000
|
unkown image
|
page readonly
|
|
|
|
7FF585483000
|
unkown image
|
page readonly
|
|
|
|
7F0E0000
|
unkown image
|
page readonly
|
|
|
|
239D5638000
|
heap default
|
page read and write
|
|
|
|
1E29F3B4000
|
unkown
|
page read and write
|
|
|
|
1E29F4A5000
|
unkown
|
page read and write
|
|
|
|
7FF53C747000
|
unkown image
|
page readonly
|
|
|
|
239D5698000
|
unkown
|
page read and write
|
|
|
|
1E29A718000
|
unkown
|
page read and write
|
|
|
|
7DF504380000
|
unkown image
|
page readonly
|
|
|
|
2252B873000
|
unkown
|
page read and write
|
|
|
|
1E29F502000
|
unkown
|
page read and write
|
|
|
|
2252B878000
|
unkown
|
page read and write
|
|
|
|
7FF58558F000
|
unkown image
|
page readonly
|
|
|
|
7F0E2000
|
unkown image
|
page readonly
|
|
|
|
7DF50B7D0000
|
unkown image
|
page readonly
|
|
|
|
1958BE30000
|
heap default
|
page read and write
|
|
|
|
1E299E29000
|
unkown
|
page read and write
|
|
|
|
2252B87B000
|
unkown
|
page read and write
|
|
|
|
7FF5E1FCB000
|
unkown image
|
page readonly
|
|
|
|
97BD27A000
|
unkown
|
page read and write
|
|
|
|
18183A5D000
|
unkown
|
page read and write
|
|
|
|
7FF5854DA000
|
unkown image
|
page readonly
|
|
|
|
1958BC10000
|
unkown image
|
page readonly
|
|
|
|
183D5C29000
|
unkown
|
page read and write
|
|
|
|
7FF5E1E90000
|
unkown image
|
page readonly
|
|
|
|
7FEF2000
|
unkown image
|
page readonly
|
|
|
|
2252B81F000
|
unkown
|
page read and write
|
|
|
|
1E29F412000
|
unkown
|
page read and write
|
|
|
|
7FF4F5E13000
|
unkown image
|
page readonly
|
|
|
|
1E29AD50000
|
unkown
|
page read and write
|
|
|
|
7DF552142000
|
unkown image
|
page readonly
|
|
|
|
183D5C5C000
|
unkown
|
page read and write
|
|
|
|
7FF53C83E000
|
unkown image
|
page readonly
|
|
|
|
7FF53C793000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1E1F000
|
unkown image
|
page readonly
|
|
|
|
1E299E7C000
|
unkown
|
page read and write
|
|
|
|
7FF4F5EA0000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1F8F000
|
unkown image
|
page readonly
|
|
|
|
7FF5E308F000
|
unkown image
|
page readonly
|
|
|
|
239D56BB000
|
unkown
|
page read and write
|
|
|
|
1E29F800000
|
unkown
|
page read and write
|
|
|
|
7FF5E1C89000
|
unkown image
|
page readonly
|
|
|
|
2C80000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1E80000
|
unkown image
|
page readonly
|
|
|
|
1E29A713000
|
unkown
|
page read and write
|
|
|
|
1E29F3A0000
|
unkown
|
page read and write
|
|
|
|
1E29F4E3000
|
unkown
|
page read and write
|
|
|
|
7FF585548000
|
unkown image
|
page readonly
|
|
|
|
2F47000
|
unkown image
|
page readonly
|
|
|
|
7B9BF7E000
|
stack
|
page read and write
|
|
|
|
7FF5E1F9E000
|
unkown image
|
page readonly
|
|
|
|
1E299D10000
|
heap default
|
page read and write
|
|
|
|
2A37000
|
unkown image
|
page readonly
|
|
|
|
7DF59AE82000
|
unkown image
|
page readonly
|
|
|
|
1E29F700000
|
unkown
|
page read and write
|
|
|
|
7F0C2000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1E87000
|
unkown image
|
page readonly
|
|
|
|
7F332000
|
unkown image
|
page readonly
|
|
|
|
7DF5F78C0000
|
unkown image
|
page readonly
|
|
|
|
23A0C1E0000
|
heap private
|
page read and write
|
|
|
|
7DF50B7C0000
|
unkown image
|
page readonly
|
|
|
|
7F430000
|
unkown image
|
page readonly
|
|
|
|
1958BBF0000
|
unkown image
|
page readonly
|
|
|
|
7FF53C77D000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1D20000
|
unkown image
|
page readonly
|
|
|
|
1E299E58000
|
unkown
|
page read and write
|
|
|
|
1E299F02000
|
unkown
|
page read and write
|
|
|
|
2252B85D000
|
unkown
|
page read and write
|
|
|
|
7F0F0000
|
unkown image
|
page readonly
|
|
|
|
7FF585472000
|
unkown image
|
page readonly
|
|
|
|
7FF5E2F83000
|
unkown image
|
page readonly
|
|
|
|
23A0C1D0000
|
unkown image
|
page read and write
|
|
|
|
7DF5F8990000
|
unkown image
|
page readonly
|
|
|
|
7F182000
|
unkown image
|
page readonly
|
|
|
|
7FF53C816000
|
unkown image
|
page readonly
|
|
|
|
9C5F77B000
|
stack
|
page read and write
|
|
|
|
7FF5E2E2D000
|
unkown image
|
page readonly
|
|
|
|
7DF552152000
|
unkown image
|
page readonly
|
|
|
|
18183E00000
|
unkown image
|
page readonly
|
|
|
|
5E269BB000
|
unkown
|
page read and write
|
|
|
|
9C5EDBB000
|
unkown
|
page read and write
|
|
|
|
7FF5E1CC3000
|
unkown image
|
page readonly
|
|
|
|
7FF57818C000
|
unkown image
|
page readonly
|
|
|
|
7FF5E2F98000
|
unkown image
|
page readonly
|
|
|
|
1958BE3B000
|
heap default
|
page read and write
|
|
|
|
7FF58558D000
|
unkown image
|
page readonly
|
|
|
|
1E29A702000
|
unkown
|
page read and write
|
|
|
|
7FF5E1FCD000
|
unkown image
|
page readonly
|
|
|
|
67097FE000
|
stack
|
page read and write
|
|
|
|
1E29F380000
|
unkown
|
page read and write
|
|
|
|
7FF4F5DFD000
|
unkown image
|
page readonly
|
|
|
|
7B9BFFC000
|
stack
|
page read and write
|
|
|
|
F2CDFB000
|
stack
|
page read and write
|
|
|
|
7FF5E1EBC000
|
unkown image
|
page readonly
|
|
|
|
1E299E72000
|
unkown
|
page read and write
|
|
|
|
7FF585322000
|
unkown image
|
page readonly
|
|
|
|
7FF5E304F000
|
unkown image
|
page readonly
|
|
|
|
7FF53C81B000
|
unkown image
|
page readonly
|
|
|
|
239D569D000
|
unkown
|
page read and write
|
|
|
|
2252B858000
|
unkown
|
page read and write
|
|
|
|
7FF5E1D64000
|
unkown image
|
page readonly
|
|
|
|
7FF4F5E88000
|
unkown image
|
page readonly
|
|
|
|
97BD57F000
|
stack
|
page read and write
|
|
|
|
1E299EFF000
|
unkown
|
page read and write
|
|
|
|
7FF4F5DDE000
|
unkown image
|
page readonly
|
|
|
|
2252B813000
|
unkown
|
page read and write
|
|
|
|
2252B770000
|
unkown image
|
page readonly
|
|
|
|
1E29F42C000
|
unkown
|
page read and write
|
|
|
|
7FF5E1EA8000
|
unkown image
|
page readonly
|
|
|
|
7FF5E2FD3000
|
unkown image
|
page readonly
|
|
|
|
2252B884000
|
unkown
|
page read and write
|
|
|
|
1E29F600000
|
unkown
|
page read and write
|
|
|
|
7FF5E1773000
|
unkown image
|
page readonly
|
|
|
|
239D56A8000
|
unkown
|
page read and write
|
|
|
|
18183A00000
|
unkown
|
page read and write
|
|
|
|
7FF4F5E96000
|
unkown image
|
page readonly
|
|
|
|
239D54F0000
|
unkown image
|
page read and write
|
|
|
|
7DF5F89A0000
|
unkown image
|
page readonly
|
|
|
|
2252BAD0000
|
unkown image
|
page readonly
|
|
|
|
1E29F250000
|
unkown
|
page read and write
|
|
|
|
7DF50B7C0000
|
unkown image
|
page readonly
|
|
|
|
67091FB000
|
unkown
|
page read and write
|
|
|
|
1E29F3B0000
|
unkown
|
page read and write
|
|
|
|
1E29A200000
|
unkown image
|
page readonly
|
|
|
|
7FF4F5EBB000
|
unkown image
|
page readonly
|
|
|
|
7FF58524B000
|
unkown image
|
page readonly
|
|
|
|
7FF5E308D000
|
unkown image
|
page readonly
|
|
|
|
7FF58557E000
|
unkown image
|
page readonly
|
|
|
|
1E29F3E0000
|
unkown
|
page read and write
|
|
|
|
1E29A759000
|
unkown
|
page read and write
|
|
|
|
7FF5E1D90000
|
unkown image
|
page readonly
|
|
|
|
1E299F02000
|
unkown
|
page read and write
|
|
|
|
7DF498D50000
|
unkown image
|
page readonly
|
|
|
|
7FF5E2E56000
|
unkown image
|
page readonly
|
|
|
|
7FF5E184B000
|
unkown image
|
page readonly
|
|
|
|
1E299EA1000
|
unkown
|
page read and write
|
|
|
|
7FF5852E0000
|
unkown image
|
page readonly
|
|
|
|
1958BE55000
|
unkown
|
page read and write
|
|
|
|
7FF5E1EA4000
|
unkown image
|
page readonly
|
|
|
|
239D56BE000
|
unkown
|
page read and write
|
|
|
|
2252B855000
|
unkown
|
page read and write
|
|
|
|
7FF5E2FDA000
|
unkown image
|
page readonly
|
|
|
|
1958BE54000
|
unkown
|
page read and write
|
|
|
|
7FF4F5EAD000
|
unkown image
|
page readonly
|
|
|
|
7FF5E2FA8000
|
unkown image
|
page readonly
|
|
|
|
7FF5E2FF5000
|
unkown image
|
page readonly
|
|
|
|
1E299E9F000
|
unkown
|
page read and write
|
|
|
|
7FF585464000
|
unkown image
|
page readonly
|
|
|
|
7DF4F5790000
|
unkown image
|
page readonly
|
|
|
|
239D5674000
|
unkown
|
page read and write
|
|
|
|
1E29F690000
|
unkown
|
page read and write
|
|
|
|
7DF5F78C0000
|
unkown image
|
page readonly
|
|
|
|
7DF50B7D2000
|
unkown image
|
page readonly
|
|
|
|
239D5750000
|
unkown
|
page read and write
|
|
|
|
7DF5F78D2000
|
unkown image
|
page readonly
|
|
|
|
100000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1AD6000
|
unkown image
|
page readonly
|
|
|
|
7DF59AE90000
|
unkown image
|
page readonly
|
|
|
|
239D5C30000
|
unkown
|
page read and write
|
|
|
|
1E299EA1000
|
unkown
|
page read and write
|
|
|
|
7FF5854BD000
|
unkown image
|
page readonly
|
|
|
|
2252B800000
|
unkown
|
page read and write
|
|
|
|
7FF53C50E000
|
unkown image
|
page readonly
|
|
|
|
7FF585281000
|
unkown image
|
page readonly
|
|
|
|
1E299E94000
|
unkown
|
page read and write
|
|
|
|
6ECF0000
|
unkown image
|
page readonly
|
|
|
|
1E29A718000
|
unkown
|
page read and write
|
|
|
|
7DF50B7E0000
|
unkown image
|
page readonly
|
|
|
|
181837C0000
|
unkown image
|
page readonly
|
|
|
|
23A0C210000
|
unkown image
|
page readonly
|
|
|
|
18183A5F000
|
unkown
|
page read and write
|
|
|
|
7DF59AE80000
|
unkown image
|
page readonly
|
|
|
|
1958BBF0000
|
unkown image
|
page readonly
|
|
|
|
7FF58549C000
|
unkown image
|
page readonly
|
|
|
|
7DF552140000
|
unkown image
|
page readonly
|
|
|
|
7DF50B7E0000
|
unkown image
|
page readonly
|
|
|
|
7B9BB1E000
|
stack
|
page read and write
|
|
|
|
7FF5854C9000
|
unkown image
|
page readonly
|
|
|
|
239D56C6000
|
unkown
|
page read and write
|
|
|
|
7FF57818C000
|
unkown image
|
page readonly
|
|
|
|
1E29F621000
|
unkown
|
page read and write
|
|
|
|
7FF5E308B000
|
unkown image
|
page readonly
|
|
|
|
1E29A380000
|
unkown image
|
page readonly
|
|
|
|
1958BBE0000
|
unkown image
|
page readonly
|
|
|
|
18183C00000
|
unkown image
|
page readonly
|
|
|
|
1E29F3E0000
|
unkown
|
page read and write
|
|
|
|
7DF59AEA0000
|
unkown image
|
page readonly
|
|
|
|
7B9C1FD000
|
stack
|
page read and write
|
|
|
|
7FF5E1D9C000
|
unkown image
|
page readonly
|
|
|
|
18183A3D000
|
unkown
|
page read and write
|
|
|
|
239D5674000
|
unkown
|
page read and write
|
|
|
|
2252B84B000
|
unkown
|
page read and write
|
|
|
|
F2D6FE000
|
stack
|
page read and write
|
|
|
|
7FF5E1CB3000
|
unkown image
|
page readonly
|
|
|
|
7FF5E2F72000
|
unkown image
|
page readonly
|
|
|
|
7FF585574000
|
unkown image
|
page readonly
|
|
|
|
5E271FD000
|
stack
|
page read and write
|
|
|
|
7FF5E307E000
|
unkown image
|
page readonly
|
|
|
|
7FF4F5EB4000
|
unkown image
|
page readonly
|
|
|
|
7FF5E2F7C000
|
unkown image
|
page readonly
|
|
|
|
7FF5854E2000
|
unkown image
|
page readonly
|
|
|
|
183D5C02000
|
unkown
|
page read and write
|
|
|
|
5E26DFA000
|
stack
|
page read and write
|
|
|
|
7FF5E1A7F000
|
unkown image
|
page readonly
|
|
|
|
7DF59AEA0000
|
unkown image
|
page readonly
|
|
|
|
850000
|
unkown image
|
page readonly
|
|
|
|
239D565C000
|
unkown
|
page read and write
|
|
|
|
1E29A759000
|
unkown
|
page read and write
|
|
|
|
2252B866000
|
unkown
|
page read and write
|
|
|
|
7FF5E2E4C000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1EA0000
|
unkown image
|
page readonly
|
|
|
|
7DF5C3AB2000
|
unkown image
|
page readonly
|
|
|
|
5E275FE000
|
stack
|
page read and write
|
|
|
|
F2CA7F000
|
stack
|
page read and write
|
|
|
|
7FF58547C000
|
unkown image
|
page readonly
|
|
|
|
7FF585556000
|
unkown image
|
page readonly
|
|
|
|
7DF5F78E0000
|
unkown image
|
page readonly
|
|
|
|
1958C0C5000
|
heap private
|
page read and write
|
|
|
|
7FF5E1F1A000
|
unkown image
|
page readonly
|
|
|
|
239D5730000
|
unkown
|
page read and write
|
|
|
|
7F410000
|
unkown image
|
page readonly
|
|
|
|
18183A76000
|
unkown
|
page read and write
|
|
|
|
183D5D02000
|
unkown
|
page read and write
|
|
|
|
183D5C13000
|
unkown
|
page read and write
|
|
|
|
1E29F4AE000
|
unkown
|
page read and write
|
|
|
|
23A0C400000
|
unkown
|
page read and write
|
|
|
|
F2D2FA000
|
stack
|
page read and write
|
|
|
|
7FF58535D000
|
unkown image
|
page readonly
|
|
|
|
2252B862000
|
unkown
|
page read and write
|
|
|
|
7FF5852B1000
|
unkown image
|
page readonly
|
|
|
|
181837F0000
|
unkown image
|
page readonly
|
|
|
|
7FF5852B3000
|
unkown image
|
page readonly
|
|
|
|
2252B845000
|
unkown
|
page read and write
|
|
|
|
7F420000
|
unkown image
|
page readonly
|
|
|
|
1E29F509000
|
unkown
|
page read and write
|
|
|
|
1E29F4FB000
|
unkown
|
page read and write
|
|
|
|
7FF5E3048000
|
unkown image
|
page readonly
|
|
|
|
7FF5E2FC5000
|
unkown image
|
page readonly
|
|
|
|
9C5F5FE000
|
stack
|
page read and write
|
|
|
|
239D569B000
|
unkown
|
page read and write
|
|
|
|
1958C0B0000
|
unkown image
|
page readonly
|
|
|
|
23A0C413000
|
unkown
|
page read and write
|
|
|
|
1E299CE0000
|
unkown image
|
page readonly
|
|
|
|
7FF4F5E8F000
|
unkown image
|
page readonly
|
|
|
|
7FF584D46000
|
unkown image
|
page readonly
|
|
|
|
2252B834000
|
unkown
|
page read and write
|
|
|
|
1E29F6B0000
|
unkown
|
page read and write
|
|
|
|
2252B83D000
|
unkown
|
page read and write
|
|
|
|
7FF58540E000
|
unkown image
|
page readonly
|
|
|
|
1E299E00000
|
unkown
|
page read and write
|
|
|
|
7FF5E1B44000
|
unkown image
|
page readonly
|
|
|
|
183D5AA0000
|
heap default
|
page read and write
|
|
|
|
7F422000
|
unkown image
|
page readonly
|
|
|
|
1958C0C0000
|
heap private
|
page read and write
|
|
|
|
1958BE57000
|
unkown
|
page read and write
|
|
|
|
1958BE45000
|
unkown
|
page read and write
|
|
|
|
7FF02000
|
unkown image
|
page readonly
|
|
|
|
18184002000
|
unkown
|
page read and write
|
|
|
|
1010000
|
unkown image
|
page readonly
|
|
|
|
7F172000
|
unkown image
|
page readonly
|
|
|
|
7FF585327000
|
unkown image
|
page readonly
|
|
|
|
6ECF0000
|
unkown image
|
page readonly
|
|
|
|
7F0F2000
|
unkown image
|
page readonly
|
|
|
|
7DF552160000
|
unkown image
|
page readonly
|
|
|
|
1E29F4A5000
|
unkown
|
page read and write
|
|
|
|
1E29A600000
|
unkown
|
page read and write
|
|
|
|
F2C78B000
|
unkown
|
page read and write
|
|
|
|
1E29F624000
|
unkown
|
page read and write
|
|
|
|
239D5630000
|
heap default
|
page read and write
|
|
|
|
18183A02000
|
unkown
|
page read and write
|
|
|
|
23A0C43E000
|
unkown
|
page read and write
|
|
|
|
1E29A602000
|
unkown
|
page read and write
|
|
|
|
7DF5C3AC0000
|
unkown image
|
page readonly
|
|
|
|
5EAEAFF000
|
stack
|
page read and write
|
|
|
|
7DF59AE90000
|
unkown image
|
page readonly
|
|
|
|
7FF585497000
|
unkown image
|
page readonly
|
|
|
|
7FF5E2760000
|
unkown image
|
page readonly
|
|
|
|
1E299CF0000
|
unkown image
|
page readonly
|
|
|
|
7FF5854F5000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1CD7000
|
unkown image
|
page readonly
|
|
|
|
7FF585411000
|
unkown image
|
page readonly
|
|
|
|
1E29F680000
|
unkown
|
page read and write
|
|
|
|
7FF4F5E05000
|
unkown image
|
page readonly
|
|
|
|
183D5A40000
|
heap private
|
page read and write
|
|
|
|
2252B859000
|
unkown
|
page read and write
|
|
|
|
7FF58555B000
|
unkown image
|
page readonly
|
|
|
|
239D5890000
|
heap private
|
page read and write
|
|
|
|
7FF5E1F88000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1F35000
|
unkown image
|
page readonly
|
|
|
|
2252B7C0000
|
heap default
|
page read and write
|
|
|
|
183D5BD0000
|
unkown
|
page read and write
|
|
|
|
67094FF000
|
stack
|
page read and write
|
|
|
|
18183B02000
|
unkown
|
page read and write
|
|
|
|
7DF50B7C2000
|
unkown image
|
page readonly
|
|
|
|
7DF504370000
|
unkown image
|
page readonly
|
|
|
|
7FF53C84F000
|
unkown image
|
page readonly
|
|
|
|
7FF5E306D000
|
unkown image
|
page readonly
|
|
|
|
1E29F4BC000
|
unkown
|
page read and write
|
|
|
|
1E29A704000
|
unkown
|
page read and write
|
|
|
|
7FF5E1CF3000
|
unkown image
|
page readonly
|
|
|
|
2252B865000
|
unkown
|
page read and write
|
|
|
|
7FF4F5E35000
|
unkown image
|
page readonly
|
|
|
|
239D5663000
|
unkown
|
page read and write
|
|
|
|
23A0C240000
|
heap default
|
page read and write
|
|
|
|
1E299E8E000
|
unkown
|
page read and write
|
|
|
|
7FF58557B000
|
unkown image
|
page readonly
|
|
|
|
7DF5F78D2000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1B4A000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1EB2000
|
unkown image
|
page readonly
|
|
|
|
5E272FF000
|
stack
|
page read and write
|
|
|
|
7FF5E1CCD000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1FCF000
|
unkown image
|
page readonly
|
|
|
|
7DF5F8982000
|
unkown image
|
page readonly
|
|
|
|
2252B867000
|
unkown
|
page read and write
|
|
|
|
7DF5F8992000
|
unkown image
|
page readonly
|
|
|
|
F2CEFE000
|
stack
|
page read and write
|
|
|
|
7FF5E1FB4000
|
unkown image
|
page readonly
|
|
|
|
9C5F3FC000
|
stack
|
page read and write
|
|
|
|
7FF5E1B57000
|
unkown image
|
page readonly
|
|
|
|
1E299E90000
|
unkown
|
page read and write
|
|
|
|
239D56BD000
|
unkown
|
page read and write
|
|
|
|
181838F0000
|
unkown image
|
page readonly
|
|
|
|
7B9C0FE000
|
stack
|
page read and write
|
|
|
|
7FF53C768000
|
unkown image
|
page readonly
|
|
|
|
7FF5E2D1A000
|
unkown image
|
page readonly
|
|
|
|
7FF5E308F000
|
unkown image
|
page readonly
|
|
|
|
1E29F41E000
|
unkown
|
page read and write
|
|
|
|
6ECF0000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1FCF000
|
unkown image
|
page readonly
|
|
|
|
7FF53C84B000
|
unkown image
|
page readonly
|
|
|
|
1E29F44C000
|
unkown
|
page read and write
|
|
|
|
1E299E13000
|
unkown
|
page read and write
|
|
|
|
7FF58558F000
|
unkown image
|
page readonly
|
|
|
|
2252B868000
|
unkown
|
page read and write
|
|
|
|
183D5A70000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1F13000
|
unkown image
|
page readonly
|
|
|
|
7DF5F78C2000
|
unkown image
|
page readonly
|
|
|
|
7DF4F6850000
|
unkown image
|
page readonly
|
|
|
|
7FF4F5ECF000
|
unkown image
|
page readonly
|
|
|
|
7B9C27F000
|
stack
|
page read and write
|
|
|
|
2252B7D0000
|
unkown image
|
page readonly
|
|
|
|
2252B860000
|
unkown
|
page read and write
|
|
|
|
7FF5E1F05000
|
unkown image
|
page readonly
|
|
|
|
7DF50B7C2000
|
unkown image
|
page readonly
|
|
|
|
7FF585283000
|
unkown image
|
page readonly
|
|
|
|
7FF5E2E5F000
|
unkown image
|
page readonly
|
|
|
|
2252B790000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1C8F000
|
unkown image
|
page readonly
|
|
|
|
7FF5E3060000
|
unkown image
|
page readonly
|
|
|
|
183D5A50000
|
unkown image
|
page readonly
|
|
|
|
7FF53C808000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1B74000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1B1F000
|
unkown image
|
page readonly
|
|
|
|
1E299EFF000
|
unkown
|
page read and write
|
|
|
|
7FF53C820000
|
unkown image
|
page readonly
|
|
|
|
F2CBF7000
|
stack
|
page read and write
|
|
|
|
239D5695000
|
unkown
|
page read and write
|
|
|
|
1E299EB5000
|
unkown
|
page read and write
|
|
|
|
183D6180000
|
unkown image
|
page readonly
|
|
|
|
1E29F60E000
|
unkown
|
page read and write
|
|
|
|
2252B7F0000
|
unkown
|
page read and write
|
|
|
|
239D5C30000
|
unkown
|
page read and write
|
|
|
|
7FF53C785000
|
unkown image
|
page readonly
|
|
|
|
7FF5E2D49000
|
unkown image
|
page readonly
|
|
|
|
1E29A000000
|
unkown image
|
page readonly
|
|
|
|
7FF58558B000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1EDC000
|
unkown image
|
page readonly
|
|
|
|
239D5661000
|
heap default
|
page read and write
|
|
|
|
1E29F4FF000
|
unkown
|
page read and write
|
|
|
|
7FF53C5ED000
|
unkown image
|
page readonly
|
|
|
|
1E29AC60000
|
unkown
|
page read and write
|
|
|
|
183D6190000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1FAD000
|
unkown image
|
page readonly
|
|
|
|
7FF53C80F000
|
unkown image
|
page readonly
|
|
|
|
7DF450010000
|
unkown image
|
page readonly
|
|
|
|
183D6402000
|
unkown
|
page read and write
|
|
|
|
5EAE87C000
|
unkown
|
page read and write
|
|
|
|
183D5A30000
|
unkown image
|
page read and write
|
|
|
|
239D5530000
|
unkown image
|
page readonly
|
|
|
|
2252B7A0000
|
unkown image
|
page readonly
|
|
|
|
1E29F370000
|
unkown
|
page read and write
|
|
|
|
1958BC20000
|
unkown image
|
page readonly
|
|
|
|
7FF5E2FC9000
|
unkown image
|
page readonly
|
|
|
|
7DF5C3AC2000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1EC3000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1D6D000
|
unkown image
|
page readonly
|
|
|
|
7DF5F8990000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1D88000
|
unkown image
|
page readonly
|
|
|
|
23A0C1F0000
|
unkown image
|
page readonly
|
|
|
|
7FF5AE1BF000
|
unkown image
|
page readonly
|
|
|
|
183D5C00000
|
unkown
|
page read and write
|
|
|
|
F2CFFB000
|
stack
|
page read and write
|
|
|
|
7DF59AE82000
|
unkown image
|
page readonly
|
|
|
|
18183F80000
|
unkown image
|
page readonly
|
|
|
|
7FF5E307B000
|
unkown image
|
page readonly
|
|
|
|
7DF59AE80000
|
unkown image
|
page readonly
|
|
|
|
97BD37E000
|
stack
|
page read and write
|
|
|
|
7FF5E1EC7000
|
unkown image
|
page readonly
|
|
|
|
7F0C0000
|
unkown image
|
page readonly
|
|
|
|
7DF5F8980000
|
unkown image
|
page readonly
|
|
|
|
7DF5F8980000
|
unkown image
|
page readonly
|
|
|
|
2252B86A000
|
unkown
|
page read and write
|
|
|
|
1E29F1E0000
|
unkown
|
page read and write
|
|
|
|
1E29B1D0000
|
unkown
|
page read and write
|
|
|
|
1E299E96000
|
unkown
|
page read and write
|
|
|
|
1E29F700000
|
unkown
|
page read and write
|
|
|
|
1958BD10000
|
unkown
|
page read and write
|
|
|
|
7FF5E2F87000
|
unkown image
|
page readonly
|
|
|
|
5EAEA7F000
|
stack
|
page read and write
|
|
|
|
1E29F370000
|
unkown
|
page read and write
|
|
|
|
7FF53C79A000
|
unkown image
|
page readonly
|
|
|
|
7FF5854FD000
|
unkown image
|
page readonly
|
|
|
|
239D5510000
|
unkown image
|
page readonly
|
|
|
|
23A0C220000
|
unkown image
|
page readonly
|
|
|
|
670947F000
|
stack
|
page read and write
|
|
|
|
7FF5E2FBD000
|
unkown image
|
page readonly
|
|
|
|
2252B750000
|
unkown image
|
page read and write
|
|
|
|
1958BE4A000
|
unkown
|
page read and write
|
|
|
|
181839E0000
|
unkown
|
page read and write
|
|
|
|
7DF409690000
|
unkown image
|
page readonly
|
|
|
|
7FF53C83B000
|
unkown image
|
page readonly
|
|
|
|
2252C002000
|
unkown
|
page read and write
|
|
|
|
239D56C5000
|
unkown
|
page read and write
|
|
|
|
23A0C320000
|
unkown image
|
page readonly
|
|
|
|
7B9C37D000
|
stack
|
page read and write
|
|
|
|
5E276FF000
|
stack
|
page read and write
|
|
|
|
2252B86B000
|
unkown
|
page read and write
|
|
|
|
1E29F4A9000
|
unkown
|
page read and write
|
|
|
|
1E29F400000
|
unkown
|
page read and write
|
|
|
|
7FF5E2F0E000
|
unkown image
|
page readonly
|
|
|
|
239D5663000
|
heap default
|
page read and write
|
|
|
|
7FF5E305B000
|
unkown image
|
page readonly
|
|
|
|
7FF53C6B7000
|
unkown image
|
page readonly
|
|
|
|
183D5BD0000
|
unkown
|
page read and write
|
|
|
|
2252B875000
|
unkown
|
page read and write
|
|
|
|
1E29F3E0000
|
unkown
|
page read and write
|
|
|
|
18183A59000
|
unkown
|
page read and write
|
|
|
|
239D5510000
|
unkown image
|
page readonly
|
|
|
|
1E29F270000
|
unkown
|
page read and write
|
|
|
|
23A0C330000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1E07000
|
unkown image
|
page readonly
|
|
|
|
2252B770000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1786000
|
unkown image
|
page readonly
|
|
|
|
2F47000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1CBA000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1CF1000
|
unkown image
|
page readonly
|
|
|
|
1958BD30000
|
unkown
|
page read and write
|
|
|
|
1E299CC0000
|
unkown image
|
page readonly
|
|
|
|
7DF5C3AB0000
|
unkown image
|
page readonly
|
|
|
|
7FF5E3056000
|
unkown image
|
page readonly
|
|
|
|
23A0C429000
|
unkown
|
page read and write
|
|
|
|
1958BE59000
|
unkown
|
page read and write
|
|
|
|
1E29F48E000
|
unkown
|
page read and write
|
|
|
|
23A0C1F0000
|
unkown image
|
page readonly
|
|
|
|
1E299E7A000
|
unkown
|
page read and write
|
|
|
|
7FF5E3074000
|
unkown image
|
page readonly
|
|
|
|
7FF5854C5000
|
unkown image
|
page readonly
|
|
|
|
7FF5854A8000
|
unkown image
|
page readonly
|
|
|
|
5E26EFD000
|
stack
|
page read and write
|
|
|
|
2252B876000
|
unkown
|
page read and write
|
|
|
|
1E299F07000
|
unkown
|
page read and write
|
|
|
|
7FF5E1FBB000
|
unkown image
|
page readonly
|
|
|
|
7FF4F5E09000
|
unkown image
|
page readonly
|
|
|
|
7FF5E2D97000
|
unkown image
|
page readonly
|
|
|
|
239D56A8000
|
unkown
|
page read and write
|
|
|
|
7FF4EEA7F000
|
unkown image
|
page readonly
|
|
|
|
7F330000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1BA1000
|
unkown image
|
page readonly
|
|
|
|
7DF5F8992000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1C5A000
|
unkown image
|
page readonly
|
|
|
|
7DF5F78D0000
|
unkown image
|
page readonly
|
|
|
|
9C5F47F000
|
stack
|
page read and write
|
|
|
|
7FF5E1B5F000
|
unkown image
|
page readonly
|
|
|
|
7F322000
|
unkown image
|
page readonly
|
|
|
|
183D5C3C000
|
unkown
|
page read and write
|
|
|
|
7F340000
|
unkown image
|
page readonly
|
|
|
|
7DF5F78D0000
|
unkown image
|
page readonly
|
|
|
|
2252B840000
|
unkown
|
page read and write
|
|
|
|
7F0E0000
|
unkown image
|
page readonly
|
|
|
|
7FF58532D000
|
unkown image
|
page readonly
|
|
|
|
67098FF000
|
stack
|
page read and write
|
|
|
|
7FF5E2E22000
|
unkown image
|
page readonly
|
|
|
|
7B9BA9B000
|
unkown
|
page read and write
|
|
|
|
5E273FF000
|
stack
|
page read and write
|
|
|
|
67096FE000
|
stack
|
page read and write
|
|
|
|
1200000
|
unkown image
|
page readonly
|
|
|
|
1E29A615000
|
unkown
|
page read and write
|
|
|
|
F2D4FA000
|
stack
|
page read and write
|
|
|
|
97BD4FD000
|
stack
|
page read and write
|
|
|
|
7FF58554F000
|
unkown image
|
page readonly
|
|
|
|
1E29F6A0000
|
unkown
|
page read and write
|
|
|
|
2252B87C000
|
unkown
|
page read and write
|
|
|
|
7FF5854D3000
|
unkown image
|
page readonly
|
|
|
|
97BD3FB000
|
stack
|
page read and write
|
|
|
|
239D5500000
|
unkown image
|
page readonly
|
|
|
|
5EAE8FF000
|
stack
|
page read and write
|
|
|
|
18183A13000
|
unkown
|
page read and write
|
|
|
|
7DF504382000
|
unkown image
|
page readonly
|
|
|
|
181837E0000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1769000
|
unkown image
|
page readonly
|
|
|
|
183D6260000
|
unkown
|
page read and write
|
|
|
|
9C5F57F000
|
stack
|
page read and write
|
|
|
|
183D6000000
|
unkown image
|
page readonly
|
|
|
|
7DF50B7D0000
|
unkown image
|
page readonly
|
|
|
|
239D5AA0000
|
unkown image
|
page readonly
|
|
|
|
7FF585560000
|
unkown image
|
page readonly
|
|
|
|
7DF552152000
|
unkown image
|
page readonly
|
|
|
|
7F180000
|
unkown image
|
page readonly
|
|
|
|
2F47000
|
unkown image
|
page readonly
|
|
|
|
1E29A470000
|
unkown
|
page read and write
|
|
|
|
2252B829000
|
unkown
|
page read and write
|
|
|
|
7FF5E1ED7000
|
unkown image
|
page readonly
|
|
|
|
7DF504390000
|
unkown image
|
page readonly
|
|
|
|
2252BCD0000
|
unkown image
|
page readonly
|
|
|
|
183D5A80000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1FBE000
|
unkown image
|
page readonly
|
|
|
|
1958BF30000
|
unkown image
|
page readonly
|
|
|
|
7FF5E2F64000
|
unkown image
|
page readonly
|
|
|
|
1E29F660000
|
unkown
|
page read and write
|
|
|
|
1E29F4EA000
|
unkown
|
page read and write
|
|
|
|
7FF5E1B50000
|
unkown image
|
page readonly
|
|
|
|
7FF58556D000
|
unkown image
|
page readonly
|
|
|
|
7DF552160000
|
unkown image
|
page readonly
|
|
|
|
7FF53C503000
|
unkown image
|
page readonly
|
|
|
|
1958BBD0000
|
unkown image
|
page read and write
|
|
|
|
1E299CB0000
|
heap private
|
page read and write
|
|
|
|
1E29F47E000
|
unkown
|
page read and write
|
|
|
|
7FF585413000
|
unkown image
|
page readonly
|
|
|
|
7FF4F5ECF000
|
unkown image
|
page readonly
|
|
|
|
7F0D2000
|
unkown image
|
page readonly
|
|
|
|
1E299E3D000
|
unkown
|
page read and write
|
|
|
|
239D56A8000
|
unkown
|
page read and write
|
|
|
|
7FF00000
|
unkown image
|
page readonly
|
|
|
|
7F100000
|
unkown image
|
page readonly
|
|
|
|
7FF53C75C000
|
unkown image
|
page readonly
|
|
|
|
18183B13000
|
unkown
|
page read and write
|
|
|
|
181837A0000
|
unkown image
|
page read and write
|
|
|
|
2252B86F000
|
unkown
|
page read and write
|
|
|
|
183D5BA0000
|
unkown
|
page read and write
|
|
|
|
1E299E78000
|
unkown
|
page read and write
|
|
|
|
7DF5F78C2000
|
unkown image
|
page readonly
|
|
|
|
6EF80000
|
unkown image
|
page readonly
|
|
|
|
5E26FFD000
|
stack
|
page read and write
|
|
|
|
1E299DF0000
|
unkown image
|
page readonly
|
|
|
|
5EAEB7E000
|
stack
|
page read and write
|
|
|
|
183D5B80000
|
unkown image
|
page readonly
|
|
|
|
7DF59AE92000
|
unkown image
|
page readonly
|
|
|
|
7DF5C3AD0000
|
unkown image
|
page readonly
|
|
|
|
5EAE97F000
|
stack
|
page read and write
|
|
|
|
F2CCFA000
|
stack
|
page read and write
|
|
|
|
7DF504372000
|
unkown image
|
page readonly
|
|
|
|
1E299F14000
|
unkown
|
page read and write
|
|
|
|
7FF53C7B5000
|
unkown image
|
page readonly
|
|
|
|
6ECF0000
|
unkown image
|
page readonly
|
|
|
|
7F190000
|
unkown image
|
page readonly
|
|
|
|
7FF4F5EBE000
|
unkown image
|
page readonly
|
|
|
|
239D5C20000
|
unkown image
|
page readonly
|
|
|
|
183D5C27000
|
unkown
|
page read and write
|
|
|
|
1E299CC0000
|
unkown image
|
page readonly
|
|
|
|
1E29F1D0000
|
unkown
|
page read and write
|
|
|
|
7F320000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1CC1000
|
unkown image
|
page readonly
|
|
|
|
6ECF0000
|
unkown image
|
page readonly
|
|
|
|
7DF5F78E0000
|
unkown image
|
page readonly
|
|
|
|
18183810000
|
heap default
|
page read and write
|
|
|
|
239D56BB000
|
unkown
|
page read and write
|
|
|
|
1E29F508000
|
unkown
|
page read and write
|
|
|
|
239D5695000
|
unkown
|
page read and write
|
|
|
|
1E29F608000
|
unkown
|
page read and write
|
|
|
|
18183900000
|
unkown image
|
page readonly
|
|
|
|
239D58A0000
|
unkown image
|
page readonly
|
|
|
|
1E299EB5000
|
unkown
|
page read and write
|
|
|
|
183D5A50000
|
unkown image
|
page readonly
|
|
|
|
1E29F7C0000
|
unkown
|
page read and write
|
|
|
|
1E29A700000
|
unkown
|
page read and write
|
|
|
|
183D5E00000
|
unkown image
|
page readonly
|
|
|
|
7FF4F5E33000
|
unkown image
|
page readonly
|
|
|
|
97BD47C000
|
stack
|
page read and write
|
|
|
|
2252B85F000
|
unkown
|
page read and write
|
|
|
|
7F412000
|
unkown image
|
page readonly
|
|
|
|
18183A41000
|
unkown
|
page read and write
|
|
|
|
18183A29000
|
unkown
|
page read and write
|
|
|
|
1E299EBD000
|
unkown
|
page read and write
|
|
|
|
7FF5E1EFD000
|
unkown image
|
page readonly
|
|
|
|
183D5BD0000
|
unkown
|
page read and write
|
|
|
|
1E29F43F000
|
unkown
|
page read and write
|
|
There are 640 hidden memdumps, click here to show them.