IOC Report
upfilles.dll.exe

loading gif

Files

File Path
Type
Category
Malicious
upfilles.dll.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
initial sample
 malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_upf_964e80f5d1a5f925558a7e6299462efecb949df_9db0ef65_6fb130ca-cac1-4736-bec2-e227247d8b1e\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_upf_964e80f5d1a5f925558a7e6299462efecb949df_9db0ef65_d9b8934c-437b-450d-af46-0185962b24b1\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_upf_dc8a9dd96bb43aa654aa29aa9f464ac6a31131f_9db0ef65_7dc7f057-dc81-4d91-9caa-bd8701d223a3\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_upf_dc8a9dd96bb43aa654aa29aa9f464ac6a31131f_9db0ef65_8641b0ad-46f6-452c-a496-10d58d4ec871\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2D40.tmp.dmp
Mini DuMP crash report, 14 streams, Fri May 10 22:04:02 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2DFD.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2E1D.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER389A.tmp.dmp
Mini DuMP crash report, 14 streams, Fri May 10 22:04:05 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER38DA.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3919.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER459B.tmp.dmp
Mini DuMP crash report, 14 streams, Fri May 10 22:04:08 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4619.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4648.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4656.tmp.dmp
Mini DuMP crash report, 14 streams, Fri May 10 22:04:08 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER46C4.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4704.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Windows\appcompat\Programs\Amcache.hve
MS Windows registry file, NT/2000 or above
dropped
There are 8 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Windows\System32\cmd.exe
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\upfilles.dll.dll",#1
 malicious
C:\Windows\System32\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\upfilles.dll.dll",#1
 malicious
C:\Windows\System32\rundll32.exe
rundll32.exe C:\Users\user\Desktop\upfilles.dll.dll,DllCanUnloadNow
 malicious
C:\Windows\System32\rundll32.exe
rundll32.exe C:\Users\user\Desktop\upfilles.dll.dll,DllGetClassObject
 malicious
C:\Windows\System32\rundll32.exe
rundll32.exe C:\Users\user\Desktop\upfilles.dll.dll,DllInstall
 malicious
C:\Windows\System32\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\upfilles.dll.dll",DllCanUnloadNow
 malicious
C:\Windows\System32\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\upfilles.dll.dll",DllGetClassObject
 malicious
C:\Windows\System32\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\upfilles.dll.dll",DllInstall
 malicious
C:\Windows\System32\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\upfilles.dll.dll",DllUnregisterServer
 malicious
C:\Windows\System32\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\upfilles.dll.dll",stow
 malicious
C:\Windows\explorer.exe
C:\Windows\Explorer.EXE
 malicious
C:\Windows\System32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Users\user\AppData\Roaming\upfilles.dll", stow
 malicious
C:\Windows\System32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Users\user\AppData\Roaming\upfilles.dll", stow
 malicious
C:\Windows\System32\loaddll64.exe
loaddll64.exe "C:\Users\user\Desktop\upfilles.dll.dll"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\regsvr32.exe
regsvr32.exe /i /s C:\Users\user\Desktop\upfilles.dll.dll
C:\Windows\System32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 6324 -s 344
C:\Windows\System32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 6516 -s 344
C:\Windows\System32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 7272 -s 344
C:\Windows\System32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 7288 -s 344
There are 10 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://illoskanawer.com/live/
malicious
https://uncertain-kitten-gw.aws-euc1.cloud-ara.tyk.io/api/azure
3.69.236.35
 malicious
https://anikvan.com/content.php
95.164.68.73
 malicious
https://ridiculous-breakpoint-gw.aws-use1.cloud-ara.tyk.io/api/azure
54.175.181.104
 malicious
https://altynbe.com/content.php
138.124.183.215
 malicious
https://boriz400.com/api/azure
91.194.11.183
 malicious
https://ridiculous-breakpoint-gw.aws-use1.cloud-ara.tyk.io/content.php
54.175.181.104
 malicious
https://altynbe.com/api/azure
138.124.183.215
 malicious
https://workspacin.cloud/
unknown
 malicious
https://boriz400.com/content.php
91.194.11.183
 malicious
https://uncertain-kitten-gw.aws-euc1.cloud-ara.tyk.io/content.php
3.69.236.35
 malicious
https://workspacin.cloud/live/
104.21.16.155
 malicious
https://anikvan.com/api/azure
95.164.68.73
 malicious
https://aka.ms/odirmr
unknown
https://uncertain-kitten-gw.aws-euc1.cloud-ara.tyk.io/api/azure4
unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
unknown
https://uncertain-kitten-gw.aws-euc1.cloud-ara.tyk.io/api/azure=
unknown
https://altynbe.com/tyk.io
unknown
https://uncertain-kitten-gw.aws-euc1.cloud-ara.tyk.io/
unknown
https://api.msn.com:443/v1/news/Feed/Windows?
unknown
https://boriz400.com/api/azurey
unknown
https://uncertain-kitten-gw.aws-euc1.cloud-ara.tyk.io/api/azure(
unknown
https://excel.office.com
unknown
https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-we
unknown
https://simpleflying.com/how-do-you-become-an-air-traffic-controller/
unknown
https://uncertain-kitten-gw.aws-euc1.cloud-ara.tyk.io/content.phpP
unknown
https://anikvan.com/I~
unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY
unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark
unknown
https://uncertain-kitten-gw.aws-euc1.cloud-ara.tyk.io/f
unknown
https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
unknown
https://anikvan.com/
unknown
https://uncertain-kitten-gw.aws-euc1.cloud-ara.tyk.io/content.php1j
unknown
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg
unknown
https://anikvan.com/content.php.f
unknown
http://www.autoitscript.com/autoit3/J
unknown
https://wns.windows.com/L
unknown
https://ridiculous-breakpoint-gw.aws-use1.cloud-ara.tyk.io/content.php4
unknown
https://word.office.com
unknown
https://workspacin.cloud/live/0vaH
unknown
https://altynbe.com/U~
unknown
https://altynbe.com/B_F
unknown
https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu
unknown
https://workspacin.cloud/live/6
unknown
https://uncertain-kitten-gw.aws-euc1.cloud-ara.tyk.io/F
unknown
https://anikvan.com/content.phpGf
unknown
https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win
unknown
https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
unknown
https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-
unknown
https://altynbe.com/content.php2f
unknown
https://anikvan.com/api/azuret.php.f
unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu
unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-dark
unknown
https://www.rd.com/list/polite-habits-campers-dislike/
unknown
https://ridiculous-breakpoint-gw.aws-use1.cloud-ara.tyk.io/content.phpL
unknown
https://altynbe.com/
unknown
https://android.notify.windows.com/iOS
unknown
https://anikvan.com/d
unknown
https://uncertain-kitten-gw.aws-euc1.cloud-ara.tyk.io/api/azurent.php
unknown
https://altynbe.com/api/azureontent.phpMfE
unknown
https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img
unknown
https://uncertain-kitten-gw.aws-euc1.cloud-ara.tyk.io/api/azurep1j
unknown
https://outlook.com_
unknown
https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppe
unknown
https://workspacin.cloud/live/J5
unknown
https://ridiculous-breakpoint-gw.aws-use1.cloud-ara.tyk.io/content.phpA
unknown
https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at
unknown
https://ridiculous-breakpoint-gw.aws-use1.cloud-ara.tyk.io/content.phpLgF
unknown
https://uncertain-kitten-gw.aws-euc1.cloud-ara.tyk.io/api/azure.php
unknown
https://uncertain-kitten-gw.aws-euc1.cloud-ara.tyk.io/content.php&j
unknown
https://boriz400.com/qa
unknown
https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl
unknown
https://powerpoint.office.comcember
unknown
https://altynbe.com/X
unknown
https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re-
unknown
https://uncertain-kitten-gw.aws-euc1.cloud-ara.tyk.io/api/azurepP
unknown
http://schemas.micro
unknown
https://altynbe.com/d
unknown
https://anikvan.com/api/azure==
unknown
https://ridiculous-breakpoint-gw.aws-use1.cloud-ara.tyk.io/content.phpMfE
unknown
https://altynbe.com/5~
unknown
https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
unknown
https://boriz400.com/
unknown
https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-mi
unknown
https://api.msn.com/q
unknown
https://api.msn.com/v1/news/Feed/Windows?activityId=0CC40BF291614022B7DF6E2143E8A6AF&timeOut=5000&oc
unknown
https://uncertain-kitten-gw.aws-euc1.cloud-ara.tyk.io/api/azurepjB
unknown
https://altynbe.com/api/azureure
unknown
https://www.msn.com/en-us/lifestyle/lifestyle-buzz/biden-makes-decision-that-will-impact-more-than-1
unknown
https://assets.msn.com/staticsb/statics/latest/traffic/Notification/desktop/svg/RoadHazard.svg
unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-dark
unknown
https://www.msn.com/en-us/money/personalfinance/13-states-that-don-t-tax-your-retirement-income/ar-A
unknown
https://altynbe.com/=~
unknown
https://ridiculous-breakpoint-gw.aws-use1.cloud-ara.tyk.io/n
unknown
https://uncertain-kitten-gw.aws-euc1.cloud-ara.tyk.io/content.php4
unknown
https://uncertain-kitten-gw.aws-euc1.cloud-ara.tyk.io/api/azurep&j
unknown
https://altynbe.com/api/azurep
unknown
https://www.msn.com/en-us/news/topic/breast%20cancer%20awareness%20month?ocid=winp1headerevent
unknown
http://upx.sf.net
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
workspacin.cloud
104.21.16.155
 malicious
boriz400.com
91.194.11.183
 malicious
altynbe.com
138.124.183.215
 malicious
anikvan.com
95.164.68.73
 malicious
ae1f8849daaac4ee6b80681872ab88b9-1762121307.eu-central-1.elb.amazonaws.com
3.69.236.35
ae97372e4f96e4d1299fbaeb7130b656-1584023256.us-east-1.elb.amazonaws.com
54.175.181.104
uncertain-kitten-gw.aws-euc1.cloud-ara.tyk.io
unknown
ridiculous-breakpoint-gw.aws-use1.cloud-ara.tyk.io
unknown

IPs

IP
Domain
Country
Malicious
95.164.68.73
anikvan.com
Gibraltar
malicious
138.124.183.215
altynbe.com
Norway
malicious
104.21.16.155
workspacin.cloud
United States
malicious
91.194.11.183
boriz400.com
Russian Federation
malicious
3.69.236.35
ae1f8849daaac4ee6b80681872ab88b9-1762121307.eu-central-1.elb.amazonaws.com
United States
54.175.181.104
ae97372e4f96e4d1299fbaeb7130b656-1584023256.us-east-1.elb.amazonaws.com
United States

Registry

Path
Value
Malicious
\REGISTRY\A\{0f1f9877-fe5f-9883-d9d5-aa88f27dc06d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
ProgramId
\REGISTRY\A\{0f1f9877-fe5f-9883-d9d5-aa88f27dc06d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
FileId
\REGISTRY\A\{0f1f9877-fe5f-9883-d9d5-aa88f27dc06d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
LowerCaseLongPath
\REGISTRY\A\{0f1f9877-fe5f-9883-d9d5-aa88f27dc06d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
LongPathHash
\REGISTRY\A\{0f1f9877-fe5f-9883-d9d5-aa88f27dc06d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
Name
\REGISTRY\A\{0f1f9877-fe5f-9883-d9d5-aa88f27dc06d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
OriginalFileName
\REGISTRY\A\{0f1f9877-fe5f-9883-d9d5-aa88f27dc06d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
Publisher
\REGISTRY\A\{0f1f9877-fe5f-9883-d9d5-aa88f27dc06d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
Version
\REGISTRY\A\{0f1f9877-fe5f-9883-d9d5-aa88f27dc06d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
BinFileVersion
\REGISTRY\A\{0f1f9877-fe5f-9883-d9d5-aa88f27dc06d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
BinaryType
\REGISTRY\A\{0f1f9877-fe5f-9883-d9d5-aa88f27dc06d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
ProductName
\REGISTRY\A\{0f1f9877-fe5f-9883-d9d5-aa88f27dc06d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
ProductVersion
\REGISTRY\A\{0f1f9877-fe5f-9883-d9d5-aa88f27dc06d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
LinkDate
\REGISTRY\A\{0f1f9877-fe5f-9883-d9d5-aa88f27dc06d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
BinProductVersion
\REGISTRY\A\{0f1f9877-fe5f-9883-d9d5-aa88f27dc06d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
AppxPackageFullName
\REGISTRY\A\{0f1f9877-fe5f-9883-d9d5-aa88f27dc06d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
AppxPackageRelativeId
\REGISTRY\A\{0f1f9877-fe5f-9883-d9d5-aa88f27dc06d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
Size
\REGISTRY\A\{0f1f9877-fe5f-9883-d9d5-aa88f27dc06d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
Language
\REGISTRY\A\{0f1f9877-fe5f-9883-d9d5-aa88f27dc06d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
IsOsComponent
\REGISTRY\A\{0f1f9877-fe5f-9883-d9d5-aa88f27dc06d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
Usn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Update
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000060444
VirtualDesktop
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\ehaqyy32.rkr
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
a
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
MRUList
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000020458
VirtualDesktop
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000070444
VirtualDesktop
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Zvpebfbsg.Jvaqbjf.Furyy.EhaQvnybt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000020470
VirtualDesktop
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\ehaqyy32.rkr
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Security and Maintenance\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.102
CheckSetting
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
There are 68 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
3250000
unkown
page execute and read and write
 malicious
2921161C000
heap
page read and write
 malicious
2921161C000
heap
page read and write
 malicious
2921161C000
heap
page read and write
 malicious
13A0000
unkown
page execute and read and write
 malicious
29213423000
heap
page read and write
 malicious
292135D0000
heap
page read and write
 malicious
2921161C000
heap
page read and write
 malicious
2921161C000
heap
page read and write
 malicious
292135D1000
heap
page read and write
 malicious
292135D0000
heap
page read and write
 malicious
2921161C000
heap
page read and write
 malicious
29213423000
heap
page read and write
 malicious
2921161C000
heap
page read and write
 malicious
8820000
unkown
page execute and read and write
 malicious
2921161C000
heap
page read and write
 malicious
2921161C000
heap
page read and write
 malicious
292135D0000
heap
page read and write
 malicious
B52C000
stack
page read and write
 malicious
2921161C000
heap
page read and write
 malicious
7DF4F0220000
direct allocation
page read and write
 malicious
3140000
unkown
page execute and read and write
 malicious
2921161C000
heap
page read and write
 malicious
2921161C000
heap
page read and write
 malicious
2921161C000
heap
page read and write
 malicious
29211650000
direct allocation
page read and write
 malicious
292116A0000
direct allocation
page execute and read and write
 malicious
2921161C000
heap
page read and write
 malicious
2921161C000
heap
page read and write
 malicious
29213422000
heap
page read and write
 malicious
2921161C000
heap
page read and write
 malicious
2921161C000
heap
page read and write
 malicious
13A0000
unkown
page execute and read and write
 malicious
2921161C000
heap
page read and write
 malicious
2921161C000
heap
page read and write
 malicious
292135D0000
heap
page read and write
 malicious
292135D0000
heap
page read and write
 malicious
310E000
stack
page read and write
7FF5ED8AC000
unkown
page readonly
253AB16B000
heap
page read and write
7CD0000
unkown
page read and write
7FF5ED695000
unkown
page readonly
C516000
unkown
page read and write
180000000
unkown
page readonly
4C1E000
unkown
page read and write
2921159D000
heap
page read and write
A32A000
unkown
page read and write
7FF5ED495000
unkown
page readonly
7FF5ED9D2000
unkown
page readonly
1E81B2D0000
heap
page read and write
C50A000
unkown
page read and write
7FF5ED939000
unkown
page readonly
253AADDB000
heap
page read and write
1E488E2B000
heap
page read and write
987D000
unkown
page read and write
7FF5EDA69000
unkown
page readonly
36F0000
unkown
page readonly
7FF5ED418000
unkown
page readonly
7FF5ED990000
unkown
page readonly
1505000
heap
page read and write
7FFE000
stack
page read and write
253AAD30000
heap
page read and write
3250000
unkown
page execute and read and write
C6F2000
unkown
page read and write
7FF5ED779000
unkown
page readonly
9550000
unkown
page readonly
2921159F000
heap
page read and write
29211558000
heap
page read and write
35D0000
unkown
page read and write
39F071F000
stack
page read and write
785B000
unkown
page read and write
143B000
stack
page read and write
7FF5ED735000
unkown
page readonly
253AADD8000
heap
page read and write
C557000
unkown
page read and write
253AADE4000
heap
page read and write
7867000
unkown
page read and write
C10A000
stack
page read and write
253AADDB000
heap
page read and write
97C3000
unkown
page read and write
7FF5ED39B000
unkown
page readonly
1451000
unkown
page readonly
1D164F85000
heap
page read and write
7FF5ED451000
unkown
page readonly
B8AB000
stack
page read and write
7FF5ED94A000
unkown
page readonly
E52FC7F000
trusted library allocation
page read and write
9B60000
unkown
page readonly
7869000
unkown
page read and write
2921164D000
heap
page read and write
7FF5ED9F2000
unkown
page readonly
96DF000
unkown
page read and write
7FF5ED8A4000
unkown
page readonly
21B04565000
heap
page read and write
7FF5ED265000
unkown
page readonly
292136E0000
trusted library allocation
page read and write
7859000
unkown
page read and write
979C000
unkown
page read and write
37AC000
unkown
page read and write
4B8B000
unkown
page read and write
A29E000
stack
page read and write
A433000
unkown
page read and write
292136E0000
trusted library allocation
page read and write
292115AE000
heap
page read and write
E18FCFF000
stack
page read and write
292135CD000
heap
page read and write
7FF5ED961000
unkown
page readonly
7FF5ED7DB000
unkown
page readonly
7FF5ED697000
unkown
page readonly
E52FC7F000
trusted library allocation
page read and write
7FF5ED76D000
unkown
page readonly
B82A000
stack
page read and write
7FF5ED1F3000
unkown
page readonly
1095000
stack
page read and write
8730000
unkown
page read and write
7FF5ED714000
unkown
page readonly
2921163B000
heap
page read and write
7FF5ED937000
unkown
page readonly
986B000
unkown
page read and write
7FF5ED2A4000
unkown
page readonly
7FF5D1CCD000
unkown
page readonly
1CDFEFD0000
heap
page read and write
3580000
unkown
page readonly
7DF4F3031000
unkown
page execute read
FAEA000
unkown
page read and write
1CDFEE40000
heap
page read and write
6CBD37F000
stack
page read and write
27697540000
heap
page read and write
292115EE000
heap
page read and write
E52F775000
trusted library allocation
page read and write
977A000
unkown
page read and write
292134C4000
heap
page read and write
B6A0000
heap
page read and write
7FF5ED674000
unkown
page readonly
987B000
unkown
page read and write
BDD0000
unkown
page readonly
920000
heap
page read and write
5557000
stack
page read and write
29211641000
heap
page read and write
2921161A000
heap
page read and write
1CDFEE48000
heap
page read and write
CA7C000
unkown
page read and write
292136E0000
trusted library allocation
page read and write
C89A000
unkown
page read and write
7FF5ED451000
unkown
page readonly
F79C000
stack
page read and write
292135E0000
heap
page read and write
3800000
unkown
page readonly
29211644000
heap
page read and write
292136E0000
trusted library allocation
page read and write
19F42460000
heap
page read and write
A361000
unkown
page read and write
E52F775000
trusted library allocation
page read and write
BDA0000
unkown
page readonly
292115E9000
heap
page read and write
7FF5ED94A000
unkown
page readonly
E52F77F000
trusted library allocation
page read and write
AADB000
unkown
page read and write
7FF5ED9D9000
unkown
page readonly
253AE650000
trusted library allocation
page read and write
6CBFE7C000
stack
page read and write
3110000
unkown
page execute and read and write
7FF5ED7CF000
unkown
page readonly
7FF5ED39E000
unkown
page readonly
18003B000
unkown
page readonly
292115EF000
heap
page read and write
C89A000
unkown
page read and write
F624000
unkown
page read and write
CA1E000
unkown
page read and write
A4AE000
unkown
page read and write
AB10000
unkown
page read and write
143B000
stack
page read and write
29213438000
heap
page read and write
292115AE000
heap
page read and write
7869000
unkown
page read and write
AAF2000
unkown
page read and write
E52F775000
trusted library allocation
page read and write
BD98000
stack
page read and write
7857000
unkown
page read and write
7FF5ED3CE000
unkown
page readonly
7FF5EDA0B000
unkown
page readonly
4BE3000
unkown
page read and write
292115EF000
heap
page read and write
F522000
unkown
page read and write
1D164F7F000
heap
page read and write
7DF4F3061000
unkown
page execute read
4CB0000
unkown
page read and write
BD1D000
stack
page read and write
37A0000
unkown
page read and write
37F6000
unkown
page read and write
9893000
unkown
page read and write
A37B000
unkown
page read and write
7FF5ED7FD000
unkown
page readonly
987F000
unkown
page read and write
253AADE5000
heap
page read and write
79FB000
unkown
page read and write
1D164F84000
heap
page read and write
10C0000
unkown
page readonly
850193E000
stack
page read and write
BFA4D8C000
stack
page read and write
AAF9000
unkown
page read and write
7FF5ED8B4000
unkown
page readonly
7FF5ED3DA000
unkown
page readonly
BA70000
heap
page read and write
21B04358000
heap
page read and write
7DF4F022F000
direct allocation
page read and write
2921157F000
heap
page read and write
E52FC7F000
trusted library allocation
page read and write
2921164E000
heap
page read and write
BAF9000
stack
page read and write
292115E8000
heap
page read and write
7FF5ED6DB000
unkown
page readonly
56C3000
unkown
page read and write
9E6C000
stack
page read and write
7FF5ED735000
unkown
page readonly
7FF5ED41C000
unkown
page readonly
E52FC7F000
trusted library allocation
page read and write
292136E0000
trusted library allocation
page read and write
3756000
unkown
page read and write
292136E0000
trusted library allocation
page read and write
E52FC75000
trusted library allocation
page read and write
A49E000
unkown
page read and write
7FF5ED65C000
unkown
page readonly
7FF5ED4B0000
unkown
page readonly
8210000
unkown
page read and write
1505000
heap
page read and write
26E7E5000
direct allocation
page execute and read and write
7847000
unkown
page read and write
E52F9FB000
stack
page read and write
1480000
heap
page read and write
292133D0000
remote allocation
page read and write
7FF5ED4F3000
unkown
page readonly
BD1D000
stack
page read and write
1E488C13000
heap
page read and write
7FF5ED295000
unkown
page readonly
37B0000
unkown
page read and write
7FF5ED42B000
unkown
page readonly
F52B000
unkown
page read and write
292136E0000
trusted library allocation
page read and write
8108000
stack
page read and write
2921161A000
heap
page read and write
AF8D000
stack
page read and write
29211649000
heap
page read and write
180001000
unkown
page execute read
26E7A0000
direct allocation
page read and write
982D000
unkown
page read and write
2921163E000
heap
page read and write
A21E000
stack
page read and write
CA63000
unkown
page read and write
7FF5ED9ED000
unkown
page readonly
896B000
stack
page read and write
7FF5ED40D000
unkown
page readonly
29213438000
heap
page read and write
2921157C000
heap
page read and write
29211380000
heap
page read and write
F39B000
stack
page read and write
292136E0000
trusted library allocation
page read and write
7FF5ED71E000
unkown
page readonly
7884000
unkown
page read and write
AAD1000
unkown
page read and write
180001000
unkown
page execute read
1D166990000
heap
page read and write
7FF5ED43A000
unkown
page readonly
3700000
unkown
page read and write
7FF5ED4DF000
unkown
page readonly
C544000
unkown
page read and write
29211644000
heap
page read and write
9815000
unkown
page read and write
4BA6000
unkown
page read and write
292115EF000
heap
page read and write
7FF5ED9CC000
unkown
page readonly
2921164E000
heap
page read and write
2921164D000
heap
page read and write
37A8000
unkown
page read and write
3110000
unkown
page read and write
253AAD10000
heap
page read and write
4C34000
unkown
page read and write
7FF5ED7F1000
unkown
page readonly
7CE0000
unkown
page read and write
263285F8000
heap
page read and write
7DF4F3061000
unkown
page execute read
29211648000
heap
page read and write
276958A0000
heap
page read and write
29211641000
heap
page read and write
7695000
stack
page read and write
292136E0000
trusted library allocation
page read and write
C846000
unkown
page read and write
E52F775000
trusted library allocation
page read and write
982D000
unkown
page read and write
E52F775000
trusted library allocation
page read and write
1E488C0B000
heap
page read and write
9A10000
unkown
page read and write
3210000
unkown
page read and write
AAF9000
unkown
page read and write
8A6E000
stack
page read and write
29211575000
heap
page read and write
7FF5ED9B8000
unkown
page readonly
C41F000
stack
page read and write
7FF5ED91A000
unkown
page readonly
13B1000
unkown
page execute and read and write
27695C50000
heap
page read and write
85019BF000
stack
page read and write
F664000
unkown
page read and write
9893000
unkown
page read and write
7FF5ED867000
unkown
page readonly
7FF5ED7DB000
unkown
page readonly
F52B000
unkown
page read and write
9AE0000
unkown
page read and write
7FF5ED692000
unkown
page readonly
7FF5D1CD4000
unkown
page readonly
7FF5ED939000
unkown
page readonly
1D164F20000
heap
page read and write
35A0000
unkown
page readonly
C92D000
unkown
page read and write
7FF5ED4EF000
unkown
page readonly
29211648000
heap
page read and write
292115EF000
heap
page read and write
9660000
unkown
page read and write
7FF5ED5A8000
unkown
page readonly
292136E0000
trusted library allocation
page read and write
C6F4000
unkown
page read and write
8208000
stack
page read and write
8FB9000
stack
page read and write
A32A000
unkown
page read and write
C964000
unkown
page read and write
A19F000
stack
page read and write
7FF5ED48A000
unkown
page readonly
7B9E87E000
stack
page read and write
A4AB000
unkown
page read and write
8720000
unkown
page readonly
8740000
unkown
page execute and read and write
7DF4F01F0000
direct allocation
page readonly
7FF5EDA31000
unkown
page readonly
F31A000
stack
page read and write
A4AB000
unkown
page read and write
4BDC000
unkown
page read and write
A4A1000
unkown
page read and write
A7FD39E000
stack
page read and write
7FF5ED68B000
unkown
page readonly
E52F77F000
trusted library allocation
page read and write
379E000
unkown
page read and write
310E000
stack
page read and write
AB27000
unkown
page read and write
E52F8FB000
stack
page read and write
E52F77F000
trusted library allocation
page read and write
7FF5ED9F2000
unkown
page readonly
1D164F76000
heap
page read and write
7FF5ED8A4000
unkown
page readonly
1E488CF0000
heap
page read and write
29211641000
heap
page read and write
2921159F000
heap
page read and write
7865000
unkown
page read and write
2921159F000
heap
page read and write
7FF5EDA70000
unkown
page readonly
987F000
unkown
page read and write
A491000
unkown
page read and write
2921161A000
heap
page read and write
C512000
unkown
page read and write
9877000
unkown
page read and write
7FF5ED342000
unkown
page readonly
253AADC8000
heap
page read and write
7FF5EDA08000
unkown
page readonly
292115E9000
heap
page read and write
7FF5ED806000
unkown
page readonly
AB07000
unkown
page read and write
4B56000
unkown
page read and write
7DF4F3040000
unkown
page readonly
786B000
unkown
page read and write
292134C4000
heap
page read and write
292115AE000
heap
page read and write
36532FE000
stack
page read and write
292136E0000
trusted library allocation
page read and write
4CC0000
unkown
page read and write
1E81B210000
heap
page read and write
F5A3000
unkown
page read and write
35A0000
unkown
page readonly
7DF4F0240000
direct allocation
page execute read
263285F0000
heap
page read and write
4CE0000
unkown
page read and write
1350000
unkown
page readonly
97D4000
unkown
page read and write
7FF5ED62F000
unkown
page readonly
89A0000
unkown
page read and write
7FF5EDA0D000
unkown
page readonly
A364000
unkown
page read and write
7FF5ED92C000
unkown
page readonly
7FF5ED556000
unkown
page readonly
906E000
stack
page read and write
A39B000
unkown
page read and write
F564000
unkown
page read and write
4B8B000
unkown
page read and write
4C50000
unkown
page read and write
292135E2000
heap
page read and write
22514B70000
heap
page read and write
7FF5ED1D0000
unkown
page readonly
C893000
unkown
page read and write
E52F775000
trusted library allocation
page read and write
29211649000
heap
page read and write
DE0000
unkown
page readonly
7FF5ED9CC000
unkown
page readonly
A361000
unkown
page read and write
C50A000
unkown
page read and write
F79C000
stack
page read and write
C893000
unkown
page read and write
23482EFD000
heap
page read and write
4C4B000
unkown
page read and write
292115BB000
heap
page read and write
9877000
unkown
page read and write
7FF5ED864000
unkown
page readonly
2921161A000
heap
page read and write
292115EF000
heap
page read and write
A391000
unkown
page read and write
7FF5ED586000
unkown
page readonly
BFA50FF000
stack
page read and write
7FF5ED1CC000
unkown
page readonly
B728000
stack
page read and write
292136E0000
trusted library allocation
page read and write
C52C000
unkown
page read and write
180038000
unkown
page read and write
B08D000
stack
page read and write
29211520000
heap
page readonly
56C3000
unkown
page read and write
9139000
stack
page read and write
37F2000
unkown
page read and write
292115EF000
heap
page read and write
7D53000
unkown
page read and write
E52F77F000
trusted library allocation
page read and write
7FF5ED847000
unkown
page readonly
292136E0000
trusted library allocation
page read and write
29211648000
heap
page read and write
292133D0000
remote allocation
page read and write
7FF5ED933000
unkown
page readonly
E18FD7F000
stack
page read and write
292115EE000
heap
page read and write
FADD000
unkown
page read and write
7FF5ED28E000
unkown
page readonly
7FF5ED68F000
unkown
page readonly
C6E3000
unkown
page read and write
4C1E000
unkown
page read and write
7DF4F3041000
unkown
page execute read
FAEA000
unkown
page read and write
292136E0000
trusted library allocation
page read and write
E52FC75000
trusted library allocation
page read and write
7FF5ED3EA000
unkown
page readonly
B170000
unkown
page readonly
A494000
unkown
page read and write
7FF5ED586000
unkown
page readonly
C6CF000
unkown
page read and write
7DF4F3040000
unkown
page readonly
23482EE0000
heap
page read and write
7FF5ED3D0000
unkown
page readonly
7FF5ED46E000
unkown
page readonly
7FF5D1CCD000
unkown
page readonly
292136E0000
trusted library allocation
page read and write
A776CDA000
stack
page read and write
9869000
unkown
page read and write
253AE203000
heap
page read and write
7FF5ED9C6000
unkown
page readonly
B82A000
stack
page read and write
C561000
unkown
page read and write
4CD0000
unkown
page read and write
292115E9000
heap
page read and write
292115AE000
heap
page read and write
A19F000
stack
page read and write
3795000
unkown
page read and write
292135E0000
heap
page read and write
9792000
unkown
page read and write
292136E0000
trusted library allocation
page read and write
7900000
unkown
page read and write
2921159E000
heap
page read and write
3800000
unkown
page readonly
7FF5ECED2000
unkown
page readonly
7FF5ED52F000
unkown
page readonly
A3BE000
unkown
page read and write
292136E0000
trusted library allocation
page read and write
263286F0000
heap
page read and write
292115BC000
heap
page read and write
1E488C10000
heap
page read and write
7FF5ED9CA000
unkown
page readonly
DD0000
unkown
page readonly
C9C2000
unkown
page read and write
29211649000
heap
page read and write
9A10000
unkown
page read and write
1200000
unkown
page readonly
29213402000
heap
page read and write
292134E0000
heap
page read and write
BD98000
stack
page read and write
7FF5ED1D7000
unkown
page readonly
A310000
unkown
page read and write
7FF5ED872000
unkown
page readonly
2921164D000
heap
page read and write
29213422000
heap
page read and write
292115EF000
heap
page read and write
21B04520000
heap
page read and write
253AADC0000
heap
page read and write
2921161A000
heap
page read and write
29211648000
heap
page read and write
F5EB000
unkown
page read and write
C08A000
stack
page read and write
292135E2000
heap
page read and write
292136E0000
trusted library allocation
page read and write
7FF5ED8E2000
unkown
page readonly
1D164F7E000
heap
page read and write
7FF5ED46A000
unkown
page readonly
E52FC7F000
trusted library allocation
page read and write
1E81B560000
heap
page read and write
9798000
unkown
page read and write
180000000
unkown
page readonly
7FF5ED93E000
unkown
page readonly
2921161A000
heap
page read and write
7FF5ED5EB000
unkown
page readonly
7FF5ED9CA000
unkown
page readonly
7FF5ED5C5000
unkown
page readonly
840000
heap
page read and write
C561000
unkown
page read and write
CBE4000
unkown
page read and write
7FF5ED81B000
unkown
page readonly
7FF5ED1D7000
unkown
page readonly
8BF0000
unkown
page readonly
7FF5ED8E7000
unkown
page readonly
76C0000
unkown
page read and write
3240000
unkown
page read and write
AB51000
unkown
page read and write
2921164C000
heap
page read and write
7FF5EDA38000
unkown
page readonly
292136E0000
trusted library allocation
page read and write
8B60000
unkown
page readonly
7FF5ED337000
unkown
page readonly
2921157F000
heap
page read and write
7FF5ED68F000
unkown
page readonly
7E11000
unkown
page read and write
292136E0000
trusted library allocation
page read and write
37AE000
unkown
page read and write
7A34000
unkown
page read and write
292115BB000
heap
page read and write
7DDC000
stack
page read and write
2921164E000
heap
page read and write
343B000
stack
page read and write
7FF5ED433000
unkown
page readonly
C5A3000
unkown
page read and write
F71D000
stack
page read and write
22514FA5000
heap
page read and write
E52F77F000
trusted library allocation
page read and write
292136E0000
trusted library allocation
page read and write
E52F775000
trusted library allocation
page read and write
7FF5ED986000
unkown
page readonly
8108000
stack
page read and write
292136E0000
trusted library allocation
page read and write
7FF5ED519000
unkown
page readonly
7FF5ED980000
unkown
page readonly
FAD1000
unkown
page read and write
292115E9000
heap
page read and write
8EC4000
unkown
page read and write
CB2F000
unkown
page read and write
E52F77F000
trusted library allocation
page read and write
C80000
heap
page read and write
8DA0000
unkown
page read and write
34E9000
stack
page read and write
18003B000
unkown
page readonly
292115EF000
heap
page read and write
253AB160000
heap
page read and write
87E0000
unkown
page execute and read and write
7B80000
unkown
page read and write
C88B000
unkown
page read and write
7FF5ED43A000
unkown
page readonly
263284F0000
heap
page read and write
7FF5ED818000
unkown
page readonly
C51E000
unkown
page read and write
B10D000
stack
page read and write
29211460000
heap
page read and write
A29E000
stack
page read and write
7FF5EDA0D000
unkown
page readonly
E52FC75000
trusted library allocation
page read and write
7FF5ED8FF000
unkown
page readonly
C89C000
unkown
page read and write
7FF5ED55F000
unkown
page readonly
B8C0000
unkown
page readonly
29211644000
heap
page read and write
7FF5ED3D6000
unkown
page readonly
7FF5ED76D000
unkown
page readonly
7FF5ED1BC000
unkown
page readonly
7FF5ED3D6000
unkown
page readonly
7FF5ED8B4000
unkown
page readonly
F81C000
stack
page read and write
292115AE000
heap
page read and write
8210000
unkown
page read and write
7DF4F3050000
unkown
page readonly
E52FC7F000
trusted library allocation
page read and write
253AC910000
heap
page read and write
7E11000
unkown
page read and write
225166C0000
heap
page read and write
7F2E000
stack
page read and write
7859000
unkown
page read and write
3110000
unkown
page read and write
2921164D000
heap
page read and write
7FF5ED8C1000
unkown
page readonly
97A9000
unkown
page read and write
F539000
unkown
page read and write
AF0B000
stack
page read and write
AB3B000
unkown
page read and write
180038000
unkown
page read and write
7FF5ED404000
unkown
page readonly
292136E0000
trusted library allocation
page read and write
292115E9000
heap
page read and write
292115EF000
heap
page read and write
1D1682B3000
heap
page read and write
27695A90000
heap
page read and write
7FF5ED41C000
unkown
page readonly
292135E0000
heap
page read and write
7FF5ED507000
unkown
page readonly
F21C000
stack
page read and write
7FF5ED3F3000
unkown
page readonly
A49E000
unkown
page read and write
C85000
heap
page read and write
7FF5ED8F9000
unkown
page readonly
292135CD000
heap
page read and write
7FF5ED449000
unkown
page readonly
36D5000
stack
page read and write
292136E0000
trusted library allocation
page read and write
7FF5ED781000
unkown
page readonly
7FF5ED928000
unkown
page readonly
7FF5EDA70000
unkown
page readonly
7FF5ED349000
unkown
page readonly
7FF5ED849000
unkown
page readonly
A11F000
stack
page read and write
37AE000
unkown
page read and write
36D5000
stack
page read and write
2921159F000
heap
page read and write
9F1E000
stack
page read and write
784A000
unkown
page read and write
CA1E000
unkown
page read and write
7FF5ED8FF000
unkown
page readonly
7FF5ED714000
unkown
page readonly
39F069A000
stack
page read and write
7D20000
unkown
page readonly
987D000
unkown
page read and write
8FB9000
stack
page read and write
3131000
unkown
page read and write
C7C5000
unkown
page read and write
1E81B240000
heap
page read and write
1E488E20000
heap
page read and write
1D164F6F000
heap
page read and write
AF8D000
stack
page read and write
7FF5ED73D000
unkown
page readonly
253AB0D0000
heap
page read and write
9139000
stack
page read and write
7FF5ED409000
unkown
page readonly
18003B000
unkown
page readonly
29211644000
heap
page read and write
13AF000
unkown
page execute and read and write
37A0000
unkown
page read and write
7FF5ED93E000
unkown
page readonly
1E81B220000
heap
page read and write
B629000
stack
page read and write
5590000
unkown
page write copy
79FB000
unkown
page read and write
B22B000
stack
page read and write
231F000
stack
page read and write
9815000
unkown
page read and write
9439000
stack
page read and write
7FF5ED9C8000
unkown
page readonly
7FF5ED4FD000
unkown
page readonly
78AD000
unkown
page read and write
76A0000
unkown
page read and write
1E488C13000
heap
page read and write
BDC0000
unkown
page readonly
3209000
stack
page read and write
C08A000
stack
page read and write
B150000
unkown
page read and write
292115EF000
heap
page read and write
292136E0000
trusted library allocation
page read and write
E52F77F000
trusted library allocation
page read and write
A50B000
unkown
page read and write
7979000
unkown
page read and write
C51E000
unkown
page read and write
29211644000
heap
page read and write
7FF5ED3DA000
unkown
page readonly
292135B9000
heap
page read and write
7FF5ED9D2000
unkown
page readonly
7A34000
unkown
page read and write
3659000
stack
page read and write
C507000
unkown
page read and write
7FF5ED503000
unkown
page readonly
E52F77F000
trusted library allocation
page read and write
3700000
unkown
page read and write
7FF5EDA47000
unkown
page readonly
7FF5ED803000
unkown
page readonly
276958C8000
heap
page read and write
7FF5ED1F3000
unkown
page readonly
979C000
unkown
page read and write
E52F77F000
trusted library allocation
page read and write
180038000
unkown
page read and write
7DF4F01D0000
direct allocation
page read and write
7FF5ED8E7000
unkown
page readonly
9660000
unkown
page read and write
253AB165000
heap
page read and write
7FF5ED8C6000
unkown
page readonly
29211648000
heap
page read and write
C5A0000
unkown
page read and write
1E48C043000
heap
page read and write
29211645000
heap
page read and write
1350000
unkown
page readonly
8DA0000
unkown
page read and write
7FF5ED6A5000
unkown
page readonly
7FF5ED7C4000
unkown
page readonly
E52F775000
trusted library allocation
page read and write
7FF5EDA11000
unkown
page readonly
A37D000
unkown
page read and write
4B78000
unkown
page read and write
89E0000
unkown
page read and write
A310000
unkown
page read and write
7CC0000
unkown
page readonly
308A000
stack
page read and write
37BD000
unkown
page read and write
906E000
stack
page read and write
FAEC000
unkown
page read and write
27695C55000
heap
page read and write
7F30000
unkown
page read and write
96DF000
unkown
page read and write
1D164F7F000
heap
page read and write
7CE0000
unkown
page read and write
253AADE4000
heap
page read and write
FAA0000
unkown
page read and write
C557000
unkown
page read and write
292136E0000
trusted library allocation
page read and write
CA42000
unkown
page read and write
35D0000
unkown
page read and write
8710000
unkown
page readonly
36D3000
stack
page read and write
19F426F0000
heap
page read and write
7FF5EDA31000
unkown
page readonly
98A8000
unkown
page read and write
E52F7FE000
stack
page read and write
7FF5ED844000
unkown
page readonly
7D53000
unkown
page read and write
7978000
unkown
page read and write
21B05F10000
heap
page read and write
292136E0000
trusted library allocation
page read and write
7FF5ED46A000
unkown
page readonly
C563000
unkown
page read and write
29211480000
heap
page read and write
29211648000
heap
page read and write
7FF5ED503000
unkown
page readonly
C6F2000
unkown
page read and write
986F000
unkown
page read and write
1D164FA3000
heap
page read and write
7FF5ED5C9000
unkown
page readonly
1248000
heap
page read and write
292136E0000
trusted library allocation
page read and write
9550000
unkown
page readonly
7DF4F3071000
unkown
page execute read
11B0000
unkown
page readonly
7FF5ED4EF000
unkown
page readonly
239E000
stack
page read and write
4C4B000
unkown
page read and write
A4A1000
unkown
page read and write
292133D0000
remote allocation
page read and write
9883000
unkown
page read and write
26328860000
heap
page read and write
3160000
unkown
page execute and read and write
3590000
unkown
page read and write
7FF5ED445000
unkown
page readonly
7861000
unkown
page read and write
1E48C040000
heap
page read and write
9DED000
stack
page read and write
7E50000
unkown
page readonly
292136E0000
trusted library allocation
page read and write
7FF5ED93B000
unkown
page readonly
BA7A000
heap
page read and write
3748000
unkown
page read and write
FAFE000
unkown
page read and write
2921164E000
heap
page read and write
1490000
unkown
page read and write
292115AE000
heap
page read and write
9875000
unkown
page read and write
292136E0000
trusted library allocation
page read and write
C6F8000
unkown
page read and write
7FF5ED9FF000
unkown
page readonly
9873000
unkown
page read and write
7FF5ED692000
unkown
page readonly
7B80000
unkown
page read and write
A323000
unkown
page read and write
B650000
unkown
page read and write
7FF5ED885000
unkown
page readonly
7FF5ED810000
unkown
page readonly
7FF5ED9B8000
unkown
page readonly
C700000
unkown
page read and write
6CBD2FE000
stack
page read and write
292115EF000
heap
page read and write
343B000
stack
page read and write
2921159F000
heap
page read and write
7FF5ED295000
unkown
page readonly
C6D8000
unkown
page read and write
A33E000
unkown
page read and write
37D2000
unkown
page read and write
A37B000
unkown
page read and write
292115EF000
heap
page read and write
7FF5ED9C6000
unkown
page readonly
BDC0000
unkown
page readonly
7DF5F5410000
unkown
page readonly
1D164F86000
heap
page read and write
E52F775000
trusted library allocation
page read and write
785F000
unkown
page read and write
292115ED000
heap
page read and write
AADB000
unkown
page read and write
23482EA0000
heap
page read and write
36D3000
stack
page read and write
785B000
unkown
page read and write
7FF5ED8F9000
unkown
page readonly
9B60000
unkown
page readonly
9E6C000
stack
page read and write
7900000
unkown
page read and write
7FF5ED750000
unkown
page readonly
7FF5ED77C000
unkown
page readonly
3210000
unkown
page read and write
C84D000
unkown
page read and write
292115EF000
heap
page read and write
292136E0000
trusted library allocation
page read and write
180025000
unkown
page readonly
7FF5ED8C1000
unkown
page readonly
9885000
unkown
page read and write
7FF5ED59E000
unkown
page readonly
7FF5ED77E000
unkown
page readonly
7FF5ED349000
unkown
page readonly
1E488C13000
heap
page read and write
2921164C000
heap
page read and write
7FF5ED6A5000
unkown
page readonly
7FF5ED853000
unkown
page readonly
7FF5ED85F000
unkown
page readonly
2921163C000
heap
page read and write
7FF5ED92C000
unkown
page readonly
C84D000
unkown
page read and write
37D2000
unkown
page read and write
E52F775000
trusted library allocation
page read and write
7E60000
unkown
page read and write
2921161A000
heap
page read and write
2921341E000
heap
page read and write
7FF5EDA2A000
unkown
page readonly
19F426F5000
heap
page read and write
1D1682B0000
heap
page read and write
B00C000
stack
page read and write
CA1C000
unkown
page read and write
7FF5ED52F000
unkown
page readonly
7FF5ED864000
unkown
page readonly
9D63000
unkown
page read and write
292135CD000
heap
page read and write
7FF5ED9AE000
unkown
page readonly
8BE9000
stack
page read and write
7FF5EDA14000
unkown
page readonly
7DF4F3050000
unkown
page readonly
7FF5ED5A8000
unkown
page readonly
180001000
unkown
page execute read
292115E9000
heap
page read and write
1D164F7B000
heap
page read and write
7FF5EDA0B000
unkown
page readonly
7FF5ED990000
unkown
page readonly
7FF5ED97A000
unkown
page readonly
2921161A000
heap
page read and write
7F2E000
stack
page read and write
7FF5ED1E6000
unkown
page readonly
292136E0000
trusted library allocation
page read and write
7FF5ED33F000
unkown
page readonly
292135B9000
heap
page read and write
19F423A0000
heap
page read and write
11B0000
unkown
page readonly
A11F000
stack
page read and write
986F000
unkown
page read and write
2921161A000
heap
page read and write
7FF5ED674000
unkown
page readonly
7FF5ED4E8000
unkown
page readonly
292135E2000
heap
page read and write
292135E2000
heap
page read and write
7FF5ED409000
unkown
page readonly
1E488C07000
heap
page read and write
1440000
unkown
page read and write
9795000
unkown
page read and write
A479000
unkown
page read and write
18003B000
unkown
page readonly
8000000
unkown
page read and write
1E81B2D8000
heap
page read and write
7FF5ED7FD000
unkown
page readonly
292136E0000
trusted library allocation
page read and write
3652FAA000
stack
page read and write
89A0000
unkown
page read and write
C516000
unkown
page read and write
2921164D000
heap
page read and write
7FF5ED279000
unkown
page readonly
B728000
stack
page read and write
19F42660000
heap
page read and write
292115E8000
heap
page read and write
7FF5ED9A1000
unkown
page readonly
7FF5ED5CE000
unkown
page readonly
1440000
unkown
page read and write
7FF5ED471000
unkown
page readonly
965C000
stack
page read and write
7FF5ED660000
unkown
page readonly
978E000
unkown
page read and write
7FF5ED9C8000
unkown
page readonly
2921164D000
heap
page read and write
C6E3000
unkown
page read and write
C5AA000
unkown
page read and write
A7FD31C000
stack
page read and write
9B9000
heap
page read and write
F624000
unkown
page read and write
A379000
unkown
page read and write
818E000
stack
page read and write
253AAE01000
heap
page read and write
9881000
unkown
page read and write
2921161A000
heap
page read and write
978E000
unkown
page read and write
4C34000
unkown
page read and write
C962000
unkown
page read and write
7FF5ED8E2000
unkown
page readonly
5557000
stack
page read and write
E52FC75000
trusted library allocation
page read and write
7E60000
unkown
page read and write
4CC0000
unkown
page read and write
4B78000
unkown
page read and write
87BE000
stack
page read and write
7865000
unkown
page read and write
97AD000
unkown
page read and write
1CDFED30000
heap
page read and write
19F42390000
heap
page read and write
365327F000
stack
page read and write
34E9000
stack
page read and write
7FF5ED80C000
unkown
page readonly
7FF5ED7E0000
unkown
page readonly
B629000
stack
page read and write
C4A0000
unkown
page read and write
A7FD6FF000
stack
page read and write
7D00000
unkown
page readonly
7FF5ED7D6000
unkown
page readonly
7D20000
unkown
page readonly
7FF5ED915000
unkown
page readonly
7DF4F0250000
direct allocation
page read and write
E52F77F000
trusted library allocation
page read and write
7FF5ED9AE000
unkown
page readonly
7CC0000
unkown
page readonly
3797000
unkown
page read and write
C811000
unkown
page read and write
1CDFF050000
heap
page read and write
A21E000
stack
page read and write
2921161A000
heap
page read and write
950000
heap
page read and write
9869000
unkown
page read and write
9879000
unkown
page read and write
7FF5ED48A000
unkown
page readonly
7FF5ED781000
unkown
page readonly
A4FC000
unkown
page read and write
22514FA0000
heap
page read and write
7FF5ED806000
unkown
page readonly
1D164F7F000
heap
page read and write
2921161A000
heap
page read and write
B22B000
stack
page read and write
F21C000
stack
page read and write
29213442000
heap
page read and write
C89C000
unkown
page read and write
7FF5ED7C4000
unkown
page readonly
7863000
unkown
page read and write
BA7A000
heap
page read and write
29211648000
heap
page read and write
BA72000
heap
page read and write
7FF5ED1D0000
unkown
page readonly
18A0000
unkown
page readonly
8BE9000
stack
page read and write
78AD000
unkown
page read and write
1240000
heap
page read and write
7FF5ED975000
unkown
page readonly
7FF5ED9A6000
unkown
page readonly
A33E000
unkown
page read and write
1E488AE0000
heap
page read and write
7FF5ED4C2000
unkown
page readonly
37BD000
unkown
page read and write
C5AA000
unkown
page read and write
7FF5ED5EB000
unkown
page readonly
7FF5ED4DF000
unkown
page readonly
7FF5ED7E9000
unkown
page readonly
1D164F10000
heap
page read and write
91B9000
stack
page read and write
F5E6000
unkown
page read and write
7FF5ED65C000
unkown
page readonly
7FF5ED68B000
unkown
page readonly
7FF5ED975000
unkown
page readonly
C92D000
unkown
page read and write
7FF5ED1E6000
unkown
page readonly
39F079F000
stack
page read and write
4CD0000
unkown
page read and write
C8E1000
unkown
page read and write
7B9E53C000
stack
page read and write
B8B0000
unkown
page read and write
3795000
unkown
page read and write
9792000
unkown
page read and write
BDA0000
unkown
page readonly
1E488C20000
heap
page read and write
B140000
unkown
page readonly
7FF5ED71B000
unkown
page readonly
292135CD000
heap
page read and write
37F9000
unkown
page read and write
292136E0000
trusted library allocation
page read and write
CB2F000
unkown
page read and write
4C18000
unkown
page read and write
1D164F50000
heap
page read and write
7FF5ED85F000
unkown
page readonly
7FF5ED9A6000
unkown
page readonly
7FF5ED7E0000
unkown
page readonly
E52F775000
trusted library allocation
page read and write
2921161A000
heap
page read and write
1480000
heap
page read and write
C512000
unkown
page read and write
79B1000
unkown
page read and write
7FF5ED507000
unkown
page readonly
88EE000
stack
page read and write
292135CD000
heap
page read and write
180000000
unkown
page readonly
292115E8000
heap
page read and write
78A0000
unkown
page read and write
E52F77F000
trusted library allocation
page read and write
1D168700000
trusted library allocation
page read and write
977A000
unkown
page read and write
180001000
unkown
page execute read
1E81B5B0000
heap
page read and write
2921161C000
heap
page read and write
F39C000
stack
page read and write
C6BF000
unkown
page read and write
7FF5ED814000
unkown
page readonly
3797000
unkown
page read and write
7FF5ED625000
unkown
page readonly
2921164E000
heap
page read and write
C6BF000
unkown
page read and write
C9CE000
unkown
page read and write
BDD0000
unkown
page readonly
E52F775000
trusted library allocation
page read and write
7FF5ED755000
unkown
page readonly
CB46000
unkown
page read and write
8710000
unkown
page readonly
DD0000
unkown
page readonly
7D40000
unkown
page read and write
7FF5ED91A000
unkown
page readonly
7FF5EDA11000
unkown
page readonly
7FF5ED961000
unkown
page readonly
7FF5ED872000
unkown
page readonly
7FF5ED71E000
unkown
page readonly
7FF5ED4BB000
unkown
page readonly
29211648000
heap
page read and write
7FF5ED77E000
unkown
page readonly
97B5000
unkown
page read and write
253AADF0000
heap
page read and write
9875000
unkown
page read and write
7FF5ED956000
unkown
page readonly
1E488BC0000
heap
page read and write
C507000
unkown
page read and write
2921343A000
heap
page read and write
9F1E000
stack
page read and write
4C60000
unkown
page read and write
7FF5ED821000
unkown
page readonly
AA90000
unkown
page read and write
2921161A000
heap
page read and write
CB46000
unkown
page read and write
1240000
heap
page read and write
7FF5ED9ED000
unkown
page readonly
9977000
unkown
page read and write
C503000
unkown
page read and write
C544000
unkown
page read and write
19F423C0000
heap
page read and write
7FF5ED71B000
unkown
page readonly
7DF4F02B0000
direct allocation
page execute read
7FF5ED519000
unkown
page readonly
C563000
unkown
page read and write
B5AE000
stack
page read and write
C6C9000
unkown
page read and write
292115AE000
heap
page read and write
1D164F58000
heap
page read and write
7FF5ED743000
unkown
page readonly
7FF5ED337000
unkown
page readonly
BA70000
heap
page read and write
E52F775000
trusted library allocation
page read and write
C503000
unkown
page read and write
3580000
unkown
page readonly
88EE000
stack
page read and write
7FF5ED28E000
unkown
page readonly
2921164D000
heap
page read and write
56D9000
unkown
page read and write
C857000
unkown
page read and write
2921163E000
heap
page read and write
5590000
unkown
page write copy
1E488BF8000
heap
page read and write
292135E0000
heap
page read and write
9A5B000
unkown
page read and write
A3BE000
unkown
page read and write
7FF5ED5C1000
unkown
page readonly
A4AE000
unkown
page read and write
7FF5ED476000
unkown
page readonly
B08D000
stack
page read and write
7FF5ED6B9000
unkown
page readonly
1E81B2DF000
heap
page read and write
7FF5ED87D000
unkown
page readonly
4CB0000
unkown
page read and write
292136E0000
trusted library allocation
page read and write
2921161A000
heap
page read and write
7FF5ED39B000
unkown
page readonly
7FF5EDA53000
unkown
page readonly
292135E2000
heap
page read and write
A502000
unkown
page read and write
9B20000
heap
page read and write
7FF5ED996000
unkown
page readonly
A502000
unkown
page read and write
7FF5ED9E1000
unkown
page readonly
7FF5ED412000
unkown
page readonly
7FF5ED74A000
unkown
page readonly
8F2F000
unkown
page read and write
7FF5ED697000
unkown
page readonly
1490000
unkown
page read and write
292135E0000
heap
page read and write
C49E000
stack
page read and write
7FF5ED602000
unkown
page readonly
1E488C38000
heap
page read and write
F5A3000
unkown
page read and write
7FF5EDA76000
unkown
page readonly
E52F77F000
trusted library allocation
page read and write
10D0000
heap
page read and write
7B9E5BE000
stack
page read and write
3240000
unkown
page read and write
7FF5ED5F7000
unkown
page readonly
2921341E000
heap
page read and write
7FF5ED1E0000
unkown
page readonly
F31C000
stack
page read and write
292136E0000
trusted library allocation
page read and write
1210000
unkown
page readonly
A4B8000
unkown
page read and write
2921161A000
heap
page read and write
2921164E000
heap
page read and write
37AC000
unkown
page read and write
29213438000
heap
page read and write
A327000
unkown
page read and write
7FF5ED50A000
unkown
page readonly
7FF5ED426000
unkown
page readonly
1D164F7E000
heap
page read and write
7FF5ED286000
unkown
page readonly
C6C1000
unkown
page read and write
B8AB000
stack
page read and write
B170000
unkown
page readonly
B4AE000
stack
page read and write
C4A0000
unkown
page read and write
1E81B5B5000
heap
page read and write
E52F77F000
trusted library allocation
page read and write
292136E0000
trusted library allocation
page read and write
7DF4F3051000
unkown
page execute read
29211644000
heap
page read and write
3220000
unkown
page readonly
7FF5ED695000
unkown
page readonly
292115AE000
heap
page read and write
7FF5ED810000
unkown
page readonly
787C000
unkown
page read and write
C962000
unkown
page read and write
1D1651E5000
heap
page read and write
7FF5ED885000
unkown
page readonly
292136E0000
trusted library allocation
page read and write
276958C0000
heap
page read and write
180025000
unkown
page readonly
2921163E000
heap
page read and write
292115EF000
heap
page read and write
7FF5ED534000
unkown
page readonly
7FF5ED73D000
unkown
page readonly
E52FC75000
trusted library allocation
page read and write
785D000
unkown
page read and write
AAF6000
unkown
page read and write
B640000
unkown
page read and write
21B04340000
heap
page read and write
1D1651B0000
heap
page read and write
797D000
unkown
page read and write
22514BF8000
heap
page read and write
E52FC72000
stack
page read and write
E52F77F000
trusted library allocation
page read and write
76A0000
unkown
page read and write
7FF5ED6B9000
unkown
page readonly
89E0000
unkown
page read and write
7FF5ED3A7000
unkown
page readonly
4B90000
unkown
page read and write
C49E000
stack
page read and write
4BE3000
unkown
page read and write
3791000
unkown
page read and write
4B50000
unkown
page read and write
C811000
unkown
page read and write
7FF5ED1BC000
unkown
page readonly
1230000
unkown
page read and write
3756000
unkown
page read and write
2921161A000
heap
page read and write
7FF5EDA53000
unkown
page readonly
7C90000
unkown
page read and write
7FF5ED426000
unkown
page readonly
7FF5ED279000
unkown
page readonly
9881000
unkown
page read and write
7847000
unkown
page read and write
7FF5ED505000
unkown
page readonly
8730000
unkown
page read and write
7FF5ED87D000
unkown
page readonly
7FF5ED4B0000
unkown
page readonly
7FF5ED5CE000
unkown
page readonly
AAF2000
unkown
page read and write
7FF5ED9BE000
unkown
page readonly
AAF6000
unkown
page read and write
7FF5EDA14000
unkown
page readonly
29211735000
heap
page read and write
85018BC000
stack
page read and write
7FF5ED42B000
unkown
page readonly
14B0000
unkown
page readonly
F71D000
stack
page read and write
7884000
unkown
page read and write
7FF5ED9E1000
unkown
page readonly
A479000
unkown
page read and write
7FF5ED5F7000
unkown
page readonly
CA63000
unkown
page read and write
7FF5ED3F3000
unkown
page readonly
C6CF000
unkown
page read and write
180025000
unkown
page readonly
292115EF000
heap
page read and write
7FF5ED9FF000
unkown
page readonly
7FF5ED97A000
unkown
page readonly
7FF5ED286000
unkown
page readonly
292136E0000
trusted library allocation
page read and write
97C3000
unkown
page read and write
1D164F7E000
heap
page read and write
E52FC75000
trusted library allocation
page read and write
5641000
unkown
page read and write
97B5000
unkown
page read and write
1D164F6E000
heap
page read and write
A09B000
stack
page read and write
785D000
unkown
page read and write
FAFE000
unkown
page read and write
FAD1000
unkown
page read and write
7FF5ED803000
unkown
page readonly
7FF5ED7F1000
unkown
page readonly
1E488E25000
heap
page read and write
56D9000
unkown
page read and write
7FF5ED6DB000
unkown
page readonly
180000000
unkown
page readonly
4C50000
unkown
page read and write
7FF5ED418000
unkown
page readonly
29211550000
heap
page read and write
B6A0000
heap
page read and write
379E000
unkown
page read and write
C6F4000
unkown
page read and write
7FF5ED793000
unkown
page readonly
CCE15FE000
stack
page read and write
9B0000
heap
page read and write
7FF5ED670000
unkown
page readonly
9883000
unkown
page read and write
1E488C1B000
heap
page read and write
1500000
heap
page read and write
9D62000
unkown
page read and write
29213010000
direct allocation
page read and write
1E488C30000
heap
page read and write
A4FC000
unkown
page read and write
7857000
unkown
page read and write
29211644000
heap
page read and write
7FF5ED669000
unkown
page readonly
AB4D000
unkown
page read and write
C6C9000
unkown
page read and write
7FF5ED4BB000
unkown
page readonly
E52FC75000
trusted library allocation
page read and write
C8E1000
unkown
page read and write
1370000
unkown
page read and write
C9CE000
unkown
page read and write
7FF5ED669000
unkown
page readonly
986B000
unkown
page read and write
E52F77F000
trusted library allocation
page read and write
4B50000
unkown
page read and write
786B000
unkown
page read and write
3758000
unkown
page read and write
292136E0000
trusted library allocation
page read and write
7DF4F0231000
direct allocation
page read and write
A391000
unkown
page read and write
3148000
unkown
page read and write
7FF5ED556000
unkown
page readonly
2921163E000
heap
page read and write
7FF5ED9D6000
unkown
page readonly
4BDC000
unkown
page read and write
C41F000
stack
page read and write
F5E6000
unkown
page read and write
AAD1000
unkown
page read and write
7FF5ED39E000
unkown
page readonly
18003B000
unkown
page readonly
5641000
unkown
page read and write
1451000
unkown
page readonly
C88B000
unkown
page read and write
A327000
unkown
page read and write
7FF5ED86B000
unkown
page readonly
37F2000
unkown
page read and write
7FF5ED853000
unkown
page readonly
7FF5ED849000
unkown
page readonly
7FF5ED265000
unkown
page readonly
AF0C000
stack
page read and write
180001000
unkown
page execute read
7FF5ED471000
unkown
page readonly
E18FC7C000
stack
page read and write
97AD000
unkown
page read and write
292115EC000
heap
page read and write
292136E0000
trusted library allocation
page read and write
7FF5ED4FD000
unkown
page readonly
9879000
unkown
page read and write
2921343A000
heap
page read and write
37B0000
unkown
page read and write
7CA0000
unkown
page read and write
37F6000
unkown
page read and write
29213401000
heap
page read and write
7FF5ED821000
unkown
page readonly
2921161C000
heap
page read and write
C6D8000
unkown
page read and write
CCE14FF000
stack
page read and write
180038000
unkown
page read and write
292135E0000
heap
page read and write
7FF5EDA76000
unkown
page readonly
E52FC7F000
stack
page read and write
7FF5ED55F000
unkown
page readonly
1D164F7E000
heap
page read and write
1E488D60000
heap
page read and write
B5AE000
stack
page read and write
FAE2000
unkown
page read and write
7FF5ED9A1000
unkown
page readonly
7FF5ED9BE000
unkown
page readonly
7FF5EDA47000
unkown
page readonly
7FF5ED670000
unkown
page readonly
7FF5ED516000
unkown
page readonly
1E488BF0000
heap
page read and write
7FF5ED4C6000
unkown
page readonly
7FF5ED956000
unkown
page readonly
29211710000
heap
page read and write
7FF5ED62F000
unkown
page readonly
E52FAFB000
stack
page read and write
6CBFEFF000
stack
page read and write
23484800000
heap
page read and write
C700000
unkown
page read and write
784A000
unkown
page read and write
97A9000
unkown
page read and write
7FF5ED4C6000
unkown
page readonly
7FF5ED59E000
unkown
page readonly
7FF5ED818000
unkown
page readonly
4B56000
unkown
page read and write
3209000
stack
page read and write
7FF5ED80C000
unkown
page readonly
E52F775000
trusted library allocation
page read and write
A491000
unkown
page read and write
253AE200000
heap
page read and write
7DF4F3071000
unkown
page execute read
292115EF000
heap
page read and write
7FF5ED86B000
unkown
page readonly
8860000
unkown
page read and write
4C60000
unkown
page read and write
C7C5000
unkown
page read and write
4CE0000
unkown
page read and write
292135E2000
heap
page read and write
22514B50000
heap
page read and write
A364000
unkown
page read and write
B140000
unkown
page readonly
29211644000
heap
page read and write
9A5B000
unkown
page read and write
7DF4F3041000
unkown
page execute read
292136E0000
trusted library allocation
page read and write
1510000
unkown
page readonly
2921163E000
heap
page read and write
7FF5ED412000
unkown
page readonly
7FF5EDA08000
unkown
page readonly
292136E0000
trusted library allocation
page read and write
2921159F000
heap
page read and write
3791000
unkown
page read and write
9871000
unkown
page read and write
E52F77F000
trusted library allocation
page read and write
B190000
unkown
page read and write
9BB000
heap
page read and write
292136E0000
trusted library allocation
page read and write
1D164F76000
heap
page read and write
C54A000
unkown
page read and write
253AADE4000
heap
page read and write
C964000
unkown
page read and write
7FF5ED2A9000
unkown
page readonly
7FF5ED3A7000
unkown
page readonly
7FF5ED800000
unkown
page readonly
F564000
unkown
page read and write
7FF5ED7D6000
unkown
page readonly
896B000
stack
page read and write
AB5F000
unkown
page read and write
7FF5ED97E000
unkown
page readonly
1095000
stack
page read and write
AB5F000
unkown
page read and write
7FF5ED4A1000
unkown
page readonly
7FF5ED9D9000
unkown
page readonly
37F9000
unkown
page read and write
292136E0000
trusted library allocation
page read and write
7FF5ED445000
unkown
page readonly
331E000
stack
page read and write
FAEC000
unkown
page read and write
7DF4F0290000
direct allocation
page readonly
BFA507F000
stack
page read and write
C4D0000
unkown
page read and write
6CBFF7F000
stack
page read and write
7FF5ED476000
unkown
page readonly
7FFE000
stack
page read and write
7FF5ED97E000
unkown
page readonly
23482E60000
heap
page read and write
29211648000
heap
page read and write
FAE6000
unkown
page read and write
292135B9000
heap
page read and write
292136E0000
trusted library allocation
page read and write
C57F000
unkown
page read and write
14B0000
unkown
page readonly
292115AE000
heap
page read and write
7FF5ED5C1000
unkown
page readonly
9871000
unkown
page read and write
2420000
heap
page read and write
7FF5ED8AC000
unkown
page readonly
26328810000
heap
page read and write
253AADE4000
heap
page read and write
9B20000
heap
page read and write
29211641000
heap
page read and write
7FF5ED942000
unkown
page readonly
AA90000
unkown
page read and write
1D164F76000
heap
page read and write
7FF5ED534000
unkown
page readonly
1CDFEE10000
heap
page read and write
3659000
stack
page read and write
7FF5ED210000
unkown
page readonly
1D1651E0000
heap
page read and write
292134C4000
heap
page read and write
C54A000
unkown
page read and write
9885000
unkown
page read and write
292136E0000
trusted library allocation
page read and write
1E48C490000
trusted library allocation
page read and write
29213401000
heap
page read and write
2921164D000
heap
page read and write
E52FC75000
trusted library allocation
page read and write
7FF5ED1CC000
unkown
page readonly
8208000
stack
page read and write
7FF5ED915000
unkown
page readonly
CBF2000
unkown
page read and write
7FF5ED7E9000
unkown
page readonly
23482F09000
heap
page read and write
E52F97E000
stack
page read and write
292134C4000
heap
page read and write
2921159F000
heap
page read and write
7FF5ED4C2000
unkown
page readonly
7861000
unkown
page read and write
37A8000
unkown
page read and write
7F30000
unkown
page read and write
253AADDF000
heap
page read and write
8EC4000
unkown
page read and write
292115EF000
heap
page read and write
7FF5ED26E000
unkown
page readonly
7FF5ED40D000
unkown
page readonly
76C0000
unkown
page read and write
4BE1000
unkown
page read and write
3131000
unkown
page read and write
7FF5ED986000
unkown
page readonly
2921164E000
heap
page read and write
7852000
unkown
page read and write
7FF5ED3D0000
unkown
page readonly
2921161A000
heap
page read and write
E52FC75000
trusted library allocation
page read and write
7FF5ED50A000
unkown
page readonly
29211649000
heap
page read and write
292136E0000
trusted library allocation
page read and write
1370000
unkown
page read and write
7FF5ED4E8000
unkown
page readonly
E52FC7F000
trusted library allocation
page read and write
A776DDF000
stack
page read and write
7FF5ED81B000
unkown
page readonly
E52FC7F000
trusted library allocation
page read and write
7FF5EDA69000
unkown
page readonly
3738000
unkown
page read and write
292136E0000
trusted library allocation
page read and write
C52C000
unkown
page read and write
292115EF000
heap
page read and write
1CDFF055000
heap
page read and write
292134C4000
heap
page read and write
BA72000
heap
page read and write
7FF5ED980000
unkown
page readonly
23482EF0000
heap
page read and write
A375000
unkown
page read and write
8B60000
unkown
page readonly
A39B000
unkown
page read and write
2921161C000
heap
page read and write
292136E0000
trusted library allocation
page read and write
23482D80000
heap
page read and write
29211641000
heap
page read and write
7DF4F3030000
unkown
page readonly
A494000
unkown
page read and write
7FF5ED4B4000
unkown
page readonly
7FF5ED74A000
unkown
page readonly
1510000
unkown
page readonly
F664000
unkown
page read and write
4BA6000
unkown
page read and write
9ADB000
stack
page read and write
3748000
unkown
page read and write
A01E000
stack
page read and write
7FF5ED9D6000
unkown
page readonly
7FF5ED505000
unkown
page readonly
7FF5ED779000
unkown
page readonly
7FF5ED433000
unkown
page readonly
1483000
heap
page read and write
253AADEC000
heap
page read and write
7FF5ED7CF000
unkown
page readonly
A4B8000
unkown
page read and write
E52F67C000
stack
page read and write
E52FC7F000
trusted library allocation
page read and write
7FF5ED660000
unkown
page readonly
7FF5EDA38000
unkown
page readonly
7FF5ED77C000
unkown
page readonly
1500000
heap
page read and write
E52FC75000
trusted library allocation
page read and write
2921161A000
heap
page read and write
7FF5ED793000
unkown
page readonly
29212FD0000
direct allocation
page execute and read and write
BAF9000
stack
page read and write
A7FD67F000
stack
page read and write
3590000
unkown
page read and write
7FF5ED625000
unkown
page readonly
1D164F9B000
heap
page read and write
C6F8000
unkown
page read and write
7FF5ED2A4000
unkown
page readonly
2921161A000
heap
page read and write
22514B40000
heap
page read and write
3220000
unkown
page readonly
7FF5ED844000
unkown
page readonly
E52FC75000
trusted library allocation
page read and write
7FF5ED43D000
unkown
page readonly
292135B9000
heap
page read and write
4BC9000
unkown
page read and write
E52F775000
trusted library allocation
page read and write
CCE113C000
stack
page read and write
4B90000
unkown
page read and write
C857000
unkown
page read and write
7FF5D1CD4000
unkown
page readonly
7DF4F3030000
unkown
page readonly
968B000
unkown
page read and write
7FF5ED33F000
unkown
page readonly
F539000
unkown
page read and write
292115AE000
heap
page read and write
5FB000
stack
page read and write
7FF5EDA2A000
unkown
page readonly
33B9000
stack
page read and write
253AADF5000
heap
page read and write
180025000
unkown
page readonly
7FF5ED743000
unkown
page readonly
1200000
unkown
page readonly
7FF5ED404000
unkown
page readonly
292136E0000
trusted library allocation
page read and write
B190000
unkown
page read and write
7FF5ED495000
unkown
page readonly
E52FB7F000
stack
page read and write
4B93000
unkown
page read and write
8A6E000
stack
page read and write
3250000
unkown
page execute and read and write
FAE6000
unkown
page read and write
9DED000
stack
page read and write
2921343A000
heap
page read and write
787C000
unkown
page read and write
253AAE09000
heap
page read and write
F5EB000
unkown
page read and write
7C80000
unkown
page read and write
C5A0000
unkown
page read and write
C10A000
stack
page read and write
2921164C000
heap
page read and write
DE0000
unkown
page readonly
9795000
unkown
page read and write
1E488C0B000
heap
page read and write
7FF5ED942000
unkown
page readonly
AB14000
unkown
page read and write
7CD0000
unkown
page read and write
180025000
unkown
page readonly
29211648000
heap
page read and write
A77707F000
stack
page read and write
7FF5ED933000
unkown
page readonly
1E488C26000
heap
page read and write
BC9B000
stack
page read and write
818E000
stack
page read and write
2921157C000
heap
page read and write
292136E0000
trusted library allocation
page read and write
7C80000
unkown
page read and write
4BC9000
unkown
page read and write
98A8000
unkown
page read and write
785F000
unkown
page read and write
2921161A000
heap
page read and write
7FF5ED996000
unkown
page readonly
10C0000
unkown
page readonly
29211648000
heap
page read and write
E52FA7F000
stack
page read and write
A375000
unkown
page read and write
A50B000
unkown
page read and write
8BF0000
unkown
page readonly
CA08000
unkown
page read and write
7FF5ED4A1000
unkown
page readonly
2921164E000
heap
page read and write
1D165120000
heap
page read and write
79B1000
unkown
page read and write
29211648000
heap
page read and write
93BE000
stack
page read and write
292136E0000
trusted library allocation
page read and write
21B04350000
heap
page read and write
7FF5ED449000
unkown
page readonly
4B93000
unkown
page read and write
B8B0000
unkown
page read and write
26E7A1000
direct allocation
page execute and read and write
91B9000
stack
page read and write
7863000
unkown
page read and write
7FF5ED928000
unkown
page readonly
7FF5ED3CE000
unkown
page readonly
C57F000
unkown
page read and write
1210000
unkown
page readonly
7FF5ED516000
unkown
page readonly
F81C000
stack
page read and write
AB1F000
unkown
page read and write
22514BF0000
heap
page read and write
33B9000
stack
page read and write
AB4D000
unkown
page read and write
7FF5ED755000
unkown
page readonly
253AAD00000
heap
page read and write
1483000
heap
page read and write
CA42000
unkown
page read and write
C4D0000
unkown
page read and write
10D0000
heap
page read and write
E52F77F000
trusted library allocation
page read and write
CB83000
unkown
page read and write
13B1000
unkown
page execute and read and write
79D3000
unkown
page read and write
253AADE1000
heap
page read and write
7FF5ED2A9000
unkown
page readonly
1230000
unkown
page read and write
7FF5ED5C5000
unkown
page readonly
7CA0000
unkown
page read and write
C5A3000
unkown
page read and write
7FF5ED342000
unkown
page readonly
E52F775000
trusted library allocation
page read and write
7DF4F3051000
unkown
page execute read
27695890000
heap
page read and write
965C000
stack
page read and write
292133E0000
heap
page read and write
36F0000
unkown
page readonly
8860000
unkown
page read and write
8F2F000
unkown
page read and write
A433000
unkown
page read and write
7F40000
unkown
page readonly
7FF5ED26E000
unkown
page readonly
292115EF000
heap
page read and write
7FF5ED847000
unkown
page readonly
4BE1000
unkown
page read and write
B650000
unkown
page read and write
180000000
unkown
page readonly
292136E0000
trusted library allocation
page read and write
29211648000
heap
page read and write
19F42468000
heap
page read and write
1D164F85000
heap
page read and write
7FF5ED937000
unkown
page readonly
A323000
unkown
page read and write
7FF5ED814000
unkown
page readonly
79D3000
unkown
page read and write
B10D000
stack
page read and write
E52F775000
trusted library allocation
page read and write
21B04540000
heap
page read and write
7FF5ED800000
unkown
page readonly
7695000
stack
page read and write
B640000
unkown
page read and write
7FF5ED64F000
unkown
page readonly
6CBD27C000
stack
page read and write
9AE0000
unkown
page read and write
292115E9000
heap
page read and write
797D000
unkown
page read and write
B8C0000
unkown
page readonly
E52FC7F000
trusted library allocation
page read and write
2921163E000
heap
page read and write
7852000
unkown
page read and write
1D164F84000
heap
page read and write
3290000
unkown
page read and write
987B000
unkown
page read and write
7FF5ED850000
unkown
page readonly
29211730000
heap
page read and write
292115EF000
heap
page read and write
7FF5ED750000
unkown
page readonly
E52FC7F000
trusted library allocation
page read and write
B150000
unkown
page read and write
A37D000
unkown
page read and write
21B04560000
heap
page read and write
C846000
unkown
page read and write
9798000
unkown
page read and write
7FF5ED93B000
unkown
page readonly
923E000
stack
page read and write
29211649000
heap
page read and write
97D4000
unkown
page read and write
1E48A710000
heap
page read and write
7FF5ED4B4000
unkown
page readonly
7FF5ED46E000
unkown
page readonly
A379000
unkown
page read and write
292136E0000
trusted library allocation
page read and write
292136E0000
trusted library allocation
page read and write
F522000
unkown
page read and write
7FF5ED64F000
unkown
page readonly
C6C1000
unkown
page read and write
7867000
unkown
page read and write
292135B9000
heap
page read and write
263285D0000
heap
page read and write
E52F867000
stack
page read and write
23482EA0000
heap
page read and write
8000000
unkown
page read and write
FAA0000
unkown
page read and write
292136E0000
trusted library allocation
page read and write
7E50000
unkown
page readonly
7D40000
unkown
page read and write
FAE2000
unkown
page read and write
A776D5D000
stack
page read and write
CA7C000
unkown
page read and write
7DF4F3031000
unkown
page execute read
29211648000
heap
page read and write
4C18000
unkown
page read and write
1E488C14000
heap
page read and write
7FF5ED3EA000
unkown
page readonly
1CDFEF40000
heap
page read and write
7FF5ED867000
unkown
page readonly
7D00000
unkown
page readonly
9873000
unkown
page read and write
8720000
unkown
page readonly
7FF5ED5C9000
unkown
page readonly
FADD000
unkown
page read and write
292115E2000
heap
page read and write
1D1651EB000
heap
page read and write
3290000
unkown
page read and write
89C0000
unkown
page read and write
2921164D000
heap
page read and write
29211644000
heap
page read and write
7FF5ED8C6000
unkown
page readonly
180038000
unkown
page read and write
2921163B000
heap
page read and write
26328865000
heap
page read and write
7F40000
unkown
page readonly
AB51000
unkown
page read and write
292136E0000
trusted library allocation
page read and write
B005000
stack
page read and write
2921164C000
heap
page read and write
3758000
unkown
page read and write
BC9B000
stack
page read and write
89C0000
unkown
page read and write
7FF5ED602000
unkown
page readonly
78A0000
unkown
page read and write
2921161A000
heap
page read and write
7FF5ED850000
unkown
page readonly
2921164D000
heap
page read and write
CB83000
unkown
page read and write
7C90000
unkown
page read and write
18A0000
unkown
page readonly
7FF5ED4F3000
unkown
page readonly
There are 1737 hidden memdumps, click here to show them.