IOC Report
mQY9ka5sW6hv2Ri.exe

loading gif

Files

File Path
Type
Category
Malicious
mQY9ka5sW6hv2Ri.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\mQY9ka5sW6hv2Ri.exe.log
ASCII text, with CRLF line terminators
dropped
 malicious

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\mQY9ka5sW6hv2Ri.exe
"C:\Users\user\Desktop\mQY9ka5sW6hv2Ri.exe"
 malicious
C:\Users\user\Desktop\mQY9ka5sW6hv2Ri.exe
"C:\Users\user\Desktop\mQY9ka5sW6hv2Ri.exe"
 malicious
C:\Users\user\Desktop\mQY9ka5sW6hv2Ri.exe
"C:\Users\user\Desktop\mQY9ka5sW6hv2Ri.exe"
 malicious
C:\Users\user\Desktop\mQY9ka5sW6hv2Ri.exe
"C:\Users\user\Desktop\mQY9ka5sW6hv2Ri.exe"
 malicious
C:\Windows\explorer.exe
C:\Windows\Explorer.EXE
 malicious
C:\Windows\SysWOW64\msdt.exe
"C:\Windows\SysWOW64\msdt.exe"
 malicious
C:\Windows\SysWOW64\cmd.exe
/c del "C:\Users\user\Desktop\mQY9ka5sW6hv2Ri.exe"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

URLs

Name
IP
Malicious
http://www.sdplat.media/dy13/?Cj9LK=8pm41D0p&0N=ZKZE34nO5+VJCQ7V97/Oxkx+yV2XZDJ4QNe5btj3ut8Iv1OZ3MT37vqx38H3jKbLJXyY
3.226.182.14
 malicious
http://www.real-estate-96841.bond/dy13/?Cj9LK=8pm41D0p&0N=QEHoM+aYI3hCf+czBdOSz9RRIKYxAFZVZwkeDGKMWY6YfTbawsJCAKRBbAifn9DzIiC0
185.53.179.90
 malicious
http://www.umeshraja.com/dy13/?Cj9LK=8pm41D0p&0N=LqTJXJ5089mrTceMc0p83ZaAEN5I+KgWBnSPa3/fnIguC6SsnRdV26ZHA6opskXgqsBG
3.33.130.190
 malicious
http://www.883106.photos/dy13/?0N=AG4Ye1FrkmCiFPqbKlnZ1dM6YK/DoI/B/9McINMFJI+SypkU6UbY406xkx1Fqy5gp249&Cj9LK=8pm41D0p
147.92.43.172
 malicious
http://www.b0ba138.xyz/dy13/?Cj9LK=8pm41D0p&0N=LVVXn+3XMgScWvA+gustfxAGGBCnrJhvM+qFjqFs2KSrXwfcw3kbTxGlCeyN42Y88s8h
104.21.74.89
 malicious
http://www.cpuk-finance.com/dy13/?Cj9LK=8pm41D0p&0N=gDxxMnt83apdqDd0VF+A3hDmBOM78/3mfYHyjE1VNrqBuQQdV+RDpqUMPHOMA9Jp0yBU
185.151.30.212
 malicious
https://aka.ms/odirmr
unknown
http://www.manga-house.com
unknown
http://www.bdsmnutzbar.info/dy13/H
unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
unknown
http://www.umeshraja.comReferer:
unknown
https://api.msn.com:443/v1/news/Feed/Windows?
unknown
http://www.real-estate-96841.bond/dy13/
unknown
http://www.883106.photosReferer:
unknown
http://www.fontbureau.com/designers
unknown
http://www.acc-pay.top
unknown
http://www.bdsmnutzbar.infoReferer:
unknown
https://excel.office.com
unknown
http://www.sdplat.mediaReferer:
unknown
http://www.883106.photos/dy13/
unknown
https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-we
unknown
https://simpleflying.com/how-do-you-become-an-air-traffic-controller/
unknown
http://www.sajatypeworks.com
unknown
http://www.founder.com.cn/cn/cThe
unknown
http://www.cpuk-finance.comReferer:
unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY
unknown
http://www.sdplat.media
unknown
http://www.484844.vip/dy13/www.manga-house.com
unknown
http://www.taini00.netReferer:
unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark
unknown
http://www.galapagosdesign.com/DPlease
unknown
https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
unknown
http://www.cpuk-finance.com
unknown
http://www.manga-house.comReferer:
unknown
http://www.urwpp.deDPlease
unknown
http://www.acc-pay.top/dy13/www.umeshraja.com
unknown
http://www.zhongyicts.com.cn
unknown
http://www.883106.photos
unknown
http://www.soloparentconnect.com/dy13/
unknown
http://www.real-estate-96841.bond/dy13/www.taini00.net
unknown
http://www.acc-pay.top/dy13/
unknown
http://www.real-estate-96841.bondReferer:
unknown
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg
unknown
http://www.autoitscript.com/autoit3/J
unknown
https://wns.windows.com/L
unknown
https://word.office.com
unknown
http://www.soloparentconnect.com/dy13/www.b0ba138.xyz
unknown
https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
unknown
http://www.tyupok.xyz/dy13/www.484844.vip
unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu
unknown
https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win
unknown
http://www.soloparentconnect.com
unknown
http://www.taini00.net
unknown
https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
unknown
http://schemas.micr
unknown
https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-
unknown
http://www.carterandcone.coml
unknown
http://www.freedompopo.com/dy13/www.bdsmnutzbar.info
unknown
http://www.umeshraja.com
unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu
unknown
http://www.fontbureau.com/designers/frere-user.html
unknown
http://www.484844.vip
unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-dark
unknown
https://www.rd.com/list/polite-habits-campers-dislike/
unknown
http://www.tyupok.xyz/dy13/
unknown
http://www.883106.photos/dy13/www.tyupok.xyz
unknown
http://www.carefulapp.com
unknown
https://android.notify.windows.com/iOS
unknown
http://www.carefulapp.com/dy13/
unknown
https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img
unknown
http://www.sdplat.media/dy13/www.soloparentconnect.com
unknown
https://outlook.com_
unknown
http://www.cpuk-finance.com/dy13/
unknown
https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppe
unknown
http://www.484844.vipReferer:
unknown
https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at
unknown
http://www.b0ba138.xyzReferer:
unknown
http://www.real-estate-96841.bond
unknown
http://www.fontbureau.com/designersG
unknown
http://schemas.mi
unknown
http://www.fontbureau.com/designers/?
unknown
http://www.founder.com.cn/cn/bThe
unknown
http://www.fontbureau.com/designers?
unknown
https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl
unknown
http://www.imuschestvostorgov.onlineReferer:
unknown
http://www.taini00.net/dy13/
unknown
https://powerpoint.office.comcember
unknown
http://www.bdsmnutzbar.info/dy13/
unknown
http://www.tiro.com
unknown
https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re-
unknown
http://www.cpuk-finance.com/dy13/www.acc-pay.top
unknown
http://www.goodfont.co.kr
unknown
http://schemas.micro
unknown
http://www.carefulapp.comReferer:
unknown
http://www.typography.netD
unknown
http://www.galapagosdesign.com/staff/dennis.htm
unknown
http://www.carefulapp.com/dy13/www.freedompopo.com
unknown
http://www.umeshraja.com/dy13/
unknown
https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
unknown
http://www.sdplat.media/dy13/
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
www.real-estate-96841.bond
185.53.179.90
 malicious
umeshraja.com
3.33.130.190
 malicious
soloparentconnect.com
3.33.130.190
 malicious
www.b0ba138.xyz
104.21.74.89
 malicious
reticulated-garbanzo-p6jx8r0u3hbz71yu1pcvzfk0.herokudns.com
3.226.182.14
 malicious
www.cpuk-finance.com
185.151.30.212
 malicious
2tduz67r.as66588.com
147.92.43.172
 malicious
www.soloparentconnect.com
unknown
 malicious
www.imuschestvostorgov.online
unknown
 malicious
www.883106.photos
unknown
 malicious
www.484844.vip
unknown
 malicious
www.acc-pay.top
unknown
 malicious
www.sdplat.media
unknown
 malicious
www.taini00.net
unknown
 malicious
www.umeshraja.com
unknown
 malicious
There are 5 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
3.226.182.14
reticulated-garbanzo-p6jx8r0u3hbz71yu1pcvzfk0.herokudns.com
United States
malicious
185.53.179.90
www.real-estate-96841.bond
Germany
malicious
185.151.30.212
www.cpuk-finance.com
United Kingdom
malicious
3.33.130.190
umeshraja.com
United States
malicious
147.92.43.172
2tduz67r.as66588.com
Hong Kong
malicious
104.21.74.89
www.b0ba138.xyz
United States
malicious

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
{5985FC23-2588-4D9A-B38B-7E7AFFAB3155} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
{A38B883C-1682-497E-97B0-0A3A9E801682} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\24\417C44EB
@explorerframe.dll,-13137
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\24\417C44EB
@explorerframe.dll,-13138
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithProgids
Unpacker
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Shell\Bags\1\Desktop
IconLayouts
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Security and Maintenance\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.102
CheckSetting
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
TaskbarStateLastRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021492-0000-0000-C000-000000000046}\Enum
Implementing
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
TaskbarStateLastRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021492-0000-0000-C000-000000000046}\Enum
Implementing
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\OpenWithProgids
WMP11.AssocFile.3G2
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\OpenWithProgids
WMP11.AssocFile.3GP
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\OpenWithProgids
WMP11.AssocFile.3G2
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\OpenWithProgids
WMP11.AssocFile.3GP
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\OpenWithProgids
WMP11.AssocFile.ADTS
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adt\OpenWithProgids
WMP11.AssocFile.ADTS
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adts\OpenWithProgids
WMP11.AssocFile.ADTS
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\OpenWithProgids
WMP11.AssocFile.AIFF
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\OpenWithProgids
WMP11.AssocFile.AIFF
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\OpenWithProgids
WMP11.AssocFile.AIFF
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\OpenWithProgids
WMP11.AssocFile.ASF
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\OpenWithProgids
WMP11.AssocFile.ASX
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\OpenWithProgids
WMP11.AssocFile.AU
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au3\OpenWithProgids
AutoIt3Script
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\OpenWithProgids
WMP11.AssocFile.AVI
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\OpenWithProgids
Paint.Picture
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cab\OpenWithProgids
CABFolder
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdxml\OpenWithProgids
Microsoft.PowerShellCmdletDefinitionXML.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.css\OpenWithProgids
CSSfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.csv\OpenWithProgids
Excel.CSV
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dds\OpenWithProgids
ddsfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\OpenWithProgids
Paint.Picture
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dll\OpenWithProgids
dllfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\OpenWithProgids
Word.Document.8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docm\OpenWithProgids
Word.DocumentMacroEnabled.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\OpenWithProgids
Word.Document.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dot\OpenWithProgids
Word.Template.8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dotm\OpenWithProgids
Word.TemplateMacroEnabled.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dotx\OpenWithProgids
Word.Template.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\OpenWithProgids
emffile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids
exefile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\OpenWithProgids
WMP11.AssocFile.FLAC
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fon\OpenWithProgids
fonfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\OpenWithProgids
giffile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids
htmlfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithProgids
htmlfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\OpenWithProgids
icofile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inf\OpenWithProgids
inffile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ini\OpenWithProgids
inifile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\OpenWithProgids
pjpegfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\OpenWithProgids
jpegfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jxr\OpenWithProgids
wdpfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lnk\OpenWithProgids
lnkfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\OpenWithProgids
WMP11.AssocFile.MPEG
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\OpenWithProgids
WMP11.AssocFile.M2TS
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\OpenWithProgids
WMP11.AssocFile.M2TS
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\OpenWithProgids
WMP11.AssocFile.MPEG
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\OpenWithProgids
WMP11.AssocFile.m3u
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\OpenWithProgids
WMP11.AssocFile.M4A
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\OpenWithProgids
WMP11.AssocFile.MP4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\OpenWithProgids
mhtmlfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\OpenWithProgids
WMP11.AssocFile.MIDI
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mk3d\OpenWithProgids
WMP11.AssocFile.MK3D
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mka\OpenWithProgids
WMP11.AssocFile.MKA
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\OpenWithProgids
WMP11.AssocFile.MKV
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\OpenWithProgids
WMP11.AssocFile.MOV
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MP2\OpenWithProgids
WMP11.AssocFile.MP3
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\OpenWithProgids
WMP11.AssocFile.MPEG
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\OpenWithProgids
WMP11.AssocFile.MP3
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\OpenWithProgids
WMP11.AssocFile.MP4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msg\OpenWithProgids
Outlook.File.msg.15
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\OpenWithProgids
WMP11.AssocFile.M2TS
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ocx\OpenWithProgids
ocxfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.odp\OpenWithProgids
PowerPoint.OpenDocumentPresentation.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ods\OpenWithProgids
Excel.OpenDocumentSpreadsheet.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.odt\OpenWithProgids
Word.OpenDocumentText.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.otf\OpenWithProgids
otffile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\OpenWithProgids
pngfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pot\OpenWithProgids
PowerPoint.Template.8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.potm\OpenWithProgids
PowerPoint.TemplateMacroEnabled.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.potx\OpenWithProgids
PowerPoint.Template.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppam\OpenWithProgids
PowerPoint.Addin.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppsm\OpenWithProgids
PowerPoint.SlideShowMacroEnabled.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppsx\OpenWithProgids
PowerPoint.SlideShow.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppt\OpenWithProgids
PowerPoint.Show.8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pptm\OpenWithProgids
PowerPoint.ShowMacroEnabled.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pptx\OpenWithProgids
PowerPoint.Show.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ps1\OpenWithProgids
Microsoft.PowerShellScript.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ps1xml\OpenWithProgids
Microsoft.PowerShellXMLData.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd1\OpenWithProgids
Microsoft.PowerShellData.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psm1\OpenWithProgids
Microsoft.PowerShellModule.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pssc\OpenWithProgids
Microsoft.PowerShellSessionConfiguration.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\OpenWithProgids
rlefile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\OpenWithProgids
WMP11.AssocFile.MIDI
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rtf\OpenWithProgids
Word.RTF.8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.scf\OpenWithProgids
SHCmdFile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.search-ms\OpenWithProgids
SearchFolder
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithProgids
shtmlfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sldm\OpenWithProgids
PowerPoint.SlideMacroEnabled.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sldx\OpenWithProgids
PowerPoint.Slide.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\OpenWithProgids
WMP11.AssocFile.AU
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sys\OpenWithProgids
sysfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\OpenWithProgids
TIFImage.Document
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\OpenWithProgids
WMP11.AssocFile.TTS
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\OpenWithProgids
ttcfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\OpenWithProgids
ttffile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\OpenWithProgids
WMP11.AssocFile.TTS
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithProgids
txtfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vsto\OpenWithProgids
bootstrap.vsto.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\OpenWithProgids
WMP11.AssocFile.WAV
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\OpenWithProgids
WMP11.AssocFile.WAX
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdp\OpenWithProgids
wdpfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\OpenWithProgids
WMP11.AssocFile.ASF
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\OpenWithProgids
WMP11.AssocFile.WMA
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\OpenWithProgids
wmffile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\OpenWithProgids
WMP11.AssocFile.WMV
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\OpenWithProgids
WMP11.AssocFile.ASX
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WPL\OpenWithProgids
WMP11.AssocFile.WPL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\OpenWithProgids
WMP11.AssocFile.WVX
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlam\OpenWithProgids
Excel.AddInMacroEnabled
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xls\OpenWithProgids
Excel.Sheet.8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsb\OpenWithProgids
Excel.SheetBinaryMacroEnabled.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsm\OpenWithProgids
Excel.SheetMacroEnabled.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsx\OpenWithProgids
Excel.Sheet.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlt\OpenWithProgids
Excel.Template.8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xltm\OpenWithProgids
Excel.TemplateMacroEnabled
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xltx\OpenWithProgids
Excel.Template
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\OpenWithProgids
xmlfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xsl\OpenWithProgids
xslfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
TaskbarStateLastRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021492-0000-0000-C000-000000000046}\Enum
Implementing
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
TaskbarStateLastRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021492-0000-0000-C000-000000000046}\Enum
Implementing
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
TaskbarStateLastRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021492-0000-0000-C000-000000000046}\Enum
Implementing
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
TaskbarStateLastRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021492-0000-0000-C000-000000000046}\Enum
Implementing
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
There are 233 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
4650000
trusted library allocation
page read and write
 malicious
800000
system
page execute and read and write
 malicious
400000
remote allocation
page execute and read and write
 malicious
2E20000
unclassified section
page execute and read and write
 malicious
3B59000
trusted library allocation
page read and write
 malicious
FB04000
unkown
page read and write
C41F000
stack
page read and write
AB5E000
unkown
page read and write
CB46000
unkown
page read and write
87DA000
unkown
page read and write
7FF5ED74A000
unkown
page readonly
FEC8000
unkown
page read and write
785B000
unkown
page read and write
E1E000
stack
page read and write
C6F4000
unkown
page read and write
7FF5ED4DF000
unkown
page readonly
3209000
stack
page read and write
DD0000
unkown
page readonly
9A5B000
unkown
page read and write
7F40000
unkown
page readonly
C964000
unkown
page read and write
3580000
unkown
page readonly
7FF5EDA76000
unkown
page readonly
C6CF000
unkown
page read and write
2910000
trusted library allocation
page read and write
7FF5EDA2A000
unkown
page readonly
7FF5ED781000
unkown
page readonly
9550000
unkown
page readonly
CB19000
unkown
page read and write
9C7B000
stack
page read and write
CB1E000
unkown
page read and write
7930000
trusted library allocation
page read and write
7FF5ED516000
unkown
page readonly
7C90000
unkown
page read and write
870000
system
page execute and read and write
C08A000
stack
page read and write
7FF5ED449000
unkown
page readonly
E8D000
trusted library allocation
page execute and read and write
3240000
unkown
page read and write
1480000
heap
page read and write
79D3000
unkown
page read and write
B629000
stack
page read and write
AAF9000
unkown
page read and write
7010000
heap
page read and write
F984000
unkown
page read and write
787C000
unkown
page read and write
10D40000
unkown
page read and write
CB7C000
unkown
page read and write
4B93000
unkown
page read and write
7FF5ED71E000
unkown
page readonly
3756000
unkown
page read and write
7FF5ED986000
unkown
page readonly
C962000
unkown
page read and write
76A0000
unkown
page read and write
987B000
unkown
page read and write
7FF5EDA08000
unkown
page readonly
7A34000
unkown
page read and write
1483000
heap
page read and write
C89A000
unkown
page read and write
7FF5EDA70000
unkown
page readonly
CB3C000
unkown
page read and write
7FF5ED3EA000
unkown
page readonly
A502000
unkown
page read and write
7DF4F3071000
unkown
page execute read
7FF5EDA70000
unkown
page readonly
2BF0000
heap
page read and write
784A000
unkown
page read and write
7FF5ED41C000
unkown
page readonly
E51D000
stack
page read and write
7FF5ED9ED000
unkown
page readonly
28E0000
trusted library allocation
page read and write
987F000
unkown
page read and write
C503000
unkown
page read and write
986B000
unkown
page read and write
291E000
stack
page read and write
7FF5ED6DB000
unkown
page readonly
CB19000
unkown
page read and write
7FF5ED404000
unkown
page readonly
7A34000
unkown
page read and write
7FF5ED451000
unkown
page readonly
E59B000
stack
page read and write
7FF5ED8FF000
unkown
page readonly
7FF5ED8A4000
unkown
page readonly
BD98000
stack
page read and write
2B20000
trusted library allocation
page execute and read and write
7FF5D1CCD000
unkown
page readonly
7FF5ED519000
unkown
page readonly
8EC6000
unkown
page read and write
7C0000
heap
page read and write
A479000
unkown
page read and write
7FF5ED586000
unkown
page readonly
2A80000
trusted library allocation
page read and write
A361000
unkown
page read and write
7FF5ED534000
unkown
page readonly
79B1000
unkown
page read and write
9883000
unkown
page read and write
379E000
unkown
page read and write
E60000
trusted library allocation
page execute and read and write
7FF5ED850000
unkown
page readonly
9792000
unkown
page read and write
28E0000
trusted library allocation
page read and write
5555000
stack
page read and write
EA2000
unkown
page read and write
AF8000
stack
page read and write
B5AE000
stack
page read and write
7FF5ED850000
unkown
page readonly
AB5E000
unkown
page read and write
FEA0000
unkown
page read and write
8860000
unkown
page read and write
7B80000
unkown
page read and write
781E000
stack
page read and write
7FF5ED9A6000
unkown
page readonly
2A8D000
stack
page read and write
7FF5ED9AE000
unkown
page readonly
C6F2000
unkown
page read and write
2B01000
trusted library allocation
page read and write
CB11000
unkown
page read and write
F6FD000
system
page execute and read and write
7FF5ED4A1000
unkown
page readonly
29DC000
heap
page read and write
1240000
heap
page read and write
C9F8000
unkown
page read and write
C5A0000
unkown
page read and write
BAF9000
stack
page read and write
7FF5ED5CE000
unkown
page readonly
EA7000
heap
page read and write
3659000
stack
page read and write
28E0000
trusted library allocation
page read and write
79B1000
unkown
page read and write
7E60000
unkown
page read and write
C851000
unkown
page read and write
7FF5ED915000
unkown
page readonly
E61D000
stack
page read and write
7FF5ED9E1000
unkown
page readonly
7FF5ED849000
unkown
page readonly
7FF5ED9D6000
unkown
page readonly
4BDC000
unkown
page read and write
FBC2000
system
page execute and read and write
C88B000
unkown
page read and write
C6C9000
unkown
page read and write
D53000
trusted library allocation
page execute and read and write
8BF0000
unkown
page readonly
7F2E000
stack
page read and write
4B50000
unkown
page read and write
C50A000
unkown
page read and write
A361000
unkown
page read and write
89E0000
unkown
page read and write
7FF5ED7F1000
unkown
page readonly
29E2000
heap
page read and write
C507000
unkown
page read and write
28F2000
trusted library allocation
page read and write
A327000
unkown
page read and write
10F0000
unclassified section
page execute and read and write
F9CB000
unkown
page read and write
7FF5ED4C6000
unkown
page readonly
16A0000
heap
page read and write
7FF5ED495000
unkown
page readonly
36D5000
stack
page read and write
7CE0000
unkown
page read and write
7FF5ED62F000
unkown
page readonly
2930000
trusted library allocation
page read and write
D72000
trusted library allocation
page read and write
7FF5ED986000
unkown
page readonly
7FF5ED814000
unkown
page readonly
7FF5ED885000
unkown
page readonly
C8E1000
unkown
page read and write
1510000
unkown
page readonly
9A5B000
unkown
page read and write
C89C000
unkown
page read and write
A08E000
stack
page read and write
7FF5ED660000
unkown
page readonly
C512000
unkown
page read and write
C6C1000
unkown
page read and write
AAFA000
unkown
page read and write
6EF0000
heap
page read and write
BD0000
heap
page read and write
9992000
unkown
page read and write
37D2000
unkown
page read and write
7FF5ED26E000
unkown
page readonly
7FF5EDA11000
unkown
page readonly
AAD1000
unkown
page read and write
786B000
unkown
page read and write
103E000
stack
page read and write
5360000
heap
page read and write
1500000
heap
page read and write
7FF5ED451000
unkown
page readonly
29DC000
heap
page read and write
4D52000
direct allocation
page execute and read and write
7FF5ED803000
unkown
page readonly
818E000
stack
page read and write
7FF5ED77C000
unkown
page readonly
1580000
unclassified section
page execute and read and write
36F0000
unkown
page readonly
FEC2000
unkown
page read and write
8210000
unkown
page read and write
3590000
unkown
page read and write
7FF5ED990000
unkown
page readonly
2D1C000
trusted library allocation
page read and write
7FF5ED4E8000
unkown
page readonly
7D00000
unkown
page readonly
8BA0000
unkown
page readonly
DEE000
stack
page read and write
35A0000
unkown
page readonly
987F000
unkown
page read and write
7FF5ED806000
unkown
page readonly
519B000
stack
page read and write
28E0000
trusted library allocation
page read and write
BDA0000
unkown
page readonly
7FF5EDA31000
unkown
page readonly
CB39000
unkown
page read and write
860000
heap
page read and write
2D7E000
stack
page read and write
28E0000
trusted library allocation
page read and write
97B5000
unkown
page read and write
AFB000
stack
page read and write
28E0000
trusted library allocation
page read and write
A4FC000
unkown
page read and write
7FF5EDA14000
unkown
page readonly
FA43000
unkown
page read and write
986F000
unkown
page read and write
79D3000
unkown
page read and write
770000
heap
page read and write
7A5000
heap
page read and write
DA0000
trusted library allocation
page read and write
A21E000
stack
page read and write
7FF5ED86B000
unkown
page readonly
9795000
unkown
page read and write
7FF5ED85F000
unkown
page readonly
A38E000
stack
page read and write
29D1000
heap
page read and write
3D2E000
trusted library allocation
page read and write
7FF5ED43A000
unkown
page readonly
7FF5ED6DB000
unkown
page readonly
A491000
unkown
page read and write
7CC0000
unkown
page readonly
7FF5ED4C2000
unkown
page readonly
88EE000
stack
page read and write
7857000
unkown
page read and write
7D20000
unkown
page readonly
7FF5ED337000
unkown
page readonly
4C4B000
unkown
page read and write
CA63000
unkown
page read and write
4C34000
unkown
page read and write
7FF5ED9D2000
unkown
page readonly
4550000
heap
page read and write
7900000
unkown
page read and write
7FF5ED6B8000
unkown
page readonly
FBD4000
system
page execute and read and write
997A000
unkown
page read and write
97D4000
unkown
page read and write
AB62000
unkown
page read and write
978E000
unkown
page read and write
8710000
unkown
page readonly
2BA1000
trusted library allocation
page read and write
7FF5ED810000
unkown
page readonly
CA96000
unkown
page read and write
2944000
heap
page read and write
770000
heap
page read and write
78A0000
unkown
page read and write
7B80000
unkown
page read and write
FA86000
unkown
page read and write
CAA8000
unkown
page read and write
B8AB000
stack
page read and write
A39B000
unkown
page read and write
7FF5ED669000
unkown
page readonly
AB54000
unkown
page read and write
4B3D000
direct allocation
page execute and read and write
7FF5ED39E000
unkown
page readonly
7FF5ED844000
unkown
page readonly
987B000
unkown
page read and write
B22B000
stack
page read and write
4CE0000
unkown
page read and write
7FF5ED602000
unkown
page readonly
C964000
unkown
page read and write
E69C000
stack
page read and write
C8E1000
unkown
page read and write
7DF4F3040000
unkown
page readonly
7FF5ED9FF000
unkown
page readonly
986B000
unkown
page read and write
CA20000
unkown
page read and write
CA7C000
unkown
page read and write
8730000
unkown
page read and write
7FF5EDA53000
unkown
page readonly
B3D000
stack
page read and write
5140000
heap
page read and write
7FF5ED602000
unkown
page readonly
1483000
heap
page read and write
979C000
unkown
page read and write
C5A3000
unkown
page read and write
56D9000
unkown
page read and write
4C70000
unkown
page read and write
987D000
unkown
page read and write
CB1E000
unkown
page read and write
C962000
unkown
page read and write
7DF4F3041000
unkown
page execute read
C92D000
unkown
page read and write
9869000
unkown
page read and write
E8C9000
unkown
page execute and read and write
36D5000
stack
page read and write
3791000
unkown
page read and write
FEDF000
unkown
page read and write
C4D0000
unkown
page read and write
BC9B000
stack
page read and write
C561000
unkown
page read and write
A32A000
unkown
page read and write
B10D000
stack
page read and write
28E0000
trusted library allocation
page read and write
9873000
unkown
page read and write
2AA0000
heap
page execute and read and write
7FF5ED814000
unkown
page readonly
7950000
unkown
page read and write
C51E000
unkown
page read and write
46B8000
heap
page read and write
A37D000
unkown
page read and write
7FF5ED503000
unkown
page readonly
1510000
unkown
page readonly
7FF5ED65C000
unkown
page readonly
7FF5ED92C000
unkown
page readonly
982D000
unkown
page read and write
7D00000
unkown
page readonly
7E50000
unkown
page readonly
7FF5ED735000
unkown
page readonly
1440000
unkown
page read and write
7FF5ED205000
unkown
page readonly
C893000
unkown
page read and write
7A34000
unkown
page read and write
784A000
unkown
page read and write
2B80000
trusted library allocation
page read and write
7FF5ED342000
unkown
page readonly
2D34000
trusted library allocation
page read and write
FEBD000
unkown
page read and write
F6BE000
system
page execute and read and write
7FF5ED9F2000
unkown
page readonly
56D9000
unkown
page read and write
896B000
stack
page read and write
7CD0000
unkown
page read and write
9795000
unkown
page read and write
7FF5ED94A000
unkown
page readonly
7FF5ED3F3000
unkown
page readonly
DF0000
heap
page read and write
A11F000
stack
page read and write
C89C000
unkown
page read and write
C6C9000
unkown
page read and write
CBA8000
unkown
page read and write
7FF5ED3D0000
unkown
page readonly
5641000
unkown
page read and write
7FFD000
stack
page read and write
785F000
unkown
page read and write
29DC000
heap
page read and write
7FF5ED8E7000
unkown
page readonly
A379000
unkown
page read and write
7FF5ED743000
unkown
page readonly
797D000
unkown
page read and write
FEC2000
unkown
page read and write
7FF5ED342000
unkown
page readonly
8710000
unkown
page readonly
7861000
unkown
page read and write
BFC000
heap
page read and write
7FF5ED956000
unkown
page readonly
C893000
unkown
page read and write
7FF5ED847000
unkown
page readonly
785D000
unkown
page read and write
7FF5ED64F000
unkown
page readonly
BDC0000
unkown
page readonly
7F30000
unkown
page read and write
AB5E000
unkown
page read and write
C88B000
unkown
page read and write
28C0000
trusted library allocation
page read and write
47F0000
trusted library allocation
page read and write
738E000
stack
page read and write
10D0000
heap
page read and write
7FF5ED50A000
unkown
page readonly
7FF5ED5F7000
unkown
page readonly
28B0000
trusted library allocation
page read and write
7FF5ED556000
unkown
page readonly
7FF5ED5C9000
unkown
page readonly
37A8000
unkown
page read and write
486E000
stack
page read and write
7FF5ED779000
unkown
page readonly
7865000
unkown
page read and write
7FF5ED4C6000
unkown
page readonly
308A000
stack
page read and write
7FF5ED933000
unkown
page readonly
97C3000
unkown
page read and write
28E0000
trusted library allocation
page read and write
7FF5ED412000
unkown
page readonly
7FF5ED7DB000
unkown
page readonly
EF00000
heap
page read and write
28E0000
trusted library allocation
page read and write
FEDF000
unkown
page read and write
C54A000
unkown
page read and write
9701000
unkown
page read and write
7FF5ED735000
unkown
page readonly
7DF4F3051000
unkown
page execute read
7CA0000
unkown
page read and write
128D000
direct allocation
page execute and read and write
8FB9000
stack
page read and write
F9CB000
unkown
page read and write
79FB000
unkown
page read and write
7FF5ED872000
unkown
page readonly
7FF5ED818000
unkown
page readonly
7FF5ED8E2000
unkown
page readonly
28E0000
trusted library allocation
page read and write
EA0000
heap
page read and write
76A0000
unkown
page read and write
47F0000
trusted library allocation
page read and write
C52C000
unkown
page read and write
AADB000
unkown
page read and write
7FF5ED48A000
unkown
page readonly
98A8000
unkown
page read and write
987D000
unkown
page read and write
CB66000
unkown
page read and write
CB36000
unkown
page read and write
979C000
unkown
page read and write
C6BF000
unkown
page read and write
C964000
unkown
page read and write
4BE1000
unkown
page read and write
1143F000
system
page read and write
8000000
unkown
page read and write
7FF5ED4B0000
unkown
page readonly
8208000
stack
page read and write
9E6C000
stack
page read and write
7FF5ED39E000
unkown
page readonly
1040000
trusted library allocation
page read and write
9815000
unkown
page read and write
7869000
unkown
page read and write
FE72000
heap
page read and write
7953000
unkown
page read and write
3160000
unkown
page readonly
4BE3000
unkown
page read and write
7FF5ED3D6000
unkown
page readonly
7FF5ED426000
unkown
page readonly
4540000
heap
page read and write
7FF5ED1CF000
unkown
page readonly
B150000
unkown
page read and write
A433000
unkown
page read and write
7FF5ED4FD000
unkown
page readonly
7FF5ED793000
unkown
page readonly
7FF5ED55F000
unkown
page readonly
CB3A000
unkown
page read and write
7FF5ED676000
unkown
page readonly
CB28000
unkown
page read and write
89A0000
unkown
page read and write
2BAA000
trusted library allocation
page read and write
C6F8000
unkown
page read and write
9798000
unkown
page read and write
29D3000
heap
page read and write
28E6000
trusted library allocation
page read and write
9885000
unkown
page read and write
8A57000
trusted library allocation
page read and write
9815000
unkown
page read and write
B640000
unkown
page read and write
F7DC000
stack
page read and write
AAF9000
unkown
page read and write
C700000
unkown
page read and write
37AC000
unkown
page read and write
3151000
unkown
page read and write
8CEE000
stack
page read and write
A4A1000
unkown
page read and write
9877000
unkown
page read and write
7FF5ED961000
unkown
page readonly
3060000
heap
page read and write
37D2000
unkown
page read and write
7FF5ED692000
unkown
page readonly
C507000
unkown
page read and write
7FF5ED847000
unkown
page readonly
7FF5ED3EA000
unkown
page readonly
F9D9000
unkown
page read and write
37B0000
unkown
page read and write
7FF5ED864000
unkown
page readonly
2944000
heap
page read and write
2E60000
heap
page read and write
B6E000
heap
page read and write
7FF5ED65C000
unkown
page readonly
29DC000
heap
page read and write
9929000
unkown
page read and write
4B78000
unkown
page read and write
5BC000
stack
page read and write
1192F000
system
page read and write
7FF5EDA69000
unkown
page readonly
C857000
unkown
page read and write
9893000
unkown
page read and write
7FF5ED800000
unkown
page readonly
C52C000
unkown
page read and write
7FF5ED9CC000
unkown
page readonly
7FF5ED1D6000
unkown
page readonly
987D000
unkown
page read and write
A3BE000
unkown
page read and write
7DF4F3071000
unkown
page execute read
780000
heap
page read and write
965C000
stack
page read and write
7FF5ED714000
unkown
page readonly
3756000
unkown
page read and write
E8A0000
unkown
page execute and read and write
7FF5ED9D9000
unkown
page readonly
7F260000
trusted library allocation
page execute and read and write
7FF5ED586000
unkown
page readonly
CBA8000
unkown
page read and write
35A0000
unkown
page readonly
3748000
unkown
page read and write
4BE1000
unkown
page read and write
BC9B000
stack
page read and write
FB04000
unkown
page read and write
28E0000
trusted library allocation
page read and write
7FF5ED495000
unkown
page readonly
89E0000
unkown
page read and write
3795000
unkown
page read and write
4F5F000
unclassified section
page read and write
47F0000
trusted library allocation
page read and write
2944000
heap
page read and write
7FF5ED7FD000
unkown
page readonly
7FF5ED937000
unkown
page readonly
AAFB000
unkown
page read and write
7FF5EDA0D000
unkown
page readonly
79FB000
unkown
page read and write
7FF5ED3DA000
unkown
page readonly
9798000
unkown
page read and write
850000
heap
page read and write
1230000
unkown
page read and write
D7A000
trusted library allocation
page execute and read and write
7FF5ED853000
unkown
page readonly
7FF5ED92C000
unkown
page readonly
47F0000
trusted library allocation
page read and write
2944000
heap
page read and write
98E3000
unkown
page read and write
7D53000
unkown
page read and write
5150000
heap
page read and write
7FF5ED9C8000
unkown
page readonly
8A6E000
stack
page read and write
8C50000
unkown
page readonly
791E000
stack
page read and write
CB2D000
unkown
page read and write
9550000
unkown
page readonly
34E8000
stack
page read and write
7867000
unkown
page read and write
498C000
heap
page read and write
AAF2000
unkown
page read and write
5240000
heap
page read and write
29DC000
heap
page read and write
3151000
unkown
page read and write
9879000
unkown
page read and write
4CB0000
unkown
page read and write
7FF5EDA0B000
unkown
page readonly
9976000
unkown
page read and write
142D000
direct allocation
page execute and read and write
8108000
stack
page read and write
7FF5ED697000
unkown
page readonly
7FF5ED4B4000
unkown
page readonly
4BDC000
unkown
page read and write
C563000
unkown
page read and write
C88B000
unkown
page read and write
CAB3000
unkown
page read and write
47F0000
trusted library allocation
page read and write
37AE000
unkown
page read and write
7FF5ED94A000
unkown
page readonly
7FF5ED97E000
unkown
page readonly
7FF5ED62F000
unkown
page readonly
9D64000
unkown
page read and write
37F2000
unkown
page read and write
7FF5ED409000
unkown
page readonly
4C60000
unkown
page read and write
7FF5ED7F1000
unkown
page readonly
7E11000
unkown
page read and write
D8B000
trusted library allocation
page execute and read and write
7FF5EDA38000
unkown
page readonly
3758000
unkown
page read and write
7FF5ED76D000
unkown
page readonly
7FF5ED33F000
unkown
page readonly
D54000
trusted library allocation
page read and write
7FF5ED205000
unkown
page readonly
C54A000
unkown
page read and write
7FF5ED990000
unkown
page readonly
7A0000
heap
page read and write
89A0000
unkown
page read and write
1095000
stack
page read and write
7DF4F3030000
unkown
page readonly
7FF5ED337000
unkown
page readonly
977A000
unkown
page read and write
4761000
trusted library allocation
page execute and read and write
71C000
stack
page read and write
2A6E000
stack
page read and write
7FF5ED660000
unkown
page readonly
47F0000
trusted library allocation
page read and write
3700000
unkown
page read and write
96DF000
unkown
page read and write
7120000
trusted library section
page read and write
34E9000
stack
page read and write
682000
unkown
page readonly
A11F000
stack
page read and write
7140000
trusted library allocation
page read and write
C962000
unkown
page read and write
56C3000
unkown
page read and write
8B60000
unkown
page readonly
979C000
unkown
page read and write
986F000
unkown
page read and write
89C0000
unkown
page read and write
6AF0000
trusted library allocation
page read and write
7FF5ED7C4000
unkown
page readonly
8210000
unkown
page read and write
7FF5ED9D6000
unkown
page readonly
C857000
unkown
page read and write
C563000
unkown
page read and write
28AC000
stack
page read and write
4CD0000
unkown
page read and write
47F0000
trusted library allocation
page read and write
1230000
unkown
page read and write
7FF5ED404000
unkown
page readonly
9798000
unkown
page read and write
5245000
heap
page read and write
7FF5EDA11000
unkown
page readonly
785B000
unkown
page read and write
B8C0000
unkown
page readonly
FEC8000
unkown
page read and write
C89C000
unkown
page read and write
7FF5ED7E9000
unkown
page readonly
CADF000
unkown
page read and write
7FF5ED644000
unkown
page readonly
7FF5ED97E000
unkown
page readonly
7FF5ED433000
unkown
page readonly
CA93000
unkown
page read and write
7FF5EDA31000
unkown
page readonly
29DC000
heap
page read and write
3220000
unkown
page readonly
C49E000
stack
page read and write
4B56000
unkown
page read and write
ED1E000
stack
page read and write
906E000
stack
page read and write
7FF5ED980000
unkown
page readonly
3797000
unkown
page read and write
10D0000
heap
page read and write
B8AB000
stack
page read and write
AB62000
unkown
page read and write
9883000
unkown
page read and write
7FF5ED9D2000
unkown
page readonly
FEB5000
unkown
page read and write
7FF5ED3D6000
unkown
page readonly
4CD0000
unkown
page read and write
28E0000
trusted library allocation
page read and write
46A0000
heap
page read and write
8000000
unkown
page read and write
10DD000
trusted library allocation
page execute and read and write
AAF2000
unkown
page read and write
CADF000
unkown
page read and write
29B8000
heap
page read and write
BDD0000
unkown
page readonly
FE7A000
heap
page read and write
CA20000
unkown
page read and write
A494000
unkown
page read and write
163D000
unclassified section
page execute and read and write
A4AE000
unkown
page read and write
7DF4F3041000
unkown
page execute read
7FF5ED5EB000
unkown
page readonly
7FF5ED956000
unkown
page readonly
7FF5ED505000
unkown
page readonly
2944000
heap
page read and write
7FF5ED516000
unkown
page readonly
7FF5ED46A000
unkown
page readonly
9795000
unkown
page read and write
7CD0000
unkown
page read and write
2BBD000
trusted library allocation
page read and write
7953000
unkown
page read and write
37BD000
unkown
page read and write
7FF5ED412000
unkown
page readonly
9881000
unkown
page read and write
2AC0000
heap
page read and write
AADB000
unkown
page read and write
2900000
trusted library allocation
page read and write
7FF5ED9ED000
unkown
page readonly
7FF5ED64F000
unkown
page readonly
A502000
unkown
page read and write
CB1E000
unkown
page read and write
87BB000
stack
page read and write
7900000
unkown
page read and write
AB51000
unkown
page read and write
9792000
unkown
page read and write
7847000
unkown
page read and write
7FF5ED4F3000
unkown
page readonly
1045000
trusted library allocation
page read and write
9883000
unkown
page read and write
C7C5000
unkown
page read and write
97B5000
unkown
page read and write
4C1E000
unkown
page read and write
7FF5ED7E9000
unkown
page readonly
AB51000
unkown
page read and write
8C40000
unkown
page readonly
797D000
unkown
page read and write
7FF5ED476000
unkown
page readonly
8C50000
unkown
page readonly
9885000
unkown
page read and write
7FF5ED9C8000
unkown
page readonly
89C0000
unkown
page read and write
7FF5ED28F000
unkown
page readonly
7FF5ED844000
unkown
page readonly
987D000
unkown
page read and write
A391000
unkown
page read and write
10C0000
unkown
page readonly
7FF5ED91A000
unkown
page readonly
2944000
heap
page read and write
4551000
heap
page read and write
7DF4F3050000
unkown
page readonly
A310000
unkown
page read and write
7FF5ED1CB000
unkown
page readonly
4B50000
unkown
page read and write
7FF5ED42B000
unkown
page readonly
9792000
unkown
page read and write
7FF5EDA47000
unkown
page readonly
79FB000
unkown
page read and write
B7AE000
stack
page read and write
C700000
unkown
page read and write
79D0000
trusted library section
page read and write
FA8B000
unkown
page read and write
9877000
unkown
page read and write
D50000
trusted library allocation
page read and write
28ED000
trusted library allocation
page read and write
B190000
unkown
page read and write
9A5B000
unkown
page read and write
9877000
unkown
page read and write
1340000
unkown
page read and write
4C80000
unkown
page read and write
7FF5ED3A7000
unkown
page readonly
28E1000
trusted library allocation
page read and write
1490000
unkown
page read and write
305F000
stack
page read and write
7940000
trusted library allocation
page execute and read and write
7FF5ED670000
unkown
page readonly
4990000
heap
page read and write
7FF5ED9E1000
unkown
page readonly
1070000
trusted library allocation
page read and write
6EFE000
heap
page read and write
3290000
unkown
page read and write
7FF5ED68C000
unkown
page readonly
C857000
unkown
page read and write
3795000
unkown
page read and write
C89C000
unkown
page read and write
C6D8000
unkown
page read and write
AB56000
unkown
page read and write
7FF5ED445000
unkown
page readonly
C6E3000
unkown
page read and write
C6E3000
unkown
page read and write
CA96000
unkown
page read and write
9815000
unkown
page read and write
DDF000
stack
page read and write
7FF5ED5C5000
unkown
page readonly
7FF5ED7D6000
unkown
page readonly
A19F000
stack
page read and write
F9C2000
unkown
page read and write
A19F000
stack
page read and write
7FF5ED43A000
unkown
page readonly
298F000
stack
page read and write
C10A000
stack
page read and write
7EF000
unclassified section
page execute and read and write
FAC4000
unkown
page read and write
BDC0000
unkown
page readonly
9830000
unkown
page read and write
CA74000
unkown
page read and write
7FF5EDA76000
unkown
page readonly
4B39000
direct allocation
page execute and read and write
37A0000
unkown
page read and write
CD0000
heap
page read and write
818E000
stack
page read and write
A433000
unkown
page read and write
46B0000
trusted library allocation
page execute and read and write
534D000
stack
page read and write
BAF9000
stack
page read and write
7FF5ED73D000
unkown
page readonly
A364000
unkown
page read and write
B82A000
stack
page read and write
C6CF000
unkown
page read and write
7FF5ED71E000
unkown
page readonly
8CEB000
stack
page read and write
FEB1000
unkown
page read and write
BD98000
stack
page read and write
C92D000
unkown
page read and write
8720000
unkown
page readonly
A50B000
unkown
page read and write
2944000
heap
page read and write
28C4000
trusted library allocation
page read and write
3800000
unkown
page readonly
AAF6000
unkown
page read and write
C6F2000
unkown
page read and write
7FF5ED39B000
unkown
page readonly
3800000
unkown
page readonly
FEB1000
unkown
page read and write
1500000
heap
page read and write
986F000
unkown
page read and write
3290000
unkown
page read and write
C811000
unkown
page read and write
7FF5ED8AC000
unkown
page readonly
28E0000
trusted library allocation
page read and write
7DF4F3051000
unkown
page execute read
7FF5ED507000
unkown
page readonly
CB7C000
unkown
page read and write
FEC2000
unkown
page read and write
79B5000
unkown
page read and write
C50A000
unkown
page read and write
FA86000
unkown
page read and write
7D40000
unkown
page read and write
5350000
heap
page read and write
9F1E000
stack
page read and write
7FF5ED669000
unkown
page readonly
4D66000
unclassified section
page read and write
C5A0000
unkown
page read and write
8B60000
unkown
page readonly
28E0000
trusted library allocation
page read and write
AB62000
unkown
page read and write
3B51000
trusted library allocation
page read and write
FEBE000
unkown
page read and write
7FF5ED980000
unkown
page readonly
97C3000
unkown
page read and write
C9F3000
unkown
page read and write
544F000
unclassified section
page read and write
56C3000
unkown
page read and write
A4B8000
unkown
page read and write
7FF5ED5A8000
unkown
page readonly
7FF5ED793000
unkown
page readonly
7FF5ED4BB000
unkown
page readonly
7FF5ED625000
unkown
page readonly
7D0000
unclassified section
page execute and read and write
2B10000
trusted library allocation
page read and write
4BA6000
unkown
page read and write
CB84000
unkown
page read and write
9873000
unkown
page read and write
E908000
unkown
page execute and read and write
7978000
unkown
page read and write
D40000
trusted library allocation
page read and write
7FF5ED942000
unkown
page readonly
7FF5ED265000
unkown
page readonly
9E6C000
stack
page read and write
2C3E000
unkown
page read and write
9871000
unkown
page read and write
7FF5ED433000
unkown
page readonly
7FF5ED9B8000
unkown
page readonly
769F000
stack
page read and write
7695000
stack
page read and write
998F000
unkown
page read and write
7FF5ED867000
unkown
page readonly
7FF5ED7E0000
unkown
page readonly
7884000
unkown
page read and write
7FF5ED8F9000
unkown
page readonly
97A9000
unkown
page read and write
7847000
unkown
page read and write
7FF5ED52F000
unkown
page readonly
A01B000
stack
page read and write
7FF5ED8C6000
unkown
page readonly
7FF5ED349000
unkown
page readonly
7FF5ED996000
unkown
page readonly
AF0C000
stack
page read and write
2940000
trusted library allocation
page read and write
7FF5EDA47000
unkown
page readonly
7FF5ED781000
unkown
page readonly
97B5000
unkown
page read and write
7695000
stack
page read and write
CAB3000
unkown
page read and write
7FF5EDA0D000
unkown
page readonly
982D000
unkown
page read and write
7FF5ED265000
unkown
page readonly
C962000
unkown
page read and write
6B12000
trusted library allocation
page read and write
D70000
trusted library allocation
page read and write
9885000
unkown
page read and write
C92D000
unkown
page read and write
7FF5ED409000
unkown
page readonly
4C60000
unkown
page read and write
2BA6000
trusted library allocation
page read and write
2944000
heap
page read and write
7852000
unkown
page read and write
AA90000
unkown
page read and write
E59D000
stack
page read and write
28E0000
trusted library allocation
page read and write
7865000
unkown
page read and write
C557000
unkown
page read and write
CB5F000
unkown
page read and write
FBE9000
system
page execute and read and write
28E0000
trusted library allocation
page read and write
7DF4F3030000
unkown
page readonly
A21E000
stack
page read and write
1518000
unclassified section
page execute and read and write
FA8B000
unkown
page read and write
9869000
unkown
page read and write
7FF5ED71B000
unkown
page readonly
37A0000
unkown
page read and write
7FF5ED87D000
unkown
page readonly
1371000
unkown
page read and write
7FF5ED864000
unkown
page readonly
728E000
stack
page read and write
FE7A000
heap
page read and write
C561000
unkown
page read and write
97AD000
unkown
page read and write
9869000
unkown
page read and write
7FF5ED9A1000
unkown
page readonly
28DE000
trusted library allocation
page read and write
4C50000
unkown
page read and write
7FF5ED1CF000
unkown
page readonly
7FF5ED942000
unkown
page readonly
4B8B000
unkown
page read and write
97A9000
unkown
page read and write
7FF5ED928000
unkown
page readonly
4863000
heap
page read and write
4C18000
unkown
page read and write
9879000
unkown
page read and write
FFE000
stack
page read and write
C557000
unkown
page read and write
3220000
unkown
page readonly
A4AB000
unkown
page read and write
14A8000
direct allocation
page execute and read and write
7FF5ED779000
unkown
page readonly
8A6E000
stack
page read and write
C51E000
unkown
page read and write
C08A000
stack
page read and write
7FF5ED7FD000
unkown
page readonly
DE0000
unkown
page readonly
29E2000
heap
page read and write
7FF5ED28E000
unkown
page readonly
9A10000
unkown
page read and write
5130000
heap
page read and write
C6F8000
unkown
page read and write
98E0000
unkown
page read and write
C4A0000
unkown
page read and write
9815000
unkown
page read and write
CB0C000
unkown
page read and write
7FF5ED4E8000
unkown
page readonly
7E11000
unkown
page read and write
7FF5ED2A4000
unkown
page readonly
D60000
trusted library allocation
page read and write
7FF5ED9FF000
unkown
page readonly
C9E7000
unkown
page read and write
7FF5ED9F2000
unkown
page readonly
7FF5ED71B000
unkown
page readonly
7D20000
unkown
page readonly
53A0000
heap
page read and write
8C40000
unkown
page readonly
B150000
unkown
page read and write
2E20000
trusted library allocation
page read and write
4B93000
unkown
page read and write
1411000
direct allocation
page execute and read and write
7FF5ED8A4000
unkown
page readonly
46C1000
trusted library allocation
page execute and read and write
7FF5ED519000
unkown
page readonly
7CA0000
unkown
page read and write
4CC0000
unkown
page read and write
A364000
unkown
page read and write
DD0000
unkown
page readonly
7FF5ED26E000
unkown
page readonly
2944000
heap
page read and write
8DA0000
unkown
page read and write
5590000
unkown
page write copy
9871000
unkown
page read and write
28E0000
trusted library allocation
page read and write
7FF5ED7CF000
unkown
page readonly
AAF6000
unkown
page read and write
7FF5ED1CB000
unkown
page readonly
2AD0000
trusted library allocation
page read and write
9795000
unkown
page read and write
9DED000
stack
page read and write
CA41000
unkown
page read and write
C88B000
unkown
page read and write
7FF5ED9B8000
unkown
page readonly
982D000
unkown
page read and write
C57F000
unkown
page read and write
5590000
unkown
page write copy
9881000
unkown
page read and write
AB56000
unkown
page read and write
FA04000
unkown
page read and write
7859000
unkown
page read and write
7FF5EDA53000
unkown
page readonly
7FF5ED674000
unkown
page readonly
FE80000
unkown
page read and write
7FF5ED4A1000
unkown
page readonly
7C80000
unkown
page read and write
1350000
unkown
page readonly
76C0000
unkown
page read and write
97A9000
unkown
page read and write
CB57000
unkown
page read and write
3210000
unkown
page read and write
1505000
heap
page read and write
7DDF000
stack
page read and write
8BF0000
unkown
page readonly
1451000
unkown
page readonly
1340000
unkown
page read and write
9929000
unkown
page read and write
1095000
stack
page read and write
FE72000
heap
page read and write
3240000
unkown
page read and write
1240000
heap
page read and write
10A0000
heap
page read and write
C84D000
unkown
page read and write
8720000
unkown
page readonly
7FF5ED46E000
unkown
page readonly
7FF5ED2A9000
unkown
page readonly
7FF5ED695000
unkown
page readonly
7FF5ED803000
unkown
page readonly
7FF5ED349000
unkown
page readonly
785F000
unkown
page read and write
1060000
trusted library allocation
page execute and read and write
9688000
unkown
page read and write
7FF5ED534000
unkown
page readonly
7FF5ED556000
unkown
page readonly
AB5E000
unkown
page read and write
98A8000
unkown
page read and write
FE80000
unkown
page read and write
7FF5ED1FF000
unkown
page readonly
1160000
direct allocation
page execute and read and write
18A1000
unkown
page readonly
4C90000
unkown
page read and write
9660000
unkown
page read and write
C512000
unkown
page read and write
93BE000
stack
page read and write
97D4000
unkown
page read and write
9879000
unkown
page read and write
C49E000
stack
page read and write
7A34000
unkown
page read and write
C846000
unkown
page read and write
896B000
stack
page read and write
7FF5ED42B000
unkown
page readonly
7FF5ED68F000
unkown
page readonly
7FF5ED6BB000
unkown
page readonly
C4A0000
unkown
page read and write
7FF5ED750000
unkown
page readonly
987F000
unkown
page read and write
AB56000
unkown
page read and write
7FF5ED996000
unkown
page readonly
14B0000
unclassified section
page execute and read and write
7FF5ED73D000
unkown
page readonly
7FF5ED418000
unkown
page readonly
7FF5ED3DA000
unkown
page readonly
7869000
unkown
page read and write
7DF4F3031000
unkown
page execute read
986F000
unkown
page read and write
FEC6000
unkown
page read and write
7FF5ED5F7000
unkown
page readonly
1426000
direct allocation
page execute and read and write
7FF5ED961000
unkown
page readonly
7FF5ED755000
unkown
page readonly
C516000
unkown
page read and write
7FF5ED97A000
unkown
page readonly
B8B0000
unkown
page read and write
B6A0000
heap
page read and write
923E000
stack
page read and write
28E0000
trusted library allocation
page read and write
7FF5ED503000
unkown
page readonly
7FF5ED9A6000
unkown
page readonly
7FF5ED5C1000
unkown
page readonly
759E000
stack
page read and write
7FF5ED4EF000
unkown
page readonly
9B60000
unkown
page readonly
C516000
unkown
page read and write
28E0000
trusted library allocation
page read and write
CA04000
unkown
page read and write
28E0000
trusted library allocation
page read and write
B728000
stack
page read and write
36F0000
unkown
page readonly
B40000
heap
page read and write
F9D9000
unkown
page read and write
79D3000
unkown
page read and write
7FF5EDA69000
unkown
page readonly
C89A000
unkown
page read and write
10B0000
trusted library allocation
page execute and read and write
7FF5ED9BE000
unkown
page readonly
2CF3000
trusted library allocation
page read and write
47DB000
heap
page read and write
9A10000
unkown
page read and write
AB03000
unkown
page read and write
FEE2000
unkown
page read and write
C544000
unkown
page read and write
4C4C000
stack
page read and write
4B78000
unkown
page read and write
7FF5ED50A000
unkown
page readonly
A4B8000
unkown
page read and write
987F000
unkown
page read and write
7FF5ED9CA000
unkown
page readonly
3319000
stack
page read and write
7FF5ED80C000
unkown
page readonly
CA04000
unkown
page read and write
C92D000
unkown
page read and write
2BBB000
trusted library allocation
page read and write
7FF5ED697000
unkown
page readonly
76C0000
unkown
page read and write
1505000
heap
page read and write
787C000
unkown
page read and write
2B51000
trusted library allocation
page read and write
28E0000
trusted library allocation
page read and write
B6A0000
heap
page read and write
7FF5ED7C4000
unkown
page readonly
7920000
trusted library allocation
page execute and read and write
9885000
unkown
page read and write
A190000
heap
page read and write
9830000
unkown
page read and write
97D4000
unkown
page read and write
AA90000
unkown
page read and write
FAC4000
unkown
page read and write
7863000
unkown
page read and write
7FF5ED81B000
unkown
page readonly
7FF5ED286000
unkown
page readonly
AB5E000
unkown
page read and write
37A8000
unkown
page read and write
5F2000
unkown
page readonly
7867000
unkown
page read and write
CB1E000
unkown
page read and write
7FF5ED68C000
unkown
page readonly
7FF5ED59E000
unkown
page readonly
7FF5ED5C9000
unkown
page readonly
7852000
unkown
page read and write
7FF5ED670000
unkown
page readonly
7FF5ED286000
unkown
page readonly
28E0000
trusted library allocation
page read and write
B08D000
stack
page read and write
A323000
unkown
page read and write
7FF5ED295000
unkown
page readonly
7FF5ED93E000
unkown
page readonly
7FF5ED4C2000
unkown
page readonly
B4AC000
stack
page read and write
BD1D000
stack
page read and write
1451000
unkown
page readonly
AF8D000
stack
page read and write
A494000
unkown
page read and write
FEC6000
unkown
page read and write
4483000
heap
page read and write
7FF5ED2A4000
unkown
page readonly
9798000
unkown
page read and write
37F2000
unkown
page read and write
4CDD000
direct allocation
page execute and read and write
A479000
unkown
page read and write
57C000
stack
page read and write
7FF5ED39B000
unkown
page readonly
9F9D000
stack
page read and write
7FF5ED48A000
unkown
page readonly
78AD000
unkown
page read and write
C6D8000
unkown
page read and write
CADF000
unkown
page read and write
7FF5ED975000
unkown
page readonly
AB62000
unkown
page read and write
8860000
unkown
page read and write
7FF5ED7E0000
unkown
page readonly
2A70000
trusted library allocation
page read and write
28E0000
trusted library allocation
page read and write
9893000
unkown
page read and write
CA74000
unkown
page read and write
7FF5ED77E000
unkown
page readonly
37AE000
unkown
page read and write
C89A000
unkown
page read and write
4C50000
unkown
page read and write
4750000
trusted library allocation
page execute and read and write
91B9000
stack
page read and write
14B0000
unkown
page readonly
AB54000
unkown
page read and write
7FF5ED76D000
unkown
page readonly
B8C0000
unkown
page readonly
C8E1000
unkown
page read and write
2944000
heap
page read and write
7FF5ED3F3000
unkown
page readonly
B5AE000
stack
page read and write
7FF5ED74A000
unkown
page readonly
AB62000
unkown
page read and write
4B90000
unkown
page read and write
7FF5ED93B000
unkown
page readonly
A33E000
unkown
page read and write
7FF5ED821000
unkown
page readonly
14B0000
unkown
page readonly
29D8000
heap
page read and write
7D40000
unkown
page read and write
7FF5ED295000
unkown
page readonly
28E0000
trusted library allocation
page read and write
9F9C000
stack
page read and write
4B8B000
unkown
page read and write
A50B000
unkown
page read and write
7FF5ED4B4000
unkown
page readonly
5641000
unkown
page read and write
BDA0000
unkown
page readonly
7FF5EDA08000
unkown
page readonly
BA6000
heap
page read and write
C89A000
unkown
page read and write
74B0000
trusted library allocation
page read and write
9873000
unkown
page read and write
4BAE000
direct allocation
page execute and read and write
35D0000
unkown
page read and write
28E0000
trusted library allocation
page read and write
979C000
unkown
page read and write
7FF5ED2A9000
unkown
page readonly
7FF5ED7D6000
unkown
page readonly
29B0000
heap
page read and write
B6A000
heap
page read and write
87DA000
unkown
page read and write
C503000
unkown
page read and write
AB51000
unkown
page read and write
A391000
unkown
page read and write
C5AA000
unkown
page read and write
BD1D000
stack
page read and write
9977000
unkown
page read and write
4C34000
unkown
page read and write
CA93000
unkown
page read and write
D82000
trusted library allocation
page read and write
7130000
trusted library allocation
page read and write
7FF5ED7CF000
unkown
page readonly
B650000
unkown
page read and write
A4AE000
unkown
page read and write
7FF5EDA14000
unkown
page readonly
7FF5ED3A7000
unkown
page readonly
9833000
unkown
page read and write
28E0000
trusted library allocation
page read and write
982D000
unkown
page read and write
35D0000
unkown
page read and write
7FF5ED9BE000
unkown
page readonly
10C7000
heap
page read and write
97D4000
unkown
page read and write
7FF5ED81B000
unkown
page readonly
7FFE000
stack
page read and write
C9F6000
unkown
page read and write
9F1E000
stack
page read and write
3C43000
trusted library allocation
page read and write
7FF5ED1BC000
unkown
page readonly
28E0000
trusted library allocation
page read and write
7C90000
unkown
page read and write
FEB4000
unkown
page read and write
7FF5ED3CE000
unkown
page readonly
A37D000
unkown
page read and write
7FF5ED937000
unkown
page readonly
7FF5ECED2000
unkown
page readonly
7FF5ED449000
unkown
page readonly
7FF5ED507000
unkown
page readonly
2944000
heap
page read and write
7FF5ED5EB000
unkown
page readonly
CA63000
unkown
page read and write
97C3000
unkown
page read and write
D5D000
trusted library allocation
page execute and read and write
7FF5ED9AE000
unkown
page readonly
7E50000
unkown
page readonly
7FF5ED4DF000
unkown
page readonly
3748000
unkown
page read and write
7FF5ED6A5000
unkown
page readonly
1289000
direct allocation
page execute and read and write
7859000
unkown
page read and write
A37B000
unkown
page read and write
28E0000
trusted library allocation
page read and write
7FF5ED41C000
unkown
page readonly
B170000
unkown
page readonly
B140000
unkown
page readonly
2C4C000
heap
page read and write
3160000
unkown
page readonly
C9E7000
unkown
page read and write
29D1000
heap
page read and write
FBC4000
system
page execute and read and write
7FF5ED8C6000
unkown
page readonly
9A10000
unkown
page read and write
A32A000
unkown
page read and write
CB36000
unkown
page read and write
2C40000
heap
page read and write
C6C1000
unkown
page read and write
9881000
unkown
page read and write
978E000
unkown
page read and write
9929000
unkown
page read and write
3BF5000
trusted library allocation
page read and write
7950000
unkown
page read and write
7FF5ED5C1000
unkown
page readonly
5F0000
unkown
page readonly
D76000
trusted library allocation
page execute and read and write
2F5F000
unkown
page read and write
2944000
heap
page read and write
47F0000
trusted library allocation
page read and write
C893000
unkown
page read and write
7FF5ED695000
unkown
page readonly
7FF5ED9A1000
unkown
page readonly
3590000
unkown
page read and write
4BE3000
unkown
page read and write
C10A000
stack
page read and write
7F30000
unkown
page read and write
78A0000
unkown
page read and write
31B0000
heap
page read and write
7000000
trusted library section
page read and write
4C80000
unkown
page read and write
7EE000
stack
page read and write
7FF5ED750000
unkown
page readonly
3439000
stack
page read and write
143B000
stack
page read and write
9875000
unkown
page read and write
CB7A000
unkown
page read and write
4A01000
heap
page read and write
978E000
unkown
page read and write
B22B000
stack
page read and write
4551000
heap
page read and write
AAD1000
unkown
page read and write
9D64000
unkown
page read and write
913A000
stack
page read and write
987B000
unkown
page read and write
C9F6000
unkown
page read and write
9A10000
unkown
page read and write
C8E1000
unkown
page read and write
AF0B000
stack
page read and write
A4FC000
unkown
page read and write
37B0000
unkown
page read and write
7FF5ED800000
unkown
page readonly
A323000
unkown
page read and write
B60000
heap
page read and write
4C1E000
unkown
page read and write
7FF5ED52F000
unkown
page readonly
7FF5ED85F000
unkown
page readonly
97AD000
unkown
page read and write
C57F000
unkown
page read and write
9DED000
stack
page read and write
7FF5ED59E000
unkown
page readonly
7CE0000
unkown
page read and write
C544000
unkown
page read and write
7FF5ED679000
unkown
page readonly
9871000
unkown
page read and write
7FF5ED55F000
unkown
page readonly
79D3000
unkown
page read and write
7FF5ED77E000
unkown
page readonly
E69E000
stack
page read and write
C893000
unkown
page read and write
C811000
unkown
page read and write
18A0000
unkown
page readonly
11246000
system
page read and write
3797000
unkown
page read and write
7863000
unkown
page read and write
7FF5ED5C5000
unkown
page readonly
7FF5ED8AC000
unkown
page readonly
B82A000
stack
page read and write
37F9000
unkown
page read and write
33B9000
stack
page read and write
7FF5ED5CE000
unkown
page readonly
7FF5ED1FF000
unkown
page readonly
FA43000
unkown
page read and write
5530000
trusted library allocation
page read and write
7FF5ED476000
unkown
page readonly
A3BE000
unkown
page read and write
9873000
unkown
page read and write
2B40000
heap
page execute and read and write
A310000
unkown
page read and write
A375000
unkown
page read and write
4C90000
unkown
page read and write
78AD000
unkown
page read and write
7CC0000
unkown
page readonly
EFE000
stack
page read and write
A327000
unkown
page read and write
3580000
unkown
page readonly
7FF5ED6A5000
unkown
page readonly
4B90000
unkown
page read and write
AB66000
unkown
page read and write
29D6000
heap
page read and write
7F40000
unkown
page readonly
7FF5ED426000
unkown
page readonly
965C000
stack
page read and write
978E000
unkown
page read and write
36D3000
stack
page read and write
3758000
unkown
page read and write
7FF5ED853000
unkown
page readonly
7FF5ED40D000
unkown
page readonly
A491000
unkown
page read and write
CADF000
unkown
page read and write
36D3000
stack
page read and write
8208000
stack
page read and write
3319000
stack
page read and write
1480000
heap
page read and write
2944000
heap
page read and write
7FF5ED9C6000
unkown
page readonly
CADF000
unkown
page read and write
CA1C000
unkown
page read and write
7FF5ED33F000
unkown
page readonly
7FF5ED692000
unkown
page readonly
8108000
stack
page read and write
7FF5ED68F000
unkown
page readonly
A49E000
unkown
page read and write
4551000
heap
page read and write
96DF000
unkown
page read and write
7FF5ED93B000
unkown
page readonly
B8B0000
unkown
page read and write
109F000
stack
page read and write
AB5E000
unkown
page read and write
A33E000
unkown
page read and write
A375000
unkown
page read and write
7FF5ED8FF000
unkown
page readonly
7FF5ED8E7000
unkown
page readonly
7F2E000
stack
page read and write
B640000
unkown
page read and write
977A000
unkown
page read and write
10A3000
heap
page read and write
28E0000
trusted library allocation
page read and write
10C0000
unkown
page readonly
7FF5ED8B4000
unkown
page readonly
B10D000
stack
page read and write
7FF5ED445000
unkown
page readonly
9893000
unkown
page read and write
79B5000
unkown
page read and write
7FF5ED755000
unkown
page readonly
9660000
unkown
page read and write
2D80000
heap
page read and write
FEE2000
unkown
page read and write
AAFA000
unkown
page read and write
4CE0000
unkown
page read and write
7FF5ED810000
unkown
page readonly
FB40000
system
page execute and read and write
1440000
unkown
page read and write
2960000
heap
page read and write
310E000
stack
page read and write
7FF5ED4BB000
unkown
page readonly
C43000
heap
page read and write
7FF5D1CCD000
unkown
page readonly
4585000
heap
page read and write
C851000
unkown
page read and write
8DA0000
unkown
page read and write
7FF5ED818000
unkown
page readonly
7FF5ED9CA000
unkown
page readonly
379E000
unkown
page read and write
F640000
system
page execute and read and write
7FF5ED418000
unkown
page readonly
A4AB000
unkown
page read and write
7FF5ED4F3000
unkown
page readonly
C41F000
stack
page read and write
4BC9000
unkown
page read and write
7FF5ED1BC000
unkown
page readonly
AF8D000
stack
page read and write
37AC000
unkown
page read and write
7884000
unkown
page read and write
7EB000
unclassified section
page execute and read and write
28E0000
trusted library allocation
page read and write
9701000
unkown
page read and write
3700000
unkown
page read and write
8CEB000
stack
page read and write
986B000
unkown
page read and write
7FF5ED505000
unkown
page readonly
B140000
unkown
page readonly
7FF5ED872000
unkown
page readonly
4BA6000
unkown
page read and write
7FF5ED6B8000
unkown
page readonly
C846000
unkown
page read and write
CA42000
unkown
page read and write
7FF5ED87D000
unkown
page readonly
71A000
stack
page read and write
7FF5EDA2A000
unkown
page readonly
A49E000
unkown
page read and write
CB7A000
unkown
page read and write
7FF5ED4EF000
unkown
page readonly
7FF5ED928000
unkown
page readonly
2944000
heap
page read and write
88EE000
stack
page read and write
97A9000
unkown
page read and write
7FF5ED849000
unkown
page readonly
7FF5ED939000
unkown
page readonly
CAB3000
unkown
page read and write
7FF5ED8E2000
unkown
page readonly
28E0000
trusted library allocation
page read and write
B650000
unkown
page read and write
F9C2000
unkown
page read and write
A29E000
stack
page read and write
7FF5ED46E000
unkown
page readonly
7D53000
unkown
page read and write
7DF4F3031000
unkown
page execute read
7110000
trusted library allocation
page execute and read and write
A37B000
unkown
page read and write
28E0000
trusted library allocation
page read and write
B08D000
stack
page read and write
7FF5ED46A000
unkown
page readonly
9883000
unkown
page read and write
7FF5ED97A000
unkown
page readonly
BF8000
heap
page read and write
FEC8000
unkown
page read and write
95DB000
stack
page read and write
9893000
unkown
page read and write
7FF5ED86B000
unkown
page readonly
7FF5ED743000
unkown
page readonly
4BC9000
unkown
page read and write
7FF5ED8F9000
unkown
page readonly
9875000
unkown
page read and write
3210000
unkown
page read and write
C964000
unkown
page read and write
7FF5ED9D9000
unkown
page readonly
7FF5ED279000
unkown
page readonly
7FF5D1CD4000
unkown
page readonly
7FF5ED9CC000
unkown
page readonly
37F6000
unkown
page read and write
7FF5ED1D6000
unkown
page readonly
4CB0000
unkown
page read and write
7979000
unkown
page read and write
9869000
unkown
page read and write
FEBD000
unkown
page read and write
8FB9000
stack
page read and write
7FF5ED7DB000
unkown
page readonly
9B60000
unkown
page readonly
7DF4F3061000
unkown
page execute read
97B5000
unkown
page read and write
7FF5ED806000
unkown
page readonly
79FB000
unkown
page read and write
7BE000
stack
page read and write
7FF5ED93E000
unkown
page readonly
DE0000
unkown
page readonly
C7C5000
unkown
page read and write
C4D0000
unkown
page read and write
7FF5ED4FD000
unkown
page readonly
8730000
unkown
page read and write
7FF5ED3CE000
unkown
page readonly
EF00000
heap
page read and write
1490000
unkown
page read and write
FA04000
unkown
page read and write
9A5B000
unkown
page read and write
9879000
unkown
page read and write
7FF5ED714000
unkown
page readonly
5557000
stack
page read and write
7FF5ED80C000
unkown
page readonly
C9F6000
unkown
page read and write
A29E000
stack
page read and write
7FF5EDA38000
unkown
page readonly
785D000
unkown
page read and write
4C18000
unkown
page read and write
AB51000
unkown
page read and write
310E000
stack
page read and write
4A10000
direct allocation
page execute and read and write
FE70000
heap
page read and write
D63000
trusted library allocation
page read and write
7861000
unkown
page read and write
4CC0000
unkown
page read and write
538E000
heap
page read and write
7FF5ED821000
unkown
page readonly
12FE000
direct allocation
page execute and read and write
9875000
unkown
page read and write
77DF000
stack
page read and write
7FF5ED8C1000
unkown
page readonly
7FF5ED8B4000
unkown
page readonly
7DF4F3061000
unkown
page execute read
8D6D000
stack
page read and write
9877000
unkown
page read and write
7FF5ED91A000
unkown
page readonly
37BD000
unkown
page read and write
7C80000
unkown
page read and write
FEB2000
unkown
page read and write
7FF5ED40D000
unkown
page readonly
7FF5ED915000
unkown
page readonly
4CE1000
direct allocation
page execute and read and write
CB84000
unkown
page read and write
C5AA000
unkown
page read and write
986B000
unkown
page read and write
C857000
unkown
page read and write
B190000
unkown
page read and write
9881000
unkown
page read and write
C9F3000
unkown
page read and write
4B56000
unkown
page read and write
D87000
trusted library allocation
page execute and read and write
2944000
heap
page read and write
CA1C000
unkown
page read and write
1371000
unkown
page read and write
97AD000
unkown
page read and write
CA7C000
unkown
page read and write
37F6000
unkown
page read and write
4C70000
unkown
page read and write
7FF5ED471000
unkown
page readonly
906E000
stack
page read and write
C6F4000
unkown
page read and write
37F9000
unkown
page read and write
C84D000
unkown
page read and write
A4A1000
unkown
page read and write
F984000
unkown
page read and write
987B000
unkown
page read and write
AB03000
unkown
page read and write
9792000
unkown
page read and write
786B000
unkown
page read and write
AB62000
unkown
page read and write
BA4000
heap
page read and write
CA96000
unkown
page read and write
2940000
heap
page read and write
7FF5ED933000
unkown
page readonly
7FF5ED939000
unkown
page readonly
FEC6000
unkown
page read and write
7FF5ED471000
unkown
page readonly
D6D000
trusted library allocation
page execute and read and write
7FF5EDA0B000
unkown
page readonly
97AD000
unkown
page read and write
A379000
unkown
page read and write
3209000
stack
page read and write
C0D000
heap
page read and write
943E000
stack
page read and write
48AE000
stack
page read and write
7E60000
unkown
page read and write
E71000
trusted library allocation
page execute and read and write
CB1E000
unkown
page read and write
7FF5ED867000
unkown
page readonly
97C3000
unkown
page read and write
3738000
unkown
page read and write
28E0000
trusted library allocation
page read and write
9875000
unkown
page read and write
9871000
unkown
page read and write
2B8E000
stack
page read and write
5120000
trusted library section
page readonly
7DF4F3050000
unkown
page readonly
7FF5ED625000
unkown
page readonly
C5A3000
unkown
page read and write
7FF5ED975000
unkown
page readonly
28E0000
trusted library allocation
page read and write
10C0000
heap
page read and write
7FF5D1CD4000
unkown
page readonly
7FF5ED4B0000
unkown
page readonly
8EC6000
unkown
page read and write
7DF4F3040000
unkown
page readonly
2AF0000
trusted library allocation
page execute and read and write
47F0000
trusted library allocation
page read and write
3791000
unkown
page read and write
7FF5ED5A8000
unkown
page readonly
CAA8000
unkown
page read and write
4C4B000
unkown
page read and write
7857000
unkown
page read and write
C6BF000
unkown
page read and write
7FF5ED3D0000
unkown
page readonly
FE70000
heap
page read and write
76DE000
stack
page read and write
8BA0000
unkown
page readonly
BDD0000
unkown
page readonly
A39B000
unkown
page read and write
7FF5ED77C000
unkown
page readonly
29DC000
heap
page read and write
7FF5ED8C1000
unkown
page readonly
7FF5ED9C6000
unkown
page readonly
2BB9000
trusted library allocation
page read and write
There are 1599 hidden memdumps, click here to show them.