Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
F.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Program Files (x86)\AutoIt3\Au3Check.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\Au3Info.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\Uninstall.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\java.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\ACCICONS.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\AppSharingHookController.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\CLVIEW.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\CNFNOT32.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.DBConnection.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.DBConnection64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\DATABASECOMPARE.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\SPREADSHEETCOMPARE.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\filecompare.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\GRAPH.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\IEContentService.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\MSOHTMED.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSREC.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\MSQRY32.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\NAMECONTROLSERVER.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\OLCFG.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\ORGCHART.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\OcPubMgr.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\OfficeScrBroker.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\OfficeScrSanBroker.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\PPTICO.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\PerfBoost.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\SCANPST.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\SELFCERT.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\SETLANG.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\VPREVIEW.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\WORDICON.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Wordconv.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\XLICONS.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\lync99.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\misc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\msoadfsb.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\msoasb.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\msoev.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\officeappguardwin32.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\aimgr.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\DW20.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOICONS.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\OLicenseHeartbeat.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\ai.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\aimgr.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Source Engine\OSE.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\AppSharingHookController64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\MSOHTMED.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\accicons.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\dbcicons.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\grv_icons.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\joticon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\lyncicon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\misc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\osmclienticon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\outicon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pj11icon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pptico.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pubs.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\sscicons.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\visicon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\wordicon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\xlicons.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0409-0000-0000000FF1CE}\misc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-0000-0000000FF1CE}\misc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0C0A-0000-0000000FF1CE}\misc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-0000-0000000FF1CE}\misc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeComRegisterShellARM64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateBroker.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ConfigSecurityPolicy.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCopyAccelerator.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDlpCmd.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpCmdRun.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mpextms.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Synaptics\RCXAC4B.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Synaptics\Synaptics.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\XClient.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\3582-490\F.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\RCXAE3F.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\chrome.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\cyXtjfIL.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\._cache_F.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Documents\BJZFPPWAPT\~$cache1
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Windows\directx.sys
|
ASCII text, with CRLF line terminators
|
modified
|
|
|
|
C:\Windows\svchost.com
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Synaptics.exe_fb1bf96a5f9d95323c844b5818a2571d831030bc_7e550805_a5a789a1-ebaf-4e9b-aafe-5085f993b8ed\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER30FC.tmp.dmp
|
Mini DuMP crash report, 15 streams, Tue Jul 2 04:51:48 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER40FA.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER412A.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\3oznUDV.ini
|
HTML document, Unicode text, UTF-8 text, with very long lines (1638), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\63KxJoFw.xlsm
|
Microsoft Excel 2007+
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\7MgZWHP.ini
|
HTML document, Unicode text, UTF-8 text, with very long lines (1638), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\98O65uO.ini
|
HTML document, Unicode text, UTF-8 text, with very long lines (1638), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\AhfHWHR.ini
|
HTML document, Unicode text, UTF-8 text, with very long lines (1638), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\GMLKLfy.ini
|
HTML document, Unicode text, UTF-8 text, with very long lines (1638), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Log.tmp
|
ASCII text, with CRLF line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\PaqAJ8v.ini
|
HTML document, Unicode text, UTF-8 text, with very long lines (1638), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\UJMfNuy.ini
|
HTML document, Unicode text, UTF-8 text, with very long lines (1638), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\WWN2Gcv.ini
|
HTML document, Unicode text, UTF-8 text, with very long lines (1638), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\X5XGEeU.ini
|
HTML document, Unicode text, UTF-8 text, with very long lines (1638), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\YxwDtYz.ini
|
HTML document, Unicode text, UTF-8 text, with very long lines (1638), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Z2OMHRC.ini
|
HTML document, Unicode text, UTF-8 text, with very long lines (1638), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\ZEZ5HBz.ini
|
HTML document, Unicode text, UTF-8 text, with very long lines (1638), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1i1zkzpn.rwd.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ewcdsxct.pj2.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_f3jkzeq3.0yr.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fpkwrdnt.n0v.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hwu2wztb.ute.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jhi4d0gv.aqi.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_juhwggwp.pyq.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kajtq2kr.0dq.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mbdju1iw.q3h.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nohjvpo5.0fn.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_odlonr5k.e20.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rtazspsz.p32.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_saookldm.mru.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vjyv5lar.bms.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_w0stbe5h.cwb.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_x4zotlsz.c5a.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\aYDenTd.ini
|
HTML document, Unicode text, UTF-8 text, with very long lines (1638), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cyXtjfIL.ico
|
MS Windows icon resource - 1 icon, 32x32, 32 colors
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\dyQonPD.ini
|
HTML document, Unicode text, UTF-8 text, with very long lines (1638), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\g4Ralry.ini
|
HTML document, Unicode text, UTF-8 text, with very long lines (1638), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\hS3bXMt.ini
|
HTML document, Unicode text, UTF-8 text, with very long lines (1638), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\hSjQzcB.ini
|
HTML document, Unicode text, UTF-8 text, with very long lines (1638), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\inKF2RU.ini
|
HTML document, Unicode text, UTF-8 text, with very long lines (1638), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\jIedmMJ.ini
|
HTML document, Unicode text, UTF-8 text, with very long lines (1638), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\kP164Ro.ini
|
HTML document, Unicode text, UTF-8 text, with very long lines (1638), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mnmJwSz.ini
|
HTML document, Unicode text, UTF-8 text, with very long lines (1638), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\qlnV7LK.ini
|
HTML document, Unicode text, UTF-8 text, with very long lines (1638), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp5023.tmp
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\tx2J3ug.ini
|
HTML document, Unicode text, UTF-8 text, with very long lines (1638), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~$63KxJoFw.xlsm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF61C2F6E59CF9CDBC.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\8UO2W5AUTJY88OVWGV4H.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\K22TP4OK8KK0LRUN1Y7F.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\UD1Z65ZMGJ8TBD7IK9RV.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\WDG91EF9XBEV77T2A4XP.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF6ea689.TMP
(copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF6ea968.TMP
(copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF6eacf2.TMP
(copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XClient.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Jul 2 03:52:19
2024, mtime=Tue Jul 2 03:52:19 2024, atime=Tue Jul 2 03:52:19 2024, length=109056, window=hide
|
dropped
|
||
|
C:\Users\user\Documents\BJZFPPWAPT\DUUDTUBZFW.xlsm
|
Microsoft Excel 2007+
|
dropped
|
||
|
C:\Users\user\Documents\BJZFPPWAPT\~$DUUDTUBZFW.xlsx
|
data
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 214 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\F.exe
|
"C:\Users\user\Desktop\F.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\3582-490\F.exe
|
"C:\Users\user\AppData\Local\Temp\3582-490\F.exe"
|
|
|
|
C:\Users\user\Desktop\._cache_F.exe
|
"C:\Users\user\Desktop\._cache_F.exe"
|
|
|
|
C:\ProgramData\Synaptics\Synaptics.exe
|
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
|
|
|
|
C:\Windows\svchost.com
|
"C:\Windows\svchost.com" "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference
-ExclusionPath 'C:\Users\user\Desktop\._cache_F.exe'
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\._cache_F.exe'
|
|
|
|
C:\Windows\svchost.com
|
"C:\Windows\svchost.com" "C:\PROGRA~3\SYNAPT~1\SYNAPT~1.EXE"
|
|
|
|
C:\ProgramData\Synaptics\Synaptics.exe
|
C:\PROGRA~3\SYNAPT~1\SYNAPT~1.EXE
|
|
|
|
C:\Windows\svchost.com
|
"C:\Windows\svchost.com" "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference
-ExclusionProcess '._cache_F.exe'
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess '._cache_F.exe'
|
|
|
|
C:\Windows\svchost.com
|
"C:\Windows\svchost.com" "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference
-ExclusionPath 'C:\ProgramData\XClient.exe'
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\ProgramData\XClient.exe'
|
|
|
|
C:\Windows\svchost.com
|
"C:\Windows\svchost.com" "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference
-ExclusionProcess 'XClient.exe'
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'XClient.exe'
|
|
|
|
C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
|
"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 3276
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 10 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
45.141.26.232
|
|
||
|
http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
|
69.42.215.252
|
|
|
|
http://www.eyuyan.com)DVarFileInfo$
|
unknown
|
||
|
http://xred.site50.net/syn/Synaptics.rarZ
|
unknown
|
||
|
https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1
|
unknown
|
||
|
http://crl.microsoft
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978T
|
unknown
|
||
|
https://docs.google.com/
|
unknown
|
||
|
http://xred.site50.net/syn/SSLLibrary.dl
|
unknown
|
||
|
https://github.com/pq-crystals/kyber/commit/28413dfbf523fdde181246451c2bd77199c0f7ffDilithium2Dilith
|
unknown
|
||
|
https://docs.google.com/ta
|
unknown
|
||
|
https://docs.google.com/google.com/APT
|
unknown
|
||
|
http://xred.site50.net/syn/SUpdate.iniZ
|
unknown
|
||
|
http://xred.site50.net/syn/SUpdate.ini
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://ip-api.com
|
unknown
|
||
|
https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=16
|
unknown
|
||
|
https://docs.google.com/elleme
|
unknown
|
||
|
https://drive.usercontent.google.com/z
|
unknown
|
||
|
http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978w
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://docs.google.com/uc?id=0BxsMXG
|
unknown
|
||
|
https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/encoding/
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://aka.ms/pscore6lBcq
|
unknown
|
||
|
https://docs.google.com/fons
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://docs.google.com/UDTUBZFW.xlsx
|
unknown
|
||
|
https://drive.usercontent.google.com/Y
|
unknown
|
||
|
https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1:
|
unknown
|
||
|
https://drive.usercontent.google.com/
|
unknown
|
||
|
http://xred.site50.net/syn/Synaptics.rar
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
http://www.autoitscript.com/autoit3/
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://xred.site50.net/syn/SSLLibrary.dll6
|
unknown
|
||
|
https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1:
|
unknown
|
||
|
http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978y)_
|
unknown
|
||
|
https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1
|
unknown
|
||
|
https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1
|
unknown
|
||
|
https://docs.google.com/etleniyor...
|
unknown
|
||
|
http://schemas.xmlsoap.org/wsdl/
|
unknown
|
||
|
https://docs.google.com/T.xlsx
|
unknown
|
||
|
http://127.0.0.1:13556/InsiderSlabBehaviorReportedBuildInsiderSlabBehaviorInsiderSlabBehaviorReporte
|
unknown
|
||
|
https://docs.google.com/uc?id=0;
|
unknown
|
||
|
http://xred.site50.net/syn/SSLLibrary.dll
|
unknown
|
||
|
https://docs.google.com/rver
|
unknown
|
||
|
https://github.com/pq-crystals/kyber/commit/28413dfbf523fdde181246451c2bd77199c0f7ff
|
unknown
|
||
|
https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl
|
unknown
|
||
|
http://ip-api.com/line/?fields=hosting
|
208.95.112.1
|
||
|
http://crl.micros
|
unknown
|
||
|
https://drive.usercontent.google.com/7
|
unknown
|
There are 48 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
freedns.afraid.org
|
69.42.215.252
|
|
|
|
ip-api.com
|
208.95.112.1
|
|
|
|
xred.mooo.com
|
unknown
|
|
|
|
docs.google.com
|
216.58.206.78
|
||
|
drive.usercontent.google.com
|
142.250.184.225
|
||
|
s-part-0032.t-0009.t-msedge.net
|
13.107.246.60
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
208.95.112.1
|
ip-api.com
|
United States
|
|
|
|
69.42.215.252
|
freedns.afraid.org
|
United States
|
|
|
|
45.141.26.232
|
unknown
|
Netherlands
|
|
|
|
216.58.206.78
|
docs.google.com
|
United States
|
||
|
142.250.184.225
|
drive.usercontent.google.com
|
United States
|
||
|
13.107.246.60
|
s-part-0032.t-0009.t-msedge.net
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command
|
NULL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
|
?????
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\svchost.com.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\svchost.com.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\svchost.com.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\svchost.com.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\svchost.com.ApplicationCompany
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\EXCEL\1276
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
|
tl;
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Version
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Version\16
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML
|
KnownIDs
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Default
Editor
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Old Default
Editor
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Default
Editor\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Old Default
Editor\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Default
Editor\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Old Default
Editor\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Default
Editor\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Old Default
Editor\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default
HTML Editor
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default
HTML Editor\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default
HTML Editor\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default
HTML Editor
|
Description
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default
HTML Editor\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Default
Editor\shell\Print
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Old Default
Editor\shell\Print
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Default
Editor\shell\Print\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Old Default
Editor\shell\Print\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Print\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\DefaultIcon
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\ShellEx\IconHandler
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old
Icon
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old
Icon\htmlfile
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old
Icon\htmlfile\DefaultIcon
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Word
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Word\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Word\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\WinWord.exe
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\WinWord.exe\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\WinWord.exe\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Word\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\WinWord.exe\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Excel
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Excel\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Excel.exe
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Excel.exe\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Excel.exe\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Excel.exe\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Publisher
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Publisher\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\MSPub.exe
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\MSPub.exe\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\MSPub.exe\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML
|
KnownIDs
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Default
Editor
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Old Default
Editor
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Default
Editor\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Old Default
Editor\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Default
Editor\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Old Default
Editor\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Default
Editor\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Old Default
Editor\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default
MHTML Editor
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default
MHTML Editor\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default
MHTML Editor\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default
MHTML Editor
|
Description
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default
MHTML Editor\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Default
Editor\shell\Print
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Old Default
Editor\shell\Print
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Default
Editor\shell\Print\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Old Default
Editor\shell\Print\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\DefaultIcon
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\ShellEx\IconHandler
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old
Icon\mhtmlfile
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old
Icon\mhtmlfile\DefaultIcon
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Word
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Word\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Word\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\WinWord.exe
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\WinWord.exe\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\WinWord.exe\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Excel
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Excel\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Excel.exe\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Excel.exe\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Excel.exe\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Publisher
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Publisher\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\MSPub.exe
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\MSPub.exe\shell
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\MSPub.exe\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\MSPub.exe\shell\edit\command
|
NULL
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ETWMonitor\{F562BB8E-422D-4B5C-B20E-90D710F7D11C}
|
4
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ETWMonitor\{F562BB8E-422D-4B5C-B20E-90D710F7D11C}
|
Categories
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ETWMonitor\{02FD33DF-F746-4A10-93A0-2BC6273BC8E4}
|
4
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ETWMonitor\{02FD33DF-F746-4A10-93A0-2BC6273BC8E4}
|
Categories
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
|
ULSTagIds0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
|
ULSTagIds1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
|
ULSTagIds2
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
|
ULSCategoriesSeverities
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
|
ULSAllCategories
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel
|
ExcelWorkbookOpenedCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\Security\FileBlock
|
FileTypeBlockList
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\Security\FileBlock
|
OoxmlConverterBlockList
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F00000000000000000F01FEC\Usage
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F00000000000000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ExdCache\Excel8.0
|
MSForms
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ExdCache\Excel8.0
|
MSComctlLib
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VBA\Forms3\Controls
|
EnableActiveXControlArchitetureIndependent
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\VBA\Forms3\Controls
|
EnableActiveXControlMSWebBrowserArchiteturePersistenceIssue
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
0.1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
0.2
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
0.3
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
0.4
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
0.5
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
0.6
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
0.7
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
0.8
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
0.9
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
0.10
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
0.11
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
0.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
0.13
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\33E82
|
33E82
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
0.14
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
0.15
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
0.16
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
0.17
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
0.18
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
0.19
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
0.20
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
0.21
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
0.22
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
0.23
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
0.24
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
0.25
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
0.26
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
0.27
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
0.28
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel
|
ETag
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel
|
ConfigIds
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\FileIO
|
FileActivityStoreVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\IdentityCRL\ClockData
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018400FE1F5C8CD
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Volatile
|
MsaDevice
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ETWMonitor\{F562BB8E-422D-4B5C-B20E-90D710F7D11C}
|
4
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ETWMonitor\{F562BB8E-422D-4B5C-B20E-90D710F7D11C}
|
Categories
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ETWMonitor\{02FD33DF-F746-4A10-93A0-2BC6273BC8E4}
|
4
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ETWMonitor\{02FD33DF-F746-4A10-93A0-2BC6273BC8E4}
|
Categories
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
|
ULSTagIds0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
|
ULSTagIds1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
|
ULSTagIds2
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
|
ULSCategoriesSeverities
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
|
ULSAllCategories
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ETWMonitor\{F562BB8E-422D-4B5C-B20E-90D710F7D11C}
|
4
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ETWMonitor\{F562BB8E-422D-4B5C-B20E-90D710F7D11C}
|
Categories
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ETWMonitor\{02FD33DF-F746-4A10-93A0-2BC6273BC8E4}
|
4
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ETWMonitor\{02FD33DF-F746-4A10-93A0-2BC6273BC8E4}
|
Categories
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
|
ULSTagIds0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
|
ULSTagIds1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
|
ULSTagIds2
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
|
ULSCategoriesSeverities
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\excel.exe\ULSMonitor
|
ULSAllCategories
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Sampling
|
1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-CH
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-GB
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-CH
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-GB
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel
|
ImmersiveWorkbookDirtySentinel
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel
|
ExcelPreviousSessionId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common
|
SessionId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\EXCEL\1276
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\EXCEL\1276
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\EXCEL\1276
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\EXCEL\1276
|
0
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Version\16
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Default
Editor\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Old Default
Editor\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Default
Editor\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Old Default
Editor\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Default
Editor\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Old Default
Editor\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default
HTML Editor\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default
HTML Editor\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Default
Editor\shell\Print
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Old Default
Editor\shell\Print
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Default
Editor\shell\Print\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\HTML\Old Default
Editor\shell\Print\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Print
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Print
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Print
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Print
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Print\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Print\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\shell\Print\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\htmlfile\ShellEx\IconHandler
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old
Icon\htmlfile\DefaultIcon
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\InprocServer32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Word\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Word\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\WinWord.exe\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\WinWord.exe\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Excel.exe\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Excel.exe\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\MSPub.exe\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Default
Editor\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Old Default
Editor\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Default
Editor\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Old Default
Editor\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Default
Editor\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Shared\MHTML\Old Default
Editor\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default
MHTML Editor\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Default
MHTML Editor\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\shell\Print\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\mhtmlfile\ShellEx\IconHandler
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old
Icon\mhtmlfile\DefaultIcon
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Word\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\WinWord.exe\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Excel.exe\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Excel.exe\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\MSPub.exe\shell\edit
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\.mht\OpenWithList\MSPub.exe\shell\edit\command
|
NULL
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\EXCEL\1276
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=8192&uilcid=1033&build=16.0.16827&crev=3\0
|
FilePath
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=8192&uilcid=1033&build=16.0.16827&crev=3\0
|
StartDate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=8192&uilcid=1033&build=16.0.16827&crev=3\0
|
EndDate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Internet\WebServiceCache
|
LastClean
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Excel
|
ExcelWorkbookOpenedCount
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F00000000000000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel
|
Expires
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
ChunkCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel\ConfigContextData
|
VersionId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel
|
Expires
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\excel
|
DeferredConfigs
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\EXCEL\1276
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\EXCEL\1276
|
0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesLastModified
|
excel.exe_queried
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry\RulesLastModified
|
excel.exe_queried
|
||
|
\REGISTRY\A\{e9af8130-da3c-ac2e-64c0-8f35d036ca94}\Root\InventoryApplicationFile\synaptics.exe|32d51e3dc07cacd1
|
ProgramId
|
||
|
\REGISTRY\A\{e9af8130-da3c-ac2e-64c0-8f35d036ca94}\Root\InventoryApplicationFile\synaptics.exe|32d51e3dc07cacd1
|
FileId
|
||
|
\REGISTRY\A\{e9af8130-da3c-ac2e-64c0-8f35d036ca94}\Root\InventoryApplicationFile\synaptics.exe|32d51e3dc07cacd1
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{e9af8130-da3c-ac2e-64c0-8f35d036ca94}\Root\InventoryApplicationFile\synaptics.exe|32d51e3dc07cacd1
|
LongPathHash
|
||
|
\REGISTRY\A\{e9af8130-da3c-ac2e-64c0-8f35d036ca94}\Root\InventoryApplicationFile\synaptics.exe|32d51e3dc07cacd1
|
Name
|
||
|
\REGISTRY\A\{e9af8130-da3c-ac2e-64c0-8f35d036ca94}\Root\InventoryApplicationFile\synaptics.exe|32d51e3dc07cacd1
|
OriginalFileName
|
||
|
\REGISTRY\A\{e9af8130-da3c-ac2e-64c0-8f35d036ca94}\Root\InventoryApplicationFile\synaptics.exe|32d51e3dc07cacd1
|
Publisher
|
||
|
\REGISTRY\A\{e9af8130-da3c-ac2e-64c0-8f35d036ca94}\Root\InventoryApplicationFile\synaptics.exe|32d51e3dc07cacd1
|
Version
|
||
|
\REGISTRY\A\{e9af8130-da3c-ac2e-64c0-8f35d036ca94}\Root\InventoryApplicationFile\synaptics.exe|32d51e3dc07cacd1
|
BinFileVersion
|
||
|
\REGISTRY\A\{e9af8130-da3c-ac2e-64c0-8f35d036ca94}\Root\InventoryApplicationFile\synaptics.exe|32d51e3dc07cacd1
|
BinaryType
|
||
|
\REGISTRY\A\{e9af8130-da3c-ac2e-64c0-8f35d036ca94}\Root\InventoryApplicationFile\synaptics.exe|32d51e3dc07cacd1
|
ProductName
|
||
|
\REGISTRY\A\{e9af8130-da3c-ac2e-64c0-8f35d036ca94}\Root\InventoryApplicationFile\synaptics.exe|32d51e3dc07cacd1
|
ProductVersion
|
||
|
\REGISTRY\A\{e9af8130-da3c-ac2e-64c0-8f35d036ca94}\Root\InventoryApplicationFile\synaptics.exe|32d51e3dc07cacd1
|
LinkDate
|
||
|
\REGISTRY\A\{e9af8130-da3c-ac2e-64c0-8f35d036ca94}\Root\InventoryApplicationFile\synaptics.exe|32d51e3dc07cacd1
|
BinProductVersion
|
||
|
\REGISTRY\A\{e9af8130-da3c-ac2e-64c0-8f35d036ca94}\Root\InventoryApplicationFile\synaptics.exe|32d51e3dc07cacd1
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{e9af8130-da3c-ac2e-64c0-8f35d036ca94}\Root\InventoryApplicationFile\synaptics.exe|32d51e3dc07cacd1
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{e9af8130-da3c-ac2e-64c0-8f35d036ca94}\Root\InventoryApplicationFile\synaptics.exe|32d51e3dc07cacd1
|
Size
|
||
|
\REGISTRY\A\{e9af8130-da3c-ac2e-64c0-8f35d036ca94}\Root\InventoryApplicationFile\synaptics.exe|32d51e3dc07cacd1
|
Language
|
||
|
\REGISTRY\A\{e9af8130-da3c-ac2e-64c0-8f35d036ca94}\Root\InventoryApplicationFile\synaptics.exe|32d51e3dc07cacd1
|
Usn
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018400FE1F5C8CD
|
There are 348 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2AB1000
|
trusted library allocation
|
page read and write
|
|
|
|
299E000
|
heap
|
page read and write
|
|
|
|
409000
|
unkown
|
page read and write
|
|
|
|
12AC1000
|
trusted library allocation
|
page read and write
|
|
|
|
21B4000
|
direct allocation
|
page read and write
|
|
|
|
89B000
|
heap
|
page read and write
|
|
|
|
6A2000
|
unkown
|
page readonly
|
|
|
|
4A5000
|
unkown
|
page readonly
|
|
|
|
21D3000
|
direct allocation
|
page read and write
|
|
|
|
869C000
|
heap
|
page read and write
|
||
|
21CC000
|
direct allocation
|
page read and write
|
||
|
2144000
|
direct allocation
|
page read and write
|
||
|
88F000
|
heap
|
page read and write
|
||
|
289E000
|
stack
|
page read and write
|
||
|
7357000
|
trusted library allocation
|
page read and write
|
||
|
B6EC000
|
stack
|
page read and write
|
||
|
1B36B000
|
stack
|
page read and write
|
||
|
7ABD000
|
trusted library allocation
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
7840000
|
trusted library allocation
|
page read and write
|
||
|
7546000
|
heap
|
page read and write
|
||
|
742A000
|
heap
|
page read and write
|
||
|
12AB8000
|
trusted library allocation
|
page read and write
|
||
|
89AE000
|
stack
|
page read and write
|
||
|
7A8C000
|
heap
|
page read and write
|
||
|
166FC000
|
stack
|
page read and write
|
||
|
1C370000
|
heap
|
page read and write
|
||
|
21CC000
|
direct allocation
|
page read and write
|
||
|
20B8000
|
direct allocation
|
page read and write
|
||
|
4F00000
|
trusted library allocation
|
page execute and read and write
|
||
|
13DBC000
|
stack
|
page read and write
|
||
|
BBAE000
|
stack
|
page read and write
|
||
|
597F000
|
trusted library allocation
|
page read and write
|
||
|
C96E000
|
stack
|
page read and write
|
||
|
7ADE000
|
heap
|
page read and write
|
||
|
577000
|
heap
|
page read and write
|
||
|
4710000
|
trusted library allocation
|
page read and write
|
||
|
6CA000
|
heap
|
page read and write
|
||
|
DF51000
|
heap
|
page read and write
|
||
|
78EE000
|
stack
|
page read and write
|
||
|
676F000
|
heap
|
page read and write
|
||
|
6C88000
|
heap
|
page read and write
|
||
|
86AC000
|
heap
|
page read and write
|
||
|
783000
|
heap
|
page read and write
|
||
|
699E000
|
stack
|
page read and write
|
||
|
784E000
|
stack
|
page read and write
|
||
|
4725000
|
trusted library allocation
|
page execute and read and write
|
||
|
DF1E000
|
heap
|
page read and write
|
||
|
4EC0000
|
remote allocation
|
page read and write
|
||
|
7AC9000
|
heap
|
page read and write
|
||
|
A42C000
|
stack
|
page read and write
|
||
|
2050000
|
direct allocation
|
page read and write
|
||
|
4B20000
|
heap
|
page read and write
|
||
|
21D4000
|
direct allocation
|
page read and write
|
||
|
6FFD000
|
stack
|
page read and write
|
||
|
16BBE000
|
stack
|
page read and write
|
||
|
8978000
|
heap
|
page read and write
|
||
|
8080000
|
trusted library allocation
|
page read and write
|
||
|
741E000
|
stack
|
page read and write
|
||
|
59CF000
|
stack
|
page read and write
|
||
|
8920000
|
trusted library allocation
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
7ABB000
|
trusted library allocation
|
page read and write
|
||
|
10EAC000
|
stack
|
page read and write
|
||
|
41C0000
|
heap
|
page read and write
|
||
|
650000
|
heap
|
page read and write
|
||
|
7463000
|
heap
|
page read and write
|
||
|
15F7C000
|
stack
|
page read and write
|
||
|
865D000
|
stack
|
page read and write
|
||
|
7585000
|
heap
|
page read and write
|
||
|
A7F000
|
heap
|
page read and write
|
||
|
601E000
|
stack
|
page read and write
|
||
|
2CB0000
|
heap
|
page read and write
|
||
|
4BE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
20B0000
|
direct allocation
|
page read and write
|
||
|
8C2E000
|
stack
|
page read and write
|
||
|
21D8000
|
direct allocation
|
page read and write
|
||
|
DF25000
|
heap
|
page read and write
|
||
|
73F8000
|
heap
|
page read and write
|
||
|
349E000
|
stack
|
page read and write
|
||
|
6CB0000
|
heap
|
page read and write
|
||
|
16F7E000
|
stack
|
page read and write
|
||
|
DDD7000
|
heap
|
page read and write
|
||
|
869F000
|
heap
|
page read and write
|
||
|
16FBC000
|
stack
|
page read and write
|
||
|
6F1000
|
heap
|
page read and write
|
||
|
7DD0000
|
trusted library allocation
|
page read and write
|
||
|
21C4000
|
direct allocation
|
page read and write
|
||
|
14B3E000
|
stack
|
page read and write
|
||
|
FBEC000
|
stack
|
page read and write
|
||
|
125BE000
|
stack
|
page read and write
|
||
|
6C3C000
|
heap
|
page read and write
|
||
|
72FB000
|
trusted library allocation
|
page read and write
|
||
|
158FE000
|
stack
|
page read and write
|
||
|
886E000
|
stack
|
page read and write
|
||
|
2B96000
|
trusted library allocation
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
4C66000
|
trusted library allocation
|
page read and write
|
||
|
5820000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E96000
|
trusted library allocation
|
page read and write
|
||
|
76EE000
|
stack
|
page read and write
|
||
|
2B1A000
|
trusted library allocation
|
page read and write
|
||
|
21CC000
|
direct allocation
|
page read and write
|
||
|
5551000
|
trusted library allocation
|
page read and write
|
||
|
4530000
|
trusted library allocation
|
page read and write
|
||
|
457000
|
heap
|
page read and write
|
||
|
10AAE000
|
stack
|
page read and write
|
||
|
2144000
|
direct allocation
|
page read and write
|
||
|
20C8000
|
direct allocation
|
page read and write
|
||
|
1237C000
|
stack
|
page read and write
|
||
|
481D000
|
stack
|
page read and write
|
||
|
8974000
|
heap
|
page read and write
|
||
|
7422000
|
heap
|
page read and write
|
||
|
8560000
|
trusted library allocation
|
page read and write
|
||
|
7141000
|
heap
|
page read and write
|
||
|
97AC000
|
stack
|
page read and write
|
||
|
7419000
|
heap
|
page read and write
|
||
|
11E3E000
|
stack
|
page read and write
|
||
|
1467C000
|
stack
|
page read and write
|
||
|
41B0000
|
heap
|
page execute and read and write
|
||
|
40F9000
|
trusted library allocation
|
page read and write
|
||
|
440000
|
heap
|
page read and write
|
||
|
21D0000
|
direct allocation
|
page read and write
|
||
|
80EE000
|
stack
|
page read and write
|
||
|
3388000
|
heap
|
page read and write
|
||
|
420C000
|
stack
|
page read and write
|
||
|
1036C000
|
stack
|
page read and write
|
||
|
4DA1000
|
trusted library allocation
|
page read and write
|
||
|
20C8000
|
direct allocation
|
page read and write
|
||
|
2A0F000
|
stack
|
page read and write
|
||
|
21D8000
|
direct allocation
|
page read and write
|
||
|
120FC000
|
stack
|
page read and write
|
||
|
27CE000
|
stack
|
page read and write
|
||
|
7C44000
|
heap
|
page read and write
|
||
|
1417C000
|
stack
|
page read and write
|
||
|
12C3C000
|
stack
|
page read and write
|
||
|
12ABE000
|
stack
|
page read and write
|
||
|
75FE000
|
stack
|
page read and write
|
||
|
2B68000
|
trusted library allocation
|
page read and write
|
||
|
20BC000
|
direct allocation
|
page read and write
|
||
|
1AF2C000
|
stack
|
page read and write
|
||
|
FCEE000
|
stack
|
page read and write
|
||
|
409000
|
unkown
|
page read and write
|
||
|
2140000
|
direct allocation
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
78CF000
|
stack
|
page read and write
|
||
|
7830000
|
heap
|
page execute and read and write
|
||
|
73C9000
|
heap
|
page read and write
|
||
|
21D8000
|
direct allocation
|
page read and write
|
||
|
1297E000
|
stack
|
page read and write
|
||
|
2148000
|
direct allocation
|
page read and write
|
||
|
7EAC000
|
stack
|
page read and write
|
||
|
430C000
|
stack
|
page read and write
|
||
|
4AC0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DE3000
|
trusted library allocation
|
page execute and read and write
|
||
|
717E000
|
stack
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
8BA0000
|
trusted library allocation
|
page read and write
|
||
|
7F30000
|
trusted library allocation
|
page execute and read and write
|
||
|
105AE000
|
stack
|
page read and write
|
||
|
889000
|
heap
|
page read and write
|
||
|
409000
|
unkown
|
page write copy
|
||
|
7480000
|
trusted library allocation
|
page execute and read and write
|
||
|
7B70000
|
heap
|
page read and write
|
||
|
C85000
|
heap
|
page read and write
|
||
|
640000
|
heap
|
page read and write
|
||
|
DF05000
|
heap
|
page read and write
|
||
|
C4AC000
|
stack
|
page read and write
|
||
|
21CC000
|
direct allocation
|
page read and write
|
||
|
21BC000
|
direct allocation
|
page read and write
|
||
|
926E000
|
stack
|
page read and write
|
||
|
4551000
|
trusted library allocation
|
page read and write
|
||
|
7AB0000
|
trusted library allocation
|
page read and write
|
||
|
88F000
|
heap
|
page read and write
|
||
|
5DA9000
|
trusted library allocation
|
page read and write
|
||
|
88C7000
|
trusted library allocation
|
page read and write
|
||
|
4D6D000
|
stack
|
page read and write
|
||
|
558A000
|
heap
|
page read and write
|
||
|
3210000
|
heap
|
page read and write
|
||
|
7C54000
|
heap
|
page read and write
|
||
|
1FE0000
|
direct allocation
|
page read and write
|
||
|
DF09000
|
heap
|
page read and write
|
||
|
858000
|
heap
|
page read and write
|
||
|
952C000
|
stack
|
page read and write
|
||
|
71BA000
|
stack
|
page read and write
|
||
|
7709000
|
heap
|
page read and write
|
||
|
142BC000
|
stack
|
page read and write
|
||
|
20BC000
|
direct allocation
|
page read and write
|
||
|
1BE0D000
|
stack
|
page read and write
|
||
|
65AC000
|
stack
|
page read and write
|
||
|
2144000
|
direct allocation
|
page read and write
|
||
|
2BEE000
|
stack
|
page read and write
|
||
|
20BC000
|
direct allocation
|
page read and write
|
||
|
12E7E000
|
stack
|
page read and write
|
||
|
56E9000
|
trusted library allocation
|
page read and write
|
||
|
87D000
|
heap
|
page read and write
|
||
|
4BCC000
|
stack
|
page read and write
|
||
|
4F8E000
|
stack
|
page read and write
|
||
|
13EBE000
|
stack
|
page read and write
|
||
|
DFAA000
|
heap
|
page read and write
|
||
|
739E000
|
stack
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
2AB8000
|
heap
|
page read and write
|
||
|
8310000
|
trusted library allocation
|
page read and write
|
||
|
7300000
|
trusted library allocation
|
page execute and read and write
|
||
|
829E000
|
stack
|
page read and write
|
||
|
1403C000
|
stack
|
page read and write
|
||
|
471D000
|
stack
|
page read and write
|
||
|
5F35000
|
trusted library allocation
|
page read and write
|
||
|
5512000
|
heap
|
page read and write
|
||
|
21D8000
|
direct allocation
|
page read and write
|
||
|
7FEC000
|
stack
|
page read and write
|
||
|
49E000
|
unkown
|
page read and write
|
||
|
DFE4000
|
heap
|
page read and write
|
||
|
9F0000
|
trusted library allocation
|
page read and write
|
||
|
4D5000
|
heap
|
page read and write
|
||
|
7AE8000
|
heap
|
page read and write
|
||
|
168000
|
stack
|
page read and write
|
||
|
21C0000
|
heap
|
page read and write
|
||
|
1223C000
|
stack
|
page read and write
|
||
|
5A20000
|
trusted library allocation
|
page read and write
|
||
|
74DE000
|
stack
|
page read and write
|
||
|
CBEE000
|
stack
|
page read and write
|
||
|
E52E000
|
stack
|
page read and write
|
||
|
7850000
|
trusted library allocation
|
page execute and read and write
|
||
|
79B0000
|
trusted library allocation
|
page read and write
|
||
|
D36E000
|
stack
|
page read and write
|
||
|
7D70000
|
trusted library allocation
|
page read and write
|
||
|
74C0000
|
trusted library allocation
|
page read and write
|
||
|
A8EE000
|
stack
|
page read and write
|
||
|
861000
|
heap
|
page read and write
|
||
|
21D8000
|
direct allocation
|
page read and write
|
||
|
7BF0000
|
heap
|
page execute and read and write
|
||
|
7550000
|
trusted library allocation
|
page read and write
|
||
|
41AE000
|
stack
|
page read and write
|
||
|
44DE000
|
stack
|
page read and write
|
||
|
8542000
|
trusted library allocation
|
page read and write
|
||
|
1543C000
|
stack
|
page read and write
|
||
|
730000
|
heap
|
page read and write
|
||
|
71C0000
|
trusted library allocation
|
page read and write
|
||
|
496E000
|
stack
|
page read and write
|
||
|
21BC000
|
direct allocation
|
page read and write
|
||
|
194000
|
stack
|
page read and write
|
||
|
916C000
|
stack
|
page read and write
|
||
|
726E000
|
stack
|
page read and write
|
||
|
689C000
|
stack
|
page read and write
|
||
|
7D6C000
|
stack
|
page read and write
|
||
|
2B72000
|
trusted library allocation
|
page read and write
|
||
|
7554000
|
heap
|
page read and write
|
||
|
20BC000
|
direct allocation
|
page read and write
|
||
|
20C8000
|
direct allocation
|
page read and write
|
||
|
7454000
|
heap
|
page read and write
|
||
|
83C000
|
heap
|
page read and write
|
||
|
7EF98000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF4CBDA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
C20000
|
heap
|
page read and write
|
||
|
E1AC000
|
stack
|
page read and write
|
||
|
331B000
|
heap
|
page read and write
|
||
|
4B10000
|
trusted library allocation
|
page read and write
|
||
|
8E8B000
|
stack
|
page read and write
|
||
|
FD2C000
|
stack
|
page read and write
|
||
|
4559000
|
trusted library allocation
|
page read and write
|
||
|
1136E000
|
stack
|
page read and write
|
||
|
415000
|
unkown
|
page read and write
|
||
|
4E80000
|
trusted library allocation
|
page read and write
|
||
|
21CC000
|
direct allocation
|
page read and write
|
||
|
BE6C000
|
stack
|
page read and write
|
||
|
72FD000
|
trusted library allocation
|
page read and write
|
||
|
4AB5000
|
trusted library allocation
|
page read and write
|
||
|
1022C000
|
stack
|
page read and write
|
||
|
73B0000
|
heap
|
page read and write
|
||
|
98EC000
|
stack
|
page read and write
|
||
|
8B90000
|
trusted library allocation
|
page execute and read and write
|
||
|
5390000
|
trusted library allocation
|
page read and write
|
||
|
1C1D6000
|
stack
|
page read and write
|
||
|
8B2C000
|
stack
|
page read and write
|
||
|
2B2E000
|
trusted library allocation
|
page read and write
|
||
|
8B6E000
|
stack
|
page read and write
|
||
|
12BFE000
|
stack
|
page read and write
|
||
|
C80000
|
heap
|
page read and write
|
||
|
DF1C000
|
heap
|
page read and write
|
||
|
1046E000
|
stack
|
page read and write
|
||
|
847000
|
heap
|
page read and write
|
||
|
20C8000
|
direct allocation
|
page read and write
|
||
|
DD70000
|
heap
|
page read and write
|
||
|
2E7E000
|
stack
|
page read and write
|
||
|
21A0000
|
heap
|
page read and write
|
||
|
7DF0000
|
trusted library allocation
|
page read and write
|
||
|
20B4000
|
direct allocation
|
page read and write
|
||
|
8A5B000
|
heap
|
page read and write
|
||
|
7010000
|
trusted library allocation
|
page read and write
|
||
|
16CFE000
|
stack
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
D4EC000
|
stack
|
page read and write
|
||
|
12D3E000
|
stack
|
page read and write
|
||
|
2230000
|
direct allocation
|
page execute and read and write
|
||
|
28CF000
|
stack
|
page read and write
|
||
|
B2EE000
|
stack
|
page read and write
|
||
|
16D3C000
|
stack
|
page read and write
|
||
|
14F3C000
|
stack
|
page read and write
|
||
|
220C000
|
direct allocation
|
page read and write
|
||
|
1643E000
|
stack
|
page read and write
|
||
|
6ED000
|
heap
|
page read and write
|
||
|
194000
|
stack
|
page read and write
|
||
|
6175000
|
trusted library allocation
|
page read and write
|
||
|
84CE000
|
stack
|
page read and write
|
||
|
5D9E000
|
stack
|
page read and write
|
||
|
2F48000
|
heap
|
page read and write
|
||
|
AF6C000
|
stack
|
page read and write
|
||
|
8621000
|
heap
|
page read and write
|
||
|
45B2000
|
trusted library allocation
|
page read and write
|
||
|
5FF9000
|
trusted library allocation
|
page read and write
|
||
|
5CAA000
|
trusted library allocation
|
page read and write
|
||
|
93AE000
|
stack
|
page read and write
|
||
|
812C000
|
stack
|
page read and write
|
||
|
768F000
|
heap
|
page read and write
|
||
|
8550000
|
trusted library allocation
|
page read and write
|
||
|
4550000
|
trusted library allocation
|
page read and write
|
||
|
21D8000
|
direct allocation
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
80D8000
|
heap
|
page read and write
|
||
|
4FE000
|
stack
|
page read and write
|
||
|
20B0000
|
heap
|
page read and write
|
||
|
4B2E000
|
stack
|
page read and write
|
||
|
15DFE000
|
stack
|
page read and write
|
||
|
6ECE000
|
stack
|
page read and write
|
||
|
217E000
|
stack
|
page read and write
|
||
|
7C8E000
|
stack
|
page read and write
|
||
|
8988000
|
heap
|
page read and write
|
||
|
2AA0000
|
heap
|
page execute and read and write
|
||
|
157BE000
|
stack
|
page read and write
|
||
|
70B0000
|
heap
|
page read and write
|
||
|
DDB1000
|
heap
|
page read and write
|
||
|
DF9A000
|
heap
|
page read and write
|
||
|
DE78000
|
heap
|
page read and write
|
||
|
1172E000
|
stack
|
page read and write
|
||
|
B0AC000
|
stack
|
page read and write
|
||
|
7C4E000
|
stack
|
page read and write
|
||
|
12AFC000
|
stack
|
page read and write
|
||
|
7860000
|
trusted library allocation
|
page read and write
|
||
|
668F000
|
stack
|
page read and write
|
||
|
7F720000
|
trusted library allocation
|
page execute and read and write
|
||
|
858000
|
heap
|
page read and write
|
||
|
65F0000
|
trusted library allocation
|
page read and write
|
||
|
7AFD000
|
heap
|
page read and write
|
||
|
862C000
|
stack
|
page read and write
|
||
|
121FE000
|
stack
|
page read and write
|
||
|
74E0000
|
trusted library allocation
|
page read and write
|
||
|
EBAC000
|
stack
|
page read and write
|
||
|
670000
|
heap
|
page read and write
|
||
|
20B8000
|
direct allocation
|
page read and write
|
||
|
2A60000
|
heap
|
page execute and read and write
|
||
|
147BC000
|
stack
|
page read and write
|
||
|
672D000
|
stack
|
page read and write
|
||
|
5E6C000
|
trusted library allocation
|
page read and write
|
||
|
565000
|
heap
|
page read and write
|
||
|
9B9000
|
stack
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
21D8000
|
direct allocation
|
page read and write
|
||
|
DE98000
|
heap
|
page read and write
|
||
|
8060000
|
trusted library allocation
|
page read and write
|
||
|
2CAD000
|
stack
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
79C0000
|
trusted library allocation
|
page read and write
|
||
|
6EDA000
|
trusted library allocation
|
page read and write
|
||
|
F0AC000
|
stack
|
page read and write
|
||
|
3356000
|
heap
|
page read and write
|
||
|
88AC000
|
stack
|
page read and write
|
||
|
21C0000
|
direct allocation
|
page read and write
|
||
|
547B000
|
stack
|
page read and write
|
||
|
5A39000
|
trusted library allocation
|
page read and write
|
||
|
538C000
|
stack
|
page read and write
|
||
|
21CC000
|
direct allocation
|
page read and write
|
||
|
80E4000
|
heap
|
page read and write
|
||
|
1567E000
|
stack
|
page read and write
|
||
|
7BD0000
|
trusted library allocation
|
page read and write
|
||
|
7427000
|
heap
|
page read and write
|
||
|
EF6C000
|
stack
|
page read and write
|
||
|
6F7E000
|
stack
|
page read and write
|
||
|
AA6C000
|
stack
|
page read and write
|
||
|
DDD4000
|
heap
|
page read and write
|
||
|
40D4000
|
trusted library allocation
|
page read and write
|
||
|
8BB0000
|
trusted library allocation
|
page read and write
|
||
|
841B000
|
trusted library allocation
|
page read and write
|
||
|
4560000
|
heap
|
page read and write
|
||
|
471A000
|
trusted library allocation
|
page execute and read and write
|
||
|
56A000
|
heap
|
page read and write
|
||
|
2B3E000
|
trusted library allocation
|
page read and write
|
||
|
73C6000
|
heap
|
page read and write
|
||
|
7FF848EC6000
|
trusted library allocation
|
page execute and read and write
|
||
|
100EC000
|
stack
|
page read and write
|
||
|
2BD0000
|
heap
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
F06E000
|
stack
|
page read and write
|
||
|
753D000
|
heap
|
page read and write
|
||
|
4D90000
|
heap
|
page execute and read and write
|
||
|
77F0000
|
trusted library allocation
|
page read and write
|
||
|
139FC000
|
stack
|
page read and write
|
||
|
730000
|
heap
|
page read and write
|
||
|
13D7E000
|
stack
|
page read and write
|
||
|
9DEC000
|
stack
|
page read and write
|
||
|
2790000
|
trusted library allocation
|
page read and write
|
||
|
6CBD000
|
heap
|
page read and write
|
||
|
66E000
|
stack
|
page read and write
|
||
|
56FA000
|
trusted library allocation
|
page read and write
|
||
|
284D000
|
stack
|
page read and write
|
||
|
134FC000
|
stack
|
page read and write
|
||
|
DF2B000
|
heap
|
page read and write
|
||
|
577E000
|
trusted library allocation
|
page read and write
|
||
|
4160000
|
heap
|
page read and write
|
||
|
94EE000
|
stack
|
page read and write
|
||
|
6F1B000
|
stack
|
page read and write
|
||
|
869E000
|
stack
|
page read and write
|
||
|
1517E000
|
stack
|
page read and write
|
||
|
FE2E000
|
stack
|
page read and write
|
||
|
7E80000
|
trusted library allocation
|
page read and write
|
||
|
8953000
|
trusted library allocation
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
6778000
|
heap
|
page read and write
|
||
|
2AA0000
|
heap
|
page read and write
|
||
|
7540000
|
heap
|
page read and write
|
||
|
8AEE000
|
stack
|
page read and write
|
||
|
5FD1000
|
trusted library allocation
|
page read and write
|
||
|
1647C000
|
stack
|
page read and write
|
||
|
15CFC000
|
stack
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
702C000
|
stack
|
page read and write
|
||
|
20B0000
|
direct allocation
|
page read and write
|
||
|
12AB1000
|
trusted library allocation
|
page read and write
|
||
|
7D2C000
|
heap
|
page read and write
|
||
|
97000
|
stack
|
page read and write
|
||
|
7AE000
|
stack
|
page read and write
|
||
|
8B9000
|
heap
|
page read and write
|
||
|
DF70000
|
heap
|
page read and write
|
||
|
1313C000
|
stack
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
70A0000
|
trusted library allocation
|
page read and write
|
||
|
885D000
|
stack
|
page read and write
|
||
|
5BF2000
|
trusted library allocation
|
page read and write
|
||
|
4A90000
|
trusted library allocation
|
page read and write
|
||
|
4D1E000
|
stack
|
page read and write
|
||
|
DDAF000
|
heap
|
page read and write
|
||
|
7B12000
|
heap
|
page read and write
|
||
|
6B0000
|
heap
|
page read and write
|
||
|
DC6C000
|
stack
|
page read and write
|
||
|
21CC000
|
direct allocation
|
page read and write
|
||
|
5F46000
|
trusted library allocation
|
page read and write
|
||
|
134BE000
|
stack
|
page read and write
|
||
|
15F3E000
|
stack
|
page read and write
|
||
|
A16E000
|
stack
|
page read and write
|
||
|
449C000
|
stack
|
page read and write
|
||
|
4EF0000
|
heap
|
page readonly
|
||
|
E7EC000
|
stack
|
page read and write
|
||
|
4C9D000
|
stack
|
page read and write
|
||
|
2EBF000
|
stack
|
page read and write
|
||
|
DE6A000
|
heap
|
page read and write
|
||
|
7DC2000
|
trusted library allocation
|
page read and write
|
||
|
84E0000
|
heap
|
page read and write
|
||
|
20BC000
|
direct allocation
|
page read and write
|
||
|
A4C000
|
heap
|
page read and write
|
||
|
454E000
|
stack
|
page read and write
|
||
|
7090000
|
trusted library allocation
|
page read and write
|
||
|
40E0000
|
heap
|
page read and write
|
||
|
8C2E000
|
stack
|
page read and write
|
||
|
E66E000
|
stack
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
7961000
|
heap
|
page read and write
|
||
|
1373E000
|
stack
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
4E9D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4AB0000
|
trusted library allocation
|
page read and write
|
||
|
6C0000
|
heap
|
page read and write
|
||
|
7070000
|
trusted library allocation
|
page read and write
|
||
|
7148000
|
heap
|
page read and write
|
||
|
4E93000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E04000
|
trusted library allocation
|
page read and write
|
||
|
7CDD000
|
heap
|
page read and write
|
||
|
21C8000
|
direct allocation
|
page read and write
|
||
|
605C000
|
stack
|
page read and write
|
||
|
21C8000
|
direct allocation
|
page read and write
|
||
|
D76C000
|
stack
|
page read and write
|
||
|
21D4000
|
direct allocation
|
page read and write
|
||
|
745D000
|
stack
|
page read and write
|
||
|
ECEC000
|
stack
|
page read and write
|
||
|
897C000
|
heap
|
page read and write
|
||
|
20BC000
|
direct allocation
|
page read and write
|
||
|
113AC000
|
stack
|
page read and write
|
||
|
7B14000
|
heap
|
page read and write
|
||
|
21BF000
|
stack
|
page read and write
|
||
|
166BE000
|
stack
|
page read and write
|
||
|
7432000
|
heap
|
page read and write
|
||
|
641C000
|
stack
|
page read and write
|
||
|
3396000
|
heap
|
page read and write
|
||
|
14C7E000
|
stack
|
page read and write
|
||
|
20B8000
|
direct allocation
|
page read and write
|
||
|
4450000
|
heap
|
page read and write
|
||
|
28CF000
|
stack
|
page read and write
|
||
|
8B80000
|
trusted library allocation
|
page read and write
|
||
|
2A0F000
|
stack
|
page read and write
|
||
|
676B000
|
stack
|
page read and write
|
||
|
64C9000
|
trusted library allocation
|
page read and write
|
||
|
7060000
|
trusted library allocation
|
page read and write
|
||
|
89B2000
|
heap
|
page read and write
|
||
|
821E000
|
stack
|
page read and write
|
||
|
82DE000
|
stack
|
page read and write
|
||
|
4130000
|
trusted library allocation
|
page read and write
|
||
|
28A3000
|
trusted library allocation
|
page read and write
|
||
|
88A0000
|
heap
|
page read and write
|
||
|
5573000
|
heap
|
page read and write
|
||
|
106EE000
|
stack
|
page read and write
|
||
|
16ABC000
|
stack
|
page read and write
|
||
|
73B9000
|
heap
|
page read and write
|
||
|
7650000
|
heap
|
page execute and read and write
|
||
|
7FF848E0D000
|
trusted library allocation
|
page execute and read and write
|
||
|
21D8000
|
direct allocation
|
page read and write
|
||
|
841D000
|
trusted library allocation
|
page read and write
|
||
|
780E000
|
stack
|
page read and write
|
||
|
F1EC000
|
stack
|
page read and write
|
||
|
7B9E000
|
stack
|
page read and write
|
||
|
21CC000
|
direct allocation
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
21D0000
|
direct allocation
|
page read and write
|
||
|
DF0E000
|
heap
|
page read and write
|
||
|
E42C000
|
stack
|
page read and write
|
||
|
49F5000
|
trusted library allocation
|
page read and write
|
||
|
5EDE000
|
stack
|
page read and write
|
||
|
DDBE000
|
heap
|
page read and write
|
||
|
143BE000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
152BE000
|
stack
|
page read and write
|
||
|
FAAC000
|
stack
|
page read and write
|
||
|
1122E000
|
stack
|
page read and write
|
||
|
426E000
|
stack
|
page read and write
|
||
|
15B7E000
|
stack
|
page read and write
|
||
|
558000
|
heap
|
page read and write
|
||
|
454D000
|
trusted library allocation
|
page execute and read and write
|
||
|
10D6C000
|
stack
|
page read and write
|
||
|
2B2C000
|
trusted library allocation
|
page read and write
|
||
|
4544000
|
trusted library allocation
|
page read and write
|
||
|
7C48000
|
heap
|
page read and write
|
||
|
5950000
|
trusted library allocation
|
page read and write
|
||
|
2B4F000
|
stack
|
page read and write
|
||
|
962E000
|
stack
|
page read and write
|
||
|
10D2E000
|
stack
|
page read and write
|
||
|
710B000
|
heap
|
page read and write
|
||
|
21CC000
|
direct allocation
|
page read and write
|
||
|
F6EC000
|
stack
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
15CBE000
|
stack
|
page read and write
|
||
|
8613000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
54C0000
|
trusted library allocation
|
page read and write
|
||
|
49B000
|
unkown
|
page write copy
|
||
|
742E000
|
heap
|
page read and write
|
||
|
7188000
|
heap
|
page read and write
|
||
|
5307000
|
trusted library allocation
|
page read and write
|
||
|
2AEC000
|
heap
|
page read and write
|
||
|
6A0000
|
unkown
|
page readonly
|
||
|
EB6E000
|
stack
|
page read and write
|
||
|
4FD1000
|
trusted library allocation
|
page read and write
|
||
|
418000
|
unkown
|
page readonly
|
||
|
DF8B000
|
heap
|
page read and write
|
||
|
9BD000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
9C000
|
stack
|
page read and write
|
||
|
76FE000
|
heap
|
page read and write
|
||
|
8A53000
|
heap
|
page read and write
|
||
|
6B7E000
|
stack
|
page read and write
|
||
|
750D000
|
heap
|
page read and write
|
||
|
20A8000
|
direct allocation
|
page read and write
|
||
|
2B52000
|
trusted library allocation
|
page read and write
|
||
|
1BFD5000
|
stack
|
page read and write
|
||
|
DDCF000
|
heap
|
page read and write
|
||
|
1327C000
|
stack
|
page read and write
|
||
|
16A7E000
|
stack
|
page read and write
|
||
|
FF6E000
|
stack
|
page read and write
|
||
|
20C8000
|
direct allocation
|
page read and write
|
||
|
DDC6000
|
heap
|
page read and write
|
||
|
BD2C000
|
stack
|
page read and write
|
||
|
4C6F000
|
trusted library allocation
|
page read and write
|
||
|
660000
|
direct allocation
|
page execute and read and write
|
||
|
7501000
|
heap
|
page read and write
|
||
|
40F0000
|
trusted library allocation
|
page read and write
|
||
|
861B000
|
heap
|
page read and write
|
||
|
B01000
|
heap
|
page read and write
|
||
|
4567000
|
heap
|
page read and write
|
||
|
DF00000
|
heap
|
page read and write
|
||
|
67F000
|
stack
|
page read and write
|
||
|
402F000
|
stack
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
274E000
|
stack
|
page read and write
|
||
|
7E50000
|
trusted library allocation
|
page read and write
|
||
|
7B2D000
|
stack
|
page read and write
|
||
|
6674000
|
trusted library allocation
|
page read and write
|
||
|
6E8000
|
heap
|
page read and write
|
||
|
2271000
|
direct allocation
|
page read and write
|
||
|
6C1E000
|
stack
|
page read and write
|
||
|
772C000
|
stack
|
page read and write
|
||
|
5B5000
|
heap
|
page read and write
|
||
|
EE2C000
|
stack
|
page read and write
|
||
|
4BF0000
|
trusted library allocation
|
page read and write
|
||
|
21A0000
|
direct allocation
|
page read and write
|
||
|
7D40000
|
trusted library allocation
|
page read and write
|
||
|
9EEE000
|
stack
|
page read and write
|
||
|
8470000
|
trusted library allocation
|
page read and write
|
||
|
64E1000
|
trusted library allocation
|
page read and write
|
||
|
849000
|
heap
|
page read and write
|
||
|
89E3000
|
heap
|
page read and write
|
||
|
756E000
|
stack
|
page read and write
|
||
|
4540000
|
trusted library allocation
|
page read and write
|
||
|
6FBE000
|
stack
|
page read and write
|
||
|
773D000
|
heap
|
page read and write
|
||
|
796D000
|
stack
|
page read and write
|
||
|
538000
|
heap
|
page read and write
|
||
|
52E000
|
stack
|
page read and write
|
||
|
21D8000
|
direct allocation
|
page read and write
|
||
|
21D8000
|
direct allocation
|
page read and write
|
||
|
53CE000
|
stack
|
page read and write
|
||
|
2F30000
|
heap
|
page read and write
|
||
|
5584000
|
heap
|
page read and write
|
||
|
6B1C000
|
stack
|
page read and write
|
||
|
98AE000
|
stack
|
page read and write
|
||
|
788E000
|
stack
|
page read and write
|
||
|
63E000
|
stack
|
page read and write
|
||
|
20C8000
|
direct allocation
|
page read and write
|
||
|
1B861000
|
heap
|
page read and write
|
||
|
11AFE000
|
stack
|
page read and write
|
||
|
81A8000
|
heap
|
page read and write
|
||
|
B56E000
|
stack
|
page read and write
|
||
|
8A20000
|
heap
|
page read and write
|
||
|
650000
|
heap
|
page read and write
|
||
|
97E000
|
stack
|
page read and write
|
||
|
6CD8000
|
heap
|
page read and write
|
||
|
6FF000
|
stack
|
page read and write
|
||
|
4AC3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7D50000
|
trusted library allocation
|
page read and write
|
||
|
6AFB000
|
stack
|
page read and write
|
||
|
8D50000
|
trusted library allocation
|
page execute and read and write
|
||
|
93EC000
|
stack
|
page read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
57F000
|
heap
|
page read and write
|
||
|
7A10000
|
trusted library allocation
|
page read and write
|
||
|
5510000
|
heap
|
page read and write
|
||
|
73AE000
|
stack
|
page read and write
|
||
|
7478000
|
heap
|
page read and write
|
||
|
4AE0000
|
trusted library allocation
|
page read and write
|
||
|
4D6F000
|
stack
|
page read and write
|
||
|
1C30E000
|
stack
|
page read and write
|
||
|
21FF000
|
direct allocation
|
page read and write
|
||
|
8A43000
|
heap
|
page read and write
|
||
|
6E40000
|
heap
|
page execute and read and write
|
||
|
2144000
|
direct allocation
|
page read and write
|
||
|
7360000
|
trusted library allocation
|
page read and write
|
||
|
B46C000
|
stack
|
page read and write
|
||
|
5822000
|
trusted library allocation
|
page read and write
|
||
|
21D8000
|
direct allocation
|
page read and write
|
||
|
C0EC000
|
stack
|
page read and write
|
||
|
120BE000
|
stack
|
page read and write
|
||
|
21CC000
|
direct allocation
|
page read and write
|
||
|
20C8000
|
direct allocation
|
page read and write
|
||
|
219E000
|
stack
|
page read and write
|
||
|
4EA9000
|
trusted library allocation
|
page read and write
|
||
|
4FBC000
|
stack
|
page read and write
|
||
|
5A10000
|
heap
|
page read and write
|
||
|
1C57E000
|
stack
|
page read and write
|
||
|
A7AE000
|
stack
|
page read and write
|
||
|
162FE000
|
stack
|
page read and write
|
||
|
4AF5000
|
trusted library allocation
|
page execute and read and write
|
||
|
1072C000
|
stack
|
page read and write
|
||
|
114AE000
|
stack
|
page read and write
|
||
|
2A4E000
|
stack
|
page read and write
|
||
|
5F1C000
|
stack
|
page read and write
|
||
|
2CB7000
|
heap
|
page read and write
|
||
|
9CAC000
|
stack
|
page read and write
|
||
|
3190000
|
heap
|
page read and write
|
||
|
7417000
|
heap
|
page read and write
|
||
|
6C59000
|
heap
|
page read and write
|
||
|
7C2C000
|
stack
|
page read and write
|
||
|
1697C000
|
stack
|
page read and write
|
||
|
20C8000
|
direct allocation
|
page read and write
|
||
|
7F738000
|
trusted library allocation
|
page execute and read and write
|
||
|
4EC0000
|
trusted library allocation
|
page read and write
|
||
|
20BC000
|
direct allocation
|
page read and write
|
||
|
67EE000
|
stack
|
page read and write
|
||
|
848D000
|
stack
|
page read and write
|
||
|
7FF848DE4000
|
trusted library allocation
|
page read and write
|
||
|
5F4D000
|
trusted library allocation
|
page read and write
|
||
|
5700000
|
trusted library allocation
|
page read and write
|
||
|
117EC000
|
stack
|
page read and write
|
||
|
7FF0000
|
heap
|
page read and write
|
||
|
711F000
|
heap
|
page read and write
|
||
|
880000
|
heap
|
page read and write
|
||
|
4E94000
|
trusted library allocation
|
page read and write
|
||
|
5A43000
|
trusted library allocation
|
page read and write
|
||
|
2B86000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F00000
|
trusted library allocation
|
page execute and read and write
|
||
|
40CB000
|
stack
|
page read and write
|
||
|
32C0000
|
heap
|
page read and write
|
||
|
745A000
|
heap
|
page read and write
|
||
|
73AE000
|
stack
|
page read and write
|
||
|
40D0000
|
trusted library allocation
|
page read and write
|
||
|
20C8000
|
direct allocation
|
page read and write
|
||
|
318E000
|
stack
|
page read and write
|
||
|
87EB000
|
trusted library allocation
|
page read and write
|
||
|
1032E000
|
stack
|
page read and write
|
||
|
7FF848DED000
|
trusted library allocation
|
page execute and read and write
|
||
|
4FC0000
|
heap
|
page execute and read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
5BFB000
|
trusted library allocation
|
page read and write
|
||
|
2240000
|
heap
|
page read and write
|
||
|
782C000
|
stack
|
page read and write
|
||
|
2C8E000
|
stack
|
page read and write
|
||
|
117AC000
|
stack
|
page read and write
|
||
|
4E90000
|
trusted library allocation
|
page read and write
|
||
|
62DC000
|
stack
|
page read and write
|
||
|
88B000
|
heap
|
page read and write
|
||
|
1273C000
|
stack
|
page read and write
|
||
|
10C2C000
|
stack
|
page read and write
|
||
|
16E3E000
|
stack
|
page read and write
|
||
|
DF07000
|
heap
|
page read and write
|
||
|
DEDF000
|
heap
|
page read and write
|
||
|
15BBC000
|
stack
|
page read and write
|
||
|
5DDC000
|
stack
|
page read and write
|
||
|
7F2B8000
|
trusted library allocation
|
page execute and read and write
|
||
|
4112000
|
trusted library allocation
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
6E80000
|
trusted library allocation
|
page execute and read and write
|
||
|
5E1A000
|
trusted library allocation
|
page read and write
|
||
|
D12C000
|
stack
|
page read and write
|
||
|
66E0000
|
heap
|
page execute and read and write
|
||
|
7474000
|
heap
|
page read and write
|
||
|
20C8000
|
direct allocation
|
page read and write
|
||
|
5A4B000
|
trusted library allocation
|
page read and write
|
||
|
1723D000
|
stack
|
page read and write
|
||
|
20AC000
|
direct allocation
|
page read and write
|
||
|
79AC000
|
stack
|
page read and write
|
||
|
278E000
|
stack
|
page read and write
|
||
|
5BFF000
|
trusted library allocation
|
page read and write
|
||
|
73C0000
|
heap
|
page read and write
|
||
|
5C03000
|
trusted library allocation
|
page read and write
|
||
|
2B6C000
|
heap
|
page read and write
|
||
|
20AC000
|
direct allocation
|
page read and write
|
||
|
1B7D1000
|
heap
|
page read and write
|
||
|
73CD000
|
heap
|
page read and write
|
||
|
AB3000
|
heap
|
page read and write
|
||
|
6EE0000
|
trusted library allocation
|
page read and write
|
||
|
648000
|
heap
|
page read and write
|
||
|
7080000
|
trusted library allocation
|
page read and write
|
||
|
6D5E000
|
stack
|
page read and write
|
||
|
1162C000
|
stack
|
page read and write
|
||
|
4A0000
|
unkown
|
page write copy
|
||
|
1607E000
|
stack
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
79F0000
|
trusted library allocation
|
page read and write
|
||
|
DF21000
|
heap
|
page read and write
|
||
|
20C8000
|
direct allocation
|
page read and write
|
||
|
8A1000
|
heap
|
page read and write
|
||
|
8B5000
|
heap
|
page read and write
|
||
|
DF28000
|
heap
|
page read and write
|
||
|
7138000
|
heap
|
page read and write
|
||
|
81D9000
|
stack
|
page read and write
|
||
|
A6A000
|
heap
|
page read and write
|
||
|
DE6E000
|
heap
|
page read and write
|
||
|
72AC000
|
stack
|
page read and write
|
||
|
DE85000
|
heap
|
page read and write
|
||
|
844000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
9C6E000
|
stack
|
page read and write
|
||
|
7FEE000
|
stack
|
page read and write
|
||
|
2B43000
|
trusted library allocation
|
page read and write
|
||
|
20B4000
|
direct allocation
|
page read and write
|
||
|
20BC000
|
direct allocation
|
page read and write
|
||
|
BCEE000
|
stack
|
page read and write
|
||
|
4543000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B8E000
|
stack
|
page read and write
|
||
|
7468000
|
heap
|
page read and write
|
||
|
DECD000
|
heap
|
page read and write
|
||
|
1377C000
|
stack
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
1B4CE000
|
stack
|
page read and write
|
||
|
6520000
|
heap
|
page read and write
|
||
|
419D000
|
stack
|
page read and write
|
||
|
4DFB000
|
trusted library allocation
|
page read and write
|
||
|
FFAC000
|
stack
|
page read and write
|
||
|
14DFC000
|
stack
|
page read and write
|
||
|
2B49000
|
trusted library allocation
|
page read and write
|
||
|
70B0000
|
trusted library allocation
|
page read and write
|
||
|
DF79000
|
heap
|
page read and write
|
||
|
4D25000
|
heap
|
page execute and read and write
|
||
|
21C8000
|
direct allocation
|
page read and write
|
||
|
1B3C0000
|
heap
|
page read and write
|
||
|
1553E000
|
stack
|
page read and write
|
||
|
74F7000
|
heap
|
page read and write
|
||
|
D8AC000
|
stack
|
page read and write
|
||
|
A66E000
|
stack
|
page read and write
|
||
|
2C0F000
|
stack
|
page read and write
|
||
|
DD8E000
|
heap
|
page read and write
|
||
|
4F28000
|
trusted library allocation
|
page read and write
|
||
|
98F000
|
stack
|
page read and write
|
||
|
21CC000
|
direct allocation
|
page read and write
|
||
|
A1AC000
|
stack
|
page read and write
|
||
|
1B89C000
|
heap
|
page read and write
|
||
|
873000
|
heap
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
8698000
|
heap
|
page read and write
|
||
|
6E9B000
|
stack
|
page read and write
|
||
|
170FC000
|
stack
|
page read and write
|
||
|
4AF2000
|
trusted library allocation
|
page read and write
|
||
|
6E5E000
|
stack
|
page read and write
|
||
|
20BC000
|
direct allocation
|
page read and write
|
||
|
7050000
|
trusted library allocation
|
page read and write
|
||
|
966C000
|
stack
|
page read and write
|
||
|
20B0000
|
direct allocation
|
page read and write
|
||
|
1AAE0000
|
trusted library allocation
|
page read and write
|
||
|
21D8000
|
direct allocation
|
page read and write
|
||
|
8B72000
|
trusted library allocation
|
page read and write
|
||
|
76F000
|
stack
|
page read and write
|
||
|
20A8000
|
direct allocation
|
page read and write
|
||
|
825D000
|
stack
|
page read and write
|
||
|
49BC000
|
stack
|
page read and write
|
||
|
85D9000
|
heap
|
page read and write
|
||
|
1B3C3000
|
heap
|
page read and write
|
||
|
DF31000
|
heap
|
page read and write
|
||
|
DE68000
|
heap
|
page read and write
|
||
|
7FF848E0B000
|
trusted library allocation
|
page execute and read and write
|
||
|
8950000
|
trusted library allocation
|
page read and write
|
||
|
5C47000
|
trusted library allocation
|
page read and write
|
||
|
135FE000
|
stack
|
page read and write
|
||
|
665C000
|
stack
|
page read and write
|
||
|
708E000
|
stack
|
page read and write
|
||
|
415000
|
unkown
|
page write copy
|
||
|
21C8000
|
direct allocation
|
page read and write
|
||
|
157FC000
|
stack
|
page read and write
|
||
|
5590000
|
heap
|
page read and write
|
||
|
4C6B000
|
trusted library allocation
|
page read and write
|
||
|
64C1000
|
trusted library allocation
|
page read and write
|
||
|
7E42000
|
trusted library allocation
|
page read and write
|
||
|
21CC000
|
direct allocation
|
page read and write
|
||
|
6178000
|
trusted library allocation
|
page read and write
|
||
|
DF4F000
|
heap
|
page read and write
|
||
|
23C3000
|
heap
|
page read and write
|
||
|
578000
|
heap
|
page read and write
|
||
|
E7AE000
|
stack
|
page read and write
|
||
|
DD7D000
|
heap
|
page read and write
|
||
|
11E7C000
|
stack
|
page read and write
|
||
|
1633C000
|
stack
|
page read and write
|
||
|
5CA6000
|
trusted library allocation
|
page read and write
|
||
|
8FF000
|
stack
|
page read and write
|
||
|
130FE000
|
stack
|
page read and write
|
||
|
21D8000
|
direct allocation
|
page read and write
|
||
|
4D20000
|
heap
|
page execute and read and write
|
||
|
1B6CE000
|
stack
|
page read and write
|
||
|
351E000
|
stack
|
page read and write
|
||
|
6A7E000
|
stack
|
page read and write
|
||
|
83F000
|
stack
|
page read and write
|
||
|
148BE000
|
stack
|
page read and write
|
||
|
2350000
|
heap
|
page read and write
|
||
|
23C0000
|
heap
|
page read and write
|
||
|
2B45000
|
trusted library allocation
|
page read and write
|
||
|
9DAE000
|
stack
|
page read and write
|
||
|
84CE000
|
stack
|
page read and write
|
||
|
56F000
|
heap
|
page read and write
|
||
|
B1AE000
|
stack
|
page read and write
|
||
|
ACEC000
|
stack
|
page read and write
|
||
|
578C000
|
stack
|
page read and write
|
||
|
327F000
|
stack
|
page read and write
|
||
|
7FF000
|
stack
|
page read and write
|
||
|
FA6E000
|
stack
|
page read and write
|
||
|
70BB000
|
stack
|
page read and write
|
||
|
6A0000
|
unkown
|
page readonly
|
||
|
21D0000
|
direct allocation
|
page read and write
|
||
|
67AE000
|
stack
|
page read and write
|
||
|
8530000
|
trusted library allocation
|
page read and write
|
||
|
21D8000
|
direct allocation
|
page read and write
|
||
|
DDDD000
|
heap
|
page read and write
|
||
|
747C000
|
heap
|
page read and write
|
||
|
3217000
|
heap
|
page read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
85ED000
|
heap
|
page read and write
|
||
|
31B5000
|
heap
|
page read and write
|
||
|
8F5000
|
heap
|
page read and write
|
||
|
4EC2000
|
trusted library allocation
|
page read and write
|
||
|
7162000
|
heap
|
page read and write
|
||
|
80E0000
|
heap
|
page read and write
|
||
|
855000
|
heap
|
page read and write
|
||
|
DE7D000
|
heap
|
page read and write
|
||
|
71B0000
|
heap
|
page execute and read and write
|
||
|
F56E000
|
stack
|
page read and write
|
||
|
4EC0000
|
remote allocation
|
page read and write
|
||
|
49A7000
|
heap
|
page read and write
|
||
|
B6AE000
|
stack
|
page read and write
|
||
|
20BC000
|
direct allocation
|
page read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
9B2E000
|
stack
|
page read and write
|
||
|
1086C000
|
stack
|
page read and write
|
||
|
126FE000
|
stack
|
page read and write
|
||
|
E56C000
|
stack
|
page read and write
|
||
|
74C9000
|
heap
|
page read and write
|
||
|
7F40000
|
trusted library allocation
|
page read and write
|
||
|
6A3E000
|
stack
|
page read and write
|
||
|
B82C000
|
stack
|
page read and write
|
||
|
861000
|
heap
|
page read and write
|
||
|
9FF000
|
stack
|
page read and write
|
||
|
97000
|
stack
|
page read and write
|
||
|
89DE000
|
stack
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
21CC000
|
direct allocation
|
page read and write
|
||
|
704E000
|
stack
|
page read and write
|
||
|
F7EE000
|
stack
|
page read and write
|
||
|
20C0000
|
direct allocation
|
page read and write
|
||
|
10BEE000
|
stack
|
page read and write
|
||
|
700E000
|
stack
|
page read and write
|
||
|
558C000
|
heap
|
page read and write
|
||
|
BFAC000
|
stack
|
page read and write
|
||
|
7409000
|
heap
|
page read and write
|
||
|
746D000
|
heap
|
page read and write
|
||
|
77F7000
|
trusted library allocation
|
page read and write
|
||
|
194000
|
stack
|
page read and write
|
||
|
CC2C000
|
stack
|
page read and write
|
||
|
2F7D000
|
heap
|
page read and write
|
||
|
2AF5000
|
heap
|
page read and write
|
||
|
786C000
|
stack
|
page read and write
|
||
|
DF9E000
|
heap
|
page read and write
|
||
|
BAAC000
|
stack
|
page read and write
|
||
|
DDA5000
|
heap
|
page read and write
|
||
|
323E000
|
stack
|
page read and write
|
||
|
21D8000
|
direct allocation
|
page read and write
|
||
|
8F4E000
|
stack
|
page read and write
|
||
|
DDD2000
|
heap
|
page read and write
|
||
|
11BFE000
|
stack
|
page read and write
|
||
|
3F2E000
|
stack
|
page read and write
|
||
|
7E60000
|
trusted library allocation
|
page execute and read and write
|
||
|
2FAA000
|
heap
|
page read and write
|
||
|
6D41000
|
heap
|
page read and write
|
||
|
7D0D000
|
stack
|
page read and write
|
||
|
5536000
|
trusted library allocation
|
page read and write
|
||
|
C0AE000
|
stack
|
page read and write
|
||
|
2270000
|
heap
|
page read and write
|
||
|
7F1000
|
stack
|
page read and write
|
||
|
D5EE000
|
stack
|
page read and write
|
||
|
8F0D000
|
stack
|
page read and write
|
||
|
7E6E000
|
stack
|
page read and write
|
||
|
32F8000
|
heap
|
page read and write
|
||
|
21D8000
|
direct allocation
|
page read and write
|
||
|
571C000
|
trusted library allocation
|
page read and write
|
||
|
410A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2130000
|
direct allocation
|
page read and write
|
||
|
4D0000
|
heap
|
page read and write
|
||
|
7FF848F80000
|
trusted library allocation
|
page read and write
|
||
|
B92E000
|
stack
|
page read and write
|
||
|
20B4000
|
direct allocation
|
page read and write
|
||
|
8940000
|
trusted library allocation
|
page read and write
|
||
|
8A4E000
|
heap
|
page read and write
|
||
|
7AA1000
|
heap
|
page read and write
|
||
|
D86E000
|
stack
|
page read and write
|
||
|
88E000
|
heap
|
page read and write
|
||
|
780000
|
heap
|
page read and write
|
||
|
8F0000
|
heap
|
page read and write
|
||
|
8910000
|
trusted library allocation
|
page read and write
|
||
|
4AE000
|
stack
|
page read and write
|
||
|
85DD000
|
heap
|
page read and write
|
||
|
7504000
|
heap
|
page read and write
|
||
|
A56C000
|
stack
|
page read and write
|
||
|
6C10000
|
heap
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
7FF848DF2000
|
trusted library allocation
|
page read and write
|
||
|
4150000
|
trusted library allocation
|
page execute and read and write
|
||
|
DD6E000
|
stack
|
page read and write
|
||
|
129BC000
|
stack
|
page read and write
|
||
|
20C8000
|
direct allocation
|
page read and write
|
||
|
7780000
|
trusted library allocation
|
page read and write
|
||
|
2280000
|
heap
|
page read and write
|
||
|
F6AE000
|
stack
|
page read and write
|
||
|
7A00000
|
trusted library allocation
|
page read and write
|
||
|
A52E000
|
stack
|
page read and write
|
||
|
1593C000
|
stack
|
page read and write
|
||
|
7D80000
|
trusted library allocation
|
page read and write
|
||
|
71F0000
|
heap
|
page read and write
|
||
|
34DE000
|
stack
|
page read and write
|
||
|
85B2000
|
heap
|
page read and write
|
||
|
7000000
|
trusted library allocation
|
page read and write
|
||
|
655000
|
heap
|
page read and write
|
||
|
680000
|
heap
|
page read and write
|
||
|
534C000
|
stack
|
page read and write
|
||
|
7123000
|
heap
|
page read and write
|
||
|
1C680000
|
heap
|
page read and write
|
||
|
48E9000
|
stack
|
page read and write
|
||
|
21CC000
|
direct allocation
|
page read and write
|
||
|
8655000
|
heap
|
page read and write
|
||
|
5A0C000
|
stack
|
page read and write
|
||
|
DEEE000
|
heap
|
page read and write
|
||
|
2208000
|
direct allocation
|
page read and write
|
||
|
EEE000
|
stack
|
page read and write
|
||
|
171FE000
|
stack
|
page read and write
|
||
|
6BBE000
|
stack
|
page read and write
|
||
|
48AE000
|
stack
|
page read and write
|
||
|
87D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
8EAE000
|
stack
|
page read and write
|
||
|
63E000
|
stack
|
page read and write
|
||
|
110EE000
|
stack
|
page read and write
|
||
|
409000
|
unkown
|
page read and write
|
||
|
6E60000
|
trusted library allocation
|
page execute and read and write
|
||
|
7514000
|
heap
|
page read and write
|
||
|
A02E000
|
stack
|
page read and write
|
||
|
68A0000
|
heap
|
page read and write
|
||
|
DDB7000
|
heap
|
page read and write
|
||
|
4EAE000
|
stack
|
page read and write
|
||
|
C22C000
|
stack
|
page read and write
|
||
|
21CC000
|
direct allocation
|
page read and write
|
||
|
8D6E000
|
stack
|
page read and write
|
||
|
DD87000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
7738000
|
heap
|
page read and write
|
||
|
409C000
|
stack
|
page read and write
|
||
|
7550000
|
heap
|
page read and write
|
||
|
551A000
|
heap
|
page read and write
|
||
|
7980000
|
trusted library allocation
|
page read and write
|
||
|
675E000
|
stack
|
page read and write
|
||
|
BA6E000
|
stack
|
page read and write
|
||
|
CEAC000
|
stack
|
page read and write
|
||
|
31FE000
|
stack
|
page read and write
|
||
|
85BC000
|
heap
|
page read and write
|
||
|
DE87000
|
heap
|
page read and write
|
||
|
4E27000
|
heap
|
page read and write
|
||
|
20BC000
|
direct allocation
|
page read and write
|
||
|
21D0000
|
direct allocation
|
page read and write
|
||
|
97B000
|
stack
|
page read and write
|
||
|
21D4000
|
direct allocation
|
page read and write
|
||
|
657000
|
heap
|
page read and write
|
||
|
7BD000
|
heap
|
page read and write
|
||
|
8B5000
|
heap
|
page read and write
|
||
|
6665000
|
trusted library allocation
|
page read and write
|
||
|
DE64000
|
heap
|
page read and write
|
||
|
805E000
|
stack
|
page read and write
|
||
|
74A0000
|
trusted library allocation
|
page read and write
|
||
|
56E000
|
heap
|
page read and write
|
||
|
73D0000
|
heap
|
page read and write
|
||
|
104AC000
|
stack
|
page read and write
|
||
|
1BD0E000
|
stack
|
page read and write
|
||
|
21CC000
|
direct allocation
|
page read and write
|
||
|
801E000
|
stack
|
page read and write
|
||
|
2AAE000
|
stack
|
page read and write
|
||
|
45DE000
|
stack
|
page read and write
|
||
|
1463E000
|
stack
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
7DB0000
|
trusted library allocation
|
page read and write
|
||
|
4ADE000
|
stack
|
page read and write
|
||
|
40DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
6ABD000
|
stack
|
page read and write
|
||
|
20C8000
|
direct allocation
|
page read and write
|
||
|
9B6C000
|
stack
|
page read and write
|
||
|
712B000
|
heap
|
page read and write
|
||
|
7A60000
|
heap
|
page read and write
|
||
|
419B000
|
stack
|
page read and write
|
||
|
D22E000
|
stack
|
page read and write
|
||
|
4AC4000
|
trusted library allocation
|
page read and write
|
||
|
767000
|
heap
|
page read and write
|
||
|
871000
|
heap
|
page read and write
|
||
|
2B47000
|
trusted library allocation
|
page read and write
|
||
|
66E5000
|
heap
|
page execute and read and write
|
||
|
EA2E000
|
stack
|
page read and write
|
||
|
7FF848EA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
743A000
|
heap
|
page read and write
|
||
|
816C000
|
heap
|
page read and write
|
||
|
7F2A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
21D0000
|
direct allocation
|
page read and write
|
||
|
404E000
|
stack
|
page read and write
|
||
|
574E000
|
stack
|
page read and write
|
||
|
899E000
|
stack
|
page read and write
|
||
|
21C4000
|
direct allocation
|
page read and write
|
||
|
AF2E000
|
stack
|
page read and write
|
||
|
FE6C000
|
stack
|
page read and write
|
||
|
21D8000
|
direct allocation
|
page read and write
|
||
|
21D8000
|
direct allocation
|
page read and write
|
||
|
2B4F000
|
stack
|
page read and write
|
||
|
8BAF000
|
stack
|
page read and write
|
||
|
A82000
|
heap
|
page read and write
|
||
|
A92C000
|
stack
|
page read and write
|
||
|
5EF000
|
stack
|
page read and write
|
||
|
7196000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
2FBC000
|
heap
|
page read and write
|
||
|
7508000
|
heap
|
page read and write
|
||
|
7726000
|
heap
|
page read and write
|
||
|
93E000
|
stack
|
page read and write
|
||
|
345F000
|
stack
|
page read and write
|
||
|
73B3000
|
heap
|
page read and write
|
||
|
6164000
|
trusted library allocation
|
page read and write
|
||
|
7AE3000
|
heap
|
page read and write
|
||
|
1657E000
|
stack
|
page read and write
|
||
|
7510000
|
trusted library allocation
|
page read and write
|
||
|
21D0000
|
direct allocation
|
page read and write
|
||
|
A6AC000
|
stack
|
page read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
8FEE000
|
stack
|
page read and write
|
||
|
32E0000
|
heap
|
page read and write
|
||
|
2300000
|
heap
|
page read and write
|
||
|
2134000
|
direct allocation
|
page read and write
|
||
|
4C6E000
|
stack
|
page read and write
|
||
|
73B5000
|
heap
|
page read and write
|
||
|
20A8000
|
direct allocation
|
page read and write
|
||
|
85F000
|
stack
|
page read and write
|
||
|
2C69000
|
stack
|
page read and write
|
||
|
A7EC000
|
stack
|
page read and write
|
||
|
101EE000
|
stack
|
page read and write
|
||
|
21B8000
|
direct allocation
|
page read and write
|
||
|
4DAC000
|
stack
|
page read and write
|
||
|
78AE000
|
stack
|
page read and write
|
||
|
4F2E000
|
stack
|
page read and write
|
||
|
7BE0000
|
trusted library allocation
|
page read and write
|
||
|
341E000
|
stack
|
page read and write
|
||
|
2B56000
|
trusted library allocation
|
page read and write
|
||
|
DB2C000
|
stack
|
page read and write
|
||
|
148FC000
|
stack
|
page read and write
|
||
|
20B8000
|
direct allocation
|
page read and write
|
||
|
DF10000
|
heap
|
page read and write
|
||
|
29CE000
|
stack
|
page read and write
|
||
|
73EE000
|
stack
|
page read and write
|
||
|
21D8000
|
direct allocation
|
page read and write
|
||
|
744E000
|
heap
|
page read and write
|
||
|
99EE000
|
stack
|
page read and write
|
||
|
10FAE000
|
stack
|
page read and write
|
||
|
DD74000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
8984000
|
heap
|
page read and write
|
||
|
6DF000
|
heap
|
page read and write
|
||
|
2ACF000
|
stack
|
page read and write
|
||
|
7201000
|
heap
|
page read and write
|
||
|
4B1E000
|
stack
|
page read and write
|
||
|
2AEE000
|
stack
|
page read and write
|
||
|
4115000
|
trusted library allocation
|
page execute and read and write
|
||
|
14A3C000
|
stack
|
page read and write
|
||
|
8400000
|
trusted library allocation
|
page execute and read and write
|
||
|
485C000
|
stack
|
page read and write
|
||
|
2FF7000
|
heap
|
page read and write
|
||
|
2B2E000
|
heap
|
page read and write
|
||
|
6DAC000
|
stack
|
page read and write
|
||
|
A5E000
|
heap
|
page read and write
|
||
|
1477E000
|
stack
|
page read and write
|
||
|
88C0000
|
trusted library allocation
|
page read and write
|
||
|
EDEE000
|
stack
|
page read and write
|
||
|
774F000
|
heap
|
page read and write
|
||
|
11FBC000
|
stack
|
page read and write
|
||
|
DFB2000
|
heap
|
page read and write
|
||
|
86DD000
|
stack
|
page read and write
|
||
|
288E000
|
stack
|
page read and write
|
||
|
508000
|
heap
|
page read and write
|
||
|
7500000
|
trusted library allocation
|
page read and write
|
||
|
12EBC000
|
stack
|
page read and write
|
||
|
75F000
|
stack
|
page read and write
|
||
|
88E000
|
stack
|
page read and write
|
||
|
1337E000
|
stack
|
page read and write
|
||
|
DF83000
|
heap
|
page read and write
|
||
|
81B9000
|
heap
|
page read and write
|
||
|
877000
|
heap
|
page read and write
|
||
|
194000
|
stack
|
page read and write
|
||
|
711B000
|
heap
|
page read and write
|
||
|
8AF000
|
stack
|
page read and write
|
||
|
7201000
|
heap
|
page read and write
|
||
|
DAEE000
|
stack
|
page read and write
|
||
|
7DA0000
|
trusted library allocation
|
page read and write
|
||
|
2E3F000
|
stack
|
page read and write
|
||
|
115EE000
|
stack
|
page read and write
|
||
|
109AC000
|
stack
|
page read and write
|
||
|
5C9C000
|
stack
|
page read and write
|
||
|
76F000
|
stack
|
page read and write
|
||
|
4EE0000
|
trusted library allocation
|
page read and write
|
||
|
735A000
|
trusted library allocation
|
page read and write
|
||
|
190000
|
stack
|
page read and write
|
||
|
74B9000
|
heap
|
page read and write
|
||
|
655000
|
heap
|
page read and write
|
||
|
CD6C000
|
stack
|
page read and write
|
||
|
DFA6000
|
heap
|
page read and write
|
||
|
87D9000
|
trusted library allocation
|
page read and write
|
||
|
873000
|
heap
|
page read and write
|
||
|
7A14000
|
trusted library allocation
|
page read and write
|
||
|
EF2E000
|
stack
|
page read and write
|
||
|
32E8000
|
heap
|
page read and write
|
||
|
B5AC000
|
stack
|
page read and write
|
||
|
794F000
|
stack
|
page read and write
|
||
|
BE2E000
|
stack
|
page read and write
|
||
|
6CAA000
|
heap
|
page read and write
|
||
|
21CC000
|
direct allocation
|
page read and write
|
||
|
4140000
|
heap
|
page readonly
|
||
|
C46E000
|
stack
|
page read and write
|
||
|
5A20000
|
heap
|
page read and write
|
||
|
15A7C000
|
stack
|
page read and write
|
||
|
4F10000
|
heap
|
page read and write
|
||
|
7800000
|
trusted library allocation
|
page read and write
|
||
|
C60000
|
heap
|
page read and write
|
||
|
4AD9000
|
trusted library allocation
|
page read and write
|
||
|
5BEE000
|
trusted library allocation
|
page read and write
|
||
|
6185000
|
trusted library allocation
|
page read and write
|
||
|
160BC000
|
stack
|
page read and write
|
||
|
4C2D000
|
stack
|
page read and write
|
||
|
DC0000
|
trusted library allocation
|
page read and write
|
||
|
8AED000
|
stack
|
page read and write
|
||
|
5FF1000
|
trusted library allocation
|
page read and write
|
||
|
615E000
|
stack
|
page read and write
|
||
|
6FD0000
|
trusted library allocation
|
page read and write
|
||
|
14EFE000
|
stack
|
page read and write
|
||
|
40D3000
|
trusted library allocation
|
page execute and read and write
|
||
|
466000
|
heap
|
page read and write
|
||
|
5126000
|
trusted library allocation
|
page read and write
|
||
|
7BEE000
|
stack
|
page read and write
|
||
|
1233E000
|
stack
|
page read and write
|
||
|
5C14000
|
trusted library allocation
|
page read and write
|
||
|
139BE000
|
stack
|
page read and write
|
||
|
550E000
|
stack
|
page read and write
|
||
|
7465000
|
heap
|
page read and write
|
||
|
4AF0000
|
trusted library allocation
|
page read and write
|
||
|
2000000
|
direct allocation
|
page read and write
|
||
|
88CA000
|
trusted library allocation
|
page read and write
|
||
|
4ACD000
|
trusted library allocation
|
page execute and read and write
|
||
|
12D7C000
|
stack
|
page read and write
|
||
|
2B0E000
|
stack
|
page read and write
|
||
|
4E7000
|
stack
|
page read and write
|
||
|
237F000
|
stack
|
page read and write
|
||
|
45DE000
|
stack
|
page read and write
|
||
|
86B8000
|
heap
|
page read and write
|
||
|
4AEA000
|
trusted library allocation
|
page execute and read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
20B8000
|
direct allocation
|
page read and write
|
||
|
763B000
|
stack
|
page read and write
|
||
|
20C8000
|
direct allocation
|
page read and write
|
||
|
88F000
|
heap
|
page read and write
|
||
|
6760000
|
heap
|
page read and write
|
||
|
89EC000
|
stack
|
page read and write
|
||
|
DF2E000
|
heap
|
page read and write
|
||
|
5C07000
|
trusted library allocation
|
page read and write
|
||
|
4F98000
|
trusted library allocation
|
page read and write
|
||
|
DD83000
|
heap
|
page read and write
|
||
|
21D8000
|
direct allocation
|
page read and write
|
||
|
7171000
|
heap
|
page read and write
|
||
|
1693E000
|
stack
|
page read and write
|
||
|
518C000
|
stack
|
page read and write
|
||
|
20B8000
|
direct allocation
|
page read and write
|
||
|
528E000
|
stack
|
page read and write
|
||
|
2390000
|
heap
|
page read and write
|
||
|
FBAE000
|
stack
|
page read and write
|
||
|
444F000
|
stack
|
page read and write
|
||
|
7BE0000
|
trusted library allocation
|
page read and write
|
||
|
5709000
|
trusted library allocation
|
page read and write
|
||
|
3520000
|
heap
|
page read and write
|
||
|
87DF000
|
trusted library allocation
|
page read and write
|
||
|
6E3000
|
heap
|
page read and write
|
||
|
C36C000
|
stack
|
page read and write
|
||
|
F96C000
|
stack
|
page read and write
|
||
|
7AF2000
|
heap
|
page read and write
|
||
|
54B0000
|
heap
|
page execute and read and write
|
||
|
DEF9000
|
heap
|
page read and write
|
||
|
1C980000
|
heap
|
page read and write
|
||
|
4FC0000
|
heap
|
page read and write
|
||
|
A3EE000
|
stack
|
page read and write
|
||
|
DC2E000
|
stack
|
page read and write
|
||
|
1B89A000
|
heap
|
page read and write
|
||
|
ADEE000
|
stack
|
page read and write
|
||
|
56E9000
|
trusted library allocation
|
page read and write
|
||
|
4F30000
|
heap
|
page readonly
|
||
|
10E6E000
|
stack
|
page read and write
|
||
|
902C000
|
stack
|
page read and write
|
||
|
2B8E000
|
stack
|
page read and write
|
||
|
B1EC000
|
stack
|
page read and write
|
||
|
87D0000
|
trusted library allocation
|
page read and write
|
||
|
88D0000
|
trusted library allocation
|
page read and write
|
||
|
2B59000
|
trusted library allocation
|
page read and write
|
||
|
DE80000
|
heap
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
87F0000
|
trusted library allocation
|
page read and write
|
||
|
1387E000
|
stack
|
page read and write
|
||
|
770D000
|
heap
|
page read and write
|
||
|
97000
|
stack
|
page read and write
|
||
|
27CE000
|
stack
|
page read and write
|
||
|
20C8000
|
direct allocation
|
page read and write
|
||
|
64E9000
|
trusted library allocation
|
page read and write
|
||
|
7350000
|
trusted library allocation
|
page read and write
|
||
|
21D8000
|
direct allocation
|
page read and write
|
||
|
59F000
|
heap
|
page read and write
|
||
|
7D16000
|
heap
|
page read and write
|
||
|
7AC0000
|
trusted library allocation
|
page read and write
|
||
|
4610000
|
heap
|
page read and write
|
||
|
7D1B000
|
heap
|
page read and write
|
||
|
7520000
|
trusted library allocation
|
page read and write
|
||
|
8ECE000
|
stack
|
page read and write
|
||
|
21C4000
|
direct allocation
|
page read and write
|
||
|
2210000
|
heap
|
page read and write
|
||
|
7132000
|
heap
|
page read and write
|
||
|
2EF0000
|
heap
|
page read and write
|
||
|
DDC1000
|
heap
|
page read and write
|
||
|
20BC000
|
direct allocation
|
page read and write
|
||
|
5BF6000
|
trusted library allocation
|
page read and write
|
||
|
21D4000
|
direct allocation
|
page read and write
|
||
|
81CE000
|
heap
|
page read and write
|
||
|
749E000
|
stack
|
page read and write
|
||
|
7E70000
|
trusted library allocation
|
page read and write
|
||
|
8BAD000
|
stack
|
page read and write
|
||
|
772C000
|
heap
|
page read and write
|
||
|
5FE000
|
stack
|
page read and write
|
||
|
C9AC000
|
stack
|
page read and write
|
||
|
20B4000
|
direct allocation
|
page read and write
|
||
|
70E9000
|
heap
|
page read and write
|
||
|
6C5C000
|
stack
|
page read and write
|
||
|
1F10000
|
direct allocation
|
page read and write
|
||
|
7169000
|
heap
|
page read and write
|
||
|
213C000
|
direct allocation
|
page read and write
|
||
|
7C58000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
C1EE000
|
stack
|
page read and write
|
||
|
21D8000
|
direct allocation
|
page read and write
|
||
|
85E9000
|
heap
|
page read and write
|
||
|
74D0000
|
trusted library allocation
|
page read and write
|
||
|
167FE000
|
stack
|
page read and write
|
||
|
49B000
|
unkown
|
page read and write
|
||
|
54C1000
|
trusted library allocation
|
page read and write
|
||
|
58CE000
|
stack
|
page read and write
|
||
|
21CC000
|
direct allocation
|
page read and write
|
||
|
22CF000
|
stack
|
page read and write
|
||
|
8F8F000
|
stack
|
page read and write
|
||
|
74B0000
|
trusted library allocation
|
page read and write
|
||
|
21CC000
|
direct allocation
|
page read and write
|
||
|
C5AE000
|
stack
|
page read and write
|
||
|
80A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7990000
|
trusted library allocation
|
page read and write
|
||
|
8070000
|
trusted library allocation
|
page read and write
|
||
|
2050000
|
direct allocation
|
page read and write
|
||
|
21C4000
|
direct allocation
|
page read and write
|
||
|
75BA000
|
stack
|
page read and write
|
||
|
712E000
|
stack
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
8BEE000
|
stack
|
page read and write
|
||
|
20C4000
|
direct allocation
|
page read and write
|
||
|
5311000
|
trusted library allocation
|
page read and write
|
||
|
82E0000
|
trusted library allocation
|
page read and write
|
||
|
4AD0000
|
trusted library allocation
|
page read and write
|
||
|
A06C000
|
stack
|
page read and write
|
||
|
C5EC000
|
stack
|
page read and write
|
||
|
80EE000
|
stack
|
page read and write
|
||
|
7AEC000
|
stack
|
page read and write
|
||
|
7448000
|
heap
|
page read and write
|
||
|
85E1000
|
heap
|
page read and write
|
||
|
875000
|
heap
|
page read and write
|
||
|
73E000
|
heap
|
page read and write
|
||
|
21BC000
|
direct allocation
|
page read and write
|
||
|
8D20000
|
trusted library allocation
|
page read and write
|
||
|
11F7E000
|
stack
|
page read and write
|
||
|
1323E000
|
stack
|
page read and write
|
||
|
7ABE000
|
heap
|
page read and write
|
||
|
7ACD000
|
heap
|
page read and write
|
||
|
1733E000
|
stack
|
page read and write
|
||
|
7F320000
|
trusted library allocation
|
page execute and read and write
|
||
|
53A000
|
heap
|
page read and write
|
||
|
6039000
|
trusted library allocation
|
page read and write
|
||
|
20B0000
|
direct allocation
|
page read and write
|
||
|
5521000
|
trusted library allocation
|
page read and write
|
||
|
204E000
|
stack
|
page read and write
|
||
|
8970000
|
heap
|
page read and write
|
||
|
92AC000
|
stack
|
page read and write
|
||
|
7BF0000
|
trusted library allocation
|
page read and write
|
||
|
77EE000
|
stack
|
page read and write
|
||
|
77A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5474000
|
trusted library allocation
|
page read and write
|
||
|
C86C000
|
stack
|
page read and write
|
||
|
F92E000
|
stack
|
page read and write
|
||
|
4FB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
21D0000
|
direct allocation
|
page read and write
|
||
|
20C8000
|
direct allocation
|
page read and write
|
||
|
85E5000
|
heap
|
page read and write
|
||
|
434E000
|
stack
|
page read and write
|
||
|
7413000
|
heap
|
page read and write
|
||
|
6E30000
|
trusted library allocation
|
page read and write
|
||
|
7660000
|
heap
|
page read and write
|
||
|
13C3E000
|
stack
|
page read and write
|
||
|
5B5C000
|
stack
|
page read and write
|
||
|
21CC000
|
direct allocation
|
page read and write
|
||
|
4EF6000
|
trusted library allocation
|
page read and write
|
||
|
12ABE000
|
trusted library allocation
|
page read and write
|
||
|
5F55000
|
trusted library allocation
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
DF35000
|
heap
|
page read and write
|
||
|
1453C000
|
stack
|
page read and write
|
||
|
20C8000
|
direct allocation
|
page read and write
|
||
|
6E50000
|
trusted library allocation
|
page read and write
|
||
|
842F000
|
stack
|
page read and write
|
||
|
59B3000
|
trusted library allocation
|
page read and write
|
||
|
6CA6000
|
heap
|
page read and write
|
||
|
290E000
|
stack
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
69E000
|
heap
|
page read and write
|
||
|
754A000
|
heap
|
page read and write
|
||
|
2AB0000
|
heap
|
page read and write
|
||
|
21CC000
|
direct allocation
|
page read and write
|
||
|
2144000
|
direct allocation
|
page read and write
|
||
|
74F0000
|
trusted library allocation
|
page read and write
|
||
|
8D9D000
|
stack
|
page read and write
|
||
|
7D20000
|
trusted library allocation
|
page execute and read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
DD77000
|
heap
|
page read and write
|
||
|
8B2B000
|
stack
|
page read and write
|
||
|
290E000
|
stack
|
page read and write
|
||
|
2B1C000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DF0000
|
trusted library allocation
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
71C5000
|
heap
|
page execute and read and write
|
||
|
7FF848DFD000
|
trusted library allocation
|
page execute and read and write
|
||
|
4EEE000
|
stack
|
page read and write
|
||
|
6BFF000
|
stack
|
page read and write
|
||
|
2144000
|
direct allocation
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
3527000
|
heap
|
page read and write
|
||
|
21A0000
|
heap
|
page read and write
|
||
|
8480000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F90000
|
trusted library allocation
|
page execute and read and write
|
||
|
33C9000
|
heap
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
16E7C000
|
stack
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
CAAE000
|
stack
|
page read and write
|
||
|
8410000
|
trusted library allocation
|
page read and write
|
||
|
898C000
|
heap
|
page read and write
|
||
|
2148000
|
direct allocation
|
page read and write
|
||
|
58E000
|
stack
|
page read and write
|
||
|
409000
|
unkown
|
page read and write
|
||
|
7490000
|
trusted library allocation
|
page read and write
|
||
|
898000
|
heap
|
page read and write
|
||
|
1247E000
|
stack
|
page read and write
|
||
|
686A000
|
stack
|
page read and write
|
||
|
1287C000
|
stack
|
page read and write
|
||
|
4B0000
|
unkown
|
page readonly
|
||
|
4EC5000
|
trusted library allocation
|
page execute and read and write
|
||
|
757D000
|
stack
|
page read and write
|
||
|
1427E000
|
stack
|
page read and write
|
||
|
298D000
|
stack
|
page read and write
|
||
|
149FE000
|
stack
|
page read and write
|
||
|
7C93000
|
heap
|
page read and write
|
||
|
D62C000
|
stack
|
page read and write
|
||
|
8C6C000
|
stack
|
page read and write
|
||
|
9DD000
|
stack
|
page read and write
|
||
|
153FE000
|
stack
|
page read and write
|
||
|
89A000
|
heap
|
page read and write
|
||
|
1283E000
|
stack
|
page read and write
|
||
|
752E000
|
stack
|
page read and write
|
||
|
A2EC000
|
stack
|
page read and write
|
||
|
1B884000
|
heap
|
page read and write
|
||
|
8073000
|
trusted library allocation
|
page read and write
|
||
|
8300000
|
trusted library allocation
|
page read and write
|
||
|
7D30000
|
trusted library allocation
|
page read and write
|
||
|
495E000
|
stack
|
page read and write
|
||
|
D5E000
|
stack
|
page read and write
|
||
|
161BE000
|
stack
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
513E000
|
stack
|
page read and write
|
||
|
5616000
|
trusted library allocation
|
page read and write
|
||
|
871000
|
heap
|
page read and write
|
||
|
7BDE000
|
stack
|
page read and write
|
||
|
551D000
|
heap
|
page read and write
|
||
|
4E30000
|
heap
|
page read and write
|
||
|
86B000
|
heap
|
page read and write
|
||
|
87E0000
|
trusted library allocation
|
page read and write
|
||
|
1747D000
|
stack
|
page read and write
|
||
|
7AA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7DC0000
|
trusted library allocation
|
page read and write
|
||
|
76CB000
|
heap
|
page read and write
|
||
|
5DC9000
|
trusted library allocation
|
page read and write
|
||
|
742E000
|
stack
|
page read and write
|
||
|
13B3C000
|
stack
|
page read and write
|
||
|
80A000
|
heap
|
page read and write
|
||
|
89FB000
|
heap
|
page read and write
|
||
|
2DF8000
|
stack
|
page read and write
|
||
|
5AE000
|
stack
|
page read and write
|
||
|
C6EE000
|
stack
|
page read and write
|
||
|
74FB000
|
heap
|
page read and write
|
||
|
46A7000
|
trusted library allocation
|
page read and write
|
||
|
7AAE000
|
stack
|
page read and write
|
||
|
21D8000
|
direct allocation
|
page read and write
|
||
|
21C4000
|
direct allocation
|
page read and write
|
||
|
D9AE000
|
stack
|
page read and write
|
||
|
8B9000
|
heap
|
page read and write
|
||
|
852E000
|
stack
|
page read and write
|
||
|
46E000
|
stack
|
page read and write
|
||
|
7C40000
|
heap
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
76F000
|
stack
|
page read and write
|
||
|
976E000
|
stack
|
page read and write
|
||
|
14B7C000
|
stack
|
page read and write
|
||
|
C72C000
|
stack
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
DE72000
|
heap
|
page read and write
|
||
|
6C9D000
|
heap
|
page read and write
|
||
|
8483000
|
trusted library allocation
|
page read and write
|
||
|
F5AC000
|
stack
|
page read and write
|
||
|
7FF848DE0000
|
trusted library allocation
|
page read and write
|
||
|
54CE000
|
trusted library allocation
|
page read and write
|
||
|
4720000
|
trusted library allocation
|
page read and write
|
||
|
70FE000
|
stack
|
page read and write
|
||
|
114EC000
|
stack
|
page read and write
|
||
|
13C7C000
|
stack
|
page read and write
|
||
|
12FBE000
|
stack
|
page read and write
|
||
|
DD7A000
|
heap
|
page read and write
|
||
|
540C000
|
stack
|
page read and write
|
||
|
1126C000
|
stack
|
page read and write
|
||
|
13AFE000
|
stack
|
page read and write
|
||
|
28A0000
|
trusted library allocation
|
page read and write
|
||
|
DD8A000
|
heap
|
page read and write
|
||
|
49B000
|
unkown
|
page read and write
|
||
|
7D18000
|
heap
|
page read and write
|
||
|
80E8000
|
heap
|
page read and write
|
||
|
F42E000
|
stack
|
page read and write
|
||
|
87ED000
|
trusted library allocation
|
page read and write
|
||
|
712F000
|
heap
|
page read and write
|
||
|
1C0DA000
|
stack
|
page read and write
|
||
|
13FFE000
|
stack
|
page read and write
|
||
|
ABAC000
|
stack
|
page read and write
|
||
|
10FEC000
|
stack
|
page read and write
|
||
|
4100000
|
trusted library allocation
|
page read and write
|
||
|
E92C000
|
stack
|
page read and write
|
||
|
69DC000
|
stack
|
page read and write
|
||
|
2356000
|
heap
|
page read and write
|
||
|
73A000
|
heap
|
page read and write
|
||
|
133BC000
|
stack
|
page read and write
|
||
|
20BC000
|
direct allocation
|
page read and write
|
||
|
629E000
|
stack
|
page read and write
|
||
|
454C000
|
trusted library allocation
|
page read and write
|
||
|
20C8000
|
direct allocation
|
page read and write
|
||
|
54E1000
|
trusted library allocation
|
page read and write
|
||
|
7CCE000
|
stack
|
page read and write
|
||
|
1B823000
|
heap
|
page read and write
|
||
|
8BD000
|
heap
|
page read and write
|
||
|
7020000
|
trusted library allocation
|
page read and write
|
||
|
2134000
|
direct allocation
|
page read and write
|
||
|
8A0C000
|
heap
|
page read and write
|
||
|
80D0000
|
heap
|
page read and write
|
||
|
40E7000
|
heap
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
7FAE000
|
stack
|
page read and write
|
||
|
4BD0000
|
heap
|
page read and write
|
||
|
170BE000
|
stack
|
page read and write
|
||
|
49A0000
|
heap
|
page read and write
|
||
|
7FAD000
|
stack
|
page read and write
|
||
|
21C0000
|
direct allocation
|
page read and write
|
||
|
85D0000
|
heap
|
page read and write
|
||
|
8AA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
DE5000
|
heap
|
page read and write
|
||
|
DF49000
|
heap
|
page read and write
|
||
|
125FC000
|
stack
|
page read and write
|
||
|
2B4D000
|
trusted library allocation
|
page read and write
|
||
|
16BFC000
|
stack
|
page read and write
|
||
|
7D60000
|
trusted library allocation
|
page read and write
|
||
|
6ADE000
|
stack
|
page read and write
|
||
|
664E000
|
stack
|
page read and write
|
||
|
1413E000
|
stack
|
page read and write
|
||
|
D0EE000
|
stack
|
page read and write
|
||
|
564C000
|
stack
|
page read and write
|
||
|
F46C000
|
stack
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
74C0000
|
heap
|
page read and write
|
||
|
8AF000
|
stack
|
page read and write
|
||
|
887000
|
heap
|
page read and write
|
||
|
734E000
|
stack
|
page read and write
|
||
|
65EC000
|
stack
|
page read and write
|
||
|
80E000
|
heap
|
page read and write
|
||
|
56A000
|
heap
|
page read and write
|
||
|
889E000
|
stack
|
page read and write
|
||
|
7DE0000
|
trusted library allocation
|
page read and write
|
||
|
D3AC000
|
stack
|
page read and write
|
||
|
2F40000
|
heap
|
page read and write
|
||
|
7FF848FB0000
|
trusted library allocation
|
page read and write
|
||
|
5580000
|
heap
|
page read and write
|
||
|
21C8000
|
direct allocation
|
page read and write
|
||
|
651E000
|
stack
|
page read and write
|
||
|
912E000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
82F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
DFD7000
|
heap
|
page read and write
|
||
|
459E000
|
stack
|
page read and write
|
||
|
21C8000
|
direct allocation
|
page read and write
|
||
|
DF13000
|
heap
|
page read and write
|
||
|
2B1E000
|
trusted library allocation
|
page read and write
|
||
|
8112000
|
heap
|
page read and write
|
||
|
7540000
|
trusted library allocation
|
page read and write
|
||
|
79A0000
|
trusted library allocation
|
page read and write
|
||
|
53E000
|
heap
|
page read and write
|
||
|
2A4E000
|
stack
|
page read and write
|
||
|
4F37000
|
trusted library allocation
|
page read and write
|
||
|
7D90000
|
trusted library allocation
|
page read and write
|
||
|
21C8000
|
direct allocation
|
page read and write
|
||
|
89B000
|
heap
|
page read and write
|
||
|
588E000
|
stack
|
page read and write
|
||
|
871E000
|
stack
|
page read and write
|
||
|
74CB000
|
heap
|
page read and write
|
||
|
21A3000
|
heap
|
page read and write
|
||
|
193000
|
stack
|
page read and write
|
||
|
21D8000
|
direct allocation
|
page read and write
|
||
|
4730000
|
heap
|
page read and write
|
||
|
AA2E000
|
stack
|
page read and write
|
||
|
741D000
|
heap
|
page read and write
|
||
|
87E0000
|
trusted library allocation
|
page read and write
|
||
|
875E000
|
stack
|
page read and write
|
||
|
7CC8000
|
heap
|
page read and write
|
||
|
E2AE000
|
stack
|
page read and write
|
||
|
74CE000
|
heap
|
page read and write
|
||
|
503C000
|
stack
|
page read and write
|
||
|
ECAE000
|
stack
|
page read and write
|
||
|
4EAE000
|
stack
|
page read and write
|
||
|
2144000
|
direct allocation
|
page read and write
|
||
|
CFAE000
|
stack
|
page read and write
|
||
|
1503E000
|
stack
|
page read and write
|
||
|
55E000
|
heap
|
page read and write
|
||
|
70B5000
|
heap
|
page read and write
|
||
|
7FF848FA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
21BC000
|
direct allocation
|
page read and write
|
||
|
DFA2000
|
heap
|
page read and write
|
||
|
89C3000
|
heap
|
page read and write
|
||
|
75EC000
|
stack
|
page read and write
|
||
|
803E000
|
stack
|
page read and write
|
||
|
AE2C000
|
stack
|
page read and write
|
||
|
822E000
|
stack
|
page read and write
|
||
|
A2AE000
|
stack
|
page read and write
|
||
|
8420000
|
trusted library allocation
|
page read and write
|
||
|
31B0000
|
heap
|
page read and write
|
||
|
5FE000
|
stack
|
page read and write
|
||
|
792E000
|
stack
|
page read and write
|
||
|
156BC000
|
stack
|
page read and write
|
||
|
F32C000
|
stack
|
page read and write
|
||
|
8EEC000
|
stack
|
page read and write
|
||
|
7530000
|
trusted library allocation
|
page read and write
|
||
|
885000
|
heap
|
page read and write
|
||
|
21D8000
|
direct allocation
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
724000
|
heap
|
page read and write
|
||
|
4ABE000
|
stack
|
page read and write
|
||
|
7443000
|
heap
|
page read and write
|
||
|
6C98000
|
heap
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
88B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
143FC000
|
stack
|
page read and write
|
||
|
7C50000
|
heap
|
page read and write
|
||
|
15A3E000
|
stack
|
page read and write
|
||
|
486E000
|
stack
|
page read and write
|
||
|
6890000
|
heap
|
page read and write
|
||
|
6558000
|
trusted library allocation
|
page read and write
|
||
|
D4AE000
|
stack
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
70C0000
|
trusted library allocation
|
page read and write
|
||
|
21D8000
|
direct allocation
|
page read and write
|
||
|
21CC000
|
direct allocation
|
page read and write
|
||
|
7C9D000
|
heap
|
page read and write
|
||
|
8070000
|
trusted library allocation
|
page read and write
|
||
|
12FFC000
|
stack
|
page read and write
|
||
|
28E0000
|
heap
|
page read and write
|
||
|
11CFE000
|
stack
|
page read and write
|
||
|
100AE000
|
stack
|
page read and write
|
||
|
52CC000
|
stack
|
page read and write
|
||
|
B06E000
|
stack
|
page read and write
|
||
|
E2EC000
|
stack
|
page read and write
|
||
|
49B000
|
unkown
|
page read and write
|
||
|
753E000
|
stack
|
page read and write
|
||
|
57AB000
|
trusted library allocation
|
page read and write
|
||
|
165BC000
|
stack
|
page read and write
|
||
|
6F3E000
|
stack
|
page read and write
|
||
|
20AC000
|
direct allocation
|
page read and write
|
||
|
21D0000
|
direct allocation
|
page read and write
|
||
|
1096E000
|
stack
|
page read and write
|
||
|
8152000
|
heap
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
866F000
|
heap
|
page read and write
|
||
|
3070000
|
heap
|
page read and write
|
||
|
8900000
|
trusted library allocation
|
page read and write
|
||
|
CE6E000
|
stack
|
page read and write
|
||
|
7040000
|
trusted library allocation
|
page read and write
|
||
|
B32C000
|
stack
|
page read and write
|
||
|
AAB000
|
heap
|
page read and write
|
||
|
6B3E000
|
stack
|
page read and write
|
||
|
70A000
|
heap
|
page read and write
|
||
|
796E000
|
stack
|
page read and write
|
||
|
7542000
|
heap
|
page read and write
|
||
|
1B7E7000
|
heap
|
page read and write
|
||
|
56E7000
|
trusted library allocation
|
page read and write
|
||
|
F82C000
|
stack
|
page read and write
|
||
|
4B8C000
|
stack
|
page read and write
|
||
|
790E000
|
stack
|
page read and write
|
||
|
2B4F000
|
trusted library allocation
|
page read and write
|
||
|
46DF000
|
stack
|
page read and write
|
||
|
5C5E000
|
stack
|
page read and write
|
||
|
B7EE000
|
stack
|
page read and write
|
||
|
105EC000
|
stack
|
page read and write
|
||
|
7F338000
|
trusted library allocation
|
page execute and read and write
|
||
|
74FE000
|
stack
|
page read and write
|
||
|
4CBA000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E3C000
|
trusted library allocation
|
page execute and read and write
|
||
|
12B000
|
stack
|
page read and write
|
||
|
7BBE000
|
stack
|
page read and write
|
||
|
2C2D000
|
stack
|
page read and write
|
||
|
1BC0D000
|
stack
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
4EA0000
|
trusted library allocation
|
page read and write
|
||
|
743E000
|
heap
|
page read and write
|
||
|
20C8000
|
direct allocation
|
page read and write
|
||
|
593000
|
heap
|
page read and write
|
||
|
71C0000
|
heap
|
page execute and read and write
|
||
|
5516000
|
heap
|
page read and write
|
||
|
ACAE000
|
stack
|
page read and write
|
||
|
74D1000
|
heap
|
page read and write
|
||
|
55BD000
|
trusted library allocation
|
page read and write
|
||
|
CAEC000
|
stack
|
page read and write
|
||
|
73F0000
|
heap
|
page read and write
|
||
|
6EDE000
|
stack
|
page read and write
|
||
|
619C000
|
stack
|
page read and write
|
||
|
7EF80000
|
trusted library allocation
|
page execute and read and write
|
||
|
6529000
|
trusted library allocation
|
page read and write
|
||
|
6ED7000
|
trusted library allocation
|
page read and write
|
||
|
7D2E000
|
stack
|
page read and write
|
||
|
320E000
|
stack
|
page read and write
|
||
|
77FA000
|
trusted library allocation
|
page read and write
|
||
|
6DDE000
|
stack
|
page read and write
|
||
|
58E000
|
stack
|
page read and write
|
||
|
D26C000
|
stack
|
page read and write
|
||
|
850E000
|
stack
|
page read and write
|
||
|
1BB0E000
|
stack
|
page read and write
|
||
|
152FC000
|
stack
|
page read and write
|
||
|
7030000
|
trusted library allocation
|
page read and write
|
||
|
AB6E000
|
stack
|
page read and write
|
||
|
543D000
|
stack
|
page read and write
|
||
|
CFEC000
|
stack
|
page read and write
|
||
|
20B0000
|
direct allocation
|
page read and write
|
||
|
4110000
|
trusted library allocation
|
page read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
21B8000
|
direct allocation
|
page read and write
|
||
|
7470000
|
trusted library allocation
|
page read and write
|
||
|
20C8000
|
direct allocation
|
page read and write
|
||
|
1737D000
|
stack
|
page read and write
|
||
|
7CF3000
|
heap
|
page read and write
|
||
|
20BC000
|
direct allocation
|
page read and write
|
||
|
1557C000
|
stack
|
page read and write
|
||
|
7970000
|
trusted library allocation
|
page read and write
|
||
|
74C2000
|
heap
|
page read and write
|
||
|
21CC000
|
direct allocation
|
page read and write
|
||
|
1C87B000
|
stack
|
page read and write
|
||
|
3003000
|
heap
|
page read and write
|
||
|
88C000
|
heap
|
page read and write
|
||
|
7461000
|
heap
|
page read and write
|
||
|
79D0000
|
trusted library allocation
|
page read and write
|
||
|
716C000
|
stack
|
page read and write
|
||
|
73DB000
|
stack
|
page read and write
|
||
|
87F0000
|
trusted library allocation
|
page read and write
|
||
|
6EAE000
|
stack
|
page read and write
|
||
|
6BE000
|
stack
|
page read and write
|
||
|
13EFC000
|
stack
|
page read and write
|
||
|
74B6000
|
heap
|
page read and write
|
||
|
81AD000
|
heap
|
page read and write
|
||
|
144FE000
|
stack
|
page read and write
|
||
|
DF15000
|
heap
|
page read and write
|
||
|
5032000
|
trusted library allocation
|
page read and write
|
||
|
11D3C000
|
stack
|
page read and write
|
||
|
21CC000
|
direct allocation
|
page read and write
|
||
|
4D09000
|
stack
|
page read and write
|
||
|
C82E000
|
stack
|
page read and write
|
||
|
746D000
|
stack
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
84C000
|
heap
|
page read and write
|
||
|
BBEC000
|
stack
|
page read and write
|
||
|
7C5C000
|
heap
|
page read and write
|
||
|
81BE000
|
heap
|
page read and write
|
||
|
6654000
|
trusted library allocation
|
page read and write
|
||
|
7B0000
|
direct allocation
|
page execute and read and write
|
||
|
21CC000
|
direct allocation
|
page read and write
|
||
|
124BC000
|
stack
|
page read and write
|
||
|
21D8000
|
direct allocation
|
page read and write
|
||
|
6EEC000
|
stack
|
page read and write
|
||
|
DE90000
|
heap
|
page read and write
|
||
|
1C97E000
|
stack
|
page read and write
|
||
|
1683C000
|
stack
|
page read and write
|
||
|
825F000
|
stack
|
page read and write
|
||
|
2130000
|
heap
|
page read and write
|
||
|
7436000
|
heap
|
page read and write
|
||
|
2A69000
|
heap
|
page read and write
|
||
|
9F2C000
|
stack
|
page read and write
|
||
|
21C8000
|
direct allocation
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
21C0000
|
direct allocation
|
page read and write
|
||
|
682E000
|
stack
|
page read and write
|
||
|
8D23000
|
trusted library allocation
|
page read and write
|
||
|
746F000
|
heap
|
page read and write
|
||
|
9A2C000
|
stack
|
page read and write
|
||
|
F2EE000
|
stack
|
page read and write
|
||
|
7FF848E90000
|
trusted library allocation
|
page read and write
|
||
|
6FCE000
|
stack
|
page read and write
|
||
|
82D2000
|
trusted library allocation
|
page read and write
|
||
|
557E000
|
heap
|
page read and write
|
||
|
5DA1000
|
trusted library allocation
|
page read and write
|
||
|
876C000
|
stack
|
page read and write
|
||
|
20B4000
|
direct allocation
|
page read and write
|
||
|
21D8000
|
direct allocation
|
page read and write
|
||
|
4F40000
|
heap
|
page read and write
|
||
|
21D8000
|
direct allocation
|
page read and write
|
||
|
DDDA000
|
heap
|
page read and write
|
||
|
21C0000
|
direct allocation
|
page read and write
|
||
|
20B8000
|
direct allocation
|
page read and write
|
||
|
BF6E000
|
stack
|
page read and write
|
||
|
DE66000
|
heap
|
page read and write
|
||
|
449E000
|
stack
|
page read and write
|
||
|
4CDB000
|
stack
|
page read and write
|
||
|
161FC000
|
stack
|
page read and write
|
||
|
1507C000
|
stack
|
page read and write
|
||
|
2134000
|
direct allocation
|
page read and write
|
||
|
DE5D000
|
heap
|
page read and write
|
||
|
450000
|
heap
|
page read and write
|
||
|
6CCF000
|
heap
|
page read and write
|
||
|
6ED0000
|
trusted library allocation
|
page read and write
|
||
|
7680000
|
heap
|
page read and write
|
||
|
D72E000
|
stack
|
page read and write
|
||
|
21D8000
|
direct allocation
|
page read and write
|
||
|
84C000
|
heap
|
page read and write
|
||
|
20C8000
|
direct allocation
|
page read and write
|
||
|
7591000
|
heap
|
page read and write
|
||
|
4B38000
|
trusted library allocation
|
page read and write
|
||
|
DE8E000
|
heap
|
page read and write
|
||
|
8D10000
|
trusted library allocation
|
page read and write
|
||
|
F1AE000
|
stack
|
page read and write
|
||
|
862C000
|
heap
|
page read and write
|
||
|
6C12000
|
heap
|
page read and write
|
||
|
6E1A000
|
stack
|
page read and write
|
||
|
1B5CF000
|
stack
|
page read and write
|
||
|
2AF0000
|
heap
|
page read and write
|
||
|
7AE000
|
stack
|
page read and write
|
||
|
D9EC000
|
stack
|
page read and write
|
||
|
2DBB000
|
stack
|
page read and write
|
||
|
20B8000
|
direct allocation
|
page read and write
|
||
|
492E000
|
stack
|
page read and write
|
||
|
85D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
863000
|
heap
|
page read and write
|
||
|
B42E000
|
stack
|
page read and write
|
||
|
CD2E000
|
stack
|
page read and write
|
||
|
6CB9000
|
heap
|
page read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
4EBA000
|
trusted library allocation
|
page execute and read and write
|
||
|
72F0000
|
trusted library allocation
|
page read and write
|
||
|
4F7C000
|
stack
|
page read and write
|
||
|
4E20000
|
heap
|
page read and write
|
||
|
83C000
|
heap
|
page read and write
|
||
|
4C77000
|
trusted library allocation
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
7C82000
|
heap
|
page read and write
|
||
|
B40000
|
heap
|
page read and write
|
||
|
63E000
|
stack
|
page read and write
|
||
|
877000
|
heap
|
page read and write
|
||
|
79E0000
|
trusted library allocation
|
page read and write
|
||
|
4ED4000
|
trusted library allocation
|
page read and write
|
||
|
80D4000
|
heap
|
page read and write
|
||
|
10AEC000
|
stack
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
21D4000
|
direct allocation
|
page read and write
|
||
|
7166000
|
heap
|
page read and write
|
||
|
861E000
|
stack
|
page read and write
|
||
|
87C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
20AC000
|
direct allocation
|
page read and write
|
||
|
138BC000
|
stack
|
page read and write
|
||
|
DE58000
|
heap
|
page read and write
|
||
|
16D000
|
stack
|
page read and write
|
||
|
89E1000
|
heap
|
page read and write
|
||
|
21D8000
|
direct allocation
|
page read and write
|
||
|
E6AC000
|
stack
|
page read and write
|
||
|
6BC000
|
unkown
|
page readonly
|
||
|
4C88000
|
trusted library allocation
|
page read and write
|
||
|
5140000
|
heap
|
page read and write
|
||
|
7FF848E9C000
|
trusted library allocation
|
page execute and read and write
|
||
|
21D8000
|
direct allocation
|
page read and write
|
||
|
4EC0000
|
remote allocation
|
page read and write
|
||
|
5E0A000
|
trusted library allocation
|
page read and write
|
||
|
8060000
|
trusted library allocation
|
page read and write
|
||
|
5579000
|
trusted library allocation
|
page read and write
|
||
|
7D10000
|
trusted library allocation
|
page read and write
|
||
|
EA6C000
|
stack
|
page read and write
|
||
|
63DE000
|
stack
|
page read and write
|
||
|
755A000
|
heap
|
page read and write
|
||
|
15E3C000
|
stack
|
page read and write
|
||
|
707D000
|
stack
|
page read and write
|
||
|
666C000
|
trusted library allocation
|
page read and write
|
||
|
1363C000
|
stack
|
page read and write
|
||
|
7B6E000
|
stack
|
page read and write
|
||
|
6FEE000
|
stack
|
page read and write
|
||
|
8DAC000
|
stack
|
page read and write
|
||
|
7AC5000
|
heap
|
page read and write
|
||
|
4AB000
|
stack
|
page read and write
|
||
|
1112C000
|
stack
|
page read and write
|
||
|
872E000
|
stack
|
page read and write
|
||
|
1082E000
|
stack
|
page read and write
|
||
|
DDA2000
|
heap
|
page read and write
|
||
|
85D5000
|
heap
|
page read and write
|
||
|
E3EE000
|
stack
|
page read and write
|
||
|
5DC1000
|
trusted library allocation
|
page read and write
|
||
|
2C8F000
|
stack
|
page read and write
|
||
|
6E0000
|
heap
|
page read and write
|
||
|
713E000
|
stack
|
page read and write
|
||
|
5579000
|
heap
|
page read and write
|
||
|
4722000
|
trusted library allocation
|
page read and write
|
||
|
E8EE000
|
stack
|
page read and write
|
||
|
20C8000
|
direct allocation
|
page read and write
|
||
|
7655000
|
heap
|
page execute and read and write
|
||
|
617D000
|
trusted library allocation
|
page read and write
|
||
|
81A2000
|
heap
|
page read and write
|
||
|
6EE000
|
heap
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
C32E000
|
stack
|
page read and write
|
||
|
8121000
|
heap
|
page read and write
|
||
|
151BC000
|
stack
|
page read and write
|
||
|
4B20000
|
heap
|
page readonly
|
||
|
420000
|
heap
|
page read and write
|
||
|
4F90000
|
trusted library allocation
|
page read and write
|
||
|
750A000
|
heap
|
page read and write
|
||
|
7A20000
|
trusted library allocation
|
page read and write
|
||
|
2F9B000
|
heap
|
page read and write
|
||
|
5B0E000
|
stack
|
page read and write
|
||
|
B96C000
|
stack
|
page read and write
|
||
|
DDAB000
|
heap
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
540B000
|
trusted library allocation
|
page read and write
|
||
|
80DC000
|
heap
|
page read and write
|
||
|
4EB0000
|
trusted library allocation
|
page read and write
|
||
|
1176C000
|
stack
|
page read and write
|
||
|
408D000
|
stack
|
page read and write
|
||
|
53E000
|
stack
|
page read and write
|
||
|
21C0000
|
direct allocation
|
page read and write
|
||
|
8156000
|
heap
|
page read and write
|
||
|
7FF848E00000
|
trusted library allocation
|
page read and write
|
There are 1917 hidden memdumps, click here to show them.