Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Modrinth.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Program Files (x86)\Internet Explorer\SIGNUP\DVoCIYUveQTPKsllMirxd.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\MSECache\OfficeKMS\win7\DVoCIYUveQTPKsllMirxd.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Windows Multimedia Platform\wininit.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Modrinth App\Modrinth App.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Reference Assemblies\Microsoft\Framework\DVoCIYUveQTPKsllMirxd.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Windows Photo Viewer\en-GB\System.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\Default\DVoCIYUveQTPKsllMirxd.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\Default\SearchApp.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Modrinth.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Vss\Writers\Application\RuntimeBroker.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Windows\en-US\csrss.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\intosessionperfcrtSvc\Componentwebfont.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\intosessionperfcrtSvc\RuntimeBroker.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Config.Msi\6ed635.rbs
|
data
|
modified
|
||
|
C:\Program Files (x86)\Internet Explorer\SIGNUP\510335ec8a3ea2
|
ASCII text, with very long lines (633), with no line terminators
|
dropped
|
||
|
C:\Program Files (x86)\MSECache\OfficeKMS\win7\510335ec8a3ea2
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Windows Multimedia Platform\56085415360792
|
ASCII text, with very long lines (445), with no line terminators
|
dropped
|
||
|
C:\Program Files\Modrinth App\Uninstall Modrinth App.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has command
line arguments, Archive, ctime=Sat Dec 7 08:09:44 2019, mtime=Thu Jul 4 18:56:58 2024, atime=Sat Dec 7 08:09:44 2019, length=69632,
window=hide
|
dropped
|
||
|
C:\Program Files\Reference Assemblies\Microsoft\Framework\510335ec8a3ea2
|
ASCII text, with very long lines (649), with no line terminators
|
dropped
|
||
|
C:\Program Files\Windows Photo Viewer\en-GB\27d1bcfc3c54e0
|
ASCII text, with very long lines (463), with no line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Modrinth App\Modrinth App.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working
directory, Icon number=0, Archive, ctime=Tue Apr 23 18:26:12 2024, mtime=Thu Jul 4 18:57:09 2024, atime=Tue Apr 23 18:26:12
2024, length=10292856, window=hide
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Modrinth App\Modrinth App.lnk~RF6edb84.TMP (copy)
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working
directory, Icon number=0, Archive, ctime=Tue Apr 23 18:26:12 2024, mtime=Thu Jul 4 18:57:09 2024, atime=Tue Apr 23 18:26:12
2024, length=10292856, window=hide
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Modrinth App\~odrinth App.tmp
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working
directory, Icon number=0, Archive, ctime=Tue Apr 23 18:26:12 2024, mtime=Thu Jul 4 18:57:09 2024, atime=Tue Apr 23 18:26:12
2024, length=10292856, window=hide
|
dropped
|
||
|
C:\Users\Default\38384e6a620884
|
ASCII text, with very long lines (851), with no line terminators
|
dropped
|
||
|
C:\Users\Default\510335ec8a3ea2
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\Public\Desktop\Modrinth App.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working
directory, Archive, ctime=Tue Apr 23 18:26:12 2024, mtime=Thu Jul 4 18:57:10 2024, atime=Tue Apr 23 18:26:12 2024, length=10292856,
window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Componentwebfont.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\DVoCIYUveQTPKsllMirxd.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSIC694.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSIEB83.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Modrinth App_0.7.1_x64_en-US.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: Modrinth App, Author: modrinth, Keywords: Installer, Comments: This installer database contains the logic
and data required to install Modrinth App., Template: x64;0, Revision Number: {C760B5F9-74CA-4082-83C4-12F6B36A93BB}, Create
Time/Date: Tue Apr 23 23:26:10 2024, Last Saved Time/Date: Tue Apr 23 23:26:10 2024, Number of Pages: 450, Number of Words:
2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
|
dropped
|
||
|
C:\Windows\Installer\6ed634.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: Modrinth App, Author: modrinth, Keywords: Installer, Comments: This installer database contains the logic
and data required to install Modrinth App., Template: x64;0, Revision Number: {C760B5F9-74CA-4082-83C4-12F6B36A93BB}, Create
Time/Date: Tue Apr 23 23:26:10 2024, Last Saved Time/Date: Tue Apr 23 23:26:10 2024, Number of Pages: 450, Number of Words:
2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
|
dropped
|
||
|
C:\Windows\Installer\6ed636.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: Modrinth App, Author: modrinth, Keywords: Installer, Comments: This installer database contains the logic
and data required to install Modrinth App., Template: x64;0, Revision Number: {C760B5F9-74CA-4082-83C4-12F6B36A93BB}, Create
Time/Date: Tue Apr 23 23:26:10 2024, Last Saved Time/Date: Tue Apr 23 23:26:10 2024, Number of Pages: 450, Number of Words:
2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
|
dropped
|
||
|
C:\Windows\Installer\MSID819.tmp
|
data
|
dropped
|
||
|
C:\Windows\Installer\SourceHash{67E35770-3BE7-49CB-BE18-C8626CE846EE}
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Installer\inprogressinstallinfo.ipi
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Installer\{67E35770-3BE7-49CB-BE18-C8626CE846EE}\ProductIcon
|
MS Windows icon resource - 6 icons, 32x32 with PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 16x16
with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 32 bits/pixel
|
dropped
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\~DF090D7A4F00EC6562.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF0945CB95462FFABB.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF198724A824B669DB.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF1D3096E52845E44B.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF25C075B902BE1BC1.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF4A714EFFCA52E6A2.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF58F9FD53BE13BF02.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFB20AD4B3D17979AE.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DFC48FD5848745477D.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFCD19227ECC0281B0.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFFF422DE5C7B7B6A8.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFFFAD356C80279C1B.TMP
|
data
|
dropped
|
||
|
C:\Windows\Vss\Writers\Application\9e8d7a4ca61bd9
|
ASCII text, with very long lines (954), with no line terminators
|
dropped
|
||
|
C:\Windows\en-US\886983d96e3d3e
|
ASCII text, with very long lines (664), with no line terminators
|
dropped
|
||
|
C:\intosessionperfcrtSvc\510335ec8a3ea2
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\intosessionperfcrtSvc\9e8d7a4ca61bd9
|
ASCII text, with very long lines (884), with no line terminators
|
dropped
|
||
|
C:\intosessionperfcrtSvc\QvJVxLMgIdUXKZXo3vjvMJd9h.bat
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\intosessionperfcrtSvc\x6qhfc.vbe
|
data
|
dropped
|
There are 48 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Modrinth.exe
|
"C:\Users\user\Desktop\Modrinth.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\Modrinth.exe
|
"C:\Users\user\AppData\Local\Temp\Modrinth.exe"
|
|
|
|
C:\Windows\SysWOW64\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\intosessionperfcrtSvc\x6qhfc.vbe"
|
|
|
|
C:\intosessionperfcrtSvc\Componentwebfont.exe
|
"C:\intosessionperfcrtSvc\Componentwebfont.exe"
|
|
|
|
C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exe
|
C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exe
|
|
|
|
C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exe
|
C:\intosessionperfcrtSvc\DVoCIYUveQTPKsllMirxd.exe
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\AppData\Local\Temp\Modrinth App_0.7.1_x64_en-US.msi"
|
||
|
C:\Windows\System32\msiexec.exe
|
C:\Windows\system32\msiexec.exe /V
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\intosessionperfcrtSvc\QvJVxLMgIdUXKZXo3vjvMJd9h.bat" "
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding E9350FF13617C2EDECFDC599F293255F C
|
There are 1 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://cz36357.tw1.ru/@=cDMmNzNiFGO
|
|
||
|
http://html4/loose.dtd
|
unknown
|
||
|
https://discord.com
|
unknown
|
||
|
https://asset.localhost;
|
unknown
|
||
|
https://resources.download.minecraft.net/
|
unknown
|
||
|
https://cdn-raw.modrinth.com/fonts/inter/;
|
unknown
|
||
|
https://tauri.app/docs/api/config#tauri.allowlist)
|
unknown
|
||
|
https://github.com/rust-windowing/tao
|
unknown
|
||
|
https://libraries.minecraft.net/(
|
unknown
|
||
|
https://modrinth.com
|
unknown
|
||
|
https://api.minecraftservices.com/entitlements/license?requestId=
|
unknown
|
||
|
https://api.mclo.gs;
|
unknown
|
||
|
https://cdn.modrle_relative_pathprofile_relative
|
unknown
|
||
|
https://docs.rs/tauri/1/tauri/scope/struct.IpcScope.html#method.configure_remote_access
|
unknown
|
||
|
https://docs.rs/getrandom#nodejs-es-module-supportC:
|
unknown
|
||
|
https://sisu.xboxlive.com/authorize/authorizet=M
|
unknown
|
||
|
https://meta.modrinth.com
|
unknown
|
||
|
https://xsts.auth.xboxlive.com/xsts/authorize/xsts/authorizerp://api.minecraftservices.com/
|
unknown
|
||
|
http://.css
|
unknown
|
||
|
https://launcher-files.modrinth.com/detect.txtcheck_internettimeout
|
unknown
|
||
|
https://api.azul.com/metadata/v1/zulu/packages?arch=&java_version=&os=&archive_type=zip&javafx_bundl
|
unknown
|
||
|
https://sisu.xboxlive.com/authenticate/authenticatecode_challenge_methodX-SessionId
|
unknown
|
||
|
https://www.youtube-nocookie.com
|
unknown
|
||
|
https://api.modrinth.com/v2/
|
unknown
|
||
|
https://www.youtube.com
|
unknown
|
||
|
https://api.minecraftservices.com/launcher/loginXBL3.0
|
unknown
|
||
|
https://api.modrinth.com/analytics/playtimeTried
|
unknown
|
||
|
https://sisu.xboxlive.com/authorize/authorizet=
|
unknown
|
||
|
https://tauri.app/docs/api/config#tauri.allowlist)PlatformOsTypeTempdirLocaleGetAppVersionGetAppName
|
unknown
|
||
|
http://auth.xboxlive.com
|
unknown
|
||
|
http://wixtoolset.org
|
unknown
|
||
|
https://device.auth.xboxlive.com/device/authenticate/device/authenticateProofOfPossession
|
unknown
|
||
|
https://device.auth.xboxlive.com/device/authenticate/device/authenticateProofOfPossession5q
|
unknown
|
||
|
https://github.com/tauri-apps/tauri/issues/2549#issuecomment-1250036908
|
unknown
|
||
|
https://piston-meta.mojang.com/mc/game/version_manifest_v2.json
|
unknown
|
||
|
https://github.com/tauri-apps/tauri/issues/8306)
|
unknown
|
||
|
https://meta.modrinth.comx
|
unknown
|
||
|
https://api.minecraftservices.com/minecraft/profile
|
unknown
|
||
|
https://tauri.app/v1/api/config/#securityconfig.dangerousremotedomainipcaccess
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://.jpg
|
unknown
|
||
|
http://localhost:1420/../dist/assets/index-WeuSTy9x.css
|
unknown
|
||
|
https://launcher-files.modrinth.com/updates.jsondefault-src
|
unknown
|
There are 33 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
chrome.cloudflare-dns.com
|
162.159.61.3
|
||
|
cdn.modrinth.com
|
104.18.22.35
|
||
|
cdn-raw.modrinth.com
|
104.18.23.35
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msi\OpenWithProgids
|
Msi.Package
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@C:\Windows\System32\msimsg.dll,-36
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@C:\Windows\System32\msimsg.dll,-37
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@C:\Windows\System32\msimsg.dll,-38
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
|
{8D80504A-0826-40C5-97E1-EBC68F953792} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\msiexec.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\msiexec.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\WScript.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\WScript.exe.ApplicationCompany
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer
|
GlobalAssocChangedCounter
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Config.Msi\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\6ed635.rbs
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\6ed635.rbsLow
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FF8D73E2EDCEE955E8B0475207857DB8
|
07753E767EB3BC94EB818C26C68E64EE
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F09FD58A4AF5D035B9AF3C83702CA955
|
07753E767EB3BC94EB818C26C68E64EE
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5E1BBF8CCAC7445FB38157CD3B6C4C3
|
07753E767EB3BC94EB818C26C68E64EE
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5A5DBDBAD66DD6E5FAE6BC2B9DB28158
|
07753E767EB3BC94EB818C26C68E64EE
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8261A1D79F60F685AADC5E1ABA5E0982
|
07753E767EB3BC94EB818C26C68E64EE
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B1170220E0EA9D5B9CC18B00137FE0E
|
07753E767EB3BC94EB818C26C68E64EE
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Program Files\Modrinth App\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Windows\Installer\{67E35770-3BE7-49CB-BE18-C8626CE846EE}\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Modrinth App\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\theseus.mrpack.Document\shell\open
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\theseus.mrpack.Document\shell\open\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mrpack
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mrpack
|
Content Type
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\theseus.mrpack.Document
|
NULL
|
||
|
HKEY_CURRENT_USER\SOFTWARE\modrinth\Modrinth App
|
Desktop Shortcut
|
||
|
HKEY_CURRENT_USER\SOFTWARE\modrinth\Modrinth App
|
InstallDir
|
||
|
HKEY_CURRENT_USER\SOFTWARE\modrinth\Modrinth App
|
Uninstaller Shortcut
|
||
|
HKEY_CURRENT_USER\SOFTWARE\modrinth\Modrinth App
|
Start Menu Shortcut
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\modrinth\theseus\Capabilities
|
ApplicationDescription
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\modrinth\theseus\Capabilities
|
ApplicationIcon
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\modrinth\theseus\Capabilities
|
ApplicationName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\modrinth\theseus\Capabilities\DefaultIcon
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\modrinth\theseus\Capabilities\FileAssociations
|
.mrpack
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\modrinth\theseus\Capabilities\MIMEAssociations
|
application/mrpack
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\modrinth\theseus\Capabilities\shell\Open\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications
|
theseus
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\theseus.mrpack.Document
|
MRPACK File
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mrpack\OpenWithList\theseus
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mrpack\OpenWithProgids
|
theseus.mrpack.Document
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\mrpack\SupportedTypes
|
.mrpack
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\mrpack\shell\open
|
FriendlyAppName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07753E767EB3BC94EB818C26C68E64EE\InstallProperties
|
LocalPackage
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07753E767EB3BC94EB818C26C68E64EE\InstallProperties
|
AuthorizedCDFPrefix
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07753E767EB3BC94EB818C26C68E64EE\InstallProperties
|
Comments
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07753E767EB3BC94EB818C26C68E64EE\InstallProperties
|
Contact
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07753E767EB3BC94EB818C26C68E64EE\InstallProperties
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07753E767EB3BC94EB818C26C68E64EE\InstallProperties
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07753E767EB3BC94EB818C26C68E64EE\InstallProperties
|
HelpTelephone
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07753E767EB3BC94EB818C26C68E64EE\InstallProperties
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07753E767EB3BC94EB818C26C68E64EE\InstallProperties
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07753E767EB3BC94EB818C26C68E64EE\InstallProperties
|
InstallSource
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07753E767EB3BC94EB818C26C68E64EE\InstallProperties
|
ModifyPath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07753E767EB3BC94EB818C26C68E64EE\InstallProperties
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07753E767EB3BC94EB818C26C68E64EE\InstallProperties
|
NoRepair
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07753E767EB3BC94EB818C26C68E64EE\InstallProperties
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07753E767EB3BC94EB818C26C68E64EE\InstallProperties
|
Readme
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07753E767EB3BC94EB818C26C68E64EE\InstallProperties
|
Size
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07753E767EB3BC94EB818C26C68E64EE\InstallProperties
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07753E767EB3BC94EB818C26C68E64EE\InstallProperties
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07753E767EB3BC94EB818C26C68E64EE\InstallProperties
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07753E767EB3BC94EB818C26C68E64EE\InstallProperties
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07753E767EB3BC94EB818C26C68E64EE\InstallProperties
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07753E767EB3BC94EB818C26C68E64EE\InstallProperties
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07753E767EB3BC94EB818C26C68E64EE\InstallProperties
|
WindowsInstaller
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07753E767EB3BC94EB818C26C68E64EE\InstallProperties
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07753E767EB3BC94EB818C26C68E64EE\InstallProperties
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67E35770-3BE7-49CB-BE18-C8626CE846EE}
|
AuthorizedCDFPrefix
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67E35770-3BE7-49CB-BE18-C8626CE846EE}
|
Comments
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67E35770-3BE7-49CB-BE18-C8626CE846EE}
|
Contact
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67E35770-3BE7-49CB-BE18-C8626CE846EE}
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67E35770-3BE7-49CB-BE18-C8626CE846EE}
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67E35770-3BE7-49CB-BE18-C8626CE846EE}
|
HelpTelephone
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67E35770-3BE7-49CB-BE18-C8626CE846EE}
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67E35770-3BE7-49CB-BE18-C8626CE846EE}
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67E35770-3BE7-49CB-BE18-C8626CE846EE}
|
InstallSource
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67E35770-3BE7-49CB-BE18-C8626CE846EE}
|
ModifyPath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67E35770-3BE7-49CB-BE18-C8626CE846EE}
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67E35770-3BE7-49CB-BE18-C8626CE846EE}
|
NoRepair
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67E35770-3BE7-49CB-BE18-C8626CE846EE}
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67E35770-3BE7-49CB-BE18-C8626CE846EE}
|
Readme
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67E35770-3BE7-49CB-BE18-C8626CE846EE}
|
Size
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67E35770-3BE7-49CB-BE18-C8626CE846EE}
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67E35770-3BE7-49CB-BE18-C8626CE846EE}
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67E35770-3BE7-49CB-BE18-C8626CE846EE}
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67E35770-3BE7-49CB-BE18-C8626CE846EE}
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67E35770-3BE7-49CB-BE18-C8626CE846EE}
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67E35770-3BE7-49CB-BE18-C8626CE846EE}
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67E35770-3BE7-49CB-BE18-C8626CE846EE}
|
WindowsInstaller
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67E35770-3BE7-49CB-BE18-C8626CE846EE}
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67E35770-3BE7-49CB-BE18-C8626CE846EE}
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\13CC58B29F9FD325381898EFA5ED7FD8
|
07753E767EB3BC94EB818C26C68E64EE
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07753E767EB3BC94EB818C26C68E64EE\InstallProperties
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67E35770-3BE7-49CB-BE18-C8626CE846EE}
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\07753E767EB3BC94EB818C26C68E64EE
|
ShortcutsFeature
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07753E767EB3BC94EB818C26C68E64EE\Features
|
ShortcutsFeature
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\07753E767EB3BC94EB818C26C68E64EE
|
MainProgram
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07753E767EB3BC94EB818C26C68E64EE\Features
|
MainProgram
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\07753E767EB3BC94EB818C26C68E64EE
|
Environment
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07753E767EB3BC94EB818C26C68E64EE\Features
|
Environment
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\07753E767EB3BC94EB818C26C68E64EE
|
External
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07753E767EB3BC94EB818C26C68E64EE\Features
|
External
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07753E767EB3BC94EB818C26C68E64EE\Patches
|
AllPatches
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\07753E767EB3BC94EB818C26C68E64EE
|
ProductName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\07753E767EB3BC94EB818C26C68E64EE
|
PackageCode
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\07753E767EB3BC94EB818C26C68E64EE
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\07753E767EB3BC94EB818C26C68E64EE
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\07753E767EB3BC94EB818C26C68E64EE
|
Assignment
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\07753E767EB3BC94EB818C26C68E64EE
|
AdvertiseFlags
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\07753E767EB3BC94EB818C26C68E64EE
|
ProductIcon
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\07753E767EB3BC94EB818C26C68E64EE
|
InstanceType
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\07753E767EB3BC94EB818C26C68E64EE
|
AuthorizedLUAApp
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\07753E767EB3BC94EB818C26C68E64EE
|
DeploymentFlags
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\13CC58B29F9FD325381898EFA5ED7FD8
|
07753E767EB3BC94EB818C26C68E64EE
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\07753E767EB3BC94EB818C26C68E64EE\SourceList
|
PackageName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\07753E767EB3BC94EB818C26C68E64EE\SourceList\Net
|
1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\07753E767EB3BC94EB818C26C68E64EE\SourceList\Media
|
1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\07753E767EB3BC94EB818C26C68E64EE
|
Clients
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\07753E767EB3BC94EB818C26C68E64EE\SourceList
|
LastUsedSource
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings
|
StringCacheGeneration
|
||
|
HKEY_CURRENT_USER\SOFTWARE\b8bbcb55f0102d902a5d3103b592d27a0e491cb8
|
63ab3853af89a43bbf93aaae815c43b041bb349d
|
There are 117 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
326E000
|
trusted library allocation
|
page read and write
|
|
|
|
3231000
|
trusted library allocation
|
page read and write
|
|
|
|
1336F000
|
trusted library allocation
|
page read and write
|
|
|
|
2FD1000
|
trusted library allocation
|
page read and write
|
|
|
|
3361000
|
trusted library allocation
|
page read and write
|
|
|
|
381D000
|
trusted library allocation
|
page read and write
|
|
|
|
1330000
|
trusted library allocation
|
page read and write
|
||
|
167E000
|
stack
|
page read and write
|
||
|
320E000
|
stack
|
page read and write
|
||
|
2F0D000
|
heap
|
page read and write
|
||
|
2F11000
|
heap
|
page read and write
|
||
|
7FF848A36000
|
trusted library allocation
|
page read and write
|
||
|
3057000
|
heap
|
page read and write
|
||
|
1C446000
|
heap
|
page read and write
|
||
|
2F41000
|
heap
|
page read and write
|
||
|
1C5B3000
|
heap
|
page read and write
|
||
|
EBE000
|
heap
|
page read and write
|
||
|
7FF848BA0000
|
trusted library allocation
|
page read and write
|
||
|
1C4EF000
|
heap
|
page read and write
|
||
|
2F19000
|
heap
|
page read and write
|
||
|
1B55D000
|
stack
|
page read and write
|
||
|
1BF9E000
|
stack
|
page read and write
|
||
|
F70000
|
heap
|
page read and write
|
||
|
2F90000
|
heap
|
page read and write
|
||
|
111F000
|
stack
|
page read and write
|
||
|
1206000
|
heap
|
page read and write
|
||
|
1C518000
|
heap
|
page read and write
|
||
|
2FE5000
|
heap
|
page read and write
|
||
|
2F43000
|
heap
|
page read and write
|
||
|
337F000
|
stack
|
page read and write
|
||
|
1BEC3000
|
stack
|
page read and write
|
||
|
1C272000
|
heap
|
page read and write
|
||
|
1C245000
|
heap
|
page read and write
|
||
|
2BA0000
|
heap
|
page read and write
|
||
|
2F5E000
|
heap
|
page read and write
|
||
|
29E000
|
unkown
|
page write copy
|
||
|
369C000
|
trusted library allocation
|
page read and write
|
||
|
2F16000
|
heap
|
page read and write
|
||
|
7FF848A46000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B8ED000
|
stack
|
page read and write
|
||
|
12A7000
|
heap
|
page read and write
|
||
|
7FF42DE40000
|
trusted library allocation
|
page execute and read and write
|
||
|
4EC4000
|
heap
|
page read and write
|
||
|
1B390000
|
trusted library allocation
|
page read and write
|
||
|
7FF848B61000
|
trusted library allocation
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
18F0000
|
trusted library section
|
page read and write
|
||
|
2ED8000
|
heap
|
page read and write
|
||
|
37B7000
|
trusted library allocation
|
page read and write
|
||
|
13DD000
|
heap
|
page read and write
|
||
|
F50000
|
heap
|
page read and write
|
||
|
1BD2F000
|
stack
|
page read and write
|
||
|
7FF84897D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848962000
|
trusted library allocation
|
page read and write
|
||
|
BFE000
|
stack
|
page read and write
|
||
|
2F2E000
|
heap
|
page read and write
|
||
|
58DF000
|
stack
|
page read and write
|
||
|
18BE000
|
stack
|
page read and write
|
||
|
2BB0000
|
heap
|
page read and write
|
||
|
1C5A2000
|
heap
|
page read and write
|
||
|
1C193000
|
stack
|
page read and write
|
||
|
1BCCE000
|
stack
|
page read and write
|
||
|
EBC000
|
unkown
|
page readonly
|
||
|
7FF848A16000
|
trusted library allocation
|
page read and write
|
||
|
57DE000
|
stack
|
page read and write
|
||
|
7FF848954000
|
trusted library allocation
|
page read and write
|
||
|
2EA0000
|
heap
|
page read and write
|
||
|
327E000
|
stack
|
page read and write
|
||
|
C3E000
|
stack
|
page read and write
|
||
|
2F98000
|
heap
|
page read and write
|
||
|
1BF6E000
|
stack
|
page read and write
|
||
|
3057000
|
heap
|
page read and write
|
||
|
1C7E9000
|
heap
|
page read and write
|
||
|
13D1000
|
heap
|
page read and write
|
||
|
1241000
|
heap
|
page read and write
|
||
|
120C000
|
heap
|
page read and write
|
||
|
2F1C000
|
heap
|
page read and write
|
||
|
1520000
|
heap
|
page read and write
|
||
|
F66000
|
stack
|
page read and write
|
||
|
759F000
|
stack
|
page read and write
|
||
|
1C7A8000
|
heap
|
page read and write
|
||
|
7FF848963000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C794000
|
heap
|
page read and write
|
||
|
1BA80000
|
heap
|
page execute and read and write
|
||
|
561E000
|
stack
|
page read and write
|
||
|
31B0000
|
trusted library allocation
|
page read and write
|
||
|
591C000
|
stack
|
page read and write
|
||
|
2AA3000
|
heap
|
page read and write
|
||
|
141C000
|
heap
|
page read and write
|
||
|
E2E000
|
heap
|
page read and write
|
||
|
2FC8000
|
heap
|
page read and write
|
||
|
54FB000
|
stack
|
page read and write
|
||
|
1CFBE000
|
stack
|
page read and write
|
||
|
7FF848B50000
|
trusted library allocation
|
page read and write
|
||
|
12F6000
|
stack
|
page read and write
|
||
|
2F5C000
|
heap
|
page read and write
|
||
|
163F000
|
stack
|
page read and write
|
||
|
122B000
|
heap
|
page read and write
|
||
|
1C79D000
|
heap
|
page read and write
|
||
|
AB8000
|
unkown
|
page readonly
|
||
|
1C1C8000
|
heap
|
page read and write
|
||
|
2FC5000
|
heap
|
page read and write
|
||
|
1C73F000
|
heap
|
page read and write
|
||
|
293000
|
unkown
|
page readonly
|
||
|
2FBE000
|
heap
|
page read and write
|
||
|
1C298000
|
heap
|
page read and write
|
||
|
1C52B000
|
heap
|
page read and write
|
||
|
1C22E000
|
heap
|
page read and write
|
||
|
38EC000
|
stack
|
page read and write
|
||
|
1B99F000
|
stack
|
page read and write
|
||
|
19B000
|
stack
|
page read and write
|
||
|
1C5C5000
|
heap
|
page read and write
|
||
|
335F000
|
stack
|
page read and write
|
||
|
1900000
|
trusted library section
|
page read and write
|
||
|
7FF848BB0000
|
trusted library allocation
|
page read and write
|
||
|
1C5CC000
|
heap
|
page read and write
|
||
|
7FF848A10000
|
trusted library allocation
|
page read and write
|
||
|
1C732000
|
heap
|
page read and write
|
||
|
2F1B000
|
heap
|
page read and write
|
||
|
7FF848B00000
|
trusted library allocation
|
page read and write
|
||
|
2C8000
|
unkown
|
page readonly
|
||
|
2FBF000
|
heap
|
page read and write
|
||
|
2F1C000
|
heap
|
page read and write
|
||
|
1BD63000
|
stack
|
page read and write
|
||
|
29E000
|
unkown
|
page read and write
|
||
|
7FF848A3C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848A00000
|
trusted library allocation
|
page read and write
|
||
|
301E000
|
heap
|
page read and write
|
||
|
1790000
|
trusted library allocation
|
page read and write
|
||
|
7FF848B30000
|
trusted library allocation
|
page read and write
|
||
|
37AF000
|
stack
|
page read and write
|
||
|
7FF848A1C000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D70000
|
heap
|
page read and write
|
||
|
29FB000
|
stack
|
page read and write
|
||
|
7FF84896C000
|
trusted library allocation
|
page read and write
|
||
|
2A3D000
|
heap
|
page read and write
|
||
|
2E60000
|
heap
|
page read and write
|
||
|
7FF8489DC000
|
trusted library allocation
|
page execute and read and write
|
||
|
769C000
|
stack
|
page read and write
|
||
|
2BEB000
|
heap
|
page read and write
|
||
|
260000
|
unkown
|
page readonly
|
||
|
7FF848AFC000
|
trusted library allocation
|
page read and write
|
||
|
7FF848B10000
|
trusted library allocation
|
page read and write
|
||
|
2D31000
|
stack
|
page read and write
|
||
|
328F000
|
stack
|
page read and write
|
||
|
304F000
|
heap
|
page read and write
|
||
|
7FF8489AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
366F000
|
stack
|
page read and write
|
||
|
1BC6E000
|
stack
|
page read and write
|
||
|
2F30000
|
heap
|
page read and write
|
||
|
7FF848B3B000
|
trusted library allocation
|
page read and write
|
||
|
739E000
|
stack
|
page read and write
|
||
|
16C0000
|
trusted library section
|
page read and write
|
||
|
7FF848B80000
|
trusted library allocation
|
page read and write
|
||
|
1C488000
|
heap
|
page read and write
|
||
|
1C44E000
|
heap
|
page read and write
|
||
|
126B000
|
heap
|
page read and write
|
||
|
7FF84898D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D39000
|
stack
|
page read and write
|
||
|
3679000
|
trusted library allocation
|
page read and write
|
||
|
2E06000
|
heap
|
page read and write
|
||
|
1C094000
|
stack
|
page read and write
|
||
|
3057000
|
heap
|
page read and write
|
||
|
52E9000
|
heap
|
page read and write
|
||
|
1C1E5000
|
heap
|
page read and write
|
||
|
1C3DD000
|
stack
|
page read and write
|
||
|
2F0C000
|
heap
|
page read and write
|
||
|
2EAE000
|
stack
|
page read and write
|
||
|
7FF848AFA000
|
trusted library allocation
|
page read and write
|
||
|
1358000
|
heap
|
page read and write
|
||
|
7FF848A66000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F5E000
|
heap
|
page read and write
|
||
|
532E000
|
heap
|
page read and write
|
||
|
7FF8489AC000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F20000
|
heap
|
page read and write
|
||
|
1350000
|
heap
|
page read and write
|
||
|
51D8000
|
heap
|
page read and write
|
||
|
1C25F000
|
heap
|
page read and write
|
||
|
1BB6F000
|
stack
|
page read and write
|
||
|
4EC0000
|
heap
|
page read and write
|
||
|
18D5000
|
heap
|
page read and write
|
||
|
2F1E000
|
heap
|
page read and write
|
||
|
FE0000
|
trusted library allocation
|
page read and write
|
||
|
352F000
|
stack
|
page read and write
|
||
|
3190000
|
heap
|
page execute and read and write
|
||
|
2ED000
|
unkown
|
page readonly
|
||
|
5091000
|
trusted library allocation
|
page read and write
|
||
|
FC0000
|
heap
|
page read and write
|
||
|
50A0000
|
heap
|
page read and write
|
||
|
54EE000
|
stack
|
page read and write
|
||
|
32DC000
|
trusted library allocation
|
page read and write
|
||
|
7FF848A70000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D16000
|
stack
|
page read and write
|
||
|
2E59000
|
heap
|
page read and write
|
||
|
5250000
|
heap
|
page read and write
|
||
|
2FCC000
|
heap
|
page read and write
|
||
|
7FF84897B000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DFE000
|
stack
|
page read and write
|
||
|
1C216000
|
heap
|
page read and write
|
||
|
2DAE000
|
stack
|
page read and write
|
||
|
2F4E000
|
heap
|
page read and write
|
||
|
7FF848B1B000
|
trusted library allocation
|
page read and write
|
||
|
7FF848A20000
|
trusted library allocation
|
page execute and read and write
|
||
|
3632000
|
trusted library allocation
|
page read and write
|
||
|
1C433000
|
heap
|
page read and write
|
||
|
7FF848B60000
|
trusted library allocation
|
page read and write
|
||
|
7FF848952000
|
trusted library allocation
|
page read and write
|
||
|
13238000
|
trusted library allocation
|
page read and write
|
||
|
2D10000
|
stack
|
page read and write
|
||
|
1C460000
|
heap
|
page read and write
|
||
|
123F000
|
heap
|
page read and write
|
||
|
7FF84896D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848B40000
|
trusted library allocation
|
page read and write
|
||
|
2F31000
|
heap
|
page read and write
|
||
|
2E50000
|
heap
|
page readonly
|
||
|
343B000
|
heap
|
page read and write
|
||
|
1C778000
|
heap
|
page read and write
|
||
|
540F000
|
heap
|
page read and write
|
||
|
1C504000
|
heap
|
page read and write
|
||
|
2FC8000
|
heap
|
page read and write
|
||
|
1286000
|
heap
|
page read and write
|
||
|
1C7D8000
|
heap
|
page read and write
|
||
|
3050000
|
heap
|
page read and write
|
||
|
173F000
|
stack
|
page read and write
|
||
|
1BDCE000
|
stack
|
page read and write
|
||
|
D7E000
|
stack
|
page read and write
|
||
|
37EC000
|
stack
|
page read and write
|
||
|
474000
|
unkown
|
page readonly
|
||
|
1C4A3000
|
heap
|
page read and write
|
||
|
3050000
|
heap
|
page read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
3050000
|
heap
|
page read and write
|
||
|
3057000
|
heap
|
page read and write
|
||
|
1D0BB000
|
stack
|
page read and write
|
||
|
356E000
|
stack
|
page read and write
|
||
|
1280000
|
heap
|
page read and write
|
||
|
13049000
|
trusted library allocation
|
page read and write
|
||
|
3659000
|
trusted library allocation
|
page read and write
|
||
|
2FF6000
|
heap
|
page read and write
|
||
|
1425000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
7FF848B30000
|
trusted library allocation
|
page read and write
|
||
|
14D0000
|
heap
|
page read and write
|
||
|
1760000
|
heap
|
page read and write
|
||
|
562E000
|
stack
|
page read and write
|
||
|
1C468000
|
heap
|
page read and write
|
||
|
13844000
|
trusted library allocation
|
page read and write
|
||
|
2F5C000
|
heap
|
page read and write
|
||
|
2F13000
|
heap
|
page read and write
|
||
|
2F2E000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
4FEE000
|
stack
|
page read and write
|
||
|
2F14000
|
heap
|
page read and write
|
||
|
1C259000
|
heap
|
page read and write
|
||
|
1C5CF000
|
heap
|
page read and write
|
||
|
2F5C000
|
heap
|
page read and write
|
||
|
53ED000
|
stack
|
page read and write
|
||
|
7FF848BC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF84898B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C5A9000
|
heap
|
page read and write
|
||
|
38F2000
|
heap
|
page read and write
|
||
|
E4F000
|
heap
|
page read and write
|
||
|
138B000
|
heap
|
page read and write
|
||
|
2D06000
|
stack
|
page read and write
|
||
|
1C20C000
|
heap
|
page read and write
|
||
|
141E000
|
heap
|
page read and write
|
||
|
1580000
|
heap
|
page read and write
|
||
|
7FF8489AB000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F24000
|
heap
|
page read and write
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
2FE5000
|
heap
|
page read and write
|
||
|
7FF848B2C000
|
trusted library allocation
|
page read and write
|
||
|
1323D000
|
trusted library allocation
|
page read and write
|
||
|
7FF848970000
|
trusted library allocation
|
page read and write
|
||
|
513E000
|
stack
|
page read and write
|
||
|
405000
|
unkown
|
page write copy
|
||
|
C70000
|
heap
|
page read and write
|
||
|
3430000
|
heap
|
page read and write
|
||
|
2F85000
|
heap
|
page read and write
|
||
|
2F4E000
|
heap
|
page read and write
|
||
|
2A7F000
|
heap
|
page read and write
|
||
|
2DB0000
|
heap
|
page read and write
|
||
|
2F39000
|
heap
|
page read and write
|
||
|
34C7000
|
trusted library allocation
|
page read and write
|
||
|
2C36000
|
stack
|
page read and write
|
||
|
7FF848A40000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C551000
|
heap
|
page read and write
|
||
|
2B80000
|
heap
|
page read and write
|
||
|
7FF848974000
|
trusted library allocation
|
page read and write
|
||
|
3250000
|
heap
|
page read and write
|
||
|
12FD3000
|
trusted library allocation
|
page read and write
|
||
|
318E000
|
stack
|
page read and write
|
||
|
12FDD000
|
trusted library allocation
|
page read and write
|
||
|
1336D000
|
trusted library allocation
|
page read and write
|
||
|
1C401000
|
heap
|
page read and write
|
||
|
7FF84897C000
|
trusted library allocation
|
page read and write
|
||
|
310E000
|
stack
|
page read and write
|
||
|
1C1D2000
|
heap
|
page read and write
|
||
|
304E000
|
heap
|
page read and write
|
||
|
305E000
|
heap
|
page read and write
|
||
|
16E4000
|
heap
|
page read and write
|
||
|
13241000
|
trusted library allocation
|
page read and write
|
||
|
D90000
|
unkown
|
page readonly
|
||
|
69E5000
|
heap
|
page read and write
|
||
|
138D000
|
heap
|
page read and write
|
||
|
7FF84897D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F2D000
|
heap
|
page read and write
|
||
|
1570000
|
heap
|
page execute and read and write
|
||
|
2F15000
|
heap
|
page read and write
|
||
|
E20000
|
heap
|
page read and write
|
||
|
3050000
|
heap
|
page read and write
|
||
|
7FF848A0C000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F4E000
|
heap
|
page read and write
|
||
|
40C000
|
unkown
|
page readonly
|
||
|
7FF84898D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C5DB000
|
heap
|
page read and write
|
||
|
305E000
|
heap
|
page read and write
|
||
|
1C426000
|
heap
|
page read and write
|
||
|
7FF848984000
|
trusted library allocation
|
page read and write
|
||
|
2E00000
|
heap
|
page read and write
|
||
|
1C3E0000
|
heap
|
page read and write
|
||
|
7FF848B00000
|
trusted library allocation
|
page read and write
|
||
|
7FF848B40000
|
trusted library allocation
|
page read and write
|
||
|
305E000
|
heap
|
page read and write
|
||
|
E2A000
|
heap
|
page read and write
|
||
|
1C0CE000
|
stack
|
page read and write
|
||
|
7FF848963000
|
trusted library allocation
|
page read and write
|
||
|
1CEBD000
|
stack
|
page read and write
|
||
|
3050000
|
heap
|
page read and write
|
||
|
7FF848B1B000
|
trusted library allocation
|
page read and write
|
||
|
1C7FD000
|
heap
|
page read and write
|
||
|
EB6000
|
heap
|
page read and write
|
||
|
51D0000
|
trusted library allocation
|
page read and write
|
||
|
D90000
|
unkown
|
page readonly
|
||
|
431000
|
unkown
|
page readonly
|
||
|
3220000
|
heap
|
page read and write
|
||
|
7FF848A80000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848B50000
|
trusted library allocation
|
page read and write
|
||
|
499000
|
unkown
|
page readonly
|
||
|
2EF0000
|
heap
|
page read and write
|
||
|
7FF848973000
|
trusted library allocation
|
page read and write
|
||
|
1CC1E000
|
stack
|
page read and write
|
||
|
2F17000
|
heap
|
page read and write
|
||
|
34F4000
|
trusted library allocation
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
569C000
|
stack
|
page read and write
|
||
|
5352000
|
heap
|
page read and write
|
||
|
2F36000
|
heap
|
page read and write
|
||
|
7FF848B20000
|
trusted library allocation
|
page read and write
|
||
|
305E000
|
heap
|
page read and write
|
||
|
1C06E000
|
stack
|
page read and write
|
||
|
13B8000
|
heap
|
page read and write
|
||
|
7FF848B90000
|
trusted library allocation
|
page execute and read and write
|
||
|
D92000
|
unkown
|
page readonly
|
||
|
7FF848B0C000
|
trusted library allocation
|
page read and write
|
||
|
2ED000
|
unkown
|
page readonly
|
||
|
13D5000
|
heap
|
page read and write
|
||
|
3701000
|
trusted library allocation
|
page read and write
|
||
|
1BD30000
|
heap
|
page execute and read and write
|
||
|
18D0000
|
heap
|
page read and write
|
||
|
1C753000
|
heap
|
page read and write
|
||
|
3437000
|
heap
|
page read and write
|
||
|
2F24000
|
heap
|
page read and write
|
||
|
565E000
|
stack
|
page read and write
|
||
|
305E000
|
heap
|
page read and write
|
||
|
342E000
|
stack
|
page read and write
|
||
|
260000
|
unkown
|
page readonly
|
||
|
17EE000
|
stack
|
page read and write
|
||
|
F40000
|
heap
|
page read and write
|
||
|
1C233000
|
heap
|
page read and write
|
||
|
2F1F000
|
heap
|
page read and write
|
||
|
1C7F5000
|
heap
|
page read and write
|
||
|
2C1000
|
unkown
|
page read and write
|
||
|
7FF848980000
|
trusted library allocation
|
page read and write
|
||
|
2F2E000
|
stack
|
page read and write
|
||
|
2C3000
|
unkown
|
page readonly
|
||
|
13F8000
|
heap
|
page read and write
|
||
|
12CF000
|
heap
|
page read and write
|
||
|
2F38000
|
heap
|
page read and write
|
||
|
52EC000
|
heap
|
page read and write
|
||
|
261000
|
unkown
|
page execute read
|
||
|
404000
|
unkown
|
page read and write
|
||
|
7FF848A06000
|
trusted library allocation
|
page read and write
|
||
|
EB8000
|
heap
|
page read and write
|
||
|
2FCD000
|
heap
|
page read and write
|
||
|
51E0000
|
heap
|
page read and write
|
||
|
2CFC000
|
stack
|
page read and write
|
||
|
1990000
|
heap
|
page execute and read and write
|
||
|
2C8000
|
unkown
|
page readonly
|
||
|
3751000
|
trusted library allocation
|
page read and write
|
||
|
2FC0000
|
heap
|
page execute and read and write
|
||
|
304F000
|
heap
|
page read and write
|
||
|
7FF848AF3000
|
trusted library allocation
|
page read and write
|
||
|
1C224000
|
heap
|
page read and write
|
||
|
1C201000
|
heap
|
page read and write
|
||
|
7FF848993000
|
trusted library allocation
|
page read and write
|
||
|
73A0000
|
heap
|
page read and write
|
||
|
1920000
|
trusted library section
|
page read and write
|
||
|
5A1D000
|
stack
|
page read and write
|
||
|
1BFCE000
|
stack
|
page read and write
|
||
|
50AA000
|
trusted library allocation
|
page read and write
|
||
|
2FF7000
|
heap
|
page read and write
|
||
|
1C248000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1560000
|
heap
|
page read and write
|
||
|
1B6AD000
|
stack
|
page read and write
|
||
|
2E65000
|
heap
|
page read and write
|
||
|
1C276000
|
heap
|
page read and write
|
||
|
7FF848B67000
|
trusted library allocation
|
page read and write
|
||
|
F90000
|
heap
|
page read and write
|
||
|
319F000
|
stack
|
page read and write
|
||
|
2FBA000
|
heap
|
page read and write
|
||
|
2FF9000
|
heap
|
page read and write
|
||
|
13F3000
|
heap
|
page read and write
|
||
|
1C1CE000
|
stack
|
page read and write
|
||
|
1BAC0000
|
heap
|
page read and write
|
||
|
2A4000
|
unkown
|
page read and write
|
||
|
1B260000
|
trusted library allocation
|
page read and write
|
||
|
1740000
|
heap
|
page read and write
|
||
|
7FF84899D000
|
trusted library allocation
|
page execute and read and write
|
||
|
188F000
|
stack
|
page read and write
|
||
|
3802000
|
trusted library allocation
|
page read and write
|
||
|
2FF9000
|
heap
|
page read and write
|
||
|
52EA000
|
heap
|
page read and write
|
||
|
1C774000
|
heap
|
page read and write
|
||
|
304E000
|
heap
|
page read and write
|
||
|
7FF848953000
|
trusted library allocation
|
page execute and read and write
|
||
|
304F000
|
heap
|
page read and write
|
||
|
136B000
|
heap
|
page read and write
|
||
|
1C7B1000
|
heap
|
page read and write
|
||
|
1C1ED000
|
heap
|
page read and write
|
||
|
1310000
|
heap
|
page read and write
|
||
|
7FF848950000
|
trusted library allocation
|
page read and write
|
||
|
3825000
|
trusted library allocation
|
page read and write
|
||
|
2F4E000
|
heap
|
page read and write
|
||
|
14F0000
|
heap
|
page read and write
|
||
|
19B4000
|
heap
|
page read and write
|
||
|
EC0000
|
unkown
|
page readonly
|
||
|
354C000
|
trusted library allocation
|
page read and write
|
||
|
1C1E8000
|
heap
|
page read and write
|
||
|
1C720000
|
heap
|
page read and write
|
||
|
13B6000
|
heap
|
page read and write
|
||
|
7FF848B10000
|
trusted library allocation
|
page read and write
|
||
|
12FE1000
|
trusted library allocation
|
page read and write
|
||
|
101F000
|
stack
|
page read and write
|
||
|
7FF848A10000
|
trusted library allocation
|
page execute and read and write
|
||
|
18EE000
|
stack
|
page read and write
|
||
|
55DD000
|
stack
|
page read and write
|
||
|
2F18000
|
heap
|
page read and write
|
||
|
13F1000
|
heap
|
page read and write
|
||
|
4E8E000
|
stack
|
page read and write
|
||
|
69A3000
|
heap
|
page read and write
|
||
|
2F5E000
|
heap
|
page read and write
|
||
|
531C000
|
stack
|
page read and write
|
||
|
1C3F2000
|
heap
|
page read and write
|
||
|
2F4E000
|
stack
|
page read and write
|
||
|
1520000
|
trusted library allocation
|
page read and write
|
||
|
35D9000
|
trusted library allocation
|
page read and write
|
||
|
16E0000
|
heap
|
page read and write
|
||
|
2C2000
|
unkown
|
page readonly
|
||
|
13231000
|
trusted library allocation
|
page read and write
|
||
|
51D0000
|
heap
|
page read and write
|
||
|
1300000
|
trusted library allocation
|
page read and write
|
||
|
2F19000
|
heap
|
page read and write
|
||
|
7FF84899C000
|
trusted library allocation
|
page read and write
|
||
|
2F5E000
|
heap
|
page read and write
|
||
|
12FD1000
|
trusted library allocation
|
page read and write
|
||
|
7FF848960000
|
trusted library allocation
|
page read and write
|
||
|
1C289000
|
heap
|
page read and write
|
||
|
33FE000
|
trusted library allocation
|
page read and write
|
||
|
3230000
|
heap
|
page read and write
|
||
|
1C1A0000
|
heap
|
page read and write
|
||
|
69A0000
|
trusted library allocation
|
page read and write
|
||
|
13233000
|
trusted library allocation
|
page read and write
|
||
|
523F000
|
stack
|
page read and write
|
||
|
293000
|
unkown
|
page readonly
|
||
|
2EF1000
|
heap
|
page read and write
|
||
|
12FD8000
|
trusted library allocation
|
page read and write
|
||
|
7FF848982000
|
trusted library allocation
|
page read and write
|
||
|
3DDF000
|
heap
|
page read and write
|
||
|
50EF000
|
stack
|
page read and write
|
||
|
2F23000
|
heap
|
page read and write
|
||
|
7FF848B70000
|
trusted library allocation
|
page read and write
|
||
|
1C725000
|
heap
|
page read and write
|
||
|
1C419000
|
heap
|
page read and write
|
||
|
1BD90000
|
heap
|
page read and write
|
||
|
6A09000
|
heap
|
page read and write
|
||
|
1BBCE000
|
stack
|
page read and write
|
||
|
DBE000
|
stack
|
page read and write
|
||
|
E80000
|
heap
|
page read and write
|
||
|
4F80000
|
heap
|
page read and write
|
||
|
FC5000
|
heap
|
page read and write
|
||
|
3057000
|
heap
|
page read and write
|
||
|
2D27000
|
stack
|
page read and write
|
||
|
17B0000
|
trusted library allocation
|
page read and write
|
||
|
1C75D000
|
heap
|
page read and write
|
||
|
301F000
|
trusted library allocation
|
page read and write
|
||
|
2C2000
|
unkown
|
page write copy
|
||
|
2EEE000
|
stack
|
page read and write
|
||
|
7FF848B20000
|
trusted library allocation
|
page read and write
|
||
|
7FF848A30000
|
trusted library allocation
|
page read and write
|
||
|
7FF848984000
|
trusted library allocation
|
page read and write
|
||
|
2F1F000
|
heap
|
page read and write
|
||
|
1C4D4000
|
heap
|
page read and write
|
||
|
13368000
|
trusted library allocation
|
page read and write
|
||
|
7FF848AF0000
|
trusted library allocation
|
page read and write
|
||
|
1BA60000
|
heap
|
page read and write
|
||
|
1C7C5000
|
heap
|
page read and write
|
||
|
3829000
|
trusted library allocation
|
page read and write
|
||
|
552E000
|
stack
|
page read and write
|
||
|
1330000
|
heap
|
page read and write
|
||
|
7FF848B13000
|
trusted library allocation
|
page read and write
|
||
|
2F2F000
|
heap
|
page read and write
|
||
|
7FF848B20000
|
trusted library allocation
|
page read and write
|
||
|
1C51A000
|
heap
|
page read and write
|
||
|
2F22000
|
heap
|
page read and write
|
||
|
1540000
|
trusted library allocation
|
page read and write
|
||
|
2D60000
|
heap
|
page read and write
|
||
|
1375000
|
heap
|
page read and write
|
||
|
7FF848983000
|
trusted library allocation
|
page execute and read and write
|
||
|
2ED0000
|
heap
|
page read and write
|
||
|
7FF848B30000
|
trusted library allocation
|
page read and write
|
||
|
12F6000
|
stack
|
page read and write
|
||
|
2FC8000
|
heap
|
page read and write
|
||
|
305E000
|
heap
|
page read and write
|
||
|
1585000
|
heap
|
page read and write
|
||
|
2E50000
|
heap
|
page read and write
|
||
|
7FF848980000
|
trusted library allocation
|
page read and write
|
||
|
2F1F000
|
heap
|
page read and write
|
||
|
1C4B3000
|
heap
|
page read and write
|
||
|
7FF848B40000
|
trusted library allocation
|
page read and write
|
||
|
7FF8489BC000
|
trusted library allocation
|
page execute and read and write
|
||
|
16BE000
|
stack
|
page read and write
|
||
|
329F000
|
stack
|
page read and write
|
||
|
13B0000
|
heap
|
page read and write
|
||
|
2F5C000
|
heap
|
page read and write
|
||
|
2EF0000
|
heap
|
page read and write
|
||
|
7FF848A36000
|
trusted library allocation
|
page execute and read and write
|
||
|
132A9000
|
trusted library allocation
|
page read and write
|
||
|
1C57D000
|
heap
|
page read and write
|
||
|
C75000
|
heap
|
page read and write
|
||
|
2F11000
|
heap
|
page read and write
|
||
|
1C29E000
|
heap
|
page read and write
|
||
|
7FF848964000
|
trusted library allocation
|
page read and write
|
||
|
1C557000
|
heap
|
page read and write
|
||
|
7FF848B43000
|
trusted library allocation
|
page read and write
|
||
|
1C591000
|
heap
|
page read and write
|
||
|
1335000
|
heap
|
page read and write
|
||
|
1BE9E000
|
stack
|
page read and write
|
||
|
2D23000
|
stack
|
page read and write
|
||
|
3057000
|
heap
|
page read and write
|
||
|
7FF8489A0000
|
trusted library allocation
|
page read and write
|
||
|
261000
|
unkown
|
page execute read
|
||
|
1B000000
|
trusted library allocation
|
page read and write
|
||
|
2F2A000
|
heap
|
page read and write
|
||
|
729E000
|
stack
|
page read and write
|
||
|
7FF84895D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF84896D000
|
trusted library allocation
|
page execute and read and write
|
||
|
36AE000
|
stack
|
page read and write
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
1C287000
|
heap
|
page read and write
|
||
|
2CFB000
|
stack
|
page read and write
|
||
|
1BE6E000
|
stack
|
page read and write
|
||
|
1200000
|
heap
|
page read and write
|
||
|
3050000
|
heap
|
page read and write
|
||
|
1270000
|
heap
|
page read and write
|
||
|
2FF7000
|
heap
|
page read and write
|
||
|
1C442000
|
heap
|
page read and write
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
19B0000
|
heap
|
page read and write
|
||
|
14CF000
|
stack
|
page read and write
|
||
|
2F44000
|
heap
|
page read and write
|
||
|
2F40000
|
trusted library allocation
|
page read and write
|
||
|
2F36000
|
heap
|
page read and write
|
||
|
7FF848AA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
BB0000
|
heap
|
page read and write
|
||
|
5720000
|
heap
|
page read and write
|
||
|
13F5000
|
heap
|
page read and write
|
||
|
7FF8489A4000
|
trusted library allocation
|
page read and write
|
||
|
7FF848B23000
|
trusted library allocation
|
page read and write
|
||
|
1C1FC000
|
heap
|
page read and write
|
||
|
2D29000
|
stack
|
page read and write
|
||
|
13361000
|
trusted library allocation
|
page read and write
|
||
|
359D000
|
trusted library allocation
|
page read and write
|
||
|
7FF848B4D000
|
trusted library allocation
|
page read and write
|
There are 575 hidden memdumps, click here to show them.