IOC Report
zdi.txt.msi

loading gif

Files

File Path
Type
Category
Malicious
zdi.txt.msi
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {ECDEC887-FE4B-4D4C-AEE0-0B38AF17C8D1}, Number of Words: 10, Subject: TimeService, Author: TimeService LLC, Name of Creating Application: TimeService, Template: ;1033, Comments: Runtime service TimeService., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
initial sample
 malicious
C:\Users\user\AppData\Roaming\wait.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Windows\Installer\MSI48D4.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Config.Msi\424595.rbs
data
modified
C:\Users\user\AppData\Local\Temp\Asxo.tmp
SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
dropped
C:\Users\user\AppData\Local\Temp\Ixav.tmp
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\Ixav.tmp-shm
data
dropped
C:\Users\user\AppData\Local\Temp\muez.tmp
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\ucsafe64.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\vapaef4.tmp
data
modified
C:\Windows\Installer\424593.msi
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {ECDEC887-FE4B-4D4C-AEE0-0B38AF17C8D1}, Number of Words: 10, Subject: TimeService, Author: TimeService LLC, Name of Creating Application: TimeService, Template: ;1033, Comments: Runtime service TimeService., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
dropped
C:\Windows\Installer\MSI468D.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Windows\Installer\MSI46EC.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Windows\Installer\MSI471C.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Windows\Installer\MSI473C.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Windows\Installer\MSI4808.tmp
data
dropped
C:\Windows\Installer\SourceHash{998A301A-3216-4DC9-93E2-7045B0436D77}
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Installer\inprogressinstallinfo.ipi
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Windows\Temp\~DF0606AB9D6109E824.TMP
data
dropped
C:\Windows\Temp\~DF49E30092373E93C5.TMP
data
dropped
C:\Windows\Temp\~DF581C97A89ED8416F.TMP
data
dropped
C:\Windows\Temp\~DF5A96D35EDE356A10.TMP
data
dropped
C:\Windows\Temp\~DF5E32AC49DFA98868.TMP
data
dropped
C:\Windows\Temp\~DF8B911CC6E45EB733.TMP
data
dropped
C:\Windows\Temp\~DF9F39D725BAF3F65F.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DFC86A2EECEB586208.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DFC92AA70B3A2A17E6.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DFCEF614FEBAB0279B.TMP
data
dropped
C:\Windows\Temp\~DFDF5BCCD847627237.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DFF12B76ECD009F834.TMP
Composite Document File V2 Document, Cannot read section info
dropped
There are 21 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\zdi.txt.msi"
malicious
C:\Windows\System32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
 malicious
C:\Windows\Installer\MSI48D4.tmp
"C:\Windows\Installer\MSI48D4.tmp" /DontWait C:/Windows/SysWOW64/rundll32.exe C:\Users\user\AppData\Roaming\wait.dll, Jump
 malicious
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\SysWOW64\rundll32.exe" C:\Users\user\AppData\Roaming\wait.dll, Jump
 malicious
C:\Windows\System32\rundll32.exe
"C:\Windows\SysWOW64\rundll32.exe" C:\Users\user\AppData\Roaming\wait.dll, Jump
 malicious
C:\Windows\explorer.exe
C:\Windows\Explorer.EXE
 malicious
C:\Windows\System32\cmd.exe
/c ipconfig /all
 malicious
C:\Windows\System32\ipconfig.exe
ipconfig /all
 malicious
C:\Windows\System32\cmd.exe
/c systeminfo
 malicious
C:\Windows\System32\systeminfo.exe
systeminfo
 malicious
C:\Windows\System32\cmd.exe
/c nltest /domain_trusts
 malicious
C:\Windows\System32\cmd.exe
/c nltest /domain_trusts /all_trusts
 malicious
C:\Windows\System32\cmd.exe
/c net view /all /domain
 malicious
C:\Windows\System32\net.exe
net view /all /domain
 malicious
C:\Windows\System32\cmd.exe
/c net view /all
 malicious
C:\Windows\System32\net.exe
net view /all
 malicious
C:\Windows\System32\cmd.exe
/c net group "Domain Admins" /domain
 malicious
C:\Windows\System32\net.exe
net group "Domain Admins" /domain
 malicious
C:\Windows\System32\cmd.exe
/c net config workstation
 malicious
C:\Windows\System32\net.exe
net config workstation
 malicious
C:\Windows\System32\cmd.exe
/c wmic.exe /node:localhost /namespace:\\root\SecurityCenter2 path AntiVirusProduct Get DisplayName | findstr /V /B /C:displayName || echo No Antivirus installed
malicious
C:\Windows\System32\cmd.exe
/c whoami /groups
 malicious
C:\Windows\System32\whoami.exe
whoami /groups
 malicious
C:\Windows\SysWOW64\msiexec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 55FA980756605C03F579DEFA7A4ADAF1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\nltest.exe
nltest /domain_trusts
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\nltest.exe
nltest /domain_trusts /all_trusts
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\net1.exe
C:\Windows\system32\net1 group "Domain Admins" /domain
C:\Windows\System32\wbem\WMIC.exe
/Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get * /Format:List
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\net1.exe
C:\Windows\system32\net1 config workstation
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\wbem\WMIC.exe
wmic.exe /node:localhost /namespace:\\root\SecurityCenter2 path AntiVirusProduct Get DisplayName
C:\Windows\System32\findstr.exe
findstr /V /B /C:displayName
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 33 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://reateberam.com/test/
104.21.16.251
 malicious
https://reateberam.com/
unknown
 malicious
https://dogirafer.com/test/
104.21.68.89
 malicious
https://dogirafer.com/
unknown
 malicious
https://reateberam.com/files/stkm.bin
104.21.16.251
 malicious
https://aka.ms/odirmr
unknown
http://schemas.mi
unknown
https://dogirafer.com/test/1b87bd06
unknown
https://reateberam.com/=
unknown
https://dogirafer.com/gs
unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
unknown
https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl
unknown
https://powerpoint.office.comcember
unknown
https://api.msn.com:443/v1/news/Feed/Windows?
unknown
https://huanvn.com/
unknown
https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re-
unknown
https://excel.office.com
unknown
http://schemas.micro
unknown
https://dogirafer.com/=
unknown
https://reateberam.com/test/32.dll
unknown
https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-we
unknown
https://reateberam.com/test/5865723_17335797906044_2080493URLS1https://dogirafer.com/test/5205754_80
unknown
https://simpleflying.com/how-do-you-become-an-air-traffic-controller/
unknown
https://dogirafer.com/A
unknown
https://dogirafer.com/test/Q
unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY
unknown
https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
unknown
https://dogirafer.com/6122658-3693405117-2476756634-1002
unknown
http://x1.c.lencr.org/0
unknown
http://x1.i.lencr.org/0
unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark
unknown
https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-mi
unknown
https://api.msn.com/q
unknown
https://dogirafer.com/st/
unknown
https://api.msn.com/v1/news/Feed/Windows?activityId=0CC40BF291614022B7DF6E2143E8A6AF&timeOut=5000&oc
unknown
https://dogirafer.com/test/p
unknown
https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
unknown
https://www.msn.com/en-us/lifestyle/lifestyle-buzz/biden-makes-decision-that-will-impact-more-than-1
unknown
https://huanvn.com:6542/stop.php
unknown
https://reateberam.com/test/v
unknown
https://assets.msn.com/staticsb/statics/latest/traffic/Notification/desktop/svg/RoadHazard.svg
unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-dark
unknown
https://www.msn.com/en-us/money/personalfinance/13-states-that-don-t-tax-your-retirement-income/ar-A
unknown
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg
unknown
http://www.autoitscript.com/autoit3/J
unknown
https://wns.windows.com/L
unknown
https://huanvn.com:6542/stop.phpF
unknown
https://word.office.com
unknown
https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
unknown
https://huanvn.com/a
unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu
unknown
https://reateberam.com/test/4782396_3336673150375_5876994URLS1https://dogirafer.com/test/7951999_661
unknown
https://www.msn.com/en-us/news/topic/breast%20cancer%20awareness%20month?ocid=winp1headerevent
unknown
https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win
unknown
https://reateberam.com/files/stkm.binbm
unknown
http://r10.o.lencr.org0#
unknown
https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
unknown
http://schemas.micr
unknown
https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-
unknown
https://aka.ms/Vh5j3k
unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu
unknown
https://reateberam.com/test/1424693_495962074200_3017094URLS1https://dogirafer.com/test/3578852_8133
unknown
https://api.msn.com/v1/news/Feed/Windows?&
unknown
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/humidity.svg
unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-dark
unknown
https://dogirafer.com/vider
unknown
https://reateberam.com/test/7765524_55360872352224_4448453URLS1https://dogirafer.com/test/604857_961
unknown
https://www.rd.com/list/polite-habits-campers-dislike/
unknown
https://www.thawte.com/cps0/
unknown
https://dogirafer.com/est/mX
unknown
https://android.notify.windows.com/iOS
unknown
https://www.thawte.com/repository0W
unknown
https://www.msn.com/en-us/news/us/metro-officials-still-investigating-friday-s-railcar-derailment/ar
unknown
https://dogirafer.com/test/-
unknown
https://www.advancedinstaller.com
unknown
https://dogirafer.com/est/-
unknown
https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img
unknown
https://api.msn.com/
unknown
https://dogirafer.com/3p
unknown
https://www.msn.com/en-us/news/politics/exclusive-john-kelly-goes-on-the-record-to-confirm-several-d
unknown
https://outlook.com_
unknown
https://huanvn.com:6542/stop.phpl
unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
unknown
https://www.msn.com:443/en-us/feed
unknown
https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppe
unknown
http://r10.i.lencr.org/0
unknown
https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at
unknown
https://www.msn.com/en-us/weather/topstories/rest-of-hurricane-season-in-uncharted-waters-because-of
unknown
https://dogirafer.com/V=
unknown
https://reateberam.com/test/3426159_38935932553563_5901982URLS1https://dogirafer.com/test/8447341_42
unknown
There are 80 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
reateberam.com
104.21.16.251
 malicious
huanvn.com
103.57.249.207
 malicious
dogirafer.com
104.21.68.89
 malicious
bg.microsoft.map.fastly.net
199.232.210.172

IPs

IP
Domain
Country
Malicious
104.21.16.251
reateberam.com
United States
malicious
104.21.68.89
dogirafer.com
United States
malicious
103.57.249.207
huanvn.com
India
malicious

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Owner
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
SessionHash
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Sequence
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Config.Msi\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\424595.rbs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\424595.rbsLow
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Users\user\AppData\Roaming\Microsoft\Installer\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\C72CC84B32896524285338B4DFD2D0BB
A103A89961239CD4392E07540B34D677
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\F5D323A437D662C4E893EB9882AD31BE
A103A89961239CD4392E07540B34D677
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\26A9D01E17DE8D1478DE206653C64101
A103A89961239CD4392E07540B34D677
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Users\user\AppData\Roaming\TimeService LLC\TimeService\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Users\user\AppData\Roaming\TimeService LLC\
HKEY_CURRENT_USER\SOFTWARE\TimeService LLC\TimeService
Version
HKEY_CURRENT_USER\SOFTWARE\TimeService LLC\TimeService
Path
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\24\417C44EB
@%SystemRoot%\System32\ci.dll,-100
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\24\417C44EB
@%SystemRoot%\System32\ci.dll,-101
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\24\417C44EB
@%SystemRoot%\system32\dnsapi.dll,-103
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\24\417C44EB
@%SystemRoot%\System32\fveui.dll,-843
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\24\417C44EB
@%SystemRoot%\System32\fveui.dll,-844
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\24\417C44EB
@%SystemRoot%\System32\wuaueng.dll,-400
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\24\417C44EB
@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\24\417C44EB
@%SystemRoot%\system32\NgcRecovery.dll,-100
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\24\417C44EB
@explorerframe.dll,-13137
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\24\417C44EB
@explorerframe.dll,-13138
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
{A38B883C-1682-497E-97B0-0A3A9E801682} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
{33154C99-BF49-443D-A73C-303A23ABBE97} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithProgids
Unpacker
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Security and Maintenance\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.102
CheckSetting
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
TaskbarStateLastRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021492-0000-0000-C000-000000000046}\Enum
Implementing
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
TaskbarStateLastRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021492-0000-0000-C000-000000000046}\Enum
Implementing
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\OpenWithProgids
WMP11.AssocFile.3G2
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\OpenWithProgids
WMP11.AssocFile.3GP
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\OpenWithProgids
WMP11.AssocFile.3G2
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\OpenWithProgids
WMP11.AssocFile.3GP
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\OpenWithProgids
WMP11.AssocFile.ADTS
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adt\OpenWithProgids
WMP11.AssocFile.ADTS
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adts\OpenWithProgids
WMP11.AssocFile.ADTS
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\OpenWithProgids
WMP11.AssocFile.AIFF
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\OpenWithProgids
WMP11.AssocFile.AIFF
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\OpenWithProgids
WMP11.AssocFile.ASF
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\OpenWithProgids
WMP11.AssocFile.ASX
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\OpenWithProgids
WMP11.AssocFile.AU
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au3\OpenWithProgids
AutoIt3Script
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\OpenWithProgids
WMP11.AssocFile.AVI
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\OpenWithProgids
Paint.Picture
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cab\OpenWithProgids
CABFolder
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdxml\OpenWithProgids
Microsoft.PowerShellCmdletDefinitionXML.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.css\OpenWithProgids
CSSfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.csv\OpenWithProgids
Excel.CSV
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dds\OpenWithProgids
ddsfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\OpenWithProgids
Paint.Picture
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dll\OpenWithProgids
dllfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\OpenWithProgids
Word.Document.8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docm\OpenWithProgids
Word.DocumentMacroEnabled.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\OpenWithProgids
Word.Document.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dot\OpenWithProgids
Word.Template.8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dotm\OpenWithProgids
Word.TemplateMacroEnabled.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dotx\OpenWithProgids
Word.Template.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\OpenWithProgids
emffile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids
exefile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\OpenWithProgids
WMP11.AssocFile.FLAC
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fon\OpenWithProgids
fonfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\OpenWithProgids
giffile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids
htmlfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\OpenWithProgids
icofile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inf\OpenWithProgids
inffile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ini\OpenWithProgids
inifile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\OpenWithProgids
pjpegfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\OpenWithProgids
jpegfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jxr\OpenWithProgids
wdpfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lnk\OpenWithProgids
lnkfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\OpenWithProgids
WMP11.AssocFile.MPEG
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\OpenWithProgids
WMP11.AssocFile.M2TS
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\OpenWithProgids
WMP11.AssocFile.M2TS
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\OpenWithProgids
WMP11.AssocFile.MPEG
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\OpenWithProgids
WMP11.AssocFile.m3u
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\OpenWithProgids
WMP11.AssocFile.M4A
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\OpenWithProgids
WMP11.AssocFile.MP4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\OpenWithProgids
mhtmlfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\OpenWithProgids
WMP11.AssocFile.MIDI
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\OpenWithProgids
WMP11.AssocFile.MIDI
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mk3d\OpenWithProgids
WMP11.AssocFile.MK3D
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mka\OpenWithProgids
WMP11.AssocFile.MKA
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\OpenWithProgids
WMP11.AssocFile.MKV
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\OpenWithProgids
WMP11.AssocFile.MPEG
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\OpenWithProgids
WMP11.AssocFile.MOV
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MP2\OpenWithProgids
WMP11.AssocFile.MP3
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\OpenWithProgids
WMP11.AssocFile.MPEG
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\OpenWithProgids
WMP11.AssocFile.MPEG
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\OpenWithProgids
WMP11.AssocFile.MPEG
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msg\OpenWithProgids
Outlook.File.msg.15
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\OpenWithProgids
WMP11.AssocFile.M2TS
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ocx\OpenWithProgids
ocxfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.odp\OpenWithProgids
PowerPoint.OpenDocumentPresentation.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ods\OpenWithProgids
Excel.OpenDocumentSpreadsheet.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.odt\OpenWithProgids
Word.OpenDocumentText.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.otf\OpenWithProgids
otffile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\OpenWithProgids
pngfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pot\OpenWithProgids
PowerPoint.Template.8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.potm\OpenWithProgids
PowerPoint.TemplateMacroEnabled.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.potx\OpenWithProgids
PowerPoint.Template.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppam\OpenWithProgids
PowerPoint.Addin.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppsm\OpenWithProgids
PowerPoint.SlideShowMacroEnabled.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppsx\OpenWithProgids
PowerPoint.SlideShow.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppt\OpenWithProgids
PowerPoint.Show.8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pptm\OpenWithProgids
PowerPoint.ShowMacroEnabled.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pptx\OpenWithProgids
PowerPoint.Show.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ps1\OpenWithProgids
Microsoft.PowerShellScript.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ps1xml\OpenWithProgids
Microsoft.PowerShellXMLData.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd1\OpenWithProgids
Microsoft.PowerShellData.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psm1\OpenWithProgids
Microsoft.PowerShellModule.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pssc\OpenWithProgids
Microsoft.PowerShellSessionConfiguration.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\OpenWithProgids
rlefile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\OpenWithProgids
WMP11.AssocFile.MIDI
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rtf\OpenWithProgids
Word.RTF.8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.scf\OpenWithProgids
SHCmdFile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.search-ms\OpenWithProgids
SearchFolder
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithProgids
shtmlfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sldm\OpenWithProgids
PowerPoint.SlideMacroEnabled.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sldx\OpenWithProgids
PowerPoint.Slide.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\OpenWithProgids
WMP11.AssocFile.AU
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sys\OpenWithProgids
sysfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\OpenWithProgids
TIFImage.Document
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\OpenWithProgids
WMP11.AssocFile.TTS
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\OpenWithProgids
ttcfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\OpenWithProgids
ttffile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\OpenWithProgids
WMP11.AssocFile.TTS
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithProgids
txtfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vsto\OpenWithProgids
bootstrap.vsto.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\OpenWithProgids
WMP11.AssocFile.WAV
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\OpenWithProgids
WMP11.AssocFile.WAX
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdp\OpenWithProgids
wdpfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\OpenWithProgids
WMP11.AssocFile.ASF
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\OpenWithProgids
WMP11.AssocFile.WMA
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\OpenWithProgids
wmffile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\OpenWithProgids
WMP11.AssocFile.WMV
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\OpenWithProgids
WMP11.AssocFile.ASX
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WPL\OpenWithProgids
WMP11.AssocFile.WPL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\OpenWithProgids
WMP11.AssocFile.WVX
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlam\OpenWithProgids
Excel.AddInMacroEnabled
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xls\OpenWithProgids
Excel.Sheet.8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsb\OpenWithProgids
Excel.SheetBinaryMacroEnabled.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsm\OpenWithProgids
Excel.SheetMacroEnabled.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsx\OpenWithProgids
Excel.Sheet.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlt\OpenWithProgids
Excel.Template.8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xltm\OpenWithProgids
Excel.TemplateMacroEnabled
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xltx\OpenWithProgids
Excel.Template
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\OpenWithProgids
xmlfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xsl\OpenWithProgids
xslfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
TaskbarStateLastRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021492-0000-0000-C000-000000000046}\Enum
Implementing
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
TaskbarStateLastRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021492-0000-0000-C000-000000000046}\Enum
Implementing
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
TaskbarStateLastRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021492-0000-0000-C000-000000000046}\Enum
Implementing
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
TaskbarStateLastRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021492-0000-0000-C000-000000000046}\Enum
Implementing
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
TaskbarStateLastRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021492-0000-0000-C000-000000000046}\Enum
Implementing
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
TaskbarStateLastRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021492-0000-0000-C000-000000000046}\Enum
Implementing
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
TaskbarStateLastRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021492-0000-0000-C000-000000000046}\Enum
Implementing
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
TaskbarStateLastRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021492-0000-0000-C000-000000000046}\Enum
Implementing
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
TaskbarStateLastRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021492-0000-0000-C000-000000000046}\Enum
Implementing
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
TaskbarStateLastRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021492-0000-0000-C000-000000000046}\Enum
Implementing
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
LastUpdate
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\24\417C44EB
@%SystemRoot%\system32\mlang.dll,-4387
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\24\417C44EB
@%SystemRoot%\system32\mlang.dll,-4407
There are 266 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
9F9A000
stack
page read and write
 malicious
23CDAA1C000
heap
page read and write
 malicious
23CDAA4B000
heap
page read and write
 malicious
9550000
unkown
page readonly
31A0000
unkown
page execute and read and write
AADB000
unkown
page read and write
FC28000
unkown
page read and write
7D20000
unkown
page readonly
14370EC9000
heap
page read and write
7FF5ED793000
unkown
page readonly
140724C0000
heap
page read and write
AAFA000
unkown
page read and write
E7F267D000
stack
page read and write
BC00000
unkown
page execute and read and write
2202F7F000
stack
page read and write
7FF5ED8AC000
unkown
page readonly
2AEDEFF000
unkown
page read and write
7FF5ED26E000
unkown
page readonly
C70000
unkown
page readonly
CA20000
unkown
page read and write
1DB02BD0000
heap
page read and write
8C40000
unkown
page readonly
7FF5ED4B4000
unkown
page readonly
23CDAA56000
heap
page read and write
143714AE000
heap
page read and write
3190000
unkown
page execute and read and write
A29E000
stack
page read and write
9885000
unkown
page read and write
7FF5ED1D6000
unkown
page readonly
23CDA9D0000
remote allocation
page read and write
7FF5ED4C2000
unkown
page readonly
CB6C000
unkown
page read and write
2F40000
heap
page read and write
AB03000
unkown
page read and write
CA18000
unkown
page read and write
C98F000
unkown
page read and write
31A0000
unkown
page execute and read and write
1350000
unkown
page read and write
8C50000
unkown
page readonly
CB92000
unkown
page read and write
140723CB000
heap
page read and write
7FF5EDA69000
unkown
page readonly
CA04000
unkown
page read and write
7FF5ED9BE000
unkown
page readonly
AB5D000
unkown
page read and write
4B50000
unkown
page read and write
7FF5ED445000
unkown
page readonly
C11000
unkown
page execute read
A4AB000
unkown
page read and write
7FF5ED55F000
unkown
page readonly
3700000
unkown
page read and write
7FF5EDA70000
unkown
page readonly
3738000
unkown
page read and write
CA7C000
unkown
page read and write
267CFB60000
heap
page read and write
CBC9000
unkown
page read and write
7FF5EDA08000
unkown
page readonly
CAB3000
unkown
page read and write
8B60000
unkown
page readonly
CB79000
unkown
page read and write
7950000
unkown
page read and write
C9E0000
unkown
page read and write
FBE0000
unkown
page read and write
1BAD71E8000
heap
page read and write
7FF5ED505000
unkown
page readonly
7FF5ED97A000
unkown
page readonly
7FF5ED939000
unkown
page readonly
20DE3480000
heap
page read and write
8A6E000
stack
page read and write
35A0000
unkown
page readonly
37AE000
unkown
page read and write
9B60000
unkown
page readonly
B6C0000
unkown
page execute and read and write
1360000
unkown
page execute and read and write
BB00000
unkown
page execute and read and write
14371610000
heap
page read and write
1440000
unkown
page read and write
1384000
unkown
page execute and read and write
7FF5ED872000
unkown
page readonly
37A0000
unkown
page read and write
C700000
unkown
page read and write
C70000
unkown
page readonly
37A0000
unkown
page read and write
209C6508000
heap
page read and write
A479000
unkown
page read and write
C10A000
stack
page read and write
9540000
unkown
page execute and read and write
143714A7000
heap
page read and write
C6C000
unkown
page write copy
CA20000
unkown
page read and write
7FF5ED850000
unkown
page readonly
3580000
unkown
page readonly
3A3898F000
stack
page read and write
20BDDE00000
heap
page read and write
8FB0000
unkown
page execute and read and write
CA08000
unkown
page read and write
14371600000
heap
page read and write
168E315F000
heap
page read and write
7FF5EDA47000
unkown
page readonly
9877000
unkown
page read and write
7FF5ED3F3000
unkown
page readonly
143714C8000
heap
page read and write
143714CB000
heap
page read and write
21292070000
heap
page read and write
7FF5ED68C000
unkown
page readonly
7FF5ED9A6000
unkown
page readonly
7FF5ED5C1000
unkown
page readonly
1E22C56F000
heap
page read and write
168E2AA5000
heap
page read and write
C89C000
unkown
page read and write
785B000
unkown
page read and write
23CD8BEC000
heap
page read and write
7FFE000
stack
page read and write
A4AE000
unkown
page read and write
7FF5ED52F000
unkown
page readonly
CAB3000
unkown
page read and write
7DF487750000
direct allocation
page read and write
168E2C5A000
heap
page read and write
8DA0000
unkown
page read and write
AA90000
unkown
page read and write
168E3186000
heap
page read and write
7FF5ED534000
unkown
page readonly
C6C1000
unkown
page read and write
60FD4FE000
unkown
page read and write
23CDAD00000
trusted library allocation
page read and write
2275F560000
heap
page read and write
168E3157000
heap
page read and write
DD0000
unkown
page readonly
2275F668000
heap
page read and write
A364000
unkown
page read and write
3758000
unkown
page read and write
23CD8A60000
heap
page read and write
23CD8B80000
heap
page read and write
21291E40000
heap
page read and write
B0BD0FB000
stack
page read and write
7FF5ED1D6000
unkown
page readonly
7FF5ED64F000
unkown
page readonly
7FF5ED412000
unkown
page readonly
A000000
unkown
page execute and read and write
7FF5ED669000
unkown
page readonly
3290000
unkown
page read and write
37D2000
unkown
page read and write
7FF5ED735000
unkown
page readonly
7FF5ED9A1000
unkown
page readonly
3210000
unkown
page read and write
9833000
unkown
page read and write
143714C8000
heap
page read and write
1370000
unkown
page execute and read and write
A32A000
unkown
page read and write
986B000
unkown
page read and write
7C90000
unkown
page read and write
168E318C000
heap
page read and write
B629000
stack
page read and write
7FF5ED3DA000
unkown
page readonly
7FF5ED714000
unkown
page readonly
CA14000
unkown
page read and write
1F3841F0000
heap
page read and write
168E2C20000
trusted library allocation
page read and write
7FF5ED844000
unkown
page readonly
4B93000
unkown
page read and write
CB6F000
unkown
page read and write
31A0000
unkown
page execute and read and write
C5A0000
unkown
page read and write
CB25000
unkown
page read and write
183AA2F7000
heap
page read and write
7FF5ED743000
unkown
page readonly
7FF5ED349000
unkown
page readonly
14371613000
heap
page read and write
7884000
unkown
page read and write
3200000
unkown
page execute and read and write
7977000
unkown
page read and write
7863000
unkown
page read and write
23CDA4C3000
direct allocation
page read and write
140723E5000
heap
page read and write
CA20000
unkown
page read and write
97D4000
unkown
page read and write
168E316B000
heap
page read and write
3080000
heap
page read and write
79B5000
unkown
page read and write
7FF5EDA0B000
unkown
page readonly
168E315C000
heap
page read and write
20BDDE29000
heap
page read and write
EDC04FF000
unkown
page read and write
4C60000
unkown
page read and write
18A1000
unkown
page readonly
79B1000
unkown
page read and write
C557000
unkown
page read and write
8208000
stack
page read and write
9A10000
unkown
page read and write
3D011FF000
stack
page read and write
7FF5ED975000
unkown
page readonly
14370EC7000
heap
page read and write
A3BE000
unkown
page read and write
168E2AA7000
heap
page read and write
79B5000
unkown
page read and write
7FF5ED9F2000
unkown
page readonly
C512000
unkown
page read and write
23CD8BE7000
heap
page read and write
26B8F920000
heap
page read and write
7FF5ED65C000
unkown
page readonly
14371480000
heap
page read and write
A4A1000
unkown
page read and write
3590000
unkown
page read and write
7FF5ED6D6000
unkown
page readonly
F6DB000
unkown
page read and write
1360000
unkown
page execute and read and write
140723E7000
heap
page read and write
10D0000
heap
page read and write
7FF5ED42B000
unkown
page readonly
9873000
unkown
page read and write
4B50000
unkown
page read and write
A323000
unkown
page read and write
4B9AAFB000
stack
page read and write
9871000
unkown
page read and write
7FF5ED8B4000
unkown
page readonly
978E000
unkown
page read and write
1B8921A0000
heap
page read and write
C964000
unkown
page read and write
3460000
unkown
page execute and read and write
A11F000
stack
page read and write
BDA0000
unkown
page readonly
89A0000
unkown
page read and write
8B60000
unkown
page readonly
7FF5ED471000
unkown
page readonly
37F9000
unkown
page read and write
A4AB000
unkown
page read and write
7FF5D1CD4000
unkown
page readonly
7FF5EDA53000
unkown
page readonly
23CD8BF9000
heap
page read and write
7FF5ED7E0000
unkown
page readonly
26B8FB35000
heap
page read and write
DD0000
unkown
page readonly
7CA0000
unkown
page read and write
16FF000
stack
page read and write
8B70000
unkown
page execute and read and write
78AD000
unkown
page read and write
A323000
unkown
page read and write
F6DB000
unkown
page read and write
303C000
stack
page read and write
140723E7000
heap
page read and write
1EA79A60000
heap
page read and write
C11000
unkown
page execute read
168E3179000
heap
page read and write
1EA79C70000
heap
page read and write
209C6500000
heap
page read and write
CBD2000
unkown
page read and write
21291E88000
heap
page read and write
56D9000
unkown
page read and write
C516000
unkown
page read and write
168E2AA5000
heap
page read and write
7FF5ED6B9000
unkown
page readonly
8810000
unkown
page execute and read and write
9976000
unkown
page read and write
77AD07D000
stack
page read and write
23CDAA34000
heap
page read and write
20BDDE5B000
heap
page read and write
7FF5EDA69000
unkown
page readonly
4CE0000
unkown
page read and write
3748000
unkown
page read and write
23CDAD00000
trusted library allocation
page read and write
C962000
unkown
page read and write
7FF5ED7F1000
unkown
page readonly
CB51000
unkown
page read and write
7D53000
unkown
page read and write
7B80000
unkown
page read and write
979C000
unkown
page read and write
FC45000
unkown
page read and write
7FF5ED996000
unkown
page readonly
7D53000
unkown
page read and write
FBE0000
unkown
page read and write
EDC05FF000
stack
page read and write
7FF5ED77C000
unkown
page readonly
3795000
unkown
page read and write
7FF5ED295000
unkown
page readonly
A4B8000
unkown
page read and write
CAB3000
unkown
page read and write
7FF5ED9ED000
unkown
page readonly
11D0000
unkown
page readonly
9FF0000
unkown
page execute and read and write
9871000
unkown
page read and write
7FF5EDA47000
unkown
page readonly
B640000
unkown
page read and write
AB5A000
unkown
page read and write
20DE3505000
heap
page read and write
7FF5ED46E000
unkown
page readonly
CA47000
unkown
page read and write
896B000
stack
page read and write
7FF5ED9CC000
unkown
page readonly
23CD8B00000
heap
page read and write
7FF5ED68F000
unkown
page readonly
168E2AA5000
heap
page read and write
11C0000
unkown
page read and write
140723C0000
heap
page read and write
37F6000
unkown
page read and write
23CD8B46000
heap
page read and write
20DE34E0000
heap
page read and write
797D000
unkown
page read and write
37A8000
unkown
page read and write
7FF5ED8F9000
unkown
page readonly
7FF5ED92C000
unkown
page readonly
23CDAC19000
heap
page read and write
14371612000
heap
page read and write
7FF5ED942000
unkown
page readonly
F713000
unkown
page read and write
1500000
heap
page read and write
C857000
unkown
page read and write
8B70000
unkown
page execute and read and write
7FF5ED342000
unkown
page readonly
CB92000
unkown
page read and write
7FF5ED4B4000
unkown
page readonly
A479000
unkown
page read and write
7FF5ED7C4000
unkown
page readonly
C6CF000
unkown
page read and write
7FF5ED942000
unkown
page readonly
143714B0000
heap
page read and write
151BF140000
heap
page read and write
37F2000
unkown
page read and write
7FF5ED781000
unkown
page readonly
1360000
unkown
page execute and read and write
8C50000
unkown
page readonly
7FF5ED5C5000
unkown
page readonly
8B70000
unkown
page execute and read and write
133D000
heap
page read and write
14B0000
unkown
page readonly
308D000
stack
page read and write
14370EFE000
heap
page read and write
818E000
stack
page read and write
DE0000
unkown
page readonly
143714B1000
heap
page read and write
23CDAC19000
heap
page read and write
CA18000
unkown
page read and write
371D000
unkown
page read and write
168E3184000
heap
page read and write
168E2E0D000
heap
page read and write
168E2E0B000
heap
page read and write
3151000
unkown
page read and write
7FFDFAA52000
unkown
page write copy
B150000
unkown
page read and write
7859000
unkown
page read and write
26B8F929000
heap
page read and write
7FF5ED9ED000
unkown
page readonly
23CDAC49000
heap
page read and write
8B90000
unkown
page execute and read and write
7FF5ED6DB000
unkown
page readonly
C98F000
unkown
page read and write
9976000
unkown
page read and write
7FF5ED46A000
unkown
page readonly
37D2000
unkown
page read and write
3758000
unkown
page read and write
1821A100000
heap
page read and write
37F9000
unkown
page read and write
C52C000
unkown
page read and write
168E2C5E000
heap
page read and write
CA93000
unkown
page read and write
B7AE000
stack
page read and write
20DE3507000
heap
page read and write
310E000
stack
page read and write
CA7C000
unkown
page read and write
7FF5ED697000
unkown
page readonly
9879000
unkown
page read and write
14370EE7000
heap
page read and write
7FF5ED806000
unkown
page readonly
21060360000
heap
page read and write
20DE3460000
heap
page read and write
9873000
unkown
page read and write
7FF5ED586000
unkown
page readonly
7FF5ED337000
unkown
page readonly
168E3189000
heap
page read and write
CB79000
unkown
page read and write
151BF3C0000
heap
page read and write
B6A0000
heap
page read and write
7FF5ED2A4000
unkown
page readonly
2202B8E000
stack
page read and write
23CD8BF9000
heap
page read and write
A361000
unkown
page read and write
15FE000
stack
page read and write
1F3842B0000
heap
page read and write
7DF4F3061000
unkown
page execute read
AADB000
unkown
page read and write
E053CFF000
stack
page read and write
C6BF000
unkown
page read and write
1230000
unkown
page read and write
C08A000
stack
page read and write
CB54000
unkown
page read and write
1490000
unkown
page read and write
7DDF000
stack
page read and write
804B27E000
stack
page read and write
7E8E6FE000
stack
page read and write
CA4C000
unkown
page read and write
A26587E000
stack
page read and write
7C80000
unkown
page read and write
21060170000
heap
page read and write
7FF5ED9C6000
unkown
page readonly
C6F2000
unkown
page read and write
31E0000
unkown
page execute and read and write
20470530000
heap
page read and write
CB89000
unkown
page read and write
B6D0000
unkown
page execute and read and write
C5AA000
unkown
page read and write
7FF5ED2A9000
unkown
page readonly
20BDDE48000
heap
page read and write
7852000
unkown
page read and write
1821A200000
heap
page read and write
79D3000
unkown
page read and write
7F40000
unkown
page readonly
20BDDE48000
heap
page read and write
9FD0000
unkown
page execute and read and write
36D3000
stack
page read and write
168E2AB4000
heap
page read and write
7FF5ED625000
unkown
page readonly
7FF5ED3F3000
unkown
page readonly
76A0000
unkown
page read and write
168E3179000
heap
page read and write
7FF5ECED2000
unkown
page readonly
168E3179000
heap
page read and write
31EA000
heap
page read and write
7FF5ED806000
unkown
page readonly
37F6000
unkown
page read and write
267CFE50000
heap
page read and write
183AA240000
heap
page read and write
7FF5ED70C000
unkown
page readonly
C10000
unkown
page readonly
1340000
unkown
page execute and read and write
7FF5ED6DB000
unkown
page readonly
7FF5ED1BC000
unkown
page readonly
906E000
stack
page read and write
797D000
unkown
page read and write
7FF5ED8C6000
unkown
page readonly
4CB0000
unkown
page read and write
7FF5ED961000
unkown
page readonly
56C3000
unkown
page read and write
8C40000
unkown
page readonly
31C0000
unkown
page execute and read and write
1E22C525000
heap
page read and write
23CDA550000
heap
page read and write
9977000
unkown
page read and write
143714C9000
heap
page read and write
9893000
unkown
page read and write
C6C9000
unkown
page read and write
986F000
unkown
page read and write
143714C8000
heap
page read and write
CA04000
unkown
page read and write
18FDC050000
heap
page read and write
CB85000
unkown
page read and write
CA9A000
unkown
page read and write
23CDAC34000
heap
page read and write
F6D2000
unkown
page read and write
CA08000
unkown
page read and write
AB5C000
unkown
page read and write
CB89000
unkown
page read and write
34E8000
stack
page read and write
26B8F820000
heap
page read and write
37A0000
unkown
page read and write
4B56000
unkown
page read and write
965C000
stack
page read and write
B22B000
stack
page read and write
88EE000
stack
page read and write
7FF5ED471000
unkown
page readonly
B170000
unkown
page readonly
3290000
unkown
page read and write
B140000
unkown
page readonly
7FF5ED956000
unkown
page readonly
143714B3000
heap
page read and write
23CDAC49000
heap
page read and write
7A34000
unkown
page read and write
FC1D000
unkown
page read and write
96EFBFF000
unkown
page read and write
7FFDFAA98000
unkown
page read and write
7FF5ED81B000
unkown
page readonly
23CD8B8A000
heap
page read and write
7FF5ED93E000
unkown
page readonly
CA94000
unkown
page read and write
37F2000
unkown
page read and write
AAF9000
unkown
page read and write
7FF5ED86B000
unkown
page readonly
1DB02DF0000
heap
page read and write
7E11000
unkown
page read and write
168E317D000
heap
page read and write
23CDAC49000
heap
page read and write
CA04000
unkown
page read and write
B2F68FF000
stack
page read and write
9795000
unkown
page read and write
21292030000
heap
page read and write
7FF5ED3EA000
unkown
page readonly
1EA79CD0000
heap
page read and write
C10A000
stack
page read and write
7FF5ED818000
unkown
page readonly
7FF5ED872000
unkown
page readonly
1230000
unkown
page read and write
CA18000
unkown
page read and write
168E2C53000
heap
page read and write
35A0000
unkown
page readonly
A39B000
unkown
page read and write
9883000
unkown
page read and write
1BAD71D5000
heap
page read and write
3D00DDB000
stack
page read and write
7FF5ED4E8000
unkown
page readonly
3190000
unkown
page execute and read and write
CA04000
unkown
page read and write
7FF5ED7FD000
unkown
page readonly
BC9B000
stack
page read and write
7FF5EDA31000
unkown
page readonly
21060195000
heap
page read and write
7FF5ED4C2000
unkown
page readonly
982D000
unkown
page read and write
4C60000
unkown
page read and write
B0BD2FF000
stack
page read and write
14372DC2000
heap
page read and write
14371135000
heap
page read and write
37F2000
unkown
page read and write
1440000
unkown
page read and write
26B8F930000
heap
page read and write
AF8D000
stack
page read and write
14370EFE000
heap
page read and write
7FF5ED928000
unkown
page readonly
9A10000
unkown
page read and write
168E2C57000
heap
page read and write
20BDDDC0000
heap
page read and write
986B000
unkown
page read and write
79D3000
unkown
page read and write
168E3179000
heap
page read and write
7FF5ED64F000
unkown
page readonly
987B000
unkown
page read and write
9DED000
stack
page read and write
C8E1000
unkown
page read and write
B10D000
stack
page read and write
36F0000
unkown
page readonly
8850000
unkown
page execute and read and write
1350000
unkown
page read and write
168E316B000
heap
page read and write
7FF5ED476000
unkown
page readonly
CB29000
unkown
page read and write
7DF4F3071000
unkown
page execute read
A21E000
stack
page read and write
AAD1000
unkown
page read and write
9879000
unkown
page read and write
11D0000
unkown
page execute and read and write
2DCC000
stack
page read and write
7FF5ED9FF000
unkown
page readonly
A4AE000
unkown
page read and write
7FF5ED495000
unkown
page readonly
A50B000
unkown
page read and write
4CB0000
unkown
page read and write
1BAD70E0000
heap
page read and write
CB6C000
unkown
page read and write
9869000
unkown
page read and write
C6C9000
unkown
page read and write
143714C8000
heap
page read and write
133D000
heap
page read and write
3795000
unkown
page read and write
36D5000
stack
page read and write
7FF5ED62F000
unkown
page readonly
14BE000
stack
page read and write
9879000
unkown
page read and write
37AC000
unkown
page read and write
10C0000
unkown
page readonly
3D0107F000
stack
page read and write
F7D4000
unkown
page read and write
C57000
unkown
page readonly
14372DC4000
heap
page read and write
E4165BD000
stack
page read and write
14072370000
heap
page read and write
168E316B000
heap
page read and write
8B70000
unkown
page execute and read and write
7FF5ED669000
unkown
page readonly
88EE000
stack
page read and write
379E000
unkown
page read and write
F6E9000
unkown
page read and write
5F5DA7F000
stack
page read and write
A4A1000
unkown
page read and write
1DB02BE0000
heap
page read and write
7FF5ED7DB000
unkown
page readonly
CB51000
unkown
page read and write
8810000
unkown
page execute and read and write
C6C000
unkown
page read and write
9883000
unkown
page read and write
8BF0000
unkown
page readonly
7FF5ED33F000
unkown
page readonly
9875000
unkown
page read and write
7FF5ED8E2000
unkown
page readonly
CA6D000
unkown
page read and write
151BF130000
heap
page read and write
CB92000
unkown
page read and write
2106017B000
heap
page read and write
EDC019C000
stack
page read and write
7DF4F3061000
unkown
page execute read
37F9000
unkown
page read and write
168E317C000
heap
page read and write
9885000
unkown
page read and write
7FF5D1CD4000
unkown
page readonly
F75B000
unkown
page read and write
CB29000
unkown
page read and write
1240000
heap
page read and write
31B0000
unkown
page execute and read and write
7FF5ED821000
unkown
page readonly
9FB0000
unkown
page execute and read and write
7FF5ED990000
unkown
page readonly
168E3181000
heap
page read and write
97C3000
unkown
page read and write
20DE35E0000
heap
page read and write
7FF5ED9CC000
unkown
page readonly
7900000
unkown
page read and write
4BC9000
unkown
page read and write
7E60000
unkown
page read and write
168E2A5F000
heap
page read and write
23CD8BE5000
heap
page read and write
7FF5ED3EA000
unkown
page readonly
23CDA4BE000
direct allocation
page read and write
3190000
unkown
page execute and read and write
3210000
unkown
page read and write
9F1E000
stack
page read and write
14372DD4000
heap
page read and write
7FF5ED986000
unkown
page readonly
7FF5ED4A1000
unkown
page readonly
AB03000
unkown
page read and write
C512000
unkown
page read and write
C4A0000
unkown
page read and write
785B000
unkown
page read and write
1F384210000
heap
page read and write
B629000
stack
page read and write
96DF000
unkown
page read and write
CB79000
unkown
page read and write
3756000
unkown
page read and write
168E2AA7000
heap
page read and write
7FF5ED91A000
unkown
page readonly
CA04000
unkown
page read and write
7FF5ED4E8000
unkown
page readonly
CA47000
unkown
page read and write
23CDA4D0000
heap
page readonly
7FF5ED507000
unkown
page readonly
7FF5ED5EB000
unkown
page readonly
168E3179000
heap
page read and write
CB6F000
unkown
page read and write
2AEDB3C000
stack
page read and write
7FF5ED750000
unkown
page readonly
ED1E000
stack
page read and write
C9DB000
unkown
page read and write
3797000
unkown
page read and write
CB32000
unkown
page read and write
4BC9000
unkown
page read and write
7A34000
unkown
page read and write
7B80000
unkown
page read and write
7FF5ED295000
unkown
page readonly
14370F10000
heap
page read and write
7FF5ED779000
unkown
page readonly
14370EF8000
heap
page read and write
18219F00000
heap
page read and write
1EA79AA0000
heap
page read and write
7FF5ED3CE000
unkown
page readonly
B08D000
stack
page read and write
20BDDE34000
heap
page read and write
168E2C52000
heap
page read and write
4C4B000
unkown
page read and write
168E2C5A000
heap
page read and write
370C000
unkown
page read and write
7FF5ED937000
unkown
page readonly
818E000
stack
page read and write
7FF5ED961000
unkown
page readonly
1360000
unkown
page execute and read and write
C9C3000
unkown
page read and write
31CF000
stack
page read and write
7FF5ED8FF000
unkown
page readonly
8810000
unkown
page execute and read and write
3748000
unkown
page read and write
20BDDE48000
heap
page read and write
4CD0000
unkown
page read and write
9877000
unkown
page read and write
CA04000
unkown
page read and write
7FF5ED1BC000
unkown
page readonly
14520FE000
stack
page read and write
7FF5D1CCD000
unkown
page readonly
7FF5ED205000
unkown
page readonly
7CD0000
unkown
page read and write
B190000
unkown
page read and write
AB5D000
unkown
page read and write
14372DC6000
heap
page read and write
BDC0000
unkown
page readonly
7FF5ED41C000
unkown
page readonly
CB18000
unkown
page read and write
7FF5ED97E000
unkown
page readonly
37B0000
unkown
page read and write
7FF5ED9C8000
unkown
page readonly
CA74000
unkown
page read and write
A361000
unkown
page read and write
2275F760000
heap
page read and write
4BA6000
unkown
page read and write
B8C0000
unkown
page readonly
14372DC1000
heap
page read and write
18FDC280000
heap
page read and write
F7D4000
unkown
page read and write
B650000
unkown
page read and write
7FF5ED4C6000
unkown
page readonly
C9A1000
unkown
page read and write
3797000
unkown
page read and write
9B20000
unkown
page execute and read and write
2202E7E000
stack
page read and write
168E3164000
heap
page read and write
B22B000
stack
page read and write
7FF5ED349000
unkown
page readonly
98A1000
unkown
page read and write
7FF5ED975000
unkown
page readonly
7FF5ED81B000
unkown
page readonly
7FF5ED3CE000
unkown
page readonly
923E000
stack
page read and write
3800000
unkown
page readonly
C9D3000
unkown
page read and write
8B70000
unkown
page execute and read and write
143714C8000
heap
page read and write
168E2C50000
heap
page read and write
7FF5ED5C9000
unkown
page readonly
143B000
stack
page read and write
C7C5000
unkown
page read and write
7FF5ED1CB000
unkown
page readonly
7DF4877C0000
direct allocation
page execute read
1EA79A70000
heap
page read and write
CB6F000
unkown
page read and write
1E22C500000
heap
page read and write
B82A000
stack
page read and write
7FF5ED928000
unkown
page readonly
7FF5ED750000
unkown
page readonly
C6F8000
unkown
page read and write
7DF4F3030000
unkown
page readonly
168E3169000
heap
page read and write
97A9000
unkown
page read and write
7857000
unkown
page read and write
8F90000
unkown
page execute and read and write
9A10000
unkown
page read and write
23CD8BB8000
heap
page read and write
77AD17F000
stack
page read and write
20BDDE4E000
heap
page read and write
8BA0000
unkown
page readonly
7A34000
unkown
page read and write
CB51000
unkown
page read and write
1360000
unkown
page execute and read and write
14370EC2000
heap
page read and write
CB6F000
unkown
page read and write
23CDAA54000
heap
page read and write
37AC000
unkown
page read and write
7FF5ED810000
unkown
page readonly
7FF5ED5F7000
unkown
page readonly
89C0000
unkown
page read and write
CA04000
unkown
page read and write
168E2AA7000
heap
page read and write
2275F8C5000
heap
page read and write
3797000
unkown
page read and write
7FF5ED692000
unkown
page readonly
AF8D000
stack
page read and write
212921E0000
heap
page read and write
1DB02C05000
heap
page read and write
974AB7E000
stack
page read and write
132C000
heap
page read and write
C9D3000
unkown
page read and write
23CD8BB8000
heap
page read and write
2202EFE000
stack
page read and write
20DE3380000
heap
page read and write
7FF5ED793000
unkown
page readonly
1451000
unkown
page readonly
4C50000
unkown
page read and write
18FDC090000
heap
page read and write
978E000
unkown
page read and write
23CD8B0F000
heap
page read and write
168E4A60000
heap
page read and write
7FF5ED5A8000
unkown
page readonly
953F000
stack
page read and write
8000000
unkown
page read and write
7FF5ED451000
unkown
page readonly
CA08000
unkown
page read and write
C6E3000
unkown
page read and write
CB79000
unkown
page read and write
C57F000
unkown
page read and write
4B9ACFF000
stack
page read and write
CA20000
unkown
page read and write
8810000
unkown
page execute and read and write
786B000
unkown
page read and write
7D00000
unkown
page readonly
76A0000
unkown
page read and write
14372DD4000
heap
page read and write
7FFDFAA9D000
unkown
page readonly
9550000
unkown
page readonly
C6E3000
unkown
page read and write
2FC0000
heap
page read and write
C9A3000
unkown
page read and write
3791000
unkown
page read and write
7FF5ED28E000
unkown
page readonly
C6C1000
unkown
page read and write
7FF5ED40D000
unkown
page readonly
9A5B000
unkown
page read and write
C9A8000
unkown
page read and write
7FF5ED755000
unkown
page readonly
C811000
unkown
page read and write
896B000
stack
page read and write
168E2DA0000
heap
page read and write
C92D000
unkown
page read and write
10B41000
unkown
page read and write
20BDDE23000
heap
page read and write
7FF5ED74A000
unkown
page readonly
79FB000
unkown
page read and write
7863000
unkown
page read and write
C6CF000
unkown
page read and write
7FF5ED7D6000
unkown
page readonly
B150000
unkown
page read and write
9871000
unkown
page read and write
30718FD000
stack
page read and write
5641000
unkown
page read and write
7CC0000
unkown
page readonly
9139000
stack
page read and write
23CDA481000
direct allocation
page execute read
8710000
unkown
page readonly
7FF5ED516000
unkown
page readonly
CA08000
unkown
page read and write
FC2A000
unkown
page read and write
7865000
unkown
page read and write
7869000
unkown
page read and write
3190000
unkown
page execute and read and write
787C000
unkown
page read and write
8720000
unkown
page readonly
CB8B000
unkown
page read and write
3659000
stack
page read and write
C9E0000
unkown
page read and write
A21E000
stack
page read and write
3756000
unkown
page read and write
7FF5ED6A5000
unkown
page readonly
7FF5ED86B000
unkown
page readonly
EB00000
unkown
page read and write
37AC000
unkown
page read and write
7869000
unkown
page read and write
9883000
unkown
page read and write
9875000
unkown
page read and write
20BDDE24000
heap
page read and write
7FF5EDA76000
unkown
page readonly
E053BFF000
unkown
page read and write
7FFDFA8A1000
unkown
page execute read
CA63000
unkown
page read and write
8820000
unkown
page execute and read and write
CA9A000
unkown
page read and write
8810000
unkown
page execute and read and write
9879000
unkown
page read and write
23CDA9D0000
remote allocation
page read and write
20BDDE32000
heap
page read and write
139B000
heap
page read and write
7E8E77E000
stack
page read and write
20470630000
heap
page read and write
8FB0000
unkown
page execute and read and write
31E0000
heap
page read and write
20BDDE4C000
heap
page read and write
1095000
stack
page read and write
9881000
unkown
page read and write
14370D90000
heap
page read and write
26B8FB30000
heap
page read and write
7FF5ED867000
unkown
page readonly
7FF5ED092000
unkown
page readonly
7FF5ED803000
unkown
page readonly
168E3164000
heap
page read and write
7DF4F3030000
unkown
page readonly
A19F000
stack
page read and write
FBD2000
heap
page read and write
804AFBE000
stack
page read and write
1E22C581000
heap
page read and write
14370EC4000
heap
page read and write
7FF5ED885000
unkown
page readonly
14370ED6000
heap
page read and write
6C1A0FF000
unkown
page read and write
FBD0000
heap
page read and write
79FB000
unkown
page read and write
987F000
unkown
page read and write
C561000
unkown
page read and write
3190000
heap
page read and write
7D40000
unkown
page read and write
AAF6000
unkown
page read and write
1381000
unkown
page execute and read and write
3460000
unkown
page execute and read and write
37A0000
unkown
page read and write
14370FB0000
trusted library allocation
page read and write
AB5A000
unkown
page read and write
143714D3000
heap
page read and write
7E50000
unkown
page readonly
AB05000
unkown
page read and write
7FF5EDA14000
unkown
page readonly
7DF4F3040000
unkown
page readonly
7FF5ED91A000
unkown
page readonly
37B0000
unkown
page read and write
906E000
stack
page read and write
784A000
unkown
page read and write
77AD0FF000
stack
page read and write
7FF5ED800000
unkown
page readonly
7DF4877B1000
direct allocation
page read and write
C503000
unkown
page read and write
7953000
unkown
page read and write
A37D000
unkown
page read and write
7FF5ED7CF000
unkown
page readonly
3758000
unkown
page read and write
7FF5ED9AE000
unkown
page readonly
7FF5ED8A4000
unkown
page readonly
7FF5ED4B0000
unkown
page readonly
7FF5ED65C000
unkown
page readonly
F75B000
unkown
page read and write
9798000
unkown
page read and write
6C1A1FF000
stack
page read and write
8850000
unkown
page execute and read and write
20470810000
heap
page read and write
987F000
unkown
page read and write
10D0000
heap
page read and write
168E2A10000
heap
page read and write
9877000
unkown
page read and write
7FF5ED939000
unkown
page readonly
23CD8A90000
heap
page read and write
A491000
unkown
page read and write
20DE34EB000
heap
page read and write
CA4A000
unkown
page read and write
4CD0000
unkown
page read and write
4B78000
unkown
page read and write
C507000
unkown
page read and write
7FF5ED426000
unkown
page readonly
CB92000
unkown
page read and write
7FF5ED3D0000
unkown
page readonly
1230000
heap
page read and write
C49E000
stack
page read and write
8F80000
unkown
page execute and read and write
8810000
unkown
page execute and read and write
7FF5ED9B8000
unkown
page readonly
7847000
unkown
page read and write
1BAD7000000
heap
page read and write
168E3184000
heap
page read and write
9798000
unkown
page read and write
FC2A000
unkown
page read and write
7A34000
unkown
page read and write
982D000
unkown
page read and write
33B9000
stack
page read and write
F756000
unkown
page read and write
7FF5ED426000
unkown
page readonly
4B56000
unkown
page read and write
1510000
unkown
page readonly
8F90000
unkown
page execute and read and write
14371617000
heap
page read and write
C557000
unkown
page read and write
7884000
unkown
page read and write
34E9000
stack
page read and write
BD98000
stack
page read and write
9D64000
unkown
page read and write
785F000
unkown
page read and write
7FF5ED849000
unkown
page readonly
F713000
unkown
page read and write
9B30000
unkown
page execute and read and write
7FF5ED43A000
unkown
page readonly
3190000
unkown
page execute and read and write
14072310000
heap
page read and write
B190000
unkown
page read and write
B650000
unkown
page read and write
26B8F740000
heap
page read and write
3319000
stack
page read and write
7FF5ED92C000
unkown
page readonly
143714A8000
heap
page read and write
7FF5ED847000
unkown
page readonly
7FF5ED503000
unkown
page readonly
1E22C57F000
heap
page read and write
7FF5ED5F7000
unkown
page readonly
3748000
unkown
page read and write
168E2C54000
heap
page read and write
18FDC098000
heap
page read and write
37F6000
unkown
page read and write
3758000
unkown
page read and write
23CDAC35000
heap
page read and write
9883000
unkown
page read and write
4BE1000
unkown
page read and write
3070000
heap
page read and write
987F000
unkown
page read and write
8B90000
unkown
page execute and read and write
20BDDE5E000
heap
page read and write
A491000
unkown
page read and write
9A10000
unkown
page read and write
37B0000
unkown
page read and write
9E6C000
stack
page read and write
7FF5ED68F000
unkown
page readonly
DE0000
unkown
page readonly
C54A000
unkown
page read and write
8730000
unkown
page read and write
97AD000
unkown
page read and write
3460000
unkown
page execute and read and write
C6D8000
unkown
page read and write
CB51000
unkown
page read and write
7FF5ED850000
unkown
page readonly
20DE37C0000
heap
page read and write
C507000
unkown
page read and write
7FF5ED449000
unkown
page readonly
FC42000
unkown
page read and write
9875000
unkown
page read and write
87CA000
unkown
page read and write
23CDAC19000
heap
page read and write
8810000
unkown
page execute and read and write
C9DB000
unkown
page read and write
A2658FE000
stack
page read and write
37BD000
unkown
page read and write
9893000
unkown
page read and write
1BAD7100000
heap
page read and write
14072330000
heap
page read and write
14370E90000
heap
page read and write
FBDA000
heap
page read and write
B8B0000
unkown
page read and write
7FF5ED43D000
unkown
page readonly
1F384535000
heap
page read and write
168E2C20000
trusted library allocation
page read and write
CA86000
unkown
page read and write
C811000
unkown
page read and write
7FF5ED418000
unkown
page readonly
FBD0000
heap
page read and write
7FF5ED864000
unkown
page readonly
23CDA650000
direct allocation
page execute and read and write
36D5000
stack
page read and write
8830000
unkown
page execute and read and write
37D2000
unkown
page read and write
7FF5ED980000
unkown
page readonly
986F000
unkown
page read and write
7FF5ED77E000
unkown
page readonly
8B90000
unkown
page execute and read and write
1437113E000
heap
page read and write
7FF5ED77E000
unkown
page readonly
C503000
unkown
page read and write
1437161A000
heap
page read and write
60FD5FF000
stack
page read and write
7FF5ED41C000
unkown
page readonly
37F2000
unkown
page read and write
A37B000
unkown
page read and write
FC28000
unkown
page read and write
BC9B000
stack
page read and write
5641000
unkown
page read and write
7CE0000
unkown
page read and write
CB85000
unkown
page read and write
30CF000
stack
page read and write
CA20000
unkown
page read and write
14370EF8000
heap
page read and write
7FF5ED5CE000
unkown
page readonly
7FF5ED97E000
unkown
page readonly
143714AF000
heap
page read and write
32CF000
stack
page read and write
2F8E000
stack
page read and write
1E22C558000
heap
page read and write
14370FB0000
trusted library allocation
page read and write
7FF5ED76D000
unkown
page readonly
7FF5ED28F000
unkown
page readonly
9FC0000
unkown
page execute and read and write
3791000
unkown
page read and write
60FD17C000
stack
page read and write
168E2E00000
heap
page read and write
7FF5ED660000
unkown
page readonly
37AE000
unkown
page read and write
977A000
unkown
page read and write
7FF5ED73D000
unkown
page readonly
7FF5ED8E2000
unkown
page readonly
7DF4F3031000
unkown
page execute read
7FF5ED433000
unkown
page readonly
23CDA480000
direct allocation
page read and write
7FF5ED695000
unkown
page readonly
987D000
unkown
page read and write
7FF5ED7E9000
unkown
page readonly
FC15000
unkown
page read and write
37D2000
unkown
page read and write
1E22C730000
heap
page read and write
7FF5ED286000
unkown
page readonly
784A000
unkown
page read and write
7FF5ED50A000
unkown
page readonly
FC2C000
unkown
page read and write
1490000
unkown
page read and write
7FF5ED660000
unkown
page readonly
7FF5ED847000
unkown
page readonly
4C34000
unkown
page read and write
CB18000
unkown
page read and write
4C4B000
unkown
page read and write
7FF5ED8E7000
unkown
page readonly
1F384110000
heap
page read and write
7695000
stack
page read and write
C7C5000
unkown
page read and write
78AD000
unkown
page read and write
151BF216000
heap
page read and write
79D3000
unkown
page read and write
4C1E000
unkown
page read and write
AF0C000
stack
page read and write
7FF5ED8AC000
unkown
page readonly
7FFD000
stack
page read and write
168E2AA5000
heap
page read and write
76C0000
unkown
page read and write
14370EF8000
heap
page read and write
BBC7000
unkown
page execute and read and write
7FF5ED9D2000
unkown
page readonly
89C0000
unkown
page read and write
1BAD71E0000
heap
page read and write
7FF5EDA0D000
unkown
page readonly
97D4000
unkown
page read and write
168E3159000
heap
page read and write
BDC0000
unkown
page readonly
9875000
unkown
page read and write
23CD8B08000
heap
page read and write
9ADD000
stack
page read and write
BBA5000
unkown
page execute and read and write
C6D8000
unkown
page read and write
96EFCFF000
stack
page read and write
9873000
unkown
page read and write
B5AE000
stack
page read and write
1EA79AAB000
heap
page read and write
A37D000
unkown
page read and write
23CDAA33000
heap
page read and write
143714B6000
heap
page read and write
30719FF000
stack
page read and write
14370FB0000
trusted library allocation
page read and write
8DA0000
unkown
page read and write
7FF5EDA31000
unkown
page readonly
7FF5ED87D000
unkown
page readonly
8810000
unkown
page execute and read and write
3460000
unkown
page execute and read and write
7FF5ED8E7000
unkown
page readonly
7A34000
unkown
page read and write
14370EC7000
heap
page read and write
C561000
unkown
page read and write
E7F26FE000
stack
page read and write
5590000
unkown
page write copy
9FE0000
unkown
page execute and read and write
3209000
stack
page read and write
14372DC0000
heap
page read and write
7DF4F3040000
unkown
page readonly
8EC6000
unkown
page read and write
7FF5EDA2A000
unkown
page readonly
B640000
unkown
page read and write
97B5000
unkown
page read and write
7FF5ED6BB000
unkown
page readonly
BD1D000
stack
page read and write
CA90000
unkown
page read and write
9702000
unkown
page read and write
B6F0000
unkown
page execute and read and write
143714A0000
heap
page read and write
183AA490000
heap
page read and write
BA20000
unkown
page read and write
9A5B000
unkown
page read and write
A4B8000
unkown
page read and write
C57F000
unkown
page read and write
23CD8B8C000
heap
page read and write
7FF5ED433000
unkown
page readonly
168E2C5E000
heap
page read and write
C9DB000
unkown
page read and write
7FF5ED986000
unkown
page readonly
7FF5ED286000
unkown
page readonly
7FF5ED735000
unkown
page readonly
1437161A000
heap
page read and write
14370EA8000
heap
page read and write
F794000
unkown
page read and write
7FF5ED4EF000
unkown
page readonly
7FF5ED996000
unkown
page readonly
7FF5ED7CF000
unkown
page readonly
168E3150000
heap
page read and write
C9F3000
unkown
page read and write
1437161A000
heap
page read and write
1821A0E0000
heap
page read and write
3D0127E000
stack
page read and write
37AE000
unkown
page read and write
D1592FF000
unkown
page read and write
14370EF8000
heap
page read and write
7FFDFAA5F000
unkown
page read and write
7FF5ED5A8000
unkown
page readonly
23CDAC34000
heap
page read and write
23CDAC49000
heap
page read and write
7FF5EDA14000
unkown
page readonly
804AF3C000
stack
page read and write
7FF5ED3D0000
unkown
page readonly
7CA0000
unkown
page read and write
143714C8000
heap
page read and write
7FF5ED3A7000
unkown
page readonly
7FF5ED94A000
unkown
page readonly
9881000
unkown
page read and write
21292050000
heap
page read and write
7D40000
unkown
page read and write
209C6510000
heap
page read and write
4C18000
unkown
page read and write
14370EA8000
heap
page read and write
4B90000
unkown
page read and write
7FF5ED814000
unkown
page readonly
AB0D000
unkown
page read and write
CB0C000
unkown
page read and write
C9A1000
unkown
page read and write
CB79000
unkown
page read and write
7FF5ED7E0000
unkown
page readonly
1480000
heap
page read and write
9869000
unkown
page read and write
143714CC000
heap
page read and write
14370F05000
heap
page read and write
168E2A68000
heap
page read and write
379E000
unkown
page read and write
AAF6000
unkown
page read and write
4B8B000
unkown
page read and write
23CDAA32000
heap
page read and write
308A000
stack
page read and write
7FF5ED674000
unkown
page readonly
1483000
heap
page read and write
965C000
stack
page read and write
9E6C000
stack
page read and write
987D000
unkown
page read and write
8720000
unkown
page readonly
3791000
unkown
page read and write
7FF5ED697000
unkown
page readonly
7FF5ED4BB000
unkown
page readonly
79FB000
unkown
page read and write
7F2E000
stack
page read and write
1E22C54B000
heap
page read and write
785F000
unkown
page read and write
2AEDFFF000
stack
page read and write
91B9000
stack
page read and write
143714D9000
heap
page read and write
3190000
unkown
page execute and read and write
143714D9000
heap
page read and write
20470658000
heap
page read and write
A310000
unkown
page read and write
9A5B000
unkown
page read and write
4C50000
unkown
page read and write
7E60000
unkown
page read and write
2202B07000
stack
page read and write
C08A000
stack
page read and write
78A0000
unkown
page read and write
8D6B000
stack
page read and write
14370EF8000
heap
page read and write
3460000
unkown
page execute and read and write
B0BD1FE000
unkown
page read and write
151BF1F0000
heap
page read and write
14370F90000
heap
page read and write
7DF487770000
direct allocation
page readonly
20BDDE29000
heap
page read and write
3071A7F000
stack
page read and write
14372DCE000
heap
page read and write
1360000
unkown
page execute and read and write
7FF5ED4EF000
unkown
page readonly
36D3000
stack
page read and write
3450000
unkown
page execute and read and write
14370EC8000
heap
page read and write
9873000
unkown
page read and write
20BDDE32000
heap
page read and write
7FF5ED7D6000
unkown
page readonly
7FF5ED74A000
unkown
page readonly
168E4A50000
heap
page read and write
AAF2000
unkown
page read and write
14370EFE000
heap
page read and write
8B70000
unkown
page execute and read and write
B120000
unkown
page execute and read and write
1332000
heap
page read and write
79D3000
unkown
page read and write
7DF4F3051000
unkown
page execute read
7FFDFA9D1000
unkown
page readonly
143714D1000
heap
page read and write
21060340000
heap
page read and write
14370EE6000
heap
page read and write
A433000
unkown
page read and write
C5A3000
unkown
page read and write
183AA2DB000
heap
page read and write
7FF5ED80C000
unkown
page readonly
4BE1000
unkown
page read and write
14372DD4000
heap
page read and write
37B0000
unkown
page read and write
168E3160000
heap
page read and write
14370EFC000
heap
page read and write
BDD0000
unkown
page readonly
168E315C000
heap
page read and write
23CDA4B6000
direct allocation
page read and write
23CDAC30000
heap
page read and write
4BDC000
unkown
page read and write
7CE0000
unkown
page read and write
7FF5ED476000
unkown
page readonly
7695000
stack
page read and write
31F0000
unkown
page execute and read and write
7FF5ED586000
unkown
page readonly
8000000
unkown
page read and write
20470815000
heap
page read and write
7FF5ED5CE000
unkown
page readonly
C51E000
unkown
page read and write
3151000
unkown
page read and write
FBD2000
heap
page read and write
23CDA4C0000
direct allocation
page read and write
90F0000
unkown
page execute and read and write
C50A000
unkown
page read and write
1BAD71D0000
heap
page read and write
3220000
unkown
page readonly
7FF5ED71B000
unkown
page readonly
B6E0000
unkown
page execute and read and write
987D000
unkown
page read and write
168E316B000
heap
page read and write
C5AA000
unkown
page read and write
7FF5ED87D000
unkown
page readonly
7FF5ED4FD000
unkown
page readonly
E7F277F000
stack
page read and write
A4FC000
unkown
page read and write
9830000
unkown
page read and write
168E2A8B000
heap
page read and write
CC14000
unkown
page read and write
56D9000
unkown
page read and write
7FF5ED8BB000
unkown
page readonly
1B891EE0000
heap
page read and write
BD1D000
stack
page read and write
7FF5ED980000
unkown
page readonly
1437161B000
heap
page read and write
3700000
unkown
page read and write
7FF5ED85F000
unkown
page readonly
F6E9000
unkown
page read and write
B180000
unkown
page execute and read and write
168E3179000
heap
page read and write
3748000
unkown
page read and write
7FF5ED4DF000
unkown
page readonly
CA4F000
unkown
page read and write
7FF5ED625000
unkown
page readonly
7FF5EDA2A000
unkown
page readonly
11C0000
unkown
page read and write
20BDE0E5000
heap
page read and write
37A8000
unkown
page read and write
8210000
unkown
page read and write
21291E60000
heap
page read and write
CB89000
unkown
page read and write
CB92000
unkown
page read and write
7FF5ED93E000
unkown
page readonly
23CDAC30000
heap
page read and write
31A0000
unkown
page execute and read and write
7FF5ED743000
unkown
page readonly
7FF5ED9A6000
unkown
page readonly
21060500000
heap
page read and write
C964000
unkown
page read and write
14370EF4000
heap
page read and write
37BD000
unkown
page read and write
23CD8A85000
heap
page read and write
974AA7D000
stack
page read and write
8F90000
unkown
page execute and read and write
168E2AB1000
heap
page read and write
A26597E000
stack
page read and write
A11F000
stack
page read and write
20BDDE22000
heap
page read and write
79B5000
unkown
page read and write
9A5B000
unkown
page read and write
7FF5ED93B000
unkown
page readonly
C9F3000
unkown
page read and write
7FF5ED4F3000
unkown
page readonly
BAF9000
stack
page read and write
B2F66FC000
stack
page read and write
143714B4000
heap
page read and write
20BDDE48000
heap
page read and write
7FF5ED755000
unkown
page readonly
7FF5ED46A000
unkown
page readonly
23CDA4C8000
direct allocation
page read and write
7F2E000
stack
page read and write
7FF5ED77C000
unkown
page readonly
8B80000
unkown
page execute and read and write
1B8921A5000
heap
page read and write
7FF5EDA11000
unkown
page readonly
7F30000
unkown
page read and write
5F5D67E000
stack
page read and write
96EFAFB000
stack
page read and write
9DED000
stack
page read and write
23CDAC49000
heap
page read and write
CA42000
unkown
page read and write
7FF5ED33F000
unkown
page readonly
8710000
unkown
page readonly
1F384530000
heap
page read and write
1821A210000
heap
page read and write
31D0000
unkown
page execute and read and write
14370EF3000
heap
page read and write
7FF5ED2A4000
unkown
page readonly
379E000
unkown
page read and write
9AE0000
unkown
page execute and read and write
CA7C000
unkown
page read and write
CA14000
unkown
page read and write
7FF5ED39E000
unkown
page readonly
7FF5ED9E1000
unkown
page readonly
37F2000
unkown
page read and write
14370EF2000
heap
page read and write
168E2A63000
heap
page read and write
2F1E000
stack
page read and write
168E2A89000
heap
page read and write
7FF5ED519000
unkown
page readonly
3171000
unkown
page read and write
C54A000
unkown
page read and write
7DF4F3050000
unkown
page readonly
785D000
unkown
page read and write
168E317F000
heap
page read and write
7FF5ED670000
unkown
page readonly
CA14000
unkown
page read and write
BDA0000
unkown
page readonly
7FF5ED692000
unkown
page readonly
5F5D3BB000
stack
page read and write
C57000
unkown
page readonly
23CDAC34000
heap
page read and write
7D20000
unkown
page readonly
23CDAC49000
heap
page read and write
7847000
unkown
page read and write
8810000
unkown
page execute and read and write
1387000
heap
page read and write
7FFDFAAAD000
unkown
page readonly
A33E000
unkown
page read and write
209C6770000
heap
page read and write
20BDDE08000
heap
page read and write
23CD8B4D000
heap
page read and write
4CE0000
unkown
page read and write
7FF5ED7FD000
unkown
page readonly
31D0000
unkown
page execute and read and write
1B891EC0000
heap
page read and write
379E000
unkown
page read and write
3756000
unkown
page read and write
7FF5ED602000
unkown
page readonly
5F5D767000
stack
page read and write
7C80000
unkown
page read and write
C6F4000
unkown
page read and write
31A0000
unkown
page execute and read and write
8BF0000
unkown
page readonly
23CD8BA9000
heap
page read and write
FCC000
stack
page read and write
3D0117E000
stack
page read and write
C88B000
unkown
page read and write
7FF5ED337000
unkown
page readonly
7FF5ED279000
unkown
page readonly
C563000
unkown
page read and write
8FB9000
stack
page read and write
7FF5ED4DF000
unkown
page readonly
7FF5ED68C000
unkown
page readonly
7FF5ED73D000
unkown
page readonly
7FF5EDA70000
unkown
page readonly
3797000
unkown
page read and write
21291E86000
heap
page read and write
98A1000
unkown
page read and write
18219F25000
heap
page read and write
9A10000
unkown
page read and write
23CDAA50000
heap
page read and write
168E3166000
heap
page read and write
CA86000
unkown
page read and write
7FF5EDA53000
unkown
page readonly
30715C7000
stack
page read and write
CA63000
unkown
page read and write
C9E3000
unkown
page read and write
3590000
unkown
page read and write
7FF5ED915000
unkown
page readonly
1505000
heap
page read and write
7FF5ED71B000
unkown
page readonly
168E2AA7000
heap
page read and write
A379000
unkown
page read and write
7FF5EDA0D000
unkown
page readonly
C52C000
unkown
page read and write
A4FC000
unkown
page read and write
1500000
heap
page read and write
4CC0000
unkown
page read and write
A33E000
unkown
page read and write
307197E000
stack
page read and write
143714AC000
heap
page read and write
18219F27000
heap
page read and write
37F9000
unkown
page read and write
23CDAC30000
heap
page read and write
7FF5ED48A000
unkown
page readonly
14370EC7000
heap
page read and write
7DF4F3051000
unkown
page execute read
7FF5ED9A1000
unkown
page readonly
21060150000
heap
page read and write
7FF5ED71E000
unkown
page readonly
36F0000
unkown
page readonly
3450000
unkown
page execute and read and write
7FF5ED40D000
unkown
page readonly
CA14000
unkown
page read and write
89E0000
unkown
page read and write
14370EAE000
heap
page read and write
B8B0000
unkown
page read and write
7FF5ED8C1000
unkown
page readonly
7FF5ED4A1000
unkown
page readonly
14372DC3000
heap
page read and write
168E3180000
heap
page read and write
18FDC060000
heap
page read and write
89E0000
unkown
page read and write
23CDAC19000
heap
page read and write
FC00000
unkown
page read and write
168E2A00000
heap
page read and write
AB51000
unkown
page read and write
A502000
unkown
page read and write
168E3184000
heap
page read and write
23CD8B6A000
heap
page read and write
7FF5ED933000
unkown
page readonly
168E316B000
heap
page read and write
23CDAC19000
heap
page read and write
C4D0000
unkown
page read and write
C84D000
unkown
page read and write
7FF5ED1B6000
unkown
page readonly
C6F8000
unkown
page read and write
BDD0000
unkown
page readonly
168E2A9B000
heap
page read and write
14372DCD000
heap
page read and write
7979000
unkown
page read and write
7FF5EDA38000
unkown
page readonly
8730000
unkown
page read and write
7E11000
unkown
page read and write
7FF5ED412000
unkown
page readonly
20BDDE32000
heap
page read and write
7FF5ED9E1000
unkown
page readonly
B120000
unkown
page execute and read and write
BAF9000
stack
page read and write
7977000
unkown
page read and write
A379000
unkown
page read and write
1240000
heap
page read and write
B8AB000
stack
page read and write
11D0000
unkown
page execute and read and write
7FF5ED679000
unkown
page readonly
7DF4F3041000
unkown
page execute read
C4D0000
unkown
page read and write
7FF5EDA11000
unkown
page readonly
56C3000
unkown
page read and write
23CD8BA9000
heap
page read and write
FC2A000
unkown
page read and write
267CFB87000
heap
page read and write
7FF5ED59E000
unkown
page readonly
9100000
unkown
page execute and read and write
20BDDE48000
heap
page read and write
7CD0000
unkown
page read and write
7FF5ED8B4000
unkown
page readonly
9795000
unkown
page read and write
C41F000
stack
page read and write
FC2C000
unkown
page read and write
1437161E000
heap
page read and write
14B0000
unkown
page readonly
145207D000
stack
page read and write
7FF5ED4F3000
unkown
page readonly
7E8E67D000
stack
page read and write
1437113B000
heap
page read and write
B140000
unkown
page readonly
37A8000
unkown
page read and write
143714B6000
heap
page read and write
267CFB85000
heap
page read and write
371D000
unkown
page read and write
C84D000
unkown
page read and write
14371130000
heap
page read and write
7FF5D1CCD000
unkown
page readonly
168E2AB4000
heap
page read and write
CB53000
unkown
page read and write
168E2C20000
trusted library allocation
page read and write
7FF5ED5EB000
unkown
page readonly
23CD8BEA000
heap
page read and write
14370F10000
heap
page read and write
F756000
unkown
page read and write
7FF5ED495000
unkown
page readonly
7FF5ED670000
unkown
page readonly
143714C8000
heap
page read and write
18FDC260000
heap
page read and write
7FF5ED59E000
unkown
page readonly
6C19DEB000
stack
page read and write
23CD8BB8000
heap
page read and write
7FF5ED4C6000
unkown
page readonly
1451000
unkown
page readonly
AB51000
unkown
page read and write
B120000
unkown
page read and write
9AF0000
unkown
page execute and read and write
8A6E000
stack
page read and write
151BF218000
heap
page read and write
7DF4F3071000
unkown
page execute read
C962000
unkown
page read and write
4B78000
unkown
page read and write
14370F05000
heap
page read and write
15BF000
stack
page read and write
3795000
unkown
page read and write
A29E000
stack
page read and write
20BDDE22000
heap
page read and write
9881000
unkown
page read and write
C4A0000
unkown
page read and write
23CDAC34000
heap
page read and write
2275F640000
heap
page read and write
168E2A59000
heap
page read and write
23CDAA66000
heap
page read and write
4BE3000
unkown
page read and write
143714AC000
heap
page read and write
3758000
unkown
page read and write
23CD8BDD000
heap
page read and write
37A8000
unkown
page read and write
7FF5EDA0B000
unkown
page readonly
A37B000
unkown
page read and write
209C6775000
heap
page read and write
7FF5ED821000
unkown
page readonly
FC11000
unkown
page read and write
C6F4000
unkown
page read and write
7FF5ED867000
unkown
page readonly
91B9000
stack
page read and write
14370F0B000
heap
page read and write
7FF5ED5C9000
unkown
page readonly
FC12000
unkown
page read and write
9869000
unkown
page read and write
4B93000
unkown
page read and write
7FF5ED4BB000
unkown
page readonly
A391000
unkown
page read and write
A327000
unkown
page read and write
CB53000
unkown
page read and write
168E3184000
heap
page read and write
F6D2000
unkown
page read and write
11B0000
unkown
page execute and read and write
CA4F000
unkown
page read and write
7FF5ED818000
unkown
page readonly
3190000
unkown
page execute and read and write
7FF5ED1CB000
unkown
page readonly
7FF5ED39B000
unkown
page readonly
1EA79AC7000
heap
page read and write
14370E99000
heap
page read and write
CB92000
unkown
page read and write
168E316B000
heap
page read and write
168E2C5B000
heap
page read and write
7FF5EDA76000
unkown
page readonly
1EA79CC0000
heap
page read and write
7FF5ED7C4000
unkown
page readonly
C6F2000
unkown
page read and write
20BDDDA0000
heap
page read and write
78A0000
unkown
page read and write
7FF5ED265000
unkown
page readonly
168E2C20000
trusted library allocation
page read and write
3791000
unkown
page read and write
7FF5ED602000
unkown
page readonly
7E50000
unkown
page readonly
3791000
unkown
page read and write
168E2AA7000
heap
page read and write
CB92000
unkown
page read and write
168E2A30000
heap
page read and write
9830000
unkown
page read and write
C9D0000
unkown
page read and write
CA83000
unkown
page read and write
3090000
heap
page read and write
7FF5ED556000
unkown
page readonly
E41687E000
stack
page read and write
1DB02C20000
heap
page read and write
1B891F00000
heap
page read and write
89A0000
unkown
page read and write
3756000
unkown
page read and write
1380000
heap
page read and write
C88B000
unkown
page read and write
7FF5ED409000
unkown
page readonly
2275F660000
heap
page read and write
4CC0000
unkown
page read and write
168E2C5A000
heap
page read and write
7FFDFA8A0000
unkown
page readonly
8210000
unkown
page read and write
96DF000
unkown
page read and write
7FF5ED534000
unkown
page readonly
267CFB6B000
heap
page read and write
7FF5ED445000
unkown
page readonly
1EA79AC5000
heap
page read and write
168E3161000
heap
page read and write
3748000
unkown
page read and write
7FF5ED9CA000
unkown
page readonly
9885000
unkown
page read and write
C9CB000
unkown
page read and write
3220000
unkown
page readonly
AAFA000
unkown
page read and write
B10D000
stack
page read and write
FC1E000
unkown
page read and write
FBDA000
heap
page read and write
4C34000
unkown
page read and write
168E2A9A000
heap
page read and write
4BA6000
unkown
page read and write
CA14000
unkown
page read and write
987D000
unkown
page read and write
21291E6B000
heap
page read and write
143714D2000
heap
page read and write
1505000
heap
page read and write
987F000
unkown
page read and write
9881000
unkown
page read and write
7FF5ED64C000
unkown
page readonly
986B000
unkown
page read and write
4C18000
unkown
page read and write
7FF5ED5C5000
unkown
page readonly
7FF5ED71E000
unkown
page readonly
1DB02C00000
heap
page read and write
143714B1000
heap
page read and write
37F6000
unkown
page read and write
7FF5ED800000
unkown
page readonly
18219F0B000
heap
page read and write
A310000
unkown
page read and write
C893000
unkown
page read and write
7FF5ED864000
unkown
page readonly
1E22C4F0000
heap
page read and write
7FF5ED882000
unkown
page readonly
23CD8B80000
heap
page read and write
151BF160000
heap
page read and write
D158FAC000
stack
page read and write
168E2A6C000
heap
page read and write
7FF5ED503000
unkown
page readonly
26B8F840000
heap
page read and write
7DF4F3050000
unkown
page readonly
14370EC6000
heap
page read and write
23CD8BED000
heap
page read and write
CA08000
unkown
page read and write
CB79000
unkown
page read and write
23CD8B6A000
heap
page read and write
CB79000
unkown
page read and write
7FF5ED3A7000
unkown
page readonly
7FF5ED810000
unkown
page readonly
9893000
unkown
page read and write
3800000
unkown
page readonly
14372DCE000
heap
page read and write
FC28000
unkown
page read and write
168E2AA7000
heap
page read and write
B08D000
stack
page read and write
23CD8A50000
heap
page read and write
C846000
unkown
page read and write
7FF5ED418000
unkown
page readonly
23CDAC19000
heap
page read and write
AAF2000
unkown
page read and write
9B10000
unkown
page execute and read and write
7FF5ED844000
unkown
page readonly
7852000
unkown
page read and write
7FF5ED9BE000
unkown
page readonly
2275F8C0000
heap
page read and write
23CDAC34000
heap
page read and write
998F000
unkown
page read and write
37AC000
unkown
page read and write
7FF5ED956000
unkown
page readonly
7FF5ED1CF000
unkown
page readonly
7857000
unkown
page read and write
9893000
unkown
page read and write
79FB000
unkown
page read and write
23CDAC30000
heap
page read and write
21060140000
heap
page read and write
7FF5ED39B000
unkown
page readonly
7F30000
unkown
page read and write
37BD000
unkown
page read and write
151BF1FB000
heap
page read and write
CA14000
unkown
page read and write
7867000
unkown
page read and write
A494000
unkown
page read and write
7FF5ED849000
unkown
page readonly
1384000
unkown
page execute and read and write
9815000
unkown
page read and write
23CD8B4D000
heap
page read and write
4BE3000
unkown
page read and write
97AD000
unkown
page read and write
7FF5ED4FD000
unkown
page readonly
371C000
unkown
page read and write
7FF5ED990000
unkown
page readonly
7FF5ED9AE000
unkown
page readonly
7861000
unkown
page read and write
37D2000
unkown
page read and write
79B1000
unkown
page read and write
7FF5ED9D6000
unkown
page readonly
7FF5ED50A000
unkown
page readonly
3D010FE000
stack
page read and write
1E22C540000
heap
page read and write
A502000
unkown
page read and write
1370000
unkown
page execute and read and write
A19F000
stack
page read and write
18A1000
unkown
page readonly
BB00000
unkown
page read and write
1E22C710000
heap
page read and write
FC45000
unkown
page read and write
8BA0000
unkown
page readonly
FC14000
unkown
page read and write
7D00000
unkown
page readonly
CB18000
unkown
page read and write
14371615000
heap
page read and write
CA08000
unkown
page read and write
31A0000
unkown
page execute and read and write
1DB02C28000
heap
page read and write
37BD000
unkown
page read and write
14372DCE000
heap
page read and write
7865000
unkown
page read and write
23CDA4CB000
direct allocation
page readonly
C857000
unkown
page read and write
C8E1000
unkown
page read and write
7FF5ED8C6000
unkown
page readonly
98A8000
unkown
page read and write
9660000
unkown
page read and write
EF00000
heap
page read and write
986F000
unkown
page read and write
7FF5ED6A5000
unkown
page readonly
7FF5ED6B9000
unkown
page readonly
7FF5ED76D000
unkown
page readonly
ECB000
stack
page read and write
2202FFE000
stack
page read and write
CB22000
unkown
page read and write
8B90000
unkown
page execute and read and write
20BDE0E0000
heap
page read and write
14370E70000
heap
page read and write
7FF5ED8F9000
unkown
page readonly
23CDAA62000
heap
page read and write
37BD000
unkown
page read and write
A49E000
unkown
page read and write
AAD1000
unkown
page read and write
9877000
unkown
page read and write
9792000
unkown
page read and write
FC15000
unkown
page read and write
7FF5ED853000
unkown
page readonly
8D6B000
stack
page read and write
14371614000
heap
page read and write
AB51000
unkown
page read and write
CA20000
unkown
page read and write
FC2C000
unkown
page read and write
7FF5ED2A9000
unkown
page readonly
7953000
unkown
page read and write
9A5B000
unkown
page read and write
7FF5ED404000
unkown
page readonly
1B891F10000
heap
page read and write
14370ED7000
heap
page read and write
9869000
unkown
page read and write
7FF5ED9D6000
unkown
page readonly
143714CE000
heap
page read and write
23CD8A80000
heap
page read and write
3240000
unkown
page read and write
AA90000
unkown
page read and write
B8D0000
unkown
page execute and read and write
7FF5ED62F000
unkown
page readonly
183AA480000
heap
page read and write
C9C7000
unkown
page read and write
14370F05000
heap
page read and write
7FF5ED46E000
unkown
page readonly
F794000
unkown
page read and write
7900000
unkown
page read and write
E4168FE000
stack
page read and write
7FF5ED48A000
unkown
page readonly
37AE000
unkown
page read and write
986B000
unkown
page read and write
7FF5ED814000
unkown
page readonly
267CFAF0000
heap
page read and write
AAF9000
unkown
page read and write
B8C0000
unkown
page readonly
20470610000
heap
page read and write
A375000
unkown
page read and write
7FF5ED7DB000
unkown
page readonly
B729000
stack
page read and write
37B0000
unkown
page read and write
98A8000
unkown
page read and write
C49E000
stack
page read and write
1483000
heap
page read and write
168E3184000
heap
page read and write
379E000
unkown
page read and write
168E2A50000
heap
page read and write
8860000
unkown
page read and write
A49E000
unkown
page read and write
3240000
unkown
page read and write
21060197000
heap
page read and write
168E2C55000
heap
page read and write
20BDDCC0000
heap
page read and write
9792000
unkown
page read and write
9660000
unkown
page read and write
9885000
unkown
page read and write
7DF4877B4000
direct allocation
page read and write
7FF5ED52F000
unkown
page readonly
CA4F000
unkown
page read and write
3580000
unkown
page readonly
9540000
unkown
page execute and read and write
7FF5ED9B8000
unkown
page readonly
7FF5ED853000
unkown
page readonly
C893000
unkown
page read and write
9C00000
unkown
page execute and read and write
7FF5ED3DA000
unkown
page readonly
A391000
unkown
page read and write
98A1000
unkown
page read and write
23CDAB00000
heap
page read and write
7FF5ED1CF000
unkown
page readonly
79D3000
unkown
page read and write
7FFDFAA93000
unkown
page read and write
C700000
unkown
page read and write
3190000
unkown
page execute and read and write
CB7D000
unkown
page read and write
37AE000
unkown
page read and write
14370EA3000
heap
page read and write
CA20000
unkown
page read and write
FC11000
unkown
page read and write
7FF5ED26E000
unkown
page readonly
BD98000
stack
page read and write
8208000
stack
page read and write
8FB0000
unkown
page execute and read and write
7FF5ED85F000
unkown
page readonly
14370EF1000
heap
page read and write
1510000
unkown
page readonly
9110000
unkown
page execute and read and write
7FF5ED265000
unkown
page readonly
3200000
unkown
page execute and read and write
EF00000
heap
page read and write
7FF5ED933000
unkown
page readonly
7DF4877A0000
direct allocation
page read and write
7FF5ED42B000
unkown
page readonly
307187D000
stack
page read and write
7F40000
unkown
page readonly
183AA260000
heap
page read and write
786B000
unkown
page read and write
14370EC4000
heap
page read and write
33B9000
stack
page read and write
14370F03000
heap
page read and write
5F5D77E000
stack
page read and write
14370EC4000
heap
page read and write
3190000
unkown
page execute and read and write
7FF5ED714000
unkown
page readonly
2EDE000
stack
page read and write
C563000
unkown
page read and write
267CFD30000
heap
page read and write
C516000
unkown
page read and write
9B60000
unkown
page readonly
4BDC000
unkown
page read and write
7FF5ED803000
unkown
page readonly
14370EC7000
heap
page read and write
370C000
unkown
page read and write
8B70000
unkown
page execute and read and write
143B000
stack
page read and write
97C3000
unkown
page read and write
209C6450000
heap
page read and write
7FF5ED9FF000
unkown
page readonly
8108000
stack
page read and write
787C000
unkown
page read and write
CA20000
unkown
page read and write
1437113D000
heap
page read and write
14370EFF000
heap
page read and write
B2F67FF000
unkown
page read and write
CB85000
unkown
page read and write
23CDAC49000
heap
page read and write
C92D000
unkown
page read and write
7FF5ED9F2000
unkown
page readonly
7861000
unkown
page read and write
CA08000
unkown
page read and write
8830000
unkown
page execute and read and write
B8AB000
stack
page read and write
10B39000
unkown
page read and write
35D0000
unkown
page read and write
7FF5ED80C000
unkown
page readonly
23CDA4CA000
direct allocation
page read and write
23CDA4B8000
direct allocation
page readonly
A3BE000
unkown
page read and write
7FF5ED409000
unkown
page readonly
C5A0000
unkown
page read and write
90F0000
unkown
page execute and read and write
23CDAC19000
heap
page read and write
1B891F08000
heap
page read and write
168E2E05000
heap
page read and write
7FF5ED519000
unkown
page readonly
C51E000
unkown
page read and write
97A9000
unkown
page read and write
14370FB0000
trusted library allocation
page read and write
9FA0000
unkown
page execute and read and write
1EA79AC7000
heap
page read and write
7FF5ED9C6000
unkown
page readonly
7FF5ED937000
unkown
page readonly
7FF5ED9CA000
unkown
page readonly
37A8000
unkown
page read and write
7FF5ED9C8000
unkown
page readonly
7CF0000
unkown
page execute and read and write
7FF5ED39E000
unkown
page readonly
23CDA4C5000
direct allocation
page read and write
97B5000
unkown
page read and write
23CDA9D0000
remote allocation
page read and write
23CDAC30000
heap
page read and write
143714D1000
heap
page read and write
3797000
unkown
page read and write
7FF5ED7F1000
unkown
page readonly
CA42000
unkown
page read and write
143714D1000
heap
page read and write
310E000
stack
page read and write
76C0000
unkown
page read and write
C6BF000
unkown
page read and write
7FF5ED915000
unkown
page readonly
D1593FF000
stack
page read and write
168E2AA5000
heap
page read and write
20470650000
heap
page read and write
CB89000
unkown
page read and write
C50A000
unkown
page read and write
C89C000
unkown
page read and write
14371617000
heap
page read and write
C5A3000
unkown
page read and write
B5AE000
stack
page read and write
7DF4F3031000
unkown
page execute read
CB18000
unkown
page read and write
23CDAC30000
heap
page read and write
B170000
unkown
page execute and read and write
CA14000
unkown
page read and write
7FF5ED505000
unkown
page readonly
7FF5ED94A000
unkown
page readonly
3171000
unkown
page read and write
7CC0000
unkown
page readonly
8EC6000
unkown
page read and write
23CDAA37000
heap
page read and write
5557000
stack
page read and write
1E22C568000
heap
page read and write
23CDAC30000
heap
page read and write
7DF4F3041000
unkown
page execute read
133D000
heap
page read and write
8B70000
unkown
page execute and read and write
CB83000
unkown
page read and write
267CFAD0000
heap
page read and write
132C000
heap
page read and write
23CDAC34000
heap
page read and write
987B000
unkown
page read and write
5F5D97E000
stack
page read and write
7FF5ED9D9000
unkown
page readonly
14072230000
heap
page read and write
20BDDE34000
heap
page read and write
7FF5ED644000
unkown
page readonly
14370EAE000
heap
page read and write
3795000
unkown
page read and write
4B90000
unkown
page read and write
C9A8000
unkown
page read and write
7FF5ED695000
unkown
page readonly
A433000
unkown
page read and write
998F000
unkown
page read and write
A364000
unkown
page read and write
132C000
heap
page read and write
7FF5ED507000
unkown
page readonly
209C6470000
heap
page read and write
CB92000
unkown
page read and write
7FF5ED43A000
unkown
page readonly
79FB000
unkown
page read and write
14370EAE000
heap
page read and write
1240000
heap
page read and write
7FF5ED8A4000
unkown
page readonly
143714B0000
heap
page read and write
1E22C520000
heap
page read and write
7867000
unkown
page read and write
209C6370000
heap
page read and write
987B000
unkown
page read and write
1437161E000
heap
page read and write
145217E000
stack
page read and write
3A3890F000
stack
page read and write
A50B000
unkown
page read and write
C10000
unkown
page readonly
4B9ABFF000
unkown
page read and write
7FF5ED5C1000
unkown
page readonly
14370F10000
heap
page read and write
23CDAC49000
heap
page read and write
7FF5ED8FF000
unkown
page readonly
9D64000
unkown
page read and write
87CA000
unkown
page read and write
9F1E000
stack
page read and write
7FF5ED97A000
unkown
page readonly
183AA2F5000
heap
page read and write
A2655EC000
stack
page read and write
7FF5EDA08000
unkown
page readonly
4C1E000
unkown
page read and write
1821A000000
heap
page read and write
CAB3000
unkown
page read and write
7FF5ED556000
unkown
page readonly
C89A000
unkown
page read and write
7FF5ED3D6000
unkown
page readonly
A327000
unkown
page read and write
23CDAC34000
heap
page read and write
CB29000
unkown
page read and write
A39B000
unkown
page read and write
1F3842B7000
heap
page read and write
FC42000
unkown
page read and write
A010000
unkown
page execute and read and write
974AAFE000
stack
page read and write
23CD8B46000
heap
page read and write
7FF5ED9D2000
unkown
page readonly
AB51000
unkown
page read and write
CB32000
unkown
page read and write
CA7C000
unkown
page read and write
93BE000
stack
page read and write
E053AFB000
stack
page read and write
1B891EB0000
heap
page read and write
3A3888B000
stack
page read and write
7FF5ED93B000
unkown
page readonly
A32A000
unkown
page read and write
9A10000
unkown
page read and write
987B000
unkown
page read and write
168E2C57000
heap
page read and write
168E3167000
heap
page read and write
37F9000
unkown
page read and write
3460000
unkown
page execute and read and write
168E3185000
heap
page read and write
785D000
unkown
page read and write
5590000
unkown
page write copy
C544000
unkown
page read and write
C89A000
unkown
page read and write
7FF5ED781000
unkown
page readonly
C846000
unkown
page read and write
8860000
unkown
page read and write
A494000
unkown
page read and write
37A0000
unkown
page read and write
37F6000
unkown
page read and write
7FF5ED676000
unkown
page readonly
267CFAC0000
heap
page read and write
979C000
unkown
page read and write
FC1D000
unkown
page read and write
168E3169000
heap
page read and write
C544000
unkown
page read and write
986F000
unkown
page read and write
7FF5ED7E9000
unkown
page readonly
CB22000
unkown
page read and write
7950000
unkown
page read and write
B6A0000
heap
page read and write
CA18000
unkown
page read and write
A375000
unkown
page read and write
20DE3507000
heap
page read and write
B82A000
stack
page read and write
C41F000
stack
page read and write
3756000
unkown
page read and write
7FFDFAA4E000
unkown
page read and write
8B90000
unkown
page execute and read and write
1360000
unkown
page execute and read and write
7FF5ED8C1000
unkown
page readonly
3795000
unkown
page read and write
168E3163000
heap
page read and write
1480000
heap
page read and write
37AC000
unkown
page read and write
9A5B000
unkown
page read and write
7FF5ED4B0000
unkown
page readonly
151BF1D0000
heap
page read and write
9871000
unkown
page read and write
20BDDE32000
heap
page read and write
168E3167000
heap
page read and write
18FDC285000
heap
page read and write
35D0000
unkown
page read and write
7FF5ED342000
unkown
page readonly
7FF5ED3D6000
unkown
page readonly
7FF5ED55F000
unkown
page readonly
7FF5ED404000
unkown
page readonly
90F0000
unkown
page execute and read and write
CA83000
unkown
page read and write
B120000
unkown
page execute and read and write
C9C4000
unkown
page read and write
7FF5ED9D9000
unkown
page readonly
7FF5ED451000
unkown
page readonly
5557000
stack
page read and write
1270000
heap
page read and write
8D80000
unkown
page execute and read and write
168E2AB0000
heap
page read and write
4B8B000
unkown
page read and write
7C90000
unkown
page read and write
7859000
unkown
page read and write
183AA2D0000
heap
page read and write
7FF5ED449000
unkown
page readonly
1095000
stack
page read and write
7FF5ED779000
unkown
page readonly
183AA160000
heap
page read and write
7FF5ED516000
unkown
page readonly
10C0000
unkown
page readonly
7FF5EDA38000
unkown
page readonly
There are 2107 hidden memdumps, click here to show them.