IOC Report
Document-18-33-08.js

loading gif

Files

File Path
Type
Category
Malicious
Document-18-33-08.js
Unicode text, UTF-8 text, with very long lines (952), with CRLF, CR, NEL line terminators
initial sample
 malicious
C:\Users\user\AppData\Roaming\vierm_soft_x64.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Windows\Installer\MSIF29D.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Config.Msi\4df20b.rbs
data
dropped
C:\Windows\Installer\MSI7623.tmp
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {26C6701E-5BA5-48FD-87C5-16BC3575B429}, Number of Words: 10, Subject: GloryDory, Author: OrbitalMast LLC, Name of Creating Application: GloryDory, Template: ;1033, Comments: This installer database contains the logic and data required to install GloryDory., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
dropped
C:\Windows\Installer\MSIF101.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Windows\Installer\MSIF160.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Windows\Installer\MSIF1BF.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Windows\Installer\MSIF1DF.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Windows\Installer\MSIF22E.tmp
data
dropped
C:\Windows\Installer\inprogressinstallinfo.ipi
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DF01B5DC13092BA872.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DF07B80D9F27CBE04D.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DF28B4DE99F83A16D6.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DF59A0B4535E503852.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DF5AD112C063E48280.TMP
data
dropped
C:\Windows\Temp\~DF7DC560C654532278.TMP
data
dropped
C:\Windows\Temp\~DF807DDA6E2CC4FCB3.TMP
data
dropped
C:\Windows\Temp\~DF86BE8C190D62B24E.TMP
data
dropped
C:\Windows\Temp\~DF93ACB531B807E54B.TMP
data
dropped
C:\Windows\Temp\~DFB0630E4CDB4C0FEB.TMP
data
dropped
C:\Windows\Temp\~DFED22D1FE613BF34C.TMP
Composite Document File V2 Document, Cannot read section info
dropped
There are 12 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Windows\System32\wscript.exe
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Document-18-33-08.js"
 malicious
C:\Windows\System32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
 malicious
C:\Windows\Installer\MSIF29D.tmp
"C:\Windows\Installer\MSIF29D.tmp" /DontWait C:/Windows/SysWOW64/rundll32.exe C:\Users\user\AppData\Roaming\vierm_soft_x64.dll, GetDeepDVCState
malicious
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\SysWOW64\rundll32.exe" C:\Users\user\AppData\Roaming\vierm_soft_x64.dll, GetDeepDVCState
 malicious
C:\Windows\System32\rundll32.exe
"C:\Windows\SysWOW64\rundll32.exe" C:\Users\user\AppData\Roaming\vierm_soft_x64.dll, GetDeepDVCState
 malicious
C:\Windows\explorer.exe
C:\Windows\Explorer.EXE
 malicious
C:\Windows\SysWOW64\msiexec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 3D862CBB7D25098EF2F446AEAACF52B4

URLs

Name
IP
Malicious
https://isomicrotich.com/
unknown
 malicious
http://188.119.112.7/das.msi
unknown
 malicious
https://opewolumeras.com/test/
malicious
http://188.119.112.7/das.msi0
unknown
 malicious
http://188.119.112.7/das.msi1737443152311351380
unknown
 malicious
https://isomicrotich.com/test/
188.114.96.3
 malicious
https://word.office.comon
unknown
https://tiguanin.com:8041/F
unknown
https://greshunka.com:8041/admin.php-7
unknown
https://tiguanin.com:8041/admin.phpM
unknown
https://opewolumeras.com/test/P
unknown
https://bazarunet.com:8041/admin.phpF
unknown
https://powerpoint.office.comcember
unknown
https://bazarunet.com:8041/bazar.phpi
unknown
https://greshunka.com/g;
unknown
https://tiguanin.com:8041/Q
unknown
https://bazarunet.com:8041/net.com:8041/bazar.php
unknown
https://bazarunet.com:8041/zar.php
unknown
https://greshunka.com:8041/admin.phpl.mui
unknown
https://greshunka.com:8041/bazar.php3?8
unknown
https://excel.office.com
unknown
http://schemas.micro
unknown
https://isomicrotich.com/test/M
unknown
https://bazarunet.com:8041/admin.phpO#
unknown
https://tiguanin.com:8041/bazar.php
unknown
https://bazarunet.com:8041/azar.php
unknown
https://tiguanin.com:8041/L
unknown
https://tiguanin.com:8041/N
unknown
https://bazarunet.com:8041/admin.php.
unknown
https://bazarunet.com:8041/bazar.phpll.mui
unknown
https://tiguanin.com:8041/&
unknown
https://bazarunet.com:8041/admin.php9#
unknown
https://tiguanin.com:8041/%
unknown
http://x1.c.lencr.org/0
unknown
http://x1.i.lencr.org/0
unknown
https://bazarunet.com:8041/$E
unknown
https://greshunka.com:8041/bazar.phpAm=
unknown
https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
unknown
https://greshunka.com:8041/admin.phpi
unknown
https://greshunka.com:8041/admin.phpUN
unknown
https://bazarunet.com:8041/
unknown
https://greshunka.com/
unknown
https://bazarunet.com:8041/f
unknown
https://isomicrotich.com/test/i
unknown
https://greshunka.com:8041/I
unknown
https://greshunka.com:8041/admin.phpp
unknown
https://isomicrotich.com/test/l
unknown
https://wns.windows.com/)s
unknown
https://tiguanin.com:8041/admin.php
unknown
https://bazarunet.com:8041/bazar.php8
unknown
https://bazarunet.com:8041/bazar.phpll
unknown
https://bazarunet.com/
unknown
https://isomicrotich.com/ECOMPARE.EXE.15Desktop
unknown
https://bazarunet.com:8041/U
unknown
https://tiguanin.com:8041/0E
unknown
https://isomicrotich.com/eE
unknown
https://tiguanin.com:8041/
unknown
https://tiguanin.com/
unknown
https://isomicrotich.com/yEz
unknown
https://tiguanin.com/)
unknown
https://greshunka.com:8041/net.com:8041/Pw
unknown
http://r10.o.lencr.org0#
unknown
https://outlook.com
unknown
https://greshunka.com:8041/bazar.php
unknown
https://tiguanin.com:8041/$E
unknown
https://bazarunet.com:8041/bazar.php
unknown
https://isomicrotich.com/test/G
unknown
https://greshunka.com:8041/bazar.phpGN
unknown
https://bazarunet.com:8041/net.com:8041/admin.phpf
unknown
https://www.thawte.com/cps0/
unknown
https://android.notify.windows.com/iOS
unknown
https://tiguanin.com:8041/Y
unknown
https://www.thawte.com/repository0W
unknown
https://greshunka.com:8041/bazar.phpq#(
unknown
https://tiguanin.com:8041/admin.php.
unknown
https://greshunka.com:8041/admin.php
unknown
https://www.advancedinstaller.com
unknown
https://api.msn.com/
unknown
https://isomicrotich.com/test/3
unknown
https://greshunka.com:8041/
unknown
https://greshunka.com:8041/admin.phpGN
unknown
https://tiguanin.com:8041/admin.php=
unknown
http://crl.v
unknown
https://bazarunet.com:8041/&
unknown
https://bazarunet.com:8041/admin.php
unknown
https://bazarunet.com:8041/bazar.php~
unknown
https://bazarunet.com:8041/in.com:8041/admin.php
unknown
https://tiguanin.com:8041/8~
unknown
http://r10.i.lencr.org/0
unknown
https://bazarunet.com:8041/admin.php3#
unknown
https://tiguanin.com:8041/oQ
unknown
There are 81 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
isomicrotich.com
188.114.96.3
 malicious
greshunka.com
82.115.223.39
 malicious
tiguanin.com
80.78.24.30
 malicious
bazarunet.com
80.78.24.30
 malicious

IPs

IP
Domain
Country
Malicious
188.114.96.3
isomicrotich.com
European Union
malicious
82.115.223.39
greshunka.com
Russian Federation
malicious
80.78.24.30
tiguanin.com
Cyprus
malicious
188.119.112.7
unknown
Russian Federation

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\wscript.exe
JScriptSetScriptStateStarted
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Owner
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
SessionHash
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Sequence
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Config.Msi\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\4df20b.rbs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\4df20b.rbsLow
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Users\user\AppData\Roaming\Microsoft\Installer\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\C72CC84B32896524285338B4DFD2D0BB
86E45C86C6D8F4542BEB526968E88876
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\F5D323A437D662C4E893EB9882AD31BE
86E45C86C6D8F4542BEB526968E88876
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\125231B250E4E2E4391F06922EAD7B0E
86E45C86C6D8F4542BEB526968E88876
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Users\user\AppData\Roaming\OrbitalMast LLC\GloryDory\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Users\user\AppData\Roaming\OrbitalMast LLC\
HKEY_CURRENT_USER\SOFTWARE\OrbitalMast LLC\GloryDory
Version
HKEY_CURRENT_USER\SOFTWARE\OrbitalMast LLC\GloryDory
Path
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
@%SystemRoot%\System32\ci.dll,-100
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
@%SystemRoot%\System32\ci.dll,-101
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
@%SystemRoot%\system32\dnsapi.dll,-103
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
@%SystemRoot%\System32\fveui.dll,-843
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
@%SystemRoot%\System32\fveui.dll,-844
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
@%SystemRoot%\System32\wuaueng.dll,-400
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
@%SystemRoot%\system32\NgcRecovery.dll,-100
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8
Blob
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
{A38B883C-1682-497E-97B0-0A3A9E801682} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.csv\OpenWithProgids
Excel.CSV
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\OpenWithProgids
Word.Document.8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docm\OpenWithProgids
Word.DocumentMacroEnabled.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\OpenWithProgids
Word.Document.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dot\OpenWithProgids
Word.Template.8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dotm\OpenWithProgids
Word.TemplateMacroEnabled.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dotx\OpenWithProgids
Word.Template.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msg\OpenWithProgids
Outlook.File.msg.15
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.odp\OpenWithProgids
PowerPoint.OpenDocumentPresentation.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ods\OpenWithProgids
Excel.OpenDocumentSpreadsheet.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.odt\OpenWithProgids
Word.OpenDocumentText.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pot\OpenWithProgids
PowerPoint.Template.8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.potm\OpenWithProgids
PowerPoint.TemplateMacroEnabled.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.potx\OpenWithProgids
PowerPoint.Template.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppam\OpenWithProgids
PowerPoint.Addin.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppsm\OpenWithProgids
PowerPoint.SlideShowMacroEnabled.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppsx\OpenWithProgids
PowerPoint.SlideShow.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppt\OpenWithProgids
PowerPoint.Show.8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pptm\OpenWithProgids
PowerPoint.ShowMacroEnabled.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pptx\OpenWithProgids
PowerPoint.Show.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rtf\OpenWithProgids
Word.RTF.8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sldm\OpenWithProgids
PowerPoint.SlideMacroEnabled.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sldx\OpenWithProgids
PowerPoint.Slide.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vsto\OpenWithProgids
bootstrap.vsto.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlam\OpenWithProgids
Excel.AddInMacroEnabled
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xls\OpenWithProgids
Excel.Sheet.8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsb\OpenWithProgids
Excel.SheetBinaryMacroEnabled.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsm\OpenWithProgids
Excel.SheetMacroEnabled.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsx\OpenWithProgids
Excel.Sheet.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlt\OpenWithProgids
Excel.Template.8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xltm\OpenWithProgids
Excel.TemplateMacroEnabled
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xltx\OpenWithProgids
Excel.Template
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithProgids
Unpacker
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
@explorerframe.dll,-13137
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
@explorerframe.dll,-13138
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Security and Maintenance\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.102
CheckSetting
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\OpenWithProgids
WMP11.AssocFile.3G2
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\OpenWithProgids
WMP11.AssocFile.3GP
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\OpenWithProgids
WMP11.AssocFile.ADTS
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\OpenWithProgids
WMP11.AssocFile.AIFF
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\OpenWithProgids
WMP11.AssocFile.AIFF
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\OpenWithProgids
WMP11.AssocFile.ASF
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\OpenWithProgids
WMP11.AssocFile.ASX
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\OpenWithProgids
WMP11.AssocFile.AU
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au3\OpenWithProgids
AutoIt3Script
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\OpenWithProgids
WMP11.AssocFile.AVI
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\OpenWithProgids
Paint.Picture
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cab\OpenWithProgids
CABFolder
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdxml\OpenWithProgids
Microsoft.PowerShellCmdletDefinitionXML.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.css\OpenWithProgids
CSSfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dds\OpenWithProgids
ddsfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dll\OpenWithProgids
dllfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\OpenWithProgids
emffile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids
exefile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\OpenWithProgids
WMP11.AssocFile.FLAC
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fon\OpenWithProgids
fonfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\OpenWithProgids
giffile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids
htmlfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\OpenWithProgids
icofile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inf\OpenWithProgids
inffile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ini\OpenWithProgids
inifile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\OpenWithProgids
pjpegfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\OpenWithProgids
jpegfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jxr\OpenWithProgids
wdpfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lnk\OpenWithProgids
lnkfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\OpenWithProgids
WMP11.AssocFile.MPEG
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\OpenWithProgids
WMP11.AssocFile.M2TS
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\OpenWithProgids
WMP11.AssocFile.m3u
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\OpenWithProgids
WMP11.AssocFile.M4A
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\OpenWithProgids
WMP11.AssocFile.MP4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\OpenWithProgids
mhtmlfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\OpenWithProgids
WMP11.AssocFile.MIDI
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mk3d\OpenWithProgids
WMP11.AssocFile.MK3D
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mka\OpenWithProgids
WMP11.AssocFile.MKA
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\OpenWithProgids
WMP11.AssocFile.MKV
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\OpenWithProgids
WMP11.AssocFile.MOV
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MP2\OpenWithProgids
WMP11.AssocFile.MP3
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\OpenWithProgids
WMP11.AssocFile.MPEG
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\OpenWithProgids
WMP11.AssocFile.MP3
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\OpenWithProgids
WMP11.AssocFile.MP4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\OpenWithProgids
WMP11.AssocFile.MP4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ocx\OpenWithProgids
ocxfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.otf\OpenWithProgids
otffile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\OpenWithProgids
pngfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ps1\OpenWithProgids
Microsoft.PowerShellScript.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ps1xml\OpenWithProgids
Microsoft.PowerShellXMLData.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd1\OpenWithProgids
Microsoft.PowerShellData.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psm1\OpenWithProgids
Microsoft.PowerShellModule.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pssc\OpenWithProgids
Microsoft.PowerShellSessionConfiguration.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\OpenWithProgids
rlefile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\OpenWithProgids
WMP11.AssocFile.MIDI
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.scf\OpenWithProgids
SHCmdFile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.search-ms\OpenWithProgids
SearchFolder
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithProgids
shtmlfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\OpenWithProgids
WMP11.AssocFile.AU
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sys\OpenWithProgids
sysfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\OpenWithProgids
TIFImage.Document
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\OpenWithProgids
WMP11.AssocFile.TTS
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\OpenWithProgids
ttcfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\OpenWithProgids
ttffile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithProgids
txtfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\OpenWithProgids
WMP11.AssocFile.WAV
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\OpenWithProgids
WMP11.AssocFile.WAX
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdp\OpenWithProgids
wdpfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\OpenWithProgids
WMP11.AssocFile.ASF
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\OpenWithProgids
WMP11.AssocFile.WMA
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\OpenWithProgids
wmffile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\OpenWithProgids
WMP11.AssocFile.WMV
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\OpenWithProgids
WMP11.AssocFile.ASX
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WPL\OpenWithProgids
WMP11.AssocFile.WPL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\OpenWithProgids
WMP11.AssocFile.WVX
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\OpenWithProgids
xmlfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xsl\OpenWithProgids
xslfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
TaskbarStateLastRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021492-0000-0000-C000-000000000046}\Enum
Implementing
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
There are 167 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
1FF4AE58000
heap
page read and write
 malicious
1FF4CA6D000
heap
page read and write
 malicious
1FF4B020000
direct allocation
page read and write
 malicious
E6CB000
stack
page read and write
 malicious
1FF4B0A0000
direct allocation
page execute and read and write
 malicious
7FF5D7244000
unkown
page readonly
8A70000
unkown
page read and write
7FF5D75EE000
unkown
page readonly
363CB7F000
trusted library allocation
page read and write
A408000
unkown
page read and write
35B5000
unkown
page read and write
7DF4F2471000
unkown
page execute read
E54C000
stack
page read and write
49FD000
unkown
page read and write
3170000
unkown
page read and write
56C000
stack
page read and write
BE70000
unkown
page readonly
A28D000
unkown
page read and write
7FF5D71F9000
unkown
page readonly
7CB0000
unkown
page readonly
363C3A5000
trusted library allocation
page read and write
3050000
unkown
page execute and read and write
1FF4CA3A000
heap
page read and write
35C3000
unkown
page read and write
7FF5D75A6000
unkown
page readonly
7FF5D747F000
unkown
page readonly
7618000
unkown
page read and write
363CB7F000
trusted library allocation
page read and write
363CB75000
trusted library allocation
page read and write
7FF5D75E9000
unkown
page readonly
7FF5D77F0000
unkown
page readonly
1FF4CA4A000
heap
page read and write
A23A000
unkown
page read and write
EF0000
heap
page read and write
98FD000
stack
page read and write
7FF5D7639000
unkown
page readonly
9B79000
unkown
page read and write
8948000
unkown
page read and write
7FF5D71AF000
unkown
page readonly
7FF5D76E8000
unkown
page readonly
196D3D0B000
heap
page read and write
4A44000
unkown
page read and write
7FF5D7292000
unkown
page readonly
1FF4AE7A000
heap
page read and write
363CB75000
trusted library allocation
page read and write
7FF5D783B000
unkown
page readonly
EB5000
stack
page read and write
9AA8000
unkown
page read and write
C806000
unkown
page read and write
7460000
unkown
page read and write
1FF4CF10000
trusted library allocation
page read and write
7FF5D7641000
unkown
page readonly
33B0000
unkown
page readonly
4AC0000
unkown
page read and write
7FF5D7643000
unkown
page readonly
7FF5D72BD000
unkown
page readonly
C5F0000
unkown
page read and write
9D67000
unkown
page read and write
7FF5D7075000
unkown
page readonly
A2A2000
unkown
page read and write
1FF4CA78000
heap
page read and write
D7C000
stack
page read and write
1FF4D110000
trusted library allocation
page read and write
7FF5D774A000
unkown
page readonly
1FF4CA15000
heap
page read and write
7FF5D710B000
unkown
page readonly
9AA0000
unkown
page read and write
C806000
unkown
page read and write
C48B000
unkown
page read and write
7FF5D7797000
unkown
page readonly
3280000
unkown
page read and write
7FF5D774A000
unkown
page readonly
7FF5D75F9000
unkown
page readonly
7DBD000
stack
page read and write
1010000
unkown
page readonly
7FF5D758D000
unkown
page readonly
7FF5D741F000
unkown
page readonly
196D3DBE000
heap
page read and write
7FF5D74B8000
unkown
page readonly
7FF5D72E9000
unkown
page readonly
7FF5D744E000
unkown
page readonly
7FF5D748A000
unkown
page readonly
10369000
unkown
page read and write
A391000
unkown
page read and write
C9A7000
unkown
page read and write
768E000
unkown
page read and write
7FF5D7591000
unkown
page readonly
A264000
unkown
page read and write
9578000
stack
page read and write
9A8C000
unkown
page read and write
7FF5D72BF000
unkown
page readonly
18005F000
unkown
page readonly
7FF5D7808000
unkown
page readonly
1FF4CB06000
direct allocation
page read and write
B4D0000
unkown
page readonly
363CB7F000
trusted library allocation
page read and write
9FAF000
stack
page read and write
B8DB000
stack
page read and write
E3B000
heap
page read and write
7FF5D7267000
unkown
page readonly
8A46000
unkown
page read and write
B559000
stack
page read and write
2FF9000
stack
page read and write
BE49000
stack
page read and write
C873000
unkown
page read and write
C496000
unkown
page read and write
7FF5D71D7000
unkown
page readonly
7FF5D7752000
unkown
page readonly
9E2E000
stack
page read and write
AA11000
unkown
page read and write
3120000
unkown
page read and write
B03B000
stack
page read and write
7FF5D752F000
unkown
page readonly
7FF5D723F000
unkown
page readonly
7FF5D77D2000
unkown
page readonly
B8DB000
stack
page read and write
E10000
unkown
page readonly
8C39000
stack
page read and write
10316000
unkown
page read and write
363CB75000
trusted library allocation
page read and write
8A00000
unkown
page read and write
1360000
unkown
page readonly
196D5AD2000
heap
page read and write
1FF4D110000
trusted library allocation
page read and write
A220000
unkown
page read and write
349F000
stack
page read and write
C81C000
unkown
page read and write
1FF4CA88000
heap
page read and write
12B0000
unkown
page read and write
12B0000
unkown
page read and write
7FF5D71C4000
unkown
page readonly
1FF4CA74000
heap
page read and write
1340000
unkown
page read and write
196D3DBB000
heap
page read and write
1FF4CA3A000
heap
page read and write
1FF4CA84000
heap
page read and write
3140000
unkown
page read and write
E00000
unkown
page readonly
1FF4CA63000
heap
page read and write
7FF5D7407000
unkown
page readonly
E5A000
heap
page read and write
C4C6000
unkown
page read and write
927B000
stack
page read and write
1FF4CB08000
direct allocation
page readonly
BEA0000
unkown
page readonly
7FF5D6AB6000
unkown
page readonly
1FF4CA42000
heap
page read and write
1FF4D110000
trusted library allocation
page read and write
BE49000
stack
page read and write
1FF4D110000
trusted library allocation
page read and write
AA01000
unkown
page read and write
A33F000
unkown
page read and write
7FF5D705D000
unkown
page readonly
196D3DB0000
heap
page read and write
1FF4CA53000
heap
page read and write
1FF4CEE0000
remote allocation
page read and write
C5EC000
unkown
page read and write
30FE000
stack
page read and write
7FF5D75F2000
unkown
page readonly
9A8E000
unkown
page read and write
1000000
heap
page read and write
7FF5D6ABD000
unkown
page readonly
7FF5D72D0000
unkown
page readonly
9BA9000
unkown
page read and write
1FF4CA76000
heap
page read and write
49C2000
unkown
page read and write
1200000
unkown
page execute and read and write
C969000
unkown
page read and write
1010000
unkown
page readonly
A273000
unkown
page read and write
C8C5000
unkown
page read and write
C61D000
unkown
page read and write
196D3D9E000
heap
page read and write
C913000
unkown
page read and write
1FF4CA15000
heap
page read and write
7FF5D7546000
unkown
page readonly
8932000
unkown
page read and write
7693000
unkown
page read and write
7DF4F2481000
unkown
page execute read
363C3AF000
trusted library allocation
page read and write
5D0000
heap
page read and write
7FF5D71EA000
unkown
page readonly
1FF4CA76000
heap
page read and write
1FF4CF10000
trusted library allocation
page read and write
1FF4D028000
heap
page read and write
1FF4CA0A000
heap
page read and write
7FF5D7455000
unkown
page readonly
E10000
unkown
page readonly
8944000
unkown
page read and write
997C000
stack
page read and write
7FF5D7360000
unkown
page readonly
9B0B000
unkown
page read and write
3500000
stack
page read and write
7FF5D71A6000
unkown
page readonly
7FF5D7284000
unkown
page readonly
7FF5D75B3000
unkown
page readonly
7FF5D76CD000
unkown
page readonly
273F40000
direct allocation
page read and write
4986000
unkown
page read and write
1FF4CA4D000
heap
page read and write
9AC3000
unkown
page read and write
7FF5D72DF000
unkown
page readonly
7FF5D75EE000
unkown
page readonly
7FF5D7404000
unkown
page readonly
7FF5D77E9000
unkown
page readonly
7FF5D7450000
unkown
page readonly
7FF5D768B000
unkown
page readonly
C483000
unkown
page read and write
1FF4D110000
trusted library allocation
page read and write
C8E3000
unkown
page read and write
8900000
unkown
page read and write
7FF5D719C000
unkown
page readonly
363CB7F000
trusted library allocation
page read and write
1160000
unkown
page read and write
A408000
unkown
page read and write
C2CF000
stack
page read and write
F0C000
heap
page read and write
1FF4C9D1000
heap
page read and write
A0A9000
stack
page read and write
E20000
heap
page read and write
1FF4CA42000
heap
page read and write
F2C2000
heap
page read and write
35FA000
unkown
page read and write
1FF4CA15000
heap
page read and write
C4DC000
unkown
page read and write
1FF4CA51000
heap
page read and write
363C77B000
stack
page read and write
9ADB000
unkown
page read and write
7654000
unkown
page read and write
7FF5D7558000
unkown
page readonly
7B00000
unkown
page readonly
C8FE000
unkown
page read and write
7FF5D76D5000
unkown
page readonly
1FF4C9FD000
heap
page read and write
9EB0000
unkown
page readonly
7FF5D75CB000
unkown
page readonly
9B41000
unkown
page read and write
7FF5D7740000
unkown
page readonly
7FF5D7534000
unkown
page readonly
C1CC000
stack
page read and write
8A46000
unkown
page read and write
9A76000
unkown
page read and write
8890000
unkown
page readonly
180077000
unkown
page readonly
1FF4CA3A000
heap
page read and write
895E000
unkown
page read and write
1FF4CA1A000
heap
page read and write
7FF5D7752000
unkown
page readonly
363C3A5000
trusted library allocation
page read and write
C973000
unkown
page read and write
1FF4D110000
trusted library allocation
page read and write
196D3CD0000
heap
page read and write
C035000
stack
page read and write
BFB8000
stack
page read and write
362D000
unkown
page read and write
7FF5D7705000
unkown
page readonly
7FF5D7523000
unkown
page readonly
7FF5D76F5000
unkown
page readonly
A286000
unkown
page read and write
7FF5D77A4000
unkown
page readonly
7AF1000
unkown
page read and write
35F4000
unkown
page read and write
C983000
unkown
page read and write
77DB000
unkown
page read and write
7605000
unkown
page read and write
7FF5D7376000
unkown
page readonly
C973000
unkown
page read and write
7FF5D728E000
unkown
page readonly
363CB75000
trusted library allocation
page read and write
AA0F000
unkown
page read and write
35C3000
unkown
page read and write
1035B000
unkown
page read and write
49D6000
unkown
page read and write
1FF4D110000
trusted library allocation
page read and write
C617000
unkown
page read and write
894A000
unkown
page read and write
1FF4C9FD000
heap
page read and write
7FF5D74A6000
unkown
page readonly
33C0000
unkown
page read and write
890C000
unkown
page read and write
9D42000
unkown
page read and write
8880000
unkown
page readonly
1FF4CA30000
heap
page read and write
1FF4CF10000
trusted library allocation
page read and write
7FF5D77B9000
unkown
page readonly
7FF5D7425000
unkown
page readonly
1FF4AF37000
heap
page read and write
363CB75000
trusted library allocation
page read and write
7FF5D7682000
unkown
page readonly
A237000
unkown
page read and write
35D1000
unkown
page read and write
7FF5D7691000
unkown
page readonly
9AF9000
unkown
page read and write
363C3A5000
trusted library allocation
page read and write
35C1000
unkown
page read and write
B220000
unkown
page read and write
3626000
unkown
page read and write
AA9A000
unkown
page read and write
7FF5D7641000
unkown
page readonly
4AEA000
unkown
page read and write
82BADFE000
stack
page read and write
C971000
unkown
page read and write
8934000
unkown
page read and write
3320000
unkown
page read and write
7FF5D71E0000
unkown
page readonly
9BB1000
unkown
page read and write
7FF5D7507000
unkown
page readonly
7DBD000
stack
page read and write
C472000
unkown
page read and write
B950000
unkown
page readonly
96FE000
stack
page read and write
B4BF000
stack
page read and write
AFBE000
stack
page read and write
7609000
unkown
page read and write
4AA0000
unkown
page read and write
7FF5D7442000
unkown
page readonly
7FF5D71EA000
unkown
page readonly
9ADB000
unkown
page read and write
7FF5D7455000
unkown
page readonly
7FF5D6ABD000
unkown
page readonly
1FF4CA76000
heap
page read and write
C46F000
unkown
page read and write
1FF4D00D000
heap
page read and write
B220000
unkown
page read and write
7FF5D76CD000
unkown
page readonly
9B93000
unkown
page read and write
7FF5D765F000
unkown
page readonly
FB0000
unkown
page readonly
363C3AF000
trusted library allocation
page read and write
7989000
stack
page read and write
C460000
unkown
page read and write
AFBE000
stack
page read and write
1FF4D110000
trusted library allocation
page read and write
7FF5D66E3000
unkown
page readonly
4AB0000
unkown
page read and write
1FF4CA4A000
heap
page read and write
3100000
unkown
page read and write
2F7E000
stack
page read and write
7FF5D77E0000
unkown
page readonly
7CB0000
unkown
page readonly
7FF5D76F5000
unkown
page readonly
767C000
unkown
page read and write
AAA7000
unkown
page read and write
196D3D00000
heap
page read and write
942B000
stack
page read and write
7FF5D77FD000
unkown
page readonly
1FF4CA1E000
heap
page read and write
7FF5D6A4B000
unkown
page readonly
7FF5D7309000
unkown
page readonly
A23A000
unkown
page read and write
35D3000
unkown
page read and write
7FF5D7745000
unkown
page readonly
1FF4CA3A000
heap
page read and write
B330000
unkown
page read and write
7FF5D7797000
unkown
page readonly
1FF4CB1A000
direct allocation
page read and write
760B000
unkown
page read and write
C642000
unkown
page read and write
7FF5D7682000
unkown
page readonly
A384000
unkown
page read and write
7FF5D72E9000
unkown
page readonly
7FF5D7202000
unkown
page readonly
779E000
unkown
page read and write
7AC0000
unkown
page read and write
AAA7000
unkown
page read and write
7FF5D77F7000
unkown
page readonly
9A92000
unkown
page read and write
C983000
unkown
page read and write
AE1D000
stack
page read and write
7FF5D7418000
unkown
page readonly
E05000
heap
page read and write
7B10000
unkown
page read and write
A3AA000
unkown
page read and write
1281000
unkown
page readonly
1FF4CA52000
heap
page read and write
1FF4CA4D000
heap
page read and write
7FF5D77C7000
unkown
page readonly
7FF5D7593000
unkown
page readonly
AE1D000
stack
page read and write
35E4000
unkown
page read and write
8870000
unkown
page readonly
363C3AF000
trusted library allocation
page read and write
9BA9000
unkown
page read and write
1FF4D00D000
heap
page read and write
99B6000
unkown
page read and write
FF7000
unkown
page readonly
1220000
unkown
page execute and read and write
3400000
unkown
page read and write
1360000
unkown
page readonly
1FF4CA42000
heap
page read and write
3530000
unkown
page read and write
8360000
unkown
page read and write
BDC0000
unkown
page read and write
3061000
unkown
page execute and read and write
1FF4AE77000
heap
page read and write
4AB0000
unkown
page read and write
7FF5D7669000
unkown
page readonly
91F0000
unkown
page readonly
B4D0000
unkown
page readonly
F2CA000
heap
page read and write
7FF5D760E000
unkown
page readonly
7FF5D6BEF000
unkown
page readonly
FF7000
unkown
page readonly
9B72000
unkown
page read and write
1FF4CA7B000
heap
page read and write
75FD000
unkown
page read and write
1FF4D028000
heap
page read and write
7FF5D75B8000
unkown
page readonly
7FF5D7591000
unkown
page readonly
4986000
unkown
page read and write
33F0000
unkown
page read and write
1FF4D110000
trusted library allocation
page read and write
1FF4CA7A000
heap
page read and write
1FF4CA7B000
heap
page read and write
196D3DCF000
heap
page read and write
9EAD000
stack
page read and write
180073000
unkown
page read and write
1FF4CA3A000
heap
page read and write
7686000
unkown
page read and write
3050000
unkown
page execute and read and write
1FF4D00D000
heap
page read and write
35B3000
unkown
page read and write
4A40000
unkown
page read and write
7FF5D74A6000
unkown
page readonly
1FF4C9D6000
heap
page read and write
1FF4D110000
trusted library allocation
page read and write
C61B000
unkown
page read and write
1FF4CF10000
heap
page read and write
7C70000
unkown
page readonly
98FD000
stack
page read and write
12D0000
unkown
page readonly
1FF4D110000
trusted library allocation
page read and write
7FF5D7385000
unkown
page readonly
A3AC000
unkown
page read and write
7DF4F2491000
unkown
page execute read
7FF5D7236000
unkown
page readonly
C642000
unkown
page read and write
C7CB000
unkown
page read and write
9A9E000
unkown
page read and write
1383000
heap
page read and write
7B60000
unkown
page readonly
7637000
unkown
page read and write
8880000
unkown
page readonly
196D5780000
heap
page read and write
7DF459564000
direct allocation
page read and write
49D6000
unkown
page read and write
10394000
unkown
page read and write
1FF4D110000
trusted library allocation
page read and write
3630000
unkown
page readonly
1FF4B0F0000
heap
page read and write
1FF4CA15000
heap
page read and write
77A1000
unkown
page read and write
7FF5D777A000
unkown
page readonly
E00000
unkown
page readonly
997C000
stack
page read and write
196D3D87000
heap
page read and write
1FF4CA42000
heap
page read and write
7FF5D7360000
unkown
page readonly
35D5000
unkown
page read and write
1FF4CA1E000
heap
page read and write
7FF5D7705000
unkown
page readonly
7DF4F2470000
unkown
page readonly
7FF5D72C8000
unkown
page readonly
1FF4CA43000
heap
page read and write
7FF5D72DF000
unkown
page readonly
1FF4CAA9000
heap
page read and write
7FF5D76C8000
unkown
page readonly
7FF5D7267000
unkown
page readonly
5479000
unkown
page read and write
10369000
unkown
page read and write
C973000
unkown
page read and write
B980000
unkown
page readonly
C9DD000
unkown
page read and write
1FF4CA87000
heap
page read and write
7FF5D7799000
unkown
page readonly
7FF5D71BF000
unkown
page readonly
7FF5D7745000
unkown
page readonly
A02E000
stack
page read and write
363CB75000
trusted library allocation
page read and write
363CB75000
trusted library allocation
page read and write
C61B000
unkown
page read and write
7FF5D74F2000
unkown
page readonly
7FF5D7404000
unkown
page readonly
363C6FE000
stack
page read and write
7FF5D75D9000
unkown
page readonly
363CB75000
trusted library allocation
page read and write
7FF5D7202000
unkown
page readonly
10254000
unkown
page read and write
3020000
unkown
page execute and read and write
4A44000
unkown
page read and write
1FF4CA7B000
heap
page read and write
363CB75000
trusted library allocation
page read and write
1FF4D028000
heap
page read and write
9B8B000
unkown
page read and write
363C8FD000
stack
page read and write
363CB7F000
trusted library allocation
page read and write
196D5ADC000
heap
page read and write
77DB000
unkown
page read and write
11C1000
unkown
page read and write
B0BD000
stack
page read and write
35B0000
unkown
page read and write
1FF4CA50000
heap
page read and write
1FF4CA37000
heap
page read and write
363CB7F000
trusted library allocation
page read and write
7FF5D7488000
unkown
page readonly
1FF4ADA0000
heap
page read and write
53E1000
unkown
page read and write
196D3DDE000
heap
page read and write
A313000
unkown
page read and write
76F8000
unkown
page read and write
BF3E000
stack
page read and write
7FF5D76C8000
unkown
page readonly
7FF5D744E000
unkown
page readonly
1FF4CA4E000
heap
page read and write
363CB75000
trusted library allocation
page read and write
7FF5D71EF000
unkown
page readonly
7FF5D77C7000
unkown
page readonly
7FF5D760B000
unkown
page readonly
C24E000
stack
page read and write
1FF4CA15000
heap
page read and write
35F4000
unkown
page read and write
196D3DC0000
heap
page read and write
84CA000
unkown
page read and write
8944000
unkown
page read and write
1FF4D110000
trusted library allocation
page read and write
1FF4CF10000
trusted library allocation
page read and write
C62D000
unkown
page read and write
7FF5D71CC000
unkown
page readonly
1FF4D028000
heap
page read and write
9A98000
unkown
page read and write
7FF5D7376000
unkown
page readonly
C669000
unkown
page read and write
C483000
unkown
page read and write
7AE0000
unkown
page read and write
7FF5D75FF000
unkown
page readonly
843F000
stack
page read and write
7FF5D751F000
unkown
page readonly
49FA000
unkown
page read and write
180000000
unkown
page readonly
363CB7F000
trusted library allocation
page read and write
A264000
unkown
page read and write
761E000
unkown
page read and write
7FF5D71CC000
unkown
page readonly
7FF5D71E0000
unkown
page readonly
1FF4CA55000
heap
page read and write
7FF5D7760000
unkown
page readonly
196D3DC4000
heap
page read and write
769A000
unkown
page read and write
363C3AF000
trusted library allocation
page read and write
84BB000
stack
page read and write
7FF5D772C000
unkown
page readonly
7FF5D770A000
unkown
page readonly
7FF5D748C000
unkown
page readonly
7FF5D77DA000
unkown
page readonly
7C90000
unkown
page read and write
C983000
unkown
page read and write
C625000
unkown
page read and write
7FF5D7648000
unkown
page readonly
A1AF000
stack
page read and write
7DF4F24A1000
unkown
page execute read
A39F000
unkown
page read and write
7FF5D77EB000
unkown
page readonly
3520000
unkown
page readonly
A9E9000
unkown
page read and write
895E000
unkown
page read and write
7FF5D719C000
unkown
page readonly
7FF5D66E3000
unkown
page readonly
C8CE000
unkown
page read and write
7FF5D75D9000
unkown
page readonly
7FF5D770F000
unkown
page readonly
7637000
unkown
page read and write
363CB7F000
trusted library allocation
page read and write
10394000
unkown
page read and write
196D3D8A000
heap
page read and write
7FF5D7442000
unkown
page readonly
C969000
unkown
page read and write
F0C000
heap
page read and write
A39F000
unkown
page read and write
C78A000
unkown
page read and write
7B80000
unkown
page readonly
AA0C000
unkown
page read and write
1FF4D00D000
heap
page read and write
1FF4D110000
trusted library allocation
page read and write
B03B000
stack
page read and write
9A90000
unkown
page read and write
C615000
unkown
page read and write
1FF4CA85000
heap
page read and write
A233000
unkown
page read and write
7FF5D75DF000
unkown
page readonly
7FF5D75AF000
unkown
page readonly
1FF4CA42000
heap
page read and write
B950000
unkown
page readonly
7FF5D7215000
unkown
page readonly
FB1000
unkown
page execute read
8390000
unkown
page execute and read and write
1FF4CA3A000
heap
page read and write
C73E000
unkown
page read and write
9AB4000
unkown
page read and write
196D5AD6000
heap
page read and write
1FF4AF37000
heap
page read and write
196D3D94000
heap
page read and write
7FF5D77DA000
unkown
page readonly
9ABD000
unkown
page read and write
7FF5D776F000
unkown
page readonly
7FF5D743F000
unkown
page readonly
7631000
unkown
page read and write
7FF5D774C000
unkown
page readonly
7AC0000
unkown
page read and write
4A90000
unkown
page read and write
7FF5D7396000
unkown
page readonly
7FF5D7604000
unkown
page readonly
BE70000
unkown
page readonly
7FF5D7669000
unkown
page readonly
C5F8000
unkown
page read and write
35BD000
unkown
page read and write
4A71000
unkown
page read and write
86D0000
unkown
page readonly
7FF5D723F000
unkown
page readonly
7611000
unkown
page read and write
99C0000
unkown
page read and write
7FF5D741B000
unkown
page readonly
7FF5D66E8000
unkown
page readonly
34DB000
stack
page read and write
8890000
unkown
page readonly
363CA7F000
stack
page read and write
3120000
unkown
page read and write
7FF5D6A4B000
unkown
page readonly
8CB8000
stack
page read and write
1FF4C9D5000
heap
page read and write
363CB7F000
trusted library allocation
page read and write
1FF4CA53000
heap
page read and write
76F8000
unkown
page read and write
C609000
unkown
page read and write
9B0B000
unkown
page read and write
7C80000
unkown
page read and write
7DF4F2480000
unkown
page readonly
7FF5D729E000
unkown
page readonly
7FF5D7764000
unkown
page readonly
7FF5D717C000
unkown
page readonly
7FF5D7784000
unkown
page readonly
7693000
unkown
page read and write
B980000
unkown
page readonly
B7DD000
stack
page read and write
9AAC000
unkown
page read and write
C73E000
unkown
page read and write
9A8E000
unkown
page read and write
1FF4CF10000
trusted library allocation
page read and write
75E0000
unkown
page read and write
82BB2FE000
stack
page read and write
7FF5D7764000
unkown
page readonly
7FF5D72BF000
unkown
page readonly
196D3BD0000
heap
page read and write
9B9A000
unkown
page read and write
4B00000
unkown
page read and write
1FF4D00D000
heap
page read and write
A12F000
stack
page read and write
1250000
unkown
page read and write
7FF5D77F0000
unkown
page readonly
7FF5D77EB000
unkown
page readonly
363CB75000
trusted library allocation
page read and write
180001000
unkown
page execute read
AA9D000
unkown
page read and write
7FF5D749B000
unkown
page readonly
7FF5D77E3000
unkown
page readonly
8931000
unkown
page read and write
7FF5D7418000
unkown
page readonly
1FF4CA76000
heap
page read and write
31FF000
stack
page read and write
7FF5D751F000
unkown
page readonly
C5FD000
unkown
page read and write
7DF4F24A1000
unkown
page execute read
7FF5D778A000
unkown
page readonly
E00000
heap
page read and write
C7C6000
unkown
page read and write
7FF5D7458000
unkown
page readonly
7B20000
unkown
page read and write
4A12000
unkown
page read and write
1FF4B0F5000
heap
page read and write
C914000
unkown
page read and write
7FF5D71A6000
unkown
page readonly
DF0000
heap
page read and write
3341000
unkown
page read and write
1FF4CA7B000
heap
page read and write
363CB7F000
trusted library allocation
page read and write
7FF5D7336000
unkown
page readonly
7FF5D7394000
unkown
page readonly
A3B6000
unkown
page read and write
7FF5D765F000
unkown
page readonly
9FAF000
stack
page read and write
7FF5D779E000
unkown
page readonly
1FF4AF37000
heap
page read and write
9AB4000
unkown
page read and write
1FF4CA0A000
heap
page read and write
7FF5D77E3000
unkown
page readonly
1FF4D110000
trusted library allocation
page read and write
F2C2000
heap
page read and write
9ABD000
unkown
page read and write
8948000
unkown
page read and write
1FF4D110000
trusted library allocation
page read and write
7FF5D7639000
unkown
page readonly
1FF4D024000
heap
page read and write
82BAFFF000
stack
page read and write
1FF4CAD1000
direct allocation
page execute read
C617000
unkown
page read and write
7FF5D716B000
unkown
page readonly
363C3A5000
trusted library allocation
page read and write
1FF4D110000
trusted library allocation
page read and write
1FF4CB4E000
heap
page read and write
196D3DA0000
heap
page read and write
7FF5D75BF000
unkown
page readonly
1FF4CA6F000
heap
page read and write
7FF5D7643000
unkown
page readonly
7DC0000
unkown
page readonly
4AFA000
unkown
page read and write
1FF4CA6F000
heap
page read and write
35CF000
unkown
page read and write
A9DF000
unkown
page read and write
BE90000
unkown
page read and write
7FF5D7244000
unkown
page readonly
A3B9000
unkown
page read and write
F2C0000
heap
page read and write
7FF5D7534000
unkown
page readonly
C7C000
stack
page read and write
A3B9000
unkown
page read and write
C65E000
unkown
page read and write
7FF5D75D6000
unkown
page readonly
AA9A000
unkown
page read and write
AA01000
unkown
page read and write
A237000
unkown
page read and write
C0BA000
stack
page read and write
A3B6000
unkown
page read and write
A28D000
unkown
page read and write
1FF4CA15000
heap
page read and write
9B93000
unkown
page read and write
7AA0000
unkown
page read and write
7FF5D76AF000
unkown
page readonly
F2C0000
heap
page read and write
C44F000
stack
page read and write
196D3DBD000
heap
page read and write
3380000
unkown
page execute and read and write
99C0000
unkown
page read and write
7FF5D7808000
unkown
page readonly
7FF5D7391000
unkown
page readonly
75FD000
unkown
page read and write
3486000
stack
page read and write
363CB7F000
trusted library allocation
page read and write
1220000
unkown
page execute and read and write
942B000
stack
page read and write
9AA8000
unkown
page read and write
7DF4F2480000
unkown
page readonly
1FF4CA3A000
heap
page read and write
363C3AF000
trusted library allocation
page read and write
1FF4CAA7000
heap
page read and write
7FF5D7272000
unkown
page readonly
1281000
unkown
page readonly
5330000
unkown
page write copy
75E0000
unkown
page read and write
7FF5D77B9000
unkown
page readonly
C8FA000
unkown
page read and write
4B00000
unkown
page read and write
3010000
unkown
page execute and read and write
362A000
unkown
page read and write
9A6A000
unkown
page read and write
1FF4CA4A000
heap
page read and write
35DC000
stack
page read and write
7FF5D7215000
unkown
page readonly
7D3E000
stack
page read and write
273F85000
direct allocation
page execute and read and write
1FF4CB0E000
direct allocation
page read and write
F13000
heap
page read and write
1FF4CA1D000
heap
page read and write
7FF5D71BF000
unkown
page readonly
35B5000
unkown
page read and write
7FF5D6BE4000
unkown
page readonly
1FF4CA59000
heap
page read and write
4AC0000
unkown
page read and write
893D000
unkown
page read and write
C8E3000
unkown
page read and write
86D0000
unkown
page readonly
49A8000
unkown
page read and write
7FF5D7450000
unkown
page readonly
AA0F000
unkown
page read and write
7440000
unkown
page read and write
77A1000
unkown
page read and write
FB0000
unkown
page readonly
BB10000
heap
page read and write
1FF4CF10000
trusted library allocation
page read and write
196D3D89000
heap
page read and write
363CA75000
trusted library allocation
page read and write
1FF4CA42000
heap
page read and write
363CB7F000
trusted library allocation
page read and write
2B5A000
heap
page read and write
7FF5D73F5000
unkown
page readonly
1FF4D024000
heap
page read and write
A9DF000
unkown
page read and write
7FF5D7236000
unkown
page readonly
C653000
unkown
page read and write
AA0C000
unkown
page read and write
894A000
unkown
page read and write
7FF5D71DA000
unkown
page readonly
9B2C000
unkown
page read and write
C81C000
unkown
page read and write
7FF5D7784000
unkown
page readonly
1FF4D024000
heap
page read and write
8931000
unkown
page read and write
102D3000
unkown
page read and write
9AB2000
unkown
page read and write
1FF4CA78000
heap
page read and write
8963000
unkown
page read and write
363CB75000
trusted library allocation
page read and write
9A84000
unkown
page read and write
7FF5D77CD000
unkown
page readonly
2EC0000
unkown
page readonly
7FF5D71DA000
unkown
page readonly
C035000
stack
page read and write
A391000
unkown
page read and write
196D3D60000
heap
page read and write
33B0000
unkown
page readonly
1395000
heap
page read and write
7FF5D75F6000
unkown
page readonly
7FF5D770F000
unkown
page readonly
7FF5D7289000
unkown
page readonly
4A71000
unkown
page read and write
C65E000
unkown
page read and write
13A0000
unkown
page readonly
7FF5D75A6000
unkown
page readonly
9AB2000
unkown
page read and write
86E0000
unkown
page readonly
893E000
unkown
page read and write
AAA9000
unkown
page read and write
C605000
unkown
page read and write
7FF5D7262000
unkown
page readonly
9AC3000
unkown
page read and write
7FF5D77CD000
unkown
page readonly
7FF5D7700000
unkown
page readonly
BFB8000
stack
page read and write
1FF4CA3A000
heap
page read and write
9D67000
unkown
page read and write
1FF4C990000
direct allocation
page execute and read and write
C7C6000
unkown
page read and write
9A94000
unkown
page read and write
1FF4CA7A000
heap
page read and write
C969000
unkown
page read and write
7FF5D732D000
unkown
page readonly
10254000
unkown
page read and write
EB5000
stack
page read and write
C62D000
unkown
page read and write
1FF4CA31000
heap
page read and write
7FF5D752F000
unkown
page readonly
1FF4CAD0000
direct allocation
page readonly
A2A2000
unkown
page read and write
7FF5D75CB000
unkown
page readonly
1FF4CA4E000
heap
page read and write
7FF5D77B6000
unkown
page readonly
12D0000
unkown
page readonly
7FF5D762F000
unkown
page readonly
B330000
unkown
page read and write
7FF5D76D7000
unkown
page readonly
A416000
unkown
page read and write
3290000
unkown
page execute and read and write
7FF5D7694000
unkown
page readonly
1390000
heap
page read and write
A39C000
unkown
page read and write
102D3000
unkown
page read and write
7FF5D783B000
unkown
page readonly
1FF4D110000
trusted library allocation
page read and write
7FF5D777A000
unkown
page readonly
7FF5D76DA000
unkown
page readonly
99B0000
unkown
page read and write
C605000
unkown
page read and write
C615000
unkown
page read and write
7FF5D7272000
unkown
page readonly
196D3D81000
heap
page read and write
1FF4D110000
trusted library allocation
page read and write
1160000
unkown
page read and write
49FA000
unkown
page read and write
8935000
unkown
page read and write
11C1000
unkown
page read and write
7440000
unkown
page read and write
C932000
unkown
page read and write
7B00000
unkown
page readonly
49BB000
unkown
page read and write
7FF5D729E000
unkown
page readonly
7AB0000
unkown
page read and write
7FF5D775C000
unkown
page readonly
843F000
stack
page read and write
7FF5D74C3000
unkown
page readonly
7FF5D75DF000
unkown
page readonly
3020000
unkown
page execute and read and write
9AA0000
unkown
page read and write
C5F4000
unkown
page read and write
5463000
unkown
page read and write
C981000
unkown
page read and write
7FF5D7795000
unkown
page readonly
1FF4B0E6000
direct allocation
page execute and read and write
363CB75000
trusted library allocation
page read and write
7B20000
unkown
page read and write
196D3CB0000
heap
page read and write
7DF4F2470000
unkown
page readonly
1FF4B090000
heap
page read and write
7FF5D7394000
unkown
page readonly
7FF5D77DD000
unkown
page readonly
E5F000
heap
page read and write
7FF5D72FB000
unkown
page readonly
7FF5D71C8000
unkown
page readonly
1340000
unkown
page read and write
363CB75000
trusted library allocation
page read and write
1FF4CA34000
heap
page read and write
100C000
unkown
page write copy
196D3DDE000
heap
page read and write
AA04000
unkown
page read and write
9A94000
unkown
page read and write
7FF5D77A4000
unkown
page readonly
1FF4CA4A000
heap
page read and write
1390000
heap
page read and write
82BB5FE000
stack
page read and write
363CB75000
trusted library allocation
page read and write
9D67000
unkown
page read and write
7FF5D7280000
unkown
page readonly
7FF5CE33D000
unkown
page readonly
7FF5D7589000
unkown
page readonly
9EB0000
unkown
page readonly
1FF4C9FD000
heap
page read and write
1241000
unkown
page read and write
C609000
unkown
page read and write
3520000
unkown
page readonly
1FF4CA76000
heap
page read and write
7FF5D7703000
unkown
page readonly
7E60000
unkown
page read and write
1FF4CF10000
trusted library allocation
page read and write
C866000
unkown
page read and write
196D3D81000
heap
page read and write
5463000
unkown
page read and write
AA40000
unkown
page read and write
C908000
unkown
page read and write
7FF5D7292000
unkown
page readonly
1FF4CA4A000
heap
page read and write
196D3D05000
heap
page read and write
9A6A000
unkown
page read and write
1395000
heap
page read and write
363C6E7000
stack
page read and write
8DCB000
stack
page read and write
C450000
unkown
page read and write
7FF5D706E000
unkown
page readonly
1FF4CA5F000
heap
page read and write
8900000
unkown
page read and write
C5F0000
unkown
page read and write
9A96000
unkown
page read and write
761E000
unkown
page read and write
363CB7F000
trusted library allocation
page read and write
7FF5D710B000
unkown
page readonly
7C90000
unkown
page read and write
363CB75000
trusted library allocation
page read and write
1FF4CA4A000
heap
page read and write
1350000
unkown
page readonly
C621000
unkown
page read and write
82BB3FF000
stack
page read and write
F5E000
stack
page read and write
7FF5D7262000
unkown
page readonly
7FF5D716B000
unkown
page readonly
7686000
unkown
page read and write
7DF4F2461000
unkown
page execute read
1FF4CA15000
heap
page read and write
1FF4CB18000
direct allocation
page read and write
C5F8000
unkown
page read and write
13A0000
unkown
page readonly
3100000
unkown
page read and write
7B80000
unkown
page readonly
4A90000
unkown
page read and write
A384000
unkown
page read and write
C5EC000
unkown
page read and write
7FF5D71C4000
unkown
page readonly
2FFD000
stack
page read and write
85BE000
stack
page read and write
76F8000
unkown
page read and write
EF8000
heap
page read and write
7FF5CE33D000
unkown
page readonly
7FF5D71AF000
unkown
page readonly
A3AC000
unkown
page read and write
18007C000
unkown
page write copy
7FF5D7385000
unkown
page readonly
9AAA000
unkown
page read and write
7AE0000
unkown
page read and write
7FF5D7593000
unkown
page readonly
8CB8000
stack
page read and write
363C7FD000
stack
page read and write
7FF5D7722000
unkown
page readonly
B85A000
stack
page read and write
E4CC000
stack
page read and write
4980000
unkown
page read and write
1FF4D00D000
heap
page read and write
C5FA000
unkown
page read and write
1FF4CA0A000
heap
page read and write
7FF5D7075000
unkown
page readonly
7FF5D6BE4000
unkown
page readonly
1FF4CA55000
heap
page read and write
7C70000
unkown
page readonly
1FF4D110000
trusted library allocation
page read and write
7605000
unkown
page read and write
1FF4CA39000
heap
page read and write
767F000
unkown
page read and write
1FF4CA4E000
heap
page read and write
AA0F000
unkown
page read and write
7FF5D75AF000
unkown
page readonly
1FF4CB15000
direct allocation
page read and write
7FF5D75C1000
unkown
page readonly
2B40000
heap
page read and write
7FF5D74FA000
unkown
page readonly
2E90000
unkown
page execute and read and write
7FF5D76D7000
unkown
page readonly
33C0000
unkown
page read and write
7FF5D771A000
unkown
page readonly
8C39000
stack
page read and write
7FF5D77C2000
unkown
page readonly
1FF4D110000
trusted library allocation
page read and write
1FF4CA4E000
heap
page read and write
1FF4AEAA000
heap
page read and write
7FF5D772C000
unkown
page readonly
1FF4D110000
trusted library allocation
page read and write
C78A000
unkown
page read and write
4AA0000
unkown
page read and write
1FF4CA15000
heap
page read and write
3064000
unkown
page execute and read and write
1FF4D110000
trusted library allocation
page read and write
7FF5D7458000
unkown
page readonly
A3C3000
unkown
page read and write
3370000
unkown
page execute and read and write
49BB000
unkown
page read and write
7FF5D77FD000
unkown
page readonly
363CB7F000
trusted library allocation
page read and write
A40E000
unkown
page read and write
7AB0000
unkown
page read and write
CA06000
unkown
page read and write
7611000
unkown
page read and write
BEA0000
unkown
page readonly
4A16000
unkown
page read and write
1FF4AE50000
heap
page read and write
2A20000
heap
page read and write
4A40000
unkown
page read and write
1FF4D028000
heap
page read and write
7FF5D77B6000
unkown
page readonly
7693000
unkown
page read and write
7FF5D764F000
unkown
page readonly
7FF5D7425000
unkown
page readonly
1731000
unkown
page readonly
C3CD000
stack
page read and write
1FF4CA55000
heap
page read and write
8944000
unkown
page read and write
7691000
unkown
page read and write
1FF4CB20000
heap
page readonly
A9FD000
unkown
page read and write
7B60000
unkown
page readonly
C983000
unkown
page read and write
7435000
stack
page read and write
7FF5D743F000
unkown
page readonly
7FF5D7792000
unkown
page readonly
FF0000
unkown
page readonly
7FF5D66E8000
unkown
page readonly
1031B000
unkown
page read and write
7DF4F2471000
unkown
page execute read
75F8000
unkown
page read and write
2B3D000
stack
page read and write
1FF4C9D1000
heap
page read and write
F2CA000
heap
page read and write
100C000
unkown
page read and write
7FF5D74B8000
unkown
page readonly
1FF4D110000
trusted library allocation
page read and write
9A84000
unkown
page read and write
7FF5D748C000
unkown
page readonly
7FF5D7065000
unkown
page readonly
9AAA000
unkown
page read and write
53E1000
unkown
page read and write
363CB75000
trusted library allocation
page read and write
7FF5D738E000
unkown
page readonly
1FF4CA42000
heap
page read and write
A9E9000
unkown
page read and write
7FF5D748A000
unkown
page readonly
895E000
unkown
page read and write
7FF5D75D6000
unkown
page readonly
7FF5D723C000
unkown
page readonly
9A90000
unkown
page read and write
3500000
stack
page read and write
1FF4D110000
trusted library allocation
page read and write
1FF4CA4A000
heap
page read and write
91F0000
unkown
page readonly
94F4000
unkown
page read and write
C9A7000
unkown
page read and write
1350000
unkown
page readonly
7FF5D77F7000
unkown
page readonly
196D3D9D000
heap
page read and write
7FF5D7795000
unkown
page readonly
1FF4AE72000
heap
page read and write
1FF4CA59000
heap
page read and write
1FF4ADD0000
heap
page read and write
7FF5D72CE000
unkown
page readonly
362D000
unkown
page read and write
C4BD000
unkown
page read and write
7FF5D771A000
unkown
page readonly
1FF4D024000
heap
page read and write
1200000
unkown
page execute and read and write
2F7E000
stack
page read and write
A12F000
stack
page read and write
7810000
unkown
page read and write
7FF5D7837000
unkown
page readonly
1FF4D110000
trusted library allocation
page read and write
9A9E000
unkown
page read and write
A02E000
stack
page read and write
A273000
unkown
page read and write
1731000
unkown
page readonly
4ADA000
unkown
page read and write
7FF5D776D000
unkown
page readonly
7FF5D7482000
unkown
page readonly
7FF5D7792000
unkown
page readonly
1200000
unkown
page execute and read and write
F13000
heap
page read and write
1FF4CA51000
heap
page read and write
7FF5D6BDB000
unkown
page readonly
A251000
unkown
page read and write
7609000
unkown
page read and write
1FF4CA76000
heap
page read and write
C460000
unkown
page read and write
8A70000
unkown
page read and write
A3C3000
unkown
page read and write
363CB7F000
trusted library allocation
page read and write
82BB0FE000
stack
page read and write
C8E3000
unkown
page read and write
C800000
unkown
page read and write
A2D7000
unkown
page read and write
A286000
unkown
page read and write
196D3DA1000
heap
page read and write
C863000
unkown
page read and write
A2B5000
unkown
page read and write
C5FA000
unkown
page read and write
363CB75000
trusted library allocation
page read and write
7435000
stack
page read and write
2EC0000
unkown
page readonly
7FF5D720A000
unkown
page readonly
1FF4D110000
trusted library allocation
page read and write
1FF4D024000
heap
page read and write
7FF5D6BEF000
unkown
page readonly
3280000
unkown
page read and write
363CB75000
trusted library allocation
page read and write
A2B5000
unkown
page read and write
1FF4CEE0000
remote allocation
page read and write
7FF5D75BF000
unkown
page readonly
7DD0000
heap
page read and write
7FF5D7558000
unkown
page readonly
7E58000
stack
page read and write
7FF5D7073000
unkown
page readonly
7FF5D7820000
unkown
page readonly
7FF5D7703000
unkown
page readonly
7C31000
unkown
page read and write
84BB000
stack
page read and write
7FF5D705D000
unkown
page readonly
3630000
unkown
page readonly
7FF5D72D3000
unkown
page readonly
B4BF000
stack
page read and write
BDC0000
unkown
page read and write
9A72000
unkown
page read and write
1380000
heap
page read and write
7FF5D774C000
unkown
page readonly
C983000
unkown
page read and write
7FF5D749B000
unkown
page readonly
7FF5D7257000
unkown
page readonly
3160000
unkown
page read and write
7DD0000
heap
page read and write
196D3D88000
heap
page read and write
10316000
unkown
page read and write
F9E000
stack
page read and write
99B0000
unkown
page read and write
7FF5D7391000
unkown
page readonly
86E0000
unkown
page readonly
9A98000
unkown
page read and write
779E000
unkown
page read and write
C933000
unkown
page read and write
760F000
unkown
page read and write
BB9D000
stack
page read and write
1FF4CA4C000
heap
page read and write
7FF5D776D000
unkown
page readonly
7FF5D75F9000
unkown
page readonly
2A8F000
stack
page read and write
35FA000
unkown
page read and write
C4DC000
unkown
page read and write
7FF5D7694000
unkown
page readonly
C61D000
unkown
page read and write
8F49000
stack
page read and write
7FF5D72D7000
unkown
page readonly
1FF4CF10000
trusted library allocation
page read and write
9A96000
unkown
page read and write
1FF4CB1B000
direct allocation
page readonly
7D3E000
stack
page read and write
A9A0000
unkown
page read and write
1FF4AE7A000
heap
page read and write
196D3DC4000
heap
page read and write
7FF5D71D7000
unkown
page readonly
9A80000
unkown
page read and write
7DF459561000
direct allocation
page read and write
5330000
unkown
page write copy
7FF5D720F000
unkown
page readonly
35C1000
unkown
page read and write
7FF5D7336000
unkown
page readonly
363CB7F000
trusted library allocation
page read and write
1FF4D110000
trusted library allocation
page read and write
1FF4CA52000
heap
page read and write
AA04000
unkown
page read and write
7691000
unkown
page read and write
363CB7F000
trusted library allocation
page read and write
7DF459500000
direct allocation
page read and write
8A00000
unkown
page read and write
FB1000
unkown
page execute read
7FF5D76DA000
unkown
page readonly
1FF4D024000
heap
page read and write
C663000
unkown
page read and write
C450000
unkown
page read and write
1FF4C9D3000
heap
page read and write
895F000
unkown
page read and write
1FF4CA4A000
heap
page read and write
BE90000
unkown
page read and write
9B8D000
unkown
page read and write
7FF5D75E9000
unkown
page readonly
1FF4CA55000
heap
page read and write
7FF5D732D000
unkown
page readonly
7FF5D74FA000
unkown
page readonly
1FF4D110000
trusted library allocation
page read and write
C4BD000
unkown
page read and write
7FF5D72D3000
unkown
page readonly
7FF5D7589000
unkown
page readonly
196D3D7C000
heap
page read and write
AA05000
unkown
page read and write
4A0E000
unkown
page read and write
A33F000
unkown
page read and write
1FF4CA7B000
heap
page read and write
9578000
stack
page read and write
1FF4CAD7000
heap
page read and write
7FF5D6BDB000
unkown
page readonly
1270000
unkown
page read and write
7FF5D7077000
unkown
page readonly
7FF5D781A000
unkown
page readonly
35C9000
unkown
page read and write
1FF4D110000
trusted library allocation
page read and write
363CB7F000
trusted library allocation
page read and write
DE0000
heap
page read and write
7FF5D75B8000
unkown
page readonly
7FF5D73F5000
unkown
page readonly
1FF4AEAA000
heap
page read and write
363CB75000
trusted library allocation
page read and write
7FF5D7452000
unkown
page readonly
18007D000
unkown
page readonly
35B0000
unkown
page read and write
8870000
unkown
page readonly
82BACFD000
stack
page read and write
8940000
unkown
page read and write
75F8000
unkown
page read and write
7FF5D766E000
unkown
page readonly
7FF5D723C000
unkown
page readonly
7FF5D720F000
unkown
page readonly
B0E0000
unkown
page readonly
10294000
unkown
page read and write
1FF4D00D000
heap
page read and write
35E4000
unkown
page read and write
C7BE000
unkown
page read and write
4980000
unkown
page read and write
2AF0000
heap
page read and write
7DF459520000
direct allocation
page readonly
196D3DBE000
heap
page read and write
3110000
unkown
page readonly
4AEA000
unkown
page read and write
363CB7F000
trusted library allocation
page read and write
3010000
unkown
page execute and read and write
1FF4CA3A000
heap
page read and write
1FF4C9D6000
heap
page read and write
7FF5D7837000
unkown
page readonly
77A1000
unkown
page read and write
7FF5D74C3000
unkown
page readonly
FF0000
unkown
page readonly
1220000
unkown
page execute and read and write
7FF5D76AF000
unkown
page readonly
4AFA000
unkown
page read and write
9B79000
unkown
page read and write
7686000
unkown
page read and write
7DF459550000
direct allocation
page read and write
1FF4CF10000
trusted library allocation
page read and write
C800000
unkown
page read and write
363C2AC000
stack
page read and write
7FF5D776F000
unkown
page readonly
1FF4C9FD000
heap
page read and write
7691000
unkown
page read and write
779E000
unkown
page read and write
C47F000
unkown
page read and write
35DC000
unkown
page read and write
C621000
unkown
page read and write
1FF4D110000
trusted library allocation
page read and write
A251000
unkown
page read and write
7AA0000
unkown
page read and write
1FF4C9FD000
heap
page read and write
10352000
unkown
page read and write
7FF5D7485000
unkown
page readonly
363CB75000
trusted library allocation
page read and write
7FF5D764F000
unkown
page readonly
1FF4D028000
heap
page read and write
C0BA000
stack
page read and write
7FF5D745B000
unkown
page readonly
7FF5D781A000
unkown
page readonly
1FF4CA59000
heap
page read and write
5E0000
heap
page read and write
7FF5D775C000
unkown
page readonly
11EF000
stack
page read and write
84CA000
unkown
page read and write
1380000
heap
page read and write
1FF4CA4E000
heap
page read and write
7FF5D769E000
unkown
page readonly
1383000
heap
page read and write
30BE000
stack
page read and write
7FF5D7648000
unkown
page readonly
C44F000
stack
page read and write
1FF4CA15000
heap
page read and write
C1CC000
stack
page read and write
7FF5D766E000
unkown
page readonly
1FF4D028000
heap
page read and write
C669000
unkown
page read and write
7E58000
stack
page read and write
1000000
heap
page read and write
AA0C000
unkown
page read and write
BB10000
heap
page read and write
363CB75000
trusted library allocation
page read and write
7FF5D758D000
unkown
page readonly
7FF5D7280000
unkown
page readonly
4A0E000
unkown
page read and write
35D5000
unkown
page read and write
1FF4CA55000
heap
page read and write
9AF9000
unkown
page read and write
1FF4C9D6000
heap
page read and write
C8C9000
unkown
page read and write
A3AA000
unkown
page read and write
E27000
heap
page read and write
C47F000
unkown
page read and write
7FF5D7546000
unkown
page readonly
1FF4CF10000
trusted library allocation
page read and write
1FF4CA59000
heap
page read and write
3110000
unkown
page readonly
7FF5D7452000
unkown
page readonly
77DB000
unkown
page read and write
1270000
unkown
page read and write
3170000
unkown
page read and write
180074000
unkown
page write copy
AA92000
unkown
page read and write
3400000
unkown
page read and write
7FF5D745B000
unkown
page readonly
33F0000
unkown
page read and write
7C31000
unkown
page read and write
1FF4C9D6000
heap
page read and write
7FF5D72FB000
unkown
page readonly
7FF5D72D0000
unkown
page readonly
C625000
unkown
page read and write
3320000
unkown
page read and write
196D3DDE000
heap
page read and write
C5FD000
unkown
page read and write
49C2000
unkown
page read and write
3341000
unkown
page read and write
9A80000
unkown
page read and write
7FF5D7230000
unkown
page readonly
7FF5D7398000
unkown
page readonly
196D3DDE000
heap
page read and write
EF0000
heap
page read and write
1FF4CF10000
trusted library allocation
page read and write
7460000
unkown
page read and write
7FF5D77E9000
unkown
page readonly
94F4000
unkown
page read and write
10352000
unkown
page read and write
82BB1FE000
stack
page read and write
7FF5D71E6000
unkown
page readonly
1FF4CF10000
trusted library allocation
page read and write
894A000
unkown
page read and write
1FF4CA3A000
heap
page read and write
A1AF000
stack
page read and write
C8E4000
unkown
page read and write
4A12000
unkown
page read and write
C908000
unkown
page read and write
7FF5D7700000
unkown
page readonly
7B10000
unkown
page read and write
7FF5D769E000
unkown
page readonly
35D3000
unkown
page read and write
7FF5D71E6000
unkown
page readonly
C5F4000
unkown
page read and write
7DF459570000
direct allocation
page execute read
52C000
stack
page read and write
1250000
unkown
page read and write
1FF4CA53000
heap
page read and write
7FF5D7077000
unkown
page readonly
85BE000
stack
page read and write
363C3AF000
trusted library allocation
page read and write
7E60000
unkown
page read and write
363CB7F000
trusted library allocation
page read and write
C7BE000
unkown
page read and write
3626000
unkown
page read and write
1FF4CA4A000
heap
page read and write
A313000
unkown
page read and write
363C3A5000
trusted library allocation
page read and write
49FD000
unkown
page read and write
7FF5D720A000
unkown
page readonly
7DF4F2460000
unkown
page readonly
8FD9000
stack
page read and write
4ADA000
unkown
page read and write
760B000
unkown
page read and write
1FF4CA42000
heap
page read and write
7FF5D75F2000
unkown
page readonly
9B9A000
unkown
page read and write
7DF4F2481000
unkown
page execute read
35BD000
unkown
page read and write
35CF000
unkown
page read and write
1FF4CA78000
heap
page read and write
1FF4CF10000
trusted library allocation
page read and write
9A8C000
unkown
page read and write
1FF4AE77000
heap
page read and write
7FF5D768B000
unkown
page readonly
8963000
unkown
page read and write
3530000
unkown
page read and write
B0BD000
stack
page read and write
7FF5D7604000
unkown
page readonly
C663000
unkown
page read and write
7FF5CE343000
unkown
page readonly
7FF5D72CE000
unkown
page readonly
339E000
stack
page read and write
9AAC000
unkown
page read and write
7FF5D7740000
unkown
page readonly
1FF4CA38000
heap
page read and write
9B41000
unkown
page read and write
7FF5D728E000
unkown
page readonly
AA40000
unkown
page read and write
3160000
unkown
page read and write
1FF4D024000
heap
page read and write
363CB7F000
trusted library allocation
page read and write
1FF4CA76000
heap
page read and write
7FF5D72C8000
unkown
page readonly
1FF4CAA3000
heap
page read and write
363C3A5000
trusted library allocation
page read and write
1FF4D110000
trusted library allocation
page read and write
8FD8000
stack
page read and write
196D5AD0000
heap
page read and write
7FF5D779E000
unkown
page readonly
196D3DAF000
heap
page read and write
1FF4D110000
trusted library allocation
page read and write
1FF4CB13000
direct allocation
page read and write
7FF5D7438000
unkown
page readonly
7FF5D7396000
unkown
page readonly
7FF5D770A000
unkown
page readonly
A233000
unkown
page read and write
363C97A000
stack
page read and write
C908000
unkown
page read and write
96FE000
stack
page read and write
7FF5D7407000
unkown
page readonly
7FF5D7309000
unkown
page readonly
7FF5D7398000
unkown
page readonly
196D3DB0000
heap
page read and write
7DF4F2491000
unkown
page execute read
10294000
unkown
page read and write
7FF5D7722000
unkown
page readonly
2B70000
heap
page read and write
7FF5D74F2000
unkown
page readonly
C472000
unkown
page read and write
C48B000
unkown
page read and write
1FF4AF37000
heap
page read and write
35CD000
unkown
page read and write
1FF4C9D6000
heap
page read and write
8948000
unkown
page read and write
1FF4ADB0000
heap
page read and write
1FF4CEE0000
trusted library allocation
page read and write
1FF4CA15000
heap
page read and write
82BA94A000
stack
page read and write
3140000
unkown
page read and write
7FF5D7482000
unkown
page readonly
C979000
unkown
page read and write
7FF5D760E000
unkown
page readonly
1FF4CEE0000
trusted library allocation
page read and write
49A8000
unkown
page read and write
1FF4CA7A000
heap
page read and write
8510000
unkown
page execute and read and write
1FF4CF10000
trusted library allocation
page read and write
AA40000
unkown
page read and write
1FF4CA7A000
heap
page read and write
C7CB000
unkown
page read and write
C85F000
unkown
page read and write
7FF5D762F000
unkown
page readonly
A39C000
unkown
page read and write
9B8B000
unkown
page read and write
9679000
stack
page read and write
7654000
unkown
page read and write
1FF4CA3A000
heap
page read and write
1FF4CF10000
trusted library allocation
page read and write
A9A0000
unkown
page read and write
1031B000
unkown
page read and write
9A72000
unkown
page read and write
35C9000
unkown
page read and write
362A000
unkown
page read and write
1FF4D110000
trusted library allocation
page read and write
C969000
unkown
page read and write
196D3D95000
heap
page read and write
3290000
unkown
page execute and read and write
C4C6000
unkown
page read and write
7FF5D75C1000
unkown
page readonly
7FF5D7691000
unkown
page readonly
AA92000
unkown
page read and write
7FF5D7507000
unkown
page readonly
7FF5D77C2000
unkown
page readonly
7FF5D71EF000
unkown
page readonly
C973000
unkown
page read and write
196D3DDE000
heap
page read and write
A220000
unkown
page read and write
7FF5D700E000
unkown
page readonly
363C87E000
stack
page read and write
1FF4D110000
trusted library allocation
page read and write
760F000
unkown
page read and write
7DF4F2460000
unkown
page readonly
1FF4D110000
trusted library allocation
page read and write
1FF4CF10000
trusted library allocation
page read and write
3064000
unkown
page execute and read and write
1245000
unkown
page read and write
7FF5D77DD000
unkown
page readonly
1FF4D110000
trusted library allocation
page read and write
7C80000
unkown
page read and write
7810000
unkown
page read and write
1FF4D110000
trusted library allocation
page read and write
7FF5D744B000
unkown
page readonly
273F41000
direct allocation
page execute and read and write
B85A000
stack
page read and write
196D3DBE000
heap
page read and write
7618000
unkown
page read and write
7FF5D7257000
unkown
page readonly
7FF5D72D7000
unkown
page readonly
893D000
unkown
page read and write
7FF5D7760000
unkown
page readonly
2AD0000
heap
page read and write
1FF4CA76000
heap
page read and write
7FF5D75B3000
unkown
page readonly
C653000
unkown
page read and write
7FF5D7073000
unkown
page readonly
8520000
unkown
page execute and read and write
35DC000
unkown
page read and write
BF3E000
stack
page read and write
7FF5D71C8000
unkown
page readonly
1FF4CB10000
direct allocation
page read and write
7AF1000
unkown
page read and write
A40E000
unkown
page read and write
B0E0000
unkown
page readonly
7FF5D744B000
unkown
page readonly
7FF5D7230000
unkown
page readonly
C496000
unkown
page read and write
35CD000
unkown
page read and write
2B50000
heap
page read and write
1FF4D110000
trusted library allocation
page read and write
7FF5D77E0000
unkown
page readonly
760D000
unkown
page read and write
8360000
unkown
page read and write
C46F000
unkown
page read and write
9679000
stack
page read and write
363CB7F000
trusted library allocation
page read and write
1FF4D110000
trusted library allocation
page read and write
7FF5D738E000
unkown
page readonly
1FF4CA36000
heap
page read and write
7FF5D7820000
unkown
page readonly
7FF5D71F9000
unkown
page readonly
1035B000
unkown
page read and write
9E2D000
stack
page read and write
7FF5D76D5000
unkown
page readonly
760D000
unkown
page read and write
7FF5D77D2000
unkown
page readonly
7FF5D75FF000
unkown
page readonly
363CA7F000
trusted library allocation
page read and write
AA97000
unkown
page read and write
7FF5D747F000
unkown
page readonly
7FF5D778A000
unkown
page readonly
7FF5D77A8000
unkown
page readonly
7FF5D6AB6000
unkown
page readonly
7FF5D72BD000
unkown
page readonly
7FF5D7284000
unkown
page readonly
2E90000
unkown
page execute and read and write
7DC0000
unkown
page readonly
A9FD000
unkown
page read and write
7FF5D77A8000
unkown
page readonly
1FF4CF10000
trusted library allocation
page read and write
9A92000
unkown
page read and write
7FF5D7485000
unkown
page readonly
7FF5D717C000
unkown
page readonly
5479000
unkown
page read and write
196D3DC1000
heap
page read and write
196D3DAD000
heap
page read and write
1230000
unkown
page execute and read and write
A416000
unkown
page read and write
196D3DC3000
heap
page read and write
C973000
unkown
page read and write
C24E000
stack
page read and write
196D3D95000
heap
page read and write
A2D7000
unkown
page read and write
7FF5CE343000
unkown
page readonly
7FF5D76E8000
unkown
page readonly
9B2C000
unkown
page read and write
7FF5D7438000
unkown
page readonly
7FF5D75F6000
unkown
page readonly
35D1000
unkown
page read and write
4A16000
unkown
page read and write
35B3000
unkown
page read and write
7FF5D7799000
unkown
page readonly
9A76000
unkown
page read and write
1FF4CF10000
trusted library allocation
page read and write
8940000
unkown
page read and write
7FF5D7488000
unkown
page readonly
196D3DD0000
heap
page read and write
7FF5D7289000
unkown
page readonly
7631000
unkown
page read and write
7FF5D706E000
unkown
page readonly
8940000
unkown
page read and write
1FF4CA55000
heap
page read and write
7FF5D7065000
unkown
page readonly
196D5AD6000
heap
page read and write
1FF4CEE0000
remote allocation
page read and write
7FF5D7523000
unkown
page readonly
7DF4F2461000
unkown
page execute read
There are 1607 hidden memdumps, click here to show them.