Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C2ADPhotosSetupEN.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
|
C:\Config.Msi\431a49.rbs
|
data
|
modified
|
||
|
C:\Program Files\CodeTwo\CodeTwo Active Directory Photos\C2.Common.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Program Files\CodeTwo\CodeTwo Active Directory Photos\C2ADPhotos.AD.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Program Files\CodeTwo\CodeTwo Active Directory Photos\C2ADPhotos.Common.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Program Files\CodeTwo\CodeTwo Active Directory Photos\C2ADPhotos.Controls.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Program Files\CodeTwo\CodeTwo Active Directory Photos\C2WinUI.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Program Files\CodeTwo\CodeTwo Active Directory Photos\C2Wpf.Common.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Program Files\CodeTwo\CodeTwo Active Directory Photos\C2Wpf.Controls.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Program Files\CodeTwo\CodeTwo Active Directory Photos\CodeTwo Active Directory Photos.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Program Files\CodeTwo\CodeTwo Active Directory Photos\CodeTwo Active Directory Photos.exe.config
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\CodeTwo\CodeTwo Active Directory Photos\Data\HomePage.url
|
MS Windows 95 Internet shortcut text (URL=<http://www.codetwo.com/freeware/active-directory-photos?sts=1327>), ASCII text,
with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\CodeTwo\CodeTwo Active Directory Photos\Data\User's manual.url
|
MS Windows 95 Internet shortcut text (URL=<http://www.codetwo.com/userguide/active-directory-photos/intro.htm?sts=1327>),
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\CodeTwo\CodeTwo Active Directory Photos\ER.Shared.Common.2.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Program Files\CodeTwo\CodeTwo Active Directory Photos\ER.Shared.Html.2.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Program Files\CodeTwo\CodeTwo Active Directory Photos\ER.Shared.MessageComposition.Lib.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Program Files\CodeTwo\CodeTwo Active Directory Photos\ER.Shared.Placeholders.2.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Program Files\CodeTwo\CodeTwo Active Directory Photos\ER.Shared.RulesProcessor.2.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Program Files\CodeTwo\CodeTwo Active Directory Photos\ER.Shared.Settings.2.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Program Files\CodeTwo\CodeTwo Active Directory Photos\TXTextControl.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Program Files\CodeTwo\CodeTwo Active Directory Photos\tx151.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Program Files\CodeTwo\CodeTwo Active Directory Photos\tx151rtf.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Program Files\CodeTwo\CodeTwo Active Directory Photos\tx151tls.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\ProgramData\MSI Cache\{C1FB6A80-5028-4922-AF16-C3A9EC1C5379}\C2ADPhotosSetupENx64.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: CodeTwo Active Directory Photos, Author: CodeTwo, Keywords: Installer, Comments: (c) 2020 CodeTwo. All
rights reserved., Template: x64;1033, Revision Number: {85D5E36E-A38F-44FA-B9D7-04B56ACDA73E}, Create Time/Date: Tue Jan
5 13:46:22 2021, Last Saved Time/Date: Tue Jan 5 13:46:22 2021, Number of Pages: 300, Number of Words: 2, Name of Creating
Application: Windows Installer XML Toolset (3.11.0.1701), Security: 2
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeTwo\CodeTwo Active Directory Photos\CodeTwo Active Directory Photos.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Archive,
ctime=Tue Jan 5 17:46:20 2021, mtime=Fri Oct 25 13:35:47 2024, atime=Tue Jan 5 17:46:20 2021, length=2016008, window=hide
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeTwo\CodeTwo Active Directory Photos\Go to program home page.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Icon
number=0, Archive, ctime=Mon Jan 4 13:39:22 2021, mtime=Fri Oct 25 13:35:47 2024, atime=Mon Jan 4 13:39:22 2021, length=90,
window=hide
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeTwo\CodeTwo Active Directory Photos\User's manual.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Icon
number=0, Archive, ctime=Mon Jan 4 13:39:22 2021, mtime=Fri Oct 25 13:35:47 2024, atime=Mon Jan 4 13:39:22 2021, length=101,
window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Local\CodeTwo\AD Photos\Cache\items.xml
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\CodeTwo\AD Photos\Logs\2024.10.25_00001.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\CodeTwo\AD Photos\Settings\settings.xml
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (2257), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\CodeTwo Active Directory Photos.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\CodeTwo Applications Temporary Settings\faa7d046-c44d-490b-a4c4-4530272bb092
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSI9BE.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\431a48.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: CodeTwo Active Directory Photos, Author: CodeTwo, Keywords: Installer, Comments: (c) 2020 CodeTwo. All
rights reserved., Template: x64;1033, Revision Number: {85D5E36E-A38F-44FA-B9D7-04B56ACDA73E}, Create Time/Date: Tue Jan
5 13:46:22 2021, Last Saved Time/Date: Tue Jan 5 13:46:22 2021, Number of Pages: 300, Number of Words: 2, Name of Creating
Application: Windows Installer XML Toolset (3.11.0.1701), Security: 2
|
dropped
|
||
|
C:\Windows\Installer\431a4a.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: CodeTwo Active Directory Photos, Author: CodeTwo, Keywords: Installer, Comments: (c) 2020 CodeTwo. All
rights reserved., Template: x64;1033, Revision Number: {85D5E36E-A38F-44FA-B9D7-04B56ACDA73E}, Create Time/Date: Tue Jan
5 13:46:22 2021, Last Saved Time/Date: Tue Jan 5 13:46:22 2021, Number of Pages: 300, Number of Words: 2, Name of Creating
Application: Windows Installer XML Toolset (3.11.0.1701), Security: 2
|
dropped
|
||
|
C:\Windows\Installer\MSI1E11.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSI1EDD.tmp
|
data
|
dropped
|
||
|
C:\Windows\Installer\SourceHash{A5C74DC7-9616-4A5E-846D-F56E256CF46F}
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Installer\inprogressinstallinfo.ipi
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Installer\{A5C74DC7-9616-4A5E-846D-F56E256CF46F}\icon.ico
|
MS Windows icon resource - 9 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
|
dropped
|
||
|
C:\Windows\Installer\{A5C74DC7-9616-4A5E-846D-F56E256CF46F}\ie.ico
|
MS Windows icon resource - 2 icons, 32x32, 16x16
|
dropped
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\~DF196D1133CD399CF8.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF3F7EAF4F5ADCC4BF.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF46FE766947CBCC9A.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF8CA88C56E74E7E2F.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF989544F757F69EF6.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFC740DF0614F93682.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFD02EA1444F981F5D.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFD139A1C245630496.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFD2F009AA6B86C0CE.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFF164ACC84465A887.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFF2B2D8159DBF2E89.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DFF987463988E13002.TMP
|
data
|
dropped
|
||
|
\Device\Mup\user-PC*\MAILSLOT\NET\NETLOGON
|
data
|
dropped
|
There are 45 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\C2ADPhotosSetupEN.exe
|
"C:\Users\user\Desktop\C2ADPhotosSetupEN.exe"
|
||
|
C:\Windows\System32\msiexec.exe
|
C:\Windows\system32\msiexec.exe /V
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding D9E5602CD0D1E59BA79DE8DE2B3D0A62 C
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding 3336940CC5EF5A00D0ECD9674475EFA1
|
||
|
C:\Program Files\CodeTwo\CodeTwo Active Directory Photos\CodeTwo Active Directory Photos.exe
|
"C:\Program Files\CodeTwo\CodeTwo Active Directory Photos\CodeTwo Active Directory Photos.exe"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://codetwo.com/ITimeService/SetOffsetT
|
unknown
|
||
|
https://www.codetwo.com?sts=1328
|
unknown
|
||
|
http://codetwo.com/ITimeService/SetOffsetResponse
|
unknown
|
||
|
http://codetwo.comT
|
unknown
|
||
|
http://ocsp.sectigo.com0
|
unknown
|
||
|
http://schemas.datacontract.org
|
unknown
|
||
|
http://codetwo.com/ITimeService/GetCurrentTimeResponsew
|
unknown
|
||
|
http://schemas.datacontract.org/2004/07/ER.Shared.Placeholders
|
unknown
|
||
|
https://instagram.com/user_name_here
|
unknown
|
||
|
http://certificates.godaddy.com/repository/0
|
unknown
|
||
|
http://schemas.codetwo.com/Net45/definedI
|
unknown
|
||
|
https://www.codetwo.com/userguide/active-directory-photos/multi-photo.htm?sts=1327#automatch
|
unknown
|
||
|
https://www.codetwo.com/userguide/active-directory-photos/photo-editor.htm?sts=1327
|
unknown
|
||
|
http://schemas.datacontract.org/2004/07/System.Xml
|
unknown
|
||
|
http://codetwo.com/ITimeService/ResetOffsetT
|
unknown
|
||
|
http://www.codetwo.com/EmailTracking
|
unknown
|
||
|
http://www.codetwo.comohttp://www.codetwo.com/freeware/active-directory-photos
|
unknown
|
||
|
http://www.codetw.com
|
unknown
|
||
|
http://crl.godaddy.com/gdig2s5-6.crl0
|
unknown
|
||
|
https://www.codetwo.com/freeware/active-directory-photos?sts=1327
|
unknown
|
||
|
http://www.codetwo.com;
|
unknown
|
||
|
https://sectigo.com/CPS0D
|
unknown
|
||
|
http://www.w3.o
|
unknown
|
||
|
https://twitter.com/user_name_here
|
unknown
|
||
|
https://www.codetwo.com/solutions-for-exchange-server/?sts=1326
|
unknown
|
||
|
http://schemas.datacontract.org/2004/07/C2ADPhotos.AD
|
unknown
|
||
|
http://www.codetwo.com5
|
unknown
|
||
|
http://www.codetwo.com8
|
unknown
|
||
|
https://www.codetwo.com/userguide/active-directory-photos/multi-photo.htm?sts=1327#import
|
unknown
|
||
|
http://certificates.godaddy.com/repository/gdig2.crt0
|
unknown
|
||
|
https://www.pinterest.com/user_name_here
|
unknown
|
||
|
http://codetwo.com/ITimeService/ResetOffsetResponseI
|
unknown
|
||
|
http://www.codetwo.com.
|
unknown
|
||
|
http://crl.godaddy.com/gdig2s5-3.crl0
|
unknown
|
||
|
http://www.codetwo.com0
|
unknown
|
||
|
http://www.codetwo.com/
|
unknown
|
||
|
http://badoo.com/user_name_here
|
unknown
|
||
|
http://url_to/rss.xml
|
unknown
|
||
|
http://www.codetwo.comh
|
unknown
|
||
|
http://www.codetwo.com/freeware/active-directory-photos?sts=1327
|
unknown
|
||
|
https://www.codetwo.com/kb/images-online-vs-embedded/
|
unknown
|
||
|
http://schemas.datacontract.org/2004/07/
|
unknown
|
||
|
http://user_name_here.tumblr.com
|
unknown
|
||
|
http://www.codetwo.com
|
unknown
|
||
|
https://www.linkedin.com/company/user_name_here
|
unknown
|
||
|
http://certs.godaddy.com/repository/1301
|
unknown
|
||
|
http://schemas.datacontract.org/2004/07/C2ADPhotos.Common
|
unknown
|
||
|
http://www.codetwo.comT
|
unknown
|
||
|
http://www.codetwo.comV
|
unknown
|
||
|
http://www.codetwo.comX
|
unknown
|
||
|
https://certs.godaddy.com/repository/0
|
unknown
|
||
|
http://schemas.codetwo.com/Net45/defined
|
unknown
|
||
|
https://userphotos365.codetwo.com
|
unknown
|
||
|
https://soundcloud.com/user_name_here
|
unknown
|
||
|
http://www.w3.oh
|
unknown
|
||
|
https://plus.google.com/
|
unknown
|
||
|
https://www.youtube.com/user/user_name_here
|
unknown
|
||
|
http://crl.godaddy.com/gdroot-g2.crl0F
|
unknown
|
||
|
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
|
unknown
|
||
|
http://www.codetwo.com/form/uninstall/active-directory-photos/
|
unknown
|
||
|
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
|
unknown
|
||
|
https://www.xing.com/profile/user_name_here
|
unknown
|
||
|
https://www.codetwo.com/exchange-rules-pro/how-to-add-signatures-with-photos-from-active-directory?s
|
unknown
|
||
|
https://www.codetwo.com/userguide/active-directory-photos/interface.htm?sts=1327#custom-filter
|
unknown
|
||
|
http://codetwo.com/CRM
|
unknown
|
||
|
https://www.codetwo.com/userguide/active-directory-photos/settings.htm?sts=1327
|
unknown
|
||
|
http://codetwo.com/ITimeService/GetCurrentTimeT
|
unknown
|
||
|
http://www.codetwo.comp
|
unknown
|
There are 58 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer
|
GlobalAssocChangedCounter
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Config.Msi\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\431a49.rbs
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\431a49.rbsLow
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C6BEB92658ACEB43A8DFB27C3398F00
|
7CD47C5A6169E5A448D65FE652C64FF6
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\91FAAEE1DE2B85D4CA90A0C4F7F3AF3E
|
7CD47C5A6169E5A448D65FE652C64FF6
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2A406E8CD3DDB024F8845B5522324739
|
7CD47C5A6169E5A448D65FE652C64FF6
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\897E336764755D94699EE8C04C86E109
|
7CD47C5A6169E5A448D65FE652C64FF6
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FD36F4D20BA58E24598E903AE98D19AC
|
7CD47C5A6169E5A448D65FE652C64FF6
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65EFD11CE11316046B45408F53EFC82F
|
7CD47C5A6169E5A448D65FE652C64FF6
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E18B13F7B2BE4EA418F9087E745AFC96
|
7CD47C5A6169E5A448D65FE652C64FF6
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\997D46A98DC40FF43AEA601C73521EAC
|
7CD47C5A6169E5A448D65FE652C64FF6
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6326D8335CCFB3F49A92F687E9F11878
|
7CD47C5A6169E5A448D65FE652C64FF6
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71FAB393A5EEC494DBB75278206EA1EA
|
7CD47C5A6169E5A448D65FE652C64FF6
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\74E20D8518239554FA67CD9364DC17FD
|
7CD47C5A6169E5A448D65FE652C64FF6
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D507EFFCA64C58E4094FD588D179E0B5
|
7CD47C5A6169E5A448D65FE652C64FF6
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\56D30D8EF2C1F444F83F85A60BC45D7E
|
7CD47C5A6169E5A448D65FE652C64FF6
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D07DDFA825C7A284FA2FDF3AB8B3CE24
|
7CD47C5A6169E5A448D65FE652C64FF6
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC07FA79A8C799441AD09D360802A8F8
|
7CD47C5A6169E5A448D65FE652C64FF6
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F20031E0FF094C14D89FCB71482BD314
|
7CD47C5A6169E5A448D65FE652C64FF6
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\21FC91685B6A8264092FE61666D74F63
|
7CD47C5A6169E5A448D65FE652C64FF6
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D151F02A87BA52F44A2AB2B4D00C1261
|
7CD47C5A6169E5A448D65FE652C64FF6
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8A73CA5BBD941324294BA13FA715381A
|
7CD47C5A6169E5A448D65FE652C64FF6
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A2BABBD956B36E447A4C9930FBDD63D4
|
7CD47C5A6169E5A448D65FE652C64FF6
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C0A9E37F0DECCFF4B9E80D52ED76E6A4
|
7CD47C5A6169E5A448D65FE652C64FF6
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2335E23AF143B454E9CDFCEA872ABC51
|
7CD47C5A6169E5A448D65FE652C64FF6
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B8CD4D0DCE4DDC34DBC28A4512812358
|
7CD47C5A6169E5A448D65FE652C64FF6
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C758836CDF4720B488FB828600BBDD5F
|
7CD47C5A6169E5A448D65FE652C64FF6
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A1C97D45B037BB47BF32BE1DBA1BD26
|
7CD47C5A6169E5A448D65FE652C64FF6
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C71CE8261ECB5049AF19AE7D5D0BDC2
|
7CD47C5A6169E5A448D65FE652C64FF6
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Program Files\CodeTwo\CodeTwo Active Directory Photos\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Program Files\CodeTwo\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Program Files\CodeTwo\CodeTwo Active Directory Photos\Data\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Windows\Installer\{A5C74DC7-9616-4A5E-846D-F56E256CF46F}\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeTwo\CodeTwo Active Directory Photos\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeTwo\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CodeTwo\CodeTwo Active Directory Photos
|
InstanceID
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CodeTwo\CodeTwo Active Directory Photos
|
SourceInfo
|
||
|
HKEY_CURRENT_USER\SOFTWARE\CodeTwo\CodeTwo Active Directory Photos
|
installed
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\CodeTwo\CodeTwo Active Directory Photos
|
InstanceID
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\CodeTwo\CodeTwo Active Directory Photos
|
SourceInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7CD47C5A6169E5A448D65FE652C64FF6\InstallProperties
|
LocalPackage
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7CD47C5A6169E5A448D65FE652C64FF6\InstallProperties
|
AuthorizedCDFPrefix
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7CD47C5A6169E5A448D65FE652C64FF6\InstallProperties
|
Comments
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7CD47C5A6169E5A448D65FE652C64FF6\InstallProperties
|
Contact
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7CD47C5A6169E5A448D65FE652C64FF6\InstallProperties
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7CD47C5A6169E5A448D65FE652C64FF6\InstallProperties
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7CD47C5A6169E5A448D65FE652C64FF6\InstallProperties
|
HelpTelephone
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7CD47C5A6169E5A448D65FE652C64FF6\InstallProperties
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7CD47C5A6169E5A448D65FE652C64FF6\InstallProperties
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7CD47C5A6169E5A448D65FE652C64FF6\InstallProperties
|
InstallSource
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7CD47C5A6169E5A448D65FE652C64FF6\InstallProperties
|
ModifyPath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7CD47C5A6169E5A448D65FE652C64FF6\InstallProperties
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7CD47C5A6169E5A448D65FE652C64FF6\InstallProperties
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7CD47C5A6169E5A448D65FE652C64FF6\InstallProperties
|
Readme
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7CD47C5A6169E5A448D65FE652C64FF6\InstallProperties
|
Size
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7CD47C5A6169E5A448D65FE652C64FF6\InstallProperties
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7CD47C5A6169E5A448D65FE652C64FF6\InstallProperties
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7CD47C5A6169E5A448D65FE652C64FF6\InstallProperties
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7CD47C5A6169E5A448D65FE652C64FF6\InstallProperties
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7CD47C5A6169E5A448D65FE652C64FF6\InstallProperties
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7CD47C5A6169E5A448D65FE652C64FF6\InstallProperties
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7CD47C5A6169E5A448D65FE652C64FF6\InstallProperties
|
WindowsInstaller
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7CD47C5A6169E5A448D65FE652C64FF6\InstallProperties
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7CD47C5A6169E5A448D65FE652C64FF6\InstallProperties
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A5C74DC7-9616-4A5E-846D-F56E256CF46F}
|
AuthorizedCDFPrefix
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A5C74DC7-9616-4A5E-846D-F56E256CF46F}
|
Comments
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A5C74DC7-9616-4A5E-846D-F56E256CF46F}
|
Contact
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A5C74DC7-9616-4A5E-846D-F56E256CF46F}
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A5C74DC7-9616-4A5E-846D-F56E256CF46F}
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A5C74DC7-9616-4A5E-846D-F56E256CF46F}
|
HelpTelephone
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A5C74DC7-9616-4A5E-846D-F56E256CF46F}
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A5C74DC7-9616-4A5E-846D-F56E256CF46F}
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A5C74DC7-9616-4A5E-846D-F56E256CF46F}
|
InstallSource
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A5C74DC7-9616-4A5E-846D-F56E256CF46F}
|
ModifyPath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A5C74DC7-9616-4A5E-846D-F56E256CF46F}
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A5C74DC7-9616-4A5E-846D-F56E256CF46F}
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A5C74DC7-9616-4A5E-846D-F56E256CF46F}
|
Readme
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A5C74DC7-9616-4A5E-846D-F56E256CF46F}
|
Size
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A5C74DC7-9616-4A5E-846D-F56E256CF46F}
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A5C74DC7-9616-4A5E-846D-F56E256CF46F}
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A5C74DC7-9616-4A5E-846D-F56E256CF46F}
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A5C74DC7-9616-4A5E-846D-F56E256CF46F}
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A5C74DC7-9616-4A5E-846D-F56E256CF46F}
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A5C74DC7-9616-4A5E-846D-F56E256CF46F}
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A5C74DC7-9616-4A5E-846D-F56E256CF46F}
|
WindowsInstaller
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A5C74DC7-9616-4A5E-846D-F56E256CF46F}
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A5C74DC7-9616-4A5E-846D-F56E256CF46F}
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\11078483A41679A4B8727204A4E54BFD
|
7CD47C5A6169E5A448D65FE652C64FF6
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7CD47C5A6169E5A448D65FE652C64FF6\InstallProperties
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A5C74DC7-9616-4A5E-846D-F56E256CF46F}
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\7CD47C5A6169E5A448D65FE652C64FF6
|
MainFeature
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7CD47C5A6169E5A448D65FE652C64FF6\Features
|
MainFeature
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7CD47C5A6169E5A448D65FE652C64FF6\Patches
|
AllPatches
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7CD47C5A6169E5A448D65FE652C64FF6
|
ProductName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7CD47C5A6169E5A448D65FE652C64FF6
|
PackageCode
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7CD47C5A6169E5A448D65FE652C64FF6
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7CD47C5A6169E5A448D65FE652C64FF6
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7CD47C5A6169E5A448D65FE652C64FF6
|
Assignment
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7CD47C5A6169E5A448D65FE652C64FF6
|
AdvertiseFlags
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7CD47C5A6169E5A448D65FE652C64FF6
|
ProductIcon
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7CD47C5A6169E5A448D65FE652C64FF6
|
InstanceType
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7CD47C5A6169E5A448D65FE652C64FF6
|
AuthorizedLUAApp
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7CD47C5A6169E5A448D65FE652C64FF6
|
DeploymentFlags
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\11078483A41679A4B8727204A4E54BFD
|
7CD47C5A6169E5A448D65FE652C64FF6
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7CD47C5A6169E5A448D65FE652C64FF6\SourceList
|
PackageName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7CD47C5A6169E5A448D65FE652C64FF6\SourceList\Net
|
1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7CD47C5A6169E5A448D65FE652C64FF6\SourceList\Media
|
1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7CD47C5A6169E5A448D65FE652C64FF6
|
Clients
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7CD47C5A6169E5A448D65FE652C64FF6\SourceList
|
LastUsedSource
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings
|
StringCacheGeneration
|
There are 104 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
839000
|
unkown
|
page readonly
|
||
|
2103000
|
heap
|
page read and write
|
||
|
7FF435693000
|
trusted library allocation
|
page execute read
|
||
|
486A000
|
heap
|
page read and write
|
||
|
23769000
|
heap
|
page read and write
|
||
|
1BBA8000
|
heap
|
page read and write
|
||
|
3F7C000
|
heap
|
page read and write
|
||
|
4824000
|
heap
|
page read and write
|
||
|
1B7D2000
|
unkown
|
page readonly
|
||
|
7FF435680000
|
trusted library allocation
|
page readonly
|
||
|
620000
|
unkown
|
page readonly
|
||
|
1D14F000
|
heap
|
page read and write
|
||
|
19B0000
|
heap
|
page read and write
|
||
|
7FF848586000
|
trusted library allocation
|
page execute and read and write
|
||
|
23940000
|
heap
|
page read and write
|
||
|
47EF000
|
stack
|
page read and write
|
||
|
7FF848732000
|
trusted library allocation
|
page read and write
|
||
|
2072000
|
heap
|
page read and write
|
||
|
1CFDF000
|
stack
|
page read and write
|
||
|
1D1F8000
|
heap
|
page read and write
|
||
|
1B4C2000
|
unkown
|
page readonly
|
||
|
1F6F000
|
stack
|
page read and write
|
||
|
920000
|
heap
|
page read and write
|
||
|
1CFF2000
|
unkown
|
page readonly
|
||
|
209E000
|
heap
|
page read and write
|
||
|
20F5000
|
heap
|
page read and write
|
||
|
620000
|
unkown
|
page readonly
|
||
|
7FF8484A0000
|
trusted library allocation
|
page read and write
|
||
|
1B14E000
|
stack
|
page read and write
|
||
|
839000
|
unkown
|
page readonly
|
||
|
214F1000
|
heap
|
page read and write
|
||
|
1D24A000
|
heap
|
page read and write
|
||
|
3BAA000
|
heap
|
page read and write
|
||
|
206C000
|
heap
|
page read and write
|
||
|
26C0000
|
heap
|
page read and write
|
||
|
28EA000
|
trusted library allocation
|
page read and write
|
||
|
1D26E000
|
heap
|
page read and write
|
||
|
2082000
|
heap
|
page read and write
|
||
|
1B450000
|
heap
|
page read and write
|
||
|
515000
|
unkown
|
page readonly
|
||
|
206E000
|
heap
|
page read and write
|
||
|
7FF435698000
|
trusted library allocation
|
page readonly
|
||
|
16C6000
|
unkown
|
page readonly
|
||
|
2103000
|
heap
|
page read and write
|
||
|
1BB99000
|
heap
|
page read and write
|
||
|
210C000
|
heap
|
page read and write
|
||
|
1D1DD000
|
heap
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
1D19E000
|
heap
|
page read and write
|
||
|
80C000
|
unkown
|
page readonly
|
||
|
621000
|
unkown
|
page execute read
|
||
|
237EB000
|
heap
|
page read and write
|
||
|
3E1E000
|
stack
|
page read and write
|
||
|
1D2A4000
|
heap
|
page read and write
|
||
|
DB0000
|
trusted library allocation
|
page read and write
|
||
|
7EF000
|
unkown
|
page readonly
|
||
|
238B0000
|
heap
|
page read and write
|
||
|
80C000
|
unkown
|
page readonly
|
||
|
2079000
|
heap
|
page read and write
|
||
|
81E000
|
unkown
|
page readonly
|
||
|
3F84000
|
heap
|
page read and write
|
||
|
4C6000
|
unkown
|
page readonly
|
||
|
7FF8484B3000
|
trusted library allocation
|
page read and write
|
||
|
3F84000
|
heap
|
page read and write
|
||
|
9EB000
|
heap
|
page read and write
|
||
|
1BD65000
|
heap
|
page read and write
|
||
|
7FF8484C0000
|
trusted library allocation
|
page read and write
|
||
|
9AA000
|
heap
|
page read and write
|
||
|
1BBCB000
|
heap
|
page read and write
|
||
|
6E70000
|
trusted library allocation
|
page read and write
|
||
|
12891000
|
trusted library allocation
|
page read and write
|
||
|
1B394000
|
heap
|
page read and write
|
||
|
3BB1000
|
heap
|
page read and write
|
||
|
2087000
|
heap
|
page read and write
|
||
|
210C000
|
heap
|
page read and write
|
||
|
1BED2000
|
unkown
|
page readonly
|
||
|
20A3000
|
heap
|
page read and write
|
||
|
525000
|
unkown
|
page readonly
|
||
|
3BD1000
|
heap
|
page read and write
|
||
|
3F73000
|
heap
|
page read and write
|
||
|
413A000
|
heap
|
page read and write
|
||
|
F33000
|
unkown
|
page readonly
|
||
|
3BD9000
|
heap
|
page read and write
|
||
|
2066000
|
heap
|
page read and write
|
||
|
20A8000
|
heap
|
page read and write
|
||
|
5B1000
|
unkown
|
page readonly
|
||
|
1D360000
|
trusted library allocation
|
page read and write
|
||
|
1B3B4000
|
heap
|
page read and write
|
||
|
2D69000
|
trusted library allocation
|
page read and write
|
||
|
1D2D3000
|
heap
|
page read and write
|
||
|
7FF43569B000
|
trusted library allocation
|
page execute read
|
||
|
1B350000
|
heap
|
page read and write
|
||
|
206B000
|
heap
|
page read and write
|
||
|
7FF848760000
|
trusted library allocation
|
page read and write
|
||
|
206F000
|
heap
|
page read and write
|
||
|
5BC000
|
unkown
|
page readonly
|
||
|
237EE000
|
heap
|
page read and write
|
||
|
1D134000
|
stack
|
page read and write
|
||
|
7FF4356A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3C0F000
|
heap
|
page read and write
|
||
|
1CF80000
|
trusted library allocation
|
page read and write
|
||
|
446E000
|
stack
|
page read and write
|
||
|
1BD90000
|
heap
|
page read and write
|
||
|
2103000
|
heap
|
page read and write
|
||
|
1BB80000
|
heap
|
page read and write
|
||
|
209D000
|
heap
|
page read and write
|
||
|
3F85000
|
heap
|
page read and write
|
||
|
D5E000
|
stack
|
page read and write
|
||
|
4B1F000
|
stack
|
page read and write
|
||
|
7FF848685000
|
trusted library allocation
|
page read and write
|
||
|
7FF848690000
|
trusted library allocation
|
page read and write
|
||
|
3BD9000
|
heap
|
page read and write
|
||
|
1B950000
|
trusted library allocation
|
page read and write
|
||
|
2097000
|
heap
|
page read and write
|
||
|
237DA000
|
heap
|
page read and write
|
||
|
23821000
|
heap
|
page read and write
|
||
|
1D2CD000
|
heap
|
page read and write
|
||
|
7FF848700000
|
trusted library allocation
|
page execute and read and write
|
||
|
7EE000
|
unkown
|
page read and write
|
||
|
1693000
|
unkown
|
page readonly
|
||
|
2095000
|
heap
|
page read and write
|
||
|
2071000
|
heap
|
page read and write
|
||
|
2102000
|
heap
|
page read and write
|
||
|
2072000
|
heap
|
page read and write
|
||
|
1B41C000
|
heap
|
page read and write
|
||
|
1CF90000
|
trusted library allocation
|
page read and write
|
||
|
3BB0000
|
heap
|
page read and write
|
||
|
2077000
|
heap
|
page read and write
|
||
|
1B3BA000
|
heap
|
page read and write
|
||
|
23999000
|
heap
|
page read and write
|
||
|
1D1C1000
|
heap
|
page read and write
|
||
|
1D30D000
|
heap
|
page read and write
|
||
|
3F8E000
|
heap
|
page read and write
|
||
|
237E2000
|
heap
|
page read and write
|
||
|
7FF8486F0000
|
trusted library allocation
|
page read and write
|
||
|
2066000
|
heap
|
page read and write
|
||
|
1B4C0000
|
unkown
|
page readonly
|
||
|
2B6C000
|
trusted library allocation
|
page read and write
|
||
|
7FF8484BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CFA000
|
stack
|
page read and write
|
||
|
3F73000
|
heap
|
page read and write
|
||
|
19FE000
|
stack
|
page read and write
|
||
|
2109000
|
heap
|
page read and write
|
||
|
3BB8000
|
heap
|
page read and write
|
||
|
1B3B0000
|
heap
|
page read and write
|
||
|
7FF84855C000
|
trusted library allocation
|
page execute and read and write
|
||
|
20A3000
|
heap
|
page read and write
|
||
|
1B34E000
|
stack
|
page read and write
|
||
|
3BE4000
|
heap
|
page read and write
|
||
|
3F84000
|
heap
|
page read and write
|
||
|
3F8E000
|
heap
|
page read and write
|
||
|
2B82000
|
trusted library allocation
|
page read and write
|
||
|
7FF435685000
|
trusted library allocation
|
page execute read
|
||
|
2082000
|
heap
|
page read and write
|
||
|
27F2000
|
unkown
|
page readonly
|
||
|
1B6C0000
|
unkown
|
page readonly
|
||
|
2063000
|
heap
|
page read and write
|
||
|
2082000
|
heap
|
page read and write
|
||
|
1D21C000
|
heap
|
page read and write
|
||
|
3BCF000
|
heap
|
page read and write
|
||
|
1BB9D000
|
heap
|
page read and write
|
||
|
23B38000
|
heap
|
page read and write
|
||
|
1BD06000
|
heap
|
page read and write
|
||
|
3BB1000
|
heap
|
page read and write
|
||
|
1D240000
|
heap
|
page read and write
|
||
|
23806000
|
heap
|
page read and write
|
||
|
236D5000
|
heap
|
page read and write
|
||
|
27F8000
|
unkown
|
page readonly
|
||
|
2075000
|
heap
|
page read and write
|
||
|
1BB6D000
|
stack
|
page read and write
|
||
|
1CF20000
|
unkown
|
page readonly
|
||
|
FCA000
|
unkown
|
page readonly
|
||
|
1D2CB000
|
heap
|
page read and write
|
||
|
2097000
|
heap
|
page read and write
|
||
|
7FF435699000
|
trusted library allocation
|
page execute read
|
||
|
3BA5000
|
heap
|
page read and write
|
||
|
3BCF000
|
heap
|
page read and write
|
||
|
207E000
|
heap
|
page read and write
|
||
|
3F73000
|
heap
|
page read and write
|
||
|
1E60000
|
heap
|
page read and write
|
||
|
20C9000
|
heap
|
page read and write
|
||
|
3BCF000
|
heap
|
page read and write
|
||
|
2D50000
|
trusted library allocation
|
page read and write
|
||
|
3F7C000
|
heap
|
page read and write
|
||
|
1D254000
|
heap
|
page read and write
|
||
|
2075000
|
heap
|
page read and write
|
||
|
239A3000
|
heap
|
page read and write
|
||
|
239B6000
|
heap
|
page read and write
|
||
|
2075000
|
heap
|
page read and write
|
||
|
2984000
|
trusted library allocation
|
page read and write
|
||
|
3D2000
|
unkown
|
page readonly
|
||
|
1B990000
|
trusted library allocation
|
page read and write
|
||
|
A30000
|
heap
|
page read and write
|
||
|
3AA0000
|
heap
|
page read and write
|
||
|
2071000
|
heap
|
page read and write
|
||
|
839000
|
unkown
|
page readonly
|
||
|
23926000
|
heap
|
page read and write
|
||
|
220E000
|
stack
|
page read and write
|
||
|
23801000
|
heap
|
page read and write
|
||
|
2099000
|
heap
|
page read and write
|
||
|
F33000
|
unkown
|
page readonly
|
||
|
2822000
|
unkown
|
page readonly
|
||
|
3F84000
|
heap
|
page read and write
|
||
|
3D11000
|
heap
|
page read and write
|
||
|
7FF8484A4000
|
trusted library allocation
|
page read and write
|
||
|
2072000
|
heap
|
page read and write
|
||
|
135C5000
|
trusted library allocation
|
page read and write
|
||
|
3BD9000
|
heap
|
page read and write
|
||
|
1ED0D000
|
stack
|
page read and write
|
||
|
1B421000
|
heap
|
page read and write
|
||
|
1B3ED000
|
heap
|
page read and write
|
||
|
2097000
|
heap
|
page read and write
|
||
|
1D326000
|
heap
|
page read and write
|
||
|
209B000
|
heap
|
page read and write
|
||
|
238AB000
|
heap
|
page read and write
|
||
|
2103000
|
heap
|
page read and write
|
||
|
7E8000
|
unkown
|
page read and write
|
||
|
23809000
|
heap
|
page read and write
|
||
|
B30000
|
heap
|
page read and write
|
||
|
7FF848560000
|
trusted library allocation
|
page execute and read and write
|
||
|
565000
|
unkown
|
page readonly
|
||
|
587000
|
unkown
|
page readonly
|
||
|
2109000
|
heap
|
page read and write
|
||
|
7FF435689000
|
trusted library allocation
|
page execute read
|
||
|
7FF8484FC000
|
trusted library allocation
|
page execute and read and write
|
||
|
3B60000
|
heap
|
page read and write
|
||
|
2102000
|
heap
|
page read and write
|
||
|
206A000
|
heap
|
page read and write
|
||
|
1B480000
|
trusted library allocation
|
page read and write
|
||
|
7E3000
|
unkown
|
page write copy
|
||
|
20FE000
|
heap
|
page read and write
|
||
|
1BB70000
|
heap
|
page read and write
|
||
|
7FF848780000
|
trusted library allocation
|
page read and write
|
||
|
2077000
|
heap
|
page read and write
|
||
|
210B000
|
heap
|
page read and write
|
||
|
13576000
|
trusted library allocation
|
page read and write
|
||
|
3F7C000
|
heap
|
page read and write
|
||
|
2080000
|
heap
|
page read and write
|
||
|
2071000
|
heap
|
page read and write
|
||
|
237A5000
|
heap
|
page read and write
|
||
|
210A000
|
heap
|
page read and write
|
||
|
2EC1000
|
trusted library allocation
|
page read and write
|
||
|
2010000
|
heap
|
page read and write
|
||
|
3B5E000
|
stack
|
page read and write
|
||
|
3BD9000
|
heap
|
page read and write
|
||
|
82E000
|
unkown
|
page readonly
|
||
|
2CD7000
|
trusted library allocation
|
page read and write
|
||
|
794000
|
unkown
|
page readonly
|
||
|
1B613000
|
heap
|
page execute and read and write
|
||
|
237E7000
|
heap
|
page read and write
|
||
|
2C93000
|
trusted library allocation
|
page read and write
|
||
|
46C000
|
unkown
|
page readonly
|
||
|
3BDC000
|
heap
|
page read and write
|
||
|
20DD000
|
heap
|
page read and write
|
||
|
81E000
|
unkown
|
page readonly
|
||
|
F3E000
|
unkown
|
page readonly
|
||
|
3F84000
|
heap
|
page read and write
|
||
|
1D1A2000
|
heap
|
page read and write
|
||
|
1BBD1000
|
heap
|
page read and write
|
||
|
1D1F6000
|
heap
|
page read and write
|
||
|
FCA000
|
unkown
|
page readonly
|
||
|
7FF848556000
|
trusted library allocation
|
page read and write
|
||
|
1BBC0000
|
heap
|
page read and write
|
||
|
4A2F000
|
heap
|
page read and write
|
||
|
3C2C000
|
heap
|
page read and write
|
||
|
1D020000
|
unkown
|
page readonly
|
||
|
2077000
|
heap
|
page read and write
|
||
|
2814000
|
unkown
|
page readonly
|
||
|
2103000
|
heap
|
page read and write
|
||
|
7FF8484CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2AC9000
|
trusted library allocation
|
page read and write
|
||
|
2097000
|
heap
|
page read and write
|
||
|
46EB000
|
stack
|
page read and write
|
||
|
2DE7000
|
trusted library allocation
|
page read and write
|
||
|
2941000
|
trusted library allocation
|
page read and write
|
||
|
2099000
|
heap
|
page read and write
|
||
|
2107000
|
heap
|
page read and write
|
||
|
207C000
|
heap
|
page read and write
|
||
|
2109000
|
heap
|
page read and write
|
||
|
2067000
|
heap
|
page read and write
|
||
|
2081000
|
heap
|
page read and write
|
||
|
2067000
|
heap
|
page read and write
|
||
|
238EF000
|
heap
|
page read and write
|
||
|
1BC4B000
|
heap
|
page read and write
|
||
|
3DE3000
|
heap
|
page read and write
|
||
|
1D266000
|
heap
|
page read and write
|
||
|
2105000
|
heap
|
page read and write
|
||
|
40BE000
|
heap
|
page read and write
|
||
|
1D27B000
|
heap
|
page read and write
|
||
|
2107000
|
heap
|
page read and write
|
||
|
2063000
|
heap
|
page read and write
|
||
|
3D0000
|
unkown
|
page readonly
|
||
|
1B530000
|
unkown
|
page readonly
|
||
|
DE3000
|
heap
|
page read and write
|
||
|
20AF000
|
heap
|
page read and write
|
||
|
3BBD000
|
heap
|
page read and write
|
||
|
3C2C000
|
heap
|
page read and write
|
||
|
1BBDD000
|
heap
|
page read and write
|
||
|
238BA000
|
heap
|
page read and write
|
||
|
236A4000
|
heap
|
page read and write
|
||
|
207A000
|
heap
|
page read and write
|
||
|
7FF848650000
|
trusted library allocation
|
page read and write
|
||
|
1D390000
|
trusted library allocation
|
page read and write
|
||
|
2D9C000
|
trusted library allocation
|
page read and write
|
||
|
44A000
|
unkown
|
page readonly
|
||
|
1B4A0000
|
heap
|
page read and write
|
||
|
1BD9F000
|
heap
|
page read and write
|
||
|
1D1D4000
|
heap
|
page read and write
|
||
|
207F000
|
heap
|
page read and write
|
||
|
4D1000
|
unkown
|
page readonly
|
||
|
2099000
|
heap
|
page read and write
|
||
|
1937000
|
stack
|
page read and write
|
||
|
1374D000
|
trusted library allocation
|
page read and write
|
||
|
1B6B0000
|
heap
|
page read and write
|
||
|
1F9FD000
|
stack
|
page read and write
|
||
|
1BD16000
|
heap
|
page read and write
|
||
|
7FF848672000
|
trusted library allocation
|
page read and write
|
||
|
2097000
|
heap
|
page read and write
|
||
|
1BD4C000
|
heap
|
page read and write
|
||
|
1B56B000
|
unkown
|
page readonly
|
||
|
210B000
|
heap
|
page read and write
|
||
|
209E000
|
heap
|
page read and write
|
||
|
23947000
|
heap
|
page read and write
|
||
|
207F000
|
heap
|
page read and write
|
||
|
2071000
|
heap
|
page read and write
|
||
|
7FF8486A0000
|
trusted library allocation
|
page read and write
|
||
|
3D04000
|
heap
|
page read and write
|
||
|
2386E000
|
heap
|
page read and write
|
||
|
7FF435691000
|
trusted library allocation
|
page execute read
|
||
|
2072000
|
heap
|
page read and write
|
||
|
2D82000
|
trusted library allocation
|
page read and write
|
||
|
530000
|
unkown
|
page readonly
|
||
|
23770000
|
heap
|
page read and write
|
||
|
F3E000
|
unkown
|
page readonly
|
||
|
20C0000
|
heap
|
page read and write
|
||
|
3D03000
|
heap
|
page read and write
|
||
|
2103000
|
heap
|
page read and write
|
||
|
3F8D000
|
heap
|
page read and write
|
||
|
135A3000
|
trusted library allocation
|
page read and write
|
||
|
2095000
|
heap
|
page read and write
|
||
|
2E7E000
|
trusted library allocation
|
page read and write
|
||
|
3F7E000
|
heap
|
page read and write
|
||
|
1D02E000
|
unkown
|
page readonly
|
||
|
2086000
|
heap
|
page read and write
|
||
|
1BA60000
|
heap
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
1CF3E000
|
unkown
|
page readonly
|
||
|
2097000
|
heap
|
page read and write
|
||
|
2078000
|
heap
|
page read and write
|
||
|
20BF000
|
heap
|
page read and write
|
||
|
7FF8484A2000
|
trusted library allocation
|
page read and write
|
||
|
1D442000
|
trusted library allocation
|
page read and write
|
||
|
7FF435694000
|
trusted library allocation
|
page readonly
|
||
|
206C000
|
heap
|
page read and write
|
||
|
210C000
|
heap
|
page read and write
|
||
|
3F70000
|
heap
|
page read and write
|
||
|
1BBE1000
|
heap
|
page read and write
|
||
|
1D245000
|
heap
|
page read and write
|
||
|
1A8C0000
|
trusted library allocation
|
page read and write
|
||
|
1BD1D000
|
heap
|
page read and write
|
||
|
1D2AD000
|
heap
|
page read and write
|
||
|
3BDC000
|
heap
|
page read and write
|
||
|
1B44C000
|
heap
|
page read and write
|
||
|
23995000
|
heap
|
page read and write
|
||
|
2B56000
|
trusted library allocation
|
page read and write
|
||
|
2099000
|
heap
|
page read and write
|
||
|
2D37000
|
trusted library allocation
|
page read and write
|
||
|
966000
|
heap
|
page read and write
|
||
|
2103000
|
heap
|
page read and write
|
||
|
3F7C000
|
heap
|
page read and write
|
||
|
16C6000
|
unkown
|
page readonly
|
||
|
23923000
|
heap
|
page read and write
|
||
|
1D271000
|
heap
|
page read and write
|
||
|
2082000
|
heap
|
page read and write
|
||
|
1B59A000
|
unkown
|
page readonly
|
||
|
1BF00000
|
heap
|
page execute and read and write
|
||
|
7FF848750000
|
trusted library allocation
|
page read and write
|
||
|
1D201000
|
heap
|
page read and write
|
||
|
F71000
|
unkown
|
page readonly
|
||
|
2880000
|
heap
|
page execute and read and write
|
||
|
2105000
|
heap
|
page read and write
|
||
|
1AD08000
|
stack
|
page read and write
|
||
|
7FF435681000
|
trusted library allocation
|
page execute read
|
||
|
7FF848719000
|
trusted library allocation
|
page read and write
|
||
|
3F84000
|
heap
|
page read and write
|
||
|
7E5000
|
unkown
|
page write copy
|
||
|
3D10000
|
heap
|
page read and write
|
||
|
20D2000
|
heap
|
page read and write
|
||
|
27F0000
|
unkown
|
page readonly
|
||
|
DD0000
|
trusted library allocation
|
page read and write
|
||
|
20D7000
|
heap
|
page read and write
|
||
|
207C000
|
heap
|
page read and write
|
||
|
3C2C000
|
heap
|
page read and write
|
||
|
3D0000
|
unkown
|
page readonly
|
||
|
7FF848770000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D41E000
|
stack
|
page read and write
|
||
|
1688000
|
unkown
|
page readonly
|
||
|
31C9000
|
trusted library allocation
|
page read and write
|
||
|
43F000
|
unkown
|
page readonly
|
||
|
1B6C2000
|
unkown
|
page readonly
|
||
|
1D288000
|
heap
|
page read and write
|
||
|
1B399000
|
heap
|
page read and write
|
||
|
477000
|
unkown
|
page readonly
|
||
|
3BD9000
|
heap
|
page read and write
|
||
|
1D340000
|
trusted library allocation
|
page read and write
|
||
|
209C000
|
heap
|
page read and write
|
||
|
207F000
|
heap
|
page read and write
|
||
|
3C2C000
|
heap
|
page read and write
|
||
|
2891000
|
trusted library allocation
|
page read and write
|
||
|
1BDAD000
|
heap
|
page read and write
|
||
|
C3E000
|
stack
|
page read and write
|
||
|
7FF848726000
|
trusted library allocation
|
page read and write
|
||
|
209B000
|
heap
|
page read and write
|
||
|
2095000
|
heap
|
page read and write
|
||
|
2103000
|
heap
|
page read and write
|
||
|
7FF84869B000
|
trusted library allocation
|
page read and write
|
||
|
2CB1000
|
trusted library allocation
|
page read and write
|
||
|
2103000
|
heap
|
page read and write
|
||
|
2072000
|
heap
|
page read and write
|
||
|
2ADD000
|
trusted library allocation
|
page read and write
|
||
|
562000
|
unkown
|
page readonly
|
||
|
7FF435692000
|
trusted library allocation
|
page readonly
|
||
|
7FF8484AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2398D000
|
heap
|
page read and write
|
||
|
209E000
|
heap
|
page read and write
|
||
|
3F73000
|
heap
|
page read and write
|
||
|
2DB5000
|
trusted library allocation
|
page read and write
|
||
|
209E000
|
heap
|
page read and write
|
||
|
3C2C000
|
heap
|
page read and write
|
||
|
3BA0000
|
heap
|
page read and write
|
||
|
19A0000
|
heap
|
page read and write
|
||
|
1B438000
|
heap
|
page read and write
|
||
|
238B3000
|
heap
|
page read and write
|
||
|
926000
|
heap
|
page read and write
|
||
|
20D2000
|
heap
|
page read and write
|
||
|
3BE4000
|
heap
|
page read and write
|
||
|
9CF000
|
heap
|
page read and write
|
||
|
201E000
|
heap
|
page read and write
|
||
|
1D380000
|
trusted library allocation
|
page read and write
|
||
|
1EE0B000
|
stack
|
page read and write
|
||
|
2075000
|
heap
|
page read and write
|
||
|
46AE000
|
stack
|
page read and write
|
||
|
206E000
|
heap
|
page read and write
|
||
|
3F7E000
|
heap
|
page read and write
|
||
|
3BE5000
|
heap
|
page read and write
|
||
|
210D000
|
heap
|
page read and write
|
||
|
7FF435684000
|
trusted library allocation
|
page readonly
|
||
|
3BB7000
|
heap
|
page read and write
|
||
|
3BB1000
|
heap
|
page read and write
|
||
|
1BBD3000
|
heap
|
page read and write
|
||
|
1D2BD000
|
heap
|
page read and write
|
||
|
96E000
|
heap
|
page read and write
|
||
|
1693000
|
unkown
|
page readonly
|
||
|
320E000
|
trusted library allocation
|
page read and write
|
||
|
2099000
|
heap
|
page read and write
|
||
|
20FC000
|
heap
|
page read and write
|
||
|
3D05000
|
heap
|
page read and write
|
||
|
7EA000
|
unkown
|
page read and write
|
||
|
2109000
|
heap
|
page read and write
|
||
|
3D0F000
|
heap
|
page read and write
|
||
|
237F3000
|
heap
|
page read and write
|
||
|
2082000
|
heap
|
page read and write
|
||
|
20D1000
|
heap
|
page read and write
|
||
|
207C000
|
heap
|
page read and write
|
||
|
7FF848680000
|
trusted library allocation
|
page read and write
|
||
|
245D0000
|
trusted library allocation
|
page read and write
|
||
|
3DAE000
|
stack
|
page read and write
|
||
|
962000
|
heap
|
page read and write
|
||
|
23761000
|
heap
|
page read and write
|
||
|
23985000
|
heap
|
page read and write
|
||
|
2095000
|
heap
|
page read and write
|
||
|
7FF848675000
|
trusted library allocation
|
page read and write
|
||
|
2097000
|
heap
|
page read and write
|
||
|
207C000
|
heap
|
page read and write
|
||
|
1B427000
|
heap
|
page read and write
|
||
|
135D0000
|
trusted library allocation
|
page read and write
|
||
|
20D5000
|
heap
|
page read and write
|
||
|
F71000
|
unkown
|
page readonly
|
||
|
2095000
|
heap
|
page read and write
|
||
|
26D7000
|
heap
|
page read and write
|
||
|
3BED000
|
heap
|
page read and write
|
||
|
E08000
|
heap
|
page read and write
|
||
|
3F86000
|
heap
|
page read and write
|
||
|
3C2D000
|
heap
|
page read and write
|
||
|
20D0000
|
heap
|
page read and write
|
||
|
1B940000
|
trusted library allocation
|
page read and write
|
||
|
20D8000
|
heap
|
page read and write
|
||
|
1BBB7000
|
heap
|
page read and write
|
||
|
2108000
|
heap
|
page read and write
|
||
|
20FD000
|
heap
|
page read and write
|
||
|
2082000
|
heap
|
page read and write
|
||
|
7FF848749000
|
trusted library allocation
|
page read and write
|
||
|
42CE000
|
stack
|
page read and write
|
||
|
2078000
|
heap
|
page read and write
|
||
|
2EE7000
|
trusted library allocation
|
page read and write
|
||
|
2059000
|
heap
|
page read and write
|
||
|
210A000
|
heap
|
page read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
1BD51000
|
heap
|
page read and write
|
||
|
2EAF000
|
trusted library allocation
|
page read and write
|
||
|
1D2FB000
|
heap
|
page read and write
|
||
|
23A70000
|
heap
|
page read and write
|
||
|
3F73000
|
heap
|
page read and write
|
||
|
7FF848720000
|
trusted library allocation
|
page read and write
|
||
|
7FF84864D000
|
trusted library allocation
|
page read and write
|
||
|
621000
|
unkown
|
page execute read
|
||
|
2075000
|
heap
|
page read and write
|
||
|
3BDC000
|
heap
|
page read and write
|
||
|
1BD23000
|
heap
|
page read and write
|
||
|
94D000
|
heap
|
page read and write
|
||
|
1D370000
|
trusted library allocation
|
page read and write
|
||
|
82E000
|
unkown
|
page readonly
|
||
|
2390E000
|
heap
|
page read and write
|
||
|
3BCF000
|
heap
|
page read and write
|
||
|
7FF435686000
|
trusted library allocation
|
page readonly
|
||
|
2CA9000
|
trusted library allocation
|
page read and write
|
||
|
1BA66000
|
heap
|
page read and write
|
||
|
7FF8486D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
456F000
|
stack
|
page read and write
|
||
|
206C000
|
heap
|
page read and write
|
||
|
DB3000
|
trusted library allocation
|
page read and write
|
||
|
2086000
|
heap
|
page read and write
|
||
|
80C000
|
unkown
|
page readonly
|
||
|
7FF848740000
|
trusted library allocation
|
page read and write
|
||
|
237FD000
|
heap
|
page read and write
|
||
|
1B9B0000
|
trusted library allocation
|
page read and write
|
||
|
7FF8484CB000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF8484A3000
|
trusted library allocation
|
page execute and read and write
|
||
|
F33000
|
unkown
|
page readonly
|
||
|
7E3000
|
unkown
|
page read and write
|
||
|
2105000
|
heap
|
page read and write
|
||
|
3C03000
|
heap
|
page read and write
|
||
|
7FF435687000
|
trusted library allocation
|
page execute read
|
||
|
7FF848670000
|
trusted library allocation
|
page read and write
|
||
|
1BD44000
|
heap
|
page read and write
|
||
|
2E4C000
|
trusted library allocation
|
page read and write
|
||
|
1B38D000
|
heap
|
page read and write
|
||
|
20BA000
|
heap
|
page read and write
|
||
|
7FF8486C0000
|
trusted library allocation
|
page read and write
|
||
|
206F000
|
heap
|
page read and write
|
||
|
1D303000
|
heap
|
page read and write
|
||
|
2075000
|
heap
|
page read and write
|
||
|
20BB000
|
heap
|
page read and write
|
||
|
1688000
|
unkown
|
page readonly
|
||
|
3BD2000
|
heap
|
page read and write
|
||
|
3F73000
|
heap
|
page read and write
|
||
|
1D022000
|
unkown
|
page readonly
|
||
|
3BB1000
|
heap
|
page read and write
|
||
|
135B5000
|
trusted library allocation
|
page read and write
|
||
|
2095000
|
heap
|
page read and write
|
||
|
794000
|
unkown
|
page readonly
|
||
|
2097000
|
heap
|
page read and write
|
||
|
1B532000
|
unkown
|
page readonly
|
||
|
23921000
|
heap
|
page read and write
|
||
|
20A3000
|
heap
|
page read and write
|
||
|
1B9A0000
|
trusted library allocation
|
page read and write
|
||
|
FCA000
|
unkown
|
page readonly
|
||
|
3D06000
|
heap
|
page read and write
|
||
|
23810000
|
heap
|
page read and write
|
||
|
1B490000
|
trusted library section
|
page readonly
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
F3E000
|
unkown
|
page readonly
|
||
|
2EC9000
|
trusted library allocation
|
page read and write
|
||
|
1B9C0000
|
trusted library allocation
|
page read and write
|
||
|
128BA000
|
trusted library allocation
|
page read and write
|
||
|
2099000
|
heap
|
page read and write
|
||
|
2087000
|
heap
|
page read and write
|
||
|
2097000
|
heap
|
page read and write
|
||
|
3F73000
|
heap
|
page read and write
|
||
|
7FF43569A000
|
trusted library allocation
|
page readonly
|
||
|
1BC4F000
|
heap
|
page read and write
|
||
|
7EF000
|
unkown
|
page readonly
|
||
|
3BBD000
|
heap
|
page read and write
|
||
|
7FF8485C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3F60000
|
heap
|
page read and write
|
||
|
2820000
|
unkown
|
page readonly
|
||
|
207F000
|
heap
|
page read and write
|
||
|
7FF8484C4000
|
trusted library allocation
|
page read and write
|
||
|
1F8FE000
|
stack
|
page read and write
|
||
|
1D2C4000
|
heap
|
page read and write
|
||
|
3E5C000
|
stack
|
page read and write
|
||
|
7FF848640000
|
trusted library allocation
|
page read and write
|
||
|
B35000
|
heap
|
page read and write
|
||
|
3BD9000
|
heap
|
page read and write
|
||
|
20A9000
|
heap
|
page read and write
|
||
|
3BD8000
|
heap
|
page read and write
|
||
|
1D32A000
|
heap
|
page read and write
|
||
|
3CB4000
|
heap
|
page read and write
|
||
|
3CFA000
|
heap
|
page read and write
|
||
|
7FF8486B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3F8D000
|
heap
|
page read and write
|
||
|
3BE4000
|
heap
|
page read and write
|
||
|
1E0D000
|
stack
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
207C000
|
heap
|
page read and write
|
||
|
7FF848550000
|
trusted library allocation
|
page read and write
|
||
|
1D2DB000
|
heap
|
page read and write
|
||
|
3CBD000
|
heap
|
page read and write
|
||
|
F71000
|
unkown
|
page readonly
|
||
|
3CBF000
|
heap
|
page read and write
|
||
|
4920000
|
trusted library allocation
|
page read and write
|
||
|
13598000
|
trusted library allocation
|
page read and write
|
||
|
1D140000
|
heap
|
page read and write
|
||
|
296E000
|
trusted library allocation
|
page read and write
|
||
|
2109000
|
heap
|
page read and write
|
||
|
2003B000
|
stack
|
page read and write
|
||
|
7FF435695000
|
trusted library allocation
|
page execute read
|
||
|
3BB1000
|
heap
|
page read and write
|
||
|
20A1000
|
heap
|
page read and write
|
||
|
3BD9000
|
heap
|
page read and write
|
||
|
1BCE0000
|
heap
|
page read and write
|
||
|
20AE000
|
heap
|
page read and write
|
||
|
3BD4000
|
heap
|
page read and write
|
||
|
3F8D000
|
heap
|
page read and write
|
||
|
4104000
|
heap
|
page read and write
|
||
|
2109000
|
heap
|
page read and write
|
||
|
1BDA8000
|
heap
|
page read and write
|
||
|
1D1D1000
|
heap
|
page read and write
|
||
|
1BD70000
|
heap
|
page read and write
|
||
|
81E000
|
unkown
|
page readonly
|
||
|
45AE000
|
stack
|
page read and write
|
||
|
2071000
|
heap
|
page read and write
|
||
|
23988000
|
heap
|
page read and write
|
||
|
7FF848735000
|
trusted library allocation
|
page read and write
|
||
|
2097000
|
heap
|
page read and write
|
||
|
2051000
|
heap
|
page read and write
|
||
|
20DF000
|
heap
|
page read and write
|
||
|
7FF435682000
|
trusted library allocation
|
page readonly
|
||
|
1D1AC000
|
heap
|
page read and write
|
||
|
E05000
|
heap
|
page read and write
|
||
|
20D3000
|
heap
|
page read and write
|
||
|
4876000
|
heap
|
page read and write
|
||
|
3BB1000
|
heap
|
page read and write
|
||
|
2DCE000
|
trusted library allocation
|
page read and write
|
||
|
209E000
|
heap
|
page read and write
|
||
|
1D321000
|
heap
|
page read and write
|
||
|
137B3000
|
trusted library allocation
|
page read and write
|
||
|
3C2C000
|
heap
|
page read and write
|
||
|
2071000
|
heap
|
page read and write
|
||
|
1B526000
|
unkown
|
page readonly
|
||
|
3F7E000
|
heap
|
page read and write
|
||
|
1D26B000
|
heap
|
page read and write
|
||
|
1D275000
|
heap
|
page read and write
|
||
|
26AF000
|
stack
|
page read and write
|
||
|
209E000
|
heap
|
page read and write
|
||
|
3BCD000
|
heap
|
page read and write
|
||
|
B10000
|
heap
|
page read and write
|
||
|
205C000
|
heap
|
page read and write
|
||
|
1BCFF000
|
heap
|
page read and write
|
||
|
2075000
|
heap
|
page read and write
|
||
|
2E65000
|
trusted library allocation
|
page read and write
|
||
|
7FF848710000
|
trusted library allocation
|
page read and write
|
||
|
8EE000
|
stack
|
page read and write
|
||
|
2C8B000
|
trusted library allocation
|
page read and write
|
||
|
210C000
|
heap
|
page read and write
|
||
|
590000
|
unkown
|
page readonly
|
||
|
82E000
|
unkown
|
page readonly
|
||
|
23980000
|
heap
|
page read and write
|
||
|
2394A000
|
heap
|
page read and write
|
||
|
209D000
|
heap
|
page read and write
|
||
|
2108000
|
heap
|
page read and write
|
||
|
2079000
|
heap
|
page read and write
|
||
|
2802000
|
unkown
|
page readonly
|
||
|
1D2F4000
|
heap
|
page read and write
|
||
|
1B74D000
|
unkown
|
page readonly
|
||
|
1BD29000
|
heap
|
page read and write
|
||
|
1B402000
|
heap
|
page read and write
|
||
|
3BCE000
|
heap
|
page read and write
|
||
|
1B758000
|
unkown
|
page readonly
|
||
|
982000
|
heap
|
page read and write
|
||
|
2095000
|
heap
|
page read and write
|
||
|
2CCF000
|
trusted library allocation
|
page read and write
|
||
|
2381B000
|
heap
|
page read and write
|
||
|
1BD0B000
|
heap
|
page read and write
|
||
|
1B610000
|
heap
|
page execute and read and write
|
||
|
1BED0000
|
unkown
|
page readonly
|
||
|
7FF8486E0000
|
trusted library allocation
|
page read and write
|
||
|
1A890000
|
trusted library allocation
|
page read and write
|
||
|
3F8E000
|
heap
|
page read and write
|
||
|
2D1E000
|
trusted library allocation
|
page read and write
|
||
|
23670000
|
heap
|
page read and write
|
||
|
1B560000
|
unkown
|
page readonly
|
||
|
2067000
|
heap
|
page read and write
|
||
|
2078000
|
heap
|
page read and write
|
||
|
2EEF000
|
trusted library allocation
|
page read and write
|
||
|
2E33000
|
trusted library allocation
|
page read and write
|
||
|
2082000
|
heap
|
page read and write
|
||
|
2084000
|
heap
|
page read and write
|
||
|
4110000
|
heap
|
page read and write
|
||
|
3C2C000
|
heap
|
page read and write
|
||
|
207C000
|
heap
|
page read and write
|
||
|
3F74000
|
heap
|
page read and write
|
||
|
3BD9000
|
heap
|
page read and write
|
||
|
23766000
|
heap
|
page read and write
|
||
|
1EF0B000
|
stack
|
page read and write
|
||
|
1D30A000
|
heap
|
page read and write
|
||
|
3F85000
|
heap
|
page read and write
|
||
|
2066000
|
heap
|
page read and write
|
||
|
3AA3000
|
heap
|
page read and write
|
||
|
3CBE000
|
heap
|
page read and write
|
||
|
12903000
|
trusted library allocation
|
page read and write
|
||
|
2109000
|
heap
|
page read and write
|
||
|
1D338000
|
heap
|
page read and write
|
||
|
3F85000
|
heap
|
page read and write
|
||
|
2800000
|
unkown
|
page readonly
|
||
|
2000000
|
heap
|
page read and write
|
||
|
2107000
|
heap
|
page read and write
|
||
|
23724000
|
heap
|
page read and write
|
||
|
2393A000
|
heap
|
page read and write
|
||
|
2E00000
|
trusted library allocation
|
page read and write
|
||
|
7FF848660000
|
trusted library allocation
|
page read and write
|
||
|
210A000
|
heap
|
page read and write
|
||
|
1B431000
|
heap
|
page read and write
|
||
|
1CFF0000
|
unkown
|
page readonly
|
||
|
20C8000
|
heap
|
page read and write
|
||
|
23A74000
|
heap
|
page read and write
|
||
|
1B3AA000
|
heap
|
page read and write
|
||
|
7FF435688000
|
trusted library allocation
|
page readonly
|
||
|
2103000
|
heap
|
page read and write
|
||
|
1D21F000
|
heap
|
page read and write
|
||
|
7FF435683000
|
trusted library allocation
|
page execute read
|
||
|
2EDF000
|
trusted library allocation
|
page read and write
|
||
|
3BD5000
|
heap
|
page read and write
|
||
|
1CF22000
|
unkown
|
page readonly
|
||
|
207C000
|
heap
|
page read and write
|
||
|
1B24E000
|
stack
|
page read and write
|
||
|
2E85000
|
trusted library allocation
|
page read and write
|
||
|
1BD46000
|
heap
|
page read and write
|
||
|
2AA0000
|
trusted library allocation
|
page read and write
|
There are 719 hidden memdumps, click here to show them.