Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
BCompare-5.0.5.30614.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
|
C:\Program Files\Beyond Compare 5\BCompare.exe (copy)
|
PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
 |
|
|
C:\Users\user\AppData\Local\Temp\is-FTTBU.tmp\Is64Bit.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Beyond Compare 5\7z.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Program Files\Beyond Compare 5\BCClipboard.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files\Beyond Compare 5\BCDarkTheme.vsf (copy)
|
data
|
dropped
|
||
|
C:\Program Files\Beyond Compare 5\BCShellEx.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files\Beyond Compare 5\BCShellEx.msix (copy)
|
Zip archive data, at least v4.5 to extract, compression method=store
|
dropped
|
||
|
C:\Program Files\Beyond Compare 5\BCShellEx64.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Program Files\Beyond Compare 5\BCUnRAR.dll (copy)
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Program Files\Beyond Compare 5\BComp.com (copy)
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files\Beyond Compare 5\BComp.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files\Beyond Compare 5\BCompare.chm (copy)
|
MS Windows HtmlHelp Data
|
dropped
|
||
|
C:\Program Files\Beyond Compare 5\License.html (copy)
|
HTML document, ASCII text, with very long lines (657), with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\Beyond Compare 5\Patch.exe (copy)
|
PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Program Files\Beyond Compare 5\PdfToText.exe (copy)
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Program Files\Beyond Compare 5\Readme.txt (copy)
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\Beyond Compare 5\is-0TV5D.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files\Beyond Compare 5\is-4MHOG.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Program Files\Beyond Compare 5\is-7NT86.tmp
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\Beyond Compare 5\is-7ONVI.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Program Files\Beyond Compare 5\is-8736U.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files\Beyond Compare 5\is-B0TDO.tmp
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files\Beyond Compare 5\is-B8GAS.tmp
|
PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Program Files\Beyond Compare 5\is-BS8MP.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files\Beyond Compare 5\is-C1132.tmp
|
data
|
dropped
|
||
|
C:\Program Files\Beyond Compare 5\is-C1RH0.tmp
|
Zip archive data, at least v4.5 to extract, compression method=store
|
dropped
|
||
|
C:\Program Files\Beyond Compare 5\is-EC3JI.tmp
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Program Files\Beyond Compare 5\is-FDK6U.tmp
|
MS Windows HtmlHelp Data
|
dropped
|
||
|
C:\Program Files\Beyond Compare 5\is-GGN2U.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Program Files\Beyond Compare 5\is-JQNIL.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files\Beyond Compare 5\is-K6QSQ.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Program Files\Beyond Compare 5\is-N3K06.tmp
|
PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Program Files\Beyond Compare 5\is-NUJ04.tmp
|
HTML document, ASCII text, with very long lines (657), with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\Beyond Compare 5\is-RE1S8.tmp
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\Beyond Compare 5\mime.types (copy)
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files\Beyond Compare 5\mscoree.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Program Files\Beyond Compare 5\unins000.dat
|
InnoSetup Log 64-bit Beyond Compare 5, version 0x418, 27115 bytes, 932923\37\user\376, C:\Program Files\Beyond Compare 5\376\377\
|
dropped
|
||
|
C:\Program Files\Beyond Compare 5\unins000.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files\Beyond Compare 5\unins000.msg
|
InnoSetup messages, version 6.0.0, 261 messages (UTF-16), Cancel installation
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Beyond Compare 5.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive,
ctime=Wed Jan 15 23:56:41 2025, mtime=Wed Jan 15 23:56:42 2025, atime=Thu Jan 9 22:27:42 2025, length=49653848, window=hide
|
dropped
|
||
|
C:\Users\Public\Desktop\Beyond Compare 5.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive,
ctime=Wed Jan 15 23:56:41 2025, mtime=Wed Jan 15 23:56:44 2025, atime=Thu Jan 9 22:27:42 2025, length=49653848, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\checkupdates[1].htm
|
XML 1.0 document, ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-FTTBU.tmp\BCShellEx.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-FTTBU.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Scooter Software\Beyond Compare 5\BCState.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Scooter Software\Beyond Compare 5\BCState.xml.bak (copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Scooter Software\Beyond Compare 5\BCState.xml.tmp
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
There are 39 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Beyond Compare 5\BCompare.exe
|
"C:\Program Files\Beyond Compare 5\BCompare.exe"
|
|
|
|
C:\Users\user\Desktop\BCompare-5.0.5.30614.exe
|
"C:\Users\user\Desktop\BCompare-5.0.5.30614.exe"
|
||
|
C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp
|
"C:\Users\user\AppData\Local\Temp\is-EJNAE.tmp\BCompare-5.0.5.30614.tmp" /SL5="$20486,27293175,1148416,C:\Users\user\Desktop\BCompare-5.0.5.30614.exe"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.ghisler.com/plugins.htm
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
|
unknown
|
||
|
http://www.ebics.org/H003
|
unknown
|
||
|
http://purl.oclc.org/ooxml/officeDocument/relationships/extendedProperties
|
unknown
|
||
|
http://uri.etsi.org/02231/v2#
|
unknown
|
||
|
http://uri.etsi.org/01903/v1.2.2#
|
unknown
|
||
|
http://www.totalcmd.net/directory/packer.html
|
unknown
|
||
|
https://www.scootersoftware.com/buybc5?bld=3061446
|
unknown
|
||
|
http://uri.etsi.org/TrstSvc/Svctype/TSA/QTST
|
unknown
|
||
|
http://uri.etsi.org/TrstSvc/Svctype/KEscrow
|
unknown
|
||
|
http://purl.oclc.org/ooxml/officeDocument/relationships/externalLink
|
unknown
|
||
|
https://www.scootersoftware.com/checkupdates.php?product=bc5&minor=
|
unknown
|
||
|
http://uri.etsi.org/TrstSvc/Svctype/Archiv
|
unknown
|
||
|
https://www.scootersoftware.com/j
|
unknown
|
||
|
https://www.scootersoftware.com/colors_win5
|
unknown
|
||
|
https://www.remobjects.com/ps
|
unknown
|
||
|
http://uri.etsi.org/TrstSvc/Svctype/Certstatus/CRL/QC
|
unknown
|
||
|
http://purl.oclc.org/ooxml/officeDocument/customXml
|
unknown
|
||
|
http://uri.etsi.org/TrstSvc/Svctype/PPwd/nothavingPKIid
|
unknown
|
||
|
https://www.innosetup.com/
|
unknown
|
||
|
http://purl.oclc.org/ooxml/officeDocument/relationships/customXmlProps
|
unknown
|
||
|
http://uri.etsi.org/TrstSvc/Svctype/IdV/nothavingPKIid
|
unknown
|
||
|
http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/recognisedatnationallevelUH
|
unknown
|
||
|
https://www.scootersoftware.com/forums
|
unknown
|
||
|
https://www.scootersoftware.com/buybc5?bld=30614
|
unknown
|
||
|
http://purl.oclc.org/ooxml/drawingml/
|
unknown
|
||
|
http://uri.etsi.org/TrstSvc/Svctype/TSA/TSS-AdESQCandQES
|
unknown
|
||
|
https://www.scootersoftware.com/support.php?keyword=%s&version=BC5&platform=Windows
|
unknown
|
||
|
http://uri.etsi.org/19612/TSLTag
|
unknown
|
||
|
http://purl.oclc.org/ooxml/officeDocument/customXmlDataProps
|
unknown
|
||
|
http://uri.etsi.org/01903/v1.2.2#BER
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
|
unknown
|
||
|
http://uri.etsi.org/TrstSvc/Svctype/TLIssuer
|
unknown
|
||
|
https://api.dropboxapi.com/2/
|
unknown
|
||
|
http://purl.oclc.org/ooxml/officeDocument/relationships/image
|
unknown
|
||
|
http://gnuwin32.sourceforge.net
|
unknown
|
||
|
http://purl.oclc.org/ooxml/officeDocument/relationships/pivotCacheDefinition
|
unknown
|
||
|
http://purl.oclc.org/ooxml/spreadsheetml/
|
unknown
|
||
|
http://uri.etsi.org/TrstSvc/Svctype/EDS/REM/Q
|
unknown
|
||
|
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/
|
unknown
|
||
|
http://purl.oclc.org/ooxml/officeDocument/relationships/sharedStrings
|
unknown
|
||
|
http://uri.etsi.org/02231/v2/additionaltypes#
|
unknown
|
||
|
http://uri.etsi.org/TrstSvc/TrustedList/TSLType/EUgeneric
|
unknown
|
||
|
http://purl.oclc.org/ooxml/officeDocument/relationships/officeDocument
|
unknown
|
||
|
http://uri.etsi.org/TrstSvc/Svctype/AdESValidation
|
unknown
|
||
|
http://ocsp.sectigo.com0&
|
unknown
|
||
|
http://uri.etsi.org/02231/v1.1.1#
|
unknown
|
||
|
https://www.scootersoftware.com/upgradeSH
|
unknown
|
||
|
http://purl.oclc.org/ooxml/officeDocument/relationships/customProperties
|
unknown
|
||
|
http://uri.etsi.org/TrstSvc/Svctype/NationalRootCA-QC
|
unknown
|
||
|
http://purl.oclc.org/ooxml/officeDocument/relationships/dialogsheet
|
unknown
|
||
|
https://content.dropboxapi.com/2/files/
|
unknown
|
||
|
http://uri.etsi.org/01903/v1.2.2#SignedProperties
|
unknown
|
||
|
https://www.scootersoftware.com/videos_win5
|
unknown
|
||
|
http://uri.etsi.org/TrstSvc/Svctype/QESValidation/Q
|
unknown
|
||
|
http://uri.etsi.org/TrstSvc/Svctype/CA/PKC
|
unknown
|
||
|
http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted
|
unknown
|
||
|
https://www.scootersoftware.com/checkupdates.php?product=bc5&minor=0&maint=5&auth=30.15&build=30614&edition=prodebug&cpuarch=x86_64&platform=win32&lang=silent
|
72.32.90.250
|
||
|
http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
|
unknown
|
||
|
http://purl.oclc.org/ooxml/officeDocument/
|
unknown
|
||
|
http://uri.etsi.org/TrstSvc/Svctype/CA/QC
|
unknown
|
||
|
http://purl.oclc.org/ooxml/drawingml/chartDrawing
|
unknown
|
||
|
http://uri.etsi.org/TrstSvc/Svctype/SignaturePolicyAuthority
|
unknown
|
||
|
http://purl.oclc.org/ooxml/officeDocument/relationships/tableSingleCells
|
unknown
|
||
|
http://uri.etsi.org/TrstSvc/Svctype/EDS/REM
|
unknown
|
||
|
http://uri.etsi.org/TrstSvc/Svctype/Certstatus/OCSP/QC
|
unknown
|
||
|
https://www.scootersoftware.com/
|
unknown
|
||
|
http://purl.oclc.org/ooxml/officeDocument/extendedProperties
|
unknown
|
||
|
http://purl.oclc.org/ooxml/officeDocument/relationships/oleObject
|
unknown
|
||
|
https://www.scootersoftware.com.
|
unknown
|
||
|
http://ocsp.sectigo.com0
|
unknown
|
||
|
http://uri.etsi.org/02231/v2#SH
|
unknown
|
||
|
https://www.scootersoftware.com/buynow
|
unknown
|
||
|
http://uri.etsi.org/TrstSvc/Svctype/AdESGeneration
|
unknown
|
||
|
http://purl.oclc.org/ooxml/officeDocument/relationships/hyperlink
|
unknown
|
||
|
http://uri.etsi.org/TrstSvc/Svctype/IdV
|
unknown
|
||
|
https://login.microsoftonline.com/common/oauth2/v2.0/authorize
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/envelope/
|
unknown
|
||
|
http://uri.etsi.org/TrstSvc/Svctype/TSA/TSS-QC
|
unknown
|
||
|
https://www.scootersoftware.com/checkupdates.php?product=bc5&minor=0&maint=5&auth=30.15&build=30614&
|
unknown
|
||
|
https://www.scootersoftware.com/upgrade
|
unknown
|
||
|
http://purl.oclc.org/ooxml/officeDocument/relationships/xmlMaps
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
|
unknown
|
||
|
http://purl.oclc.org/ooxml/officeDocument/customProperties
|
unknown
|
||
|
https://www.scootersoftware.com/)
|
unknown
|
||
|
http://uri.etsi.org/01903/v1.1.1#
|
unknown
|
||
|
http://purl.oclc.org/ooxml/officeDocument/relationships/chart
|
unknown
|
||
|
http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/recognisedatnationallevel
|
unknown
|
||
|
http://purl.oclc.org/ooxml/drawingml/main03H
|
unknown
|
||
|
https://api.dropboxapi.com/
|
unknown
|
||
|
https://www.scootersoftware.com/bugRepMailer.php
|
unknown
|
||
|
http://uri.etsi.org/TrstSvc/Svctype/EDS/Q
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
|
unknown
|
||
|
http://purl.oclc.org/ooxml/officeDocument/relationships/comments
|
unknown
|
||
|
http://purl.oclc.org/ooxml/officeDocument/relationships/chartsheet
|
unknown
|
||
|
http://uri.etsi.org/01903/v1.2.2#XER
|
unknown
|
||
|
http://uri.etsi.org/TrstSvc/Svctype/Archiv/nothavingPKIid
|
unknown
|
||
|
https://scootersoftware.com/kb/netsetupSetupU
|
unknown
|
||
|
http://purl.oclc.org/ooxml/officeDocument/relationships/table
|
unknown
|
There are 90 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
scootersoftware.com
|
72.32.90.250
|
||
|
www.scootersoftware.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
72.32.90.250
|
scootersoftware.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Scooter Software\Beyond Compare
|
ExePath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Scooter Software\Beyond Compare
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\BCompare.exe
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\BCompare.exe
|
UseURL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bcpkg
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BeyondCompare.SettingsPackage
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BeyondCompare.SettingsPackage
|
EditFlags
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BeyondCompare.SettingsPackage\DefaultIcon
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BeyondCompare.SettingsPackage\shell\open\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bcss
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BeyondCompare.Snapshot
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BeyondCompare.Snapshot\DefaultIcon
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BeyondCompare.Snapshot\shell\open\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\Beyond Compare 5
|
EventMessageFile
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\Beyond Compare 5
|
TypesSupported
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BeyondCompare5_is1
|
Inno Setup: Setup Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BeyondCompare5_is1
|
Inno Setup: App Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BeyondCompare5_is1
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BeyondCompare5_is1
|
Inno Setup: Icon Group
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BeyondCompare5_is1
|
Inno Setup: User
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BeyondCompare5_is1
|
Inno Setup: Selected Tasks
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BeyondCompare5_is1
|
Inno Setup: Deselected Tasks
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BeyondCompare5_is1
|
Inno Setup: Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BeyondCompare5_is1
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BeyondCompare5_is1
|
DisplayIcon
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BeyondCompare5_is1
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BeyondCompare5_is1
|
QuietUninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BeyondCompare5_is1
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BeyondCompare5_is1
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BeyondCompare5_is1
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BeyondCompare5_is1
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BeyondCompare5_is1
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BeyondCompare5_is1
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BeyondCompare5_is1
|
NoRepair
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BeyondCompare5_is1
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BeyondCompare5_is1
|
MajorVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BeyondCompare5_is1
|
MinorVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BeyondCompare5_is1
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BeyondCompare5_is1
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BeyondCompare5_is1
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{812BC6B5-83CF-4AD9-97C1-6C60C8D025C5}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{812BC6B5-83CF-4AD9-97C1-6C60C8D025C5}\InProcServer32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{812BC6B5-83CF-4AD9-97C1-6C60C8D025C5}\InProcServer32
|
ThreadingModel
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{812BC6B5-83CF-4AD9-97C1-6C60C8D025C5}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{812BC6B5-83CF-4AD9-97C1-6C60C8D025C5}\InProcServer32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Beyond Compare 5
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Beyond Compare 5
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Beyond Compare 5
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
|
{812BC6B5-83CF-4AD9-97C1-6C60C8D025C5}
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer
|
GlobalAssocChangedCounter
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer
|
GlobalAssocChangedCounter
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Scooter Software\Beyond Compare 5
|
CacheID
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Scooter Software\Beyond Compare 5
|
SupportsMerge
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Scooter Software\Beyond Compare 5\BcShellEx
|
PictureMasks
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Scooter Software\Beyond Compare 5\BcShellEx
|
RegistryViewer
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Scooter Software\Beyond Compare 5\BcShellEx
|
Viewers
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Scooter Software\Beyond Compare 5\BcShellEx
|
ArchiveMasks
|
There are 47 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2906000
|
unkown
|
page readonly
|
||
|
3DD8000
|
direct allocation
|
page read and write
|
||
|
D48000
|
heap
|
page read and write
|
||
|
327C000
|
direct allocation
|
page read and write
|
||
|
D70000
|
heap
|
page read and write
|
||
|
3D5E000
|
direct allocation
|
page read and write
|
||
|
288B000
|
direct allocation
|
page read and write
|
||
|
16A8000
|
heap
|
page read and write
|
||
|
286A13A5000
|
direct allocation
|
page read and write
|
||
|
3660000
|
direct allocation
|
page read and write
|
||
|
D8A000
|
heap
|
page read and write
|
||
|
7FF42262F000
|
direct allocation
|
page read and write
|
||
|
28FA000
|
unkown
|
page write copy
|
||
|
286A39F4000
|
heap
|
page read and write
|
||
|
DCA000
|
heap
|
page read and write
|
||
|
3258000
|
direct allocation
|
page read and write
|
||
|
DE8000
|
heap
|
page read and write
|
||
|
13C1000
|
unkown
|
page execute read
|
||
|
3D31000
|
direct allocation
|
page read and write
|
||
|
383D000
|
stack
|
page read and write
|
||
|
DBC000
|
heap
|
page read and write
|
||
|
286A39F2000
|
heap
|
page read and write
|
||
|
DA2000
|
heap
|
page read and write
|
||
|
F00000
|
heap
|
page read and write
|
||
|
4D4000
|
unkown
|
page write copy
|
||
|
D5A000
|
heap
|
page read and write
|
||
|
2770000
|
unkown
|
page read and write
|
||
|
66340000
|
unkown
|
page readonly
|
||
|
2793000
|
unkown
|
page read and write
|
||
|
3DCA000
|
direct allocation
|
page read and write
|
||
|
2869F8FC000
|
heap
|
page read and write
|
||
|
2839000
|
direct allocation
|
page read and write
|
||
|
7FBBA000
|
direct allocation
|
page read and write
|
||
|
286A2CFC000
|
direct allocation
|
page read and write
|
||
|
2806000
|
direct allocation
|
page read and write
|
||
|
3870000
|
heap
|
page read and write
|
||
|
25C1000
|
unkown
|
page read and write
|
||
|
3250000
|
direct allocation
|
page read and write
|
||
|
DE5000
|
heap
|
page read and write
|
||
|
4D8000
|
unkown
|
page readonly
|
||
|
27C3000
|
unkown
|
page read and write
|
||
|
66341000
|
unkown
|
page execute read
|
||
|
3D33000
|
direct allocation
|
page read and write
|
||
|
3182000
|
direct allocation
|
page read and write
|
||
|
120E000
|
stack
|
page read and write
|
||
|
3443000
|
unkown
|
page readonly
|
||
|
9C1000
|
unkown
|
page execute read
|
||
|
2763000
|
unkown
|
page read and write
|
||
|
2EFA000
|
unkown
|
page readonly
|
||
|
27DA000
|
direct allocation
|
page read and write
|
||
|
DD2000
|
heap
|
page read and write
|
||
|
3881000
|
direct allocation
|
page read and write
|
||
|
7FFE115B4000
|
unkown
|
page readonly
|
||
|
3160000
|
unkown
|
page readonly
|
||
|
28A3000
|
unkown
|
page read and write
|
||
|
2869F8EA000
|
heap
|
page read and write
|
||
|
5D1000
|
unkown
|
page execute read
|
||
|
2883000
|
unkown
|
page read and write
|
||
|
328A000
|
direct allocation
|
page read and write
|
||
|
2869FA80000
|
heap
|
page read and write
|
||
|
68E1000
|
direct allocation
|
page read and write
|
||
|
28A9000
|
unkown
|
page read and write
|
||
|
28CC000
|
direct allocation
|
page read and write
|
||
|
DA2000
|
heap
|
page read and write
|
||
|
4D1000
|
unkown
|
page read and write
|
||
|
F05000
|
heap
|
page read and write
|
||
|
664F0000
|
unkown
|
page readonly
|
||
|
3DA6000
|
direct allocation
|
page read and write
|
||
|
286A3210000
|
heap
|
page read and write
|
||
|
286A3AB0000
|
remote allocation
|
page read and write
|
||
|
316D000
|
unkown
|
page readonly
|
||
|
2EF5000
|
unkown
|
page readonly
|
||
|
2648000
|
unkown
|
page read and write
|
||
|
DF7000
|
heap
|
page read and write
|
||
|
1777000
|
unkown
|
page execute read
|
||
|
36B2000
|
direct allocation
|
page read and write
|
||
|
3D7B000
|
direct allocation
|
page read and write
|
||
|
2840000
|
direct allocation
|
page read and write
|
||
|
A10000
|
unkown
|
page execute read
|
||
|
DA5000
|
heap
|
page read and write
|
||
|
2656000
|
unkown
|
page read and write
|
||
|
DA8000
|
heap
|
page read and write
|
||
|
3DAD000
|
direct allocation
|
page read and write
|
||
|
BC7000
|
unkown
|
page execute read
|
||
|
2814000
|
direct allocation
|
page read and write
|
||
|
7FFE115CE000
|
unkown
|
page readonly
|
||
|
885000
|
unkown
|
page read and write
|
||
|
DD6000
|
heap
|
page read and write
|
||
|
D10000
|
direct allocation
|
page read and write
|
||
|
2604000
|
unkown
|
page read and write
|
||
|
7FFE115C4000
|
unkown
|
page read and write
|
||
|
286A143B000
|
direct allocation
|
page read and write
|
||
|
3668000
|
unkown
|
page readonly
|
||
|
26D4000
|
unkown
|
page read and write
|
||
|
2902000
|
unkown
|
page read and write
|
||
|
286A13F9000
|
direct allocation
|
page read and write
|
||
|
2869F8F2000
|
heap
|
page read and write
|
||
|
2869F910000
|
heap
|
page read and write
|
||
|
266A000
|
unkown
|
page write copy
|
||
|
284B000
|
direct allocation
|
page read and write
|
||
|
31F8000
|
direct allocation
|
page read and write
|
||
|
3787000
|
unkown
|
page readonly
|
||
|
DCE000
|
heap
|
page read and write
|
||
|
7F9C0000
|
direct allocation
|
page read and write
|
||
|
D8C000
|
heap
|
page read and write
|
||
|
D6E000
|
heap
|
page read and write
|
||
|
28B6000
|
direct allocation
|
page read and write
|
||
|
31DB000
|
direct allocation
|
page read and write
|
||
|
3241000
|
unkown
|
page readonly
|
||
|
268F000
|
unkown
|
page write copy
|
||
|
36A8000
|
unkown
|
page readonly
|
||
|
DDA000
|
heap
|
page read and write
|
||
|
E8FECFD000
|
stack
|
page read and write
|
||
|
284E000
|
direct allocation
|
page read and write
|
||
|
28AE000
|
unkown
|
page read and write
|
||
|
949000
|
unkown
|
page readonly
|
||
|
7FBCC000
|
direct allocation
|
page read and write
|
||
|
E0B000
|
heap
|
page read and write
|
||
|
2FEF000
|
unkown
|
page readonly
|
||
|
286A13BC000
|
direct allocation
|
page read and write
|
||
|
68F1000
|
direct allocation
|
page read and write
|
||
|
25A9000
|
unkown
|
page write copy
|
||
|
DDD000
|
unkown
|
page execute read
|
||
|
286A1A53000
|
heap
|
page read and write
|
||
|
2869F913000
|
heap
|
page read and write
|
||
|
3DB4000
|
direct allocation
|
page read and write
|
||
|
885000
|
unkown
|
page write copy
|
||
|
2639000
|
unkown
|
page write copy
|
||
|
28C4000
|
direct allocation
|
page read and write
|
||
|
1DC1000
|
unkown
|
page execute read
|
||
|
27CF000
|
unkown
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
2873000
|
unkown
|
page read and write
|
||
|
3837000
|
direct allocation
|
page read and write
|
||
|
28BE000
|
unkown
|
page read and write
|
||
|
D93000
|
heap
|
page read and write
|
||
|
286A13E3000
|
direct allocation
|
page read and write
|
||
|
2869F905000
|
heap
|
page read and write
|
||
|
3DD1000
|
direct allocation
|
page read and write
|
||
|
2874000
|
direct allocation
|
page read and write
|
||
|
DD9000
|
heap
|
page read and write
|
||
|
52E000
|
stack
|
page read and write
|
||
|
410000
|
heap
|
page read and write
|
||
|
27F7000
|
direct allocation
|
page read and write
|
||
|
2F06000
|
unkown
|
page readonly
|
||
|
EF3000
|
heap
|
page read and write
|
||
|
286A2F08000
|
direct allocation
|
page read and write
|
||
|
26C2000
|
unkown
|
page read and write
|
||
|
2869F969000
|
heap
|
page read and write
|
||
|
9C0000
|
unkown
|
page readonly
|
||
|
3247000
|
unkown
|
page readonly
|
||
|
28C0000
|
unkown
|
page read and write
|
||
|
3694000
|
unkown
|
page readonly
|
||
|
16A0000
|
heap
|
page read and write
|
||
|
3D40000
|
direct allocation
|
page read and write
|
||
|
286A15D8000
|
direct allocation
|
page read and write
|
||
|
DFA000
|
heap
|
page read and write
|
||
|
9D1000
|
unkown
|
page execute read
|
||
|
2876000
|
unkown
|
page read and write
|
||
|
286A39BE000
|
heap
|
page read and write
|
||
|
3660000
|
direct allocation
|
page read and write
|
||
|
3904000
|
direct allocation
|
page read and write
|
||
|
3D47000
|
direct allocation
|
page read and write
|
||
|
7F9F0000
|
direct allocation
|
page read and write
|
||
|
DA8000
|
heap
|
page read and write
|
||
|
DD2000
|
heap
|
page read and write
|
||
|
DCA000
|
heap
|
page read and write
|
||
|
185B000
|
unkown
|
page execute read
|
||
|
2768000
|
unkown
|
page read and write
|
||
|
3D23000
|
direct allocation
|
page read and write
|
||
|
31B0000
|
direct allocation
|
page read and write
|
||
|
DF8000
|
heap
|
page read and write
|
||
|
3687000
|
unkown
|
page readonly
|
||
|
2869F899000
|
heap
|
page read and write
|
||
|
894000
|
unkown
|
page read and write
|
||
|
286A2E00000
|
direct allocation
|
page readonly
|
||
|
28FB000
|
unkown
|
page read and write
|
||
|
D82000
|
heap
|
page read and write
|
||
|
3242000
|
direct allocation
|
page read and write
|
||
|
1A80000
|
heap
|
page read and write
|
||
|
2869F890000
|
heap
|
page read and write
|
||
|
286A4E90000
|
trusted library allocation
|
page read and write
|
||
|
286A2D04000
|
direct allocation
|
page read and write
|
||
|
26B8000
|
unkown
|
page read and write
|
||
|
DD3000
|
heap
|
page read and write
|
||
|
DFE000
|
heap
|
page read and write
|
||
|
52B000
|
unkown
|
page readonly
|
||
|
25A9000
|
unkown
|
page read and write
|
||
|
285C000
|
unkown
|
page read and write
|
||
|
7FFE115CC000
|
unkown
|
page read and write
|
||
|
7FF42263D000
|
direct allocation
|
page read and write
|
||
|
286A3009000
|
direct allocation
|
page read and write
|
||
|
E09000
|
heap
|
page read and write
|
||
|
25D4000
|
unkown
|
page read and write
|
||
|
D10000
|
direct allocation
|
page read and write
|
||
|
3914000
|
direct allocation
|
page read and write
|
||
|
D84000
|
heap
|
page read and write
|
||
|
286A3620000
|
heap
|
page read and write
|
||
|
2576000
|
unkown
|
page execute read
|
||
|
268C000
|
unkown
|
page write copy
|
||
|
3737000
|
direct allocation
|
page read and write
|
||
|
E8FF0FE000
|
stack
|
page read and write
|
||
|
286C000
|
unkown
|
page read and write
|
||
|
2602000
|
unkown
|
page read and write
|
||
|
27AF000
|
unkown
|
page read and write
|
||
|
286A1458000
|
direct allocation
|
page read and write
|
||
|
D94000
|
heap
|
page read and write
|
||
|
D8B000
|
heap
|
page read and write
|
||
|
38F1000
|
direct allocation
|
page read and write
|
||
|
280D000
|
direct allocation
|
page read and write
|
||
|
1530000
|
heap
|
page read and write
|
||
|
312D000
|
unkown
|
page readonly
|
||
|
27F0000
|
direct allocation
|
page read and write
|
||
|
3C6E000
|
stack
|
page read and write
|
||
|
2FFF000
|
unkown
|
page readonly
|
||
|
286A145F000
|
direct allocation
|
page read and write
|
||
|
28AC000
|
unkown
|
page read and write
|
||
|
2785000
|
unkown
|
page read and write
|
||
|
3D9F000
|
direct allocation
|
page read and write
|
||
|
286A13CB000
|
direct allocation
|
page read and write
|
||
|
286A1360000
|
direct allocation
|
page read and write
|
||
|
2625000
|
unkown
|
page read and write
|
||
|
3929000
|
direct allocation
|
page read and write
|
||
|
3D82000
|
direct allocation
|
page read and write
|
||
|
286A39C8000
|
heap
|
page read and write
|
||
|
D40000
|
heap
|
page read and write
|
||
|
2864000
|
unkown
|
page read and write
|
||
|
DA2000
|
heap
|
page read and write
|
||
|
DD9000
|
heap
|
page read and write
|
||
|
E8FEBFE000
|
stack
|
page read and write
|
||
|
319A000
|
direct allocation
|
page read and write
|
||
|
396B000
|
direct allocation
|
page read and write
|
||
|
4C8000
|
unkown
|
page read and write
|
||
|
89E000
|
unkown
|
page readonly
|
||
|
DA7000
|
heap
|
page read and write
|
||
|
DE5000
|
heap
|
page read and write
|
||
|
3D65000
|
direct allocation
|
page read and write
|
||
|
27A5000
|
unkown
|
page read and write
|
||
|
5CE000
|
stack
|
page read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
2869F983000
|
heap
|
page read and write
|
||
|
2FF8000
|
unkown
|
page readonly
|
||
|
287B000
|
direct allocation
|
page read and write
|
||
|
3843000
|
direct allocation
|
page read and write
|
||
|
65B0000
|
direct allocation
|
page read and write
|
||
|
4F1000
|
unkown
|
page readonly
|
||
|
D9E000
|
heap
|
page read and write
|
||
|
3274000
|
direct allocation
|
page read and write
|
||
|
27A2000
|
unkown
|
page read and write
|
||
|
2869FBB0000
|
heap
|
page read and write
|
||
|
2751000
|
unkown
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
2E60000
|
trusted library allocation
|
page read and write
|
||
|
286A2FB0000
|
direct allocation
|
page read and write
|
||
|
7F860000
|
direct allocation
|
page read and write
|
||
|
3216000
|
direct allocation
|
page read and write
|
||
|
F09000
|
heap
|
page read and write
|
||
|
13B0000
|
heap
|
page read and write
|
||
|
3150000
|
heap
|
page read and write
|
||
|
28DF000
|
unkown
|
page read and write
|
||
|
2783000
|
unkown
|
page read and write
|
||
|
53D000
|
unkown
|
page readonly
|
||
|
DAC000
|
heap
|
page read and write
|
||
|
7F87B000
|
direct allocation
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
189F000
|
stack
|
page read and write
|
||
|
DD5000
|
unkown
|
page execute read
|
||
|
DC2000
|
heap
|
page read and write
|
||
|
7FB7F000
|
direct allocation
|
page read and write
|
||
|
E8FF1FD000
|
stack
|
page read and write
|
||
|
3536000
|
unkown
|
page readonly
|
||
|
8F0000
|
unkown
|
page readonly
|
||
|
AFA000
|
unkown
|
page execute read
|
||
|
394D000
|
direct allocation
|
page read and write
|
||
|
DD6000
|
heap
|
page read and write
|
||
|
31E2000
|
direct allocation
|
page read and write
|
||
|
DCF000
|
heap
|
page read and write
|
||
|
286A2E10000
|
direct allocation
|
page readonly
|
||
|
3DBC000
|
direct allocation
|
page read and write
|
||
|
28D3000
|
direct allocation
|
page read and write
|
||
|
27CC000
|
direct allocation
|
page read and write
|
||
|
37CA000
|
unkown
|
page readonly
|
||
|
31A1000
|
direct allocation
|
page read and write
|
||
|
286A1434000
|
direct allocation
|
page read and write
|
||
|
321D000
|
direct allocation
|
page read and write
|
||
|
2677000
|
unkown
|
page write copy
|
||
|
DBB000
|
heap
|
page read and write
|
||
|
286A2E60000
|
direct allocation
|
page read and write
|
||
|
28C9000
|
unkown
|
page read and write
|
||
|
286A13B5000
|
direct allocation
|
page read and write
|
||
|
420000
|
unkown
|
page readonly
|
||
|
286A2FFA000
|
direct allocation
|
page read and write
|
||
|
D84000
|
heap
|
page read and write
|
||
|
353F000
|
unkown
|
page readonly
|
||
|
2671000
|
unkown
|
page write copy
|
||
|
27E9000
|
direct allocation
|
page read and write
|
||
|
286A2FA7000
|
direct allocation
|
page read and write
|
||
|
1A7E000
|
stack
|
page read and write
|
||
|
2E65000
|
unkown
|
page readonly
|
||
|
DB2000
|
heap
|
page read and write
|
||
|
325F000
|
direct allocation
|
page read and write
|
||
|
897000
|
unkown
|
page write copy
|
||
|
2871000
|
unkown
|
page read and write
|
||
|
DC5000
|
heap
|
page read and write
|
||
|
DBD000
|
heap
|
page read and write
|
||
|
D81000
|
heap
|
page read and write
|
||
|
DEE000
|
heap
|
page read and write
|
||
|
6A32000
|
direct allocation
|
page read and write
|
||
|
3D6C000
|
direct allocation
|
page read and write
|
||
|
286A13D3000
|
direct allocation
|
page read and write
|
||
|
3B6E000
|
stack
|
page read and write
|
||
|
281B000
|
direct allocation
|
page read and write
|
||
|
E8FEDF6000
|
unkown
|
page read and write
|
||
|
286A2FF3000
|
direct allocation
|
page read and write
|
||
|
4D6000
|
unkown
|
page readonly
|
||
|
882000
|
unkown
|
page execute read
|
||
|
937000
|
unkown
|
page readonly
|
||
|
C9B000
|
unkown
|
page execute read
|
||
|
E8FEAFE000
|
stack
|
page read and write
|
||
|
2796000
|
unkown
|
page read and write
|
||
|
36B4000
|
unkown
|
page readonly
|
||
|
286A1A20000
|
heap
|
page read and write
|
||
|
26D8000
|
unkown
|
page read and write
|
||
|
279C000
|
unkown
|
page read and write
|
||
|
DCE000
|
heap
|
page read and write
|
||
|
2FED000
|
unkown
|
page readonly
|
||
|
3D90000
|
direct allocation
|
page read and write
|
||
|
38AF000
|
unkown
|
page readonly
|
||
|
4C4000
|
unkown
|
page execute read
|
||
|
68EA000
|
direct allocation
|
page read and write
|
||
|
3D50000
|
direct allocation
|
page read and write
|
||
|
3D57000
|
direct allocation
|
page read and write
|
||
|
286A2D4B000
|
direct allocation
|
page read and write
|
||
|
4C8000
|
unkown
|
page write copy
|
||
|
25C7000
|
unkown
|
page read and write
|
||
|
2884000
|
direct allocation
|
page read and write
|
||
|
DE4000
|
heap
|
page read and write
|
||
|
2667000
|
unkown
|
page write copy
|
||
|
2856000
|
direct allocation
|
page read and write
|
||
|
27FE000
|
direct allocation
|
page read and write
|
||
|
287D000
|
unkown
|
page read and write
|
||
|
27B8000
|
unkown
|
page read and write
|
||
|
DD9000
|
heap
|
page read and write
|
||
|
3D2A000
|
direct allocation
|
page read and write
|
||
|
396F000
|
direct allocation
|
page read and write
|
||
|
33A1000
|
unkown
|
page readonly
|
||
|
DD6000
|
heap
|
page read and write
|
||
|
2E0A000
|
unkown
|
page readonly
|
||
|
3266000
|
direct allocation
|
page read and write
|
||
|
D66000
|
heap
|
page read and write
|
||
|
93A000
|
unkown
|
page readonly
|
||
|
DB7000
|
heap
|
page read and write
|
||
|
267E000
|
unkown
|
page write copy
|
||
|
3518000
|
unkown
|
page readonly
|
||
|
261F000
|
unkown
|
page read and write
|
||
|
31BE000
|
direct allocation
|
page read and write
|
||
|
289C000
|
unkown
|
page read and write
|
||
|
286A30CF000
|
direct allocation
|
page read and write
|
||
|
2766000
|
unkown
|
page read and write
|
||
|
3720000
|
direct allocation
|
page read and write
|
||
|
D84000
|
heap
|
page read and write
|
||
|
28A5000
|
unkown
|
page read and write
|
||
|
E04000
|
heap
|
page read and write
|
||
|
16BC000
|
heap
|
page read and write
|
||
|
288B000
|
unkown
|
page read and write
|
||
|
AD9000
|
unkown
|
page execute read
|
||
|
2621000
|
unkown
|
page read and write
|
||
|
286A140F000
|
direct allocation
|
page read and write
|
||
|
DBB000
|
heap
|
page read and write
|
||
|
3D39000
|
direct allocation
|
page read and write
|
||
|
DD2000
|
heap
|
page read and write
|
||
|
DCA000
|
heap
|
page read and write
|
||
|
391D000
|
direct allocation
|
page read and write
|
||
|
286A1419000
|
direct allocation
|
page read and write
|
||
|
66488000
|
unkown
|
page readonly
|
||
|
28DA000
|
direct allocation
|
page read and write
|
||
|
286A30D2000
|
direct allocation
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
3150000
|
unkown
|
page readonly
|
||
|
286A2E88000
|
direct allocation
|
page read and write
|
||
|
3547000
|
unkown
|
page readonly
|
||
|
DC2000
|
heap
|
page read and write
|
||
|
7FF422620000
|
direct allocation
|
page read and write
|
||
|
286A33A9000
|
direct allocation
|
page read and write
|
||
|
7FA11000
|
direct allocation
|
page read and write
|
||
|
2864000
|
direct allocation
|
page read and write
|
||
|
2869F880000
|
heap
|
page read and write
|
||
|
D9E000
|
heap
|
page read and write
|
||
|
3249000
|
direct allocation
|
page read and write
|
||
|
260B000
|
unkown
|
page read and write
|
||
|
395B000
|
direct allocation
|
page read and write
|
||
|
387E000
|
direct allocation
|
page read and write
|
||
|
2869F901000
|
heap
|
page read and write
|
||
|
2777000
|
unkown
|
page read and write
|
||
|
279A000
|
unkown
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
887000
|
unkown
|
page read and write
|
||
|
344E000
|
unkown
|
page readonly
|
||
|
4CA000
|
unkown
|
page read and write
|
||
|
1510000
|
heap
|
page read and write
|
||
|
27AB000
|
unkown
|
page read and write
|
||
|
2589000
|
unkown
|
page execute read
|
||
|
313F000
|
unkown
|
page readonly
|
||
|
DD2000
|
heap
|
page read and write
|
||
|
2897000
|
unkown
|
page read and write
|
||
|
286A2D52000
|
direct allocation
|
page read and write
|
||
|
DBB000
|
heap
|
page read and write
|
||
|
286A2C80000
|
direct allocation
|
page read and write
|
||
|
27D1000
|
unkown
|
page read and write
|
||
|
25E0000
|
unkown
|
page read and write
|
||
|
286A3AB0000
|
remote allocation
|
page read and write
|
||
|
277B000
|
unkown
|
page read and write
|
||
|
135C000
|
stack
|
page read and write
|
||
|
3200000
|
direct allocation
|
page read and write
|
||
|
314D000
|
unkown
|
page readonly
|
||
|
DC1000
|
heap
|
page read and write
|
||
|
E8FEFFF000
|
stack
|
page read and write
|
||
|
33AD000
|
unkown
|
page readonly
|
||
|
D91000
|
unkown
|
page execute read
|
||
|
278A000
|
unkown
|
page read and write
|
||
|
31B7000
|
direct allocation
|
page read and write
|
||
|
38B5000
|
unkown
|
page readonly
|
||
|
320F000
|
direct allocation
|
page read and write
|
||
|
5D0000
|
unkown
|
page readonly
|
||
|
664E2000
|
unkown
|
page read and write
|
||
|
25DA000
|
unkown
|
page read and write
|
||
|
285D000
|
direct allocation
|
page read and write
|
||
|
3D74000
|
direct allocation
|
page read and write
|
||
|
397F000
|
stack
|
page read and write
|
||
|
31CD000
|
direct allocation
|
page read and write
|
||
|
DD4000
|
heap
|
page read and write
|
||
|
150E000
|
stack
|
page read and write
|
||
|
25AD000
|
unkown
|
page read and write
|
||
|
2869F8CE000
|
heap
|
page read and write
|
||
|
37FE000
|
stack
|
page read and write
|
||
|
286A3624000
|
heap
|
page read and write
|
||
|
2614000
|
unkown
|
page read and write
|
||
|
28BA000
|
unkown
|
page read and write
|
||
|
25FF000
|
unkown
|
page read and write
|
||
|
286A2FA0000
|
direct allocation
|
page read and write
|
||
|
2869FBA0000
|
direct allocation
|
page execute and read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
DA2000
|
heap
|
page read and write
|
||
|
E8FE5A9000
|
stack
|
page read and write
|
||
|
26C4000
|
unkown
|
page read and write
|
||
|
163F000
|
stack
|
page read and write
|
||
|
31F1000
|
direct allocation
|
page read and write
|
||
|
DCA000
|
heap
|
page read and write
|
||
|
323A000
|
direct allocation
|
page read and write
|
||
|
27C1000
|
direct allocation
|
page read and write
|
||
|
27B0000
|
direct allocation
|
page read and write
|
||
|
2869F963000
|
heap
|
page read and write
|
||
|
3D89000
|
direct allocation
|
page read and write
|
||
|
28F4000
|
unkown
|
page read and write
|
||
|
28E8000
|
direct allocation
|
page read and write
|
||
|
7F910000
|
direct allocation
|
page read and write
|
||
|
DDE000
|
heap
|
page read and write
|
||
|
286A3A1C000
|
heap
|
page read and write
|
||
|
3298000
|
direct allocation
|
page read and write
|
||
|
7FBBD000
|
direct allocation
|
page read and write
|
||
|
286A39B0000
|
heap
|
page read and write
|
||
|
28E1000
|
direct allocation
|
page read and write
|
||
|
27A0000
|
unkown
|
page read and write
|
||
|
2892000
|
direct allocation
|
page read and write
|
||
|
289F000
|
unkown
|
page read and write
|
||
|
28A8000
|
direct allocation
|
page read and write
|
||
|
DAC000
|
heap
|
page read and write
|
||
|
286A2FBB000
|
direct allocation
|
page read and write
|
||
|
26C0000
|
unkown
|
page read and write
|
||
|
E01000
|
heap
|
page read and write
|
||
|
31D4000
|
direct allocation
|
page read and write
|
||
|
88C000
|
unkown
|
page read and write
|
||
|
E94000
|
unkown
|
page execute read
|
||
|
421000
|
unkown
|
page execute read
|
||
|
2A3000
|
stack
|
page read and write
|
||
|
7FF42262A000
|
direct allocation
|
page read and write
|
||
|
DD3000
|
heap
|
page read and write
|
||
|
980000
|
direct allocation
|
page execute and read and write
|
||
|
352D000
|
unkown
|
page readonly
|
||
|
E8FF3FB000
|
stack
|
page read and write
|
||
|
7FFE11571000
|
unkown
|
page execute read
|
||
|
38D1000
|
unkown
|
page readonly
|
||
|
286A1429000
|
direct allocation
|
page read and write
|
||
|
26DE000
|
unkown
|
page read and write
|
||
|
25B6000
|
unkown
|
page read and write
|
||
|
2609000
|
unkown
|
page read and write
|
||
|
DAC000
|
heap
|
page read and write
|
||
|
CFF000
|
stack
|
page read and write
|
||
|
2775000
|
unkown
|
page read and write
|
||
|
8FC000
|
unkown
|
page readonly
|
||
|
14CE000
|
stack
|
page read and write
|
||
|
25E9000
|
unkown
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
AE5000
|
unkown
|
page execute read
|
||
|
286A2FAE000
|
direct allocation
|
page read and write
|
||
|
2652000
|
unkown
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
26E4000
|
unkown
|
page read and write
|
||
|
DCE000
|
heap
|
page read and write
|
||
|
DC1000
|
heap
|
page read and write
|
||
|
286A33AB000
|
direct allocation
|
page read and write
|
||
|
27E2000
|
direct allocation
|
page read and write
|
||
|
3720000
|
direct allocation
|
page read and write
|
||
|
DBB000
|
heap
|
page read and write
|
||
|
3283000
|
direct allocation
|
page read and write
|
||
|
2869FA60000
|
heap
|
page read and write
|
||
|
DE5000
|
heap
|
page read and write
|
||
|
E0C000
|
heap
|
page read and write
|
||
|
D87000
|
heap
|
page read and write
|
||
|
7FA55000
|
direct allocation
|
page read and write
|
||
|
DE4000
|
heap
|
page read and write
|
||
|
D96000
|
heap
|
page read and write
|
||
|
286A2F99000
|
direct allocation
|
page read and write
|
||
|
D8F000
|
heap
|
page read and write
|
||
|
286A1A50000
|
heap
|
page read and write
|
||
|
286A1442000
|
direct allocation
|
page read and write
|
||
|
DD2000
|
heap
|
page read and write
|
||
|
3DC3000
|
direct allocation
|
page read and write
|
||
|
3208000
|
direct allocation
|
page read and write
|
||
|
D10000
|
direct allocation
|
page read and write
|
||
|
9C9000
|
unkown
|
page execute read
|
||
|
31E9000
|
direct allocation
|
page read and write
|
||
|
9C0000
|
unkown
|
page readonly
|
||
|
25B2000
|
unkown
|
page read and write
|
||
|
392D000
|
direct allocation
|
page read and write
|
||
|
2869F905000
|
heap
|
page read and write
|
||
|
31A9000
|
direct allocation
|
page read and write
|
||
|
DE4000
|
heap
|
page read and write
|
||
|
D5D000
|
heap
|
page read and write
|
||
|
378F000
|
unkown
|
page readonly
|
||
|
D60000
|
heap
|
page read and write
|
||
|
3291000
|
direct allocation
|
page read and write
|
||
|
25F7000
|
unkown
|
page read and write
|
||
|
7FB73000
|
direct allocation
|
page read and write
|
||
|
3D98000
|
direct allocation
|
page read and write
|
||
|
52F000
|
unkown
|
page readonly
|
||
|
3367000
|
unkown
|
page readonly
|
||
|
38D2000
|
direct allocation
|
page read and write
|
||
|
38F9000
|
direct allocation
|
page read and write
|
||
|
125B000
|
stack
|
page read and write
|
||
|
7F9D0000
|
direct allocation
|
page read and write
|
||
|
285E000
|
unkown
|
page read and write
|
||
|
E8FF4FE000
|
stack
|
page read and write
|
||
|
39C000
|
stack
|
page read and write
|
||
|
326D000
|
direct allocation
|
page read and write
|
||
|
EF0000
|
heap
|
page read and write
|
||
|
25CF000
|
unkown
|
page read and write
|
||
|
89C000
|
unkown
|
page readonly
|
||
|
9DB000
|
unkown
|
page execute read
|
||
|
286A1381000
|
direct allocation
|
page read and write
|
||
|
2908000
|
unkown
|
page readonly
|
||
|
DCA000
|
heap
|
page read and write
|
||
|
31C5000
|
direct allocation
|
page read and write
|
||
|
7FFE11570000
|
unkown
|
page readonly
|
||
|
3890000
|
direct allocation
|
page read and write
|
||
|
336D000
|
unkown
|
page readonly
|
||
|
3698000
|
unkown
|
page readonly
|
||
|
286A3AB0000
|
remote allocation
|
page read and write
|
||
|
E8FF2FE000
|
stack
|
page read and write
|
||
|
2869FBB5000
|
heap
|
page read and write
|
There are 551 hidden memdumps, click here to show them.