IOC Report
duGqHKp0OUXaX1D.exe

loading gif

Files

File Path
Type
Category
Malicious
duGqHKp0OUXaX1D.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\duGqHKp0OUXaX1D.exe.log
ASCII text, with CRLF line terminators
dropped

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\duGqHKp0OUXaX1D.exe
C:\Users\user\Desktop\duGqHKp0OUXaX1D.exe
 malicious
C:\Users\user\Desktop\duGqHKp0OUXaX1D.exe
C:\Users\user\Desktop\duGqHKp0OUXaX1D.exe
 malicious
C:\Windows\explorer.exe
C:\Windows\Explorer.EXE
 malicious
C:\Windows\SysWOW64\help.exe
C:\Windows\SysWOW64\help.exe
 malicious
C:\Windows\SysWOW64\cmd.exe
/c del "C:\Users\user\Desktop\duGqHKp0OUXaX1D.exe"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

URLs

Name
IP
Malicious
http://www.velvetgloveseasonings.store/ns03/?9rQhA=J48H&Mli=vEpXOfxtbjALuLNDB5L7Pe2+oD++ppewNBRQcYUm39B9ZRdA7FQASoNacaXdwTFFIZyq
216.40.34.41
 malicious
http://www.beatricesswarthout.xyz/ns03/?9rQhA=J48H&Mli=VQsc4N5v0Qb/taRRMjFMH1qaQdoag+l2H1v4gotC687CaJU5axHSv4xTKAqiMqdiZl4n
172.67.171.253
 malicious
http://www.gildedbeautyaesthitics.com/ns03/?Mli=Ejx28V0Mi/PKMFo4nxco0l6yr5i8wbzIhiv3vkPYYPmQLPpGZe2iDqne8+4JWli/3WeD&9rQhA=J48H
192.0.78.25
 malicious
http://www.scheuermannworks.com/ns03/?9rQhA=J48H&Mli=pFpcKhsoBDMiQsDxn6RNHE8RotFPog89cmb4qNEXsJuyXSeWzOEqXN59npsx+F1JRdEB
208.91.197.27
 malicious
http://www.maxhealthunity.com/ns03/?9rQhA=J48H&Mli=6xy0BlydHITJ62csFR1w9NwziEOpwYF/YRUtVwNXcka1y+WP4+BwE4Gzjf3LSGjZNmwj
15.197.142.173
 malicious
www.grupooceanique.com/ns03/
malicious
http://www.agathis.fun/ns03/?9rQhA=J48H&Mli=KqqGrli78UDkBV4XlBvGehqbnDNs0x6MIHFba6A/A1mNeTCnsV+vzi3OAKYlREQ8vsy3
104.21.23.10
 malicious
https://powerpoint.office.comer
unknown
http://www.agathis.funReferer:
unknown
https://android.notify.windows.com/iOSA4
unknown
http://www.yedxec.xyz
unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
unknown
http://www.velvetgloveseasonings.store/ns03/
unknown
http://www.maxhealthunity.com/ns03/
unknown
https://www.msn.com/en-us/sports/other/simone-biles-leads-u-s-women-s-team-to-seventh-straight-world
unknown
https://api.msn.com:443/v1/news/Feed/Windows?
unknown
http://www.grupooceanique.com
unknown
http://www.yedxec.xyz/ns03/
unknown
https://excel.office.com
unknown
https://www.msn.com/en-us/money/personalfinance/the-big-3-mistakes-financial-advisors-say-that-the-1
unknown
http://www.engagenotrage.com
unknown
http://www.velvetgloveseasonings.storeReferer:
unknown
http://www.beatricesswarthout.xyz
unknown
http://www.gildedbeautyaesthitics.com
unknown
http://www.leclandesparents.com
unknown
http://www.grupooceanique.com/ns03/
unknown
http://www.taiyuanbaoyang.com/ns03/www.beatricesswarthout.xyz
unknown
http://www.gildedbeautyaesthitics.com/ns03/
unknown
https://upload.wikimedia.org/wikipedia/commons/thumb/8/84/Zealandia-Continent_map_en.svg/1870px-Zeal
unknown
http://www.gildedbeautyaesthitics.com/ns03/www.maxhealthunity.com
unknown
http://www.gildedbeautyaesthitics.comReferer:
unknown
http://www.leclandesparents.com/ns03/www.yedxec.xyz
unknown
http://www.maxhealthunity.com
unknown
http://www.microsoft.c
unknown
https://android.notify.windows.com/iOSd
unknown
http://www.scheuermannworks.com
unknown
https://assets.msn.com/weathermapdata/1/static/weather/taskbar/animation/WeatherInsights/WeatherInsi
unknown
http://www.beatricesswarthout.xyz/ns03/www.engagenotrage.com
unknown
http://www.velvetgloveseasonings.store/ns03/www.gildedbeautyaesthitics.com
unknown
http://www.autoitscript.com/autoit3/J
unknown
http://www.beatricesswarthout.xyzReferer:
unknown
http://www.elizabethsbookshelf.com/ns03/
unknown
http://www.elizabethsbookshelf.com
unknown
https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
unknown
http://www.maxhealthunity.comReferer:
unknown
http://www.leclandesparents.comReferer:
unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT-dark
unknown
http://www.agathis.fun/ns03/
unknown
http://www.maxhealthunity.com/ns03/www.fonbnk.pro
unknown
https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
unknown
http://www.scheuermannworks.com/ns03/
unknown
http://www.scheuermannworks.com/ns03/www.fichaphuman.net
unknown
http://www.yedxec.xyz/ns03/www.chuanruhaomen.com
unknown
https://outlook.com
unknown
http://www.yedxec.xyzReferer:
unknown
https://www.cloudflare.com/5xx-error-landing
unknown
http://www.engagenotrage.com/ns03/
unknown
https://android.notify.windows.com/iOS
unknown
https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp
unknown
https://www.msn.com/en-us/news/us/dumb-and-dumber-12-states-with-the-absolute-worst-education-in-the
unknown
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/MostlyClearNight.svg
unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKBA
unknown
http://www.leclandesparents.com/ns03/
unknown
http://www.repair-services.todayReferer:
unknown
http://www.scheuermannworks.comReferer:
unknown
http://www.repair-services.today
unknown
https://www.msn.com/en-us/sports/other/washington-state-ad-asks-ncaa-for-compassion-and-understandin
unknown
http://www.fonbnk.pro/ns03/www.scheuermannworks.com
unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gF9k-dark
unknown
https://api.msn.com/v1/news/Feed/Windows?
unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT
unknown
http://www.fichaphuman.netReferer:
unknown
http://www.fichaphuman.net/ns03/www.elizabethsbookshelf.com
unknown
http://www.engagenotrage.com/ns03/www.velvetgloveseasonings.store
unknown
https://www.msn.com/en-us/weather/topstories/first-map-of-earth-s-lost-continent-has-been-published/
unknown
http://www.taiyuanbaoyang.comReferer:
unknown
https://www.msn.com/en-us/news/politics/kinzinger-has-theory-about-who-next-house-speaker-will-be/vi
unknown
https://www.msn.com/en-us/money/careersandeducation/student-loan-debt-forgiveness-arrives-for-some-b
unknown
http://schemas.micro
unknown
http://www.elizabethsbookshelf.comReferer:
unknown
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/recordhigh.svg
unknown
http://www.fonbnk.proReferer:
unknown
https://wns.windows.com/EM0
unknown
https://www.msn.com/en-us/weather/topstories/us-winter-forecast-for-the-2023-2024-season/ar-AA1hGINt
unknown
https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
unknown
http://www.chuanruhaomen.com
unknown
https://www.msn.com/en-us/money/markets/costco-is-seeing-a-gold-rush-what-s-behind-the-demand-for-it
unknown
http://www.grupooceanique.com/ns03/www.repair-services.today
unknown
http://www.grupooceanique.comReferer:
unknown
http://www.fichaphuman.net
unknown
https://www.msn.com/en-us/weather/topstories/stop-planting-new-forests-scientists-say/ar-AA1hFI09
unknown
http://www.beatricesswarthout.xyz/ns03/
unknown
http://www.agathis.fun/ns03/www.grupooceanique.com
unknown
http://www.fichaphuman.net/ns03/
unknown
http://www.agathis.fun
unknown
https://www.msn.com/en-us/money/personalfinance/the-no-1-phrase-people-who-are-good-at-small-talk-al
unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gF9k
unknown
http://www.chuanruhaomen.comReferer:
unknown
http://www.repair-services.today/ns03/www.taiyuanbaoyang.com
unknown
http://www.elizabethsbookshelf.com/ns03/www.leclandesparents.com
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
www.scheuermannworks.com
208.91.197.27
 malicious
gildedbeautyaesthitics.com
192.0.78.25
 malicious
www.taiyuanbaoyang.com
172.67.160.57
 malicious
www.beatricesswarthout.xyz
172.67.171.253
 malicious
www.agathis.fun
104.21.23.10
 malicious
www.repair-services.today
172.67.146.200
 malicious
maxhealthunity.com
15.197.142.173
 malicious
www.velvetgloveseasonings.store
216.40.34.41
 malicious
www.grupooceanique.com
unknown
 malicious
www.engagenotrage.com
unknown
 malicious
www.gildedbeautyaesthitics.com
unknown
 malicious
www.maxhealthunity.com
unknown
 malicious
www.fonbnk.pro
unknown
 malicious
There are 3 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
192.0.78.25
gildedbeautyaesthitics.com
United States
malicious
172.67.171.253
www.beatricesswarthout.xyz
United States
malicious
172.67.146.200
www.repair-services.today
United States
malicious
172.67.160.57
www.taiyuanbaoyang.com
United States
malicious
15.197.142.173
maxhealthunity.com
United States
malicious
208.91.197.27
www.scheuermannworks.com
Virgin Islands (BRITISH)
malicious
104.21.23.10
www.agathis.fun
United States
malicious
216.40.34.41
www.velvetgloveseasonings.store
Canada
malicious

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
{A38B883C-1682-497E-97B0-0A3A9E801682} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
@explorerframe.dll,-13137
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
@explorerframe.dll,-13138
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.csv\OpenWithProgids
Excel.CSV
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppam\OpenWithProgids
PowerPoint.Addin.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vsto\OpenWithProgids
bootstrap.vsto.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlam\OpenWithProgids
Excel.AddInMacroEnabled
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithProgids
Unpacker
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Shell\Bags\1\Desktop
IconLayouts
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\GameDVR
KGLToGCSUpdatedRevision
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Security and Maintenance\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.102
CheckSetting
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
TaskbarStateLastRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021492-0000-0000-C000-000000000046}\Enum
Implementing
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\OpenWithProgids
WMP11.AssocFile.3G2
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\OpenWithProgids
WMP11.AssocFile.3GP
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\OpenWithProgids
WMP11.AssocFile.ADTS
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\OpenWithProgids
WMP11.AssocFile.AIFF
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\OpenWithProgids
WMP11.AssocFile.ASF
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\OpenWithProgids
WMP11.AssocFile.ASX
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\OpenWithProgids
WMP11.AssocFile.AU
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au3\OpenWithProgids
AutoIt3Script
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\OpenWithProgids
WMP11.AssocFile.AVI
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\OpenWithProgids
Paint.Picture
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cab\OpenWithProgids
CABFolder
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdxml\OpenWithProgids
Microsoft.PowerShellCmdletDefinitionXML.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.css\OpenWithProgids
CSSfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dds\OpenWithProgids
ddsfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\OpenWithProgids
Paint.Picture
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dll\OpenWithProgids
dllfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\OpenWithProgids
Word.Document.8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docm\OpenWithProgids
Word.DocumentMacroEnabled.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\OpenWithProgids
Word.Document.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dot\OpenWithProgids
Word.Template.8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dotm\OpenWithProgids
Word.TemplateMacroEnabled.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dotx\OpenWithProgids
Word.Template.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\OpenWithProgids
emffile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids
exefile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\OpenWithProgids
WMP11.AssocFile.FLAC
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fon\OpenWithProgids
fonfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\OpenWithProgids
giffile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids
htmlfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\OpenWithProgids
icofile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inf\OpenWithProgids
inffile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ini\OpenWithProgids
inifile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\OpenWithProgids
pjpegfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\OpenWithProgids
jpegfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jxr\OpenWithProgids
wdpfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lnk\OpenWithProgids
lnkfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\OpenWithProgids
WMP11.AssocFile.MPEG
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\OpenWithProgids
WMP11.AssocFile.M2TS
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\OpenWithProgids
WMP11.AssocFile.m3u
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\OpenWithProgids
WMP11.AssocFile.M4A
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\OpenWithProgids
WMP11.AssocFile.MP4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\OpenWithProgids
mhtmlfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\OpenWithProgids
WMP11.AssocFile.MIDI
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mk3d\OpenWithProgids
WMP11.AssocFile.MK3D
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mka\OpenWithProgids
WMP11.AssocFile.MKA
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\OpenWithProgids
WMP11.AssocFile.MKV
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\OpenWithProgids
WMP11.AssocFile.MPEG
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\OpenWithProgids
WMP11.AssocFile.MOV
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MP2\OpenWithProgids
WMP11.AssocFile.MP3
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\OpenWithProgids
WMP11.AssocFile.MP4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msg\OpenWithProgids
Outlook.File.msg.15
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\OpenWithProgids
WMP11.AssocFile.M2TS
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ocx\OpenWithProgids
ocxfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.odp\OpenWithProgids
PowerPoint.OpenDocumentPresentation.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ods\OpenWithProgids
Excel.OpenDocumentSpreadsheet.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.odt\OpenWithProgids
Word.OpenDocumentText.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.otf\OpenWithProgids
otffile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\OpenWithProgids
pngfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pot\OpenWithProgids
PowerPoint.Template.8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.potm\OpenWithProgids
PowerPoint.TemplateMacroEnabled.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.potx\OpenWithProgids
PowerPoint.Template.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppsm\OpenWithProgids
PowerPoint.SlideShowMacroEnabled.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppsx\OpenWithProgids
PowerPoint.SlideShow.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppt\OpenWithProgids
PowerPoint.Show.8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pptm\OpenWithProgids
PowerPoint.ShowMacroEnabled.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pptx\OpenWithProgids
PowerPoint.Show.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ps1\OpenWithProgids
Microsoft.PowerShellScript.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ps1xml\OpenWithProgids
Microsoft.PowerShellXMLData.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd1\OpenWithProgids
Microsoft.PowerShellData.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psm1\OpenWithProgids
Microsoft.PowerShellModule.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pssc\OpenWithProgids
Microsoft.PowerShellSessionConfiguration.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\OpenWithProgids
rlefile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rtf\OpenWithProgids
Word.RTF.8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.scf\OpenWithProgids
SHCmdFile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.search-ms\OpenWithProgids
SearchFolder
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithProgids
shtmlfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sldm\OpenWithProgids
PowerPoint.SlideMacroEnabled.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sldx\OpenWithProgids
PowerPoint.Slide.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sys\OpenWithProgids
sysfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\OpenWithProgids
TIFImage.Document
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\OpenWithProgids
WMP11.AssocFile.TTS
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\OpenWithProgids
ttcfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\OpenWithProgids
ttffile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\OpenWithProgids
WMP11.AssocFile.TTS
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithProgids
txtfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\OpenWithProgids
WMP11.AssocFile.WAV
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\OpenWithProgids
WMP11.AssocFile.WAX
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdp\OpenWithProgids
wdpfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\OpenWithProgids
WMP11.AssocFile.ASF
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\OpenWithProgids
WMP11.AssocFile.WMA
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\OpenWithProgids
wmffile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\OpenWithProgids
WMP11.AssocFile.WMV
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\OpenWithProgids
WMP11.AssocFile.ASX
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WPL\OpenWithProgids
WMP11.AssocFile.WPL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\OpenWithProgids
WMP11.AssocFile.WVX
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xls\OpenWithProgids
Excel.Sheet.8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsb\OpenWithProgids
Excel.SheetBinaryMacroEnabled.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsm\OpenWithProgids
Excel.SheetMacroEnabled.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsx\OpenWithProgids
Excel.Sheet.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlt\OpenWithProgids
Excel.Template.8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xltm\OpenWithProgids
Excel.TemplateMacroEnabled
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xltx\OpenWithProgids
Excel.Template
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\OpenWithProgids
xmlfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xsl\OpenWithProgids
xslfile
There are 172 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
400000
remote allocation
page execute and read and write
 malicious
26C1000
trusted library allocation
page read and write
 malicious
2DA0000
unclassified section
page execute and read and write
 malicious
4F50000
trusted library section
page read and write
 malicious
2930000
system
page execute and read and write
 malicious
389E000
trusted library allocation
page read and write
 malicious
2DD0000
trusted library allocation
page read and write
 malicious
9D01000
unkown
page read and write
4B21000
trusted library allocation
page read and write
7FF502D04000
unkown
page readonly
936E000
unkown
page read and write
98FC000
stack
page read and write
A30000
trusted library allocation
page read and write
7FF503082000
unkown
page readonly
795C000
stack
page read and write
301B000
unkown
page read and write
7FF5030DE000
unkown
page readonly
309F000
unkown
page read and write
7FF502E60000
unkown
page readonly
522D000
stack
page read and write
BDF0000
unkown
page read and write
964E000
stack
page read and write
3240000
trusted library allocation
page read and write
3616000
unclassified section
page read and write
708A000
unkown
page read and write
BDCB000
unkown
page read and write
C018000
unkown
page read and write
C9E000
stack
page read and write
7FF503185000
unkown
page readonly
9B87000
unkown
page read and write
7FF503167000
unkown
page readonly
BEE8000
unkown
page read and write
43FD000
unkown
page read and write
7FF502DDC000
unkown
page readonly
4E33000
unkown
page read and write
9B70000
unkown
page read and write
8596000
unkown
page read and write
7FF5030B4000
unkown
page readonly
5B70000
trusted library section
page read and write
931A000
unkown
page read and write
9D01000
unkown
page read and write
7FF502B80000
unkown
page readonly
7FF503223000
unkown
page readonly
B580000
unkown
page read and write
2EF2000
stack
page read and write
BBE8000
unkown
page read and write
3235000
heap
page read and write
AA0B000
stack
page read and write
7FF502CDD000
unkown
page readonly
7085000
unkown
page read and write
3240000
trusted library allocation
page read and write
2D54000
heap
page read and write
2E37000
heap
page read and write
6EE1000
unkown
page read and write
7FF502DD1000
unkown
page readonly
7651000
unkown
page read and write
987B000
stack
page read and write
E90D000
unkown
page read and write
28FB000
stack
page read and write
7FF503082000
unkown
page readonly
2D54000
heap
page read and write
9366000
unkown
page read and write
3099000
unkown
page read and write
7FF5030C9000
unkown
page readonly
E90000
unkown
page readonly
B68C000
stack
page read and write
7FF5031AD000
unkown
page readonly
7FF502F96000
unkown
page readonly
701C000
unkown
page read and write
C094000
unkown
page read and write
E905000
unkown
page read and write
BD6C000
unkown
page read and write
295C000
trusted library allocation
page read and write
B09B000
stack
page read and write
2F20000
unkown
page readonly
43B4000
unkown
page read and write
7FF503275000
unkown
page readonly
91FB000
unkown
page read and write
2D54000
heap
page read and write
44A0000
unkown
page read and write
BCB7000
unkown
page read and write
7FF502D35000
unkown
page readonly
7FF502D9D000
unkown
page readonly
7FF502FAF000
unkown
page readonly
9C09000
unkown
page read and write
6ECB000
unkown
page read and write
E50000
unkown
page readonly
7FF503257000
unkown
page readonly
4B90000
heap
page read and write
30B4000
unkown
page read and write
A36C000
unkown
page read and write
70E000
stack
page read and write
589E000
stack
page read and write
9D0000
trusted library allocation
page read and write
BDCB000
unkown
page read and write
29A0000
trusted library allocation
page read and write
7FF503354000
unkown
page readonly
E905000
unkown
page read and write
29A0000
trusted library allocation
page read and write
29A0000
trusted library allocation
page read and write
A36F000
unkown
page read and write
9CEA000
unkown
page read and write
29A0000
trusted library allocation
page read and write
30AC000
unkown
page read and write
9450000
unkown
page readonly
B560000
unkown
page read and write
4378000
unkown
page read and write
5CB0000
trusted library allocation
page read and write
7FF502B7F000
unkown
page readonly
810000
unkown
page readonly
29A0000
trusted library allocation
page read and write
BDD5000
unkown
page read and write
936E000
unkown
page read and write
B78F000
stack
page read and write
1660000
heap
page read and write
7FF502FA9000
unkown
page readonly
2A90000
unkown
page readonly
A2F0000
unkown
page read and write
13F0000
heap
page read and write
2D54000
heap
page read and write
7FF50327C000
unkown
page readonly
7089000
unkown
page read and write
7085000
unkown
page read and write
3088000
unkown
page read and write
255A000
stack
page read and write
7FF502EF3000
unkown
page readonly
7470000
unkown
page read and write
92DD000
unkown
page read and write
E912000
unkown
page read and write
7FF502DC3000
unkown
page readonly
7FF503270000
unkown
page readonly
5CB0000
trusted library allocation
page read and write
C091000
unkown
page read and write
7FF502E0A000
unkown
page readonly
7FF50324D000
unkown
page readonly
103EF000
system
page read and write
702D000
unkown
page read and write
BC19000
unkown
page read and write
7FF503108000
unkown
page readonly
9B83000
unkown
page read and write
2585000
trusted library allocation
page read and write
C08D000
unkown
page read and write
7FF5032AF000
unkown
page readonly
7FF502DBC000
unkown
page readonly
7FF4ECBF5000
unkown
page readonly
7FF502F7A000
unkown
page readonly
7FF50334D000
unkown
page readonly
9191000
unkown
page read and write
9191000
unkown
page read and write
30CD000
unkown
page read and write
309D000
unkown
page read and write
6EE6000
unkown
page read and write
A2F0000
unkown
page read and write
6EF3000
unkown
page read and write
29A0000
trusted library allocation
page read and write
7FF503275000
unkown
page readonly
7FF503231000
unkown
page readonly
345E000
direct allocation
page execute and read and write
1E80000
heap
page read and write
701F000
unkown
page read and write
310C000
heap
page read and write
7DF411F01000
unkown
page execute read
7FF503126000
unkown
page readonly
BD6C000
unkown
page read and write
309D000
unkown
page read and write
9C09000
unkown
page read and write
2590000
heap
page read and write
C01000
unkown
page read and write
BC21000
unkown
page read and write
7FF502F86000
unkown
page readonly
36C9000
trusted library allocation
page read and write
9191000
unkown
page read and write
2F56000
heap
page read and write
701F000
unkown
page read and write
E8D0000
unkown
page read and write
7FF502EF7000
unkown
page readonly
9ED000
trusted library allocation
page execute and read and write
74C2000
unkown
page read and write
9A7F000
stack
page read and write
7FF5032F7000
unkown
page readonly
9CF000
stack
page read and write
7DF411ED1000
unkown
page execute read
BEA3000
unkown
page read and write
30AC000
unkown
page read and write
307E000
unkown
page read and write
7FF503335000
unkown
page readonly
5CB0000
trusted library allocation
page read and write
ABCB000
stack
page read and write
C164000
unkown
page read and write
29A0000
trusted library allocation
page read and write
7FF503257000
unkown
page readonly
C16B000
unkown
page read and write
7FF5030AA000
unkown
page readonly
BC30000
unkown
page read and write
2D0B000
stack
page read and write
1410000
heap
page read and write
C055000
unkown
page read and write
7FF502B8B000
unkown
page readonly
96CC000
stack
page read and write
7FF50328F000
unkown
page readonly
7FF50331F000
unkown
page readonly
7FF503151000
unkown
page readonly
BC55000
unkown
page read and write
7FF502D15000
unkown
page readonly
8079000
unkown
page read and write
2E30000
heap
page read and write
44D0000
unkown
page read and write
B590000
heap
page read and write
7FF50317C000
unkown
page readonly
448A000
unkown
page read and write
3591000
direct allocation
page execute and read and write
4CF0000
heap
page read and write
9D6B000
unkown
page read and write
C0FD000
unkown
page read and write
9255000
unkown
page read and write
6E99000
stack
page read and write
3045000
unkown
page read and write
1490000
heap
page read and write
6FDB000
unkown
page read and write
26B0000
heap
page execute and read and write
6FE3000
unkown
page read and write
E30000
unkown
page read and write
7FF5030C9000
unkown
page readonly
449A000
unkown
page read and write
FC72000
unkown
page read and write
7FF503051000
unkown
page readonly
6ED9000
unkown
page read and write
3046000
heap
page read and write
3088000
unkown
page read and write
7580000
unkown
page read and write
7DF411ED1000
unkown
page execute read
BFF4000
unkown
page read and write
E50000
unkown
page readonly
FC7B000
unkown
page read and write
9D60000
unkown
page read and write
7FF502F94000
unkown
page readonly
E80000
heap
page read and write
2C70000
unkown
page readonly
9BAA000
unkown
page read and write
3046000
unkown
page read and write
9092000
unkown
page read and write
99FF000
stack
page read and write
918D000
unkown
page read and write
2F10000
unkown
page readonly
9BF7000
unkown
page read and write
BFAE000
unkown
page read and write
8B5000
stack
page read and write
7FF503167000
unkown
page readonly
2DB0000
unkown
page read and write
30A5000
unkown
page read and write
93F6000
unkown
page read and write
C055000
unkown
page read and write
30AC000
unkown
page read and write
AB30000
heap
page read and write
6ECE000
unkown
page read and write
29A0000
trusted library allocation
page read and write
7FF5032B5000
unkown
page readonly
7FF503287000
unkown
page readonly
7FF5026FF000
unkown
page readonly
7FF503227000
unkown
page readonly
4F70000
trusted library allocation
page execute and read and write
701F000
unkown
page read and write
BE99000
unkown
page read and write
FC36000
unkown
page read and write
707F000
unkown
page read and write
813E000
stack
page read and write
29A0000
trusted library allocation
page read and write
7FF503114000
unkown
page readonly
29A0000
trusted library allocation
page read and write
C18D000
unkown
page read and write
2560000
unkown
page read and write
7FF502D20000
unkown
page readonly
BFB9000
unkown
page read and write
3239000
heap
page read and write
7FF502E3F000
unkown
page readonly
2BDA000
stack
page read and write
2DE0000
unkown
page read and write
2B1E000
stack
page read and write
9CF4000
unkown
page read and write
861000
heap
page read and write
76E0000
unkown
page readonly
BEAF000
unkown
page read and write
7FF502E06000
unkown
page readonly
7DF411F11000
unkown
page execute read
3086000
unkown
page read and write
19A0000
trusted library allocation
page execute and read and write
BFB4000
unkown
page read and write
BC19000
unkown
page read and write
7FF50270A000
unkown
page readonly
7FF502F6F000
unkown
page readonly
C19D000
unkown
page read and write
7FF502D45000
unkown
page readonly
4E49000
unkown
page read and write
7FF50331B000
unkown
page readonly
8000000
unkown
page readonly
7609000
stack
page read and write
7FF503187000
unkown
page readonly
7FF503158000
unkown
page readonly
1400000
heap
page read and write
9E0000
unkown
page read and write
7FF502DF9000
unkown
page readonly
7FF502D6B000
unkown
page readonly
A346000
unkown
page read and write
6FDA000
unkown
page read and write
7FF503032000
unkown
page readonly
1090000
unkown
page readonly
BEA3000
unkown
page read and write
4F90000
trusted library section
page read and write
7FF50326B000
unkown
page readonly
FC36000
unkown
page read and write
30A1000
unkown
page read and write
BC55000
unkown
page read and write
2D54000
heap
page read and write
30CD000
unkown
page read and write
3088000
unkown
page read and write
7FF50308A000
unkown
page readonly
BE14000
unkown
page read and write
DDD0000
unkown
page execute and read and write
9FD000
trusted library allocation
page execute and read and write
BC80000
unkown
page read and write
9416000
unkown
page read and write
7FF503365000
unkown
page readonly
7FF5026F7000
unkown
page readonly
9AFF000
stack
page read and write
E910000
unkown
page read and write
B1BF000
stack
page read and write
189E000
stack
page read and write
7FF502D3E000
unkown
page readonly
831E000
stack
page read and write
E90E000
unkown
page read and write
BEA9000
unkown
page read and write
74B0000
unkown
page read and write
CE0000
trusted library allocation
page read and write
76A0000
unkown
page readonly
BDE0000
unkown
page read and write
9052000
unkown
page read and write
7FF503130000
unkown
page readonly
7FF5030CE000
unkown
page readonly
5C3E000
stack
page read and write
9050000
unkown
page read and write
7FF503335000
unkown
page readonly
A00000
heap
page read and write
7FF50303F000
unkown
page readonly
3091000
unkown
page read and write
BF2E000
unkown
page read and write
9C8A000
unkown
page read and write
7FF502DCF000
unkown
page readonly
308F000
unkown
page read and write
447A000
unkown
page read and write
AB30000
heap
page read and write
A34D000
unkown
page read and write
7DF411EE0000
unkown
page readonly
BC15000
unkown
page read and write
B237000
stack
page read and write
BDCD000
unkown
page read and write
B549000
stack
page read and write
4DB1000
unkown
page read and write
A98F000
stack
page read and write
BDE0000
unkown
page read and write
2D54000
heap
page read and write
FC3B000
unkown
page read and write
7FF502E53000
unkown
page readonly
7FF503118000
unkown
page readonly
4FF0000
heap
page read and write
80F000
heap
page read and write
B33A000
stack
page read and write
4435000
unkown
page read and write
7FF502C8C000
unkown
page readonly
9193000
unkown
page read and write
2560000
unkown
page read and write
7FF502E0D000
unkown
page readonly
4E33000
unkown
page read and write
9BE6000
unkown
page read and write
7FF502291000
unkown
page readonly
8100000
unkown
page readonly
BDC7000
unkown
page read and write
9BCB000
unkown
page read and write
7FF502EE3000
unkown
page readonly
ABD0000
unkown
page read and write
B580000
unkown
page read and write
7710000
unkown
page readonly
1DF9000
unclassified section
page execute and read and write
2BC0000
heap
page read and write
9F3000
trusted library allocation
page read and write
7FF502D61000
unkown
page readonly
7FF5031C3000
unkown
page readonly
BDCD000
unkown
page read and write
9D0000
unkown
page read and write
BA0E000
stack
page read and write
90BD000
unkown
page read and write
7FF503347000
unkown
page readonly
7548000
stack
page read and write
9237000
unkown
page read and write
931A000
unkown
page read and write
7FF502EBB000
unkown
page readonly
7FF503187000
unkown
page readonly
720000
heap
page read and write
7FF502EC9000
unkown
page readonly
2EF2000
stack
page read and write
6C0000
heap
page read and write
7FF503216000
unkown
page readonly
7FF502DC0000
unkown
page readonly
8D48000
stack
page read and write
4370000
unkown
page read and write
5CB0000
trusted library allocation
page read and write
7FF5030E4000
unkown
page readonly
A0A000
trusted library allocation
page execute and read and write
EA50000
heap
page read and write
BE1C000
unkown
page read and write
7FF5031BC000
unkown
page readonly
1D40000
unclassified section
page execute and read and write
7FF503227000
unkown
page readonly
BEE6000
unkown
page read and write
6FE3000
unkown
page read and write
3067000
unkown
page read and write
3765000
trusted library allocation
page read and write
AF7F000
stack
page read and write
7FF502B7B000
unkown
page readonly
9CF6000
unkown
page read and write
C1AF000
unkown
page read and write
7FF5032EB000
unkown
page readonly
919F000
unkown
page read and write
2F23000
heap
page read and write
5CB0000
trusted library allocation
page read and write
BC30000
unkown
page read and write
9C2C000
unkown
page read and write
A32F000
unkown
page read and write
9D6B000
unkown
page read and write
43EA000
unkown
page read and write
141000
unkown
page readonly
37B3000
trusted library allocation
page read and write
43B4000
unkown
page read and write
7FF5031B0000
unkown
page readonly
7FF502C2E000
unkown
page readonly
3091000
unkown
page read and write
295E000
stack
page read and write
918D000
unkown
page read and write
BDF0000
unkown
page read and write
BDD5000
unkown
page read and write
8889000
stack
page read and write
3CFF000
unclassified section
page read and write
9B87000
unkown
page read and write
BBE8000
unkown
page read and write
7FF503326000
unkown
page readonly
BEF6000
unkown
page read and write
30F0000
heap
page read and write
7FF50270A000
unkown
page readonly
4378000
unkown
page read and write
101F6000
system
page read and write
7FF502D33000
unkown
page readonly
FBB4000
unkown
page read and write
80F0000
unkown
page readonly
9BE6000
unkown
page read and write
383D000
unclassified section
page read and write
7560000
unkown
page readonly
BDF5000
unkown
page read and write
4FB0000
trusted library allocation
page read and write
7FF502D00000
unkown
page readonly
309D000
unkown
page read and write
7FF50334D000
unkown
page readonly
7FF502DD1000
unkown
page readonly
7FF502D18000
unkown
page readonly
5280000
trusted library allocation
page execute and read and write
9052000
unkown
page read and write
76E000
stack
page read and write
2AC0000
unkown
page readonly
5230000
heap
page read and write
7FF503360000
unkown
page readonly
77FE000
stack
page read and write
29A0000
trusted library allocation
page read and write
7DF411F01000
unkown
page execute read
7FF5032EB000
unkown
page readonly
BE14000
unkown
page read and write
FC89000
unkown
page read and write
9C8A000
unkown
page read and write
A28000
heap
page read and write
9B9F000
unkown
page read and write
4E30000
trusted library allocation
page read and write
91DE000
unkown
page read and write
9330000
unkown
page read and write
29A0000
trusted library allocation
page read and write
C0EA000
unkown
page read and write
3100000
trusted library allocation
page execute and read and write
7FF4ECBF5000
unkown
page readonly
4D00000
unkown
page write copy
3091000
unkown
page read and write
7FF5032FE000
unkown
page readonly
AF7F000
stack
page read and write
7FF502F86000
unkown
page readonly
447A000
unkown
page read and write
7FF502EB7000
unkown
page readonly
9D03000
unkown
page read and write
9237000
unkown
page read and write
6ECB000
unkown
page read and write
7FF4ECBEF000
unkown
page readonly
1D60000
unclassified section
page execute and read and write
A34A000
unkown
page read and write
5270000
trusted library allocation
page read and write
B70B000
stack
page read and write
7FF502B9A000
unkown
page readonly
7FF50310B000
unkown
page readonly
7FF502D8F000
unkown
page readonly
90BD000
unkown
page read and write
2D54000
heap
page read and write
E918000
unkown
page read and write
9255000
unkown
page read and write
3099000
unkown
page read and write
29A0000
trusted library allocation
page read and write
B5E000
stack
page read and write
BBFA000
unkown
page read and write
7FF50308A000
unkown
page readonly
4435000
unkown
page read and write
7FF5032AF000
unkown
page readonly
9CF2000
unkown
page read and write
8040000
unkown
page readonly
2DBE000
unkown
page read and write
7FF502C9D000
unkown
page readonly
7FF5032F7000
unkown
page readonly
7FF502C4B000
unkown
page readonly
9C09000
unkown
page read and write
32BE000
stack
page read and write
936E000
unkown
page read and write
BBE8000
unkown
page read and write
BDA9000
unkown
page read and write
936A000
unkown
page read and write
BEA3000
unkown
page read and write
7FF502FA9000
unkown
page readonly
7FF503235000
unkown
page readonly
30A5000
unkown
page read and write
FC3B000
unkown
page read and write
32C0000
direct allocation
page execute and read and write
8A49000
stack
page read and write
BC27000
unkown
page read and write
439B000
unkown
page read and write
BCB4000
unkown
page read and write
30A3000
unkown
page read and write
7FF503277000
unkown
page readonly
7609000
stack
page read and write
FC72000
unkown
page read and write
7FF50324D000
unkown
page readonly
6F30000
unkown
page read and write
3067000
unkown
page read and write
E85000
heap
page read and write
CF0000
heap
page read and write
2A59000
stack
page read and write
7DE000
heap
page read and write
2DF0000
unkown
page read and write
4B2D000
trusted library allocation
page read and write
9D03000
unkown
page read and write
BEA9000
unkown
page read and write
7FF502DB8000
unkown
page readonly
BDCB000
unkown
page read and write
7FF502EE3000
unkown
page readonly
7C0000
system
page execute and read and write
7FF503365000
unkown
page readonly
3010000
unkown
page read and write
309F000
unkown
page read and write
7FF50317C000
unkown
page readonly
7FF50301B000
unkown
page readonly
76E0000
unkown
page readonly
2DB0000
unkown
page read and write
308F000
unkown
page read and write
28BC000
stack
page read and write
9D03000
unkown
page read and write
9CCF000
unkown
page read and write
8079000
unkown
page read and write
E8F0000
unkown
page read and write
1041D000
system
page read and write
A7ED000
stack
page read and write
BEA9000
unkown
page read and write
B70B000
stack
page read and write
2D54000
heap
page read and write
A8EA000
stack
page read and write
7FF502E43000
unkown
page readonly
7FF503020000
unkown
page readonly
6EB0000
unkown
page read and write
7FF503161000
unkown
page readonly
30CD000
unkown
page read and write
9CEA000
unkown
page read and write
2D54000
heap
page read and write
199F000
stack
page read and write
8610000
unkown
page read and write
7FF50331F000
unkown
page readonly
7FF502D48000
unkown
page readonly
7FF5026F7000
unkown
page readonly
EA5A000
heap
page read and write
577000
stack
page read and write
E8DC000
unkown
page read and write
7FF503360000
unkown
page readonly
C60000
unkown
page readonly
7FF502E3F000
unkown
page readonly
7FF502D70000
unkown
page readonly
A20000
heap
page read and write
2BA0000
heap
page read and write
3240000
trusted library allocation
page read and write
2593000
heap
page read and write
6E95000
stack
page read and write
BDA9000
unkown
page read and write
B5E0000
unkown
page read and write
29A0000
trusted library allocation
page read and write
A36F000
unkown
page read and write
891000
heap
page read and write
7FF502D68000
unkown
page readonly
A373000
unkown
page read and write
30AC000
unkown
page read and write
BDA9000
unkown
page read and write
7FF502D91000
unkown
page readonly
811000
heap
page read and write
B237000
stack
page read and write
7FF503189000
unkown
page readonly
4B1E000
trusted library allocation
page read and write
7FF503130000
unkown
page readonly
9B9F000
unkown
page read and write
7FF50312D000
unkown
page readonly
E934000
unkown
page read and write
7C4000
system
page execute and read and write
79DE000
stack
page read and write
7FF502EF3000
unkown
page readonly
BE96000
unkown
page read and write
91FB000
unkown
page read and write
BDF5000
unkown
page read and write
7FF502F96000
unkown
page readonly
C1AB000
unkown
page read and write
2D54000
heap
page read and write
9330000
unkown
page read and write
7FF5030C4000
unkown
page readonly
7FF5031BC000
unkown
page readonly
2D54000
heap
page read and write
91A7000
unkown
page read and write
977E000
stack
page read and write
29A0000
trusted library allocation
page read and write
BEAF000
unkown
page read and write
C01000
unkown
page read and write
7FF502D04000
unkown
page readonly
2D54000
heap
page read and write
BC5C000
unkown
page read and write
6FE3000
unkown
page read and write
701C000
unkown
page read and write
7FF503206000
unkown
page readonly
30B4000
unkown
page read and write
7480000
unkown
page read and write
BE99000
unkown
page read and write
7560000
unkown
page readonly
2DC0000
unkown
page read and write
8A5000
heap
page read and write
C094000
unkown
page read and write
4F80000
trusted library allocation
page execute and read and write
7FF502EB7000
unkown
page readonly
BEA3000
unkown
page read and write
4431000
unkown
page read and write
7FF5030B4000
unkown
page readonly
A20000
heap
page read and write
7FF5030E6000
unkown
page readonly
BB0E000
stack
page read and write
6FDA000
unkown
page read and write
6EE6000
unkown
page read and write
B549000
stack
page read and write
9416000
unkown
page read and write
7FF502FA2000
unkown
page readonly
7370000
unkown
page read and write
B33A000
stack
page read and write
6ED7000
unkown
page read and write
2D54000
heap
page read and write
9364000
unkown
page read and write
7FF502D1B000
unkown
page readonly
4405000
unkown
page read and write
BE96000
unkown
page read and write
7DA000
heap
page read and write
58F0000
trusted library allocation
page read and write
7FF503245000
unkown
page readonly
4FE0000
heap
page read and write
BF7A000
unkown
page read and write
BA6000
stack
page read and write
29A0000
trusted library allocation
page read and write
2D54000
heap
page read and write
2711000
trusted library allocation
page read and write
BDE0000
unkown
page read and write
9CEA000
unkown
page read and write
7FF502CFA000
unkown
page readonly
BF2E000
unkown
page read and write
C5F000
stack
page read and write
7FF503347000
unkown
page readonly
7FF5030FF000
unkown
page readonly
4463000
unkown
page read and write
E30000
unkown
page read and write
7FF502FB4000
unkown
page readonly
B5A1000
unkown
page read and write
E90D000
unkown
page read and write
7FF5030A5000
unkown
page readonly
309F000
unkown
page read and write
A17000
trusted library allocation
page execute and read and write
7FF502E62000
unkown
page readonly
9C09000
unkown
page read and write
7FF503006000
unkown
page readonly
7FF502F22000
unkown
page readonly
7FF503010000
unkown
page readonly
1AE9000
direct allocation
page execute and read and write
7FF502D84000
unkown
page readonly
9BE6000
unkown
page read and write
9330000
unkown
page read and write
7FF5030C4000
unkown
page readonly
30AC000
unkown
page read and write
33ED000
direct allocation
page execute and read and write
9BDE000
unkown
page read and write
7610000
unkown
page readonly
2D54000
heap
page read and write
7480000
unkown
page read and write
7FF502E9C000
unkown
page readonly
7FF502DAD000
unkown
page readonly
9CF4000
unkown
page read and write
1C71000
direct allocation
page execute and read and write
2D54000
heap
page read and write
2A59000
stack
page read and write
BC08000
unkown
page read and write
936E000
unkown
page read and write
6F33000
unkown
page read and write
9D0D000
unkown
page read and write
7FF5030A3000
unkown
page readonly
7FF503298000
unkown
page readonly
C0FD000
unkown
page read and write
5E0000
heap
page read and write
9BDE000
unkown
page read and write
C094000
unkown
page read and write
7FF503368000
unkown
page readonly
BD6C000
unkown
page read and write
B5D0000
unkown
page readonly
7FF502D00000
unkown
page readonly
185F000
stack
page read and write
9BF7000
unkown
page read and write
4398000
unkown
page read and write
7FF502B5C000
unkown
page readonly
44B0000
unkown
page read and write
DED0000
system
page execute and read and write
9E0000
trusted library allocation
page read and write
7FF502FB7000
unkown
page readonly
FBF3000
unkown
page read and write
BEAF000
unkown
page read and write
7FF503333000
unkown
page readonly
BE14000
unkown
page read and write
382E000
unclassified section
page read and write
4463000
unkown
page read and write
308F000
unkown
page read and write
76A0000
unkown
page readonly
52A0000
trusted library allocation
page read and write
7086000
unkown
page read and write
2590000
heap
page read and write
FC89000
unkown
page read and write
9B70000
unkown
page read and write
308F000
unkown
page read and write
7FF502F6A000
unkown
page readonly
7FF502C30000
unkown
page readonly
30A3000
unkown
page read and write
BE1C000
unkown
page read and write
7FF503158000
unkown
page readonly
AAA0000
unkown
page readonly
5D3E000
stack
page read and write
7DF411EF1000
unkown
page execute read
1090000
unkown
page readonly
9BAA000
unkown
page read and write
295E000
stack
page read and write
7FF50328B000
unkown
page readonly
29A0000
trusted library allocation
page read and write
2D54000
heap
page read and write
9F1000
unkown
page readonly
7FF503245000
unkown
page readonly
7F7000
heap
page read and write
7FF502CCE000
unkown
page readonly
BDD5000
unkown
page read and write
30A1000
unkown
page read and write
7FF503175000
unkown
page readonly
7840000
unkown
page read and write
4402000
unkown
page read and write
7FF50318B000
unkown
page readonly
7490000
unkown
page read and write
7FF5032C8000
unkown
page readonly
2DF0000
unkown
page read and write
6F0F000
unkown
page read and write
BC15000
unkown
page read and write
2E30000
heap
page read and write
6FBF000
unkown
page read and write
7FF5031AD000
unkown
page readonly
931A000
unkown
page read and write
2A90000
unkown
page readonly
3046000
unkown
page read and write
30A5000
unkown
page read and write
8B5000
stack
page read and write
A368000
unkown
page read and write
6F09000
unkown
page read and write
9BA2000
unkown
page read and write
BE1C000
unkown
page read and write
A50000
heap
page read and write
7470000
unkown
page read and write
8E0000
unkown
page readonly
9D0000
unkown
page read and write
4E2E000
stack
page read and write
C00A000
unkown
page read and write
3088000
unkown
page read and write
BDC7000
unkown
page read and write
2E2A000
heap
page read and write
7FF50303F000
unkown
page readonly
7FF502D18000
unkown
page readonly
9416000
unkown
page read and write
7FF502E8F000
unkown
page readonly
7FF503110000
unkown
page readonly
7FF502D1B000
unkown
page readonly
7FF502F8A000
unkown
page readonly
9BCB000
unkown
page read and write
9BAA000
unkown
page read and write
BDC7000
unkown
page read and write
E8D0000
unkown
page read and write
9D58000
unkown
page read and write
6EC0000
unkown
page read and write
7FF502DAD000
unkown
page readonly
7FF503239000
unkown
page readonly
3602000
direct allocation
page execute and read and write
7FF502DDC000
unkown
page readonly
BC0C000
unkown
page read and write
309D000
unkown
page read and write
449A000
unkown
page read and write
6EE4000
unkown
page read and write
7FF502D65000
unkown
page readonly
6FBF000
unkown
page read and write
7550000
unkown
page read and write
7FF5032F2000
unkown
page readonly
1E6D000
trusted library allocation
page execute and read and write
7FF502C4B000
unkown
page readonly
7FF50326B000
unkown
page readonly
5BD000
stack
page read and write
9BAA000
unkown
page read and write
2E2F000
heap
page read and write
3082000
unkown
page read and write
3717000
trusted library allocation
page read and write
7FF502F49000
unkown
page readonly
7DF411EF0000
unkown
page readonly
90BD000
unkown
page read and write
800000
unkown
page readonly
BA8B000
stack
page read and write
36C1000
trusted library allocation
page read and write
7FF502B75000
unkown
page readonly
7FF502D68000
unkown
page readonly
7FF50318B000
unkown
page readonly
9CCF000
unkown
page read and write
3091000
unkown
page read and write
E910000
unkown
page read and write
7630000
unkown
page readonly
9C2C000
unkown
page read and write
B590000
heap
page read and write
9220000
unkown
page read and write
6FDA000
unkown
page read and write
4BA0000
trusted library allocation
page read and write
BC21000
unkown
page read and write
C105000
unkown
page read and write
6ED0000
unkown
page read and write
9CF2000
unkown
page read and write
7FF503206000
unkown
page readonly
BFF4000
unkown
page read and write
9450000
unkown
page readonly
964E000
stack
page read and write
2D54000
heap
page read and write
9B8A000
unkown
page read and write
A76B000
stack
page read and write
7DF411ED0000
unkown
page readonly
BE99000
unkown
page read and write
9255000
unkown
page read and write
ABD0000
unkown
page read and write
7FF502CF5000
unkown
page readonly
7FF502D84000
unkown
page readonly
97F9000
stack
page read and write
BDE0000
unkown
page read and write
704B000
unkown
page read and write
7FF5031DA000
unkown
page readonly
2590000
heap
page read and write
2D50000
heap
page read and write
7FF50332C000
unkown
page readonly
29A0000
trusted library allocation
page read and write
93F6000
unkown
page read and write
9BE6000
unkown
page read and write
6ED7000
unkown
page read and write
2A60000
unkown
page readonly
704E000
unkown
page read and write
BFB9000
unkown
page read and write
9CF6000
unkown
page read and write
4398000
unkown
page read and write
7FF502E0A000
unkown
page readonly
7FF503129000
unkown
page readonly
6EC0000
unkown
page read and write
7800000
unkown
page read and write
920000
heap
page read and write
B09B000
stack
page read and write
702D000
unkown
page read and write
7630000
unkown
page readonly
7FF503239000
unkown
page readonly
80D1000
unkown
page read and write
7DF411EE1000
unkown
page execute read
AF80000
unkown
page read and write
3082000
unkown
page read and write
9BE3000
unkown
page read and write
7FF502DC8000
unkown
page readonly
3067000
unkown
page read and write
29A0000
trusted library allocation
page read and write
4FD0000
trusted library allocation
page read and write
14AA000
heap
page read and write
7FF502F4B000
unkown
page readonly
8FE000
stack
page read and write
B78F000
stack
page read and write
7FF503151000
unkown
page readonly
43B0000
unkown
page read and write
93F6000
unkown
page read and write
A368000
unkown
page read and write
BE1C000
unkown
page read and write
2BCC000
heap
page read and write
7FF502B88000
unkown
page readonly
9C8A000
unkown
page read and write
A12000
trusted library allocation
page read and write
7FF5032DF000
unkown
page readonly
84DE000
stack
page read and write
2D54000
heap
page read and write
30B4000
unkown
page read and write
43FD000
unkown
page read and write
A34D000
unkown
page read and write
29A0000
trusted library allocation
page read and write
9D01000
unkown
page read and write
BE96000
unkown
page read and write
C0FE000
unkown
page read and write
2DE0000
unkown
page read and write
E3CF000
stack
page read and write
5CB0000
trusted library allocation
page read and write
3091000
unkown
page read and write
9416000
unkown
page read and write
7FF503277000
unkown
page readonly
7FF502E53000
unkown
page readonly
9058000
unkown
page read and write
931A000
unkown
page read and write
9BF7000
unkown
page read and write
921D000
unkown
page read and write
9050000
unkown
page read and write
A00000
trusted library allocation
page read and write
30A5000
unkown
page read and write
BFB4000
unkown
page read and write
7FF503326000
unkown
page readonly
2D54000
heap
page read and write
7FF5031FF000
unkown
page readonly
A7ED000
stack
page read and write
A36D000
unkown
page read and write
2DC0000
unkown
page read and write
7FF503055000
unkown
page readonly
257F000
trusted library allocation
page read and write
7FF503087000
unkown
page readonly
BDF0000
unkown
page read and write
4E49000
unkown
page read and write
7FF5032EE000
unkown
page readonly
919F000
unkown
page read and write
C055000
unkown
page read and write
7A60000
unkown
page read and write
FBF3000
unkown
page read and write
7FF5031DA000
unkown
page readonly
BC80000
unkown
page read and write
EA5A000
heap
page read and write
B009000
stack
page read and write
3086000
unkown
page read and write
9D58000
unkown
page read and write
2D54000
heap
page read and write
7FF502E8F000
unkown
page readonly
BE96000
unkown
page read and write
B1B000
heap
page read and write
3240000
trusted library allocation
page read and write
BDCD000
unkown
page read and write
7FF5026FF000
unkown
page readonly
7FF503185000
unkown
page readonly
7FF502D10000
unkown
page readonly
58EE000
stack
page read and write
7FF502DB8000
unkown
page readonly
9364000
unkown
page read and write
7FF502F6F000
unkown
page readonly
EA50000
heap
page read and write
BDCD000
unkown
page read and write
7FF502DC0000
unkown
page readonly
7FF502EF7000
unkown
page readonly
7FF502E0D000
unkown
page readonly
6F30000
unkown
page read and write
E3CF000
stack
page read and write
7FF503087000
unkown
page readonly
7610000
unkown
page readonly
7FF502D41000
unkown
page readonly
147F000
unclassified section
page execute and read and write
4FA0000
trusted library section
page read and write
E90000
unkown
page readonly
6E15000
stack
page read and write
29D9000
stack
page read and write
358D000
direct allocation
page execute and read and write
108DF000
system
page read and write
77FE000
stack
page read and write
79DE000
stack
page read and write
819F000
stack
page read and write
C064000
unkown
page read and write
B5F0000
unkown
page readonly
A34A000
unkown
page read and write
7FF503231000
unkown
page readonly
7FF503235000
unkown
page readonly
7FF50331B000
unkown
page readonly
309F000
unkown
page read and write
2D54000
heap
page read and write
29A0000
trusted library allocation
page read and write
7FF502CF2000
unkown
page readonly
7FF502F4B000
unkown
page readonly
BDD5000
unkown
page read and write
B11B000
stack
page read and write
BE96000
unkown
page read and write
7FF502CF5000
unkown
page readonly
7FF502D91000
unkown
page readonly
6EE1000
unkown
page read and write
7FF5030D9000
unkown
page readonly
A86E000
stack
page read and write
7FF50301B000
unkown
page readonly
7FF5031B7000
unkown
page readonly
BCB4000
unkown
page read and write
7FF503108000
unkown
page readonly
2AA0000
unkown
page read and write
831E000
stack
page read and write
7FF502D70000
unkown
page readonly
9092000
unkown
page read and write
9CF6000
unkown
page read and write
9D54000
unkown
page read and write
2593000
heap
page read and write
A8EA000
stack
page read and write
91FB000
unkown
page read and write
C152000
unkown
page read and write
7FF503195000
unkown
page readonly
702D000
unkown
page read and write
EA52000
heap
page read and write
9C2C000
unkown
page read and write
7FF5032CF000
unkown
page readonly
2F20000
heap
page read and write
B560000
unkown
page read and write
30A1000
unkown
page read and write
8E0000
unkown
page readonly
7FF502F7A000
unkown
page readonly
9CF4000
unkown
page read and write
3030000
unkown
page read and write
9D6B000
unkown
page read and write
817E000
stack
page read and write
96CC000
stack
page read and write
29A0000
trusted library allocation
page read and write
7D0000
heap
page read and write
80D1000
unkown
page read and write
29A0000
trusted library allocation
page read and write
6ED9000
unkown
page read and write
BBB0000
unkown
page read and write
147B000
unclassified section
page execute and read and write
7FF503020000
unkown
page readonly
7FF502F8A000
unkown
page readonly
2E25000
heap
page read and write
3099000
unkown
page read and write
9B83000
unkown
page read and write
E44E000
stack
page read and write
3029000
unkown
page read and write
380F000
unclassified section
page read and write
2E79000
stack
page read and write
7FF502F66000
unkown
page readonly
7FF50316E000
unkown
page readonly
44B0000
unkown
page read and write
7DF411ED0000
unkown
page readonly
7FF50316E000
unkown
page readonly
2D54000
heap
page read and write
91A7000
unkown
page read and write
3021000
heap
page read and write
7FF5032C2000
unkown
page readonly
701D000
unkown
page read and write
C170000
unkown
page read and write
7FF502E60000
unkown
page readonly
7FF502E06000
unkown
page readonly
BDC7000
unkown
page read and write
7FF503126000
unkown
page readonly
6F09000
unkown
page read and write
7FF5032CF000
unkown
page readonly
7FF502D29000
unkown
page readonly
E918000
unkown
page read and write
1460000
unclassified section
page execute and read and write
8000000
unkown
page readonly
7DF411EF1000
unkown
page execute read
C184000
unkown
page read and write
90DA000
unkown
page read and write
7FF502E5E000
unkown
page readonly
6F33000
unkown
page read and write
1D08000
direct allocation
page execute and read and write
A36C000
unkown
page read and write
9F0000
trusted library allocation
page read and write
30A1000
unkown
page read and write
DF27000
system
page execute and read and write
6EE4000
unkown
page read and write
7620000
unkown
page readonly
74B0000
unkown
page read and write
4D00000
unkown
page write copy
9330000
unkown
page read and write
7FF503287000
unkown
page readonly
BDA9000
unkown
page read and write
8610000
unkown
page read and write
BFAE000
unkown
page read and write
7FF502DB3000
unkown
page readonly
E902000
unkown
page read and write
BEE8000
unkown
page read and write
8559000
stack
page read and write
7FF502DF9000
unkown
page readonly
6FDA000
unkown
page read and write
7FF5030D9000
unkown
page readonly
9D58000
unkown
page read and write
6ECE000
unkown
page read and write
7FF502D6B000
unkown
page readonly
29A0000
trusted library allocation
page read and write
7FF5032A5000
unkown
page readonly
4402000
unkown
page read and write
9BA2000
unkown
page read and write
7A58000
stack
page read and write
9D0D000
unkown
page read and write
2540000
heap
page read and write
C102000
unkown
page read and write
7370000
unkown
page read and write
7FF50310B000
unkown
page readonly
702D000
unkown
page read and write
7FF503161000
unkown
page readonly
3067000
unkown
page read and write
8440000
unkown
page read and write
AA8E000
stack
page read and write
919C000
unkown
page read and write
441E000
stack
page read and write
4DB1000
unkown
page read and write
9D0D000
unkown
page read and write
2B58000
stack
page read and write
853E000
stack
page read and write
9B8A000
unkown
page read and write
2C5A000
stack
page read and write
7FF502E5E000
unkown
page readonly
7FF502DB3000
unkown
page readonly
BBFA000
unkown
page read and write
30A3000
unkown
page read and write
4F4F000
stack
page read and write
E904000
unkown
page read and write
BA8B000
stack
page read and write
7FFB000
stack
page read and write
7FF502DCF000
unkown
page readonly
7FF502F6A000
unkown
page readonly
309F000
unkown
page read and write
7FF503118000
unkown
page readonly
2F21000
heap
page read and write
BDE0000
unkown
page read and write
30A1000
unkown
page read and write
7FF5030EF000
unkown
page readonly
9C8A000
unkown
page read and write
7FF502D61000
unkown
page readonly
9D60000
unkown
page read and write
A1B000
trusted library allocation
page execute and read and write
7FF502D29000
unkown
page readonly
8F0000
heap
page read and write
B2BA000
stack
page read and write
3086000
unkown
page read and write
7FF502B7B000
unkown
page readonly
9CF4000
unkown
page read and write
2560000
trusted library allocation
page read and write
32AA000
heap
page read and write
7FF5031C3000
unkown
page readonly
2D54000
heap
page read and write
7FF503270000
unkown
page readonly
9D01000
unkown
page read and write
7710000
unkown
page readonly
2D54000
heap
page read and write
8F0000
heap
page read and write
7FF5030CE000
unkown
page readonly
43AC000
unkown
page read and write
7FF503354000
unkown
page readonly
BCB7000
unkown
page read and write
31A0000
trusted library allocation
page execute and read and write
7FF503006000
unkown
page readonly
4B1B000
trusted library allocation
page read and write
4405000
unkown
page read and write
8100000
unkown
page readonly
BBFA000
unkown
page read and write
7FF502CCE000
unkown
page readonly
9D6B000
unkown
page read and write
122000
unkown
page readonly
7088000
unkown
page read and write
2D54000
heap
page read and write
1B5E000
direct allocation
page execute and read and write
269F000
stack
page read and write
A36C000
unkown
page read and write
BD6C000
unkown
page read and write
2D54000
heap
page read and write
2C80000
unkown
page readonly
7FF5032DB000
unkown
page readonly
C170000
unkown
page read and write
30B4000
unkown
page read and write
7FF5032EE000
unkown
page readonly
C0EA000
unkown
page read and write
92DF000
unkown
page read and write
BD6C000
unkown
page read and write
FC7B000
unkown
page read and write
878D000
stack
page read and write
A368000
unkown
page read and write
BEA9000
unkown
page read and write
2D54000
heap
page read and write
9092000
unkown
page read and write
7FF502C30000
unkown
page readonly
7FF50328F000
unkown
page readonly
B1B000
heap
page read and write
43B0000
unkown
page read and write
7FF502EC2000
unkown
page readonly
9BCB000
unkown
page read and write
44D0000
unkown
page read and write
7FF502DD3000
unkown
page readonly
7FF50302D000
unkown
page readonly
AF80000
unkown
page read and write
863F000
stack
page read and write
6FBF000
unkown
page read and write
24A8000
trusted library allocation
page read and write
BB0E000
stack
page read and write
E901000
unkown
page read and write
7086000
unkown
page read and write
80F0000
unkown
page readonly
9D0D000
unkown
page read and write
29A0000
trusted library allocation
page read and write
2D54000
heap
page read and write
2EF0000
stack
page read and write
7FF5030DE000
unkown
page readonly
309D000
unkown
page read and write
14F000
unkown
page readonly
7FF503216000
unkown
page readonly
2F10000
unkown
page readonly
997F000
stack
page read and write
9CF6000
unkown
page read and write
B68C000
stack
page read and write
33E9000
direct allocation
page execute and read and write
2D54000
heap
page read and write
9BCB000
unkown
page read and write
E931000
unkown
page read and write
7FF502B54000
unkown
page readonly
7FF502F9F000
unkown
page readonly
7FF502FA2000
unkown
page readonly
2C80000
unkown
page readonly
30CD000
unkown
page read and write
7FF5030A3000
unkown
page readonly
919C000
unkown
page read and write
9CCF000
unkown
page read and write
120000
unkown
page readonly
7FF502B93000
unkown
page readonly
26A0000
trusted library allocation
page read and write
2DA0000
unkown
page readonly
7AE000
stack
page read and write
821B000
stack
page read and write
2D54000
heap
page read and write
7DF411EE0000
unkown
page readonly
6F33000
unkown
page read and write
7FF503010000
unkown
page readonly
7FF5032C8000
unkown
page readonly
BE14000
unkown
page read and write
919F000
unkown
page read and write
7FF502FAF000
unkown
page readonly
7A60000
unkown
page read and write
4B26000
trusted library allocation
page read and write
3082000
unkown
page read and write
9A7F000
stack
page read and write
7FF5030EF000
unkown
page readonly
1040E000
system
page read and write
7FF503175000
unkown
page readonly
7FF4ECBEF000
unkown
page readonly
2D54000
heap
page read and write
997F000
stack
page read and write
2BDA000
stack
page read and write
29A0000
trusted library allocation
page read and write
7FF503110000
unkown
page readonly
6ED0000
unkown
page read and write
7720000
unkown
page readonly
7FF5032BD000
unkown
page readonly
BC27000
unkown
page read and write
9237000
unkown
page read and write
29A0000
trusted library allocation
page read and write
BEF6000
unkown
page read and write
BC27000
unkown
page read and write
977D000
stack
page read and write
2EF0000
stack
page read and write
7FF5030AA000
unkown
page readonly
7FF502E02000
unkown
page readonly
E901000
unkown
page read and write
9BE3000
unkown
page read and write
7490000
unkown
page read and write
95C4000
unkown
page read and write
BFEE000
unkown
page read and write
795D000
stack
page read and write
91DE000
unkown
page read and write
7FF50335D000
unkown
page readonly
7FF503032000
unkown
page readonly
2570000
trusted library allocation
page read and write
29A0000
trusted library allocation
page read and write
BC0C000
unkown
page read and write
74C2000
unkown
page read and write
448A000
unkown
page read and write
7FF5032C2000
unkown
page readonly
7FF502F47000
unkown
page readonly
6FE3000
unkown
page read and write
BC80000
unkown
page read and write
304E000
heap
page read and write
9E3000
trusted library allocation
page execute and read and write
BF7A000
unkown
page read and write
BDF0000
unkown
page read and write
9CF2000
unkown
page read and write
7FF502CFA000
unkown
page readonly
2ADE000
unkown
page read and write
7082000
unkown
page read and write
C06B000
unkown
page read and write
91A7000
unkown
page read and write
7FF5031E8000
unkown
page readonly
7FF5032D7000
unkown
page readonly
BCB7000
unkown
page read and write
29A0000
trusted library allocation
page read and write
906A000
unkown
page read and write
7FF502B6E000
unkown
page readonly
7FF503368000
unkown
page readonly
A98F000
stack
page read and write
833E000
stack
page read and write
95C4000
unkown
page read and write
FCB4000
unkown
page read and write
2D54000
heap
page read and write
7800000
unkown
page read and write
725000
heap
page read and write
7FF502D10000
unkown
page readonly
138B000
stack
page read and write
AA8D000
stack
page read and write
7FF503155000
unkown
page readonly
7FF5030FF000
unkown
page readonly
43AC000
unkown
page read and write
AAA0000
unkown
page readonly
7FF502DD3000
unkown
page readonly
A32F000
unkown
page read and write
4431000
unkown
page read and write
BC08000
unkown
page read and write
7FF50332C000
unkown
page readonly
E931000
unkown
page read and write
7FF503055000
unkown
page readonly
DF17000
system
page execute and read and write
5290000
trusted library allocation
page read and write
FCF0000
unkown
page read and write
7FF5032F2000
unkown
page readonly
7FF5032B5000
unkown
page readonly
7FF502B9A000
unkown
page readonly
819F000
stack
page read and write
BDF5000
unkown
page read and write
7FF502EC2000
unkown
page readonly
9D54000
unkown
page read and write
7FF502D15000
unkown
page readonly
29A0000
trusted library allocation
page read and write
7FF5032C0000
unkown
page readonly
BFEE000
unkown
page read and write
9193000
unkown
page read and write
701F000
unkown
page read and write
307E000
unkown
page read and write
EA52000
heap
page read and write
2D10000
trusted library allocation
page read and write
BDCD000
unkown
page read and write
87D000
heap
page read and write
7FF502DC8000
unkown
page readonly
7FF502F2C000
unkown
page readonly
1AED000
direct allocation
page execute and read and write
E912000
unkown
page read and write
9D54000
unkown
page read and write
29A0000
trusted library allocation
page read and write
918D000
unkown
page read and write
7FF502CD4000
unkown
page readonly
2E20000
heap
page read and write
4B0B000
trusted library allocation
page read and write
2C70000
unkown
page readonly
BC30000
unkown
page read and write
7FF50323B000
unkown
page readonly
9BE3000
unkown
page read and write
BDCB000
unkown
page read and write
8040000
unkown
page readonly
ABCB000
stack
page read and write
7FF5032D7000
unkown
page readonly
30A3000
unkown
page read and write
701C000
unkown
page read and write
9CCF000
unkown
page read and write
E910000
unkown
page read and write
7FF502D41000
unkown
page readonly
7FF502D25000
unkown
page readonly
7FF503114000
unkown
page readonly
BDF5000
unkown
page read and write
9237000
unkown
page read and write
7550000
unkown
page read and write
7FF502D48000
unkown
page readonly
919C000
unkown
page read and write
7580000
unkown
page read and write
7FF503129000
unkown
page readonly
E912000
unkown
page read and write
7FF502C2E000
unkown
page readonly
7FF502F47000
unkown
page readonly
CDC000
stack
page read and write
6FBF000
unkown
page read and write
702D000
unkown
page read and write
30CD000
unkown
page read and write
7FF502F88000
unkown
page readonly
BC08000
unkown
page read and write
47BC000
stack
page read and write
BDF5000
unkown
page read and write
821B000
stack
page read and write
7FF502CDD000
unkown
page readonly
4B50000
trusted library allocation
page read and write
C00A000
unkown
page read and write
BEAF000
unkown
page read and write
439B000
unkown
page read and write
47A000
stack
page read and write
8440000
unkown
page read and write
2D54000
heap
page read and write
7FF502E02000
unkown
page readonly
7FF502D20000
unkown
page readonly
29A0000
trusted library allocation
page read and write
8110000
unkown
page read and write
7FF502D65000
unkown
page readonly
9BF7000
unkown
page read and write
2D0B000
stack
page read and write
7FF5031B7000
unkown
page readonly
9AFF000
stack
page read and write
8596000
unkown
page read and write
7FF502E43000
unkown
page readonly
6EF3000
unkown
page read and write
4CF3000
heap
page read and write
2D54000
heap
page read and write
7FF502B88000
unkown
page readonly
2E30000
heap
page read and write
7FF502D3E000
unkown
page readonly
7FF502EC9000
unkown
page readonly
E85000
heap
page read and write
2D54000
heap
page read and write
DF3C000
system
page execute and read and write
8450000
unkown
page read and write
A361000
unkown
page read and write
7FF502CD4000
unkown
page readonly
BE99000
unkown
page read and write
810000
unkown
page readonly
30A3000
unkown
page read and write
7FF502D9D000
unkown
page readonly
7FF502B75000
unkown
page readonly
B570000
unkown
page read and write
A368000
unkown
page read and write
2D54000
heap
page read and write
7FF5030E6000
unkown
page readonly
9CF2000
unkown
page read and write
29A0000
trusted library allocation
page read and write
8BC9000
stack
page read and write
BDF0000
unkown
page read and write
BDCB000
unkown
page read and write
7FF502F94000
unkown
page readonly
2DA0000
unkown
page readonly
B2BA000
stack
page read and write
BC21000
unkown
page read and write
7FF503298000
unkown
page readonly
7FF502D25000
unkown
page readonly
9364000
unkown
page read and write
2A60000
unkown
page readonly
9D54000
unkown
page read and write
9BDE000
unkown
page read and write
A06000
trusted library allocation
page execute and read and write
7FF5032A5000
unkown
page readonly
7651000
unkown
page read and write
BE14000
unkown
page read and write
AA0B000
stack
page read and write
9366000
unkown
page read and write
9BE3000
unkown
page read and write
3040000
heap
page read and write
7FF5031E8000
unkown
page readonly
7FF50328B000
unkown
page readonly
43C7000
unkown
page read and write
7FF502B93000
unkown
page readonly
7FF50327C000
unkown
page readonly
3086000
unkown
page read and write
2D54000
heap
page read and write
BDD5000
unkown
page read and write
8110000
unkown
page read and write
7FF503195000
unkown
page readonly
9330000
unkown
page read and write
3088000
unkown
page read and write
7FF502D45000
unkown
page readonly
BEAF000
unkown
page read and write
43EA000
unkown
page read and write
99FF000
stack
page read and write
7FF502E9C000
unkown
page readonly
9CEA000
unkown
page read and write
9D60000
unkown
page read and write
2D54000
heap
page read and write
BC0C000
unkown
page read and write
9366000
unkown
page read and write
7FF502F22000
unkown
page readonly
90DA000
unkown
page read and write
B010000
unkown
page read and write
2F20000
unkown
page readonly
ABE0000
unkown
page read and write
7FF50322D000
unkown
page readonly
29E0000
heap
page read and write
7FF50323B000
unkown
page readonly
4B32000
trusted library allocation
page read and write
4370000
unkown
page read and write
3082000
unkown
page read and write
2580000
trusted library allocation
page read and write
30A5000
unkown
page read and write
52A2000
trusted library allocation
page read and write
A361000
unkown
page read and write
1C86000
direct allocation
page execute and read and write
6EB0000
unkown
page read and write
7DF411F11000
unkown
page execute read
7FF503189000
unkown
page readonly
4BB0000
trusted library allocation
page execute and read and write
C152000
unkown
page read and write
BC5C000
unkown
page read and write
BE1C000
unkown
page read and write
9D60000
unkown
page read and write
7FF503051000
unkown
page readonly
A40000
trusted library allocation
page execute and read and write
7FF502E62000
unkown
page readonly
FBB4000
unkown
page read and write
C18D000
unkown
page read and write
931A000
unkown
page read and write
7FF50322D000
unkown
page readonly
B5E0000
unkown
page read and write
2AA0000
unkown
page read and write
7FF502D8F000
unkown
page readonly
7FF502DBC000
unkown
page readonly
BCB4000
unkown
page read and write
7FF502C9D000
unkown
page readonly
30B4000
unkown
page read and write
1498000
heap
page read and write
7720000
unkown
page readonly
9193000
unkown
page read and write
7FF502FA0000
unkown
page readonly
2F21000
heap
page read and write
2990000
heap
page read and write
C105000
unkown
page read and write
91DE000
unkown
page read and write
7FF5031B0000
unkown
page readonly
7FF502FB4000
unkown
page readonly
90DA000
unkown
page read and write
906A000
unkown
page read and write
7FF50312D000
unkown
page readonly
7DF411EE1000
unkown
page execute read
7FF5031FF000
unkown
page readonly
E934000
unkown
page read and write
BC19000
unkown
page read and write
800000
unkown
page readonly
3086000
unkown
page read and write
6F30000
unkown
page read and write
7FF502EBB000
unkown
page readonly
308F000
unkown
page read and write
B570000
unkown
page read and write
7FF5030A5000
unkown
page readonly
2F21000
heap
page read and write
7088000
unkown
page read and write
6FBF000
unkown
page read and write
2D54000
heap
page read and write
2D54000
heap
page read and write
7088000
unkown
page read and write
512C000
stack
page read and write
2D54000
heap
page read and write
3099000
unkown
page read and write
BC55000
unkown
page read and write
6E15000
stack
page read and write
9F1000
unkown
page readonly
7620000
unkown
page readonly
2E28000
heap
page read and write
7FF5032DF000
unkown
page readonly
3067000
unkown
page read and write
9D58000
unkown
page read and write
7FF502B8B000
unkown
page readonly
B5F0000
unkown
page readonly
7FF50335D000
unkown
page readonly
7FF502FB7000
unkown
page readonly
7FF502F49000
unkown
page readonly
C133000
unkown
page read and write
4B04000
trusted library allocation
page read and write
29A0000
trusted library allocation
page read and write
7FF50302D000
unkown
page readonly
2D54000
heap
page read and write
7FF503223000
unkown
page readonly
2D54000
heap
page read and write
302F000
unkown
page read and write
93F6000
unkown
page read and write
B010000
unkown
page read and write
C142000
unkown
page read and write
2AC0000
unkown
page readonly
7FF502F2C000
unkown
page readonly
19C0000
direct allocation
page execute and read and write
BEA9000
unkown
page read and write
7FF502CF2000
unkown
page readonly
FCB4000
unkown
page read and write
4BA2000
trusted library allocation
page read and write
6FE3000
unkown
page read and write
7088000
unkown
page read and write
307E000
unkown
page read and write
BDA9000
unkown
page read and write
BBB0000
unkown
page read and write
7FF5032BD000
unkown
page readonly
2D54000
heap
page read and write
843E000
stack
page read and write
DE69000
unkown
page execute and read and write
7FF502DC3000
unkown
page readonly
1C8D000
direct allocation
page execute and read and write
A346000
unkown
page read and write
128C000
stack
page read and write
7FF5032FE000
unkown
page readonly
145E000
stack
page read and write
A20000
heap
page read and write
BC15000
unkown
page read and write
B1BF000
stack
page read and write
C164000
unkown
page read and write
9E4000
trusted library allocation
page read and write
7FF5032DB000
unkown
page readonly
29A0000
trusted library allocation
page read and write
7FF502F66000
unkown
page readonly
9BDE000
unkown
page read and write
2EBF000
stack
page read and write
1D44000
unclassified section
page execute and read and write
7840000
unkown
page read and write
ABE0000
unkown
page read and write
7DF411EF0000
unkown
page readonly
7FF5030E4000
unkown
page readonly
7FF5032C0000
unkown
page readonly
BEA3000
unkown
page read and write
3010000
unkown
page read and write
3099000
unkown
page read and write
9E0000
unkown
page read and write
9C2C000
unkown
page read and write
7FF502C8C000
unkown
page readonly
E918000
unkown
page read and write
9D03000
unkown
page read and write
8450000
unkown
page read and write
E80000
heap
page read and write
7FF502F88000
unkown
page readonly
BEE6000
unkown
page read and write
7FF503333000
unkown
page readonly
BC5C000
unkown
page read and write
4E40000
heap
page execute and read and write
44A0000
unkown
page read and write
43C7000
unkown
page read and write
C60000
unkown
page readonly
3082000
unkown
page read and write
BDC7000
unkown
page read and write
BE99000
unkown
page read and write
E4CF000
stack
page read and write
7A58000
stack
page read and write
4B00000
trusted library allocation
page read and write
9255000
unkown
page read and write
There are 1635 hidden memdumps, click here to show them.