Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.FileRepMalware.18165.2747.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Links\Aliexpress.ico (copy)
|
MS Windows icon resource - 6 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel,
-128x-128, 32 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Links\Arche_Age.ico (copy)
|
Targa image data - Map 32 x 41776 x 1 +1
|
dropped
|
||
|
C:\Users\user\AppData\Local\Links\Atomic_Heart.ico (copy)
|
MS Windows icon resource - 11 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Links\Battle_Teams.ico (copy)
|
MS Windows icon resource - 7 icons, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 24x24
with PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced, 32 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Links\Blood_and_Soul.ico (copy)
|
Targa image data - Map 32 x 56059 x 1 +1
|
dropped
|
||
|
C:\Users\user\AppData\Local\Links\Calibr.ico (copy)
|
MS Windows icon resource - 13 icons, 32x32, 16 colors, 4 bits/pixel, 16x16, 16 colors, 4 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Links\Crossout.ico (copy)
|
MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Links\Enlisted.ico (copy)
|
MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Links\InstalledLinks.txt
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Links\Lost_Ark.ico (copy)
|
MS Windows icon resource - 6 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Links\Offline_Items.ico (copy)
|
MS Windows icon resource - 9 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Links\Perfect_World.ico (copy)
|
MS Windows icon resource - 12 icons, 32x32, 16 colors, 4 bits/pixel, 16x16, 16 colors, 4 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Links\Rail_Nation.ico (copy)
|
MS Windows icon resource - 6 icons, 256x256, 32 bits/pixel, -128x-128, 32 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Links\SteamKeys.ico (copy)
|
MS Windows icon resource - 10 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Links\SteamKeys2.ico (copy)
|
MS Windows icon resource - 10 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Links\War_Thunder.ico (copy)
|
MS Windows icon resource - 6 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel,
-128x-128, 32 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Links\Warface.ico (copy)
|
MS Windows icon resource - 13 icons, 16x16, 16 colors, 4 bits/pixel, 32x32, 16 colors, 4 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Links\World_Of_Tanks.ico (copy)
|
Targa image data - Map 32 x 39521 x 1 +1
|
dropped
|
||
|
C:\Users\user\AppData\Local\Links\World_Of_Tanks_Ru.ico (copy)
|
MS Windows icon resource - 11 icons, 32x32, 16 colors, 4 bits/pixel, 16x16, 16 colors, 4 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Links\World_Of_Warships.ico (copy)
|
MS Windows icon resource - 10 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Links\World_Of_Warships_Ru.ico (copy)
|
Targa image data - Map 32 x 65531 x 1 +1
|
dropped
|
||
|
C:\Users\user\AppData\Local\Links\is-01MK6.tmp
|
Targa image data - Map 32 x 39521 x 1 +1
|
dropped
|
||
|
C:\Users\user\AppData\Local\Links\is-0TI4U.tmp
|
MS Windows icon resource - 6 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel,
-128x-128, 32 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Links\is-13S1B.tmp
|
Targa image data - Map 32 x 41776 x 1 +1
|
dropped
|
||
|
C:\Users\user\AppData\Local\Links\is-1HA6D.tmp
|
Targa image data - Map 32 x 56059 x 1 +1
|
dropped
|
||
|
C:\Users\user\AppData\Local\Links\is-4ASMB.tmp
|
MS Windows icon resource - 13 icons, 16x16, 16 colors, 4 bits/pixel, 32x32, 16 colors, 4 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Links\is-5IJ88.tmp
|
MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Links\is-5LAEB.tmp
|
MS Windows icon resource - 12 icons, 32x32, 16 colors, 4 bits/pixel, 16x16, 16 colors, 4 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Links\is-7B0DN.tmp
|
MS Windows icon resource - 10 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Links\is-8L93J.tmp
|
MS Windows icon resource - 11 icons, 32x32, 16 colors, 4 bits/pixel, 16x16, 16 colors, 4 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Links\is-CNP4K.tmp
|
MS Windows icon resource - 6 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel,
-128x-128, 32 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Links\is-I5GUF.tmp
|
MS Windows icon resource - 6 icons, 256x256, 32 bits/pixel, -128x-128, 32 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Links\is-IFSCV.tmp
|
MS Windows icon resource - 13 icons, 32x32, 16 colors, 4 bits/pixel, 16x16, 16 colors, 4 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Links\is-OOGLC.tmp
|
Targa image data - Map 32 x 65531 x 1 +1
|
dropped
|
||
|
C:\Users\user\AppData\Local\Links\is-OU3D8.tmp
|
MS Windows icon resource - 9 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Links\is-P11JR.tmp
|
MS Windows icon resource - 10 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Links\is-PR19V.tmp
|
MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Links\is-QB23A.tmp
|
MS Windows icon resource - 7 icons, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 24x24
with PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced, 32 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Links\is-S3FFK.tmp
|
MS Windows icon resource - 11 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Links\is-T9GOB.tmp
|
MS Windows icon resource - 10 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Links\is-TSK1S.tmp
|
MS Windows icon resource - 6 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000001d.db
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000001e.db
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000001f.db
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000020.db
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000021.db
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-LNKT1.tmp\SecuriteInfo.com.FileRepMalware.18165.2747.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\???????? ?????? Steam (2).lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\???????? ?????? Steam.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\???????? ??????? ???????.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Aliexpress.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\ArcheAge.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Atomic Heart.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Battle Teams.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Blood and Soul.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Caliber.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Crossout.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Enlisted.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Lost Ark.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Perfect World.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Rail Nation.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\War Thunder.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Warface.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\World of Tanks (2).lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\World of Tanks.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\World of Warships (2).lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\World of Warships.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\???????? ?????? Steam.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\???????? ??????? ???????.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Aliexpress.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\ArcheAge.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Atomic Heart.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Battle Teams.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Blood and Soul.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Caliber.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Crossout.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Enlisted.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Lost Ark.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Perfect World.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\???????? ?????? Steam (2).lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\???????? ?????? Steam.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\???????? ??????? ???????.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcheAge.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Atomic Heart.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Battle Teams.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
modified
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blood and Soul.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Caliber.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crossout.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Enlisted.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lost Ark.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Perfect World.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rail Nation.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\War Thunder.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warface.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks (2).lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Warships (2).lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Warships.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Rail Nation.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\War Thunder.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Warface.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\World of Tanks.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\World of Warships.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\Desktop\???????? ?????? Steam.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\Desktop\???????? ??????? ???????.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\Desktop\Aliexpress.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\Desktop\ArcheAge.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\Desktop\Atomic Heart.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\Desktop\Battle Teams.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\Desktop\Blood and Soul.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\Desktop\Caliber.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\Desktop\Crossout.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\Desktop\Enlisted.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\Desktop\Lost Ark.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\Desktop\Perfect World.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\Desktop\Rail Nation.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\Desktop\War Thunder.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\Desktop\Warface.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\Desktop\World of Tanks.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
||
|
C:\Users\user\Desktop\World of Warships.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has Working directory, Has command line
arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600,
length=0, window=hide
|
dropped
|
There are 114 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.18165.2747.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.18165.2747.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe
|
"C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Aliexpress.lnk"
5386
|
|
|
|
C:\Windows\explorer.exe
|
C:\Windows\Explorer.EXE
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe
|
"C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Aliexpress.lnk"
51201
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe
|
"C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Blood
and Soul.lnk" 5386
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe
|
"C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Blood
and Soul.lnk" 51201
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe
|
"C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Caliber.lnk"
5386
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe
|
"C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Caliber.lnk"
51201
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe
|
"C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Crossout.lnk"
5386
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe
|
"C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Crossout.lnk"
51201
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe
|
"C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Enlisted.lnk"
5386
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe
|
"C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Enlisted.lnk"
51201
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe
|
"C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Lost
Ark.lnk" 5386
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe
|
"C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Lost
Ark.lnk" 51201
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe
|
"C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\????????
??????? ???????.lnk" 5386
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe
|
"C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\????????
??????? ???????.lnk" 51201
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe
|
"C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Rail
Nation.lnk" 5386
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe
|
"C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Rail
Nation.lnk" 51201
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe
|
"C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\????????
?????? Steam.lnk" 5386
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe
|
"C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\????????
?????? Steam.lnk" 51201
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe
|
"C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\????????
?????? Steam.lnk" 5386
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe
|
"C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\????????
?????? Steam.lnk" 51201
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe
|
"C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\War
Thunder.lnk" 5386
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe
|
"C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\War
Thunder.lnk" 51201
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe
|
"C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Warface.lnk"
5386
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe
|
"C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Warface.lnk"
51201
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe
|
"C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\World
of Tanks.lnk" 5386
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe
|
"C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\World
of Tanks.lnk" 51201
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe
|
"C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\World
of Tanks.lnk" 5386
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe
|
"C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\World
of Tanks.lnk" 51201
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe
|
"C:\Users\user\AppData\Local\Temp\is-F4CP3.tmp\shortcut.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\World
of Warships.lnk" 5386
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-LNKT1.tmp\SecuriteInfo.com.FileRepMalware.18165.2747.tmp
|
"C:\Users\user\AppData\Local\Temp\is-LNKT1.tmp\SecuriteInfo.com.FileRepMalware.18165.2747.tmp" /SL5="$203B8,1938865,172032,C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.18165.2747.exe"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 51 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://yagoaway.ru/gl/?cid=&oid=29150&v=6&utm_campaign=test&trash=
|
unknown
|
|
|
|
https://yagoaway.ru/gl/?cid=&oid=mZWZvCwR&v=6&utm_campaign=test&trash=
|
unknown
|
|
|
|
https://yagoaway.ru/gl/?cid=&oid=27233&v=6&utm_campaign=test&trash=
|
unknown
|
|
|
|
https://yagoaway.ru/gl/?cid=&oid=6735&v=6&utm_campaign=test&trash=
|
unknown
|
|
|
|
https://yagoaway.ru/gl/?cid=&oid=20935&v=6&utm_campaign=test&trash=
|
unknown
|
|
|
|
https://yagoaway.ru/gl/?cid=&oid=19706&v=6&utm_campaign=test&trash=
|
unknown
|
|
|
|
https://yagoaway.ru/gl/?cid=&oid=3480053&v=6&utm_campaign=test&trash=
|
unknown
|
|
|
|
https://yagoaway.ru/gl/?cid=&oid=24765&v=6&utm_campaign=test&trash=
|
unknown
|
|
|
|
https://yagoaway.ru/gl/?cid=&oid=19705&v=6&utm_campaign=test&trash=
|
unknown
|
|
|
|
https://yagoaway.ru/gl/?cid=&oid=171&v=6&utm_campaign=test&trash=
|
unknown
|
|
|
|
https://yagoaway.ru/gl/?cid=&oid=1140&v=6&utm_campaign=test&trash=
|
unknown
|
|
|
|
https://yagoaway.ru/gl/?cid=&oid=1925&v=6&utm_campaign=test&trash=
|
unknown
|
|
|
|
https://yagoaway.ru/gl/?cid=&oid=911&v=6&utm_campaign=test&trash=
|
unknown
|
|
|
|
https://yagoaway.ru/gl/?cid=&oid=34283&v=6&utm_campaign=test&trash=
|
unknown
|
|
|
|
https://yagoaway.ru/gl/?cid=&oid=24766&v=6&utm_campaign=test&trash=
|
unknown
|
|
|
|
https://yagoaway.ru/gl/?cid=&oid=dFjmQFjX&v=6&utm_campaign=test&trash=
|
unknown
|
|
|
|
https://yagoaway.ru/gl/?cid=&oid=29103&v=6&utm_campaign=test&trash=
|
unknown
|
|
|
|
https://yagoaway.ru/gl/?cid=&oid=833&v=6&utm_campaign=test&trash=
|
unknown
|
|
|
|
https://yagoaway.ru/gl/?cid=&oid=NgRKk7SD&v=6&utm_campaign=test&trash=
|
unknown
|
|
|
|
https://yagoaway.ru/gl/?cid=&oid=1115&v=6&utm_campaign=test&trash=
|
unknown
|
|
|
|
https://api.msn.com/v1/news/Feed/Windows?
|
unknown
|
||
|
https://api.msn.com/I
|
unknown
|
||
|
https://terra.im/gl/?cid=$
|
unknown
|
||
|
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
|
unknown
|
||
|
https://www.msn.com/en-us/money/savingandinvesting/americans-average-net-worth-by-age/ar-AA1h4ngF
|
unknown
|
||
|
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
|
unknown
|
||
|
https://api.msn.com:443/v1/news/Feed/Windows?
|
unknown
|
||
|
https://word.office.comM
|
unknown
|
||
|
https://www.msn.com/en-us/money/realestate/why-this-florida-city-is-a-safe-haven-from-hurricanes/ar-
|
unknown
|
||
|
http://schemas.micro
|
unknown
|
||
|
https://www.msn.com/en-us/news/politics/how-donald-trump-helped-kari-lake-become-arizona-s-and-ameri
|
unknown
|
||
|
https://terra.im/gl/?cid=&oid=$
|
unknown
|
||
|
https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
|
unknown
|
||
|
https://yagoaway.ru/gl/?cid=&oid=$
|
unknown
|
||
|
https://www.msn.com/en-us/news/politics/republicans-already-barred-trump-from-being-speaker-of-the-h
|
unknown
|
||
|
https://www.msn.com/en-us/news/politics/trump-campaign-says-he-raised-more-than-45-million-in-3rd-qu
|
unknown
|
||
|
https://wns.windows.com/e
|
unknown
|
||
|
http://www.innosetup.com/
|
unknown
|
||
|
https://stvkr.com/click-
|
unknown
|
||
|
https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
|
unknown
|
||
|
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMhz
|
unknown
|
||
|
https://excel.office.com-
|
unknown
|
||
|
https://api.msn.com/v1/news/Feed/Windows?activityId=435B7A89D7D74BDF801F2DA188906BAF&timeOut=5000&oc
|
unknown
|
||
|
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehwh2.svg
|
unknown
|
||
|
https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
|
unknown
|
||
|
https://www.msn.com/en-us/travel/news/you-can-t-beat-bobby-flay-s-phoenix-airport-restaurant-one-of-
|
unknown
|
||
|
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMhz-dark
|
unknown
|
||
|
https://www.msn.com/en-us/money/personalfinance/money-matters-changing-institution-of-marriage/ar-AA
|
unknown
|
||
|
http://www.dk-soft.org/
|
unknown
|
||
|
https://www.msn.com/en-us/news/us/biden-administration-waives-26-federal-laws-to-allow-border-wall-c
|
unknown
|
||
|
https://ipinfo.io/country
|
34.117.186.192
|
||
|
https://www.msn.com/en-us/weather/topstories/california-s-reservoirs-runneth-over-in-astounding-reve
|
unknown
|
||
|
https://powerpoint.office.comEMd
|
unknown
|
||
|
https://android.notify.windows.com/iOS
|
unknown
|
||
|
https://outlook.come
|
unknown
|
||
|
https://www.msn.com/en-us/news/technology/a-federal-emergency-alert-will-be-sent-to-us-phones-nation
|
unknown
|
||
|
https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp
|
unknown
|
||
|
https://www.msn.com/en-us/news/us/dumb-and-dumber-12-states-with-the-absolute-worst-education-in-the
|
unknown
|
||
|
https://api.msn.com/
|
unknown
|
||
|
http://www.remobjects.com/ps
|
unknown
|
||
|
https://www.msn.com/en-us/news/politics/kevin-mccarthy-s-ouster-as-house-speaker-could-cost-gop-its-
|
unknown
|
||
|
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
|
unknown
|
||
|
https://www.msn.com:443/en-us/feed
|
unknown
|
||
|
https://www.msn.com/en-us/news/world/us-supplies-ukraine-with-a-million-rounds-of-ammunition-seized-
|
unknown
|
||
|
https://www.msn.com/en-us/money/personalfinance/10-things-rich-people-never-buy-and-you-shouldn-t-ei
|
unknown
|
There are 55 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ipinfo.io
|
34.117.186.192
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
34.117.186.192
|
ipinfo.io
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
|
6C696E6B2D616C6965787072657373
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
|
6C696E6B2D626C6F6F642D616E642D736F756C
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
|
6C696E6B2D63616C696272
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
|
6C696E6B2D63726F73736F7574
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
|
6C696E6B2D656E6C6973746564
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
|
6C696E6B2D6C6F73742D61726B
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
|
6C696E6B2D6F66666C696E652D6974656D73
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
|
6C696E6B2D7261696C2D6E6174696F6E
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
|
6C696E6B2D737465616D2D6B6579735F7770
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
|
6C696E6B2D737465616D2D6B657973
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
|
737465616D2D6B657973
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
|
6C696E6B2D737465616D6B657973
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
|
6C696E6B2D737465616D6B65797332
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
|
6C696E6B2D7761722D7468756E646572
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
|
6C696E6B2D77617266616365
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
|
6C696E6B2D776F726C642D6F662D74616E6B73
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
|
6C696E6B2D776F726C642D6F662D74616E6B732D7275
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
|
6C696E6B2D776F726C642D6F662D7761727368697073
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
|
6C696E6B2D776F726C642D6F662D77617273686970732D7275
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
|
6C696E6B2D706572666563742D776F726C64
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
|
6C696E6B2D61726368652D616765
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
|
6C696E6B2D61746F6D69632D6865617274
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
|
6C696E6B2D626174746C652D7465616D73
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
Classes
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
~reserved~
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\UFH\SHC
|
14
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\fsquirt.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\fsquirt.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000020424
|
VirtualDesktop
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\WFS.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\WFS.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000030424
|
VirtualDesktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:000000000004042A
|
VirtualDesktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000030432
|
VirtualDesktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:000000000006042A
|
VirtualDesktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:000000000007042A
|
VirtualDesktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
Classes
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
~reserved~
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000040446
|
VirtualDesktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:000000000008043C
|
VirtualDesktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000303CC
|
VirtualDesktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000040464
|
VirtualDesktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:000000000003045E
|
VirtualDesktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:000000000004045E
|
VirtualDesktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:000000000005045E
|
VirtualDesktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000090450
|
VirtualDesktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
Classes
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
~reserved~
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:000000000008045E
|
VirtualDesktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:000000000009045E
|
VirtualDesktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000A045E
|
VirtualDesktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000B045E
|
VirtualDesktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\UFH\SHC
|
15
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\UFH\SHC
|
16
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\UFH\SHC
|
17
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\UFH\SHC
|
18
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\UFH\SHC
|
19
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\UFH\SHC
|
20
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\UFH\SHC
|
21
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\UFH\SHC
|
22
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\UFH\SHC
|
23
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000C045E
|
VirtualDesktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000D045E
|
VirtualDesktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
Classes
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
~reserved~
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000E045E
|
VirtualDesktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\UFH\SHC
|
24
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000F045E
|
VirtualDesktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000110460
|
VirtualDesktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000304AE
|
VirtualDesktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000404B0
|
VirtualDesktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000304C6
|
VirtualDesktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
Classes
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
~reserved~
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000604B0
|
VirtualDesktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000404E0
|
VirtualDesktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000A04B0
|
VirtualDesktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000B04B0
|
VirtualDesktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000C04B0
|
VirtualDesktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000D04B0
|
VirtualDesktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000E04B0
|
VirtualDesktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000804FA
|
VirtualDesktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000904FA
|
VirtualDesktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000E04EA
|
VirtualDesktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
|
{33154C99-BF49-443D-A73C-303A23ABBE97} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000F04EA
|
VirtualDesktop
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
Classes
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
~reserved~
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\UFH\SHC
|
25
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\UFH\SHC
|
26
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\UFH\SHC
|
27
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\UFH\SHC
|
28
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\UFH\SHC
|
29
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\UFH\SHC
|
30
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
Classes
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
~reserved~
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
Classes
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
~reserved~
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
Classes
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
~reserved~
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
Classes
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
~reserved~
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
Classes
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
~reserved~
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
Classes
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
~reserved~
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
Classes
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
~reserved~
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithProgids
|
Unpacker
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
Classes
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
~reserved~
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
Classes
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
~reserved~
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search
|
InstalledWin32AppsRevision
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
|
SlowContextMenuEntries
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
FavoritesResolve
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
Favorites
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
FavoritesChanges
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$de${296fb823-4948-4d16-a2af-34cf3493a5be}$start.tilegrid$windows.data.curatedtilecollection.tilecollection\Current
|
Data
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
FavoritesResolve
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
Favorites
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
FavoritesChanges
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Shell\Bags\1\Desktop
|
IconLayouts
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
FavoritesResolve
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
Favorites
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
FavoritesChanges
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Shell\Bags\1\Desktop
|
IconLayouts
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
FavoritesResolve
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
Favorites
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
FavoritesChanges
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Shell\Bags\1\Desktop
|
IconLayouts
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
FavoritesResolve
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
Favorites
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
FavoritesChanges
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Shell\Bags\1\Desktop
|
IconLayouts
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
FavoritesResolve
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
Favorites
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
FavoritesChanges
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Shell\Bags\1\Desktop
|
IconLayouts
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
FavoritesResolve
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
Favorites
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
FavoritesChanges
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Shell\Bags\1\Desktop
|
IconLayouts
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
FavoritesResolve
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
Favorites
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
FavoritesChanges
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Shell\Bags\1\Desktop
|
IconLayouts
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
FavoritesResolve
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
Favorites
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
FavoritesChanges
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Shell\Bags\1\Desktop
|
IconLayouts
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
FavoritesResolve
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
Favorites
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
FavoritesChanges
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
FavoritesResolve
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
Favorites
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
FavoritesChanges
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Shell\Bags\1\Desktop
|
IconLayouts
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$de${296fb823-4948-4d16-a2af-34cf3493a5be}$$windows.data.unifiedtile.roamedtilepropertiesmap\Current
|
Data
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$de${296fb823-4948-4d16-a2af-34cf3493a5be}$start.tilegrid$windows.data.curatedtilecollection.tilecollection\Current
|
Data
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$de${296fb823-4948-4d16-a2af-34cf3493a5be}$$windows.data.unifiedtile.roamedtilepropertiesmap\Current
|
Data
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$de${296fb823-4948-4d16-a2af-34cf3493a5be}$start.tilegrid$windows.data.curatedtilecollection.tilecollection\Current
|
Data
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$de${296fb823-4948-4d16-a2af-34cf3493a5be}$$windows.data.unifiedtile.roamedtilepropertiesmap\Current
|
Data
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$de${296fb823-4948-4d16-a2af-34cf3493a5be}$start.tilegrid$windows.data.curatedtilecollection.tilecollection\Current
|
Data
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$de${296fb823-4948-4d16-a2af-34cf3493a5be}$$windows.data.unifiedtile.roamedtilepropertiesmap\Current
|
Data
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$de${296fb823-4948-4d16-a2af-34cf3493a5be}$start.tilegrid$windows.data.curatedtilecollection.tilecollection\Current
|
Data
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$de${296fb823-4948-4d16-a2af-34cf3493a5be}$$windows.data.unifiedtile.roamedtilepropertiesmap\Current
|
Data
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$de${296fb823-4948-4d16-a2af-34cf3493a5be}$start.tilegrid$windows.data.curatedtilecollection.tilecollection\Current
|
Data
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$de${296fb823-4948-4d16-a2af-34cf3493a5be}$$windows.data.unifiedtile.roamedtilepropertiesmap\Current
|
Data
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Shell\Bags\1\Desktop
|
IconLayouts
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
|
SlowContextMenuEntries
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
|
SlowContextMenuEntries
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$de${296fb823-4948-4d16-a2af-34cf3493a5be}$start.tilegrid$windows.data.curatedtilecollection.tilecollection\Current
|
Data
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$de${296fb823-4948-4d16-a2af-34cf3493a5be}$$windows.data.unifiedtile.roamedtilepropertiesmap\Current
|
Data
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
FavoritesResolve
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
Favorites
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
FavoritesChanges
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$de${296fb823-4948-4d16-a2af-34cf3493a5be}$start.tilegrid$windows.data.curatedtilecollection.tilecollection\Current
|
Data
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$de${296fb823-4948-4d16-a2af-34cf3493a5be}$$windows.data.unifiedtile.roamedtilepropertiesmap\Current
|
Data
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$de${296fb823-4948-4d16-a2af-34cf3493a5be}$start.tilegrid$windows.data.curatedtilecollection.tilecollection\Current
|
Data
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$de${296fb823-4948-4d16-a2af-34cf3493a5be}$$windows.data.unifiedtile.roamedtilepropertiesmap\Current
|
Data
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$de${296fb823-4948-4d16-a2af-34cf3493a5be}$start.tilegrid$windows.data.curatedtilecollection.tilecollection\Current
|
Data
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search
|
InstalledWin32AppsRevision
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$de${296fb823-4948-4d16-a2af-34cf3493a5be}$$windows.data.unifiedtile.roamedtilepropertiesmap\Current
|
Data
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$de${296fb823-4948-4d16-a2af-34cf3493a5be}$start.tilegrid$windows.data.curatedtilecollection.tilecollection\Current
|
Data
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search
|
InstalledWin32AppsRevision
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
FavoritesResolve
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
Favorites
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
FavoritesChanges
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Shell\Bags\1\Desktop
|
IconLayouts
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
FavoritesResolve
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
Favorites
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
FavoritesChanges
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Security and Maintenance\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.102
|
CheckSetting
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
FavoritesResolve
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
Favorites
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
FavoritesChanges
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Shell\Bags\1\Desktop
|
IconLayouts
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
FavoritesResolve
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
Favorites
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
FavoritesChanges
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
FavoritesResolve
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
Favorites
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
FavoritesChanges
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Shell\Bags\1\Desktop
|
IconLayouts
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
FavoritesResolve
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
Favorites
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
FavoritesChanges
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Shell\Bags\1\Desktop
|
IconLayouts
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
FavoritesResolve
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
Favorites
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
FavoritesChanges
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Shell\Bags\1\Desktop
|
IconLayouts
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
FavoritesResolve
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
Favorites
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband
|
FavoritesChanges
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Shell\Bags\1\Desktop
|
IconLayouts
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$de${296fb823-4948-4d16-a2af-34cf3493a5be}$$windows.data.unifiedtile.roamedtilepropertiesmap\Current
|
Data
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$de${296fb823-4948-4d16-a2af-34cf3493a5be}$start.tilegrid$windows.data.curatedtilecollection.tilecollection\Current
|
Data
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$de${296fb823-4948-4d16-a2af-34cf3493a5be}$$windows.data.unifiedtile.roamedtilepropertiesmap\Current
|
Data
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$de${296fb823-4948-4d16-a2af-34cf3493a5be}$start.tilegrid$windows.data.curatedtilecollection.tilecollection\Current
|
Data
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$de${296fb823-4948-4d16-a2af-34cf3493a5be}$$windows.data.unifiedtile.roamedtilepropertiesmap\Current
|
Data
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$de${296fb823-4948-4d16-a2af-34cf3493a5be}$start.tilegrid$windows.data.curatedtilecollection.tilecollection\Current
|
Data
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$de${296fb823-4948-4d16-a2af-34cf3493a5be}$$windows.data.unifiedtile.roamedtilepropertiesmap\Current
|
Data
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$de${296fb823-4948-4d16-a2af-34cf3493a5be}$start.tilegrid$windows.data.curatedtilecollection.tilecollection\Current
|
Data
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$de${296fb823-4948-4d16-a2af-34cf3493a5be}$$windows.data.unifiedtile.roamedtilepropertiesmap\Current
|
Data
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$de${296fb823-4948-4d16-a2af-34cf3493a5be}$start.tilegrid$windows.data.curatedtilecollection.tilecollection\Current
|
Data
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$de${296fb823-4948-4d16-a2af-34cf3493a5be}$$windows.data.unifiedtile.roamedtilepropertiesmap\Current
|
Data
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$de${296fb823-4948-4d16-a2af-34cf3493a5be}$start.tilegrid$windows.data.curatedtilecollection.tilecollection\Current
|
Data
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$de${296fb823-4948-4d16-a2af-34cf3493a5be}$$windows.data.unifiedtile.roamedtilepropertiesmap\Current
|
Data
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$de${296fb823-4948-4d16-a2af-34cf3493a5be}$start.tilegrid$windows.data.curatedtilecollection.tilecollection\Current
|
Data
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$de${296fb823-4948-4d16-a2af-34cf3493a5be}$$windows.data.unifiedtile.roamedtilepropertiesmap\Current
|
Data
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$de${296fb823-4948-4d16-a2af-34cf3493a5be}$start.tilegrid$windows.data.curatedtilecollection.tilecollection\Current
|
Data
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$de${296fb823-4948-4d16-a2af-34cf3493a5be}$$windows.data.unifiedtile.roamedtilepropertiesmap\Current
|
Data
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$de${296fb823-4948-4d16-a2af-34cf3493a5be}$start.tilegrid$windows.data.curatedtilecollection.tilecollection\Current
|
Data
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search
|
InstalledWin32AppsRevision
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search
|
InstalledWin32AppsRevision
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\OpenWithProgids
|
WMP11.AssocFile.3G2
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\OpenWithProgids
|
WMP11.AssocFile.3GP
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\OpenWithProgids
|
WMP11.AssocFile.ADTS
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adt\OpenWithProgids
|
WMP11.AssocFile.ADTS
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\OpenWithProgids
|
WMP11.AssocFile.AIFF
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\OpenWithProgids
|
WMP11.AssocFile.ASF
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\OpenWithProgids
|
WMP11.AssocFile.ASX
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\OpenWithProgids
|
WMP11.AssocFile.AU
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au3\OpenWithProgids
|
AutoIt3Script
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\OpenWithProgids
|
WMP11.AssocFile.AVI
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\OpenWithProgids
|
Paint.Picture
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cab\OpenWithProgids
|
CABFolder
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdxml\OpenWithProgids
|
Microsoft.PowerShellCmdletDefinitionXML.1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.css\OpenWithProgids
|
CSSfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.csv\OpenWithProgids
|
Excel.CSV
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dds\OpenWithProgids
|
ddsfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dll\OpenWithProgids
|
dllfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\OpenWithProgids
|
Word.Document.8
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docm\OpenWithProgids
|
Word.DocumentMacroEnabled.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\OpenWithProgids
|
Word.Document.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dot\OpenWithProgids
|
Word.Template.8
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dotm\OpenWithProgids
|
Word.TemplateMacroEnabled.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dotx\OpenWithProgids
|
Word.Template.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\OpenWithProgids
|
emffile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids
|
exefile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\OpenWithProgids
|
WMP11.AssocFile.FLAC
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fon\OpenWithProgids
|
fonfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\OpenWithProgids
|
giffile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids
|
htmlfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\OpenWithProgids
|
icofile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inf\OpenWithProgids
|
inffile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ini\OpenWithProgids
|
inifile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\OpenWithProgids
|
pjpegfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\OpenWithProgids
|
jpegfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jxr\OpenWithProgids
|
wdpfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lnk\OpenWithProgids
|
lnkfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\OpenWithProgids
|
WMP11.AssocFile.MPEG
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\OpenWithProgids
|
WMP11.AssocFile.M2TS
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\OpenWithProgids
|
WMP11.AssocFile.m3u
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\OpenWithProgids
|
WMP11.AssocFile.M4A
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\OpenWithProgids
|
WMP11.AssocFile.MP4
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\OpenWithProgids
|
mhtmlfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\OpenWithProgids
|
WMP11.AssocFile.MIDI
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\OpenWithProgids
|
WMP11.AssocFile.MIDI
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mk3d\OpenWithProgids
|
WMP11.AssocFile.MK3D
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mka\OpenWithProgids
|
WMP11.AssocFile.MKA
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\OpenWithProgids
|
WMP11.AssocFile.MKV
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\OpenWithProgids
|
WMP11.AssocFile.MPEG
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\OpenWithProgids
|
WMP11.AssocFile.MOV
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MP2\OpenWithProgids
|
WMP11.AssocFile.MP3
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\OpenWithProgids
|
WMP11.AssocFile.MPEG
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\OpenWithProgids
|
WMP11.AssocFile.MP4
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\OpenWithProgids
|
WMP11.AssocFile.MP4
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\OpenWithProgids
|
WMP11.AssocFile.MPEG
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MPE\OpenWithProgids
|
WMP11.AssocFile.MPEG
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msg\OpenWithProgids
|
Outlook.File.msg.15
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\OpenWithProgids
|
WMP11.AssocFile.M2TS
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ocx\OpenWithProgids
|
ocxfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.odp\OpenWithProgids
|
PowerPoint.OpenDocumentPresentation.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ods\OpenWithProgids
|
Excel.OpenDocumentSpreadsheet.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.odt\OpenWithProgids
|
Word.OpenDocumentText.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.otf\OpenWithProgids
|
otffile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\OpenWithProgids
|
pngfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pot\OpenWithProgids
|
PowerPoint.Template.8
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.potm\OpenWithProgids
|
PowerPoint.TemplateMacroEnabled.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.potx\OpenWithProgids
|
PowerPoint.Template.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppam\OpenWithProgids
|
PowerPoint.Addin.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppsm\OpenWithProgids
|
PowerPoint.SlideShowMacroEnabled.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppsx\OpenWithProgids
|
PowerPoint.SlideShow.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppt\OpenWithProgids
|
PowerPoint.Show.8
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pptm\OpenWithProgids
|
PowerPoint.ShowMacroEnabled.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pptx\OpenWithProgids
|
PowerPoint.Show.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ps1\OpenWithProgids
|
Microsoft.PowerShellScript.1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ps1xml\OpenWithProgids
|
Microsoft.PowerShellXMLData.1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd1\OpenWithProgids
|
Microsoft.PowerShellData.1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psm1\OpenWithProgids
|
Microsoft.PowerShellModule.1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pssc\OpenWithProgids
|
Microsoft.PowerShellSessionConfiguration.1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\OpenWithProgids
|
rlefile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\OpenWithProgids
|
WMP11.AssocFile.MIDI
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rtf\OpenWithProgids
|
Word.RTF.8
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.scf\OpenWithProgids
|
SHCmdFile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.search-ms\OpenWithProgids
|
SearchFolder
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithProgids
|
shtmlfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sldm\OpenWithProgids
|
PowerPoint.SlideMacroEnabled.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sldx\OpenWithProgids
|
PowerPoint.Slide.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\OpenWithProgids
|
WMP11.AssocFile.AU
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sys\OpenWithProgids
|
sysfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\OpenWithProgids
|
TIFImage.Document
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\OpenWithProgids
|
WMP11.AssocFile.TTS
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\OpenWithProgids
|
ttcfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\OpenWithProgids
|
ttffile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithProgids
|
txtfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vsto\OpenWithProgids
|
bootstrap.vsto.1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\OpenWithProgids
|
WMP11.AssocFile.WAV
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\OpenWithProgids
|
WMP11.AssocFile.WAX
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdp\OpenWithProgids
|
wdpfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\OpenWithProgids
|
WMP11.AssocFile.ASF
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\OpenWithProgids
|
WMP11.AssocFile.WMA
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\OpenWithProgids
|
wmffile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\OpenWithProgids
|
WMP11.AssocFile.WMV
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\OpenWithProgids
|
WMP11.AssocFile.ASX
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WPL\OpenWithProgids
|
WMP11.AssocFile.WPL
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\OpenWithProgids
|
WMP11.AssocFile.WVX
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlam\OpenWithProgids
|
Excel.AddInMacroEnabled
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xls\OpenWithProgids
|
Excel.Sheet.8
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsb\OpenWithProgids
|
Excel.SheetBinaryMacroEnabled.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsm\OpenWithProgids
|
Excel.SheetMacroEnabled.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsx\OpenWithProgids
|
Excel.Sheet.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlt\OpenWithProgids
|
Excel.Template.8
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xltm\OpenWithProgids
|
Excel.TemplateMacroEnabled
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xltx\OpenWithProgids
|
Excel.Template
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\OpenWithProgids
|
xmlfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xsl\OpenWithProgids
|
xslfile
|
There are 344 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
29538F80000
|
direct allocation
|
page execute and read and write
|
||
|
29746830000
|
heap
|
page read and write
|
||
|
C19D000
|
unkown
|
page read and write
|
||
|
16880000
|
unkown
|
page read and write
|
||
|
18AAAC20000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
A098000
|
unkown
|
page read and write
|
||
|
125A0000
|
unkown
|
page read and write
|
||
|
6C0000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
18B30000
|
unkown
|
page read and write
|
||
|
B60A000
|
stack
|
page read and write
|
||
|
6F9000
|
heap
|
page read and write
|
||
|
20CED9A0000
|
heap
|
page read and write
|
||
|
2E05000
|
remote allocation
|
page execute and read and write
|
||
|
83D0000
|
unkown
|
page read and write
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
14E15000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
18AA9260000
|
heap
|
page read and write
|
||
|
D88CCFF000
|
stack
|
page read and write
|
||
|
2299000
|
direct allocation
|
page read and write
|
||
|
14A1A000
|
unkown
|
page read and write
|
||
|
2306000
|
direct allocation
|
page read and write
|
||
|
7FF5DF5FC000
|
unkown
|
page readonly
|
||
|
141D5000
|
remote allocation
|
page execute and read and write
|
||
|
47B6000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14B83000
|
unkown
|
page read and write
|
||
|
9F78000
|
unkown
|
page read and write
|
||
|
F70000
|
unkown
|
page execute and read and write
|
||
|
7FF5DF52D000
|
unkown
|
page readonly
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
759000
|
heap
|
page read and write
|
||
|
27FA7FE000
|
stack
|
page read and write
|
||
|
14C1E000
|
unkown
|
page read and write
|
||
|
76F0000
|
unkown
|
page read and write
|
||
|
7FF5DF089000
|
unkown
|
page readonly
|
||
|
14A78000
|
unkown
|
page read and write
|
||
|
95EE000
|
stack
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
16B90000
|
unkown
|
page read and write
|
||
|
2E05000
|
remote allocation
|
page execute and read and write
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
295375C8000
|
heap
|
page read and write
|
||
|
14EC0000
|
unkown
|
page read and write
|
||
|
47EC000
|
unkown
|
page read and write
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
644000
|
heap
|
page read and write
|
||
|
641C000
|
stack
|
page read and write
|
||
|
14E15000
|
unkown
|
page read and write
|
||
|
7FF5DF398000
|
unkown
|
page readonly
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
13390000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
2197D900000
|
heap
|
page read and write
|
||
|
14955000
|
unkown
|
page read and write
|
||
|
148C0000
|
unkown
|
page read and write
|
||
|
14A33000
|
unkown
|
page read and write
|
||
|
50E000
|
unkown
|
page write copy
|
||
|
3BBE000
|
direct allocation
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
51A5000
|
remote allocation
|
page execute and read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
1B0FBF60000
|
heap
|
page read and write
|
||
|
21F3000
|
direct allocation
|
page read and write
|
||
|
17080000
|
unkown
|
page read and write
|
||
|
2905EA00000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
C8803FF000
|
stack
|
page read and write
|
||
|
1ECC41B0000
|
heap
|
page read and write
|
||
|
BF9B000
|
unkown
|
page read and write
|
||
|
16EBFC90000
|
heap
|
page read and write
|
||
|
7FF5DF452000
|
unkown
|
page readonly
|
||
|
12EFB6D0000
|
heap
|
page read and write
|
||
|
7FF5DF211000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
3356000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
15DB0000
|
unkown
|
page read and write
|
||
|
14988000
|
unkown
|
page read and write
|
||
|
C34E000
|
unkown
|
page read and write
|
||
|
640000
|
heap
|
page read and write
|
||
|
176D0000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14ADB000
|
unkown
|
page read and write
|
||
|
14C14000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14B29000
|
unkown
|
page read and write
|
||
|
8BF000
|
stack
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14A0A000
|
unkown
|
page read and write
|
||
|
1493D000
|
unkown
|
page read and write
|
||
|
BD7F000
|
stack
|
page read and write
|
||
|
F28000
|
stack
|
page read and write
|
||
|
14CE2000
|
unkown
|
page read and write
|
||
|
C13C000
|
unkown
|
page read and write
|
||
|
7FF5DF3C6000
|
unkown
|
page readonly
|
||
|
14AE9000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
C183000
|
unkown
|
page read and write
|
||
|
1482C000
|
unkown
|
page read and write
|
||
|
17080000
|
unkown
|
page read and write
|
||
|
147B4000
|
unkown
|
page read and write
|
||
|
148BB000
|
unkown
|
page read and write
|
||
|
C35B000
|
unkown
|
page read and write
|
||
|
14858000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14CA2000
|
unkown
|
page read and write
|
||
|
D88CAFC000
|
stack
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14A90000
|
unkown
|
page read and write
|
||
|
12DE0000
|
unkown
|
page read and write
|
||
|
29538F90000
|
heap
|
page read and write
|
||
|
4766000
|
unkown
|
page read and write
|
||
|
3371000
|
unkown
|
page read and write
|
||
|
14905000
|
unkown
|
page read and write
|
||
|
BF90000
|
unkown
|
page read and write
|
||
|
7FF5DF24E000
|
unkown
|
page readonly
|
||
|
7FF5DF25E000
|
unkown
|
page readonly
|
||
|
7B60000
|
unkown
|
page readonly
|
||
|
245FCB70000
|
heap
|
page read and write
|
||
|
8400000
|
heap
|
page read and write
|
||
|
148A1000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
1E405BD0000
|
direct allocation
|
page execute and read and write
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
14955000
|
unkown
|
page read and write
|
||
|
3BD5000
|
direct allocation
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
2430000
|
direct allocation
|
page read and write
|
||
|
14DF4000
|
unkown
|
page read and write
|
||
|
3310000
|
heap
|
page read and write
|
||
|
148E8000
|
unkown
|
page read and write
|
||
|
C24C000
|
unkown
|
page read and write
|
||
|
14DA9000
|
unkown
|
page read and write
|
||
|
2197DA38000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
412000
|
unkown
|
page read and write
|
||
|
2E00000
|
remote allocation
|
page execute and read and write
|
||
|
B830000
|
unkown
|
page readonly
|
||
|
14B49000
|
unkown
|
page read and write
|
||
|
7FF5DF584000
|
unkown
|
page readonly
|
||
|
14904000
|
unkown
|
page read and write
|
||
|
645000
|
heap
|
page read and write
|
||
|
336C000
|
unkown
|
page read and write
|
||
|
19750000
|
unkown
|
page read and write
|
||
|
22C4000
|
direct allocation
|
page read and write
|
||
|
14BEC000
|
unkown
|
page read and write
|
||
|
14A68000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
149CF000
|
unkown
|
page read and write
|
||
|
A09A000
|
unkown
|
page read and write
|
||
|
32E0000
|
direct allocation
|
page read and write
|
||
|
149CD000
|
unkown
|
page read and write
|
||
|
9F92000
|
unkown
|
page read and write
|
||
|
8A34000
|
unkown
|
page read and write
|
||
|
14989000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
E90000
|
remote allocation
|
page execute and read and write
|
||
|
7FF5DF3B9000
|
unkown
|
page readonly
|
||
|
14C1B000
|
unkown
|
page read and write
|
||
|
C736000
|
unkown
|
page read and write
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
12DE0000
|
unkown
|
page read and write
|
||
|
A02D000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
148C7000
|
unkown
|
page read and write
|
||
|
14280000
|
unkown
|
page read and write
|
||
|
70E000
|
heap
|
page read and write
|
||
|
14BCB000
|
unkown
|
page read and write
|
||
|
147EC000
|
unkown
|
page read and write
|
||
|
2A50000
|
heap
|
page read and write
|
||
|
14B27000
|
unkown
|
page read and write
|
||
|
7FF5DF5BE000
|
unkown
|
page readonly
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
1E505590000
|
heap
|
page read and write
|
||
|
6A7000
|
heap
|
page read and write
|
||
|
14965FE0000
|
heap
|
page read and write
|
||
|
22C3000
|
direct allocation
|
page read and write
|
||
|
18620000
|
unkown
|
page read and write
|
||
|
248D62B0000
|
heap
|
page read and write
|
||
|
7FF5DF0A2000
|
unkown
|
page readonly
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
3411000
|
heap
|
page read and write
|
||
|
C1A9000
|
unkown
|
page read and write
|
||
|
190E0000
|
unkown
|
page read and write
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
14A57000
|
unkown
|
page read and write
|
||
|
29746660000
|
heap
|
page read and write
|
||
|
A106000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14C4B000
|
unkown
|
page read and write
|
||
|
276F4578000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
98A7000
|
unkown
|
page read and write
|
||
|
14DEC000
|
unkown
|
page read and write
|
||
|
1494E000
|
unkown
|
page read and write
|
||
|
51A0000
|
remote allocation
|
page execute and read and write
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
9F2A000
|
unkown
|
page read and write
|
||
|
73CD000
|
unkown
|
page read and write
|
||
|
BFA7000
|
unkown
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
7FF5DF5D6000
|
unkown
|
page readonly
|
||
|
B81B000
|
stack
|
page read and write
|
||
|
14B21000
|
unkown
|
page read and write
|
||
|
14BB9000
|
unkown
|
page read and write
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
245FCBDC000
|
heap
|
page read and write
|
||
|
7FF5DF39C000
|
unkown
|
page readonly
|
||
|
E90000
|
remote allocation
|
page execute and read and write
|
||
|
7FF5DF07D000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
148EB000
|
unkown
|
page read and write
|
||
|
14C6C000
|
unkown
|
page read and write
|
||
|
645000
|
heap
|
page read and write
|
||
|
14A9A000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
7A40000
|
unkown
|
page readonly
|
||
|
14875000
|
unkown
|
page read and write
|
||
|
14A90000
|
unkown
|
page read and write
|
||
|
12EFB5C0000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
71E000
|
heap
|
page read and write
|
||
|
14EE1000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14A3B000
|
unkown
|
page read and write
|
||
|
5DAF000
|
stack
|
page read and write
|
||
|
7FF5DF382000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
C732000
|
unkown
|
page read and write
|
||
|
7FF5DF2F3000
|
unkown
|
page readonly
|
||
|
13390000
|
unkown
|
page read and write
|
||
|
17080000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
79E0000
|
unkown
|
page readonly
|
||
|
1481B000
|
unkown
|
page read and write
|
||
|
7FF5DF36A000
|
unkown
|
page readonly
|
||
|
7FF5DF08F000
|
unkown
|
page readonly
|
||
|
C75000
|
stack
|
page read and write
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
7FF5DF5FF000
|
unkown
|
page readonly
|
||
|
18B30000
|
unkown
|
page read and write
|
||
|
7B3000
|
heap
|
page read and write
|
||
|
14858000
|
unkown
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
276F4520000
|
heap
|
page read and write
|
||
|
E2B8FE000
|
stack
|
page read and write
|
||
|
169E0000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14858000
|
unkown
|
page read and write
|
||
|
7FF5DEFE8000
|
unkown
|
page readonly
|
||
|
3510000
|
direct allocation
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
14BB9000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
17080000
|
unkown
|
page read and write
|
||
|
2AE0000
|
trusted library allocation
|
page read and write
|
||
|
C19D000
|
unkown
|
page read and write
|
||
|
12DE0000
|
unkown
|
page read and write
|
||
|
14965FD0000
|
heap
|
page read and write
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
644000
|
heap
|
page read and write
|
||
|
14821000
|
unkown
|
page read and write
|
||
|
14C9E000
|
unkown
|
page read and write
|
||
|
148C7000
|
unkown
|
page read and write
|
||
|
BFC3000
|
unkown
|
page read and write
|
||
|
12DE0000
|
unkown
|
page read and write
|
||
|
13D30000
|
unkown
|
page read and write
|
||
|
14BCB000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
9F51000
|
unkown
|
page read and write
|
||
|
73A7000
|
unkown
|
page read and write
|
||
|
3362000
|
heap
|
page read and write
|
||
|
7FF5DF488000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
336C000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7B50000
|
unkown
|
page readonly
|
||
|
7FF5C0B6B000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
14BA5000
|
unkown
|
page read and write
|
||
|
7FF5DF284000
|
unkown
|
page readonly
|
||
|
C18A000
|
unkown
|
page read and write
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
2E05000
|
remote allocation
|
page execute and read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
237C000
|
direct allocation
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
14C48000
|
unkown
|
page read and write
|
||
|
86CC000
|
stack
|
page read and write
|
||
|
7FF5DE4F2000
|
unkown
|
page readonly
|
||
|
ACE9FE000
|
stack
|
page read and write
|
||
|
2392000
|
direct allocation
|
page read and write
|
||
|
2197F2D5000
|
direct allocation
|
page execute and read and write
|
||
|
245FCBC0000
|
direct allocation
|
page execute and read and write
|
||
|
C19D000
|
unkown
|
page read and write
|
||
|
C187000
|
unkown
|
page read and write
|
||
|
C49D000
|
unkown
|
page read and write
|
||
|
EC70000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
BEF0000
|
heap
|
page read and write
|
||
|
645000
|
heap
|
page read and write
|
||
|
C1C4000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
2399000
|
direct allocation
|
page read and write
|
||
|
7FF5DE539000
|
unkown
|
page readonly
|
||
|
51A5000
|
remote allocation
|
page execute and read and write
|
||
|
149DA000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
15DB0000
|
unkown
|
page read and write
|
||
|
9FF000
|
stack
|
page read and write
|
||
|
B9E0000
|
unkown
|
page read and write
|
||
|
18AAAC40000
|
direct allocation
|
page execute and read and write
|
||
|
149AA000
|
unkown
|
page read and write
|
||
|
7FF5DF49C000
|
unkown
|
page readonly
|
||
|
14E15000
|
unkown
|
page read and write
|
||
|
C6FC000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
C23D000
|
unkown
|
page read and write
|
||
|
971C000
|
unkown
|
page read and write
|
||
|
C6E2000
|
unkown
|
page read and write
|
||
|
14A90000
|
unkown
|
page read and write
|
||
|
14B27000
|
unkown
|
page read and write
|
||
|
7FF5DF21F000
|
unkown
|
page readonly
|
||
|
2890000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
184208C9000
|
heap
|
page read and write
|
||
|
51A0000
|
remote allocation
|
page execute and read and write
|
||
|
245FE690000
|
heap
|
page read and write
|
||
|
A27199C000
|
stack
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
169E0000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF5DF4A6000
|
unkown
|
page readonly
|
||
|
162D5000
|
remote allocation
|
page execute and read and write
|
||
|
1D680FE000
|
stack
|
page read and write
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
290603F0000
|
direct allocation
|
page execute and read and write
|
||
|
BF84000
|
unkown
|
page read and write
|
||
|
14D99000
|
unkown
|
page read and write
|
||
|
9E0000
|
unkown
|
page readonly
|
||
|
73AF000
|
unkown
|
page read and write
|
||
|
14A0B000
|
unkown
|
page read and write
|
||
|
14858000
|
unkown
|
page read and write
|
||
|
147DC000
|
unkown
|
page read and write
|
||
|
2E05000
|
remote allocation
|
page execute and read and write
|
||
|
20CED9C5000
|
direct allocation
|
page execute and read and write
|
||
|
51A0000
|
remote allocation
|
page execute and read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
A072000
|
unkown
|
page read and write
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF5DF55A000
|
unkown
|
page readonly
|
||
|
7380000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF5DF507000
|
unkown
|
page readonly
|
||
|
7FF5DEF06000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
726000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
E0F000
|
heap
|
page read and write
|
||
|
7FF5DF3FC000
|
unkown
|
page readonly
|
||
|
23115040000
|
heap
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
7860000
|
unkown
|
page read and write
|
||
|
C187000
|
unkown
|
page read and write
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14B29000
|
unkown
|
page read and write
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
149DB000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14EBD000
|
unkown
|
page read and write
|
||
|
14BE9000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14BB9000
|
unkown
|
page read and write
|
||
|
14C4B000
|
unkown
|
page read and write
|
||
|
14A4D000
|
unkown
|
page read and write
|
||
|
2400000
|
heap
|
page read and write
|
||
|
20F877C5000
|
direct allocation
|
page execute and read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
1F0EA790000
|
heap
|
page read and write
|
||
|
B25A000
|
stack
|
page read and write
|
||
|
C18A000
|
unkown
|
page read and write
|
||
|
22A0000
|
direct allocation
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
14BC5000
|
unkown
|
page read and write
|
||
|
14BCB000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
C2E4000
|
unkown
|
page read and write
|
||
|
14BCB000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
A762000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14966010000
|
heap
|
page read and write
|
||
|
58657FF000
|
stack
|
page read and write
|
||
|
22FE000
|
direct allocation
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
C183000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
1B281020000
|
direct allocation
|
page execute and read and write
|
||
|
14829000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
1D9286D0000
|
direct allocation
|
page execute and read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
3378000
|
heap
|
page read and write
|
||
|
AE6F000
|
stack
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14E04000
|
unkown
|
page read and write
|
||
|
14BC5000
|
unkown
|
page read and write
|
||
|
4860000
|
unkown
|
page read and write
|
||
|
176D0000
|
unkown
|
page read and write
|
||
|
147BF000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF5DF571000
|
unkown
|
page readonly
|
||
|
6F235FE000
|
stack
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14D48000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14D6A000
|
unkown
|
page read and write
|
||
|
18420860000
|
heap
|
page read and write
|
||
|
3412000
|
heap
|
page read and write
|
||
|
1D67FFE000
|
stack
|
page read and write
|
||
|
18620000
|
unkown
|
page read and write
|
||
|
7FF5DE531000
|
unkown
|
page readonly
|
||
|
14BDD000
|
unkown
|
page read and write
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
14CDF000
|
unkown
|
page read and write
|
||
|
14DEC000
|
unkown
|
page read and write
|
||
|
8FE000
|
stack
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
2290000
|
heap
|
page read and write
|
||
|
149CB000
|
unkown
|
page read and write
|
||
|
14EC3000
|
unkown
|
page read and write
|
||
|
2210000
|
direct allocation
|
page read and write
|
||
|
14829000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF5C0B65000
|
unkown
|
page readonly
|
||
|
B11E000
|
stack
|
page read and write
|
||
|
16880000
|
unkown
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
73B6000
|
unkown
|
page read and write
|
||
|
13A1000
|
unkown
|
page readonly
|
||
|
2D1E000
|
stack
|
page read and write
|
||
|
7FF5DF361000
|
unkown
|
page readonly
|
||
|
3412000
|
heap
|
page read and write
|
||
|
C566000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
848E000
|
stack
|
page read and write
|
||
|
ECA1000
|
unkown
|
page read and write
|
||
|
14A90000
|
unkown
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
148FB000
|
unkown
|
page read and write
|
||
|
295375C0000
|
heap
|
page read and write
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
148FB000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14D46000
|
unkown
|
page read and write
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
18420885000
|
direct allocation
|
page execute and read and write
|
||
|
2273000
|
direct allocation
|
page read and write
|
||
|
7FF5DF28E000
|
unkown
|
page readonly
|
||
|
37C0000
|
remote allocation
|
page read and write
|
||
|
4760000
|
unkown
|
page read and write
|
||
|
14E39000
|
unkown
|
page read and write
|
||
|
148FB000
|
unkown
|
page read and write
|
||
|
14D81000
|
unkown
|
page read and write
|
||
|
7FF5DF045000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF5DF18E000
|
unkown
|
page readonly
|
||
|
22F0000
|
direct allocation
|
page read and write
|
||
|
C354000
|
unkown
|
page read and write
|
||
|
14C04000
|
unkown
|
page read and write
|
||
|
F75000
|
unkown
|
page execute and read and write
|
||
|
7FF5DF0F6000
|
unkown
|
page readonly
|
||
|
14BF3000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14DA5000
|
unkown
|
page read and write
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
16280000
|
unkown
|
page read and write
|
||
|
C319000
|
unkown
|
page read and write
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
C192000
|
unkown
|
page read and write
|
||
|
C192000
|
unkown
|
page read and write
|
||
|
190E0000
|
unkown
|
page read and write
|
||
|
14A57000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
9700000
|
unkown
|
page read and write
|
||
|
14BF7000
|
unkown
|
page read and write
|
||
|
7FF5DF53F000
|
unkown
|
page readonly
|
||
|
20F85E10000
|
heap
|
page read and write
|
||
|
18620000
|
unkown
|
page read and write
|
||
|
FEB2000
|
unkown
|
page read and write
|
||
|
C159000
|
unkown
|
page read and write
|
||
|
962B000
|
unkown
|
page read and write
|
||
|
14BEC000
|
unkown
|
page read and write
|
||
|
7C88000
|
stack
|
page read and write
|
||
|
ECB8000
|
unkown
|
page read and write
|
||
|
1195000
|
heap
|
page read and write
|
||
|
147B6000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF5DEE52000
|
unkown
|
page readonly
|
||
|
1D928720000
|
heap
|
page read and write
|
||
|
14D46000
|
unkown
|
page read and write
|
||
|
23116925000
|
direct allocation
|
page execute and read and write
|
||
|
2197DA10000
|
heap
|
page read and write
|
||
|
22F77FB0000
|
heap
|
page read and write
|
||
|
1487C000
|
unkown
|
page read and write
|
||
|
6C8000
|
heap
|
page read and write
|
||
|
28A0000
|
unkown
|
page readonly
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
147F0000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
BFA1000
|
unkown
|
page read and write
|
||
|
6FC000
|
heap
|
page read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
14955000
|
unkown
|
page read and write
|
||
|
7FF5DE535000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
27D0000
|
unkown
|
page read and write
|
||
|
7399000
|
unkown
|
page read and write
|
||
|
16880000
|
unkown
|
page read and write
|
||
|
254F000
|
direct allocation
|
page read and write
|
||
|
87B1000
|
unkown
|
page read and write
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
F70000
|
unkown
|
page execute and read and write
|
||
|
14852000
|
unkown
|
page read and write
|
||
|
148FB000
|
unkown
|
page read and write
|
||
|
18AA9370000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14BB9000
|
unkown
|
page read and write
|
||
|
230D000
|
direct allocation
|
page read and write
|
||
|
14280000
|
unkown
|
page read and write
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
1B0FC040000
|
heap
|
page read and write
|
||
|
18620000
|
unkown
|
page read and write
|
||
|
6868FC000
|
stack
|
page read and write
|
||
|
88E0000
|
unkown
|
page read and write
|
||
|
7FF5DF248000
|
unkown
|
page readonly
|
||
|
6550000
|
heap
|
page read and write
|
||
|
BF98000
|
unkown
|
page read and write
|
||
|
C6FC000
|
unkown
|
page read and write
|
||
|
17080000
|
unkown
|
page read and write
|
||
|
18620000
|
unkown
|
page read and write
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
FF1000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FE3B000
|
direct allocation
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
7FF5DF59E000
|
unkown
|
page readonly
|
||
|
3315000
|
direct allocation
|
page read and write
|
||
|
1F0EA7A0000
|
heap
|
page read and write
|
||
|
2E00000
|
remote allocation
|
page execute and read and write
|
||
|
51A0000
|
remote allocation
|
page execute and read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
22DA000
|
direct allocation
|
page read and write
|
||
|
20F85DF0000
|
heap
|
page read and write
|
||
|
C319000
|
unkown
|
page read and write
|
||
|
13D30000
|
unkown
|
page read and write
|
||
|
334A000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14B4A000
|
unkown
|
page read and write
|
||
|
6F234FF000
|
stack
|
page read and write
|
||
|
14DA5000
|
unkown
|
page read and write
|
||
|
14937000
|
unkown
|
page read and write
|
||
|
A5ADAFF000
|
stack
|
page read and write
|
||
|
149E6000
|
unkown
|
page read and write
|
||
|
7FF5DF2E5000
|
unkown
|
page readonly
|
||
|
7FF5DF54D000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
14966035000
|
direct allocation
|
page execute and read and write
|
||
|
764000
|
heap
|
page read and write
|
||
|
A5AD77C000
|
stack
|
page read and write
|
||
|
7FF5DF091000
|
unkown
|
page readonly
|
||
|
14C4B000
|
unkown
|
page read and write
|
||
|
C1A9000
|
unkown
|
page read and write
|
||
|
2E00000
|
remote allocation
|
page execute and read and write
|
||
|
14EBF000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
1B0FC075000
|
direct allocation
|
page execute and read and write
|
||
|
190E0000
|
unkown
|
page read and write
|
||
|
7FF5DF606000
|
unkown
|
page readonly
|
||
|
236D000
|
direct allocation
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
23116900000
|
heap
|
page read and write
|
||
|
1482C000
|
unkown
|
page read and write
|
||
|
2375000
|
direct allocation
|
page read and write
|
||
|
14858000
|
unkown
|
page read and write
|
||
|
7FF5DF3EA000
|
unkown
|
page readonly
|
||
|
14947000
|
unkown
|
page read and write
|
||
|
37C0000
|
remote allocation
|
page read and write
|
||
|
148C7000
|
unkown
|
page read and write
|
||
|
15770000
|
unkown
|
page read and write
|
||
|
184208C0000
|
heap
|
page read and write
|
||
|
16880000
|
unkown
|
page read and write
|
||
|
D3B7DFE000
|
stack
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
23AF000
|
direct allocation
|
page read and write
|
||
|
13F8F750000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14A0A000
|
unkown
|
page read and write
|
||
|
1480D000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF5DEE5A000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
27FA6FC000
|
stack
|
page read and write
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
7FF5DF20A000
|
unkown
|
page readonly
|
||
|
14A68000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
3185000
|
stack
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
47F3000
|
unkown
|
page read and write
|
||
|
148FD000
|
unkown
|
page read and write
|
||
|
14280000
|
unkown
|
page read and write
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
29538FA0000
|
heap
|
page read and write
|
||
|
14B27000
|
unkown
|
page read and write
|
||
|
7FF5DF62C000
|
unkown
|
page readonly
|
||
|
15770000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
22CB000
|
direct allocation
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF5DF0C3000
|
unkown
|
page readonly
|
||
|
125A0000
|
unkown
|
page read and write
|
||
|
1728DC20000
|
heap
|
page read and write
|
||
|
1F0EA7F0000
|
direct allocation
|
page execute and read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
19DD0000
|
unkown
|
page read and write
|
||
|
77F0000
|
unkown
|
page read and write
|
||
|
6FC000
|
heap
|
page read and write
|
||
|
149BA000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
2E00000
|
remote allocation
|
page execute and read and write
|
||
|
7FF5DF45A000
|
unkown
|
page readonly
|
||
|
C734000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
13D30000
|
unkown
|
page read and write
|
||
|
16280000
|
unkown
|
page read and write
|
||
|
7FF5DF09B000
|
unkown
|
page readonly
|
||
|
15770000
|
unkown
|
page read and write
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
401000
|
unkown
|
page execute read
|
||
|
22A5000
|
heap
|
page read and write
|
||
|
1480D000
|
unkown
|
page read and write
|
||
|
875C000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
1E505598000
|
heap
|
page read and write
|
||
|
14A68000
|
unkown
|
page read and write
|
||
|
1E404238000
|
heap
|
page read and write
|
||
|
2890000
|
heap
|
page read and write
|
||
|
978C000
|
unkown
|
page read and write
|
||
|
C4EB000
|
unkown
|
page read and write
|
||
|
14B26000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF5DF26F000
|
unkown
|
page readonly
|
||
|
336F000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
C87FFEC000
|
stack
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
22E2000
|
direct allocation
|
page read and write
|
||
|
EF974FF000
|
stack
|
page read and write
|
||
|
7FF5DEFC2000
|
unkown
|
page readonly
|
||
|
231B000
|
direct allocation
|
page read and write
|
||
|
14E8C000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
1487C000
|
unkown
|
page read and write
|
||
|
245FCBD0000
|
heap
|
page read and write
|
||
|
148BB000
|
unkown
|
page read and write
|
||
|
148D8000
|
unkown
|
page read and write
|
||
|
651D000
|
stack
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
16880000
|
unkown
|
page read and write
|
||
|
7FF5DF537000
|
unkown
|
page readonly
|
||
|
14BE7000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
147F0000
|
unkown
|
page read and write
|
||
|
2226000
|
direct allocation
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
14A4B000
|
unkown
|
page read and write
|
||
|
14966098000
|
heap
|
page read and write
|
||
|
3290000
|
unkown
|
page readonly
|
||
|
7FF5DF4BD000
|
unkown
|
page readonly
|
||
|
7FF5DF23A000
|
unkown
|
page readonly
|
||
|
3BFA000
|
direct allocation
|
page read and write
|
||
|
16280000
|
unkown
|
page read and write
|
||
|
20CEBFF0000
|
heap
|
page read and write
|
||
|
14E1A000
|
unkown
|
page read and write
|
||
|
EF972FC000
|
stack
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF5DEFDD000
|
unkown
|
page readonly
|
||
|
612F000
|
stack
|
page read and write
|
||
|
18B30000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14D4B000
|
unkown
|
page read and write
|
||
|
4C4AEFC000
|
stack
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
14E3C000
|
unkown
|
page read and write
|
||
|
7FF5DEF87000
|
unkown
|
page readonly
|
||
|
FDB4000
|
unkown
|
page read and write
|
||
|
C18A000
|
unkown
|
page read and write
|
||
|
2322000
|
direct allocation
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
EA0000
|
unkown
|
page read and write
|
||
|
51A5000
|
remote allocation
|
page execute and read and write
|
||
|
14B94000
|
unkown
|
page read and write
|
||
|
147B6000
|
unkown
|
page read and write
|
||
|
14EE1000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14D8A000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
417000
|
unkown
|
page read and write
|
||
|
14E1A000
|
unkown
|
page read and write
|
||
|
7FF5DF4F7000
|
unkown
|
page readonly
|
||
|
C298000
|
unkown
|
page read and write
|
||
|
479B000
|
unkown
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
149EB000
|
unkown
|
page read and write
|
||
|
12DE0000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF5DF539000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
ACE5DC000
|
stack
|
page read and write
|
||
|
14914000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
16B90000
|
unkown
|
page read and write
|
||
|
7FF5DF47E000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
A08A000
|
unkown
|
page read and write
|
||
|
C23D000
|
unkown
|
page read and write
|
||
|
14A98000
|
unkown
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
AB8C000
|
stack
|
page read and write
|
||
|
2197DA3E000
|
heap
|
page read and write
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
14CEF000
|
unkown
|
page read and write
|
||
|
14B18000
|
unkown
|
page read and write
|
||
|
13390000
|
unkown
|
page read and write
|
||
|
C1C4000
|
unkown
|
page read and write
|
||
|
14BDB000
|
unkown
|
page read and write
|
||
|
14C4B000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF5DF43C000
|
unkown
|
page readonly
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
644000
|
heap
|
page read and write
|
||
|
21CD000
|
direct allocation
|
page read and write
|
||
|
290603C0000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
3382000
|
heap
|
page read and write
|
||
|
16B90000
|
unkown
|
page read and write
|
||
|
1494E000
|
unkown
|
page read and write
|
||
|
C34E000
|
unkown
|
page read and write
|
||
|
1D928728000
|
heap
|
page read and write
|
||
|
7A8000
|
heap
|
page read and write
|
||
|
A74D000
|
unkown
|
page read and write
|
||
|
276F44F0000
|
heap
|
page read and write
|
||
|
3BE9000
|
direct allocation
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
2354000
|
direct allocation
|
page read and write
|
||
|
2874BCA8000
|
heap
|
page read and write
|
||
|
14AD2000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF5DEF84000
|
unkown
|
page readonly
|
||
|
C13A000
|
unkown
|
page read and write
|
||
|
C23D000
|
unkown
|
page read and write
|
||
|
14E6D000
|
unkown
|
page read and write
|
||
|
2259000
|
direct allocation
|
page read and write
|
||
|
7FF5DF3BE000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
1482C000
|
unkown
|
page read and write
|
||
|
14955000
|
unkown
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
AC316FF000
|
stack
|
page read and write
|
||
|
C1C4000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
22B0000
|
direct allocation
|
page read and write
|
||
|
9F27000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
276F44B0000
|
heap
|
page read and write
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF5DF2FE000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
14CCD000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
3C2C000
|
direct allocation
|
page read and write
|
||
|
A271DFF000
|
stack
|
page read and write
|
||
|
20CEC0F0000
|
heap
|
page read and write
|
||
|
14863000
|
unkown
|
page read and write
|
||
|
3ADE000
|
stack
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
18620000
|
unkown
|
page read and write
|
||
|
9718000
|
unkown
|
page read and write
|
||
|
14A78000
|
unkown
|
page read and write
|
||
|
52266FC000
|
stack
|
page read and write
|
||
|
73B4000
|
unkown
|
page read and write
|
||
|
BF40000
|
unkown
|
page read and write
|
||
|
2244000
|
direct allocation
|
page read and write
|
||
|
14858000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
C192000
|
unkown
|
page read and write
|
||
|
14C8D000
|
unkown
|
page read and write
|
||
|
747000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
1B282BC0000
|
heap
|
page read and write
|
||
|
E90000
|
remote allocation
|
page execute and read and write
|
||
|
14E6B000
|
unkown
|
page read and write
|
||
|
9D1F000
|
stack
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
9FC3000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
1ECC4130000
|
heap
|
page read and write
|
||
|
12EFB6F8000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14B72000
|
unkown
|
page read and write
|
||
|
14C04000
|
unkown
|
page read and write
|
||
|
3411000
|
heap
|
page read and write
|
||
|
4750000
|
unkown
|
page read and write
|
||
|
1728DAF0000
|
heap
|
page read and write
|
||
|
179FC6D0000
|
heap
|
page read and write
|
||
|
7FF5DEFBD000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
14BE5000
|
unkown
|
page read and write
|
||
|
19750000
|
unkown
|
page read and write
|
||
|
1728C240000
|
heap
|
page read and write
|
||
|
AC315FF000
|
stack
|
page read and write
|
||
|
7FF5DEF90000
|
unkown
|
page readonly
|
||
|
FF30000
|
unkown
|
page read and write
|
||
|
2E00000
|
remote allocation
|
page execute and read and write
|
||
|
248D48C0000
|
heap
|
page read and write
|
||
|
13F8F760000
|
heap
|
page read and write
|
||
|
276F4570000
|
heap
|
page read and write
|
||
|
F75000
|
unkown
|
page execute and read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
A744000
|
unkown
|
page read and write
|
||
|
FE33000
|
unkown
|
page read and write
|
||
|
52C3000
|
unkown
|
page read and write
|
||
|
C354000
|
unkown
|
page read and write
|
||
|
2438D0D8000
|
heap
|
page read and write
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
AFF9000
|
stack
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14945000
|
unkown
|
page read and write
|
||
|
B45A000
|
stack
|
page read and write
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
1FFEC170000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
19750000
|
unkown
|
page read and write
|
||
|
A0F7000
|
unkown
|
page read and write
|
||
|
B9BF000
|
stack
|
page read and write
|
||
|
C13E000
|
unkown
|
page read and write
|
||
|
125A0000
|
unkown
|
page read and write
|
||
|
9E9E000
|
stack
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
29744CA0000
|
heap
|
page read and write
|
||
|
7FF5DF591000
|
unkown
|
page readonly
|
||
|
AC0D000
|
stack
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
C736000
|
unkown
|
page read and write
|
||
|
3353000
|
heap
|
page read and write
|
||
|
147B4000
|
unkown
|
page read and write
|
||
|
CC7FBFE000
|
stack
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
2E05000
|
remote allocation
|
page execute and read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
C159000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
B589000
|
stack
|
page read and write
|
||
|
7DF5E895F000
|
unkown
|
page readonly
|
||
|
49CF6FF000
|
stack
|
page read and write
|
||
|
14C9C000
|
unkown
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
8C680FC000
|
stack
|
page read and write
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
14852000
|
unkown
|
page read and write
|
||
|
D1892FC000
|
stack
|
page read and write
|
||
|
20CEC0D0000
|
heap
|
page read and write
|
||
|
14E9F000
|
unkown
|
page read and write
|
||
|
14D6A000
|
unkown
|
page read and write
|
||
|
5DEE000
|
stack
|
page read and write
|
||
|
22A9000
|
heap
|
page read and write
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
22E1000
|
direct allocation
|
page read and write
|
||
|
7FF5DF3F5000
|
unkown
|
page readonly
|
||
|
14C13000
|
unkown
|
page read and write
|
||
|
9CEB2FF000
|
stack
|
page read and write
|
||
|
22CC000
|
direct allocation
|
page read and write
|
||
|
23C4000
|
direct allocation
|
page read and write
|
||
|
92DB000
|
stack
|
page read and write
|
||
|
21FA000
|
direct allocation
|
page read and write
|
||
|
C474000
|
unkown
|
page read and write
|
||
|
14B00000
|
unkown
|
page read and write
|
||
|
14A57000
|
unkown
|
page read and write
|
||
|
70D000
|
heap
|
page read and write
|
||
|
C2E4000
|
unkown
|
page read and write
|
||
|
4855000
|
unkown
|
page read and write
|
||
|
3373000
|
unkown
|
page read and write
|
||
|
14A60000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14B21000
|
unkown
|
page read and write
|
||
|
2874BB60000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
7FF5DF25B000
|
unkown
|
page readonly
|
||
|
1487C000
|
unkown
|
page read and write
|
||
|
C1CC000
|
unkown
|
page read and write
|
||
|
19DD0000
|
unkown
|
page read and write
|
||
|
2E05000
|
remote allocation
|
page execute and read and write
|
||
|
9F23000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
C23D000
|
unkown
|
page read and write
|
||
|
C18A000
|
unkown
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF5DF126000
|
unkown
|
page readonly
|
||
|
49CF4FC000
|
stack
|
page read and write
|
||
|
147F0000
|
unkown
|
page read and write
|
||
|
14E1A000
|
unkown
|
page read and write
|
||
|
180E0000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
C298000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
22F764A0000
|
heap
|
page read and write
|
||
|
C187000
|
unkown
|
page read and write
|
||
|
12DE0000
|
unkown
|
page read and write
|
||
|
AB0D000
|
stack
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14B94000
|
unkown
|
page read and write
|
||
|
96DF000
|
unkown
|
page read and write
|
||
|
2D61000
|
unkown
|
page read and write
|
||
|
149DB000
|
unkown
|
page read and write
|
||
|
14966030000
|
direct allocation
|
page execute and read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
22D3000
|
direct allocation
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
14976000
|
unkown
|
page read and write
|
||
|
20F85E18000
|
heap
|
page read and write
|
||
|
14A0C000
|
unkown
|
page read and write
|
||
|
14879000
|
unkown
|
page read and write
|
||
|
1493E000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14B29000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
C149000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
148C2000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
149FB000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
ACE8FF000
|
stack
|
page read and write
|
||
|
3412000
|
heap
|
page read and write
|
||
|
1F0EA7D0000
|
heap
|
page read and write
|
||
|
1E506F00000
|
heap
|
page read and write
|
||
|
15770000
|
unkown
|
page read and write
|
||
|
14B29000
|
unkown
|
page read and write
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
399E000
|
stack
|
page read and write
|
||
|
73B8000
|
unkown
|
page read and write
|
||
|
A758000
|
unkown
|
page read and write
|
||
|
1ECC4150000
|
direct allocation
|
page execute and read and write
|
||
|
169E0000
|
unkown
|
page read and write
|
||
|
2E05000
|
remote allocation
|
page execute and read and write
|
||
|
14A2B000
|
unkown
|
page read and write
|
||
|
C187000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
1D928670000
|
heap
|
page read and write
|
||
|
147FB000
|
unkown
|
page read and write
|
||
|
909C000
|
stack
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF5DF4F3000
|
unkown
|
page readonly
|
||
|
1FFEC1F0000
|
heap
|
page read and write
|
||
|
14BE9000
|
unkown
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
1D9286D5000
|
direct allocation
|
page execute and read and write
|
||
|
224B000
|
direct allocation
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF5DF549000
|
unkown
|
page readonly
|
||
|
7FF5DF4FB000
|
unkown
|
page readonly
|
||
|
C2E4000
|
unkown
|
page read and write
|
||
|
76F000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14A3B000
|
unkown
|
page read and write
|
||
|
7FF5DF095000
|
unkown
|
page readonly
|
||
|
C048000
|
unkown
|
page read and write
|
||
|
12EFCF90000
|
direct allocation
|
page execute and read and write
|
||
|
2E05000
|
remote allocation
|
page execute and read and write
|
||
|
885E000
|
stack
|
page read and write
|
||
|
2252000
|
direct allocation
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
179FAE20000
|
heap
|
page read and write
|
||
|
9F3E000
|
unkown
|
page read and write
|
||
|
14D48000
|
unkown
|
page read and write
|
||
|
14BC5000
|
unkown
|
page read and write
|
||
|
1480D000
|
unkown
|
page read and write
|
||
|
7FF5DF3DF000
|
unkown
|
page readonly
|
||
|
7FF5DF364000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
B2DC000
|
stack
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
2438CFB0000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
91A8CFC000
|
stack
|
page read and write
|
||
|
2E00000
|
remote allocation
|
page execute and read and write
|
||
|
9F74000
|
unkown
|
page read and write
|
||
|
4788000
|
unkown
|
page read and write
|
||
|
670000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
8390000
|
unkown
|
page read and write
|
||
|
14ACE000
|
unkown
|
page read and write
|
||
|
1B281025000
|
direct allocation
|
page execute and read and write
|
||
|
2E00000
|
remote allocation
|
page execute and read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
148C7000
|
unkown
|
page read and write
|
||
|
C19D000
|
unkown
|
page read and write
|
||
|
7FF5DF2E2000
|
unkown
|
page readonly
|
||
|
96ED000
|
unkown
|
page read and write
|
||
|
7BE000
|
heap
|
page read and write
|
||
|
7FF5DF41B000
|
unkown
|
page readonly
|
||
|
147BF000
|
unkown
|
page read and write
|
||
|
8EA9000
|
stack
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
16B90000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
190E0000
|
unkown
|
page read and write
|
||
|
14C48000
|
unkown
|
page read and write
|
||
|
15DB0000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
1ECC2790000
|
heap
|
page read and write
|
||
|
14905000
|
unkown
|
page read and write
|
||
|
16EBFC80000
|
heap
|
page read and write
|
||
|
440000
|
heap
|
page read and write
|
||
|
C183000
|
unkown
|
page read and write
|
||
|
2202000
|
direct allocation
|
page read and write
|
||
|
13F8F7B5000
|
direct allocation
|
page execute and read and write
|
||
|
3394000
|
unkown
|
page read and write
|
||
|
D1894FF000
|
stack
|
page read and write
|
||
|
14829000
|
unkown
|
page read and write
|
||
|
7FF5DF392000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
17080000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF5DF221000
|
unkown
|
page readonly
|
||
|
15DB0000
|
unkown
|
page read and write
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
14A9A000
|
unkown
|
page read and write
|
||
|
5180000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
C23D000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14E15000
|
unkown
|
page read and write
|
||
|
ECD0000
|
unkown
|
page read and write
|
||
|
148B9000
|
unkown
|
page read and write
|
||
|
14875000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
C159000
|
unkown
|
page read and write
|
||
|
190E0000
|
unkown
|
page read and write
|
||
|
14A57000
|
unkown
|
page read and write
|
||
|
14BF1000
|
unkown
|
page read and write
|
||
|
74A9000
|
unkown
|
page read and write
|
||
|
980000
|
unkown
|
page readonly
|
||
|
14CBE000
|
unkown
|
page read and write
|
||
|
1F0EC2A0000
|
heap
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
1E404230000
|
heap
|
page read and write
|
||
|
7FF5DF081000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
14DA5000
|
unkown
|
page read and write
|
||
|
14B24000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7ACE000
|
stack
|
page read and write
|
||
|
A690000
|
unkown
|
page read and write
|
||
|
9F7C000
|
unkown
|
page read and write
|
||
|
3364000
|
unkown
|
page read and write
|
||
|
147DB000
|
unkown
|
page read and write
|
||
|
19DD0000
|
unkown
|
page read and write
|
||
|
C354000
|
unkown
|
page read and write
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
14C2D000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
FEF4000
|
unkown
|
page read and write
|
||
|
245FCBD6000
|
heap
|
page read and write
|
||
|
A08D000
|
unkown
|
page read and write
|
||
|
ADA0000
|
heap
|
page read and write
|
||
|
C159000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
ECD4000
|
unkown
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
C192000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
1F0EA850000
|
heap
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
1E405CB0000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14875000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF5DF366000
|
unkown
|
page readonly
|
||
|
14C48000
|
unkown
|
page read and write
|
||
|
1E405BB0000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
3364000
|
heap
|
page read and write
|
||
|
18420880000
|
direct allocation
|
page execute and read and write
|
||
|
3382000
|
unkown
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
14A0C000
|
unkown
|
page read and write
|
||
|
2EC0000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
9A576FC000
|
stack
|
page read and write
|
||
|
13D30000
|
unkown
|
page read and write
|
||
|
14BFF000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
767000
|
heap
|
page read and write
|
||
|
169E0000
|
unkown
|
page read and write
|
||
|
12DE0000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
13390000
|
unkown
|
page read and write
|
||
|
15770000
|
unkown
|
page read and write
|
||
|
9A578FE000
|
stack
|
page read and write
|
||
|
125A0000
|
unkown
|
page read and write
|
||
|
148C0000
|
unkown
|
page read and write
|
||
|
190E0000
|
unkown
|
page read and write
|
||
|
2197F2D0000
|
direct allocation
|
page execute and read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
6BA000
|
heap
|
page read and write
|
||
|
7FF5DEFFC000
|
unkown
|
page readonly
|
||
|
C1CC000
|
unkown
|
page read and write
|
||
|
14925000
|
unkown
|
page read and write
|
||
|
16880000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
147DC000
|
unkown
|
page read and write
|
||
|
7395000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
C507000
|
unkown
|
page read and write
|
||
|
7FF5DF4D5000
|
unkown
|
page readonly
|
||
|
2E00000
|
remote allocation
|
page execute and read and write
|
||
|
14863000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14BF3000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14D6B000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7D89000
|
stack
|
page read and write
|
||
|
149BA000
|
unkown
|
page read and write
|
||
|
712000
|
heap
|
page read and write
|
||
|
47D9000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF5DF1CD000
|
unkown
|
page readonly
|
||
|
645000
|
heap
|
page read and write
|
||
|
7FF5DF349000
|
unkown
|
page readonly
|
||
|
14863000
|
unkown
|
page read and write
|
||
|
1E506F20000
|
direct allocation
|
page execute and read and write
|
||
|
C2E4000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
9A577FF000
|
stack
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
149FB000
|
unkown
|
page read and write
|
||
|
2874D6F0000
|
heap
|
page read and write
|
||
|
20CEC0F8000
|
heap
|
page read and write
|
||
|
3412000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
16280000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
B4DB000
|
stack
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
2362000
|
direct allocation
|
page read and write
|
||
|
17080000
|
unkown
|
page read and write
|
||
|
290603F5000
|
direct allocation
|
page execute and read and write
|
||
|
7499000
|
unkown
|
page read and write
|
||
|
7FF5DF3A1000
|
unkown
|
page readonly
|
||
|
3356000
|
unkown
|
page read and write
|
||
|
235B000
|
direct allocation
|
page read and write
|
||
|
3375000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
148A5000
|
unkown
|
page read and write
|
||
|
14B8A000
|
unkown
|
page read and write
|
||
|
149FB000
|
unkown
|
page read and write
|
||
|
749000
|
heap
|
page read and write
|
||
|
83B0000
|
unkown
|
page readonly
|
||
|
180E0000
|
unkown
|
page read and write
|
||
|
759EFF000
|
stack
|
page read and write
|
||
|
7FD20000
|
direct allocation
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14E5A000
|
unkown
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
7FF5DEFB7000
|
unkown
|
page readonly
|
||
|
23E1000
|
direct allocation
|
page read and write
|
||
|
7FF5DF169000
|
unkown
|
page readonly
|
||
|
CC7FCFE000
|
stack
|
page read and write
|
||
|
9F10000
|
unkown
|
page read and write
|
||
|
1B0FC080000
|
heap
|
page read and write
|
||
|
14E15000
|
unkown
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
3107000
|
stack
|
page read and write
|
||
|
7FF5DF156000
|
unkown
|
page readonly
|
||
|
14AD6000
|
unkown
|
page read and write
|
||
|
245FCB60000
|
heap
|
page read and write
|
||
|
28D3000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
717000
|
heap
|
page read and write
|
||
|
C19D000
|
unkown
|
page read and write
|
||
|
717000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF5DF443000
|
unkown
|
page readonly
|
||
|
2A4E000
|
stack
|
page read and write
|
||
|
E91000
|
unkown
|
page read and write
|
||
|
19DD0000
|
unkown
|
page read and write
|
||
|
12EFD060000
|
heap
|
page read and write
|
||
|
1B0FC070000
|
direct allocation
|
page execute and read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
E24C9FF000
|
stack
|
page read and write
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
14E4A000
|
unkown
|
page read and write
|
||
|
248D4860000
|
heap
|
page read and write
|
||
|
14A4A000
|
unkown
|
page read and write
|
||
|
1D9286B0000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
901B000
|
stack
|
page read and write
|
||
|
C1A9000
|
unkown
|
page read and write
|
||
|
14AE6000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF5DEF94000
|
unkown
|
page readonly
|
||
|
18620000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14A4A000
|
unkown
|
page read and write
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
20F877C0000
|
direct allocation
|
page execute and read and write
|
||
|
9CEB1FE000
|
stack
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14A1A000
|
unkown
|
page read and write
|
||
|
C6E2000
|
unkown
|
page read and write
|
||
|
7FF5DEFAF000
|
unkown
|
page readonly
|
||
|
E70000
|
unkown
|
page readonly
|
||
|
20F877A0000
|
heap
|
page read and write
|
||
|
6570000
|
heap
|
page read and write
|
||
|
148FD000
|
unkown
|
page read and write
|
||
|
ECBC000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
3520000
|
direct allocation
|
page read and write
|
||
|
10EC8FC000
|
stack
|
page read and write
|
||
|
759DFF000
|
stack
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
190E0000
|
unkown
|
page read and write
|
||
|
14AD0000
|
unkown
|
page read and write
|
||
|
A5ADBFF000
|
stack
|
page read and write
|
||
|
62DE000
|
stack
|
page read and write
|
||
|
C1A9000
|
unkown
|
page read and write
|
||
|
14A9A000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
B010000
|
unkown
|
page read and write
|
||
|
22BC000
|
direct allocation
|
page read and write
|
||
|
D50000
|
unkown
|
page read and write
|
||
|
1FFEDCE0000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF5DF5B5000
|
unkown
|
page readonly
|
||
|
148BB000
|
unkown
|
page read and write
|
||
|
73E5000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
2E05000
|
remote allocation
|
page execute and read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
18420830000
|
heap
|
page read and write
|
||
|
C6DA000
|
unkown
|
page read and write
|
||
|
149DB000
|
unkown
|
page read and write
|
||
|
32F0000
|
direct allocation
|
page read and write
|
||
|
63362FF000
|
stack
|
page read and write
|
||
|
C1A9000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
19750000
|
unkown
|
page read and write
|
||
|
221E000
|
direct allocation
|
page read and write
|
||
|
125A0000
|
unkown
|
page read and write
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
A0FC000
|
unkown
|
page read and write
|
||
|
14989000
|
unkown
|
page read and write
|
||
|
335B000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
148F4000
|
unkown
|
page read and write
|
||
|
7A1000
|
heap
|
page read and write
|
||
|
14A57000
|
unkown
|
page read and write
|
||
|
7DF4E6780000
|
unkown
|
page readonly
|
||
|
C1A9000
|
unkown
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
148C9000
|
unkown
|
page read and write
|
||
|
16EBFCC0000
|
heap
|
page read and write
|
||
|
238B000
|
direct allocation
|
page read and write
|
||
|
3349000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
375E000
|
stack
|
page read and write
|
||
|
51A5000
|
remote allocation
|
page execute and read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
32F47FE000
|
stack
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
18AAACF0000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
41C000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
27F0000
|
unkown
|
page readonly
|
||
|
14CCC000
|
unkown
|
page read and write
|
||
|
7DF4E6760000
|
unkown
|
page readonly
|
||
|
C183000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
2874BC40000
|
heap
|
page read and write
|
||
|
14ABD000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
51A0000
|
remote allocation
|
page execute and read and write
|
||
|
180E0000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
2F10000
|
unkown
|
page read and write
|
||
|
14CBE000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14A57000
|
unkown
|
page read and write
|
||
|
7FF5DE5CC000
|
unkown
|
page readonly
|
||
|
14F23000
|
unkown
|
page read and write
|
||
|
22DA000
|
direct allocation
|
page read and write
|
||
|
3281000
|
stack
|
page read and write
|
||
|
772000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
23E8000
|
direct allocation
|
page read and write
|
||
|
149B6000
|
unkown
|
page read and write
|
||
|
1B280FC0000
|
heap
|
page read and write
|
||
|
2E05000
|
remote allocation
|
page execute and read and write
|
||
|
3C1E000
|
direct allocation
|
page read and write
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF5DF0D2000
|
unkown
|
page readonly
|
||
|
C1C4000
|
unkown
|
page read and write
|
||
|
7FF5DEE4E000
|
unkown
|
page readonly
|
||
|
276F44C0000
|
heap
|
page read and write
|
||
|
14858000
|
unkown
|
page read and write
|
||
|
14DEC000
|
unkown
|
page read and write
|
||
|
7FF5DF58A000
|
unkown
|
page readonly
|
||
|
C23D000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14C6C000
|
unkown
|
page read and write
|
||
|
48A0000
|
unkown
|
page read and write
|
||
|
971A000
|
unkown
|
page read and write
|
||
|
C2E4000
|
unkown
|
page read and write
|
||
|
B120000
|
unkown
|
page readonly
|
||
|
18B30000
|
unkown
|
page read and write
|
||
|
ACAF000
|
stack
|
page read and write
|
||
|
BFDF000
|
unkown
|
page read and write
|
||
|
147F0000
|
unkown
|
page read and write
|
||
|
51A0000
|
remote allocation
|
page execute and read and write
|
||
|
2430000
|
direct allocation
|
page read and write
|
||
|
14CCF000
|
unkown
|
page read and write
|
||
|
2293000
|
heap
|
page read and write
|
||
|
BA76000
|
stack
|
page read and write
|
||
|
8C682FF000
|
stack
|
page read and write
|
||
|
147DB000
|
unkown
|
page read and write
|
||
|
9704000
|
unkown
|
page read and write
|
||
|
1B281078000
|
heap
|
page read and write
|
||
|
149BA000
|
unkown
|
page read and write
|
||
|
430000
|
unkown
|
page readonly
|
||
|
335D000
|
heap
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
7FE3F000
|
direct allocation
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
2234000
|
direct allocation
|
page read and write
|
||
|
C159000
|
unkown
|
page read and write
|
||
|
22F765B0000
|
heap
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
147DB000
|
unkown
|
page read and write
|
||
|
14AE8000
|
unkown
|
page read and write
|
||
|
14858000
|
unkown
|
page read and write
|
||
|
12DE0000
|
unkown
|
page read and write
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
644000
|
heap
|
page read and write
|
||
|
50E000
|
unkown
|
page read and write
|
||
|
14C30000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
14A4A000
|
unkown
|
page read and write
|
||
|
147FB000
|
unkown
|
page read and write
|
||
|
14989000
|
unkown
|
page read and write
|
||
|
1728DB15000
|
direct allocation
|
page execute and read and write
|
||
|
14B24000
|
unkown
|
page read and write
|
||
|
22F765D5000
|
direct allocation
|
page execute and read and write
|
||
|
29744E90000
|
heap
|
page read and write
|
||
|
E95000
|
remote allocation
|
page execute and read and write
|
||
|
179FAF00000
|
heap
|
page read and write
|
||
|
7FF5DF42F000
|
unkown
|
page readonly
|
||
|
147EC000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
C24C000
|
unkown
|
page read and write
|
||
|
C192000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
23D3000
|
direct allocation
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
47F1000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
148E8000
|
unkown
|
page read and write
|
||
|
7FF5DF57F000
|
unkown
|
page readonly
|
||
|
C6FC000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
29538F85000
|
direct allocation
|
page execute and read and write
|
||
|
874C000
|
stack
|
page read and write
|
||
|
507000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
149AD000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
276F4515000
|
direct allocation
|
page execute and read and write
|
||
|
1489B000
|
unkown
|
page read and write
|
||
|
2438D0C0000
|
direct allocation
|
page execute and read and write
|
||
|
B500000
|
unkown
|
page readonly
|
||
|
14955000
|
unkown
|
page read and write
|
||
|
14875000
|
unkown
|
page read and write
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
14C4B000
|
unkown
|
page read and write
|
||
|
176D0000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14A57000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
C187000
|
unkown
|
page read and write
|
||
|
14C8D000
|
unkown
|
page read and write
|
||
|
13F8F7B0000
|
direct allocation
|
page execute and read and write
|
||
|
3C0F000
|
direct allocation
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
21E5000
|
direct allocation
|
page read and write
|
||
|
149BA000
|
unkown
|
page read and write
|
||
|
14B24000
|
unkown
|
page read and write
|
||
|
7FF5DEFF8000
|
unkown
|
page readonly
|
||
|
935B000
|
stack
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
13F8F800000
|
heap
|
page read and write
|
||
|
7FF5DF08B000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF5DF0A5000
|
unkown
|
page readonly
|
||
|
1480D000
|
unkown
|
page read and write
|
||
|
3C25000
|
direct allocation
|
page read and write
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
644000
|
heap
|
page read and write
|
||
|
1FFEC160000
|
heap
|
page read and write
|
||
|
712000
|
heap
|
page read and write
|
||
|
96F5000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
18422350000
|
heap
|
page read and write
|
||
|
14852000
|
unkown
|
page read and write
|
||
|
14955000
|
unkown
|
page read and write
|
||
|
ADAA000
|
heap
|
page read and write
|
||
|
148A1000
|
unkown
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
C5BA000
|
unkown
|
page read and write
|
||
|
C145000
|
unkown
|
page read and write
|
||
|
294E000
|
stack
|
page read and write
|
||
|
D99000
|
heap
|
page read and write
|
||
|
1E505560000
|
heap
|
page read and write
|
||
|
14280000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
2E00000
|
remote allocation
|
page execute and read and write
|
||
|
47A2000
|
unkown
|
page read and write
|
||
|
7FF5DF3AA000
|
unkown
|
page readonly
|
||
|
ADA2000
|
heap
|
page read and write
|
||
|
32F435C000
|
stack
|
page read and write
|
||
|
16280000
|
unkown
|
page read and write
|
||
|
FE0000
|
unkown
|
page read and write
|
||
|
2217000
|
direct allocation
|
page read and write
|
||
|
18B30000
|
unkown
|
page read and write
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
3349000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14C91000
|
unkown
|
page read and write
|
||
|
14A4A000
|
unkown
|
page read and write
|
||
|
14C48000
|
unkown
|
page read and write
|
||
|
14B24000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
2E00000
|
remote allocation
|
page execute and read and write
|
||
|
711000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
20CEDA10000
|
heap
|
page read and write
|
||
|
16EC17C0000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14E0C000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14E8D000
|
unkown
|
page read and write
|
||
|
C319000
|
unkown
|
page read and write
|
||
|
AEF0000
|
unkown
|
page read and write
|
||
|
C159000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
2E50000
|
unkown
|
page readonly
|
||
|
7DF4E6771000
|
unkown
|
page execute read
|
||
|
644000
|
heap
|
page read and write
|
||
|
1487C000
|
unkown
|
page read and write
|
||
|
838B000
|
stack
|
page read and write
|
||
|
2197DA30000
|
heap
|
page read and write
|
||
|
14B6B000
|
unkown
|
page read and write
|
||
|
8C29000
|
stack
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
16EBFD40000
|
heap
|
page read and write
|
||
|
149FB000
|
unkown
|
page read and write
|
||
|
1D92A220000
|
heap
|
page read and write
|
||
|
FEC9000
|
unkown
|
page read and write
|
||
|
19DD0000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF5DF343000
|
unkown
|
page readonly
|
||
|
4828000
|
unkown
|
page read and write
|
||
|
15DB0000
|
unkown
|
page read and write
|
||
|
147EE000
|
unkown
|
page read and write
|
||
|
C24C000
|
unkown
|
page read and write
|
||
|
1B0FC090000
|
heap
|
page read and write
|
||
|
7FF5DF195000
|
unkown
|
page readonly
|
||
|
18B30000
|
unkown
|
page read and write
|
||
|
295377B0000
|
heap
|
page read and write
|
||
|
C23D000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14D95000
|
unkown
|
page read and write
|
||
|
C24C000
|
unkown
|
page read and write
|
||
|
C18A000
|
unkown
|
page read and write
|
||
|
14D51000
|
unkown
|
page read and write
|
||
|
22B6000
|
direct allocation
|
page read and write
|
||
|
7FF5DF5F6000
|
unkown
|
page readonly
|
||
|
20CED9C0000
|
direct allocation
|
page execute and read and write
|
||
|
234C000
|
direct allocation
|
page read and write
|
||
|
E80000
|
unkown
|
page read and write
|
||
|
1ECC2960000
|
heap
|
page read and write
|
||
|
7A6000
|
heap
|
page read and write
|
||
|
99AB000
|
unkown
|
page read and write
|
||
|
51A5000
|
remote allocation
|
page execute and read and write
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
14B94000
|
unkown
|
page read and write
|
||
|
2E05000
|
remote allocation
|
page execute and read and write
|
||
|
BFA3000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
3C03000
|
direct allocation
|
page read and write
|
||
|
88DE000
|
stack
|
page read and write
|
||
|
7FF5DF626000
|
unkown
|
page readonly
|
||
|
52D9000
|
unkown
|
page read and write
|
||
|
2E05000
|
remote allocation
|
page execute and read and write
|
||
|
14BB9000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14A57000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF5DF5AE000
|
unkown
|
page readonly
|
||
|
147DB000
|
unkown
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
C319000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
C003000
|
unkown
|
page read and write
|
||
|
AF7E000
|
stack
|
page read and write
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
14A0B000
|
unkown
|
page read and write
|
||
|
15770000
|
unkown
|
page read and write
|
||
|
2553000
|
direct allocation
|
page read and write
|
||
|
2410000
|
direct allocation
|
page execute and read and write
|
||
|
E2B9FF000
|
stack
|
page read and write
|
||
|
1E506F25000
|
direct allocation
|
page execute and read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
940A000
|
stack
|
page read and write
|
||
|
730000
|
heap
|
page read and write
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
644000
|
heap
|
page read and write
|
||
|
14AE3000
|
unkown
|
page read and write
|
||
|
7A30000
|
unkown
|
page read and write
|
||
|
148DC000
|
unkown
|
page read and write
|
||
|
23114F50000
|
heap
|
page read and write
|
||
|
14CCC000
|
unkown
|
page read and write
|
||
|
147DB000
|
unkown
|
page read and write
|
||
|
7DF4E6761000
|
unkown
|
page execute read
|
||
|
14A57000
|
unkown
|
page read and write
|
||
|
1728DB10000
|
direct allocation
|
page execute and read and write
|
||
|
A0B1000
|
unkown
|
page read and write
|
||
|
C192000
|
unkown
|
page read and write
|
||
|
2E05000
|
remote allocation
|
page execute and read and write
|
||
|
7FF5DF532000
|
unkown
|
page readonly
|
||
|
7FF5DF0F1000
|
unkown
|
page readonly
|
||
|
14BCB000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
73BC000
|
unkown
|
page read and write
|
||
|
14955000
|
unkown
|
page read and write
|
||
|
18B30000
|
unkown
|
page read and write
|
||
|
18AA9450000
|
heap
|
page read and write
|
||
|
14E8D000
|
unkown
|
page read and write
|
||
|
180E0000
|
unkown
|
page read and write
|
||
|
2874BC95000
|
direct allocation
|
page execute and read and write
|
||
|
C298000
|
unkown
|
page read and write
|
||
|
1487C000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
3350000
|
heap
|
page read and write
|
||
|
18AA9268000
|
heap
|
page read and write
|
||
|
C736000
|
unkown
|
page read and write
|
||
|
1B0FC100000
|
heap
|
page read and write
|
||
|
7FF5DF5B0000
|
unkown
|
page readonly
|
||
|
141D0000
|
remote allocation
|
page execute and read and write
|
||
|
14863000
|
unkown
|
page read and write
|
||
|
14AFC000
|
unkown
|
page read and write
|
||
|
BF10000
|
unkown
|
page readonly
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
644000
|
heap
|
page read and write
|
||
|
C13C000
|
unkown
|
page read and write
|
||
|
169E0000
|
unkown
|
page read and write
|
||
|
14A98000
|
unkown
|
page read and write
|
||
|
14280000
|
unkown
|
page read and write
|
||
|
176D0000
|
unkown
|
page read and write
|
||
|
7FF5DF380000
|
unkown
|
page readonly
|
||
|
2E30000
|
unkown
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
BFB3000
|
unkown
|
page read and write
|
||
|
176D0000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
AD2B000
|
stack
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF5DF017000
|
unkown
|
page readonly
|
||
|
1E404200000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14BC5000
|
unkown
|
page read and write
|
||
|
14C7C000
|
unkown
|
page read and write
|
||
|
A6EE000
|
unkown
|
page read and write
|
||
|
1ECC2798000
|
heap
|
page read and write
|
||
|
14B27000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
23DA000
|
direct allocation
|
page read and write
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
23116AD0000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
2874BC70000
|
heap
|
page read and write
|
||
|
125A0000
|
unkown
|
page read and write
|
||
|
7FF5DF5F0000
|
unkown
|
page readonly
|
||
|
C24C000
|
unkown
|
page read and write
|
||
|
147B2000
|
unkown
|
page read and write
|
||
|
149EB000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14875000
|
unkown
|
page read and write
|
||
|
125A0000
|
unkown
|
page read and write
|
||
|
645000
|
heap
|
page read and write
|
||
|
14BC5000
|
unkown
|
page read and write
|
||
|
C1CC000
|
unkown
|
page read and write
|
||
|
7FF5DF5A8000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
C1C4000
|
unkown
|
page read and write
|
||
|
7FF5DF4E3000
|
unkown
|
page readonly
|
||
|
645000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF5DF0C1000
|
unkown
|
page readonly
|
||
|
970C000
|
unkown
|
page read and write
|
||
|
14858000
|
unkown
|
page read and write
|
||
|
3B117FF000
|
stack
|
page read and write
|
||
|
1B281070000
|
heap
|
page read and write
|
||
|
147B6000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
176D0000
|
unkown
|
page read and write
|
||
|
C1A9000
|
unkown
|
page read and write
|
||
|
13D30000
|
unkown
|
page read and write
|
||
|
7FF5DF519000
|
unkown
|
page readonly
|
||
|
16B90000
|
unkown
|
page read and write
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
644000
|
heap
|
page read and write
|
||
|
14B26000
|
unkown
|
page read and write
|
||
|
51A5000
|
remote allocation
|
page execute and read and write
|
||
|
91A8DFE000
|
stack
|
page read and write
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
162D0000
|
remote allocation
|
page execute and read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
412000
|
unkown
|
page write copy
|
||
|
FDF4000
|
unkown
|
page read and write
|
||
|
248D48C8000
|
heap
|
page read and write
|
||
|
14829000
|
unkown
|
page read and write
|
||
|
14863000
|
unkown
|
page read and write
|
||
|
19750000
|
unkown
|
page read and write
|
||
|
2E00000
|
remote allocation
|
page execute and read and write
|
||
|
13390000
|
unkown
|
page read and write
|
||
|
7FF5DEE56000
|
unkown
|
page readonly
|
||
|
19DD0000
|
unkown
|
page read and write
|
||
|
148BB000
|
unkown
|
page read and write
|
||
|
179FAD28000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF5DEFF0000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
14955000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
48B0000
|
unkown
|
page read and write
|
||
|
179FC6F0000
|
direct allocation
|
page execute and read and write
|
||
|
2438D0D0000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
2E00000
|
remote allocation
|
page execute and read and write
|
||
|
2874BCA0000
|
heap
|
page read and write
|
||
|
147DB000
|
unkown
|
page read and write
|
||
|
7810000
|
unkown
|
page read and write
|
||
|
1B280FD0000
|
heap
|
page read and write
|
||
|
190E0000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
644000
|
heap
|
page read and write
|
||
|
13F8F808000
|
heap
|
page read and write
|
||
|
14833000
|
unkown
|
page read and write
|
||
|
B3DB000
|
stack
|
page read and write
|
||
|
15DB0000
|
unkown
|
page read and write
|
||
|
18C000
|
stack
|
page read and write
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
276F4510000
|
direct allocation
|
page execute and read and write
|
||
|
98A1000
|
unkown
|
page read and write
|
||
|
149DA000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
9A6C000
|
stack
|
page read and write
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
7FF5DF5A3000
|
unkown
|
page readonly
|
||
|
1486D000
|
unkown
|
page read and write
|
||
|
D88CBFE000
|
stack
|
page read and write
|
||
|
22BD000
|
direct allocation
|
page read and write
|
||
|
16880000
|
unkown
|
page read and write
|
||
|
7991000
|
unkown
|
page read and write
|
||
|
15DB0000
|
unkown
|
page read and write
|
||
|
73C3000
|
unkown
|
page read and write
|
||
|
BF8C000
|
unkown
|
page read and write
|
||
|
14BA9000
|
unkown
|
page read and write
|
||
|
13390000
|
unkown
|
page read and write
|
||
|
52268FE000
|
stack
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
734000
|
heap
|
page read and write
|
||
|
71E000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF5DEFE2000
|
unkown
|
page readonly
|
||
|
A104000
|
unkown
|
page read and write
|
||
|
645000
|
heap
|
page read and write
|
||
|
27FA8FF000
|
stack
|
page read and write
|
||
|
180E0000
|
unkown
|
page read and write
|
||
|
3350000
|
heap
|
page read and write
|
||
|
14A9A000
|
unkown
|
page read and write
|
||
|
14829000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14A9A000
|
unkown
|
page read and write
|
||
|
1FFEC1A0000
|
heap
|
page read and write
|
||
|
149CF000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
C013000
|
unkown
|
page read and write
|
||
|
2291000
|
direct allocation
|
page read and write
|
||
|
97F3000
|
unkown
|
page read and write
|
||
|
7FF5DF2CB000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
644000
|
heap
|
page read and write
|
||
|
BFAB000
|
unkown
|
page read and write
|
||
|
339D000
|
unkown
|
page read and write
|
||
|
14CCD000
|
unkown
|
page read and write
|
||
|
C2E4000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
1B0FC108000
|
heap
|
page read and write
|
||
|
3412000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14A52000
|
unkown
|
page read and write
|
||
|
290603D0000
|
heap
|
page read and write
|
||
|
14989000
|
unkown
|
page read and write
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
644000
|
heap
|
page read and write
|
||
|
14A3E000
|
unkown
|
page read and write
|
||
|
D3B7EFF000
|
stack
|
page read and write
|
||
|
14B6B000
|
unkown
|
page read and write
|
||
|
16EBFCE0000
|
direct allocation
|
page execute and read and write
|
||
|
6335F3C000
|
stack
|
page read and write
|
||
|
52267FF000
|
stack
|
page read and write
|
||
|
16880000
|
unkown
|
page read and write
|
||
|
14BBC000
|
unkown
|
page read and write
|
||
|
FE76000
|
unkown
|
page read and write
|
||
|
19750000
|
unkown
|
page read and write
|
||
|
22F76580000
|
heap
|
page read and write
|
||
|
32B0000
|
unkown
|
page read and write
|
||
|
7FF5DF06F000
|
unkown
|
page readonly
|
||
|
148AC000
|
unkown
|
page read and write
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
644000
|
heap
|
page read and write
|
||
|
A6F1000
|
unkown
|
page read and write
|
||
|
503000
|
unkown
|
page write copy
|
||
|
3412000
|
heap
|
page read and write
|
||
|
14881000
|
unkown
|
page read and write
|
||
|
14C4B000
|
unkown
|
page read and write
|
||
|
7FF5DF0CC000
|
unkown
|
page readonly
|
||
|
1489B000
|
unkown
|
page read and write
|
||
|
22D3000
|
direct allocation
|
page read and write
|
||
|
14CCC000
|
unkown
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
C01A000
|
unkown
|
page read and write
|
||
|
14E39000
|
unkown
|
page read and write
|
||
|
97CC000
|
unkown
|
page read and write
|
||
|
14E8E000
|
unkown
|
page read and write
|
||
|
147DB000
|
unkown
|
page read and write
|
||
|
14967B60000
|
heap
|
page read and write
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
180E0000
|
unkown
|
page read and write
|
||
|
22AF000
|
direct allocation
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
686AFE000
|
stack
|
page read and write
|
||
|
C159000
|
unkown
|
page read and write
|
||
|
7FF5DF3F7000
|
unkown
|
page readonly
|
||
|
97C8000
|
unkown
|
page read and write
|
||
|
12EFB6F0000
|
heap
|
page read and write
|
||
|
B9F0000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
2E00000
|
remote allocation
|
page execute and read and write
|
||
|
14AD5000
|
unkown
|
page read and write
|
||
|
C39F000
|
unkown
|
page read and write
|
||
|
14D81000
|
unkown
|
page read and write
|
||
|
A6EA000
|
unkown
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
14C9E000
|
unkown
|
page read and write
|
||
|
14E15000
|
unkown
|
page read and write
|
||
|
147F0000
|
unkown
|
page read and write
|
||
|
23A8000
|
direct allocation
|
page read and write
|
||
|
337B000
|
heap
|
page read and write
|
||
|
14E1A000
|
unkown
|
page read and write
|
||
|
148C7000
|
unkown
|
page read and write
|
||
|
6F2311C000
|
stack
|
page read and write
|
||
|
176D0000
|
unkown
|
page read and write
|
||
|
14280000
|
unkown
|
page read and write
|
||
|
14AE5000
|
unkown
|
page read and write
|
||
|
16280000
|
unkown
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
C50E000
|
unkown
|
page read and write
|
||
|
759CFC000
|
stack
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
2C9A000
|
stack
|
page read and write
|
||
|
379E000
|
stack
|
page read and write
|
||
|
16EBFD48000
|
heap
|
page read and write
|
||
|
503000
|
unkown
|
page read and write
|
||
|
1487C000
|
unkown
|
page read and write
|
||
|
22E8000
|
direct allocation
|
page read and write
|
||
|
1480B000
|
unkown
|
page read and write
|
||
|
ECAD000
|
unkown
|
page read and write
|
||
|
9714000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
9564000
|
unkown
|
page read and write
|
||
|
1ECC2780000
|
heap
|
page read and write
|
||
|
1E505550000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
FE7B000
|
unkown
|
page read and write
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
7830000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
ADC0000
|
unkown
|
page readonly
|
||
|
13390000
|
unkown
|
page read and write
|
||
|
14989000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
149FA000
|
unkown
|
page read and write
|
||
|
14E6E000
|
unkown
|
page read and write
|
||
|
29746680000
|
direct allocation
|
page execute and read and write
|
||
|
E95000
|
remote allocation
|
page execute and read and write
|
||
|
7FF5DF12A000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
14A68000
|
unkown
|
page read and write
|
||
|
14E1A000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
5EF0000
|
heap
|
page read and write
|
||
|
2E00000
|
remote allocation
|
page execute and read and write
|
||
|
D1893FE000
|
stack
|
page read and write
|
||
|
7FF5DEFCB000
|
unkown
|
page readonly
|
||
|
49CF5FF000
|
stack
|
page read and write
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF5DF60D000
|
unkown
|
page readonly
|
||
|
14AE3000
|
unkown
|
page read and write
|
||
|
16880000
|
unkown
|
page read and write
|
||
|
14D81000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
713000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF5DF2DA000
|
unkown
|
page readonly
|
||
|
14966090000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
950F000
|
stack
|
page read and write
|
||
|
83E0000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
222D000
|
direct allocation
|
page read and write
|
||
|
9C9C000
|
stack
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF5DF1F8000
|
unkown
|
page readonly
|
||
|
9D9F000
|
stack
|
page read and write
|
||
|
BF82000
|
unkown
|
page read and write
|
||
|
3BBC000
|
direct allocation
|
page read and write
|
||
|
77D000
|
heap
|
page read and write
|
||
|
C24C000
|
unkown
|
page read and write
|
||
|
363D000
|
direct allocation
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14829000
|
unkown
|
page read and write
|
||
|
C149000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14905000
|
unkown
|
page read and write
|
||
|
C18A000
|
unkown
|
page read and write
|
||
|
14C20000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
739B000
|
unkown
|
page read and write
|
||
|
223B000
|
direct allocation
|
page read and write
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF5DF3D4000
|
unkown
|
page readonly
|
||
|
169E0000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF5DF388000
|
unkown
|
page readonly
|
||
|
10ECAFF000
|
stack
|
page read and write
|
||
|
98AD000
|
unkown
|
page read and write
|
||
|
14BB1000
|
unkown
|
page read and write
|
||
|
7800000
|
unkown
|
page read and write
|
||
|
91A8EFE000
|
stack
|
page read and write
|
||
|
7930000
|
unkown
|
page readonly
|
||
|
1E506F90000
|
heap
|
page read and write
|
||
|
58656FC000
|
stack
|
page read and write
|
||
|
C145000
|
unkown
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
14955000
|
unkown
|
page read and write
|
||
|
149CF000
|
unkown
|
page read and write
|
||
|
18620000
|
unkown
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
149CD000
|
unkown
|
page read and write
|
||
|
14A4A000
|
unkown
|
page read and write
|
||
|
7FF5DF50F000
|
unkown
|
page readonly
|
||
|
14A90000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
14DEC000
|
unkown
|
page read and write
|
||
|
169E0000
|
unkown
|
page read and write
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF5DF4C6000
|
unkown
|
page readonly
|
||
|
743000
|
heap
|
page read and write
|
||
|
14A57000
|
unkown
|
page read and write
|
||
|
5241000
|
unkown
|
page read and write
|
||
|
7FF5DEF4B000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
23116920000
|
direct allocation
|
page execute and read and write
|
||
|
14B6F000
|
unkown
|
page read and write
|
||
|
14852000
|
unkown
|
page read and write
|
||
|
514000
|
unkown
|
page readonly
|
||
|
2E00000
|
remote allocation
|
page execute and read and write
|
||
|
179FAD20000
|
heap
|
page read and write
|
||
|
7FF5DE9CB000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
147BF000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14DCF000
|
unkown
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
9F63000
|
unkown
|
page read and write
|
||
|
7FF5DEEEB000
|
unkown
|
page readonly
|
||
|
7FF5DEF57000
|
unkown
|
page readonly
|
||
|
2209000
|
direct allocation
|
page read and write
|
||
|
12EFCF95000
|
direct allocation
|
page execute and read and write
|
||
|
7FF5DF435000
|
unkown
|
page readonly
|
||
|
9489000
|
stack
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF5DF21B000
|
unkown
|
page readonly
|
||
|
149DA000
|
unkown
|
page read and write
|
||
|
7FF5DF458000
|
unkown
|
page readonly
|
||
|
C34E000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
6869FE000
|
stack
|
page read and write
|
||
|
2EB0000
|
unkown
|
page readonly
|
||
|
790A000
|
stack
|
page read and write
|
||
|
738E000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
32F46FF000
|
stack
|
page read and write
|
||
|
7230000
|
unkown
|
page read and write
|
||
|
1728C148000
|
heap
|
page read and write
|
||
|
2905EB10000
|
heap
|
page read and write
|
||
|
149FB000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14852000
|
unkown
|
page read and write
|
||
|
1481B000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
C34E000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
3369000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
C319000
|
unkown
|
page read and write
|
||
|
18B30000
|
unkown
|
page read and write
|
||
|
22E9000
|
direct allocation
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
3304000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
E2B5EC000
|
stack
|
page read and write
|
||
|
34C0000
|
unkown
|
page read and write
|
||
|
14A3B000
|
unkown
|
page read and write
|
||
|
13F8F790000
|
heap
|
page read and write
|
||
|
7FF5DEFAC000
|
unkown
|
page readonly
|
||
|
3B116FC000
|
stack
|
page read and write
|
||
|
148A1000
|
unkown
|
page read and write
|
||
|
48E0000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF5DF04D000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
B1C0000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
13D30000
|
unkown
|
page read and write
|
||
|
320C000
|
stack
|
page read and write
|
||
|
28D0000
|
heap
|
page read and write
|
||
|
14D16000
|
unkown
|
page read and write
|
||
|
1488A000
|
unkown
|
page read and write
|
||
|
7FF5DF582000
|
unkown
|
page readonly
|
||
|
16B90000
|
unkown
|
page read and write
|
||
|
14BCB000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
73B2000
|
unkown
|
page read and write
|
||
|
4C4AFFF000
|
stack
|
page read and write
|
||
|
7FF5DF5B3000
|
unkown
|
page readonly
|
||
|
7DF4E67A1000
|
unkown
|
page execute read
|
||
|
19DD0000
|
unkown
|
page read and write
|
||
|
14989000
|
unkown
|
page read and write
|
||
|
32E0000
|
direct allocation
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
C354000
|
unkown
|
page read and write
|
||
|
1E405BD5000
|
direct allocation
|
page execute and read and write
|
||
|
13390000
|
unkown
|
page read and write
|
||
|
14C7C000
|
unkown
|
page read and write
|
||
|
14CE2000
|
unkown
|
page read and write
|
||
|
2E05000
|
remote allocation
|
page execute and read and write
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
7FF5DF48B000
|
unkown
|
page readonly
|
||
|
E95000
|
remote allocation
|
page execute and read and write
|
||
|
13390000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
2E05000
|
remote allocation
|
page execute and read and write
|
||
|
14879000
|
unkown
|
page read and write
|
||
|
C319000
|
unkown
|
page read and write
|
||
|
A0A5000
|
unkown
|
page read and write
|
||
|
C34E000
|
unkown
|
page read and write
|
||
|
14A14000
|
unkown
|
page read and write
|
||
|
14A57000
|
unkown
|
page read and write
|
||
|
7FF5DF3C2000
|
unkown
|
page readonly
|
||
|
13F91250000
|
heap
|
page read and write
|
||
|
52B000
|
unkown
|
page readonly
|
||
|
169E0000
|
unkown
|
page read and write
|
||
|
14989000
|
unkown
|
page read and write
|
||
|
BFA5000
|
unkown
|
page read and write
|
||
|
18620000
|
unkown
|
page read and write
|
||
|
14A9A000
|
unkown
|
page read and write
|
||
|
8910000
|
unkown
|
page read and write
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
9729000
|
unkown
|
page read and write
|
||
|
7FF5DF5E9000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
EF973FE000
|
stack
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
16EBFCE5000
|
direct allocation
|
page execute and read and write
|
||
|
1D928680000
|
heap
|
page read and write
|
||
|
7FF5DF310000
|
unkown
|
page readonly
|
||
|
D3B7CFC000
|
stack
|
page read and write
|
||
|
95F0000
|
unkown
|
page read and write
|
||
|
19DD0000
|
unkown
|
page read and write
|
||
|
245FCBC5000
|
direct allocation
|
page execute and read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14AFC000
|
unkown
|
page read and write
|
||
|
7FF5DF029000
|
unkown
|
page readonly
|
||
|
645000
|
heap
|
page read and write
|
||
|
7FF5DF4EC000
|
unkown
|
page readonly
|
||
|
14E5A000
|
unkown
|
page read and write
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
7FF5DF3B5000
|
unkown
|
page readonly
|
||
|
C187000
|
unkown
|
page read and write
|
||
|
AC314FC000
|
stack
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
248D4830000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
37C0000
|
remote allocation
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
149BA000
|
unkown
|
page read and write
|
||
|
7FF5DF0C9000
|
unkown
|
page readonly
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
18420820000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14852000
|
unkown
|
page read and write
|
||
|
BFEF000
|
unkown
|
page read and write
|
||
|
7FF5DF207000
|
unkown
|
page readonly
|
||
|
C298000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
5EEF000
|
stack
|
page read and write
|
||
|
7FF5DF2ED000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
14A1B000
|
unkown
|
page read and write
|
||
|
63363FF000
|
stack
|
page read and write
|
||
|
2905EA08000
|
heap
|
page read and write
|
||
|
2905EBF0000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
C192000
|
unkown
|
page read and write
|
||
|
7940000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
148C3000
|
unkown
|
page read and write
|
||
|
10EC9FE000
|
stack
|
page read and write
|
||
|
14AE3000
|
unkown
|
page read and write
|
||
|
22F76648000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14A57000
|
unkown
|
page read and write
|
||
|
2197F3D0000
|
heap
|
page read and write
|
||
|
14A90000
|
unkown
|
page read and write
|
||
|
147DB000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
C8802FF000
|
stack
|
page read and write
|
||
|
14BD9000
|
unkown
|
page read and write
|
||
|
7FF5DF3F1000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
14D64000
|
unkown
|
page read and write
|
||
|
147DC000
|
unkown
|
page read and write
|
||
|
63DF000
|
stack
|
page read and write
|
||
|
21EC000
|
direct allocation
|
page read and write
|
||
|
96F1000
|
unkown
|
page read and write
|
||
|
14AE6000
|
unkown
|
page read and write
|
||
|
149DB000
|
unkown
|
page read and write
|
||
|
B359000
|
stack
|
page read and write
|
||
|
7DF5E896A000
|
unkown
|
page readonly
|
||
|
14280000
|
unkown
|
page read and write
|
||
|
1ECC4155000
|
direct allocation
|
page execute and read and write
|
||
|
93000
|
stack
|
page read and write
|
||
|
180E0000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7B4B000
|
stack
|
page read and write
|
||
|
22A0000
|
heap
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
23115048000
|
heap
|
page read and write
|
||
|
14955000
|
unkown
|
page read and write
|
||
|
15DB0000
|
unkown
|
page read and write
|
||
|
14D6A000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
419000
|
unkown
|
page write copy
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
C19D000
|
unkown
|
page read and write
|
||
|
BFAF000
|
unkown
|
page read and write
|
||
|
C34E000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
23CC000
|
direct allocation
|
page read and write
|
||
|
9716000
|
unkown
|
page read and write
|
||
|
149FA000
|
unkown
|
page read and write
|
||
|
147FB000
|
unkown
|
page read and write
|
||
|
14B72000
|
unkown
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
15770000
|
unkown
|
page read and write
|
||
|
6F1000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14BBC000
|
unkown
|
page read and write
|
||
|
7FF5DF577000
|
unkown
|
page readonly
|
||
|
13D30000
|
unkown
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
A0A7000
|
unkown
|
page read and write
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
22F765D0000
|
direct allocation
|
page execute and read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF5DEFA6000
|
unkown
|
page readonly
|
||
|
8DF000
|
stack
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14A0A000
|
unkown
|
page read and write
|
||
|
C1C4000
|
unkown
|
page read and write
|
||
|
14BF7000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
179FC6F5000
|
direct allocation
|
page execute and read and write
|
||
|
C13E000
|
unkown
|
page read and write
|
||
|
A6CF000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14BC5000
|
unkown
|
page read and write
|
||
|
13D30000
|
unkown
|
page read and write
|
||
|
3362000
|
unkown
|
page read and write
|
||
|
14A9A000
|
unkown
|
page read and write
|
||
|
14931000
|
unkown
|
page read and write
|
||
|
14D17000
|
unkown
|
page read and write
|
||
|
14925000
|
unkown
|
page read and write
|
||
|
1FFEC1C0000
|
direct allocation
|
page execute and read and write
|
||
|
AEEE000
|
stack
|
page read and write
|
||
|
14925000
|
unkown
|
page read and write
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
16B90000
|
unkown
|
page read and write
|
||
|
14CEF000
|
unkown
|
page read and write
|
||
|
C52C000
|
unkown
|
page read and write
|
||
|
15DB0000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
3311000
|
heap
|
page read and write
|
||
|
29744CA9000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
20F87790000
|
heap
|
page read and write
|
||
|
18AAAC45000
|
direct allocation
|
page execute and read and write
|
||
|
2314000
|
direct allocation
|
page read and write
|
||
|
190E0000
|
unkown
|
page read and write
|
||
|
14B72000
|
unkown
|
page read and write
|
||
|
14E39000
|
unkown
|
page read and write
|
||
|
9B1E000
|
stack
|
page read and write
|
||
|
149CD000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF5DF038000
|
unkown
|
page readonly
|
||
|
738000
|
heap
|
page read and write
|
||
|
9380000
|
unkown
|
page readonly
|
||
|
11A0000
|
unkown
|
page readonly
|
||
|
3345000
|
heap
|
page read and write
|
||
|
E24CAFF000
|
stack
|
page read and write
|
||
|
C2E4000
|
unkown
|
page read and write
|
||
|
4C4B0FE000
|
stack
|
page read and write
|
||
|
830F000
|
stack
|
page read and write
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
9FA0000
|
unkown
|
page read and write
|
||
|
34B0000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
14B1E000
|
unkown
|
page read and write
|
||
|
C34E000
|
unkown
|
page read and write
|
||
|
147DB000
|
unkown
|
page read and write
|
||
|
7910000
|
unkown
|
page readonly
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
7FF5DF01B000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF5DF1D1000
|
unkown
|
page readonly
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
14CDE000
|
unkown
|
page read and write
|
||
|
7FF5DF486000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
1FFEC1F8000
|
heap
|
page read and write
|
||
|
176D0000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7840000
|
unkown
|
page read and write
|
||
|
1728C140000
|
heap
|
page read and write
|
||
|
9CEB0FC000
|
stack
|
page read and write
|
||
|
14B83000
|
unkown
|
page read and write
|
||
|
14CE2000
|
unkown
|
page read and write
|
||
|
14DF4000
|
unkown
|
page read and write
|
||
|
C1CC000
|
unkown
|
page read and write
|
||
|
7FF5DF5CC000
|
unkown
|
page readonly
|
||
|
14D05000
|
unkown
|
page read and write
|
||
|
9C1F000
|
stack
|
page read and write
|
||
|
747000
|
heap
|
page read and write
|
||
|
248D4880000
|
direct allocation
|
page execute and read and write
|
||
|
14EAC000
|
unkown
|
page read and write
|
||
|
14D05000
|
unkown
|
page read and write
|
||
|
14926000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
147E3000
|
unkown
|
page read and write
|
||
|
14D9D000
|
unkown
|
page read and write
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
7FF5DF122000
|
unkown
|
page readonly
|
||
|
1F0EA7F5000
|
direct allocation
|
page execute and read and write
|
||
|
7FF5DF341000
|
unkown
|
page readonly
|
||
|
2260000
|
direct allocation
|
page read and write
|
||
|
148FB000
|
unkown
|
page read and write
|
||
|
14863000
|
unkown
|
page read and write
|
||
|
147F0000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
718000
|
heap
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
14852000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
17080000
|
unkown
|
page read and write
|
||
|
58658FF000
|
stack
|
page read and write
|
||
|
CC7FAFC000
|
stack
|
page read and write
|
||
|
20F85DE0000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
15770000
|
unkown
|
page read and write
|
||
|
BF9D000
|
unkown
|
page read and write
|
||
|
645000
|
heap
|
page read and write
|
||
|
2E00000
|
remote allocation
|
page execute and read and write
|
||
|
14AD6000
|
unkown
|
page read and write
|
||
|
7FF5DF396000
|
unkown
|
page readonly
|
||
|
14BF3000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
50B000
|
unkown
|
page read and write
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
73A3000
|
unkown
|
page read and write
|
||
|
16280000
|
unkown
|
page read and write
|
||
|
16B90000
|
unkown
|
page read and write
|
||
|
149DA000
|
unkown
|
page read and write
|
||
|
14C4B000
|
unkown
|
page read and write
|
||
|
18B30000
|
unkown
|
page read and write
|
||
|
C034000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
1B281000000
|
heap
|
page read and write
|
||
|
C24C000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
149BA000
|
unkown
|
page read and write
|
||
|
14DCC000
|
unkown
|
page read and write
|
||
|
C183000
|
unkown
|
page read and write
|
||
|
14858000
|
unkown
|
page read and write
|
||
|
248D4885000
|
direct allocation
|
page execute and read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
169E0000
|
unkown
|
page read and write
|
||
|
7DF4E6770000
|
unkown
|
page readonly
|
||
|
3B75000
|
direct allocation
|
page read and write
|
||
|
22F76640000
|
heap
|
page read and write
|
||
|
14BF3000
|
unkown
|
page read and write
|
||
|
14AE3000
|
unkown
|
page read and write
|
||
|
C354000
|
unkown
|
page read and write
|
||
|
7FF5DF3E4000
|
unkown
|
page readonly
|
||
|
33C0000
|
unkown
|
page readonly
|
||
|
14914000
|
unkown
|
page read and write
|
||
|
14DB6000
|
unkown
|
page read and write
|
||
|
32F0000
|
direct allocation
|
page read and write
|
||
|
8C681FF000
|
stack
|
page read and write
|
||
|
2197D9E0000
|
heap
|
page read and write
|
||
|
BF7E000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
16B90000
|
unkown
|
page read and write
|
||
|
29746685000
|
direct allocation
|
page execute and read and write
|
||
|
7DE000
|
stack
|
page read and write
|
||
|
76B000
|
heap
|
page read and write
|
||
|
602E000
|
stack
|
page read and write
|
||
|
A6D2000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF5DF191000
|
unkown
|
page readonly
|
||
|
14CBE000
|
unkown
|
page read and write
|
||
|
2438E970000
|
heap
|
page read and write
|
||
|
C1CC000
|
unkown
|
page read and write
|
||
|
C319000
|
unkown
|
page read and write
|
||
|
23B6000
|
direct allocation
|
page read and write
|
||
|
7FF5DF45C000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
C19D000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
14852000
|
unkown
|
page read and write
|
||
|
14A9A000
|
unkown
|
page read and write
|
||
|
973C000
|
unkown
|
page read and write
|
||
|
74D6000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14E1A000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14BBC000
|
unkown
|
page read and write
|
||
|
BF9F000
|
unkown
|
page read and write
|
||
|
14863000
|
unkown
|
page read and write
|
||
|
13D30000
|
unkown
|
page read and write
|
||
|
14C8D000
|
unkown
|
page read and write
|
||
|
7FF5DF551000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
1487C000
|
unkown
|
page read and write
|
||
|
14A90000
|
unkown
|
page read and write
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
125A0000
|
unkown
|
page read and write
|
||
|
9F60000
|
unkown
|
page read and write
|
||
|
7FF5DF623000
|
unkown
|
page readonly
|
||
|
C298000
|
unkown
|
page read and write
|
||
|
19750000
|
unkown
|
page read and write
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
A00000
|
heap
|
page read and write
|
||
|
14C48000
|
unkown
|
page read and write
|
||
|
7870000
|
unkown
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
14CBE000
|
unkown
|
page read and write
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
736000
|
heap
|
page read and write
|
||
|
148D4000
|
unkown
|
page read and write
|
||
|
16280000
|
unkown
|
page read and write
|
||
|
C354000
|
unkown
|
page read and write
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
1487C000
|
unkown
|
page read and write
|
||
|
14955000
|
unkown
|
page read and write
|
||
|
C354000
|
unkown
|
page read and write
|
||
|
17080000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
12DE0000
|
unkown
|
page read and write
|
||
|
15770000
|
unkown
|
page read and write
|
||
|
E24C8FC000
|
stack
|
page read and write
|
||
|
2E00000
|
remote allocation
|
page execute and read and write
|
||
|
721000
|
heap
|
page read and write
|
||
|
147B2000
|
unkown
|
page read and write
|
||
|
C6FA000
|
unkown
|
page read and write
|
||
|
14AE9000
|
unkown
|
page read and write
|
||
|
14C8D000
|
unkown
|
page read and write
|
||
|
7FF5DEFF5000
|
unkown
|
page readonly
|
||
|
14E6C000
|
unkown
|
page read and write
|
||
|
9B99000
|
stack
|
page read and write
|
||
|
4824000
|
unkown
|
page read and write
|
||
|
14B25000
|
unkown
|
page read and write
|
||
|
1488A000
|
unkown
|
page read and write
|
||
|
2438EA00000
|
heap
|
page read and write
|
||
|
3412000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
14B18000
|
unkown
|
page read and write
|
||
|
3A9D000
|
stack
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
14BFB000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
19DD0000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
C732000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
2438D090000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
9E1E000
|
stack
|
page read and write
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
14A1B000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
14A1C000
|
unkown
|
page read and write
|
||
|
7D90000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
1D67EFC000
|
stack
|
page read and write
|
||
|
14999000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
C18A000
|
unkown
|
page read and write
|
||
|
7FF5DF4AB000
|
unkown
|
page readonly
|
||
|
14C8D000
|
unkown
|
page read and write
|
||
|
14A57000
|
unkown
|
page read and write
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
14C4B000
|
unkown
|
page read and write
|
||
|
2E05000
|
remote allocation
|
page execute and read and write
|
||
|
C1CC000
|
unkown
|
page read and write
|
||
|
970000
|
unkown
|
page readonly
|
||
|
335A000
|
heap
|
page read and write
|
||
|
248D4820000
|
heap
|
page read and write
|
||
|
7DF4E6781000
|
unkown
|
page execute read
|
||
|
19750000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF5DF567000
|
unkown
|
page readonly
|
||
|
7FF5DF2BA000
|
unkown
|
page readonly
|
||
|
BF6D000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
180E0000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
148A9000
|
unkown
|
page read and write
|
||
|
7FF5DF16B000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
1728C320000
|
heap
|
page read and write
|
||
|
14D4B000
|
unkown
|
page read and write
|
||
|
A271CFF000
|
stack
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
C183000
|
unkown
|
page read and write
|
||
|
14925000
|
unkown
|
page read and write
|
||
|
C149000
|
unkown
|
page read and write
|
||
|
14955000
|
unkown
|
page read and write
|
||
|
14280000
|
unkown
|
page read and write
|
||
|
14A1C000
|
unkown
|
page read and write
|
||
|
14829000
|
unkown
|
page read and write
|
||
|
42C000
|
unkown
|
page readonly
|
||
|
74F1000
|
unkown
|
page read and write
|
||
|
16280000
|
unkown
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
148A1000
|
unkown
|
page read and write
|
||
|
14DA5000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7DF4E6791000
|
unkown
|
page execute read
|
||
|
2438D0C5000
|
direct allocation
|
page execute and read and write
|
||
|
14E4B000
|
unkown
|
page read and write
|
||
|
148FB000
|
unkown
|
page read and write
|
||
|
7FF5DF067000
|
unkown
|
page readonly
|
||
|
8590000
|
unkown
|
page readonly
|
||
|
14C48000
|
unkown
|
page read and write
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
FEBB000
|
unkown
|
page read and write
|
||
|
7FF5DEE43000
|
unkown
|
page readonly
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
29744DB0000
|
heap
|
page read and write
|
||
|
7FF5DF422000
|
unkown
|
page readonly
|
||
|
BFAD000
|
unkown
|
page read and write
|
||
|
1E404210000
|
heap
|
page read and write
|
||
|
2E05000
|
remote allocation
|
page execute and read and write
|
||
|
3B118FF000
|
stack
|
page read and write
|
||
|
7FF5DF4E7000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
14B4A000
|
unkown
|
page read and write
|
||
|
C298000
|
unkown
|
page read and write
|
||
|
7FF5DF229000
|
unkown
|
page readonly
|
||
|
14C48000
|
unkown
|
page read and write
|
||
|
14852000
|
unkown
|
page read and write
|
||
|
295376D0000
|
heap
|
page read and write
|
||
|
14B16000
|
unkown
|
page read and write
|
||
|
C298000
|
unkown
|
page read and write
|
||
|
3BCB000
|
direct allocation
|
page read and write
|
||
|
245FCBA0000
|
heap
|
page read and write
|
||
|
C187000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
180E0000
|
unkown
|
page read and write
|
||
|
176D0000
|
unkown
|
page read and write
|
||
|
B09F000
|
stack
|
page read and write
|
||
|
19750000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
7FF5DF429000
|
unkown
|
page readonly
|
||
|
1190000
|
heap
|
page read and write
|
||
|
72C000
|
heap
|
page read and write
|
||
|
7FF6918C1000
|
unkown
|
page execute read
|
||
|
14C8D000
|
unkown
|
page read and write
|
||
|
5110000
|
unkown
|
page write copy
|
||
|
914B000
|
stack
|
page read and write
|
||
|
7FF5DE9C3000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
987C000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
3345000
|
heap
|
page read and write
|
||
|
12EFB6A0000
|
heap
|
page read and write
|
||
|
C1C4000
|
unkown
|
page read and write
|
||
|
73BA000
|
unkown
|
page read and write
|
||
|
14280000
|
unkown
|
page read and write
|
||
|
2874BC90000
|
direct allocation
|
page execute and read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
1F0EA858000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
C1CC000
|
unkown
|
page read and write
|
||
|
7FF5DF478000
|
unkown
|
page readonly
|
||
|
125A0000
|
unkown
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
14821000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
1FFEC1C5000
|
direct allocation
|
page execute and read and write
|
||
|
335F000
|
heap
|
page read and write
|
||
|
9605000
|
unkown
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
23BD000
|
direct allocation
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
179FC7C0000
|
heap
|
page read and write
|
||
|
989F000
|
unkown
|
page read and write
|
||
|
C183000
|
unkown
|
page read and write
|
||
|
7D0D000
|
stack
|
page read and write
|
||
|
2870000
|
unkown
|
page read and write
|
||
|
68E000
|
stack
|
page read and write
|
||
|
7FF6918C5000
|
unkown
|
page readonly
|
||
|
644000
|
heap
|
page read and write
|
||
|
7FF6918C0000
|
unkown
|
page readonly
|
||
|
147DB000
|
unkown
|
page read and write
|
||
|
23115140000
|
heap
|
page read and write
|
There are 2652 hidden memdumps, click here to show them.