Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
EpsilonFruit.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\095e3122-2da5-4124-bb60-1d304745a2e6.tmp.node
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\ffmpeg.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\libEGL.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\libGLESv2.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\fb0541d2-f67e-4988-9a28-0539cb396a9a.tmp.node
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\EpsilonFruit.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\ffmpeg.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\libEGL.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\libGLESv2.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\resources\app.asar
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\swiftshader\libEGL.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\swiftshader\libGLESv2.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\vk_swiftshader.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\vulkan-1.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\1f181610-fcc3-444d-bbc8-0fc06a12a77c.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 15328980
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\LICENSE.electron.txt
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\LICENSES.chromium.html
|
HTML document, ASCII text, with CRLF, LF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\chrome_100_percent.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\chrome_200_percent.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\d3dcompiler_47.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\icudtl.dat
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\resources.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\LICENSE.electron.txt
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\LICENSES.chromium.html
|
HTML document, ASCII text, with CRLF, LF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\chrome_100_percent.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\chrome_200_percent.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\d3dcompiler_47.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\icudtl.dat
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\am.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\ar.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\bg.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\bn.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\ca.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\cs.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\da.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\de.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\el.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\en-GB.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\en-US.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\es-419.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\es.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\et.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\fa.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\fi.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\fil.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\fr.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\gu.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\he.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\hi.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\hr.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\hu.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\id.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\it.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\ja.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\kn.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\ko.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\lt.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\lv.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\ml.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\mr.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\ms.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\nb.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\nl.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\pl.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\pt-BR.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\pt-PT.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\ro.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\ru.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\sk.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\sl.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\sr.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\sv.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\sw.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\ta.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\te.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\th.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\tr.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\uk.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\vi.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\zh-CN.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\locales\zh-TW.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\resources.pak
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\app.manifest
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\index.js
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\resources\elevate.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\snapshot_blob.bin
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\v8_context_snapshot.bin
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\7z-out\vk_swiftshader_icd.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\System.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\app-64.7z
|
7-zip archive data, version 0.4
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsx6326.tmp\nsis7z.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\EpsilonFruit\681d185e-0411-48ac-9f8d-6e70b5d4bd0a.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\EpsilonFruit\Cache\Cache_Data\data_0
|
FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\EpsilonFruit\Cache\Cache_Data\data_1
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\EpsilonFruit\Cache\Cache_Data\data_2
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\EpsilonFruit\Cache\Cache_Data\data_3
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\EpsilonFruit\Cache\Cache_Data\index
|
FoxPro FPT, blocks size 512, next free block index 3284796353, field type 0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\EpsilonFruit\Code Cache\js\index
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\EpsilonFruit\Code Cache\js\index-dir\temp-index
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\EpsilonFruit\Code Cache\js\index-dir\the-real-index (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\EpsilonFruit\Code Cache\wasm\index
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\EpsilonFruit\Code Cache\wasm\index-dir\temp-index
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\EpsilonFruit\Code Cache\wasm\index-dir\the-real-index (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\EpsilonFruit\GPUCache\data_0
|
FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\EpsilonFruit\GPUCache\data_1
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\EpsilonFruit\GPUCache\data_2
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\EpsilonFruit\GPUCache\data_3
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\EpsilonFruit\GPUCache\index
|
FoxPro FPT, blocks size 512, next free block index 3284796353, field type 0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\EpsilonFruit\Local State (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\EpsilonFruit\Local Storage\leveldb\000001.dbtmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\EpsilonFruit\Local Storage\leveldb\000003.log
|
OpenPGP Secret Key
|
modified
|
||
|
C:\Users\user\AppData\Roaming\EpsilonFruit\Local Storage\leveldb\CURRENT (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\EpsilonFruit\Local Storage\leveldb\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\EpsilonFruit\Local Storage\leveldb\MANIFEST-000001
|
OpenPGP Secret Key
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\EpsilonFruit\Network\102b3573-5d38-4cb5-aacf-0ce0e1a70b22.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\EpsilonFruit\Network\8bbab423-749b-4211-a215-8c4bb601caee.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\EpsilonFruit\Network\Network Persistent State (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\EpsilonFruit\Network\Network Persistent State~RF4916f0.TMP (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\EpsilonFruit\Preferences (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\EpsilonFruit\e6965d0f-44b6-44fa-994e-9b3a1ded33f2.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-GB\default.acl
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-GB\default.dic
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-GB\default.exc
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
There are 116 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
|
C:\Users\user\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
|
"C:\Users\user\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\EpsilonFruit"
--gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA=
--mojo-platform-channel-handle=1720 --field-trial-handle=1780,4446609396603804754,17593310329592071850,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand
/prefetch:2
|
|
|
|
C:\Users\user\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
|
"C:\Users\user\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe" --type=utility --utility-sub-type=network.mojom.NetworkService
--lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\EpsilonFruit" --mojo-platform-channel-handle=1948
--field-trial-handle=1780,4446609396603804754,17593310329592071850,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand
/prefetch:8
|
|
|
|
C:\Users\user\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
|
"C:\Users\user\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Roaming\EpsilonFruit"
--app-path="C:\Users\user\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\resources\app.asar" --no-sandbox --no-zygote --lang=en-GB
--device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --launch-time-ticks=4714222268
--mojo-platform-channel-handle=2188 --field-trial-handle=1780,4446609396603804754,17593310329592071850,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand
/prefetch:1
|
|
|
|
C:\Users\user\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe
|
"C:\Users\user\AppData\Local\Temp\2f39P0ISFknOZLiL2q9ButG5J7V\EpsilonFruit.exe" --type=utility --utility-sub-type=audio.mojom.AudioService
--lang=en-GB --service-sandbox-type=audio --user-data-dir="C:\Users\user\AppData\Roaming\EpsilonFruit" --mojo-platform-channel-handle=2300
--field-trial-handle=1780,4446609396603804754,17593310329592071850,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand
/prefetch:8
|
|
|
|
C:\Users\user\Desktop\EpsilonFruit.exe
|
"C:\Users\user\Desktop\EpsilonFruit.exe"
|
||
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WMIC.exe
|
wmic CsProduct Get UUID
|
||
|
C:\Windows\explorer.exe
|
C:\Windows\Explorer.EXE
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://www.google.com/speech-api/full-duplex/v1
|
unknown
|
||
|
https://url.spec.whatwg.org/#concept-url-origin
|
unknown
|
||
|
https://tools.ietf.org/html/rfc6455#section-1.3
|
unknown
|
||
|
https://www.ecma-international.org/ecma-262/8.0/#sec-atomescape
|
unknown
|
||
|
https://fr.search.yahoo.com/favicon.ico
|
unknown
|
||
|
https://developer.chrome.com/blog/immutable-document-domain
|
unknown
|
||
|
https://crbug.com/dawn/402
|
unknown
|
||
|
http://i.wp.pl/a/i/stg/500/favicon.icohttp://szukaj.wp.pl/szukaj.html?q=
|
unknown
|
||
|
https://crbug.com/dawn/1071:
|
unknown
|
||
|
https://suggestplugin.gmx.co.uk/s?q=
|
unknown
|
||
|
http://www.search.delta-search.com/?q=
|
unknown
|
||
|
http://www.walla.co.il/favicon.icohttp://search.walla.co.il/?q=
|
unknown
|
||
|
https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/repairES5.js
|
unknown
|
||
|
https://tc39.github.io/ecma262/#sec-%iteratorprototype%-object
|
unknown
|
||
|
https://www.givero.com/suggest?q=
|
unknown
|
||
|
https://url.spec.whatwg.org/#concept-urlencoded-serializer
|
unknown
|
||
|
https://www.chromium.org/blink/origin-trials/portals.
|
unknown
|
||
|
https://clients3.google.com/ct_upload
|
unknown
|
||
|
https://chromium.googlesource.com/chromium/src/
|
unknown
|
||
|
https://www.so.com/favicon.ico
|
unknown
|
||
|
https://dk.search.yahoo.com/favicon.icohttps://dk.search.yahoo.com/search
|
unknown
|
||
|
http://l.twimg.com/i/hpkp_report
|
unknown
|
||
|
https://www.chromium.org/blink/origin-trials/portals.The
|
unknown
|
||
|
https://www.chromestatus.com/feature/%s
|
unknown
|
||
|
http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.icohttps://hladaj.atlas.sk/fulltext/?p
|
unknown
|
||
|
http://www.conduit.com/favicon.ico
|
unknown
|
||
|
http://www.midnight-commander.org/browser/lib/tty/key.c
|
unknown
|
||
|
https://tools.ietf.org/html/rfc7540#section-8.1.2.5
|
unknown
|
||
|
https://wwww.certigna.fr/autorites/0m
|
unknown
|
||
|
https://crbug.com/tint.
|
unknown
|
||
|
https://vn.search.yahoo.com/search
|
unknown
|
||
|
http://www.squid-cache.org/Doc/config/half_closed_clients/
|
unknown
|
||
|
https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalEscape
|
unknown
|
||
|
https://github.com/nodejs/node/pull/33661
|
unknown
|
||
|
http://narwhaljs.org)
|
unknown
|
||
|
http://www1.delta-search.com/?q=
|
unknown
|
||
|
https://buscador.terra.com.ar/Default.aspx?source=Search&ca=s&query=
|
unknown
|
||
|
http://www.symauth.com/rpa0)
|
unknown
|
||
|
https://chrome-devtools-frontend.appspot.com/serve_rev/%s/%s.html/devtools/page/%s?ws=%s%s%sMalforme
|
unknown
|
||
|
http://www.symauth.com/rpa00
|
unknown
|
||
|
https://sug.so.360.cn/suggest?encodein=
|
unknown
|
||
|
http://aia.startssl.com/certs/ca.crt02
|
unknown
|
||
|
https://github.com/electron/electron/issues/18397.Module
|
unknown
|
||
|
https://www.ecma-international.org/ecma-262/#sec-line-terminators
|
unknown
|
||
|
https://www.yandex.by/chrome/newtab
|
unknown
|
||
|
https://crbug.com/dawn/633
|
unknown
|
||
|
http://www.walla.co.il/favicon.ico
|
unknown
|
||
|
https://crbug.com/dawn/1071
|
unknown
|
||
|
https://go.mail.ru/chrome/newtab/
|
unknown
|
||
|
https://id.search.yahoo.com/search
|
unknown
|
||
|
http://www.neti.ee/cgi-bin/otsing?query=
|
unknown
|
||
|
https://certs.starfieldtech.com/repository/0
|
unknown
|
||
|
https://bugs.chromium.org/p/dawn/issues/detail?id=690
|
unknown
|
||
|
http://mysearch.sweetpacks.com/?q=
|
unknown
|
||
|
https://crbug.com/1053756
|
unknown
|
||
|
http://aia1.wosign.com/ca1-class3-server.cer0
|
unknown
|
||
|
https://ph.search.yahoo.com/favicon.icohttps://ph.search.yahoo.com/search
|
unknown
|
||
|
https://oceanhero.today/web?q=
|
unknown
|
||
|
https://developer.chrome.com/docs/extensions/mv3/cross-origin-isolation/.
|
unknown
|
||
|
https://github.com/WICG/construct-stylesheets/issues/119#issuecomment-588352418.
|
unknown
|
||
|
https://ch.search.yahoo.com/favicon.ico
|
unknown
|
||
|
https://heycam.github.io/webidl/#es-interfaces
|
unknown
|
||
|
https://html.spec.whatwg.org/multipage/browsers.html#concept-origin-opaque
|
unknown
|
||
|
https://github.com/nodejs/node/issues
|
unknown
|
||
|
https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigits
|
unknown
|
||
|
http://crl.entrust.net/g2ca.crl0;
|
unknown
|
||
|
http://imgs.sapo.pt/images/sapo.icohttp://pesquisa.sapo.pt/?q=
|
unknown
|
||
|
https://tc39.github.io/ecma262/#sec-object.prototype.tostring
|
unknown
|
||
|
https://url.spec.whatwg.org/#urlsearchparams
|
unknown
|
||
|
https://crbug.com/v8/8520
|
unknown
|
||
|
https://heycam.github.io/webidl/#Replaceable
|
unknown
|
||
|
https://in.search.yahoo.com/search
|
unknown
|
||
|
https://heycam.github.io/webidl/#dfn-class-string
|
unknown
|
||
|
http://.jpg
|
unknown
|
||
|
https://bugs.chromium.org/p/dawn/issues/detail?id=426Support
|
unknown
|
||
|
http://arianna.libero.it/search/abin/integrata.cgi?query=
|
unknown
|
||
|
https://crbug.com/1053756ICE
|
unknown
|
||
|
https://crbug.com/dawn/673
|
unknown
|
||
|
http://imgs.sapo.pt/images/sapo.ico
|
unknown
|
||
|
https://github.com/nodejs/node/issues/10673
|
unknown
|
||
|
https://search.privacywall.org/suggest.php?q=
|
unknown
|
||
|
https://xhr.spec.whatwg.org/.
|
unknown
|
||
|
https://nova.rambler.ru/suggest?v=3&query=
|
unknown
|
||
|
http://ocsp.accv.es0
|
unknown
|
||
|
https://ar.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
|
unknown
|
||
|
https://www.quad9.net/home/privacy/
|
unknown
|
||
|
https://www.yandex.ua/chrome/newtab
|
unknown
|
||
|
https://id.search.yahoo.com/favicon.ico
|
unknown
|
||
|
https://search.naver.com/search.naver?ie=
|
unknown
|
||
|
https://search.daum.net/favicon.icohttps://search.daum.net/search?w=tot&DA=JU5&q=
|
unknown
|
||
|
https://tc39.es/ecma262/#sec-%typedarray%-intrinsic-object
|
unknown
|
||
|
https://github.com/nodejs/node/issues/19009
|
unknown
|
||
|
https://doh-01.spectrum.com/dns-query
|
unknown
|
||
|
http://buscador.terra.es/Default.aspx?source=Search&ca=s&query=
|
unknown
|
||
|
https://crbug.com/dawn/667
|
unknown
|
||
|
https://search.yahoo.co.jp/search
|
unknown
|
||
|
http://nl.softonic.com/s/
|
unknown
|
||
|
https://au.search.yahoo.com/favicon.ico
|
unknown
|
||
|
https://bugs.chromium.org/p/dawn/issues/detail?id=426
|
unknown
|
||
|
https://tc39.github.io/ecma262/#sec-%typedarray%.of
|
unknown
|
There are 90 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
chrome.cloudflare-dns.com
|
162.159.61.3
|
||
|
ipinfo.io
|
34.117.186.192
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
34.117.186.192
|
ipinfo.io
|
United States
|
||
|
162.159.61.3
|
chrome.cloudflare-dns.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
Classes
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
~reserved~
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
Classes
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
~reserved~
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
Classes
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
~reserved~
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
Classes
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
~reserved~
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
Classes
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
~reserved~
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
Classes
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
~reserved~
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
|
{5985FC23-2588-4D9A-B38B-7E7AFFAB3155} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
Classes
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
~reserved~
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
Classes
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
~reserved~
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
Classes
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
~reserved~
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
Classes
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
~reserved~
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
Classes
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
~reserved~
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.csv\OpenWithProgids
|
Excel.CSV
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\OpenWithProgids
|
Word.Document.8
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docm\OpenWithProgids
|
Word.DocumentMacroEnabled.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\OpenWithProgids
|
Word.Document.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dot\OpenWithProgids
|
Word.Template.8
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dotm\OpenWithProgids
|
Word.TemplateMacroEnabled.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dotx\OpenWithProgids
|
Word.Template.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msg\OpenWithProgids
|
Outlook.File.msg.15
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.odp\OpenWithProgids
|
PowerPoint.OpenDocumentPresentation.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ods\OpenWithProgids
|
Excel.OpenDocumentSpreadsheet.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.odt\OpenWithProgids
|
Word.OpenDocumentText.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pot\OpenWithProgids
|
PowerPoint.Template.8
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.potm\OpenWithProgids
|
PowerPoint.TemplateMacroEnabled.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.potx\OpenWithProgids
|
PowerPoint.Template.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppam\OpenWithProgids
|
PowerPoint.Addin.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppsm\OpenWithProgids
|
PowerPoint.SlideShowMacroEnabled.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppsx\OpenWithProgids
|
PowerPoint.SlideShow.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppt\OpenWithProgids
|
PowerPoint.Show.8
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pptm\OpenWithProgids
|
PowerPoint.ShowMacroEnabled.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pptx\OpenWithProgids
|
PowerPoint.Show.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rtf\OpenWithProgids
|
Word.RTF.8
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sldm\OpenWithProgids
|
PowerPoint.SlideMacroEnabled.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sldx\OpenWithProgids
|
PowerPoint.Slide.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vsto\OpenWithProgids
|
bootstrap.vsto.1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlam\OpenWithProgids
|
Excel.AddInMacroEnabled
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xls\OpenWithProgids
|
Excel.Sheet.8
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsb\OpenWithProgids
|
Excel.SheetBinaryMacroEnabled.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsm\OpenWithProgids
|
Excel.SheetMacroEnabled.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsx\OpenWithProgids
|
Excel.Sheet.12
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlt\OpenWithProgids
|
Excel.Template.8
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xltm\OpenWithProgids
|
Excel.TemplateMacroEnabled
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xltx\OpenWithProgids
|
Excel.Template
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithProgids
|
Unpacker
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
Classes
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
~reserved~
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
Classes
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
~reserved~
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
Classes
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
|
~reserved~
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Security and Maintenance\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.102
|
CheckSetting
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\OpenWithProgids
|
WMP11.AssocFile.3G2
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\OpenWithProgids
|
WMP11.AssocFile.3GP
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\OpenWithProgids
|
WMP11.AssocFile.3G2
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\OpenWithProgids
|
WMP11.AssocFile.3GP
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\OpenWithProgids
|
WMP11.AssocFile.ADTS
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adt\OpenWithProgids
|
WMP11.AssocFile.ADTS
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\OpenWithProgids
|
WMP11.AssocFile.AIFF
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\OpenWithProgids
|
WMP11.AssocFile.AIFF
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\OpenWithProgids
|
WMP11.AssocFile.ASF
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\OpenWithProgids
|
WMP11.AssocFile.ASX
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\OpenWithProgids
|
WMP11.AssocFile.AU
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au3\OpenWithProgids
|
AutoIt3Script
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\OpenWithProgids
|
WMP11.AssocFile.AVI
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\OpenWithProgids
|
Paint.Picture
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cab\OpenWithProgids
|
CABFolder
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdxml\OpenWithProgids
|
Microsoft.PowerShellCmdletDefinitionXML.1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.css\OpenWithProgids
|
CSSfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dds\OpenWithProgids
|
ddsfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\OpenWithProgids
|
Paint.Picture
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dll\OpenWithProgids
|
dllfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\OpenWithProgids
|
emffile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids
|
exefile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\OpenWithProgids
|
WMP11.AssocFile.FLAC
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fon\OpenWithProgids
|
fonfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\OpenWithProgids
|
giffile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids
|
htmlfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\OpenWithProgids
|
icofile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inf\OpenWithProgids
|
inffile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ini\OpenWithProgids
|
inifile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\OpenWithProgids
|
pjpegfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\OpenWithProgids
|
jpegfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\OpenWithProgids
|
jpegfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jxr\OpenWithProgids
|
wdpfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lnk\OpenWithProgids
|
lnkfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\OpenWithProgids
|
WMP11.AssocFile.MPEG
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\OpenWithProgids
|
WMP11.AssocFile.M2TS
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\OpenWithProgids
|
WMP11.AssocFile.M2TS
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\OpenWithProgids
|
WMP11.AssocFile.MPEG
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\OpenWithProgids
|
WMP11.AssocFile.m3u
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\OpenWithProgids
|
WMP11.AssocFile.M4A
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\OpenWithProgids
|
WMP11.AssocFile.MP4
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\OpenWithProgids
|
mhtmlfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\OpenWithProgids
|
mhtmlfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\OpenWithProgids
|
WMP11.AssocFile.MIDI
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mk3d\OpenWithProgids
|
WMP11.AssocFile.MK3D
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mka\OpenWithProgids
|
WMP11.AssocFile.MKA
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\OpenWithProgids
|
WMP11.AssocFile.MKV
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\OpenWithProgids
|
WMP11.AssocFile.MPEG
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\OpenWithProgids
|
WMP11.AssocFile.MOV
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MP2\OpenWithProgids
|
WMP11.AssocFile.MP3
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\OpenWithProgids
|
WMP11.AssocFile.MP3
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\OpenWithProgids
|
WMP11.AssocFile.MP4
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\OpenWithProgids
|
WMP11.AssocFile.MP4
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\OpenWithProgids
|
WMP11.AssocFile.MPEG
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MPE\OpenWithProgids
|
WMP11.AssocFile.MPEG
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\OpenWithProgids
|
WMP11.AssocFile.MPEG
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\OpenWithProgids
|
WMP11.AssocFile.M2TS
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ocx\OpenWithProgids
|
ocxfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.otf\OpenWithProgids
|
otffile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\OpenWithProgids
|
pngfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ps1\OpenWithProgids
|
Microsoft.PowerShellScript.1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ps1xml\OpenWithProgids
|
Microsoft.PowerShellXMLData.1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd1\OpenWithProgids
|
Microsoft.PowerShellData.1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psm1\OpenWithProgids
|
Microsoft.PowerShellModule.1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pssc\OpenWithProgids
|
Microsoft.PowerShellSessionConfiguration.1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\OpenWithProgids
|
rlefile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\OpenWithProgids
|
WMP11.AssocFile.MIDI
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.scf\OpenWithProgids
|
SHCmdFile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.search-ms\OpenWithProgids
|
SearchFolder
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithProgids
|
shtmlfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\OpenWithProgids
|
WMP11.AssocFile.AU
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sys\OpenWithProgids
|
sysfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\OpenWithProgids
|
TIFImage.Document
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\OpenWithProgids
|
TIFImage.Document
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\OpenWithProgids
|
WMP11.AssocFile.TTS
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\OpenWithProgids
|
ttcfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\OpenWithProgids
|
ttffile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\OpenWithProgids
|
WMP11.AssocFile.TTS
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithProgids
|
txtfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\OpenWithProgids
|
WMP11.AssocFile.WAV
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\OpenWithProgids
|
WMP11.AssocFile.WAX
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdp\OpenWithProgids
|
wdpfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\OpenWithProgids
|
WMP11.AssocFile.ASF
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\OpenWithProgids
|
WMP11.AssocFile.WMA
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\OpenWithProgids
|
wmffile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\OpenWithProgids
|
WMP11.AssocFile.WMV
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\OpenWithProgids
|
WMP11.AssocFile.ASX
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WPL\OpenWithProgids
|
WMP11.AssocFile.WPL
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\OpenWithProgids
|
WMP11.AssocFile.WVX
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\OpenWithProgids
|
xmlfile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xsl\OpenWithProgids
|
xslfile
|
There are 144 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
89FA000
|
heap
|
page read and write
|
||
|
AA2C000
|
unkown
|
page read and write
|
||
|
3681000
|
heap
|
page read and write
|
||
|
A408000
|
unkown
|
page read and write
|
||
|
C7C6000
|
unkown
|
page read and write
|
||
|
C1CC000
|
stack
|
page read and write
|
||
|
A02E000
|
stack
|
page read and write
|
||
|
8D3D000
|
stack
|
page read and write
|
||
|
BF3E000
|
stack
|
page read and write
|
||
|
7FF5D66E8000
|
unkown
|
page readonly
|
||
|
35B3000
|
unkown
|
page read and write
|
||
|
7FF716B40000
|
unkown
|
page readonly
|
||
|
7FF5D706E000
|
unkown
|
page readonly
|
||
|
91F0000
|
unkown
|
page readonly
|
||
|
152EB9E4000
|
heap
|
page read and write
|
||
|
7FF5D77CD000
|
unkown
|
page readonly
|
||
|
9E2E000
|
stack
|
page read and write
|
||
|
7FF5D770F000
|
unkown
|
page readonly
|
||
|
8890000
|
unkown
|
page readonly
|
||
|
7FF5D75EE000
|
unkown
|
page readonly
|
||
|
C47F000
|
unkown
|
page read and write
|
||
|
152E9B01000
|
heap
|
page read and write
|
||
|
35CD000
|
unkown
|
page read and write
|
||
|
7FF5D6BE4000
|
unkown
|
page readonly
|
||
|
7FF5D778A000
|
unkown
|
page readonly
|
||
|
152E9AEE000
|
heap
|
page read and write
|
||
|
B220000
|
unkown
|
page read and write
|
||
|
7FF5D7648000
|
unkown
|
page readonly
|
||
|
152E9B06000
|
heap
|
page read and write
|
||
|
26344FF000
|
stack
|
page read and write
|
||
|
7FF5D77D2000
|
unkown
|
page readonly
|
||
|
152EA090000
|
heap
|
page read and write
|
||
|
9B2C000
|
unkown
|
page read and write
|
||
|
4A12000
|
unkown
|
page read and write
|
||
|
C3CC000
|
stack
|
page read and write
|
||
|
7FF5D7488000
|
unkown
|
page readonly
|
||
|
AA91000
|
unkown
|
page read and write
|
||
|
E10000
|
unkown
|
page readonly
|
||
|
7FF5D720F000
|
unkown
|
page readonly
|
||
|
C9D9000
|
unkown
|
page read and write
|
||
|
7FF5D75DF000
|
unkown
|
page readonly
|
||
|
7FF5D76F5000
|
unkown
|
page readonly
|
||
|
7FF5D777A000
|
unkown
|
page readonly
|
||
|
761E000
|
unkown
|
page read and write
|
||
|
3400000
|
heap
|
page read and write
|
||
|
9FAF000
|
stack
|
page read and write
|
||
|
9B77000
|
unkown
|
page read and write
|
||
|
C625000
|
unkown
|
page read and write
|
||
|
7FF5D74B3000
|
unkown
|
page readonly
|
||
|
7E58000
|
stack
|
page read and write
|
||
|
7FF71BB41000
|
unkown
|
page execute read
|
||
|
7FF5D7837000
|
unkown
|
page readonly
|
||
|
9AAA000
|
unkown
|
page read and write
|
||
|
7FF71E595000
|
unkown
|
page readonly
|
||
|
942E000
|
stack
|
page read and write
|
||
|
152EA0BC000
|
heap
|
page read and write
|
||
|
3100000
|
heap
|
page read and write
|
||
|
7FF5D747F000
|
unkown
|
page readonly
|
||
|
4986000
|
unkown
|
page read and write
|
||
|
7FF71E40F000
|
unkown
|
page readonly
|
||
|
7FF5D7669000
|
unkown
|
page readonly
|
||
|
152EA097000
|
heap
|
page read and write
|
||
|
7FF5D7604000
|
unkown
|
page readonly
|
||
|
927E000
|
stack
|
page read and write
|
||
|
7FF71DCFB000
|
unkown
|
page readonly
|
||
|
7FF5D779E000
|
unkown
|
page readonly
|
||
|
AAA9000
|
unkown
|
page read and write
|
||
|
2D40000
|
heap
|
page read and write
|
||
|
152EA0C2000
|
heap
|
page read and write
|
||
|
C9A7000
|
unkown
|
page read and write
|
||
|
152E9D1E000
|
heap
|
page read and write
|
||
|
362D000
|
unkown
|
page read and write
|
||
|
152EB9E4000
|
heap
|
page read and write
|
||
|
3601000
|
heap
|
page read and write
|
||
|
3040000
|
heap
|
page read and write
|
||
|
B4BF000
|
stack
|
page read and write
|
||
|
152E9AC6000
|
heap
|
page read and write
|
||
|
152EA09E000
|
heap
|
page read and write
|
||
|
8DCB000
|
stack
|
page read and write
|
||
|
152EA0C9000
|
heap
|
page read and write
|
||
|
768C000
|
unkown
|
page read and write
|
||
|
C65E000
|
unkown
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
5330000
|
unkown
|
page write copy
|
||
|
7FF5D75D9000
|
unkown
|
page readonly
|
||
|
3160000
|
unkown
|
page read and write
|
||
|
3001000
|
heap
|
page read and write
|
||
|
8870000
|
unkown
|
page readonly
|
||
|
7FF71E5C1000
|
unkown
|
page readonly
|
||
|
7FF5D765F000
|
unkown
|
page readonly
|
||
|
A39C000
|
unkown
|
page read and write
|
||
|
7DF4F2480000
|
unkown
|
page readonly
|
||
|
7FF5D775C000
|
unkown
|
page readonly
|
||
|
A2A2000
|
unkown
|
page read and write
|
||
|
7FF5D7230000
|
unkown
|
page readonly
|
||
|
7DF4F2471000
|
unkown
|
page execute read
|
||
|
7FF5D77C2000
|
unkown
|
page readonly
|
||
|
35B5000
|
unkown
|
page read and write
|
||
|
C891000
|
unkown
|
page read and write
|
||
|
7C80000
|
unkown
|
page read and write
|
||
|
3380000
|
heap
|
page read and write
|
||
|
2F81000
|
heap
|
page read and write
|
||
|
A2D7000
|
unkown
|
page read and write
|
||
|
11BF000
|
unkown
|
page read and write
|
||
|
7FF5D744E000
|
unkown
|
page readonly
|
||
|
7FF71C541000
|
unkown
|
page execute read
|
||
|
152E9AA7000
|
heap
|
page read and write
|
||
|
760F000
|
unkown
|
page read and write
|
||
|
152E9AE2000
|
heap
|
page read and write
|
||
|
152EB9E6000
|
heap
|
page read and write
|
||
|
F0C000
|
heap
|
page read and write
|
||
|
7FF717541000
|
unkown
|
page execute read
|
||
|
7FF5D7523000
|
unkown
|
page readonly
|
||
|
3600000
|
heap
|
page read and write
|
||
|
E8CB000
|
stack
|
page read and write
|
||
|
7FF716B41000
|
unkown
|
page execute read
|
||
|
7FF5D7394000
|
unkown
|
page readonly
|
||
|
7FF71E42F000
|
unkown
|
page readonly
|
||
|
152E9B0D000
|
heap
|
page read and write
|
||
|
152E9ACD000
|
heap
|
page read and write
|
||
|
152E9B05000
|
heap
|
page read and write
|
||
|
7FF5D71F9000
|
unkown
|
page readonly
|
||
|
35C1000
|
unkown
|
page read and write
|
||
|
7FF71E5C4000
|
unkown
|
page readonly
|
||
|
3500000
|
stack
|
page read and write
|
||
|
7691000
|
unkown
|
page read and write
|
||
|
BE49000
|
stack
|
page read and write
|
||
|
7611000
|
unkown
|
page read and write
|
||
|
A1AF000
|
stack
|
page read and write
|
||
|
4A0E000
|
unkown
|
page read and write
|
||
|
152EB9DE000
|
heap
|
page read and write
|
||
|
7FF5D74C3000
|
unkown
|
page readonly
|
||
|
152E9AEA000
|
heap
|
page read and write
|
||
|
C61D000
|
unkown
|
page read and write
|
||
|
8F49000
|
stack
|
page read and write
|
||
|
7FF71E40F000
|
unkown
|
page readonly
|
||
|
F774000
|
unkown
|
page read and write
|
||
|
152E9AEF000
|
heap
|
page read and write
|
||
|
7FF5CE343000
|
unkown
|
page readonly
|
||
|
7FF71E58E000
|
unkown
|
page readonly
|
||
|
7FF5D783B000
|
unkown
|
page readonly
|
||
|
2F7F000
|
stack
|
page read and write
|
||
|
75E0000
|
unkown
|
page read and write
|
||
|
9A84000
|
unkown
|
page read and write
|
||
|
7FF719D41000
|
unkown
|
page execute read
|
||
|
152EA0B9000
|
heap
|
page read and write
|
||
|
A9DF000
|
unkown
|
page read and write
|
||
|
3626000
|
unkown
|
page read and write
|
||
|
7FF5D7485000
|
unkown
|
page readonly
|
||
|
7FF5D77DA000
|
unkown
|
page readonly
|
||
|
3781000
|
heap
|
page read and write
|
||
|
9AF9000
|
unkown
|
page read and write
|
||
|
7FF5D76C8000
|
unkown
|
page readonly
|
||
|
7FF5D758D000
|
unkown
|
page readonly
|
||
|
5463000
|
unkown
|
page read and write
|
||
|
8FD9000
|
stack
|
page read and write
|
||
|
4A44000
|
unkown
|
page read and write
|
||
|
35C3000
|
unkown
|
page read and write
|
||
|
7FF5D7700000
|
unkown
|
page readonly
|
||
|
7FF71D941000
|
unkown
|
page execute read
|
||
|
A3AA000
|
unkown
|
page read and write
|
||
|
1390000
|
heap
|
page read and write
|
||
|
2881000
|
heap
|
page read and write
|
||
|
7FF71A741000
|
unkown
|
page execute read
|
||
|
7FF5D776D000
|
unkown
|
page readonly
|
||
|
C653000
|
unkown
|
page read and write
|
||
|
7FF716B40000
|
unkown
|
page readonly
|
||
|
7631000
|
unkown
|
page read and write
|
||
|
1000000
|
heap
|
page read and write
|
||
|
152EA0B9000
|
heap
|
page read and write
|
||
|
96FE000
|
stack
|
page read and write
|
||
|
1EA03FC0000
|
heap
|
page read and write
|
||
|
7FF5D7450000
|
unkown
|
page readonly
|
||
|
7FF5D75CB000
|
unkown
|
page readonly
|
||
|
7FF71E444000
|
unkown
|
page readonly
|
||
|
77A2000
|
unkown
|
page read and write
|
||
|
7C90000
|
unkown
|
page read and write
|
||
|
E00000
|
unkown
|
page readonly
|
||
|
2BC0000
|
heap
|
page read and write
|
||
|
7FF71E591000
|
unkown
|
page readonly
|
||
|
7FF5D7452000
|
unkown
|
page readonly
|
||
|
7FF5D752F000
|
unkown
|
page readonly
|
||
|
152E9ACD000
|
heap
|
page read and write
|
||
|
7FF5D75F6000
|
unkown
|
page readonly
|
||
|
7686000
|
unkown
|
page read and write
|
||
|
3301000
|
heap
|
page read and write
|
||
|
C24E000
|
stack
|
page read and write
|
||
|
C5F0000
|
unkown
|
page read and write
|
||
|
A3B9000
|
unkown
|
page read and write
|
||
|
7FF5D77FD000
|
unkown
|
page readonly
|
||
|
7FF5D7280000
|
unkown
|
page readonly
|
||
|
A23A000
|
unkown
|
page read and write
|
||
|
E74D000
|
stack
|
page read and write
|
||
|
E7CD000
|
stack
|
page read and write
|
||
|
7FF5D75B8000
|
unkown
|
page readonly
|
||
|
A9A0000
|
unkown
|
page read and write
|
||
|
BE90000
|
unkown
|
page read and write
|
||
|
7FF719341000
|
unkown
|
page execute read
|
||
|
7FF5D72D0000
|
unkown
|
page readonly
|
||
|
7609000
|
unkown
|
page read and write
|
||
|
E4CB000
|
stack
|
page read and write
|
||
|
7FF5D7073000
|
unkown
|
page readonly
|
||
|
9A92000
|
unkown
|
page read and write
|
||
|
3050000
|
unkown
|
page read and write
|
||
|
1160000
|
unkown
|
page read and write
|
||
|
152EA0A7000
|
heap
|
page read and write
|
||
|
152EA09C000
|
heap
|
page read and write
|
||
|
C663000
|
unkown
|
page read and write
|
||
|
B85A000
|
stack
|
page read and write
|
||
|
49D6000
|
unkown
|
page read and write
|
||
|
7FF71E5C1000
|
unkown
|
page readonly
|
||
|
E54D000
|
stack
|
page read and write
|
||
|
7FF71E43A000
|
unkown
|
page readonly
|
||
|
7FF5D74F2000
|
unkown
|
page readonly
|
||
|
4AA0000
|
unkown
|
page read and write
|
||
|
7AC0000
|
unkown
|
page read and write
|
||
|
7FF5D7202000
|
unkown
|
page readonly
|
||
|
F7B4000
|
unkown
|
page read and write
|
||
|
152E9BB0000
|
trusted library allocation
|
page read and write
|
||
|
A2B5000
|
unkown
|
page read and write
|
||
|
152E9AF5000
|
heap
|
page read and write
|
||
|
BEA0000
|
unkown
|
page readonly
|
||
|
7FF5D770A000
|
unkown
|
page readonly
|
||
|
B950000
|
unkown
|
page readonly
|
||
|
7DF4F2461000
|
unkown
|
page execute read
|
||
|
7FF5D75D6000
|
unkown
|
page readonly
|
||
|
7FF5D766E000
|
unkown
|
page readonly
|
||
|
7FF5D7703000
|
unkown
|
page readonly
|
||
|
7FF5D7589000
|
unkown
|
page readonly
|
||
|
7FF5D71C8000
|
unkown
|
page readonly
|
||
|
9A9E000
|
unkown
|
page read and write
|
||
|
288C000
|
heap
|
page read and write
|
||
|
7FF5D751F000
|
unkown
|
page readonly
|
||
|
7FF719D41000
|
unkown
|
page execute read
|
||
|
7FF5D7398000
|
unkown
|
page readonly
|
||
|
152E9BB0000
|
trusted library allocation
|
page read and write
|
||
|
35E4000
|
unkown
|
page read and write
|
||
|
7FF5D77DD000
|
unkown
|
page readonly
|
||
|
152E9B01000
|
heap
|
page read and write
|
||
|
7FF5D7442000
|
unkown
|
page readonly
|
||
|
1EA03D30000
|
heap
|
page read and write
|
||
|
C7BE000
|
unkown
|
page read and write
|
||
|
1380000
|
heap
|
page read and write
|
||
|
7DF4F24A1000
|
unkown
|
page execute read
|
||
|
7FF5D7799000
|
unkown
|
page readonly
|
||
|
760B000
|
unkown
|
page read and write
|
||
|
7C70000
|
unkown
|
page readonly
|
||
|
7FF71E444000
|
unkown
|
page readonly
|
||
|
F73B000
|
unkown
|
page read and write
|
||
|
7FF5D732D000
|
unkown
|
page readonly
|
||
|
AFBE000
|
stack
|
page read and write
|
||
|
152EA0AD000
|
heap
|
page read and write
|
||
|
7FF5D720A000
|
unkown
|
page readonly
|
||
|
7FF717541000
|
unkown
|
page execute read
|
||
|
49FD000
|
unkown
|
page read and write
|
||
|
152E9AF9000
|
heap
|
page read and write
|
||
|
7FF5D769E000
|
unkown
|
page readonly
|
||
|
BB10000
|
heap
|
page read and write
|
||
|
7FF5D75F2000
|
unkown
|
page readonly
|
||
|
7FF5D7740000
|
unkown
|
page readonly
|
||
|
7460000
|
unkown
|
page read and write
|
||
|
35F4000
|
unkown
|
page read and write
|
||
|
7FF5D77C7000
|
unkown
|
page readonly
|
||
|
7FF5D74B8000
|
unkown
|
page readonly
|
||
|
7FF5D776F000
|
unkown
|
page readonly
|
||
|
7FF71B141000
|
unkown
|
page execute read
|
||
|
7FF71E420000
|
unkown
|
page readonly
|
||
|
152E9AFB000
|
heap
|
page read and write
|
||
|
7B60000
|
unkown
|
page readonly
|
||
|
152E9AE2000
|
heap
|
page read and write
|
||
|
7FF717F41000
|
unkown
|
page execute read
|
||
|
7DF4F2460000
|
unkown
|
page readonly
|
||
|
AA2F000
|
unkown
|
page read and write
|
||
|
152EA222000
|
heap
|
page read and write
|
||
|
C5F4000
|
unkown
|
page read and write
|
||
|
3280000
|
heap
|
page read and write
|
||
|
152EA225000
|
heap
|
page read and write
|
||
|
152EA0C9000
|
heap
|
page read and write
|
||
|
7FF5D7641000
|
unkown
|
page readonly
|
||
|
152E9AE5000
|
heap
|
page read and write
|
||
|
7605000
|
unkown
|
page read and write
|
||
|
152E9AC4000
|
heap
|
page read and write
|
||
|
7618000
|
unkown
|
page read and write
|
||
|
7FF5D7507000
|
unkown
|
page readonly
|
||
|
7FF5D748C000
|
unkown
|
page readonly
|
||
|
7DC0000
|
unkown
|
page readonly
|
||
|
7FF5D7438000
|
unkown
|
page readonly
|
||
|
152EA223000
|
heap
|
page read and write
|
||
|
7FF5D7272000
|
unkown
|
page readonly
|
||
|
9B41000
|
unkown
|
page read and write
|
||
|
9AB4000
|
unkown
|
page read and write
|
||
|
84BB000
|
stack
|
page read and write
|
||
|
7FF5D71E6000
|
unkown
|
page readonly
|
||
|
7FF5D74FA000
|
unkown
|
page readonly
|
||
|
7FF71B141000
|
unkown
|
page execute read
|
||
|
7FF5D75B3000
|
unkown
|
page readonly
|
||
|
1350000
|
unkown
|
page readonly
|
||
|
9EAE000
|
stack
|
page read and write
|
||
|
760D000
|
unkown
|
page read and write
|
||
|
89F0000
|
heap
|
page read and write
|
||
|
F6B4000
|
unkown
|
page read and write
|
||
|
F7F0000
|
unkown
|
page read and write
|
||
|
AE1D000
|
stack
|
page read and write
|
||
|
7FF71C541000
|
unkown
|
page execute read
|
||
|
2FF9000
|
stack
|
page read and write
|
||
|
54D000
|
unkown
|
page readonly
|
||
|
7FF5D716B000
|
unkown
|
page readonly
|
||
|
35BD000
|
unkown
|
page read and write
|
||
|
152EB9D3000
|
heap
|
page read and write
|
||
|
7FF716B41000
|
unkown
|
page execute read
|
||
|
3030000
|
unkown
|
page read and write
|
||
|
7FF5D723F000
|
unkown
|
page readonly
|
||
|
49BB000
|
unkown
|
page read and write
|
||
|
7FF5D73F5000
|
unkown
|
page readonly
|
||
|
9AA8000
|
unkown
|
page read and write
|
||
|
152EA0A4000
|
heap
|
page read and write
|
||
|
7FF5D77A4000
|
unkown
|
page readonly
|
||
|
C61B000
|
unkown
|
page read and write
|
||
|
7FF71E5AA000
|
unkown
|
page readonly
|
||
|
7FF5D764F000
|
unkown
|
page readonly
|
||
|
53E1000
|
unkown
|
page read and write
|
||
|
C9F6000
|
unkown
|
page read and write
|
||
|
9ABD000
|
unkown
|
page read and write
|
||
|
7FF71D941000
|
unkown
|
page execute read
|
||
|
7DBC000
|
stack
|
page read and write
|
||
|
7FF5D7075000
|
unkown
|
page readonly
|
||
|
7FF71E41A000
|
unkown
|
page readonly
|
||
|
7FF5D7792000
|
unkown
|
page readonly
|
||
|
2A40000
|
heap
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
C5FD000
|
unkown
|
page read and write
|
||
|
C609000
|
unkown
|
page read and write
|
||
|
12D0000
|
unkown
|
page readonly
|
||
|
7FF5D7482000
|
unkown
|
page readonly
|
||
|
2634088000
|
stack
|
page read and write
|
||
|
3200000
|
heap
|
page read and write
|
||
|
3702000
|
heap
|
page read and write
|
||
|
AA40000
|
unkown
|
page read and write
|
||
|
A9FD000
|
unkown
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
3280000
|
unkown
|
page read and write
|
||
|
7FF5D719C000
|
unkown
|
page readonly
|
||
|
9EB0000
|
unkown
|
page readonly
|
||
|
7FF5D7284000
|
unkown
|
page readonly
|
||
|
7FF719D41000
|
unkown
|
page execute read
|
||
|
1340000
|
unkown
|
page read and write
|
||
|
7FF5D77B6000
|
unkown
|
page readonly
|
||
|
7FF5D7691000
|
unkown
|
page readonly
|
||
|
7FF71E591000
|
unkown
|
page readonly
|
||
|
152EA09F000
|
heap
|
page read and write
|
||
|
7FF5D71BF000
|
unkown
|
page readonly
|
||
|
7FF5D72CE000
|
unkown
|
page readonly
|
||
|
EF0000
|
heap
|
page read and write
|
||
|
7FF5D76D7000
|
unkown
|
page readonly
|
||
|
C800000
|
unkown
|
page read and write
|
||
|
7FF5D7065000
|
unkown
|
page readonly
|
||
|
7FF71E41A000
|
unkown
|
page readonly
|
||
|
7FF5D76DA000
|
unkown
|
page readonly
|
||
|
8A70000
|
unkown
|
page read and write
|
||
|
E64D000
|
stack
|
page read and write
|
||
|
7FF5D7682000
|
unkown
|
page readonly
|
||
|
152E9AA7000
|
heap
|
page read and write
|
||
|
7FF5D75FF000
|
unkown
|
page readonly
|
||
|
3140000
|
unkown
|
page read and write
|
||
|
C44F000
|
stack
|
page read and write
|
||
|
7FF5D7546000
|
unkown
|
page readonly
|
||
|
9AA0000
|
unkown
|
page read and write
|
||
|
3181000
|
heap
|
page read and write
|
||
|
7FF5D7376000
|
unkown
|
page readonly
|
||
|
C669000
|
unkown
|
page read and write
|
||
|
7FF5D7722000
|
unkown
|
page readonly
|
||
|
152EB9DD000
|
heap
|
page read and write
|
||
|
7FF5D7795000
|
unkown
|
page readonly
|
||
|
152E9AFA000
|
heap
|
page read and write
|
||
|
7FF5D760B000
|
unkown
|
page readonly
|
||
|
7FF71E424000
|
unkown
|
page readonly
|
||
|
12B0000
|
unkown
|
page read and write
|
||
|
152EA22B000
|
heap
|
page read and write
|
||
|
7FF5D7309000
|
unkown
|
page readonly
|
||
|
7FF5D7558000
|
unkown
|
page readonly
|
||
|
152E9AF5000
|
heap
|
page read and write
|
||
|
7FF5D7429000
|
unkown
|
page readonly
|
||
|
B4D0000
|
unkown
|
page readonly
|
||
|
7FF5D77E0000
|
unkown
|
page readonly
|
||
|
CA47000
|
unkown
|
page read and write
|
||
|
2B81000
|
heap
|
page read and write
|
||
|
6DA3EFF000
|
stack
|
page read and write
|
||
|
AA01000
|
unkown
|
page read and write
|
||
|
E6CD000
|
stack
|
page read and write
|
||
|
1270000
|
unkown
|
page read and write
|
||
|
7FF71DD15000
|
unkown
|
page readonly
|
||
|
C617000
|
unkown
|
page read and write
|
||
|
49FA000
|
unkown
|
page read and write
|
||
|
7FF5D75F9000
|
unkown
|
page readonly
|
||
|
C908000
|
unkown
|
page read and write
|
||
|
7FF5D781A000
|
unkown
|
page readonly
|
||
|
3501000
|
heap
|
page read and write
|
||
|
13A0000
|
unkown
|
page readonly
|
||
|
152EB9D0000
|
heap
|
page read and write
|
||
|
8B7A000
|
unkown
|
page read and write
|
||
|
7FF5D7643000
|
unkown
|
page readonly
|
||
|
E84F000
|
stack
|
page read and write
|
||
|
7FF5D72D3000
|
unkown
|
page readonly
|
||
|
7FF71BB41000
|
unkown
|
page execute read
|
||
|
7FF71E8C1000
|
unkown
|
page readonly
|
||
|
C0BA000
|
stack
|
page read and write
|
||
|
152EA0B9000
|
heap
|
page read and write
|
||
|
7FF5D7236000
|
unkown
|
page readonly
|
||
|
A264000
|
unkown
|
page read and write
|
||
|
2EC0000
|
heap
|
page read and write
|
||
|
A286000
|
unkown
|
page read and write
|
||
|
7FF5D7694000
|
unkown
|
page readonly
|
||
|
AA24000
|
unkown
|
page read and write
|
||
|
A273000
|
unkown
|
page read and write
|
||
|
152EB9D1000
|
heap
|
page read and write
|
||
|
7FF5D66E3000
|
unkown
|
page readonly
|
||
|
7FF5D6AB6000
|
unkown
|
page readonly
|
||
|
2B01000
|
heap
|
page read and write
|
||
|
35B0000
|
unkown
|
page read and write
|
||
|
E5CD000
|
stack
|
page read and write
|
||
|
2D00000
|
heap
|
page read and write
|
||
|
7FF5D710B000
|
unkown
|
page readonly
|
||
|
30FB000
|
stack
|
page read and write
|
||
|
152EB9D4000
|
heap
|
page read and write
|
||
|
9B79000
|
unkown
|
page read and write
|
||
|
3580000
|
heap
|
page read and write
|
||
|
7FF5D7458000
|
unkown
|
page readonly
|
||
|
C8E5000
|
unkown
|
page read and write
|
||
|
35D5000
|
unkown
|
page read and write
|
||
|
9A90000
|
unkown
|
page read and write
|
||
|
C035000
|
stack
|
page read and write
|
||
|
152E9AD4000
|
heap
|
page read and write
|
||
|
A3AC000
|
unkown
|
page read and write
|
||
|
152E9AC5000
|
heap
|
page read and write
|
||
|
4AC0000
|
unkown
|
page read and write
|
||
|
B0E0000
|
unkown
|
page readonly
|
||
|
35C9000
|
unkown
|
page read and write
|
||
|
A416000
|
unkown
|
page read and write
|
||
|
7FF5D75A6000
|
unkown
|
page readonly
|
||
|
C73E000
|
unkown
|
page read and write
|
||
|
7FF5D7267000
|
unkown
|
page readonly
|
||
|
152E9BB0000
|
trusted library allocation
|
page read and write
|
||
|
4980000
|
unkown
|
page read and write
|
||
|
7FF5D748A000
|
unkown
|
page readonly
|
||
|
75FD000
|
unkown
|
page read and write
|
||
|
152EA0AD000
|
heap
|
page read and write
|
||
|
C81C000
|
unkown
|
page read and write
|
||
|
85BE000
|
stack
|
page read and write
|
||
|
3100000
|
unkown
|
page read and write
|
||
|
A220000
|
unkown
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
6DA3DFF000
|
unkown
|
page read and write
|
||
|
C4DC000
|
unkown
|
page read and write
|
||
|
94F4000
|
unkown
|
page read and write
|
||
|
AA04000
|
unkown
|
page read and write
|
||
|
7FF5D71AF000
|
unkown
|
page readonly
|
||
|
263447E000
|
stack
|
page read and write
|
||
|
3400000
|
unkown
|
page read and write
|
||
|
C46F000
|
unkown
|
page read and write
|
||
|
7FF5D77E3000
|
unkown
|
page readonly
|
||
|
152EA070000
|
heap
|
page read and write
|
||
|
152E9AC8000
|
heap
|
page read and write
|
||
|
7FF5D774A000
|
unkown
|
page readonly
|
||
|
7FF5D7820000
|
unkown
|
page readonly
|
||
|
1383000
|
heap
|
page read and write
|
||
|
152EA22A000
|
heap
|
page read and write
|
||
|
152E9AF7000
|
heap
|
page read and write
|
||
|
1EA03DF8000
|
heap
|
page read and write
|
||
|
362A000
|
unkown
|
page read and write
|
||
|
152E9B08000
|
heap
|
page read and write
|
||
|
3641000
|
heap
|
page read and write
|
||
|
35DC000
|
unkown
|
page read and write
|
||
|
50B000
|
unkown
|
page readonly
|
||
|
152EA0BA000
|
heap
|
page read and write
|
||
|
A391000
|
unkown
|
page read and write
|
||
|
7FF5D75AF000
|
unkown
|
page readonly
|
||
|
C642000
|
unkown
|
page read and write
|
||
|
C483000
|
unkown
|
page read and write
|
||
|
152E9A9E000
|
heap
|
page read and write
|
||
|
7FF71E43A000
|
unkown
|
page readonly
|
||
|
623000
|
heap
|
page read and write
|
||
|
C496000
|
unkown
|
page read and write
|
||
|
F836000
|
unkown
|
page read and write
|
||
|
7FF5D71EF000
|
unkown
|
page readonly
|
||
|
49C2000
|
unkown
|
page read and write
|
||
|
7FF5D774C000
|
unkown
|
page readonly
|
||
|
7FF5D7391000
|
unkown
|
page readonly
|
||
|
7FF718941000
|
unkown
|
page execute read
|
||
|
7AA0000
|
unkown
|
page read and write
|
||
|
49A8000
|
unkown
|
page read and write
|
||
|
F830000
|
unkown
|
page read and write
|
||
|
7FF5D7077000
|
unkown
|
page readonly
|
||
|
2E80000
|
heap
|
page read and write
|
||
|
C62D000
|
unkown
|
page read and write
|
||
|
152EA0A5000
|
heap
|
page read and write
|
||
|
7FF5D7593000
|
unkown
|
page readonly
|
||
|
4B00000
|
unkown
|
page read and write
|
||
|
7FF5CE33D000
|
unkown
|
page readonly
|
||
|
7FF716B41000
|
unkown
|
page execute read
|
||
|
2D80000
|
heap
|
page read and write
|
||
|
3000000
|
heap
|
page read and write
|
||
|
7FF5D7244000
|
unkown
|
page readonly
|
||
|
35D1000
|
unkown
|
page read and write
|
||
|
3530000
|
unkown
|
page read and write
|
||
|
152EA22E000
|
heap
|
page read and write
|
||
|
7AB0000
|
unkown
|
page read and write
|
||
|
1731000
|
unkown
|
page readonly
|
||
|
152E9AE2000
|
heap
|
page read and write
|
||
|
152EB9DE000
|
heap
|
page read and write
|
||
|
7FF5D72C8000
|
unkown
|
page readonly
|
||
|
7FF718941000
|
unkown
|
page execute read
|
||
|
7FF719341000
|
unkown
|
page execute read
|
||
|
7FF5D76CD000
|
unkown
|
page readonly
|
||
|
51C000
|
unkown
|
page readonly
|
||
|
7FF71CF41000
|
unkown
|
page execute read
|
||
|
7D3E000
|
stack
|
page read and write
|
||
|
7FF5D69BB000
|
unkown
|
page readonly
|
||
|
BE70000
|
unkown
|
page readonly
|
||
|
152E9AE6000
|
heap
|
page read and write
|
||
|
7FF5D705D000
|
unkown
|
page readonly
|
||
|
F821000
|
unkown
|
page read and write
|
||
|
7FF5D7797000
|
unkown
|
page readonly
|
||
|
7FF5D7336000
|
unkown
|
page readonly
|
||
|
1395000
|
heap
|
page read and write
|
||
|
86E0000
|
unkown
|
page readonly
|
||
|
7FF71DD05000
|
unkown
|
page readonly
|
||
|
C450000
|
unkown
|
page read and write
|
||
|
2981000
|
heap
|
page read and write
|
||
|
7FF5D7760000
|
unkown
|
page readonly
|
||
|
152E9AFA000
|
heap
|
page read and write
|
||
|
7FF718941000
|
unkown
|
page execute read
|
||
|
3180000
|
heap
|
page read and write
|
||
|
7FF5D749B000
|
unkown
|
page readonly
|
||
|
7AF1000
|
unkown
|
page read and write
|
||
|
7FF71CF41000
|
unkown
|
page execute read
|
||
|
7FF71E424000
|
unkown
|
page readonly
|
||
|
1EA03C50000
|
heap
|
page read and write
|
||
|
152EA0AD000
|
heap
|
page read and write
|
||
|
7FF5D72DF000
|
unkown
|
page readonly
|
||
|
7FF5D768B000
|
unkown
|
page readonly
|
||
|
9679000
|
stack
|
page read and write
|
||
|
F850000
|
unkown
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
7FF71E420000
|
unkown
|
page readonly
|
||
|
7FF5D6A4B000
|
unkown
|
page readonly
|
||
|
7FF5D71C4000
|
unkown
|
page readonly
|
||
|
769A000
|
unkown
|
page read and write
|
||
|
3340000
|
heap
|
page read and write
|
||
|
7FF5D72E9000
|
unkown
|
page readonly
|
||
|
152EA220000
|
heap
|
page read and write
|
||
|
152EB9D2000
|
heap
|
page read and write
|
||
|
152E9D10000
|
heap
|
page read and write
|
||
|
7FF5D728E000
|
unkown
|
page readonly
|
||
|
9AB2000
|
unkown
|
page read and write
|
||
|
7FF5D7752000
|
unkown
|
page readonly
|
||
|
7FF5D7705000
|
unkown
|
page readonly
|
||
|
152EA098000
|
heap
|
page read and write
|
||
|
7FF5D6BEF000
|
unkown
|
page readonly
|
||
|
7FF719341000
|
unkown
|
page execute read
|
||
|
1360000
|
unkown
|
page readonly
|
||
|
1281000
|
unkown
|
page readonly
|
||
|
7FF5D7385000
|
unkown
|
page readonly
|
||
|
7FF5D6BDB000
|
unkown
|
page readonly
|
||
|
7FF5D75C1000
|
unkown
|
page readonly
|
||
|
152E9AD5000
|
heap
|
page read and write
|
||
|
C615000
|
unkown
|
page read and write
|
||
|
F736000
|
unkown
|
page read and write
|
||
|
7FF5D7407000
|
unkown
|
page readonly
|
||
|
3500000
|
heap
|
page read and write
|
||
|
7FF5D7425000
|
unkown
|
page readonly
|
||
|
7FF5D762F000
|
unkown
|
page readonly
|
||
|
4A71000
|
unkown
|
page read and write
|
||
|
7FF5D71DA000
|
unkown
|
page readonly
|
||
|
997C000
|
stack
|
page read and write
|
||
|
7FF5D71E0000
|
unkown
|
page readonly
|
||
|
BB9D000
|
stack
|
page read and write
|
||
|
C472000
|
unkown
|
page read and write
|
||
|
C5F8000
|
unkown
|
page read and write
|
||
|
B559000
|
stack
|
page read and write
|
||
|
152EA227000
|
heap
|
page read and write
|
||
|
3120000
|
unkown
|
page read and write
|
||
|
7FF5D77EB000
|
unkown
|
page readonly
|
||
|
7FF5D771A000
|
unkown
|
page readonly
|
||
|
7FF5D7289000
|
unkown
|
page readonly
|
||
|
152EA200000
|
heap
|
page read and write
|
||
|
35FA000
|
unkown
|
page read and write
|
||
|
B03B000
|
stack
|
page read and write
|
||
|
9ADB000
|
unkown
|
page read and write
|
||
|
7FF5D76AF000
|
unkown
|
page readonly
|
||
|
8ECD000
|
stack
|
page read and write
|
||
|
1EA03DD0000
|
heap
|
page read and write
|
||
|
7FF717F41000
|
unkown
|
page execute read
|
||
|
7FF5D7784000
|
unkown
|
page readonly
|
||
|
7FF5D729E000
|
unkown
|
page readonly
|
||
|
A33F000
|
unkown
|
page read and write
|
||
|
9A98000
|
unkown
|
page read and write
|
||
|
A384000
|
unkown
|
page read and write
|
||
|
2E81000
|
heap
|
page read and write
|
||
|
7FF5D7639000
|
unkown
|
page readonly
|
||
|
7FF5D77F7000
|
unkown
|
page readonly
|
||
|
7B20000
|
unkown
|
page read and write
|
||
|
7FF5D77F0000
|
unkown
|
page readonly
|
||
|
9B0B000
|
unkown
|
page read and write
|
||
|
3540000
|
heap
|
page read and write
|
||
|
7FF5D71A6000
|
unkown
|
page readonly
|
||
|
843F000
|
stack
|
page read and write
|
||
|
7FF5D7396000
|
unkown
|
page readonly
|
||
|
7FF5D7534000
|
unkown
|
page readonly
|
||
|
C806000
|
unkown
|
page read and write
|
||
|
152E9BB0000
|
trusted library allocation
|
page read and write
|
||
|
A3C3000
|
unkown
|
page read and write
|
||
|
F13000
|
heap
|
page read and write
|
||
|
7FF71A741000
|
unkown
|
page execute read
|
||
|
4A40000
|
unkown
|
page read and write
|
||
|
8360000
|
unkown
|
page read and write
|
||
|
7CB0000
|
unkown
|
page readonly
|
||
|
152E9AF2000
|
heap
|
page read and write
|
||
|
7693000
|
unkown
|
page read and write
|
||
|
7FF71E42F000
|
unkown
|
page readonly
|
||
|
152E9AF9000
|
heap
|
page read and write
|
||
|
AA9B000
|
unkown
|
page read and write
|
||
|
7DF4F2481000
|
unkown
|
page execute read
|
||
|
7B80000
|
unkown
|
page readonly
|
||
|
CA2B000
|
unkown
|
page read and write
|
||
|
75F8000
|
unkown
|
page read and write
|
||
|
7AE0000
|
unkown
|
page read and write
|
||
|
152EA0A2000
|
heap
|
page read and write
|
||
|
3341000
|
unkown
|
page read and write
|
||
|
8880000
|
unkown
|
page readonly
|
||
|
9A96000
|
unkown
|
page read and write
|
||
|
768E000
|
unkown
|
page read and write
|
||
|
152EA0A3000
|
heap
|
page read and write
|
||
|
7FF5D743F000
|
unkown
|
page readonly
|
||
|
AA10000
|
unkown
|
page read and write
|
||
|
7FF5D7292000
|
unkown
|
page readonly
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
7FF71DD05000
|
unkown
|
page readonly
|
||
|
152EB9E4000
|
heap
|
page read and write
|
||
|
B0BD000
|
stack
|
page read and write
|
||
|
152E9ACD000
|
heap
|
page read and write
|
||
|
A39F000
|
unkown
|
page read and write
|
||
|
7FF5D72D7000
|
unkown
|
page readonly
|
||
|
9D67000
|
unkown
|
page read and write
|
||
|
77DB000
|
unkown
|
page read and write
|
||
|
1EA03D50000
|
heap
|
page read and write
|
||
|
152EA0AD000
|
heap
|
page read and write
|
||
|
4AB0000
|
unkown
|
page read and write
|
||
|
A9E9000
|
unkown
|
page read and write
|
||
|
152EA0C5000
|
heap
|
page read and write
|
||
|
3489000
|
stack
|
page read and write
|
||
|
7FF71E58E000
|
unkown
|
page readonly
|
||
|
C7CB000
|
unkown
|
page read and write
|
||
|
152EA22A000
|
heap
|
page read and write
|
||
|
152EA227000
|
heap
|
page read and write
|
||
|
7435000
|
stack
|
page read and write
|
||
|
7DD0000
|
heap
|
page read and write
|
||
|
7FF71E595000
|
unkown
|
page readonly
|
||
|
7FF5D723C000
|
unkown
|
page readonly
|
||
|
1250000
|
unkown
|
page read and write
|
||
|
CA44000
|
unkown
|
page read and write
|
||
|
7FF5D7745000
|
unkown
|
page readonly
|
||
|
8A00000
|
unkown
|
page read and write
|
||
|
62A000
|
heap
|
page read and write
|
||
|
7FF5D7257000
|
unkown
|
page readonly
|
||
|
7FF5D7360000
|
unkown
|
page readonly
|
||
|
C4BD000
|
unkown
|
page read and write
|
||
|
3801000
|
heap
|
page read and write
|
||
|
7440000
|
unkown
|
page read and write
|
||
|
7FF5D77B9000
|
unkown
|
page readonly
|
||
|
152EA224000
|
heap
|
page read and write
|
||
|
7FF71E5C4000
|
unkown
|
page readonly
|
||
|
35CF000
|
unkown
|
page read and write
|
||
|
7DF4F2470000
|
unkown
|
page readonly
|
||
|
152E9AE3000
|
heap
|
page read and write
|
||
|
8A46000
|
unkown
|
page read and write
|
||
|
86D0000
|
unkown
|
page readonly
|
||
|
152E9A70000
|
heap
|
page read and write
|
||
|
3440000
|
heap
|
page read and write
|
||
|
7FF5D7455000
|
unkown
|
page readonly
|
||
|
9AAC000
|
unkown
|
page read and write
|
||
|
9A76000
|
unkown
|
page read and write
|
||
|
8CB8000
|
stack
|
page read and write
|
||
|
3110000
|
unkown
|
page readonly
|
||
|
779E000
|
unkown
|
page read and write
|
||
|
1EA03FB0000
|
heap
|
page read and write
|
||
|
33F0000
|
unkown
|
page read and write
|
||
|
99C0000
|
unkown
|
page read and write
|
||
|
152E9AA2000
|
heap
|
page read and write
|
||
|
BDC0000
|
unkown
|
page read and write
|
||
|
9A94000
|
unkown
|
page read and write
|
||
|
3480000
|
heap
|
page read and write
|
||
|
152EA0AD000
|
heap
|
page read and write
|
||
|
3520000
|
unkown
|
page readonly
|
||
|
B330000
|
unkown
|
page read and write
|
||
|
33C0000
|
unkown
|
page read and write
|
||
|
7FF5D7404000
|
unkown
|
page readonly
|
||
|
152E9AC5000
|
heap
|
page read and write
|
||
|
A313000
|
unkown
|
page read and write
|
||
|
A0A9000
|
stack
|
page read and write
|
||
|
1EA03FB4000
|
heap
|
page read and write
|
||
|
7FF71DCFB000
|
unkown
|
page readonly
|
||
|
C48B000
|
unkown
|
page read and write
|
||
|
152EA22A000
|
heap
|
page read and write
|
||
|
9A80000
|
unkown
|
page read and write
|
||
|
152EA0C4000
|
heap
|
page read and write
|
||
|
152E9A90000
|
heap
|
page read and write
|
||
|
263457E000
|
stack
|
page read and write
|
||
|
7FF5D71CC000
|
unkown
|
page readonly
|
||
|
F82D000
|
unkown
|
page read and write
|
||
|
A233000
|
unkown
|
page read and write
|
||
|
7637000
|
unkown
|
page read and write
|
||
|
BFB8000
|
stack
|
page read and write
|
||
|
7FF717541000
|
unkown
|
page execute read
|
||
|
7FF5D745B000
|
unkown
|
page readonly
|
||
|
152E9D1D000
|
heap
|
page read and write
|
||
|
B980000
|
unkown
|
page readonly
|
||
|
7FF5D77E9000
|
unkown
|
page readonly
|
||
|
7654000
|
unkown
|
page read and write
|
||
|
7FF5D72BD000
|
unkown
|
page readonly
|
||
|
C460000
|
unkown
|
page read and write
|
||
|
C621000
|
unkown
|
page read and write
|
||
|
152EA0B9000
|
heap
|
page read and write
|
||
|
7E60000
|
unkown
|
page read and write
|
||
|
7FF5D738E000
|
unkown
|
page readonly
|
||
|
152E9AE2000
|
heap
|
page read and write
|
||
|
6DA3CFB000
|
stack
|
page read and write
|
||
|
9AC3000
|
unkown
|
page read and write
|
||
|
7810000
|
unkown
|
page read and write
|
||
|
152E9AE2000
|
heap
|
page read and write
|
||
|
3630000
|
unkown
|
page readonly
|
||
|
9A8C000
|
unkown
|
page read and write
|
||
|
C9F9000
|
unkown
|
page read and write
|
||
|
152EA0A8000
|
heap
|
page read and write
|
||
|
6A9000
|
heap
|
page read and write
|
||
|
7FF5D77A8000
|
unkown
|
page readonly
|
||
|
7FF5D7591000
|
unkown
|
page readonly
|
||
|
2C00000
|
heap
|
page read and write
|
||
|
31C0000
|
heap
|
page read and write
|
||
|
7B00000
|
unkown
|
page readonly
|
||
|
152E9D14000
|
heap
|
page read and write
|
||
|
2EC0000
|
unkown
|
page readonly
|
||
|
B8DB000
|
stack
|
page read and write
|
||
|
76F8000
|
unkown
|
page read and write
|
||
|
A12F000
|
stack
|
page read and write
|
||
|
152E9D1B000
|
heap
|
page read and write
|
||
|
2D01000
|
heap
|
page read and write
|
||
|
7FF5D6ABD000
|
unkown
|
page readonly
|
||
|
35D3000
|
unkown
|
page read and write
|
||
|
7FF5D72FB000
|
unkown
|
page readonly
|
||
|
7B10000
|
unkown
|
page read and write
|
||
|
263418E000
|
stack
|
page read and write
|
||
|
263410F000
|
stack
|
page read and write
|
||
|
1EA03FE0000
|
heap
|
page read and write
|
||
|
A3B6000
|
unkown
|
page read and write
|
||
|
EB5000
|
stack
|
page read and write
|
||
|
7FF71E5AA000
|
unkown
|
page readonly
|
||
|
7FF71DD15000
|
unkown
|
page readonly
|
||
|
3300000
|
heap
|
page read and write
|
||
|
7FF717F41000
|
unkown
|
page execute read
|
||
|
2C80000
|
heap
|
page read and write
|
||
|
99B0000
|
unkown
|
page read and write
|
||
|
9A6A000
|
unkown
|
page read and write
|
||
|
152E9B90000
|
heap
|
page read and write
|
||
|
7FF5D7262000
|
unkown
|
page readonly
|
||
|
152EA0A1000
|
heap
|
page read and write
|
||
|
7FF5D7215000
|
unkown
|
page readonly
|
||
|
4181000
|
heap
|
page read and write
|
||
|
89F2000
|
heap
|
page read and write
|
||
|
2E00000
|
heap
|
page read and write
|
||
|
C605000
|
unkown
|
page read and write
|
||
|
7FF5D72BF000
|
unkown
|
page readonly
|
||
|
7C31000
|
unkown
|
page read and write
|
||
|
152E9B09000
|
heap
|
page read and write
|
||
|
7FF5D74A6000
|
unkown
|
page readonly
|
||
|
7FF5D71D7000
|
unkown
|
page readonly
|
||
|
7FF5D76E8000
|
unkown
|
page readonly
|
||
|
FF0000
|
unkown
|
page readonly
|
||
|
BB0C000
|
stack
|
page read and write
|
||
|
8C39000
|
stack
|
page read and write
|
||
|
A28D000
|
unkown
|
page read and write
|
||
|
7FF5D75E9000
|
unkown
|
page readonly
|
||
|
7FF5D75BF000
|
unkown
|
page readonly
|
||
|
33B0000
|
unkown
|
page readonly
|
||
|
7FF5D717C000
|
unkown
|
page readonly
|
||
|
7FF716B40000
|
unkown
|
page readonly
|
||
|
9579000
|
stack
|
page read and write
|
||
|
A251000
|
unkown
|
page read and write
|
||
|
5479000
|
unkown
|
page read and write
|
||
|
F6F3000
|
unkown
|
page read and write
|
||
|
152EA0C2000
|
heap
|
page read and write
|
||
|
7989000
|
stack
|
page read and write
|
||
|
152EA22E000
|
heap
|
page read and write
|
||
|
3401000
|
heap
|
page read and write
|
||
|
9A8E000
|
unkown
|
page read and write
|
||
|
B7DC000
|
stack
|
page read and write
|
||
|
3080000
|
heap
|
page read and write
|
||
|
C78A000
|
unkown
|
page read and write
|
||
|
7FF5D7808000
|
unkown
|
page readonly
|
||
|
7FF71E8C1000
|
unkown
|
page readonly
|
||
|
7DF4F2491000
|
unkown
|
page execute read
|
||
|
152E9990000
|
heap
|
page read and write
|
||
|
4A16000
|
unkown
|
page read and write
|
||
|
152EA0B9000
|
heap
|
page read and write
|
||
|
7FF71B141000
|
unkown
|
page execute read
|
||
|
1EA03DDB000
|
heap
|
page read and write
|
||
|
98FD000
|
stack
|
page read and write
|
||
|
9A72000
|
unkown
|
page read and write
|
||
|
7FF5D772C000
|
unkown
|
page readonly
|
||
|
A237000
|
unkown
|
page read and write
|
||
|
7FF5D76D5000
|
unkown
|
page readonly
|
||
|
7FF71A741000
|
unkown
|
page execute read
|
||
|
4A90000
|
unkown
|
page read and write
|
||
|
3170000
|
unkown
|
page read and write
|
||
|
152E9AC5000
|
heap
|
page read and write
|
||
|
152E9B0D000
|
heap
|
page read and write
|
||
|
A40E000
|
unkown
|
page read and write
|
||
|
152E9A98000
|
heap
|
page read and write
|
||
|
7FF5D7764000
|
unkown
|
page readonly
|
||
|
152E9AFF000
|
heap
|
page read and write
|
||
|
624000
|
heap
|
page read and write
|
||
|
C5FA000
|
unkown
|
page read and write
|
||
|
7FF5D71EA000
|
unkown
|
page readonly
|
||
|
C4C6000
|
unkown
|
page read and write
|
There are 813 hidden memdumps, click here to show them.