Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
1.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Anydesk
- UNREGISTERED - Wrapped using MSI Wrapper from www.exemsi.com 0.7.0.0, Subject: Anydesk - UNREGISTERED - Wrapped using MSI
Wrapper from www.exemsi.com, Author: Anydesk, Keywords: Installer, Template: Intel;1033, Revision Number: {8CB27BF3-59BC-4419-BE15-E9E385453F27},
Create Time/Date: Thu Feb 18 21:32:30 2021, Last Saved Time/Date: Thu Feb 18 21:32:30 2021, Number of Pages: 200, Number of
Words: 2, Name of Creating Application: MSI Wrapper (10.0.50.0), Security: 2
|
initial sample
|
 |
|
|
C:\ProgramData\anydesk\AnyDesk.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\MW-4a754448-1372-4b62-af77-6f1650246a5a\files\$dpx$.tmp\eee52229ee24a34cb61191d27a7b66f1.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\MW-4a754448-1372-4b62-af77-6f1650246a5a\files\install.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Installer\78c341.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Anydesk
- UNREGISTERED - Wrapped using MSI Wrapper from www.exemsi.com 0.7.0.0, Subject: Anydesk - UNREGISTERED - Wrapped using MSI
Wrapper from www.exemsi.com, Author: Anydesk, Keywords: Installer, Template: Intel;1033, Revision Number: {8CB27BF3-59BC-4419-BE15-E9E385453F27},
Create Time/Date: Thu Feb 18 21:32:30 2021, Last Saved Time/Date: Thu Feb 18 21:32:30 2021, Number of Pages: 200, Number of
Words: 2, Name of Creating Application: MSI Wrapper (10.0.50.0), Security: 2
|
dropped
|
|
|
|
C:\Windows\Installer\78c344.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Anydesk
- UNREGISTERED - Wrapped using MSI Wrapper from www.exemsi.com 0.7.0.0, Subject: Anydesk - UNREGISTERED - Wrapped using MSI
Wrapper from www.exemsi.com, Author: Anydesk, Keywords: Installer, Template: Intel;1033, Revision Number: {8CB27BF3-59BC-4419-BE15-E9E385453F27},
Create Time/Date: Thu Feb 18 21:32:30 2021, Last Saved Time/Date: Thu Feb 18 21:32:30 2021, Number of Pages: 200, Number of
Words: 2, Name of Creating Application: MSI Wrapper (10.0.50.0), Security: 2
|
dropped
|
|
|
|
C:\programdata\anydesk.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Config.Msi\78c343.rbs
|
data
|
dropped
|
||
|
C:\ProgramData\anydesk\service.conf
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\ProgramData\anydesk\system.conf
|
ASCII text
|
dropped
|
||
|
C:\System Volume Information\SPP\OnlineMetadataCache\{13f380d2-c95e-45d3-8b58-ce3c6d9cc4c1}_OnDiskSnapshotProp
|
data
|
dropped
|
||
|
C:\System Volume Information\SPP\metadata-2
|
SysEx File - Twister
|
dropped
|
||
|
C:\System Volume Information\SPP\snapshot-2
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MW-4a754448-1372-4b62-af77-6f1650246a5a\files.cab
|
Microsoft Cabinet archive data, 3811024 bytes, 1 file
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MW-4a754448-1372-4b62-af77-6f1650246a5a\msiwrapper.ini
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF0154135B388C6B07.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF49DA8C305B58D2AD.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DFFAFE55FFC650FC61.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\AnyDesk\ad.trace
|
ASCII text, with CRLF line terminators
|
modified
|
||
|
C:\Users\user\AppData\Roaming\AnyDesk\user.conf
|
ASCII text, with very long lines
|
dropped
|
||
|
C:\Windows\Installer\78c342.ipi
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Installer\MSI5B7A.tmp
|
data
|
dropped
|
||
|
C:\Windows\Installer\MSI5BE8.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSIB0A0.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSIBA33.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
modified
|
||
|
C:\Windows\Installer\MSIED31.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\SourceHash{AC4583F8-6694-473E-BB77-32CDFC9BA940}
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Logs\DPX\setupact.log
|
UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\SysWOW64\log1.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 19 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\AppData\Local\Temp\MW-4a754448-1372-4b62-af77-6f1650246a5a\files\install.exe
|
"C:\Users\user\AppData\Local\Temp\MW-4a754448-1372-4b62-af77-6f1650246a5a\files\install.exe"
|
|
|
|
C:\ProgramData\anydesk.exe
|
c:\programdata\anydesk.exe --install C:\ProgramData\AnyDesk --silent
|
|
|
|
C:\ProgramData\anydesk\AnyDesk.exe
|
"C:\ProgramData\AnyDesk\AnyDesk.exe" --service
|
|
|
|
C:\ProgramData\anydesk\AnyDesk.exe
|
"C:\ProgramData\AnyDesk\AnyDesk.exe" --control
|
|
|
|
C:\ProgramData\anydesk\AnyDesk.exe
|
c:\programdata\anydesk\anydesk.exe --set-password
|
|
|
|
C:\ProgramData\anydesk\AnyDesk.exe
|
"c:\programdata\anydesk\anydesk.exe" --get-id
|
|
|
|
C:\Windows\SysWOW64\netsh.exe
|
netsh advfirewall firewall add rule name="RDP" dir=in protocol=TCP localport=3389 action=allow
|
|
|
|
C:\Windows\System32\msiexec.exe
|
"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\1.msi"
|
||
|
C:\Windows\System32\msiexec.exe
|
C:\Windows\system32\msiexec.exe /V
|
||
|
C:\Windows\System32\VSSVC.exe
|
C:\Windows\system32\vssvc.exe
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k swprv
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding 6381DE7DB6BAADD41D0E24C26E59EDFC
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding 22388C515E15FC158EA4B11229C0F8D9 E Global\MSI0000
|
||
|
C:\Windows\SysWOW64\icacls.exe
|
"C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-4a754448-1372-4b62-af77-6f1650246a5a\." /SETINTEGRITYLEVEL
(CI)(OI)HIGH
|
||
|
C:\Windows\SysWOW64\expand.exe
|
"C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* files
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
cmd /c c:\programdata\anydesk.exe --install C:\ProgramData\AnyDesk --silent
|
||
|
C:\Windows\System32\drivers\rdpdr.sys
|
|||
|
C:\Windows\System32\drivers\tdtcp.sys
|
|||
|
C:\Windows\System32\drivers\tssecsrv.sys
|
|||
|
C:\Windows\System32\drivers\rdpwd.sys
|
|||
|
C:\Windows\SysWOW64\cmd.exe
|
cmd /c echo 31121985west|c:\programdata\anydesk\anydesk.exe --set-password
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /S /D /c" echo 31121985west"
|
||
|
C:\Windows\SysWOW64\icacls.exe
|
"C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-4a754448-1372-4b62-af77-6f1650246a5a\." /SETINTEGRITYLEVEL
(CI)(OI)LOW
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c rd /s /q "C:\Users\user\AppData\Local\Temp\MW-4a754448-1372-4b62-af77-6f1650246a5a\files"
|
There are 14 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://anydesk.com
|
unknown
|
||
|
https://support.anydesk.com/
|
unknown
|
||
|
http://www.opengl.org/registry/
|
unknown
|
||
|
https://help.anydesk.com/error-messages
|
unknown
|
||
|
https://order.anydesk.com/trial
|
unknown
|
||
|
https://anydesk.com/update
|
unknown
|
||
|
https://www.google.com/intl/$
|
unknown
|
||
|
https://help.anydesk.com/wol
|
unknown
|
||
|
https://help.anydesk.com/$
|
unknown
|
||
|
https://my.anydesk.com
|
unknown
|
||
|
http://www.anydesk.com/
|
unknown
|
||
|
https://twitter.com/home?status=Do%20you%20know%20%23AnyDesk?%20AnyDesk%20is%20a%20small%20and%20qui
|
unknown
|
||
|
https://www.linkedin.com/shareArticle?mini=true&url=https%3A//anydesk.com/&title=Try%20AnyDesk%20Rem
|
unknown
|
||
|
https://console-ui.myanydesk2.on.anydesk.com
|
unknown
|
||
|
http://www.openssl.org/support/faq.html
|
unknown
|
||
|
https://anydesk.com/
|
unknown
|
||
|
https://anydesk.com/privacy
|
unknown
|
||
|
https://datatracker.ietf.org/ipr/1526/
|
unknown
|
||
|
https://www.nayuki.io/page/qr-code-generator-library
|
unknown
|
||
|
https://policies.google.com/privacy?hl=$
|
unknown
|
||
|
https://support.anydesk.com/AnyDesk_on_macOS
|
unknown
|
||
|
https://help.anydesk.com/macos-security
|
unknown
|
||
|
https://help.anydesk.com/HelpLinkInstallLocationAnyDesk
|
unknown
|
||
|
https://boot-01.net.anydesk.com
|
unknown
|
||
|
https://datatracker.ietf.org/ipr/1914/
|
unknown
|
||
|
https://datatracker.ietf.org/ipr/1524/
|
unknown
|
||
|
https://anydesk.com/terms
|
unknown
|
||
|
https://anydesk.com/company#imprint
|
unknown
|
||
|
https://boot.net.anydesk.comabcdefABCDEFtruefalsebase.prot.packetInvalid
|
unknown
|
||
|
http://www.openssl.org/)
|
unknown
|
||
|
https://anydesk.com/order
|
unknown
|
||
|
https://help.anydesk.com/access
|
unknown
|
||
|
https://help.anydesk.com/backup-alias
|
unknown
|
||
|
http://www.openssl.org/support/faq.htmlEC_PRIVATEKEYpublicKeyparametersprivateKeyECPKPARAMETERSvalue
|
unknown
|
||
|
https://help.anydesk.com/share
|
unknown
|
||
|
https://my.anydesk.com/password-generator.
|
unknown
|
||
|
https://support.anydesk.com
|
unknown
|
||
|
https://help.anydesk.com/
|
unknown
|
There are 28 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
boot.net.anydesk.com
|
92.223.88.41
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
92.223.88.41
|
boot.net.anydesk.com
|
Austria
|
||
|
195.181.174.174
|
unknown
|
United Kingdom
|
||
|
80.209.241.3
|
unknown
|
United States
|
||
|
195.181.174.167
|
unknown
|
United Kingdom
|
||
|
192.168.2.3
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe
|
Debugger
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
|
Administartor
|
|
|
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
IDENTIFY (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
IDENTIFY (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
PREPAREBACKUP (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
PREPAREBACKUP (Leave)
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
GETSTATE (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
GETSTATE (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
DOSNAPSHOT (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
DOSNAPSHOT (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\78c343.rbs
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\78c343.rbsLow
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6F01EDE4F03AC245B7CDA9B504EB5CF
|
8F3854CA4966E374BB7723DCCFB99A04
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\EXEMSI.COM\MSI Wrapper\Installed\AnyDesk
|
LogonUser
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\EXEMSI.COM\MSI Wrapper\Installed\AnyDesk
|
USERNAME
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\EXEMSI.COM\MSI Wrapper\Installed\AnyDesk
|
Date
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\EXEMSI.COM\MSI Wrapper\Installed\AnyDesk
|
Time
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\EXEMSI.COM\MSI Wrapper\Installed\AnyDesk
|
WRAPPED_ARGUMENTS
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8F3854CA4966E374BB7723DCCFB99A04\InstallProperties
|
LocalPackage
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8F3854CA4966E374BB7723DCCFB99A04\InstallProperties
|
AuthorizedCDFPrefix
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8F3854CA4966E374BB7723DCCFB99A04\InstallProperties
|
Comments
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8F3854CA4966E374BB7723DCCFB99A04\InstallProperties
|
Contact
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8F3854CA4966E374BB7723DCCFB99A04\InstallProperties
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8F3854CA4966E374BB7723DCCFB99A04\InstallProperties
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8F3854CA4966E374BB7723DCCFB99A04\InstallProperties
|
HelpTelephone
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8F3854CA4966E374BB7723DCCFB99A04\InstallProperties
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8F3854CA4966E374BB7723DCCFB99A04\InstallProperties
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8F3854CA4966E374BB7723DCCFB99A04\InstallProperties
|
InstallSource
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8F3854CA4966E374BB7723DCCFB99A04\InstallProperties
|
ModifyPath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8F3854CA4966E374BB7723DCCFB99A04\InstallProperties
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8F3854CA4966E374BB7723DCCFB99A04\InstallProperties
|
NoRepair
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8F3854CA4966E374BB7723DCCFB99A04\InstallProperties
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8F3854CA4966E374BB7723DCCFB99A04\InstallProperties
|
Readme
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8F3854CA4966E374BB7723DCCFB99A04\InstallProperties
|
Size
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8F3854CA4966E374BB7723DCCFB99A04\InstallProperties
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8F3854CA4966E374BB7723DCCFB99A04\InstallProperties
|
SystemComponent
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8F3854CA4966E374BB7723DCCFB99A04\InstallProperties
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8F3854CA4966E374BB7723DCCFB99A04\InstallProperties
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8F3854CA4966E374BB7723DCCFB99A04\InstallProperties
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8F3854CA4966E374BB7723DCCFB99A04\InstallProperties
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8F3854CA4966E374BB7723DCCFB99A04\InstallProperties
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8F3854CA4966E374BB7723DCCFB99A04\InstallProperties
|
WindowsInstaller
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8F3854CA4966E374BB7723DCCFB99A04\InstallProperties
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8F3854CA4966E374BB7723DCCFB99A04\InstallProperties
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC4583F8-6694-473E-BB77-32CDFC9BA940}
|
AuthorizedCDFPrefix
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC4583F8-6694-473E-BB77-32CDFC9BA940}
|
Comments
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC4583F8-6694-473E-BB77-32CDFC9BA940}
|
Contact
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC4583F8-6694-473E-BB77-32CDFC9BA940}
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC4583F8-6694-473E-BB77-32CDFC9BA940}
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC4583F8-6694-473E-BB77-32CDFC9BA940}
|
HelpTelephone
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC4583F8-6694-473E-BB77-32CDFC9BA940}
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC4583F8-6694-473E-BB77-32CDFC9BA940}
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC4583F8-6694-473E-BB77-32CDFC9BA940}
|
InstallSource
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC4583F8-6694-473E-BB77-32CDFC9BA940}
|
ModifyPath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC4583F8-6694-473E-BB77-32CDFC9BA940}
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC4583F8-6694-473E-BB77-32CDFC9BA940}
|
NoRepair
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC4583F8-6694-473E-BB77-32CDFC9BA940}
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC4583F8-6694-473E-BB77-32CDFC9BA940}
|
Readme
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC4583F8-6694-473E-BB77-32CDFC9BA940}
|
Size
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC4583F8-6694-473E-BB77-32CDFC9BA940}
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC4583F8-6694-473E-BB77-32CDFC9BA940}
|
SystemComponent
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC4583F8-6694-473E-BB77-32CDFC9BA940}
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC4583F8-6694-473E-BB77-32CDFC9BA940}
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC4583F8-6694-473E-BB77-32CDFC9BA940}
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC4583F8-6694-473E-BB77-32CDFC9BA940}
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC4583F8-6694-473E-BB77-32CDFC9BA940}
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC4583F8-6694-473E-BB77-32CDFC9BA940}
|
WindowsInstaller
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC4583F8-6694-473E-BB77-32CDFC9BA940}
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC4583F8-6694-473E-BB77-32CDFC9BA940}
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\27DCDF205199E0345B6F51FFDC229E64
|
8F3854CA4966E374BB7723DCCFB99A04
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8F3854CA4966E374BB7723DCCFB99A04\InstallProperties
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC4583F8-6694-473E-BB77-32CDFC9BA940}
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\8F3854CA4966E374BB7723DCCFB99A04
|
ProductFeature
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8F3854CA4966E374BB7723DCCFB99A04\Features
|
ProductFeature
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8F3854CA4966E374BB7723DCCFB99A04\Patches
|
AllPatches
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8F3854CA4966E374BB7723DCCFB99A04
|
ProductName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8F3854CA4966E374BB7723DCCFB99A04
|
PackageCode
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8F3854CA4966E374BB7723DCCFB99A04
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8F3854CA4966E374BB7723DCCFB99A04
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8F3854CA4966E374BB7723DCCFB99A04
|
Assignment
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8F3854CA4966E374BB7723DCCFB99A04
|
AdvertiseFlags
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8F3854CA4966E374BB7723DCCFB99A04
|
InstanceType
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8F3854CA4966E374BB7723DCCFB99A04
|
AuthorizedLUAApp
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8F3854CA4966E374BB7723DCCFB99A04
|
DeploymentFlags
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\27DCDF205199E0345B6F51FFDC229E64
|
8F3854CA4966E374BB7723DCCFB99A04
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8F3854CA4966E374BB7723DCCFB99A04\SourceList
|
PackageName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8F3854CA4966E374BB7723DCCFB99A04\SourceList\Net
|
1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8F3854CA4966E374BB7723DCCFB99A04\SourceList\Media
|
1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8F3854CA4966E374BB7723DCCFB99A04
|
Clients
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8F3854CA4966E374BB7723DCCFB99A04\SourceList
|
LastUsedSource
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
|
SrCreateRp (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppCreate (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
|
LastIndex
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppGatherWriterMetadata (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppGatherWriterMetadata (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppAddInterestingComponents (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppAddInterestingComponents (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppCreate (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
|
SrCreateRp (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
|
SrCreateRp (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppCreate (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
|
LastIndex
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppGatherWriterMetadata (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
IDENTIFY (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
IDENTIFY (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppGatherWriterMetadata (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppAddInterestingComponents (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppAddInterestingComponents (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
PREPAREBACKUP (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
PREPAREBACKUP (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppCreate (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
|
SrCreateRp (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings
|
StringCacheGeneration
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
|
IDENTIFY (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
|
IDENTIFY (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
|
IDENTIFY (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\ASR Writer
|
IDENTIFY (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
|
IDENTIFY (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
|
IDENTIFY (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
|
IDENTIFY (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\ASR Writer
|
IDENTIFY (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
|
PROVIDER_BEGINPREPARE (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
|
PROVIDER_BEGINPREPARE (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
|
PREPAREBACKUP (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
|
PREPAREBACKUP (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
|
PREPAREBACKUP (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
|
PREPAREBACKUP (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
|
VSS_WS_STABLE (SetCurrentState)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
|
PREPAREBACKUP (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
|
VSS_WS_STABLE (SetCurrentState)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
|
PREPAREBACKUP (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
|
VSS_WS_STABLE (SetCurrentState)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
|
VSS_WS_FAILED_AT_PREPARE_BACKUP (SetCurrentState)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
|
((HRESULT)0x800423F2L) (SetCurrentFailure)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
|
VSS_WS_FAILED_AT_PREPARE_BACKUP (SetCurrentState)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
|
VSS_WS_FAILED_AT_PREPARE_BACKUP (SetCurrentState)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
|
((HRESULT)0x800423F2L) (SetCurrentFailure)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
|
((HRESULT)0x800423F2L) (SetCurrentFailure)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
|
GETSTATE (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
|
GETSTATE (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
|
GETSTATE (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
|
GETSTATE (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
|
GETSTATE (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
|
GETSTATE (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
|
PROVIDER_ENDPREPARE (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
|
PROVIDER_ENDPREPARE (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
|
PROVIDER_ABORTSNAPSHOTS (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
|
PROVIDER_ABORTSNAPSHOTS (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
|
BACKUPSHUTDOWN (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
|
BACKUPSHUTDOWN (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
|
BACKUPSHUTDOWN (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
|
BACKUPSHUTDOWN (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
|
BACKUPSHUTDOWN (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
|
BACKUPSHUTDOWN (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
|
BACKUPSHUTDOWN (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssvcPublisher
|
BACKUPSHUTDOWN (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
|
IDENTIFY (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
|
IDENTIFY (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\ASR Writer
|
IDENTIFY (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
|
IDENTIFY (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
|
IDENTIFY (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
|
IDENTIFY (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\ASR Writer
|
IDENTIFY (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
|
IDENTIFY (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
|
PROVIDER_BEGINPREPARE (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
|
PROVIDER_BEGINPREPARE (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
|
PREPAREBACKUP (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
|
PREPAREBACKUP (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
|
PREPAREBACKUP (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
|
PREPAREBACKUP (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
|
VSS_WS_STABLE (SetCurrentState)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
|
PREPAREBACKUP (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
|
VSS_WS_STABLE (SetCurrentState)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
|
PREPAREBACKUP (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
|
VSS_WS_STABLE (SetCurrentState)
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AnyDesk
|
SystemComponent
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Magnify.exe
|
Debugger
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HelpPane.exe
|
Debugger
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe
|
Debugger
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server
|
fDenyTSConnections
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{CC41EBA2-AB57-4F4E-8C3D-1BC33B1E74E3}
|
Class
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{CC41EBA2-AB57-4F4E-8C3D-1BC33B1E74E3}
|
NoDisplayClass
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{CC41EBA2-AB57-4F4E-8C3D-1BC33B1E74E3}
|
NoUseClass
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{CC41EBA2-AB57-4F4E-8C3D-1BC33B1E74E3}\Properties
|
Security
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{091BC97E-2352-4362-A539-10A6D8FF7596}
|
Class
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{091BC97E-2352-4362-A539-10A6D8FF7596}
|
NoDisplayClass
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{091BC97E-2352-4362-A539-10A6D8FF7596}
|
NoUseClass
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{091BC97E-2352-4362-A539-10A6D8FF7596}\Properties
|
Security
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{CC41EBA2-AB57-4F4E-8C3D-1BC33B1E74E3}\Properties
|
Security
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AnyDesk
|
DisplayIcon
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AnyDesk
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AnyDesk
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AnyDesk
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AnyDesk
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AnyDesk
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AnyDesk
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AnyDesk
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AnyDesk
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AnyDesk
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AnyDesk
|
VersionBuild
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AnyDesk
|
VersionTimestamp
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AnyDesk
|
WindowsInstaller
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.anydesk\DefaultIcon
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.anydesk\shell\open\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Media\AnyDesk\Capabilities
|
ApplicationDescription
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Media\AnyDesk\Capabilities
|
ApplicationName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Media\AnyDesk\Capabilities\FileAssociations
|
.anydesk
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications
|
AnyDesk
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AnyDesk
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AnyDesk
|
URL Protocol
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AnyDesk\DefaultIcon
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AnyDesk\shell\open\command
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer
|
GlobalAssocChangedCounter
|
||
|
HKEY_USERS.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\system32\dhcpqec.dll,-100
|
||
|
HKEY_USERS.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\system32\dhcpqec.dll,-101
|
||
|
HKEY_USERS.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\system32\dhcpqec.dll,-103
|
||
|
HKEY_USERS.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\system32\dhcpqec.dll,-102
|
||
|
HKEY_USERS.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\system32\napipsec.dll,-1
|
||
|
HKEY_USERS.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\system32\napipsec.dll,-2
|
||
|
HKEY_USERS.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\system32\napipsec.dll,-4
|
||
|
HKEY_USERS.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\system32\napipsec.dll,-3
|
||
|
HKEY_USERS.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\system32\tsgqec.dll,-100
|
||
|
HKEY_USERS.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\system32\tsgqec.dll,-101
|
||
|
HKEY_USERS.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\system32\tsgqec.dll,-102
|
||
|
HKEY_USERS.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\system32\tsgqec.dll,-103
|
||
|
HKEY_USERS.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\system32\eapqec.dll,-100
|
||
|
HKEY_USERS.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\system32\eapqec.dll,-101
|
||
|
HKEY_USERS.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\system32\eapqec.dll,-102
|
||
|
HKEY_USERS.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\system32\eapqec.dll,-103
|
There are 223 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
454F000
|
stack
|
page read and write
|
||
|
1DB8000
|
heap
|
page read and write
|
||
|
9AD000
|
trusted library allocation
|
page read and write
|
||
|
2217000
|
unkown
|
page readonly
|
||
|
8D000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
18A0000
|
unkown
|
page readonly
|
||
|
404000
|
unkown
|
page readonly
|
||
|
20000
|
heap
|
page read and write
|
||
|
60000
|
unkown
|
page readonly
|
||
|
2E8000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
60000
|
unkown
|
page readonly
|
||
|
1E09000
|
unkown
|
page readonly
|
||
|
E15000
|
trusted library allocation
|
page read and write
|
||
|
2217000
|
unkown
|
page readonly
|
||
|
8E0000
|
trusted library allocation
|
page read and write
|
||
|
2E0000
|
heap
|
page read and write
|
||
|
1FE8000
|
heap
|
page read and write
|
||
|
403000
|
unkown
|
page write copy
|
||
|
4CD000
|
trusted library allocation
|
page read and write
|
||
|
1DA9000
|
heap
|
page read and write
|
||
|
3CA000
|
stack
|
page read and write
|
||
|
35E000
|
heap
|
page read and write
|
||
|
12A1000
|
unkown
|
page execute read
|
||
|
1120000
|
heap
|
page read and write
|
||
|
1E7A000
|
unkown
|
page readonly
|
||
|
40CE000
|
stack
|
page read and write
|
||
|
1FF0000
|
heap
|
page read and write
|
||
|
1DC2000
|
heap
|
page read and write
|
||
|
1E7B000
|
unkown
|
page read and write
|
||
|
1E7B000
|
unkown
|
page read and write
|
||
|
F60000
|
trusted library allocation
|
page read and write
|
||
|
20E000
|
heap
|
page read and write
|
||
|
4D8000
|
heap
|
page read and write
|
||
|
360000
|
trusted library allocation
|
page read and write
|
||
|
C0E000
|
trusted library allocation
|
page read and write
|
||
|
6CD000
|
heap
|
page read and write
|
||
|
26F4000
|
trusted library allocation
|
page read and write
|
||
|
1DB6000
|
heap
|
page read and write
|
||
|
3D6000
|
heap
|
page read and write
|
||
|
586000
|
trusted library allocation
|
page read and write
|
||
|
172A000
|
heap
|
page read and write
|
||
|
12A6000
|
unkown
|
page execute read
|
||
|
1C1A000
|
unkown
|
page readonly
|
||
|
1E05000
|
unkown
|
page execute and read and write
|
||
|
2E0000
|
heap
|
page read and write
|
||
|
460000
|
heap
|
page read and write
|
||
|
587000
|
trusted library allocation
|
page read and write
|
||
|
18D000
|
stack
|
page read and write
|
||
|
2F2E000
|
trusted library allocation
|
page read and write
|
||
|
8F7000
|
heap
|
page read and write
|
||
|
1D9A000
|
heap
|
page read and write
|
||
|
990000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
4FDF000
|
stack
|
page read and write
|
||
|
1DAB000
|
heap
|
page read and write
|
||
|
6C7000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
21D000
|
stack
|
page read and write
|
||
|
E04000
|
trusted library allocation
|
page read and write
|
||
|
324000
|
heap
|
page read and write
|
||
|
23C0000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
777000
|
heap
|
page read and write
|
||
|
2AE1000
|
trusted library allocation
|
page read and write
|
||
|
524F000
|
stack
|
page read and write
|
||
|
1D9A000
|
heap
|
page read and write
|
||
|
25B000
|
stack
|
page read and write
|
||
|
2AD8000
|
trusted library allocation
|
page read and write
|
||
|
1FF4000
|
heap
|
page read and write
|
||
|
3F70000
|
trusted library allocation
|
page read and write
|
||
|
23D000
|
stack
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
12E000
|
stack
|
page read and write
|
||
|
1DA5000
|
heap
|
page read and write
|
||
|
1AC000
|
stack
|
page read and write
|
||
|
230000
|
heap
|
page read and write
|
||
|
1640000
|
unkown
|
page readonly
|
||
|
1040000
|
unkown
|
page readonly
|
||
|
3FAE000
|
stack
|
page read and write
|
||
|
1DC7000
|
heap
|
page read and write
|
||
|
26B0000
|
trusted library allocation
|
page read and write
|
||
|
E05000
|
trusted library allocation
|
page read and write
|
||
|
402000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1F0000
|
trusted library allocation
|
page read and write
|
||
|
2ADD000
|
trusted library allocation
|
page read and write
|
||
|
206000
|
heap
|
page read and write
|
||
|
2C4F000
|
stack
|
page read and write
|
||
|
4A88000
|
trusted library allocation
|
page read and write
|
||
|
986000
|
heap
|
page read and write
|
||
|
AB6000
|
heap
|
page read and write
|
||
|
BB6000
|
heap
|
page read and write
|
||
|
26FA000
|
trusted library allocation
|
page read and write
|
||
|
283000
|
stack
|
page read and write
|
||
|
403000
|
unkown
|
page write copy
|
||
|
2D2000
|
stack
|
page read and write
|
||
|
1DAB000
|
heap
|
page read and write
|
||
|
8EE000
|
stack
|
page read and write
|
||
|
21FB000
|
heap
|
page read and write
|
||
|
716000
|
heap
|
page read and write
|
||
|
4BF000
|
heap
|
page read and write
|
||
|
389F000
|
stack
|
page read and write
|
||
|
5EF000
|
heap
|
page read and write
|
||
|
12A1000
|
unkown
|
page execute read
|
||
|
1E0000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
26BE000
|
stack
|
page read and write
|
||
|
A0E000
|
stack
|
page read and write
|
||
|
130000
|
heap
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
1FB0000
|
trusted library allocation
|
page read and write
|
||
|
DF6000
|
trusted library allocation
|
page read and write
|
||
|
1751000
|
heap
|
page read and write
|
||
|
DFA000
|
trusted library allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2D1000
|
heap
|
page read and write
|
||
|
1FE3000
|
heap
|
page read and write
|
||
|
3BD0000
|
heap
|
page read and write
|
||
|
380000
|
trusted library allocation
|
page read and write
|
||
|
2D3000
|
heap
|
page read and write
|
||
|
1DA1000
|
heap
|
page read and write
|
||
|
20FE000
|
stack
|
page read and write
|
||
|
2707000
|
trusted library allocation
|
page read and write
|
||
|
2700000
|
trusted library allocation
|
page read and write
|
||
|
2EB0000
|
trusted library allocation
|
page read and write
|
||
|
B30000
|
heap
|
page read and write
|
||
|
403000
|
unkown
|
page read and write
|
||
|
952000
|
heap
|
page read and write
|
||
|
3DAF000
|
stack
|
page read and write
|
||
|
2DD000
|
heap
|
page read and write
|
||
|
403000
|
unkown
|
page write copy
|
||
|
DFA000
|
trusted library allocation
|
page read and write
|
||
|
946000
|
heap
|
page read and write
|
||
|
12A1000
|
unkown
|
page execute read
|
||
|
1358000
|
stack
|
page read and write
|
||
|
3088000
|
unkown
|
page read and write
|
||
|
26FF000
|
trusted library allocation
|
page read and write
|
||
|
404000
|
unkown
|
page readonly
|
||
|
7CD000
|
trusted library allocation
|
page read and write
|
||
|
1BA6000
|
unkown
|
page execute and read and write
|
||
|
270A000
|
trusted library allocation
|
page read and write
|
||
|
2E6000
|
heap
|
page read and write
|
||
|
1FF0000
|
heap
|
page read and write
|
||
|
94D000
|
unkown
|
page read and write
|
||
|
405C000
|
stack
|
page read and write
|
||
|
150000
|
trusted library allocation
|
page read and write
|
||
|
928000
|
heap
|
page read and write
|
||
|
254F000
|
stack
|
page read and write
|
||
|
E1F000
|
trusted library allocation
|
page read and write
|
||
|
3620000
|
trusted library allocation
|
page read and write
|
||
|
404000
|
unkown
|
page readonly
|
||
|
1046000
|
unkown
|
page execute read
|
||
|
470000
|
heap
|
page read and write
|
||
|
1FF3000
|
heap
|
page read and write
|
||
|
1DA4000
|
heap
|
page read and write
|
||
|
2CD000
|
stack
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
10E0000
|
heap
|
page read and write
|
||
|
23BE000
|
stack
|
page read and write
|
||
|
1FF4000
|
heap
|
page read and write
|
||
|
697000
|
heap
|
page read and write
|
||
|
1AFB000
|
unkown
|
page read and write
|
||
|
1DC5000
|
heap
|
page read and write
|
||
|
2E0000
|
heap
|
page read and write
|
||
|
402000
|
unkown
|
page readonly
|
||
|
DF9000
|
trusted library allocation
|
page read and write
|
||
|
747000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
29E000
|
heap
|
page read and write
|
||
|
3C7000
|
stack
|
page read and write
|
||
|
E1E000
|
trusted library allocation
|
page read and write
|
||
|
404000
|
unkown
|
page readonly
|
||
|
E4F000
|
stack
|
page read and write
|
||
|
1DA1000
|
heap
|
page read and write
|
||
|
2703000
|
trusted library allocation
|
page read and write
|
||
|
12A5000
|
unkown
|
page execute and read and write
|
||
|
9DA000
|
trusted library allocation
|
page read and write
|
||
|
1D9E000
|
heap
|
page read and write
|
||
|
450000
|
heap
|
page read and write
|
||
|
3E1C000
|
stack
|
page read and write
|
||
|
467000
|
heap
|
page read and write
|
||
|
DFB000
|
trusted library allocation
|
page read and write
|
||
|
1767000
|
heap
|
page read and write
|
||
|
568000
|
trusted library allocation
|
page read and write
|
||
|
3B4000
|
heap
|
page read and write
|
||
|
1C1A000
|
unkown
|
page readonly
|
||
|
413E000
|
stack
|
page read and write
|
||
|
780000
|
trusted library allocation
|
page read and write
|
||
|
1201000
|
heap
|
page read and write
|
||
|
9AF000
|
trusted library allocation
|
page read and write
|
||
|
1DC9000
|
heap
|
page read and write
|
||
|
260000
|
heap
|
page read and write
|
||
|
560000
|
trusted library allocation
|
page read and write
|
||
|
34E000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
136000
|
heap
|
page read and write
|
||
|
367D000
|
stack
|
page read and write
|
||
|
8C2000
|
heap
|
page read and write
|
||
|
2217000
|
unkown
|
page readonly
|
||
|
2ACC000
|
trusted library allocation
|
page read and write
|
||
|
290000
|
heap
|
page read and write
|
||
|
4B1000
|
heap
|
page read and write
|
||
|
1E06000
|
unkown
|
page execute and read and write
|
||
|
1763000
|
heap
|
page read and write
|
||
|
2AD7000
|
trusted library allocation
|
page read and write
|
||
|
2D8000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
E0D000
|
trusted library allocation
|
page read and write
|
||
|
E0B000
|
trusted library allocation
|
page read and write
|
||
|
92E000
|
heap
|
page read and write
|
||
|
1FF4000
|
heap
|
page read and write
|
||
|
2EB000
|
heap
|
page read and write
|
||
|
26F0000
|
trusted library allocation
|
page read and write
|
||
|
12A0000
|
unkown
|
page readonly
|
||
|
DF7000
|
trusted library allocation
|
page read and write
|
||
|
1D5B000
|
unkown
|
page read and write
|
||
|
467D000
|
trusted library allocation
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
4AC000
|
heap
|
page read and write
|
||
|
1DA9000
|
heap
|
page read and write
|
||
|
2DD000
|
stack
|
page read and write
|
||
|
1DB6000
|
heap
|
page read and write
|
||
|
2ADE000
|
trusted library allocation
|
page read and write
|
||
|
170000
|
trusted library allocation
|
page read and write
|
||
|
3F0000
|
heap
|
page read and write
|
||
|
10C0000
|
trusted library allocation
|
page read and write
|
||
|
6CD000
|
heap
|
page read and write
|
||
|
C94000
|
heap
|
page read and write
|
||
|
26F2000
|
trusted library allocation
|
page read and write
|
||
|
3C5000
|
stack
|
page read and write
|
||
|
3E3E000
|
stack
|
page read and write
|
||
|
160000
|
heap
|
page read and write
|
||
|
1EC000
|
stack
|
page read and write
|
||
|
12A6000
|
unkown
|
page execute read
|
||
|
A41000
|
trusted library allocation
|
page read and write
|
||
|
F70000
|
heap
|
page read and write
|
||
|
2C0000
|
heap
|
page read and write
|
||
|
55D000
|
trusted library allocation
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
1E7B000
|
unkown
|
page write copy
|
||
|
BB0000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
1FE8000
|
heap
|
page read and write
|
||
|
E0D000
|
trusted library allocation
|
page read and write
|
||
|
388000
|
trusted library allocation
|
page read and write
|
||
|
484000
|
heap
|
page read and write
|
||
|
BFD000
|
trusted library allocation
|
page read and write
|
||
|
1DA2000
|
heap
|
page read and write
|
||
|
2217000
|
unkown
|
page readonly
|
||
|
6B4000
|
heap
|
page read and write
|
||
|
77D000
|
heap
|
page read and write
|
||
|
2AD3000
|
trusted library allocation
|
page read and write
|
||
|
12A5000
|
unkown
|
page execute and read and write
|
||
|
1DA4000
|
heap
|
page read and write
|
||
|
2A1F000
|
stack
|
page read and write
|
||
|
402000
|
unkown
|
page readonly
|
||
|
5C7000
|
heap
|
page read and write
|
||
|
2DC0000
|
heap
|
page read and write
|
||
|
3690000
|
heap
|
page read and write
|
||
|
2E8000
|
heap
|
page read and write
|
||
|
A56000
|
trusted library allocation
|
page read and write
|
||
|
2708000
|
trusted library allocation
|
page read and write
|
||
|
D5E000
|
stack
|
page read and write
|
||
|
9D8000
|
trusted library allocation
|
page read and write
|
||
|
2D4000
|
heap
|
page read and write
|
||
|
8F0000
|
heap
|
page read and write
|
||
|
BFF000
|
trusted library allocation
|
page read and write
|
||
|
4A98000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
1DAB000
|
heap
|
page read and write
|
||
|
430000
|
remote allocation
|
page read and write
|
||
|
1FE3000
|
heap
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
14D000
|
stack
|
page read and write
|
||
|
1E09000
|
unkown
|
page readonly
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
2217000
|
unkown
|
page readonly
|
||
|
94F000
|
heap
|
page read and write
|
||
|
12A0000
|
unkown
|
page readonly
|
||
|
4B0000
|
trusted library allocation
|
page read and write
|
||
|
403000
|
unkown
|
page write copy
|
||
|
4440000
|
trusted library allocation
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
1DB6000
|
heap
|
page read and write
|
||
|
1FE4000
|
heap
|
page read and write
|
||
|
56E000
|
stack
|
page read and write
|
||
|
764000
|
heap
|
page read and write
|
||
|
2005000
|
heap
|
page read and write
|
||
|
224000
|
heap
|
page read and write
|
||
|
2AD6000
|
trusted library allocation
|
page read and write
|
||
|
1E7A000
|
unkown
|
page readonly
|
||
|
3A0000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2005000
|
heap
|
page read and write
|
||
|
26F3000
|
trusted library allocation
|
page read and write
|
||
|
4AB000
|
heap
|
page read and write
|
||
|
707000
|
heap
|
page read and write
|
||
|
1B0000
|
heap
|
page read and write
|
||
|
1763000
|
heap
|
page read and write
|
||
|
1FFC000
|
heap
|
page read and write
|
||
|
1DB9000
|
heap
|
page read and write
|
||
|
470000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2003000
|
heap
|
page read and write
|
||
|
477000
|
heap
|
page read and write
|
||
|
7AD000
|
trusted library allocation
|
page read and write
|
||
|
22BE000
|
stack
|
page read and write
|
||
|
270B000
|
trusted library allocation
|
page read and write
|
||
|
308E000
|
unkown
|
page read and write
|
||
|
1786000
|
heap
|
page read and write
|
||
|
173F000
|
heap
|
page read and write
|
||
|
297000
|
heap
|
page read and write
|
||
|
60A000
|
stack
|
page read and write
|
||
|
340000
|
heap
|
page read and write
|
||
|
1FFD000
|
heap
|
page read and write
|
||
|
3C3E000
|
stack
|
page read and write
|
||
|
2E0000
|
heap
|
page read and write
|
||
|
1DCA000
|
heap
|
page read and write
|
||
|
263E000
|
stack
|
page read and write
|
||
|
1E7A000
|
unkown
|
page readonly
|
||
|
CC0000
|
heap
|
page read and write
|
||
|
1E7A000
|
unkown
|
page readonly
|
||
|
40E000
|
stack
|
page read and write
|
||
|
421E000
|
stack
|
page read and write
|
||
|
6C0000
|
trusted library allocation
|
page read and write
|
||
|
1E06000
|
unkown
|
page execute and read and write
|
||
|
1E7B000
|
unkown
|
page write copy
|
||
|
270C000
|
trusted library allocation
|
page read and write
|
||
|
494000
|
heap
|
page read and write
|
||
|
1C6000
|
heap
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
1E00000
|
unkown
|
page execute and read and write
|
||
|
DD0000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
D70000
|
heap
|
page read and write
|
||
|
26F1000
|
trusted library allocation
|
page read and write
|
||
|
E09000
|
trusted library allocation
|
page read and write
|
||
|
26F1000
|
trusted library allocation
|
page read and write
|
||
|
3AA0000
|
unclassified section
|
page read and write
|
||
|
2217000
|
unkown
|
page readonly
|
||
|
1FF8000
|
heap
|
page read and write
|
||
|
1DA7000
|
heap
|
page read and write
|
||
|
403000
|
unkown
|
page write copy
|
||
|
1E7B000
|
unkown
|
page write copy
|
||
|
563000
|
trusted library allocation
|
page read and write
|
||
|
1E0A000
|
unkown
|
page execute and read and write
|
||
|
1DB7000
|
heap
|
page read and write
|
||
|
11C000
|
stack
|
page read and write
|
||
|
697000
|
heap
|
page read and write
|
||
|
1D90000
|
heap
|
page read and write
|
||
|
56B000
|
trusted library allocation
|
page read and write
|
||
|
12A6000
|
unkown
|
page execute read
|
||
|
1041000
|
unkown
|
page execute read
|
||
|
34DE000
|
trusted library allocation
|
page read and write
|
||
|
CB2000
|
heap
|
page read and write
|
||
|
1FCD000
|
trusted library allocation
|
page read and write
|
||
|
30B000
|
heap
|
page read and write
|
||
|
D0000
|
heap
|
page read and write
|
||
|
4C00000
|
unclassified section
|
page read and write
|
||
|
26F7000
|
trusted library allocation
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
2AD2000
|
trusted library allocation
|
page read and write
|
||
|
8A4000
|
heap
|
page read and write
|
||
|
1DA6000
|
heap
|
page read and write
|
||
|
56C000
|
trusted library allocation
|
page read and write
|
||
|
403000
|
unkown
|
page write copy
|
||
|
404000
|
unkown
|
page readonly
|
||
|
1DC3000
|
heap
|
page read and write
|
||
|
2CD000
|
stack
|
page read and write
|
||
|
1FF7000
|
heap
|
page read and write
|
||
|
DEF000
|
trusted library allocation
|
page read and write
|
||
|
291F000
|
stack
|
page read and write
|
||
|
2AD5000
|
trusted library allocation
|
page read and write
|
||
|
1778000
|
heap
|
page read and write
|
||
|
2DDF000
|
stack
|
page read and write
|
||
|
1E7A000
|
unkown
|
page readonly
|
||
|
26F6000
|
trusted library allocation
|
page read and write
|
||
|
1FF2000
|
heap
|
page read and write
|
||
|
3A9F000
|
trusted library allocation
|
page read and write
|
||
|
140000
|
heap
|
page read and write
|
||
|
9BE000
|
trusted library allocation
|
page read and write
|
||
|
95E000
|
unkown
|
page read and write
|
||
|
12A0000
|
unkown
|
page readonly
|
||
|
5ED000
|
heap
|
page read and write
|
||
|
1778000
|
heap
|
page read and write
|
||
|
E1F000
|
trusted library allocation
|
page read and write
|
||
|
1E00000
|
unkown
|
page execute and read and write
|
||
|
4A80000
|
trusted library allocation
|
page read and write
|
||
|
142F000
|
stack
|
page read and write
|
||
|
10DC000
|
stack
|
page read and write
|
||
|
397000
|
heap
|
page read and write
|
||
|
E17000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
D06000
|
heap
|
page read and write
|
||
|
18A0000
|
unkown
|
page readonly
|
||
|
440000
|
heap
|
page read and write
|
||
|
33D000
|
stack
|
page read and write
|
||
|
12A1000
|
unkown
|
page execute read
|
||
|
DFA000
|
trusted library allocation
|
page read and write
|
||
|
3F6000
|
heap
|
page read and write
|
||
|
FDE000
|
stack
|
page read and write
|
||
|
CE0000
|
heap
|
page read and write
|
||
|
3BDE000
|
stack
|
page read and write
|
||
|
1041000
|
unkown
|
page execute read
|
||
|
1E7A000
|
unkown
|
page readonly
|
||
|
ABE000
|
heap
|
page read and write
|
||
|
E0A000
|
trusted library allocation
|
page read and write
|
||
|
2ADC000
|
trusted library allocation
|
page read and write
|
||
|
4BF000
|
heap
|
page read and write
|
||
|
DF8000
|
trusted library allocation
|
page read and write
|
||
|
A60000
|
heap
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
2430000
|
heap
|
page read and write
|
||
|
404000
|
unkown
|
page readonly
|
||
|
1045000
|
unkown
|
page execute and read and write
|
||
|
1E09000
|
unkown
|
page readonly
|
||
|
3D5E000
|
stack
|
page read and write
|
||
|
26FE000
|
trusted library allocation
|
page read and write
|
||
|
4AB000
|
heap
|
page read and write
|
||
|
404000
|
unkown
|
page readonly
|
||
|
1E09000
|
unkown
|
page readonly
|
||
|
2005000
|
heap
|
page read and write
|
||
|
6C7000
|
heap
|
page read and write
|
||
|
9E2000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
3EFA000
|
unkown
|
page read and write
|
||
|
441D000
|
unkown
|
page read and write
|
||
|
E17000
|
trusted library allocation
|
page read and write
|
||
|
B40000
|
heap
|
page read and write
|
||
|
A55000
|
trusted library allocation
|
page read and write
|
||
|
1DC9000
|
heap
|
page read and write
|
||
|
1E06000
|
unkown
|
page execute and read and write
|
||
|
E8F000
|
stack
|
page read and write
|
||
|
1E7B000
|
unkown
|
page read and write
|
||
|
2CA000
|
heap
|
page read and write
|
||
|
4BFF000
|
stack
|
page read and write
|
||
|
1FE9000
|
heap
|
page read and write
|
||
|
1763000
|
heap
|
page read and write
|
||
|
D70000
|
heap
|
page read and write
|
||
|
686000
|
heap
|
page read and write
|
||
|
1D9B000
|
heap
|
page read and write
|
||
|
1769000
|
heap
|
page read and write
|
||
|
1DC8000
|
heap
|
page read and write
|
||
|
28D000
|
stack
|
page read and write
|
||
|
1DC3000
|
heap
|
page read and write
|
||
|
1DC2000
|
heap
|
page read and write
|
||
|
4020000
|
trusted library allocation
|
page read and write
|
||
|
1764000
|
heap
|
page read and write
|
||
|
1E00000
|
unkown
|
page execute and read and write
|
||
|
1DC2000
|
heap
|
page read and write
|
||
|
1DA1000
|
heap
|
page read and write
|
||
|
1FEB000
|
heap
|
page read and write
|
||
|
460000
|
heap
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
E0A000
|
trusted library allocation
|
page read and write
|
||
|
1D5B000
|
unkown
|
page read and write
|
||
|
441A000
|
unkown
|
page read and write
|
||
|
1BAA000
|
unkown
|
page execute and read and write
|
||
|
26FD000
|
trusted library allocation
|
page read and write
|
||
|
DFA000
|
trusted library allocation
|
page read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
B54000
|
heap
|
page read and write
|
||
|
2E8000
|
heap
|
page read and write
|
||
|
404000
|
unkown
|
page readonly
|
||
|
2AD9000
|
trusted library allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1DA9000
|
heap
|
page read and write
|
||
|
253F000
|
stack
|
page read and write
|
||
|
494E000
|
stack
|
page read and write
|
||
|
1EF0000
|
heap
|
page read and write
|
||
|
2F3000
|
stack
|
page read and write
|
||
|
58A000
|
trusted library allocation
|
page read and write
|
||
|
12C9000
|
stack
|
page read and write
|
||
|
3170000
|
heap
|
page read and write
|
||
|
12A0000
|
unkown
|
page readonly
|
||
|
120F000
|
stack
|
page read and write
|
||
|
1E0A000
|
unkown
|
page execute and read and write
|
||
|
94C000
|
unkown
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
DF9000
|
trusted library allocation
|
page read and write
|
||
|
1CC0000
|
heap
|
page read and write
|
||
|
2ADF000
|
trusted library allocation
|
page read and write
|
||
|
1DC7000
|
heap
|
page read and write
|
||
|
2AD1000
|
trusted library allocation
|
page read and write
|
||
|
CE8000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
1DAB000
|
heap
|
page read and write
|
||
|
1D5B000
|
unkown
|
page read and write
|
||
|
2B6000
|
heap
|
page read and write
|
||
|
270D000
|
trusted library allocation
|
page read and write
|
||
|
C3E000
|
trusted library allocation
|
page read and write
|
||
|
18A0000
|
unkown
|
page readonly
|
||
|
CC6000
|
heap
|
page read and write
|
||
|
23E000
|
stack
|
page read and write
|
||
|
1DAB000
|
heap
|
page read and write
|
||
|
37EF000
|
stack
|
page read and write
|
||
|
16F000
|
stack
|
page read and write
|
||
|
12A6000
|
unkown
|
page execute read
|
||
|
147E000
|
stack
|
page read and write
|
||
|
10E4000
|
heap
|
page read and write
|
||
|
4A9000
|
heap
|
page read and write
|
||
|
1E7A000
|
unkown
|
page readonly
|
||
|
949000
|
heap
|
page read and write
|
||
|
420000
|
trusted library allocation
|
page read and write
|
||
|
2ADA000
|
trusted library allocation
|
page read and write
|
||
|
3DCC000
|
stack
|
page read and write
|
||
|
E0D000
|
trusted library allocation
|
page read and write
|
||
|
1FF2000
|
heap
|
page read and write
|
||
|
660000
|
heap
|
page read and write
|
||
|
2E8000
|
heap
|
page read and write
|
||
|
E1A000
|
trusted library allocation
|
page read and write
|
||
|
6B4000
|
heap
|
page read and write
|
||
|
1DA7000
|
heap
|
page read and write
|
||
|
324000
|
heap
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
365E000
|
stack
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
12A1000
|
unkown
|
page execute read
|
||
|
47BD000
|
stack
|
page read and write
|
||
|
1FB7000
|
unkown
|
page readonly
|
||
|
22ED000
|
stack
|
page read and write
|
||
|
35FE000
|
trusted library allocation
|
page read and write
|
||
|
1DC5000
|
heap
|
page read and write
|
||
|
2D8000
|
heap
|
page read and write
|
||
|
DFE000
|
trusted library allocation
|
page read and write
|
||
|
1E7B000
|
unkown
|
page read and write
|
||
|
60A000
|
heap
|
page read and write
|
||
|
E1C000
|
trusted library allocation
|
page read and write
|
||
|
12A0000
|
unkown
|
page readonly
|
||
|
110000
|
heap
|
page read and write
|
||
|
402000
|
unkown
|
page readonly
|
||
|
50000
|
unkown
|
page readonly
|
||
|
1DC7000
|
heap
|
page read and write
|
||
|
1FE0000
|
heap
|
page read and write
|
||
|
E16000
|
trusted library allocation
|
page read and write
|
||
|
2704000
|
trusted library allocation
|
page read and write
|
||
|
18A0000
|
unkown
|
page readonly
|
||
|
496000
|
heap
|
page read and write
|
||
|
F20000
|
heap
|
page read and write
|
||
|
3C0000
|
stack
|
page read and write
|
||
|
724000
|
heap
|
page read and write
|
||
|
402000
|
unkown
|
page readonly
|
||
|
2D1000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
C28000
|
trusted library allocation
|
page read and write
|
||
|
402000
|
unkown
|
page readonly
|
||
|
172F000
|
heap
|
page read and write
|
||
|
11CF000
|
stack
|
page read and write
|
||
|
578000
|
trusted library allocation
|
page read and write
|
||
|
3120000
|
heap
|
page read and write
|
||
|
3FE000
|
stack
|
page read and write
|
||
|
1DC1000
|
heap
|
page read and write
|
||
|
1D9D000
|
heap
|
page read and write
|
||
|
E0E000
|
stack
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
50000
|
unkown
|
page readonly
|
||
|
2004000
|
heap
|
page read and write
|
||
|
2ACB000
|
trusted library allocation
|
page read and write
|
||
|
1FF2000
|
heap
|
page read and write
|
||
|
5E4000
|
heap
|
page read and write
|
||
|
26F0000
|
trusted library allocation
|
page read and write
|
||
|
300000
|
heap
|
page read and write
|
||
|
AEE000
|
stack
|
page read and write
|
||
|
B72000
|
heap
|
page read and write
|
||
|
41B0000
|
trusted library allocation
|
page read and write
|
||
|
1C0000
|
trusted library allocation
|
page execute read
|
||
|
130000
|
heap
|
page read and write
|
||
|
402000
|
unkown
|
page readonly
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
1DC2000
|
heap
|
page read and write
|
||
|
16B000
|
stack
|
page read and write
|
||
|
1FF3000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
C4F000
|
stack
|
page read and write
|
||
|
6E5000
|
heap
|
page read and write
|
||
|
E18000
|
trusted library allocation
|
page read and write
|
||
|
8FD000
|
trusted library allocation
|
page read and write
|
||
|
18D000
|
trusted library allocation
|
page read and write
|
||
|
1FF5000
|
heap
|
page read and write
|
||
|
E19000
|
trusted library allocation
|
page read and write
|
||
|
11D000
|
stack
|
page read and write
|
||
|
403000
|
unkown
|
page write copy
|
||
|
946000
|
heap
|
page read and write
|
||
|
7EFE0000
|
unkown
|
page readonly
|
||
|
57D000
|
trusted library allocation
|
page read and write
|
||
|
200000
|
heap
|
page read and write
|
||
|
26FC000
|
trusted library allocation
|
page read and write
|
||
|
79F000
|
trusted library allocation
|
page read and write
|
||
|
1D5B000
|
unkown
|
page read and write
|
||
|
4B3000
|
heap
|
page read and write
|
||
|
570000
|
trusted library allocation
|
page read and write
|
||
|
60000
|
unkown
|
page readonly
|
||
|
700000
|
heap
|
page read and write
|
||
|
C90000
|
heap
|
page read and write
|
||
|
12A0000
|
unkown
|
page readonly
|
||
|
1FEA000
|
heap
|
page read and write
|
||
|
BE0000
|
trusted library allocation
|
page read and write
|
||
|
79D000
|
trusted library allocation
|
page read and write
|
||
|
1040000
|
unkown
|
page readonly
|
||
|
3620000
|
trusted library allocation
|
page read and write
|
||
|
2709000
|
trusted library allocation
|
page read and write
|
||
|
1C1B000
|
unkown
|
page read and write
|
||
|
424E000
|
stack
|
page read and write
|
||
|
9F3000
|
trusted library allocation
|
page read and write
|
||
|
1E0A000
|
unkown
|
page execute and read and write
|
||
|
DED000
|
trusted library allocation
|
page read and write
|
||
|
1DA6000
|
heap
|
page read and write
|
||
|
2217000
|
unkown
|
page readonly
|
||
|
335E000
|
trusted library allocation
|
page read and write
|
||
|
381000
|
stack
|
page read and write
|
||
|
2701000
|
trusted library allocation
|
page read and write
|
||
|
55F000
|
trusted library allocation
|
page read and write
|
||
|
1FF7000
|
heap
|
page read and write
|
||
|
4A70000
|
trusted library allocation
|
page read and write
|
||
|
2ED000
|
heap
|
page read and write
|
||
|
11F0000
|
heap
|
page read and write
|
||
|
1FFD000
|
heap
|
page read and write
|
||
|
B90000
|
trusted library allocation
|
page read and write
|
||
|
666000
|
heap
|
page read and write
|
||
|
1DC9000
|
heap
|
page read and write
|
||
|
261F000
|
stack
|
page read and write
|
||
|
335000
|
stack
|
page read and write
|
||
|
DEF000
|
trusted library allocation
|
page read and write
|
||
|
4E4D000
|
stack
|
page read and write
|
||
|
403000
|
unkown
|
page write copy
|
||
|
330000
|
heap
|
page read and write
|
||
|
12A1000
|
unkown
|
page execute read
|
||
|
57A000
|
trusted library allocation
|
page read and write
|
||
|
4020000
|
trusted library allocation
|
page read and write
|
||
|
21F8000
|
heap
|
page read and write
|
||
|
31C000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
680000
|
heap
|
page read and write
|
||
|
990000
|
trusted library allocation
|
page read and write
|
||
|
37B0000
|
trusted library allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1DC2000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
430000
|
remote allocation
|
page read and write
|
||
|
1710000
|
heap
|
page read and write
|
||
|
790000
|
trusted library allocation
|
page read and write
|
||
|
589000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
1BA0000
|
unkown
|
page execute and read and write
|
||
|
540000
|
trusted library allocation
|
page read and write
|
||
|
4A60000
|
trusted library allocation
|
page read and write
|
||
|
365000
|
stack
|
page read and write
|
||
|
1BA9000
|
unkown
|
page readonly
|
||
|
21F0000
|
heap
|
page read and write
|
||
|
1FB7000
|
unkown
|
page readonly
|
||
|
3C9F000
|
stack
|
page read and write
|
||
|
12A5000
|
unkown
|
page execute and read and write
|
||
|
3BF000
|
stack
|
page read and write
|
||
|
56E000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2630000
|
heap
|
page read and write
|
||
|
1DBA000
|
heap
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
420E000
|
trusted library allocation
|
page read and write
|
||
|
56F000
|
trusted library allocation
|
page read and write
|
||
|
4B4000
|
heap
|
page read and write
|
||
|
463E000
|
trusted library allocation
|
page read and write
|
||
|
5BF000
|
stack
|
page read and write
|
||
|
7EFE0000
|
unkown
|
page readonly
|
||
|
1E7A000
|
unkown
|
page readonly
|
||
|
585000
|
trusted library allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
569000
|
trusted library allocation
|
page read and write
|
||
|
8A0000
|
heap
|
page read and write
|
||
|
395E000
|
trusted library allocation
|
page read and write
|
||
|
F4F000
|
stack
|
page read and write
|
||
|
1AB000
|
stack
|
page read and write
|
||
|
914000
|
heap
|
page read and write
|
||
|
DFC000
|
trusted library allocation
|
page read and write
|
||
|
2705000
|
trusted library allocation
|
page read and write
|
||
|
36D000
|
stack
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
26F8000
|
trusted library allocation
|
page read and write
|
||
|
569000
|
trusted library allocation
|
page read and write
|
||
|
26F9000
|
trusted library allocation
|
page read and write
|
||
|
1724000
|
heap
|
page read and write
|
||
|
BAD000
|
trusted library allocation
|
page read and write
|
||
|
560000
|
trusted library allocation
|
page read and write
|
||
|
2A7000
|
heap
|
page read and write
|
||
|
3F6E000
|
stack
|
page read and write
|
||
|
2207000
|
heap
|
page read and write
|
||
|
402000
|
unkown
|
page readonly
|
||
|
1D9F000
|
heap
|
page read and write
|
||
|
160F000
|
stack
|
page read and write
|
||
|
2ADB000
|
trusted library allocation
|
page read and write
|
||
|
1DAB000
|
heap
|
page read and write
|
||
|
12A1000
|
unkown
|
page execute read
|
||
|
E0D000
|
trusted library allocation
|
page read and write
|
||
|
2C4000
|
heap
|
page read and write
|
||
|
2AD4000
|
trusted library allocation
|
page read and write
|
||
|
1E7B000
|
unkown
|
page write copy
|
||
|
126E000
|
stack
|
page read and write
|
||
|
267000
|
heap
|
page read and write
|
||
|
1DC7000
|
heap
|
page read and write
|
||
|
2706000
|
trusted library allocation
|
page read and write
|
||
|
1102000
|
heap
|
page read and write
|
||
|
2E8000
|
heap
|
page read and write
|
||
|
1700000
|
heap
|
page read and write
|
||
|
1DA0000
|
heap
|
page read and write
|
||
|
27C000
|
stack
|
page read and write
|
||
|
1E00000
|
unkown
|
page execute and read and write
|
||
|
12A1000
|
unkown
|
page execute read
|
||
|
390000
|
heap
|
page read and write
|
||
|
B1D000
|
stack
|
page read and write
|
||
|
454000
|
heap
|
page read and write
|
||
|
60000
|
unkown
|
page readonly
|
||
|
E00000
|
trusted library allocation
|
page read and write
|
||
|
7B0000
|
trusted library allocation
|
page read and write
|
||
|
3EFD000
|
unkown
|
page read and write
|
||
|
404000
|
unkown
|
page readonly
|
||
|
1A58000
|
stack
|
page read and write
|
||
|
12A5000
|
unkown
|
page execute and read and write
|
||
|
220000
|
heap
|
page read and write
|
||
|
1C1B000
|
unkown
|
page write copy
|
||
|
27BF000
|
stack
|
page read and write
|
||
|
1FFE000
|
heap
|
page read and write
|
||
|
26FB000
|
trusted library allocation
|
page read and write
|
||
|
F6E000
|
stack
|
page read and write
|
||
|
17B000
|
stack
|
page read and write
|
||
|
47C0000
|
trusted library allocation
|
page read and write
|
||
|
50000
|
unkown
|
page readonly
|
||
|
402000
|
unkown
|
page readonly
|
||
|
1E0A000
|
unkown
|
page execute and read and write
|
||
|
12A0000
|
unkown
|
page readonly
|
||
|
C68000
|
trusted library allocation
|
page read and write
|
||
|
1778000
|
heap
|
page read and write
|
||
|
139F000
|
stack
|
page read and write
|
||
|
1EBE000
|
stack
|
page read and write
|
||
|
23DE000
|
stack
|
page read and write
|
||
|
7EFE0000
|
unkown
|
page readonly
|
||
|
420000
|
heap
|
page read and write
|
||
|
12A0000
|
unkown
|
page readonly
|
||
|
58F000
|
trusted library allocation
|
page read and write
|
||
|
11C000
|
stack
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
4AF000
|
heap
|
page read and write
|
||
|
177B000
|
heap
|
page read and write
|
||
|
2217000
|
unkown
|
page readonly
|
||
|
220E000
|
heap
|
page read and write
|
||
|
1D9B000
|
heap
|
page read and write
|
||
|
3D4F000
|
stack
|
page read and write
|
||
|
4B8000
|
heap
|
page read and write
|
||
|
3B9E000
|
stack
|
page read and write
|
||
|
3CE000
|
stack
|
page read and write
|
||
|
2B4000
|
heap
|
page read and write
|
||
|
37FE000
|
trusted library allocation
|
page read and write
|
||
|
5E6000
|
heap
|
page read and write
|
||
|
281F000
|
stack
|
page read and write
|
||
|
2CA000
|
heap
|
page read and write
|
||
|
2AB0000
|
trusted library allocation
|
page read and write
|
||
|
2340000
|
heap
|
page read and write
|
||
|
26F5000
|
trusted library allocation
|
page read and write
|
||
|
2D8000
|
heap
|
page read and write
|
||
|
323000
|
stack
|
page read and write
|
||
|
E1F000
|
trusted library allocation
|
page read and write
|
||
|
226C000
|
stack
|
page read and write
|
||
|
1DB8000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
DFF000
|
trusted library allocation
|
page read and write
|
||
|
1D9D000
|
heap
|
page read and write
|
||
|
1DBA000
|
heap
|
page read and write
|
||
|
1DC000
|
stack
|
page read and write
|
||
|
21FD000
|
heap
|
page read and write
|
||
|
2702000
|
trusted library allocation
|
page read and write
|
||
|
2AE0000
|
trusted library allocation
|
page read and write
|
||
|
1DC4000
|
heap
|
page read and write
|
||
|
2A0000
|
heap
|
page read and write
|
||
|
1767000
|
heap
|
page read and write
|
||
|
50000
|
unkown
|
page readonly
|
||
|
1761000
|
heap
|
page read and write
|
There are 769 hidden memdumps, click here to show them.