Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
VS80sp1-KB954961-X86-INTL.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
|
C:\Config.Msi\5d6f32.rbs
|
data
|
modified
|
||
|
C:\Program Files (x86)\Common Files\Microsoft Shared\DW\DW20.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Common Files\Microsoft Shared\DW\DWTRIG20.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5437.tmp
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5467.tmp
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5497.tmp
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\54D6.tmp
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5525.tmp
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5565.tmp
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\55A4.tmp
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5603.tmp
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\56CF.tmp
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\570F.tmp
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\573E.tmp
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\577E.tmp
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\57BD.tmp
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\57ED.tmp
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\582D.tmp
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\585D.tmp
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\588D.tmp
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\58BC.tmp
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\590C.tmp
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\594B.tmp
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\598B.tmp
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\59BA.tmp
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\59FA.tmp
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5A2A.tmp
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5AA8.tmp
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5AE7.tmp
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5B27.tmp
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5B76.tmp
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5BC5.tmp
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5C24.tmp
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5C63.tmp
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5CA3.tmp
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5CE2.tmp
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5D31.tmp
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5D90.tmp
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5E0E.tmp
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5EAB.tmp
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5EFB.tmp
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5FA7.tmp
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6016.tmp
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6036.tmp
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6085.tmp
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6096.tmp
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\60B6.tmp
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\60C7.tmp
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSId7441.LOG
|
Unicode text, UTF-16, little-endian text, with very long lines (369), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TFR6DB8.tmp
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\VS80sp1-KB954961-X86-INTL\VS80sp1-KB954961-X86-INTL-wrapper.log
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\ZNW50FA\VS80sp1-KB954961-X86-INTL.msp
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\ZNW50FA\dw20shared.msi
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\ZNW50FA\filehashfixup.exe
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\ZNW50FA\filehashfixup.exe.data
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\ZNW50FA\manifest.ini
|
Unknown
|
dropped
|
||
|
C:\Windows\Installer\5d6f30.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: Microsoft Application Error Reporting, Author: Microsoft Corporation, Keywords: Installer, MSI, Database,
Release, Comments: This Installer database contains the logic and data required to install Microsoft Application Error Reporting.,
Template: Intel;1033, Number of Pages: 200, Number of Words: 2, Security: 2, Revision Number: {420F351B-33A5-4A58-A856-69B2EDEDC8F7},
Create Time/Date: Fri Mar 9 08:56:39 2007, Last Saved Time/Date: Fri Mar 9 08:56:39 2007, Name of Creating Application:
Windows Installer XML v2.0.3508.0 (candle/light)
|
dropped
|
||
|
C:\Windows\Installer\5d6f33.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: Microsoft Application Error Reporting, Author: Microsoft Corporation, Keywords: Installer, MSI, Database,
Release, Comments: This Installer database contains the logic and data required to install Microsoft Application Error Reporting.,
Template: Intel;1033, Number of Pages: 200, Number of Words: 2, Security: 2, Revision Number: {420F351B-33A5-4A58-A856-69B2EDEDC8F7},
Create Time/Date: Fri Mar 9 08:56:39 2007, Last Saved Time/Date: Fri Mar 9 08:56:39 2007, Name of Creating Application:
Windows Installer XML v2.0.3508.0 (candle/light)
|
dropped
|
||
|
C:\Windows\Installer\MSI70E6.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSI7144.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSI7174.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSI7194.tmp
|
data
|
dropped
|
||
|
C:\Windows\Installer\MSI7195.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSI7204.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSI738B.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\SourceHash{95120000-00B9-0409-0000-0000000FF1CE}
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Installer\inprogressinstallinfo.ipi
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\~DF04986A27EF2EDB8C.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF5BEF3F78EDE40078.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF66D803FE7697B449.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF716BFC04081639DB.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF7301E52B3BD21423.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF9522B2AC5C30865D.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DFE958ECDC27330956.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFFFC4750B55285911.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\WinSxS\InstallTemp\20240418183627404.0\msvcm80.dll
|
PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Windows\WinSxS\InstallTemp\20240418183627404.0\msvcp80.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\WinSxS\InstallTemp\20240418183627404.0\msvcr80.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\WinSxS\InstallTemp\20240418183627404.0\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd.cat
|
data
|
dropped
|
||
|
C:\Windows\WinSxS\InstallTemp\20240418183627404.0\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd.manifest
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (504), with CRLF line terminators
|
dropped
|
||
|
C:\Windows\WinSxS\InstallTemp\20240418183627498.0\8.0.50727.42.cat
|
data
|
dropped
|
||
|
C:\Windows\WinSxS\InstallTemp\20240418183627498.0\8.0.50727.42.policy
|
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
There are 74 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\VS80sp1-KB954961-X86-INTL.exe
|
"C:\Users\user\Desktop\VS80sp1-KB954961-X86-INTL.exe"
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\system32\msiexec.exe" REBOOT=ReallySuppress /p "C:\Users\user\AppData\Local\Temp\ZNW50FA\VS80sp1-KB954961-X86-INTL.msp"
/l*v C:\Users\user\AppData\Local\Temp\VS80sp1-KB954961-X86-INTL\VS80sp1-KB954961-X86-INTL-msi.0.log
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\system32\msiexec.exe" REBOOT=ReallySuppress /q /i C:\Users\user\AppData\Local\Temp\ZNW50FA\dw20shared.msi APPGUID={AB1098F4-4E8B-4BC1-9979-6367DF53ED51}
REINSTALL=all REINSTALLMODE=vomus
|
||
|
C:\Windows\System32\msiexec.exe
|
C:\Windows\system32\msiexec.exe /V
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding D94135EDDA44CEACEF1298338DEB1A49
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding 31C2B4F4F21467A963096029BA61CEDC E Global\MSI0000
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\VS80sp1-KB954961-X86-INTL
|
EventMessageFile
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\VS80sp1-KB954961-X86-INTL
|
TypesSupported
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Config.Msi\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\5d6f32.rbs
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\5d6f32.rbsLow
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global
|
Microsoft.VC80.CRT,version="8.0.50727.42",type="win32",processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b"
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global
|
policy.8.0.Microsoft.VC80.CRT,version="8.0.50727.42",type="win32-policy",processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b"
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DA42BC89BF25F5BD0AF18C3B9B1A1EE8
|
000021599B0090400000000000F01FEC
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DA42BC89BF25F5BD0BF18C3B9B1A1EE8
|
000021599B0090400000000000F01FEC
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DA42BC89BF25F5BD0CF18C3B9B1A1EE8
|
000021599B0090400000000000F01FEC
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F949E36CB3004C50AF18C3B9B1A1EE8
|
000021599B0090400000000000F01FEC
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F949E36CB3004C50CF18C3B9B1A1EE8
|
000021599B0090400000000000F01FEC
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A082AC7BA846AF744BDCB8968E8B1FFE
|
000021599B0090400000000000F01FEC
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3178D6A16119EA44AB06C40F8E1C5DB8
|
000021599B0090400000000000F01FEC
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CA4A2DD729380043B0800BB8E938117
|
000021599B0090400000000000F01FEC
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\20DE37EB11038E54CBD641576809DF5A
|
000021599B0090400000000000F01FEC
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\208A90ECAFAA3A649B3537AE1D949906
|
000021599B0090400000000000F01FEC
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F480720A052ADFF4DBFA7776D2830F10
|
000021599B0090400000000000F01FEC
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7C2A0A3B9FBBAE44E98BB05E598D1306
|
000021599B0090400000000000F01FEC
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BE872BF64B672A04B9DA4D0C1196462C
|
000021599B0090400000000000F01FEC
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1542AEC87C5AB624197ACEDC5D5E546F
|
000021599B0090400000000000F01FEC
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B45C4A025C5DC8249B1566359F33F4EE
|
000021599B0090400000000000F01FEC
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\193F8C0BA8CFFDE42AAD3E082B4EF117
|
000021599B0090400000000000F01FEC
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AA5FB02A64DE19F4297183F806F1B0DD
|
000021599B0090400000000000F01FEC
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC8664998485E4741901519459F394C3
|
000021599B0090400000000000F01FEC
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Windows\PCHEALTH\ERRORREP\QHEADLES\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Windows\PCHEALTH\ERRORREP\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Windows\PCHEALTH\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Program Files (x86)\Common Files\Microsoft Shared\DW\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}
|
RunAs
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}
|
AppID
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}\LocalServer32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\PCHealth\ErrorReporting\DW\Installed
|
DW0200
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PatchedComponents
|
{98CB24AD-52FB-DB5F-A01F-C8B3B9A1E18E}
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PatchedComponents
|
{63E949F6-03BC-5C40-A01F-C8B3B9A1E18E}
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021599B0090400000000000F01FEC\InstallProperties
|
LocalPackage
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021599B0090400000000000F01FEC\InstallProperties
|
AuthorizedCDFPrefix
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021599B0090400000000000F01FEC\InstallProperties
|
Comments
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021599B0090400000000000F01FEC\InstallProperties
|
Contact
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021599B0090400000000000F01FEC\InstallProperties
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021599B0090400000000000F01FEC\InstallProperties
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021599B0090400000000000F01FEC\InstallProperties
|
HelpTelephone
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021599B0090400000000000F01FEC\InstallProperties
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021599B0090400000000000F01FEC\InstallProperties
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021599B0090400000000000F01FEC\InstallProperties
|
InstallSource
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021599B0090400000000000F01FEC\InstallProperties
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021599B0090400000000000F01FEC\InstallProperties
|
NoRemove
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021599B0090400000000000F01FEC\InstallProperties
|
NoRepair
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021599B0090400000000000F01FEC\InstallProperties
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021599B0090400000000000F01FEC\InstallProperties
|
Readme
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021599B0090400000000000F01FEC\InstallProperties
|
Size
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021599B0090400000000000F01FEC\InstallProperties
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021599B0090400000000000F01FEC\InstallProperties
|
SystemComponent
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021599B0090400000000000F01FEC\InstallProperties
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021599B0090400000000000F01FEC\InstallProperties
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021599B0090400000000000F01FEC\InstallProperties
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021599B0090400000000000F01FEC\InstallProperties
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021599B0090400000000000F01FEC\InstallProperties
|
WindowsInstaller
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021599B0090400000000000F01FEC\InstallProperties
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021599B0090400000000000F01FEC\InstallProperties
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{95120000-00B9-0409-0000-0000000FF1CE}
|
AuthorizedCDFPrefix
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{95120000-00B9-0409-0000-0000000FF1CE}
|
Comments
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{95120000-00B9-0409-0000-0000000FF1CE}
|
Contact
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{95120000-00B9-0409-0000-0000000FF1CE}
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{95120000-00B9-0409-0000-0000000FF1CE}
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{95120000-00B9-0409-0000-0000000FF1CE}
|
HelpTelephone
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{95120000-00B9-0409-0000-0000000FF1CE}
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{95120000-00B9-0409-0000-0000000FF1CE}
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{95120000-00B9-0409-0000-0000000FF1CE}
|
InstallSource
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{95120000-00B9-0409-0000-0000000FF1CE}
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{95120000-00B9-0409-0000-0000000FF1CE}
|
NoRemove
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{95120000-00B9-0409-0000-0000000FF1CE}
|
NoRepair
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{95120000-00B9-0409-0000-0000000FF1CE}
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{95120000-00B9-0409-0000-0000000FF1CE}
|
Readme
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{95120000-00B9-0409-0000-0000000FF1CE}
|
Size
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{95120000-00B9-0409-0000-0000000FF1CE}
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{95120000-00B9-0409-0000-0000000FF1CE}
|
SystemComponent
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{95120000-00B9-0409-0000-0000000FF1CE}
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{95120000-00B9-0409-0000-0000000FF1CE}
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{95120000-00B9-0409-0000-0000000FF1CE}
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{95120000-00B9-0409-0000-0000000FF1CE}
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{95120000-00B9-0409-0000-0000000FF1CE}
|
WindowsInstaller
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{95120000-00B9-0409-0000-0000000FF1CE}
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{95120000-00B9-0409-0000-0000000FF1CE}
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\000021509B0000000000000000F01FEC
|
000021599B0090400000000000F01FEC
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021599B0090400000000000F01FEC\InstallProperties
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{95120000-00B9-0409-0000-0000000FF1CE}
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\000021599B0090400000000000F01FEC
|
WatsonShared
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021599B0090400000000000F01FEC\Features
|
WatsonShared
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\000021599B0090400000000000F01FEC
|
PackageCode
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021599B0090400000000000F01FEC\Patches
|
AllPatches
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\000021599B0090400000000000F01FEC
|
ProductName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\000021599B0090400000000000F01FEC
|
PackageCode
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\000021599B0090400000000000F01FEC
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\000021599B0090400000000000F01FEC
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\000021599B0090400000000000F01FEC
|
Assignment
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\000021599B0090400000000000F01FEC
|
AdvertiseFlags
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\000021599B0090400000000000F01FEC
|
InstanceType
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\000021599B0090400000000000F01FEC
|
AuthorizedLUAApp
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\000021599B0090400000000000F01FEC
|
DeploymentFlags
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\000021509B0000000000000000F01FEC
|
000021599B0090400000000000F01FEC
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\000021599B0090400000000000F01FEC\SourceList
|
PackageName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\000021599B0090400000000000F01FEC\SourceList\Net
|
1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\000021599B0090400000000000F01FEC\SourceList\Media
|
DiskPrompt
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\000021599B0090400000000000F01FEC\SourceList\Media
|
1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\000021599B0090400000000000F01FEC
|
Clients
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\000021599B0090400000000000F01FEC\SourceList
|
LastUsedSource
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\000021599B0090400000000000F01FEC
|
PackageCode
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings
|
StringCacheGeneration
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\PCHealth\ErrorReporting\DW\Products
|
{AB1098F4-4E8B-4BC1-9979-6367DF53ED51}
|
There are 109 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2FA1000
|
heap
|
page read and write
|
||
|
4F30000
|
heap
|
page read and write
|
||
|
3060000
|
trusted library allocation
|
page read and write
|
||
|
430000
|
unkown
|
page readonly
|
||
|
3364000
|
heap
|
page read and write
|
||
|
1081000
|
heap
|
page read and write
|
||
|
107E000
|
heap
|
page read and write
|
||
|
4C7B000
|
stack
|
page read and write
|
||
|
29EE000
|
stack
|
page read and write
|
||
|
109A000
|
heap
|
page read and write
|
||
|
1050000
|
heap
|
page read and write
|
||
|
3010000
|
heap
|
page readonly
|
||
|
3030000
|
heap
|
page read and write
|
||
|
31FE000
|
stack
|
page read and write
|
||
|
3060000
|
trusted library allocation
|
page read and write
|
||
|
8310000
|
heap
|
page read and write
|
||
|
2E71000
|
heap
|
page read and write
|
||
|
2FA3000
|
heap
|
page read and write
|
||
|
4CFB000
|
stack
|
page read and write
|
||
|
2E82000
|
heap
|
page read and write
|
||
|
2F9E000
|
heap
|
page read and write
|
||
|
2E60000
|
heap
|
page read and write
|
||
|
3270000
|
heap
|
page read and write
|
||
|
430000
|
unkown
|
page readonly
|
||
|
2F9A000
|
heap
|
page read and write
|
||
|
2F44000
|
heap
|
page read and write
|
||
|
2F74000
|
heap
|
page read and write
|
||
|
105A000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
2F00000
|
heap
|
page read and write
|
||
|
317E000
|
unkown
|
page read and write
|
||
|
2F9A000
|
heap
|
page read and write
|
||
|
2C3F000
|
stack
|
page read and write
|
||
|
3055000
|
heap
|
page read and write
|
||
|
6FB000
|
stack
|
page read and write
|
||
|
1091000
|
heap
|
page read and write
|
||
|
2FC0000
|
heap
|
page read and write
|
||
|
3060000
|
trusted library allocation
|
page read and write
|
||
|
297F000
|
unkown
|
page read and write
|
||
|
105E000
|
heap
|
page read and write
|
||
|
3060000
|
trusted library allocation
|
page read and write
|
||
|
14CE000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1170000
|
heap
|
page read and write
|
||
|
2E70000
|
heap
|
page read and write
|
||
|
2F9A000
|
heap
|
page read and write
|
||
|
2F57000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2FB0000
|
heap
|
page read and write
|
||
|
3036000
|
heap
|
page read and write
|
||
|
2D9F000
|
heap
|
page read and write
|
||
|
2F96000
|
heap
|
page read and write
|
||
|
2F9E000
|
heap
|
page read and write
|
||
|
3279000
|
heap
|
page read and write
|
||
|
1097000
|
heap
|
page read and write
|
||
|
4F24000
|
heap
|
page read and write
|
||
|
2F68000
|
heap
|
page read and write
|
||
|
107A000
|
heap
|
page read and write
|
||
|
2F6A000
|
heap
|
page read and write
|
||
|
63DE000
|
stack
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
2F10000
|
heap
|
page read and write
|
||
|
430000
|
unkown
|
page readonly
|
||
|
1081000
|
heap
|
page read and write
|
||
|
4B7B000
|
stack
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
4D3F000
|
stack
|
page read and write
|
||
|
3250000
|
heap
|
page read and write
|
||
|
E30000
|
unkown
|
page readonly
|
||
|
1175000
|
heap
|
page read and write
|
||
|
2F70000
|
heap
|
page read and write
|
||
|
13CE000
|
stack
|
page read and write
|
||
|
1091000
|
heap
|
page read and write
|
||
|
2FBA000
|
heap
|
page read and write
|
||
|
1084000
|
heap
|
page read and write
|
||
|
42B000
|
unkown
|
page read and write
|
||
|
160E000
|
stack
|
page read and write
|
||
|
7B10000
|
trusted library allocation
|
page read and write
|
||
|
2F4A000
|
heap
|
page read and write
|
||
|
2F9E000
|
heap
|
page read and write
|
||
|
2E78000
|
heap
|
page read and write
|
||
|
2FA1000
|
heap
|
page read and write
|
||
|
2FAB000
|
heap
|
page read and write
|
||
|
2FBA000
|
heap
|
page read and write
|
||
|
128E000
|
stack
|
page read and write
|
||
|
2F65000
|
heap
|
page read and write
|
||
|
2D93000
|
heap
|
page read and write
|
||
|
4AEC000
|
stack
|
page read and write
|
||
|
2FBA000
|
heap
|
page read and write
|
||
|
2E65000
|
heap
|
page read and write
|
||
|
3275000
|
heap
|
page read and write
|
||
|
3360000
|
heap
|
page read and write
|
||
|
7B0000
|
heap
|
page readonly
|
||
|
2F71000
|
heap
|
page read and write
|
||
|
2F3F000
|
heap
|
page read and write
|
||
|
641F000
|
stack
|
page read and write
|
||
|
1084000
|
heap
|
page read and write
|
||
|
138F000
|
stack
|
page read and write
|
||
|
4C3F000
|
stack
|
page read and write
|
||
|
29A0000
|
heap
|
page read and write
|
||
|
2FA4000
|
heap
|
page read and write
|
||
|
107E000
|
heap
|
page read and write
|
||
|
1150000
|
heap
|
page read and write
|
||
|
1040000
|
heap
|
page read and write
|
||
|
2F9E000
|
heap
|
page read and write
|
||
|
E30000
|
unkown
|
page readonly
|
||
|
4CBE000
|
stack
|
page read and write
|
||
|
3020000
|
heap
|
page read and write
|
||
|
2D9F000
|
heap
|
page read and write
|
||
|
2FA3000
|
heap
|
page read and write
|
||
|
2DC0000
|
heap
|
page read and write
|
||
|
9A000
|
stack
|
page read and write
|
||
|
2FA1000
|
heap
|
page read and write
|
||
|
2F9A000
|
heap
|
page read and write
|
||
|
2FA3000
|
heap
|
page read and write
|
||
|
4AAE000
|
stack
|
page read and write
|
||
|
2F9E000
|
heap
|
page read and write
|
||
|
2D93000
|
heap
|
page read and write
|
||
|
4BBF000
|
stack
|
page read and write
|
||
|
293E000
|
unkown
|
page read and write
|
||
|
3050000
|
heap
|
page read and write
|
||
|
2D88000
|
heap
|
page read and write
|
||
|
2F56000
|
heap
|
page read and write
|
||
|
2FC0000
|
heap
|
page read and write
|
||
|
2F73000
|
heap
|
page read and write
|
||
|
1091000
|
heap
|
page read and write
|
||
|
107E000
|
heap
|
page read and write
|
||
|
2FA1000
|
heap
|
page read and write
|
||
|
4F20000
|
heap
|
page read and write
|
||
|
2D40000
|
heap
|
page read and write
|
||
|
42B000
|
unkown
|
page write copy
|
||
|
2D6A000
|
heap
|
page read and write
|
||
|
73A000
|
stack
|
page read and write
|
||
|
2FC1000
|
heap
|
page read and write
|
||
|
2F47000
|
heap
|
page read and write
|
||
|
2D9B000
|
heap
|
page read and write
|
||
|
107A000
|
heap
|
page read and write
|
||
|
2FA3000
|
heap
|
page read and write
|
||
|
2F6C000
|
heap
|
page read and write
|
||
|
2F56000
|
heap
|
page read and write
|
||
|
2D88000
|
heap
|
page read and write
|
||
|
2F6D000
|
heap
|
page read and write
|
||
|
150E000
|
stack
|
page read and write
|
||
|
2FA1000
|
heap
|
page read and write
|
||
|
2E79000
|
heap
|
page read and write
|
||
|
2F6B000
|
heap
|
page read and write
|
||
|
2E7B000
|
heap
|
page read and write
|
||
|
2FA3000
|
heap
|
page read and write
|
||
|
2D9B000
|
heap
|
page read and write
|
||
|
7B00000
|
heap
|
page read and write
|
||
|
2F47000
|
heap
|
page read and write
|
||
|
3060000
|
trusted library allocation
|
page read and write
|
||
|
4B2F000
|
stack
|
page read and write
|
||
|
2D8B000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
4BFB000
|
stack
|
page read and write
|
||
|
4A6C000
|
stack
|
page read and write
|
||
|
2D60000
|
heap
|
page read and write
|
||
|
1097000
|
heap
|
page read and write
|
||
|
2FA3000
|
heap
|
page read and write
|
||
|
109A000
|
heap
|
page read and write
|
||
|
4A2F000
|
stack
|
page read and write
|
||
|
29A5000
|
heap
|
page read and write
|
||
|
2E72000
|
heap
|
page read and write
|
||
|
2CF0000
|
heap
|
page read and write
|
||
|
323F000
|
stack
|
page read and write
|
||
|
2FAD000
|
heap
|
page read and write
|
||
|
2FA1000
|
heap
|
page read and write
|
||
|
31BE000
|
unkown
|
page read and write
|
||
|
2F43000
|
heap
|
page read and write
|
||
|
2E71000
|
heap
|
page read and write
|
||
|
2E54000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
3050000
|
heap
|
page read and write
|
||
|
2E99000
|
stack
|
page read and write
|
||
|
2F9E000
|
heap
|
page read and write
|
||
|
49EE000
|
stack
|
page read and write
|
There are 167 hidden memdumps, click here to show them.