Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
MSD_Setup_sib.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: This setup package will Install MSD Setup version 3.5.0, Author: MSD Setup, Keywords: Installer, Comments:
This installer database contains the logic and data required to install MSD Setup., Template: Intel;1033, Revision Number:
{D59C64C0-985A-437E-9F88-C578DBDDC731}, Create Time/Date: Tue Apr 23 10:56:26 2024, Last Saved Time/Date: Tue Apr 23 10:56:26
2024, Number of Pages: 200, Number of Words: 10, Name of Creating Application: Windows Installer XML Toolset (3.11.0.1528),
Security: 2
|
initial sample
|
 |
|
|
C:\ProgramData\lgp\sjm
|
ASCII text
|
dropped
|
|
|
|
C:\Config.Msi\5d55fc.rbs
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pmpgolc4.1dt.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_q5irehbp.fnv.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\EPQ74L1LFVWUF49Q1E76.temp
|
data
|
dropped
|
||
|
C:\Windows\Installer\5d55fb.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: This setup package will Install MSD Setup version 3.5.0, Author: MSD Setup, Keywords: Installer, Comments:
This installer database contains the logic and data required to install MSD Setup., Template: Intel;1033, Revision Number:
{D59C64C0-985A-437E-9F88-C578DBDDC731}, Create Time/Date: Tue Apr 23 10:56:26 2024, Last Saved Time/Date: Tue Apr 23 10:56:26
2024, Number of Pages: 200, Number of Words: 10, Name of Creating Application: Windows Installer XML Toolset (3.11.0.1528),
Security: 2
|
dropped
|
||
|
C:\Windows\Installer\5d55fd.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: This setup package will Install MSD Setup version 3.5.0, Author: MSD Setup, Keywords: Installer, Comments:
This installer database contains the logic and data required to install MSD Setup., Template: Intel;1033, Revision Number:
{D59C64C0-985A-437E-9F88-C578DBDDC731}, Create Time/Date: Tue Apr 23 10:56:26 2024, Last Saved Time/Date: Tue Apr 23 10:56:26
2024, Number of Pages: 200, Number of Words: 10, Name of Creating Application: Windows Installer XML Toolset (3.11.0.1528),
Security: 2
|
dropped
|
||
|
C:\Windows\Installer\MSI56B6.tmp
|
data
|
dropped
|
||
|
C:\Windows\Installer\SourceHash{5388A5D6-8B37-4242-B64C-4D72F236B407}
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Installer\inprogressinstallinfo.ipi
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\~DF287876865D7F7572.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF2A79A0F1FF12F8EB.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF2A9F8779C361E0B0.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF3C557ABFC4F40CEC.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF4CDA700A7701DB7A.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF6BA9C2E768FA738E.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF75C545B6812E8F01.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF9AE706661FB97C3A.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFA65D3C840622BAC6.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DFCB227732C5049052.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DFCE78898A0A747459.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFEFC0B9BA2765D97A.TMP
|
data
|
modified
|
There are 16 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\cmd.exe
|
"cmd" /c start /min C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -WindowStyle hidden "iex (gc ('C:\ProgramData\lgp\sjm')
| out-string)"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -WindowStyle hidden "iex (gc ('C:\ProgramData\lgp\sjm') | out-string)"
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\msiexec.exe
|
"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\MSD_Setup_sib.msi"
|
||
|
C:\Windows\System32\msiexec.exe
|
C:\Windows\system32\msiexec.exe /V
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 29 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://64.95.10.191/
|
unknown
|
||
|
http://64.95.10.191/3686575373
|
64.95.10.191
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
1.1.1.1
|
unknown
|
Australia
|
|
|
|
64.95.10.191
|
unknown
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Config.Msi\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\5d55fc.rbs
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\5d55fc.rbsLow
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Roaming\Microsoft\Installer\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\6D5A883573B824246BC4D4270833EE88
|
6D5A883573B824246BC4D4272F634B70
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\6D5A883573B824246BC4D4275F1102A2
|
6D5A883573B824246BC4D4272F634B70
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\6D5A883573B824246BC4D42754FA10A1
|
6D5A883573B824246BC4D4272F634B70
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\6D5A883573B824246BC4D42788505742
|
6D5A883573B824246BC4D4272F634B70
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\6D5A883573B824246BC4D427536B41A7
|
6D5A883573B824246BC4D4272F634B70
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\ProgramData\lgp\
|
||
|
HKEY_CURRENT_USER\SOFTWARE\WixSharp\Used
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\InstallProperties
|
LocalPackage
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\InstallProperties
|
AuthorizedCDFPrefix
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\InstallProperties
|
Comments
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\InstallProperties
|
Contact
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\InstallProperties
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\InstallProperties
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\InstallProperties
|
HelpTelephone
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\InstallProperties
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\InstallProperties
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\InstallProperties
|
InstallSource
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\InstallProperties
|
ModifyPath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\InstallProperties
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\InstallProperties
|
Readme
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\InstallProperties
|
Size
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\InstallProperties
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\InstallProperties
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\InstallProperties
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\InstallProperties
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\InstallProperties
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\InstallProperties
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\InstallProperties
|
WindowsInstaller
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\InstallProperties
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\InstallProperties
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5388A5D6-8B37-4242-B64C-4D72F236B407}
|
AuthorizedCDFPrefix
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5388A5D6-8B37-4242-B64C-4D72F236B407}
|
Comments
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5388A5D6-8B37-4242-B64C-4D72F236B407}
|
Contact
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5388A5D6-8B37-4242-B64C-4D72F236B407}
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5388A5D6-8B37-4242-B64C-4D72F236B407}
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5388A5D6-8B37-4242-B64C-4D72F236B407}
|
HelpTelephone
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5388A5D6-8B37-4242-B64C-4D72F236B407}
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5388A5D6-8B37-4242-B64C-4D72F236B407}
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5388A5D6-8B37-4242-B64C-4D72F236B407}
|
InstallSource
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5388A5D6-8B37-4242-B64C-4D72F236B407}
|
ModifyPath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5388A5D6-8B37-4242-B64C-4D72F236B407}
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5388A5D6-8B37-4242-B64C-4D72F236B407}
|
Readme
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5388A5D6-8B37-4242-B64C-4D72F236B407}
|
Size
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5388A5D6-8B37-4242-B64C-4D72F236B407}
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5388A5D6-8B37-4242-B64C-4D72F236B407}
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5388A5D6-8B37-4242-B64C-4D72F236B407}
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5388A5D6-8B37-4242-B64C-4D72F236B407}
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5388A5D6-8B37-4242-B64C-4D72F236B407}
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5388A5D6-8B37-4242-B64C-4D72F236B407}
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5388A5D6-8B37-4242-B64C-4D72F236B407}
|
WindowsInstaller
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5388A5D6-8B37-4242-B64C-4D72F236B407}
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5388A5D6-8B37-4242-B64C-4D72F236B407}
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\EA0EEFD4EB804094F8151EB6BB8A66A6
|
6D5A883573B824246BC4D4272F634B70
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\InstallProperties
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5388A5D6-8B37-4242-B64C-4D72F236B407}
|
DisplayName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Features\6D5A883573B824246BC4D4272F634B70
|
MSD_Setup_
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\Features
|
MSD_Setup_
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\Patches
|
AllPatches
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\6D5A883573B824246BC4D4272F634B70
|
ProductName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\6D5A883573B824246BC4D4272F634B70
|
PackageCode
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\6D5A883573B824246BC4D4272F634B70
|
Language
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\6D5A883573B824246BC4D4272F634B70
|
Version
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\6D5A883573B824246BC4D4272F634B70
|
Assignment
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\6D5A883573B824246BC4D4272F634B70
|
AdvertiseFlags
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\6D5A883573B824246BC4D4272F634B70
|
InstanceType
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\6D5A883573B824246BC4D4272F634B70
|
AuthorizedLUAApp
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\6D5A883573B824246BC4D4272F634B70
|
DeploymentFlags
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\UpgradeCodes\EA0EEFD4EB804094F8151EB6BB8A66A6
|
6D5A883573B824246BC4D4272F634B70
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\6D5A883573B824246BC4D4272F634B70\SourceList
|
PackageName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\6D5A883573B824246BC4D4272F634B70\SourceList\Net
|
1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\6D5A883573B824246BC4D4272F634B70\SourceList\Media
|
1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\6D5A883573B824246BC4D4272F634B70
|
Clients
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\6D5A883573B824246BC4D4272F634B70\SourceList
|
LastUsedSource
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@%SystemRoot%\System32\ci.dll,-100
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@%SystemRoot%\System32\ci.dll,-101
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@%SystemRoot%\system32\dnsapi.dll,-103
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@%SystemRoot%\System32\fveui.dll,-843
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@%SystemRoot%\System32\fveui.dll,-844
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@%SystemRoot%\System32\wuaueng.dll,-400
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@%SystemRoot%\system32\NgcRecovery.dll,-100
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 92 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2A8A6420000
|
heap
|
page read and write
|
||
|
C524C7F000
|
stack
|
page read and write
|
||
|
45999FE000
|
stack
|
page read and write
|
||
|
50ACAFF000
|
unkown
|
page read and write
|
||
|
59A7A7F000
|
stack
|
page read and write
|
||
|
192D23ED000
|
heap
|
page read and write
|
||
|
CD1D17E000
|
stack
|
page read and write
|
||
|
202EC2A0000
|
heap
|
page read and write
|
||
|
1FB790C0000
|
heap
|
page read and write
|
||
|
CA763FE000
|
stack
|
page read and write
|
||
|
29951FC7000
|
heap
|
page read and write
|
||
|
59B56FE000
|
stack
|
page read and write
|
||
|
13136670000
|
heap
|
page read and write
|
||
|
C9AC97E000
|
stack
|
page read and write
|
||
|
26FF5217000
|
heap
|
page read and write
|
||
|
202EC359000
|
heap
|
page read and write
|
||
|
2439F198000
|
heap
|
page read and write
|
||
|
59B52BC000
|
stack
|
page read and write
|
||
|
45998FF000
|
stack
|
page read and write
|
||
|
2A8A6430000
|
heap
|
page read and write
|
||
|
E7D467C000
|
stack
|
page read and write
|
||
|
7F1D2FE000
|
stack
|
page read and write
|
||
|
E5D1D0C000
|
stack
|
page read and write
|
||
|
214BE1D0000
|
heap
|
page read and write
|
||
|
C9AC8FF000
|
stack
|
page read and write
|
||
|
214BE2B0000
|
heap
|
page read and write
|
||
|
59B53BF000
|
stack
|
page read and write
|
||
|
7F1CF7E000
|
unkown
|
page read and write
|
||
|
235BB4D0000
|
heap
|
page read and write
|
||
|
C9AC9FE000
|
stack
|
page read and write
|
||
|
23B64D10000
|
heap
|
page read and write
|
||
|
7F1D27E000
|
stack
|
page read and write
|
||
|
24B5D1A0000
|
heap
|
page read and write
|
||
|
25ACE2A0000
|
heap
|
page read and write
|
||
|
235BB5D0000
|
heap
|
page read and write
|
||
|
235EDDC0000
|
heap
|
page read and write
|
||
|
81128FF000
|
stack
|
page read and write
|
||
|
AF932FE000
|
stack
|
page read and write
|
||
|
251C4610000
|
heap
|
page read and write
|
||
|
22E68BF0000
|
heap
|
page read and write
|
||
|
2DB1F460000
|
heap
|
page read and write
|
||
|
F8A6CFE000
|
stack
|
page read and write
|
||
|
1E4AE1C0000
|
heap
|
page read and write
|
||
|
214BE2B5000
|
heap
|
page read and write
|
||
|
1B36D3C0000
|
heap
|
page read and write
|
||
|
811249C000
|
stack
|
page read and write
|
||
|
2567C1B5000
|
heap
|
page read and write
|
||
|
1D817E75000
|
heap
|
page read and write
|
||
|
129231C0000
|
heap
|
page read and write
|
||
|
1D817B20000
|
heap
|
page read and write
|
||
|
B2296C000
|
stack
|
page read and write
|
||
|
235BB66D000
|
heap
|
page read and write
|
||
|
F8A6C7F000
|
stack
|
page read and write
|
||
|
227AAA90000
|
heap
|
page read and write
|
||
|
1E9B7FE0000
|
heap
|
page read and write
|
||
|
23B64F75000
|
heap
|
page read and write
|
||
|
227AAC65000
|
heap
|
page read and write
|
||
|
192D23D9000
|
heap
|
page read and write
|
||
|
E7D487E000
|
stack
|
page read and write
|
||
|
E0000FF000
|
unkown
|
page read and write
|
||
|
FD05B7E000
|
stack
|
page read and write
|
||
|
29951FC0000
|
heap
|
page read and write
|
||
|
29951F80000
|
heap
|
page read and write
|
||
|
483AE7F000
|
stack
|
page read and write
|
||
|
2567BF90000
|
heap
|
page read and write
|
||
|
205AB140000
|
heap
|
page read and write
|
||
|
26FF51B0000
|
heap
|
page read and write
|
||
|
29951F30000
|
heap
|
page read and write
|
||
|
13136570000
|
heap
|
page read and write
|
||
|
262A8B90000
|
heap
|
page read and write
|
||
|
214BE0B0000
|
heap
|
page read and write
|
||
|
202EC367000
|
heap
|
page read and write
|
||
|
227AAC50000
|
heap
|
page read and write
|
||
|
235BB650000
|
heap
|
page read and write
|
||
|
25ACE337000
|
heap
|
page read and write
|
||
|
217496C0000
|
heap
|
page read and write
|
||
|
21749447000
|
heap
|
page read and write
|
||
|
235EDB3F000
|
heap
|
page read and write
|
||
|
B02C7FF000
|
stack
|
page read and write
|
||
|
1B36D1C0000
|
heap
|
page read and write
|
||
|
21749610000
|
heap
|
page read and write
|
||
|
214BE0B9000
|
heap
|
page read and write
|
||
|
2439F4C0000
|
heap
|
page read and write
|
||
|
DBF935F000
|
unkown
|
page read and write
|
||
|
1DCC73B9000
|
heap
|
page read and write
|
||
|
202EC6C0000
|
heap
|
page read and write
|
||
|
262A8C90000
|
heap
|
page read and write
|
||
|
25ACE34C000
|
heap
|
page read and write
|
||
|
A39409C000
|
stack
|
page read and write
|
||
|
1C780060000
|
heap
|
page read and write
|
||
|
1E9B7FF7000
|
heap
|
page read and write
|
||
|
59A7AFE000
|
stack
|
page read and write
|
||
|
21749400000
|
heap
|
page read and write
|
||
|
CA75FAC000
|
stack
|
page read and write
|
||
|
12923260000
|
heap
|
page read and write
|
||
|
227AAC58000
|
heap
|
page read and write
|
||
|
20E03269000
|
heap
|
page read and write
|
||
|
26DAD8F8000
|
heap
|
page read and write
|
||
|
2567C1B0000
|
heap
|
page read and write
|
||
|
2A8A64B0000
|
heap
|
page read and write
|
||
|
F5A71FF000
|
stack
|
page read and write
|
||
|
1C780177000
|
heap
|
page read and write
|
||
|
A6C567E000
|
unkown
|
page read and write
|
||
|
CBFB4FE000
|
stack
|
page read and write
|
||
|
23B64DF1000
|
heap
|
page read and write
|
||
|
227AAB90000
|
heap
|
page read and write
|
||
|
539BC7E000
|
stack
|
page read and write
|
||
|
13136709000
|
heap
|
page read and write
|
||
|
D5936FE000
|
stack
|
page read and write
|
||
|
A39419F000
|
stack
|
page read and write
|
||
|
235EDB28000
|
heap
|
page read and write
|
||
|
131366F0000
|
heap
|
page read and write
|
||
|
539BCFE000
|
stack
|
page read and write
|
||
|
205AB120000
|
heap
|
page read and write
|
||
|
494F4FE000
|
stack
|
page read and write
|
||
|
2A8A67E0000
|
heap
|
page read and write
|
||
|
26DAD90D000
|
heap
|
page read and write
|
||
|
235BB915000
|
heap
|
page read and write
|
||
|
2439F4C5000
|
heap
|
page read and write
|
||
|
21749410000
|
heap
|
page read and write
|
||
|
251C4615000
|
heap
|
page read and write
|
||
|
C524D7E000
|
stack
|
page read and write
|
||
|
1C7802A5000
|
heap
|
page read and write
|
||
|
1292327E000
|
heap
|
page read and write
|
||
|
539B9CF000
|
stack
|
page read and write
|
||
|
235BB910000
|
heap
|
page read and write
|
||
|
26FF51D0000
|
heap
|
page read and write
|
||
|
21749455000
|
heap
|
page read and write
|
||
|
22E68AF0000
|
heap
|
page read and write
|
||
|
1D817B3D000
|
heap
|
page read and write
|
||
|
494F57E000
|
stack
|
page read and write
|
||
|
2A8A64CB000
|
heap
|
page read and write
|
||
|
13136980000
|
heap
|
page read and write
|
||
|
811259F000
|
stack
|
page read and write
|
||
|
227AAC6E000
|
heap
|
page read and write
|
||
|
251C4400000
|
heap
|
page read and write
|
||
|
202EC36B000
|
heap
|
page read and write
|
||
|
6F4777E000
|
stack
|
page read and write
|
||
|
205AB460000
|
heap
|
page read and write
|
||
|
6F6027E000
|
unkown
|
page read and write
|
||
|
1FB79345000
|
heap
|
page read and write
|
||
|
1E9397F000
|
stack
|
page read and write
|
||
|
192D2600000
|
heap
|
page read and write
|
||
|
129231A0000
|
heap
|
page read and write
|
||
|
23B64F70000
|
heap
|
page read and write
|
||
|
13136650000
|
heap
|
page read and write
|
||
|
483AEFE000
|
stack
|
page read and write
|
||
|
235BB5B0000
|
heap
|
page read and write
|
||
|
1D817B28000
|
heap
|
page read and write
|
||
|
22E68DE5000
|
heap
|
page read and write
|
||
|
262A8D6D000
|
heap
|
page read and write
|
||
|
1E4AE1E5000
|
heap
|
page read and write
|
||
|
A39411E000
|
unkown
|
page read and write
|
||
|
A6C577E000
|
stack
|
page read and write
|
||
|
1DCC73B0000
|
heap
|
page read and write
|
||
|
A6C57FE000
|
stack
|
page read and write
|
||
|
FD057BC000
|
stack
|
page read and write
|
||
|
24B5D2F0000
|
heap
|
page read and write
|
||
|
1B36D515000
|
heap
|
page read and write
|
||
|
6F473DF000
|
unkown
|
page read and write
|
||
|
2439F120000
|
heap
|
page read and write
|
||
|
1FB78FB0000
|
heap
|
page read and write
|
||
|
50ACC7E000
|
stack
|
page read and write
|
||
|
22E68C40000
|
heap
|
page read and write
|
||
|
22E68C49000
|
heap
|
page read and write
|
||
|
1C78017E000
|
heap
|
page read and write
|
||
|
2DB1F540000
|
heap
|
page read and write
|
||
|
D2D1FFE000
|
stack
|
page read and write
|
||
|
50ACA7C000
|
stack
|
page read and write
|
||
|
205AB19D000
|
heap
|
page read and write
|
||
|
459958C000
|
stack
|
page read and write
|
||
|
1EAF3720000
|
heap
|
page read and write
|
||
|
12923278000
|
heap
|
page read and write
|
||
|
6F476FE000
|
stack
|
page read and write
|
||
|
22E68DE0000
|
heap
|
page read and write
|
||
|
B02C6FF000
|
unkown
|
page read and write
|
||
|
262A8D67000
|
heap
|
page read and write
|
||
|
23B64DD7000
|
heap
|
page read and write
|
||
|
1EAF374E000
|
heap
|
page read and write
|
||
|
24B5D2F9000
|
heap
|
page read and write
|
||
|
AF92EFC000
|
stack
|
page read and write
|
||
|
29951F85000
|
heap
|
page read and write
|
||
|
29951FE0000
|
heap
|
page read and write
|
||
|
262A8C70000
|
heap
|
page read and write
|
||
|
25ACE280000
|
heap
|
page read and write
|
||
|
1D817E70000
|
heap
|
page read and write
|
||
|
192D24E0000
|
heap
|
page read and write
|
||
|
2567BEB0000
|
heap
|
page read and write
|
||
|
2A8A64CE000
|
heap
|
page read and write
|
||
|
F5A70FF000
|
stack
|
page read and write
|
||
|
129230C0000
|
heap
|
page read and write
|
||
|
227AAEB0000
|
heap
|
page read and write
|
||
|
13136710000
|
heap
|
page read and write
|
||
|
50ACB7E000
|
stack
|
page read and write
|
||
|
A39447E000
|
stack
|
page read and write
|
||
|
29951FDD000
|
heap
|
page read and write
|
||
|
D59367E000
|
stack
|
page read and write
|
||
|
20E03210000
|
heap
|
page read and write
|
||
|
FD05A7E000
|
unkown
|
page read and write
|
||
|
25ACE555000
|
heap
|
page read and write
|
||
|
59A776C000
|
stack
|
page read and write
|
||
|
CBFB12C000
|
stack
|
page read and write
|
||
|
6F603FE000
|
stack
|
page read and write
|
||
|
205AB197000
|
heap
|
page read and write
|
||
|
235EDDC5000
|
heap
|
page read and write
|
||
|
7F1CEFC000
|
stack
|
page read and write
|
||
|
2A8A64B8000
|
heap
|
page read and write
|
||
|
E5D1D8F000
|
unkown
|
page read and write
|
||
|
26DADAC0000
|
heap
|
page read and write
|
||
|
25ACE348000
|
heap
|
page read and write
|
||
|
2439F180000
|
heap
|
page read and write
|
||
|
1DCC7350000
|
heap
|
page read and write
|
||
|
B22D7E000
|
stack
|
page read and write
|
||
|
B02C77E000
|
stack
|
page read and write
|
||
|
26FF5210000
|
heap
|
page read and write
|
||
|
26DAD907000
|
heap
|
page read and write
|
||
|
1E9B82E5000
|
heap
|
page read and write
|
||
|
1E9B81C0000
|
heap
|
page read and write
|
||
|
235EDA40000
|
heap
|
page read and write
|
||
|
483AB3C000
|
stack
|
page read and write
|
||
|
CD1CD5C000
|
stack
|
page read and write
|
||
|
B22CFE000
|
stack
|
page read and write
|
||
|
CA762FF000
|
stack
|
page read and write
|
||
|
494F5FF000
|
stack
|
page read and write
|
||
|
2439F110000
|
heap
|
page read and write
|
||
|
251C43D0000
|
heap
|
page read and write
|
||
|
1E4AE0C9000
|
heap
|
page read and write
|
||
|
D59334E000
|
unkown
|
page read and write
|
||
|
1E93A7E000
|
stack
|
page read and write
|
||
|
B229EF000
|
unkown
|
page read and write
|
||
|
1EAF3900000
|
heap
|
page read and write
|
||
|
235EDB20000
|
heap
|
page read and write
|
||
|
483ABBE000
|
unkown
|
page read and write
|
||
|
2DB1F825000
|
heap
|
page read and write
|
||
|
21749440000
|
heap
|
page read and write
|
||
|
1B36D1F9000
|
heap
|
page read and write
|
||
|
E7D46FF000
|
unkown
|
page read and write
|
||
|
23B64C30000
|
heap
|
page read and write
|
||
|
22E68C5D000
|
heap
|
page read and write
|
||
|
29951F00000
|
heap
|
page read and write
|
||
|
1FB78FC7000
|
heap
|
page read and write
|
||
|
59A77EF000
|
unkown
|
page read and write
|
||
|
CBFB1AE000
|
unkown
|
page read and write
|
||
|
205AB189000
|
heap
|
page read and write
|
||
|
FD05AFF000
|
stack
|
page read and write
|
||
|
1DCC7345000
|
heap
|
page read and write
|
||
|
C5249CF000
|
unkown
|
page read and write
|
||
|
214BE0C7000
|
heap
|
page read and write
|
||
|
202EC350000
|
heap
|
page read and write
|
||
|
202EC36E000
|
heap
|
page read and write
|
||
|
1DCC7310000
|
heap
|
page read and write
|
||
|
262A8F95000
|
heap
|
page read and write
|
||
|
6F602FF000
|
stack
|
page read and write
|
||
|
1EAF3747000
|
heap
|
page read and write
|
||
|
F5A707F000
|
unkown
|
page read and write
|
||
|
1FB791A0000
|
heap
|
page read and write
|
||
|
262A8D50000
|
heap
|
page read and write
|
||
|
26DAD8D0000
|
heap
|
page read and write
|
||
|
29951F10000
|
heap
|
page read and write
|
||
|
D2D1B8C000
|
stack
|
page read and write
|
||
|
2A8A64C4000
|
heap
|
page read and write
|
||
|
1C780160000
|
heap
|
page read and write
|
||
|
2DB1F59E000
|
heap
|
page read and write
|
||
|
2DB1F560000
|
heap
|
page read and write
|
||
|
262A8D59000
|
heap
|
page read and write
|
||
|
26DAD8F0000
|
heap
|
page read and write
|
||
|
24B5D5E0000
|
heap
|
page read and write
|
||
|
AF9327E000
|
stack
|
page read and write
|
||
|
AF92FFF000
|
stack
|
page read and write
|
||
|
22E68C54000
|
heap
|
page read and write
|
||
|
25ACE550000
|
heap
|
page read and write
|
||
|
235BB659000
|
heap
|
page read and write
|
||
|
459987E000
|
unkown
|
page read and write
|
||
|
A6C56FF000
|
stack
|
page read and write
|
||
|
1B36D1F0000
|
heap
|
page read and write
|
||
|
20E0327D000
|
heap
|
page read and write
|
||
|
20E03215000
|
heap
|
page read and write
|
||
|
C9AC59C000
|
stack
|
page read and write
|
||
|
F8A698E000
|
unkown
|
page read and write
|
||
|
1FB78FCD000
|
heap
|
page read and write
|
||
|
2A8A67E5000
|
heap
|
page read and write
|
||
|
7F1CFFF000
|
stack
|
page read and write
|
||
|
13136985000
|
heap
|
page read and write
|
||
|
B02C67C000
|
stack
|
page read and write
|
||
|
2174945E000
|
heap
|
page read and write
|
||
|
251C43C0000
|
heap
|
page read and write
|
||
|
B04FFE000
|
stack
|
page read and write
|
||
|
235EDA60000
|
heap
|
page read and write
|
||
|
235ED960000
|
heap
|
page read and write
|
||
|
1D817C30000
|
heap
|
page read and write
|
||
|
CD1CDDE000
|
unkown
|
page read and write
|
||
|
1D817B34000
|
heap
|
page read and write
|
||
|
1E4AE0DE000
|
heap
|
page read and write
|
||
|
CBFB57F000
|
stack
|
page read and write
|
||
|
251C441D000
|
heap
|
page read and write
|
||
|
214BDFC0000
|
heap
|
page read and write
|
||
|
24B5D30F000
|
heap
|
page read and write
|
||
|
26DAD890000
|
heap
|
page read and write
|
||
|
20E031E0000
|
heap
|
page read and write
|
||
|
F5A717E000
|
stack
|
page read and write
|
||
|
1FB79340000
|
heap
|
page read and write
|
||
|
B04EFF000
|
stack
|
page read and write
|
||
|
E7D477F000
|
stack
|
page read and write
|
||
|
DBF92DC000
|
stack
|
page read and write
|
||
|
227AAB70000
|
heap
|
page read and write
|
||
|
1E4AE0C0000
|
heap
|
page read and write
|
||
|
205AB110000
|
heap
|
page read and write
|
||
|
6F5FFBC000
|
stack
|
page read and write
|
||
|
205AB180000
|
heap
|
page read and write
|
||
|
202EC6C5000
|
heap
|
page read and write
|
||
|
CBFB47F000
|
stack
|
page read and write
|
||
|
26FF522D000
|
heap
|
page read and write
|
||
|
20E03277000
|
heap
|
page read and write
|
||
|
2DB1F59B000
|
heap
|
page read and write
|
||
|
E5D207F000
|
stack
|
page read and write
|
||
|
202EC2D0000
|
heap
|
page read and write
|
||
|
23B64D30000
|
heap
|
page read and write
|
||
|
1EAF3A30000
|
heap
|
page read and write
|
||
|
A6C53BC000
|
stack
|
page read and write
|
||
|
1DCC7320000
|
heap
|
page read and write
|
||
|
1E4AE0D7000
|
heap
|
page read and write
|
||
|
1EAF3A35000
|
heap
|
page read and write
|
||
|
B04F7E000
|
stack
|
page read and write
|
||
|
CA7627E000
|
unkown
|
page read and write
|
||
|
B04E7F000
|
unkown
|
page read and write
|
||
|
1C780140000
|
heap
|
page read and write
|
||
|
A3944FE000
|
stack
|
page read and write
|
||
|
59B567E000
|
stack
|
page read and write
|
||
|
2567BFB7000
|
heap
|
page read and write
|
||
|
CD1D07F000
|
stack
|
page read and write
|
||
|
1DCC73C7000
|
heap
|
page read and write
|
||
|
D5932CC000
|
stack
|
page read and write
|
||
|
E7D47FE000
|
stack
|
page read and write
|
||
|
1E4ADFC0000
|
heap
|
page read and write
|
||
|
1B36D510000
|
heap
|
page read and write
|
||
|
C52494C000
|
stack
|
page read and write
|
||
|
B22C7F000
|
stack
|
page read and write
|
||
|
23B64DD0000
|
heap
|
page read and write
|
||
|
E5D217E000
|
stack
|
page read and write
|
||
|
1C7802A0000
|
heap
|
page read and write
|
||
|
D2D1E7F000
|
unkown
|
page read and write
|
||
|
2567BFCD000
|
heap
|
page read and write
|
||
|
25ACE330000
|
heap
|
page read and write
|
||
|
811251F000
|
unkown
|
page read and write
|
||
|
D2D1EFF000
|
stack
|
page read and write
|
||
|
24B5D2A0000
|
heap
|
page read and write
|
||
|
1EAF3730000
|
heap
|
page read and write
|
||
|
494F1EC000
|
stack
|
page read and write
|
||
|
1DCC73CD000
|
heap
|
page read and write
|
||
|
25ACE1A0000
|
heap
|
page read and write
|
||
|
251C45D0000
|
heap
|
page read and write
|
||
|
C9AC87E000
|
unkown
|
page read and write
|
||
|
192D23D0000
|
heap
|
page read and write
|
||
|
2DB1F597000
|
heap
|
page read and write
|
||
|
B04B9C000
|
stack
|
page read and write
|
||
|
FD05BFE000
|
stack
|
page read and write
|
||
|
29951FCB000
|
heap
|
page read and write
|
||
|
E0001FE000
|
stack
|
page read and write
|
||
|
217496C5000
|
heap
|
page read and write
|
||
|
192D2605000
|
heap
|
page read and write
|
||
|
26FF51A0000
|
heap
|
page read and write
|
||
|
227AAEB5000
|
heap
|
page read and write
|
||
|
26FF5440000
|
heap
|
page read and write
|
||
|
50ACBFF000
|
stack
|
page read and write
|
||
|
C524CFE000
|
stack
|
page read and write
|
||
|
E00017F000
|
stack
|
page read and write
|
||
|
2DB1F820000
|
heap
|
page read and write
|
||
|
2A8A6450000
|
heap
|
page read and write
|
||
|
1E9387C000
|
stack
|
page read and write
|
||
|
2439F187000
|
heap
|
page read and write
|
||
|
1E4AE1E0000
|
heap
|
page read and write
|
||
|
1E9B7FF0000
|
heap
|
page read and write
|
||
|
2439F19E000
|
heap
|
page read and write
|
||
|
20E031C0000
|
heap
|
page read and write
|
||
|
1B36D1B0000
|
heap
|
page read and write
|
||
|
1E4AE0A0000
|
heap
|
page read and write
|
||
|
1B36D20F000
|
heap
|
page read and write
|
||
|
539B94E000
|
unkown
|
page read and write
|
||
|
E00007C000
|
stack
|
page read and write
|
||
|
59B533E000
|
unkown
|
page read and write
|
||
|
1E939FE000
|
stack
|
page read and write
|
||
|
1FB78FB9000
|
heap
|
page read and write
|
||
|
202EC2B0000
|
heap
|
page read and write
|
||
|
E00027E000
|
stack
|
page read and write
|
||
|
F8A690C000
|
stack
|
page read and write
|
||
|
12923220000
|
heap
|
page read and write
|
||
|
26DAD8D5000
|
heap
|
page read and write
|
||
|
2439F19C000
|
heap
|
page read and write
|
||
|
2DB1F580000
|
heap
|
page read and write
|
||
|
D2D1F7E000
|
stack
|
page read and write
|
||
|
811287E000
|
stack
|
page read and write
|
||
|
494F47E000
|
unkown
|
page read and write
|
||
|
2567BFB0000
|
heap
|
page read and write
|
||
|
1DCC7340000
|
heap
|
page read and write
|
||
|
539B8CC000
|
stack
|
page read and write
|
||
|
DBF96FE000
|
stack
|
page read and write
|
||
|
26DAD8A0000
|
heap
|
page read and write
|
||
|
1C780260000
|
heap
|
page read and write
|
||
|
192D25C0000
|
heap
|
page read and write
|
||
|
59A7B7E000
|
stack
|
page read and write
|
||
|
12923269000
|
heap
|
page read and write
|
||
|
214BE1B0000
|
heap
|
page read and write
|
||
|
20E030E0000
|
heap
|
page read and write
|
||
|
DBF93DE000
|
stack
|
page read and write
|
||
|
1EAF3738000
|
heap
|
page read and write
|
||
|
24B5D280000
|
heap
|
page read and write
|
||
|
1FB791C0000
|
heap
|
page read and write
|
||
|
CA7637E000
|
stack
|
page read and write
|
||
|
2439F140000
|
heap
|
page read and write
|
||
|
26FF5445000
|
heap
|
page read and write
|
||
|
214BE0CD000
|
heap
|
page read and write
|
||
|
6F4735C000
|
stack
|
page read and write
|
||
|
1D817D10000
|
heap
|
page read and write
|
||
|
6F4767F000
|
stack
|
page read and write
|
||
|
262A8F90000
|
heap
|
page read and write
|
||
|
F8A6D7E000
|
stack
|
page read and write
|
||
|
AF92F7F000
|
unkown
|
page read and write
|
||
|
1E9B82E0000
|
heap
|
page read and write
|
||
|
459997E000
|
stack
|
page read and write
|
||
|
22E68BD0000
|
heap
|
page read and write
|
||
|
483AF7E000
|
stack
|
page read and write
|
||
|
1EAF3920000
|
heap
|
page read and write
|
||
|
12923225000
|
heap
|
page read and write
|
||
|
2DB1F589000
|
heap
|
page read and write
|
||
|
B02C87E000
|
stack
|
page read and write
|
||
|
CD1D0FE000
|
stack
|
page read and write
|
||
|
1C780169000
|
heap
|
page read and write
|
||
|
DBF967E000
|
stack
|
page read and write
|
||
|
1E938FF000
|
unkown
|
page read and write
|
||
|
227AAC68000
|
heap
|
page read and write
|
||
|
6F6037E000
|
stack
|
page read and write
|
||
|
D5933CF000
|
stack
|
page read and write
|
||
|
251C4408000
|
heap
|
page read and write
|
||
|
2567C0B0000
|
heap
|
page read and write
|
||
|
F5A6DAC000
|
stack
|
page read and write
|
||
|
131366F9000
|
heap
|
page read and write
|
||
|
1E9B800D000
|
heap
|
page read and write
|
||
|
20E03260000
|
heap
|
page read and write
|
||
|
1D817D30000
|
heap
|
page read and write
|
||
|
1E9B81E0000
|
heap
|
page read and write
|
||
|
24B5D5E5000
|
heap
|
page read and write
|
||
|
E5D20FE000
|
stack
|
page read and write
|
||
|
23B64DEA000
|
heap
|
page read and write
|
||
|
205AB465000
|
heap
|
page read and write
|
||
|
192D25E0000
|
heap
|
page read and write
|
||
|
25ACE34E000
|
heap
|
page read and write
|
There are 436 hidden memdumps, click here to show them.