Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
|
C:\Program Files (x86)\Letasoft Sound Booster\ApoControl.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Letasoft Sound Booster\Filters\gain.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Letasoft Sound Booster\Filters\is-1AQ6S.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Letasoft Sound Booster\Filters\is-VDV7H.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Letasoft Sound Booster\Filters\limit.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Letasoft Sound Booster\Lang\SoundBoosterBR.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Letasoft Sound Booster\Lang\SoundBoosterRU.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Letasoft Sound Booster\Lang\TurboActivate.xml (copy)
|
XML 1.0 document, ASCII text, with very long lines (307), with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Letasoft Sound Booster\Lang\TurboActivateBR.xml (copy)
|
XML 1.0 document, Unicode text, UTF-8 text, with very long lines (362), with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Letasoft Sound Booster\Lang\TurboActivateRU.xml (copy)
|
XML 1.0 document, Unicode text, UTF-8 text, with very long lines (322), with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Letasoft Sound Booster\Lang\is-0B8RS.tmp
|
XML 1.0 document, Unicode text, UTF-8 text, with very long lines (322), with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Letasoft Sound Booster\Lang\is-3TFGO.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Letasoft Sound Booster\Lang\is-A00SO.tmp
|
XML 1.0 document, Unicode text, UTF-8 text, with very long lines (362), with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Letasoft Sound Booster\Lang\is-HCK3C.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Letasoft Sound Booster\Lang\is-Q7VFD.tmp
|
XML 1.0 document, ASCII text, with very long lines (307), with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Letasoft Sound Booster\Logger32.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Letasoft Sound Booster\Logger64.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Letasoft Sound Booster\SBH.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Letasoft Sound Booster\SBH64.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Letasoft Sound Booster\Sbapo.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Letasoft Sound Booster\SoundBooster.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterHelper.exe (copy)
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe (copy)
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe (copy)
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Letasoft Sound Booster\TurboActivate.dat (copy)
|
data
|
dropped
|
||
|
C:\Program Files (x86)\Letasoft Sound Booster\TurboActivate.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Letasoft Sound Booster\TurboActivate.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Letasoft Sound Booster\UltraActivate.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Letasoft Sound Booster\is-470JU.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Letasoft Sound Booster\is-4PLJA.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Letasoft Sound Booster\is-9OI0H.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Letasoft Sound Booster\is-EMCVK.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Letasoft Sound Booster\is-FO5GS.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Letasoft Sound Booster\is-GVBLF.tmp
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Letasoft Sound Booster\is-HJ5VT.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Letasoft Sound Booster\is-L5NEQ.tmp
|
data
|
dropped
|
||
|
C:\Program Files (x86)\Letasoft Sound Booster\is-M1S53.tmp
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Letasoft Sound Booster\is-P02PU.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Letasoft Sound Booster\is-Q41UV.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Letasoft Sound Booster\is-U6OVG.tmp
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Letasoft Sound Booster\is-UT7AG.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Letasoft Sound Booster\is-V5IV6.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Letasoft Sound Booster\is-VDVIU.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Letasoft Sound Booster\unins000.dat
|
InnoSetup Log Letasoft Sound Booster {6C6CF38B-11DD-45C6-A15E-A3A0C4CE60F8}, version 0x418, 19535 bytes, 965969\37\user\376,
C:\Program Files (x86)\Letasoft Sound Boos
|
dropped
|
||
|
C:\Program Files (x86)\Letasoft Sound Booster\unins000.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Program Files (x86)\Letasoft Sound Booster\unins000.msg
|
InnoSetup messages, version 5.5.3, 221 messages (UTF-16), &About Setup...
|
dropped
|
||
|
C:\ProgramData\DIBsection\20986331705021ca58edc424.96250074
|
data
|
dropped
|
||
|
C:\ProgramData\Letasoft\Sound Booster\Logs\Setup Log 2024-04-25 #001.txt.log
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Letasoft Sound Booster\Diagnostics Report Creator.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Archive, ctime=Thu Apr 25 18:29:30 2024, mtime=Thu Apr 25 18:29:30 2024, atime=Thu Apr 21 12:35:52 2022, length=203184,
window=hide
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Letasoft Sound Booster\Letasoft Sound Booster.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive,
ctime=Thu Apr 25 18:29:28 2024, mtime=Thu Apr 25 18:29:29 2024, atime=Thu Apr 21 12:35:32 2022, length=2809776, window=hide
|
dropped
|
||
|
C:\Users\Public\Desktop\Letasoft Sound Booster.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive,
ctime=Thu Apr 25 18:29:28 2024, mtime=Thu Apr 25 18:29:30 2024, atime=Thu Apr 21 12:35:32 2022, length=2809776, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Setup Log 2024-04-25 #001.txt
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-RARHB.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
\Device\ConDrv
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 46 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe
|
"C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe" -InstallAPO
|
 |
|
|
C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe
|
"C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterTaskHost.exe" -Activate
|
|
|
|
C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe"
|
||
|
C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp
|
"C:\Users\user\AppData\Local\Temp\is-VT15G.tmp\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.tmp" /SL5="$20446,6484768,412160,C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Pikabot.14696.3514.exe"
|
||
|
C:\Users\user\AppData\Local\Temp\is-RARHB.tmp\_isetup\_setup64.tmp
|
helper 105 0x544
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\regsvr32.exe
|
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Letasoft Sound Booster\Sbapo.dll"
|
||
|
C:\Windows\System32\regsvr32.exe
|
/s "C:\Program Files (x86)\Letasoft Sound Booster\Sbapo.dll"
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
|
||
|
C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe
|
"C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe" -install
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
|
There are 4 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.innosetup.com/
|
unknown
|
||
|
http://html4/loose.dtd
|
unknown
|
||
|
https://wyday.com/limelm/help/faq/#fix-broken-wmi
|
unknown
|
||
|
http://crl.certum.pl/ctsca2021.crl0o
|
unknown
|
||
|
http://repository.certum.pl/ctnca.cer09
|
unknown
|
||
|
https://wyday.com/limelm/api/rest/httpsSignature
|
unknown
|
||
|
https://wyday.com/limelm/buy-redirect/%u/admin
|
unknown
|
||
|
http://crl.certum.pl/ctnca.crl0k
|
unknown
|
||
|
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
|
unknown
|
||
|
https://www.letasoft.com
|
unknown
|
||
|
http://ccsca2021.crl.certum.pl/ccsca2021.crl0s
|
unknown
|
||
|
https://www.letasoft.com0
|
unknown
|
||
|
https://www.letasoft.com)
|
unknown
|
||
|
https://www.letasoft.com0https://www.letasoft.com0https://www.letasoft.com
|
unknown
|
||
|
https://curl.se/docs/alt-svc.html
|
unknown
|
||
|
https://www.certum.pl/CPS0
|
unknown
|
||
|
http://.css
|
unknown
|
||
|
http://wyday.com/limelm/api/rest/
|
unknown
|
||
|
https://wyday.com/limelm/help/faq/#fix-broken-wmivalTranslationtitlestartstitlepluralstitlesingleact
|
unknown
|
||
|
http://repository.certum.pl/ccsca2021.cer0
|
unknown
|
||
|
https://sectigo.com/CPS0U
|
unknown
|
||
|
https://www.letasoft.comq
|
unknown
|
||
|
http://www.dk-soft.org/
|
unknown
|
||
|
https://curl.se/docs/alt-svc.html#
|
unknown
|
||
|
https://www.letasoft.com/ru/help/#b1
|
unknown
|
||
|
https://www.letasoft.com/ru/help/#b5
|
unknown
|
||
|
http://repository.certum.pl/ctsca2021.cer0
|
unknown
|
||
|
http://subca.ocsp-certum.com05
|
unknown
|
||
|
http://subca.ocsp-certum.com02
|
unknown
|
||
|
http://subca.ocsp-certum.com01
|
unknown
|
||
|
http://www.letasoft.com
|
unknown
|
||
|
http://crl.certum.pl/ctnca2.crl0l
|
unknown
|
||
|
http://repository.certum.pl/ctnca2.cer09
|
unknown
|
||
|
https://www.letasoft.com/help/#b5
|
unknown
|
||
|
https://secure.comodo.com/CPS0L
|
unknown
|
||
|
http://ccsca2021.ocsp-certum.com05
|
unknown
|
||
|
https://www.letasoft.com/help/#b1
|
unknown
|
||
|
http://www.remobjects.com/ps
|
unknown
|
||
|
http://.jpg
|
unknown
|
||
|
http://www.certum.pl/CPS0
|
unknown
|
||
|
https://wyday.com/limelm/api/rest/
|
unknown
|
There are 31 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Letasoft\Sound Booster
|
LangGUI
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Letasoft\Sound Booster\Options
|
SoundLevel
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Letasoft\Sound Booster\Options
|
BoostIsEnabled
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Letasoft\Sound Booster\Options
|
BoostMethod
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Letasoft\Sound Booster
|
LangGUI
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6C6CF38B-11DD-45C6-A15E-A3A0C4CE60F8}_is1
|
Inno Setup: Setup Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6C6CF38B-11DD-45C6-A15E-A3A0C4CE60F8}_is1
|
Inno Setup: App Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6C6CF38B-11DD-45C6-A15E-A3A0C4CE60F8}_is1
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6C6CF38B-11DD-45C6-A15E-A3A0C4CE60F8}_is1
|
Inno Setup: Icon Group
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6C6CF38B-11DD-45C6-A15E-A3A0C4CE60F8}_is1
|
Inno Setup: User
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6C6CF38B-11DD-45C6-A15E-A3A0C4CE60F8}_is1
|
Inno Setup: Selected Tasks
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6C6CF38B-11DD-45C6-A15E-A3A0C4CE60F8}_is1
|
Inno Setup: Deselected Tasks
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6C6CF38B-11DD-45C6-A15E-A3A0C4CE60F8}_is1
|
Inno Setup: Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6C6CF38B-11DD-45C6-A15E-A3A0C4CE60F8}_is1
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6C6CF38B-11DD-45C6-A15E-A3A0C4CE60F8}_is1
|
DisplayIcon
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6C6CF38B-11DD-45C6-A15E-A3A0C4CE60F8}_is1
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6C6CF38B-11DD-45C6-A15E-A3A0C4CE60F8}_is1
|
QuietUninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6C6CF38B-11DD-45C6-A15E-A3A0C4CE60F8}_is1
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6C6CF38B-11DD-45C6-A15E-A3A0C4CE60F8}_is1
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6C6CF38B-11DD-45C6-A15E-A3A0C4CE60F8}_is1
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6C6CF38B-11DD-45C6-A15E-A3A0C4CE60F8}_is1
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6C6CF38B-11DD-45C6-A15E-A3A0C4CE60F8}_is1
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6C6CF38B-11DD-45C6-A15E-A3A0C4CE60F8}_is1
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6C6CF38B-11DD-45C6-A15E-A3A0C4CE60F8}_is1
|
NoRepair
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6C6CF38B-11DD-45C6-A15E-A3A0C4CE60F8}_is1
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6C6CF38B-11DD-45C6-A15E-A3A0C4CE60F8}_is1
|
MajorVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6C6CF38B-11DD-45C6-A15E-A3A0C4CE60F8}_is1
|
MinorVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6C6CF38B-11DD-45C6-A15E-A3A0C4CE60F8}_is1
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6C6CF38B-11DD-45C6-A15E-A3A0C4CE60F8}_is1
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6C6CF38B-11DD-45C6-A15E-A3A0C4CE60F8}_is1
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
|
PendingFileRenameOperations
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Letasoft\Sound Booster\Sbapo\OldAPOs\{b16d7de9-ad2d-4468-818b-cabf46cb5c48}
|
{d04e05a6-594b-4fb6-a80d-01af5eed7d1d},1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Letasoft\Sound Booster\Sbapo\OldAPOs\{b16d7de9-ad2d-4468-818b-cabf46cb5c48}
|
{d04e05a6-594b-4fb6-a80d-01af5eed7d1d},2
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Letasoft\Sound Booster\Sbapo\OldAPOs\{b16d7de9-ad2d-4468-818b-cabf46cb5c48}
|
{d04e05a6-594b-4fb6-a80d-01af5eed7d1d},5
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Letasoft\Sound Booster\Sbapo\OldAPOs\{b16d7de9-ad2d-4468-818b-cabf46cb5c48}
|
{d04e05a6-594b-4fb6-a80d-01af5eed7d1d},6
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Letasoft\Sound Booster\Sbapo\OldAPOs\{b16d7de9-ad2d-4468-818b-cabf46cb5c48}
|
{d04e05a6-594b-4fb6-a80d-01af5eed7d1d},7
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Letasoft\Sound Booster\Sbapo\OldAPOs\{b16d7de9-ad2d-4468-818b-cabf46cb5c48}
|
{d04e05a6-594b-4fb6-a80d-01af5eed7d1d},13
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Letasoft\Sound Booster\Sbapo\OldAPOs\{b16d7de9-ad2d-4468-818b-cabf46cb5c48}
|
{d04e05a6-594b-4fb6-a80d-01af5eed7d1d},14
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Letasoft\Sound Booster\Sbapo\OldAPOs\{b16d7de9-ad2d-4468-818b-cabf46cb5c48}
|
{d04e05a6-594b-4fb6-a80d-01af5eed7d1d},15
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Letasoft\Sound Booster\Sbapo\OldAPOs\{b16d7de9-ad2d-4468-818b-cabf46cb5c48}
|
{d3993a3f-99c2-4402-b5ec-a92a0367664b},5
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Letasoft\Sound Booster\Sbapo\OldAPOs\{b16d7de9-ad2d-4468-818b-cabf46cb5c48}
|
{d3993a3f-99c2-4402-b5ec-a92a0367664b},6
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Letasoft\Sound Booster\Sbapo\OldAPOs\{b16d7de9-ad2d-4468-818b-cabf46cb5c48}
|
{d3993a3f-99c2-4402-b5ec-a92a0367664b},7
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{b16d7de9-ad2d-4468-818b-cabf46cb5c48}\FxProperties
|
{d04e05a6-594b-4fb6-a80d-01af5eed7d1d},7
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{b16d7de9-ad2d-4468-818b-cabf46cb5c48}\FxProperties
|
{d3993a3f-99c2-4402-b5ec-a92a0367664b},7
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{b16d7de9-ad2d-4468-818b-cabf46cb5c48}\FxProperties
|
{1da5d803-d492-4edd-8c23-e0c0ffee7f0e},5
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Audio
|
DisableProtectedAudioDG
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{BABAE75F-A7AA-4A13-B1F7-BB2716FD003E}
|
FriendlyName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{BABAE75F-A7AA-4A13-B1F7-BB2716FD003E}
|
Copyright
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{BABAE75F-A7AA-4A13-B1F7-BB2716FD003E}
|
MajorVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{BABAE75F-A7AA-4A13-B1F7-BB2716FD003E}
|
MinorVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{BABAE75F-A7AA-4A13-B1F7-BB2716FD003E}
|
Flags
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{BABAE75F-A7AA-4A13-B1F7-BB2716FD003E}
|
MinInputConnections
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{BABAE75F-A7AA-4A13-B1F7-BB2716FD003E}
|
MaxInputConnections
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{BABAE75F-A7AA-4A13-B1F7-BB2716FD003E}
|
MinOutputConnections
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{BABAE75F-A7AA-4A13-B1F7-BB2716FD003E}
|
MaxOutputConnections
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{BABAE75F-A7AA-4A13-B1F7-BB2716FD003E}
|
MaxInstances
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{BABAE75F-A7AA-4A13-B1F7-BB2716FD003E}
|
NumAPOInterfaces
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{BABAE75F-A7AA-4A13-B1F7-BB2716FD003E}
|
APOInterface0
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BABAE75F-A7AA-4A13-B1F7-BB2716FD003E}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BABAE75F-A7AA-4A13-B1F7-BB2716FD003E}\InprocServer32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BABAE75F-A7AA-4A13-B1F7-BB2716FD003E}\InprocServer32
|
ThreadingModel
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{b16d7de9-ad2d-4468-818b-cabf46cb5c48}\Properties
|
{6737016f-5360-48ee-af05-e616c8ff27a7},2
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{b16d7de9-ad2d-4468-818b-cabf46cb5c48}\Properties
|
{fd8a7b27-0b18-4025-ab1c-bdd6b32e1604},2
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{b16d7de9-ad2d-4468-818b-cabf46cb5c48}\Properties
|
{913bc9a7-624b-4a30-96ac-5064a9fc6589},2
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{b16d7de9-ad2d-4468-818b-cabf46cb5c48}\Properties
|
{a45429a4-aa63-4480-b7f8-3f2552daee93},2
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{b16d7de9-ad2d-4468-818b-cabf46cb5c48}\Properties
|
{a45429a4-aa63-4480-b7f8-3f2552daee93},3
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{b16d7de9-ad2d-4468-818b-cabf46cb5c48}\Properties
|
{a45429a4-aa63-4480-b7f8-3f2552daee93},4
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{b16d7de9-ad2d-4468-818b-cabf46cb5c48}\Properties
|
{a45429a4-aa63-4480-b7f8-3f2552daee93},5
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{b16d7de9-ad2d-4468-818b-cabf46cb5c48}\Properties
|
{a45429a4-aa63-4480-b7f8-3f2552daee93},6
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{b16d7de9-ad2d-4468-818b-cabf46cb5c48}\Properties
|
{1e94c58f-3e40-4ddb-b10c-a86d8b870a31},2
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture\{b0466680-ab6a-404f-b5dd-26026d05946c}\Properties
|
{3f777207-7e55-4a2a-8a26-39e31d49bdc1},0
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{b16d7de9-ad2d-4468-818b-cabf46cb5c48}\Properties
|
{6737016f-5360-48ee-af05-e616c8ff27a7},2
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{b16d7de9-ad2d-4468-818b-cabf46cb5c48}\Properties
|
{fd8a7b27-0b18-4025-ab1c-bdd6b32e1604},2
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{b16d7de9-ad2d-4468-818b-cabf46cb5c48}\Properties
|
{908dba32-edff-4c28-8e45-c918561f6748},2
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{b16d7de9-ad2d-4468-818b-cabf46cb5c48}\Properties
|
{913bc9a7-624b-4a30-96ac-5064a9fc6589},2
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{b16d7de9-ad2d-4468-818b-cabf46cb5c48}\Properties
|
{a45429a4-aa63-4480-b7f8-3f2552daee93},3
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{b16d7de9-ad2d-4468-818b-cabf46cb5c48}\Properties
|
{a45429a4-aa63-4480-b7f8-3f2552daee93},4
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{b16d7de9-ad2d-4468-818b-cabf46cb5c48}\Properties
|
{a45429a4-aa63-4480-b7f8-3f2552daee93},5
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{b16d7de9-ad2d-4468-818b-cabf46cb5c48}\Properties
|
{a45429a4-aa63-4480-b7f8-3f2552daee93},6
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{b16d7de9-ad2d-4468-818b-cabf46cb5c48}\Properties
|
{1e94c58f-3e40-4ddb-b10c-a86d8b870a31},2
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{b16d7de9-ad2d-4468-818b-cabf46cb5c48}\Properties
|
{1e94c58f-3e40-4ddb-b10c-a86d8b870a31},2
|
There are 71 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2303000
|
direct allocation
|
page read and write
|
||
|
27A0000
|
heap
|
page read and write
|
||
|
21E4000
|
direct allocation
|
page read and write
|
||
|
830000
|
heap
|
page read and write
|
||
|
FF0DBFE000
|
stack
|
page read and write
|
||
|
228D000
|
direct allocation
|
page read and write
|
||
|
117E000
|
stack
|
page read and write
|
||
|
23D0000
|
heap
|
page read and write
|
||
|
9C18EFE000
|
unkown
|
page readonly
|
||
|
2224000
|
direct allocation
|
page read and write
|
||
|
38DF000
|
stack
|
page read and write
|
||
|
1CE33650000
|
heap
|
page read and write
|
||
|
FF0D77D000
|
stack
|
page read and write
|
||
|
3ADF000
|
direct allocation
|
page read and write
|
||
|
502000
|
unkown
|
page read and write
|
||
|
BE1000
|
unkown
|
page execute read
|
||
|
267B7260000
|
heap
|
page read and write
|
||
|
22ED000
|
direct allocation
|
page read and write
|
||
|
490000
|
heap
|
page read and write
|
||
|
799000
|
heap
|
page read and write
|
||
|
29EE000
|
stack
|
page read and write
|
||
|
FF0D4FE000
|
stack
|
page read and write
|
||
|
2311000
|
direct allocation
|
page read and write
|
||
|
267B79B0000
|
trusted library allocation
|
page read and write
|
||
|
5CE000
|
stack
|
page read and write
|
||
|
FF0DEFE000
|
stack
|
page read and write
|
||
|
24BF000
|
stack
|
page read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
6C492000
|
unkown
|
page readonly
|
||
|
230A000
|
direct allocation
|
page read and write
|
||
|
224A000
|
direct allocation
|
page read and write
|
||
|
22B1000
|
direct allocation
|
page read and write
|
||
|
67E4000
|
direct allocation
|
page read and write
|
||
|
6098000
|
direct allocation
|
page read and write
|
||
|
9C1827B000
|
stack
|
page read and write
|
||
|
C03000
|
unkown
|
page readonly
|
||
|
23F0000
|
heap
|
page read and write
|
||
|
FF0D7FE000
|
stack
|
page readonly
|
||
|
6B5000
|
heap
|
page read and write
|
||
|
7C7000
|
heap
|
page read and write
|
||
|
22F4000
|
direct allocation
|
page read and write
|
||
|
220D000
|
direct allocation
|
page read and write
|
||
|
274E000
|
stack
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
140000000
|
unkown
|
page readonly
|
||
|
690000
|
heap
|
page read and write
|
||
|
7A1000
|
heap
|
page read and write
|
||
|
9DF000
|
stack
|
page read and write
|
||
|
2530000
|
heap
|
page read and write
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
609A000
|
direct allocation
|
page read and write
|
||
|
229D000
|
direct allocation
|
page read and write
|
||
|
3AE8000
|
direct allocation
|
page read and write
|
||
|
840000
|
heap
|
page read and write
|
||
|
446000
|
unkown
|
page readonly
|
||
|
A3F000
|
stack
|
page read and write
|
||
|
506000
|
unkown
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
442000
|
unkown
|
page read and write
|
||
|
678000
|
heap
|
page read and write
|
||
|
7E8000
|
heap
|
page read and write
|
||
|
21DC000
|
direct allocation
|
page read and write
|
||
|
513000
|
unkown
|
page readonly
|
||
|
22C2000
|
direct allocation
|
page read and write
|
||
|
93F000
|
stack
|
page read and write
|
||
|
2240000
|
direct allocation
|
page read and write
|
||
|
47B000
|
stack
|
page read and write
|
||
|
2210000
|
direct allocation
|
page read and write
|
||
|
2BD0000
|
heap
|
page read and write
|
||
|
22DF000
|
direct allocation
|
page read and write
|
||
|
22D8000
|
direct allocation
|
page read and write
|
||
|
2199000
|
direct allocation
|
page read and write
|
||
|
340E000
|
stack
|
page read and write
|
||
|
2247000
|
direct allocation
|
page read and write
|
||
|
2200000
|
direct allocation
|
page read and write
|
||
|
798000
|
heap
|
page read and write
|
||
|
227F000
|
direct allocation
|
page read and write
|
||
|
267B727C000
|
heap
|
page read and write
|
||
|
412000
|
unkown
|
page write copy
|
||
|
350F000
|
stack
|
page read and write
|
||
|
6C4E6000
|
unkown
|
page read and write
|
||
|
22FE000
|
stack
|
page read and write
|
||
|
7E7000
|
heap
|
page read and write
|
||
|
267B7247000
|
heap
|
page read and write
|
||
|
6070000
|
direct allocation
|
page read and write
|
||
|
BE1000
|
unkown
|
page execute read
|
||
|
C12000
|
unkown
|
page readonly
|
||
|
499000
|
heap
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
2269000
|
direct allocation
|
page read and write
|
||
|
96E000
|
stack
|
page read and write
|
||
|
561000
|
unkown
|
page readonly
|
||
|
36A0000
|
direct allocation
|
page read and write
|
||
|
1230000
|
heap
|
page read and write
|
||
|
1263000
|
heap
|
page read and write
|
||
|
502000
|
unkown
|
page write copy
|
||
|
6C3E1000
|
unkown
|
page execute read
|
||
|
50D000
|
unkown
|
page write copy
|
||
|
2273000
|
direct allocation
|
page read and write
|
||
|
21C7000
|
direct allocation
|
page read and write
|
||
|
355E000
|
stack
|
page read and write
|
||
|
2C50000
|
heap
|
page read and write
|
||
|
140001000
|
unkown
|
page execute read
|
||
|
444000
|
unkown
|
page readonly
|
||
|
2292000
|
direct allocation
|
page read and write
|
||
|
2294000
|
direct allocation
|
page read and write
|
||
|
222B000
|
direct allocation
|
page read and write
|
||
|
725000
|
heap
|
page read and write
|
||
|
267B7950000
|
trusted library allocation
|
page read and write
|
||
|
31F0000
|
direct allocation
|
page read and write
|
||
|
267B7247000
|
heap
|
page read and write
|
||
|
3ABC000
|
direct allocation
|
page read and write
|
||
|
FF0DFFE000
|
unkown
|
page readonly
|
||
|
775000
|
heap
|
page read and write
|
||
|
267B7302000
|
heap
|
page read and write
|
||
|
93000
|
stack
|
page read and write
|
||
|
123A000
|
heap
|
page read and write
|
||
|
C12000
|
unkown
|
page readonly
|
||
|
729000
|
heap
|
page read and write
|
||
|
6C3E0000
|
unkown
|
page readonly
|
||
|
2270000
|
direct allocation
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
140025000
|
unkown
|
page readonly
|
||
|
785000
|
heap
|
page read and write
|
||
|
417000
|
unkown
|
page read and write
|
||
|
6085000
|
direct allocation
|
page read and write
|
||
|
23E0000
|
direct allocation
|
page read and write
|
||
|
228B000
|
direct allocation
|
page read and write
|
||
|
779000
|
heap
|
page read and write
|
||
|
2251000
|
direct allocation
|
page read and write
|
||
|
412000
|
unkown
|
page read and write
|
||
|
6078000
|
direct allocation
|
page read and write
|
||
|
3AFA000
|
direct allocation
|
page read and write
|
||
|
7B8000
|
heap
|
page read and write
|
||
|
14D000
|
stack
|
page read and write
|
||
|
2282000
|
direct allocation
|
page read and write
|
||
|
761000
|
heap
|
page read and write
|
||
|
6C4E8000
|
unkown
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
438000
|
unkown
|
page readonly
|
||
|
6C4E4000
|
unkown
|
page write copy
|
||
|
2286000
|
direct allocation
|
page read and write
|
||
|
BDE000
|
stack
|
page read and write
|
||
|
607D000
|
direct allocation
|
page read and write
|
||
|
7AC000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
870000
|
heap
|
page read and write
|
||
|
3AF2000
|
direct allocation
|
page read and write
|
||
|
229C000
|
direct allocation
|
page read and write
|
||
|
22AA000
|
direct allocation
|
page read and write
|
||
|
76D000
|
heap
|
page read and write
|
||
|
140000000
|
unkown
|
page readonly
|
||
|
C03000
|
unkown
|
page readonly
|
||
|
180000
|
heap
|
page read and write
|
||
|
1CE33600000
|
heap
|
page read and write
|
||
|
21EB000
|
direct allocation
|
page read and write
|
||
|
21F0000
|
direct allocation
|
page read and write
|
||
|
207F000
|
stack
|
page read and write
|
||
|
3B0C000
|
direct allocation
|
page read and write
|
||
|
221E000
|
direct allocation
|
page read and write
|
||
|
46B000
|
unkown
|
page readonly
|
||
|
747000
|
heap
|
page read and write
|
||
|
BE0000
|
unkown
|
page readonly
|
||
|
31F0000
|
direct allocation
|
page read and write
|
||
|
628000
|
heap
|
page read and write
|
||
|
21CE000
|
direct allocation
|
page read and write
|
||
|
22C9000
|
direct allocation
|
page read and write
|
||
|
7C3000
|
heap
|
page read and write
|
||
|
190000
|
heap
|
page read and write
|
||
|
FF0DCFE000
|
unkown
|
page readonly
|
||
|
3AD7000
|
direct allocation
|
page read and write
|
||
|
365F000
|
stack
|
page read and write
|
||
|
FF0D5FE000
|
unkown
|
page readonly
|
||
|
FF0E07C000
|
stack
|
page read and write
|
||
|
21B1000
|
direct allocation
|
page read and write
|
||
|
4FB000
|
stack
|
page read and write
|
||
|
FF0D9FE000
|
stack
|
page read and write
|
||
|
113E000
|
stack
|
page read and write
|
||
|
50D000
|
unkown
|
page read and write
|
||
|
267B722B000
|
heap
|
page read and write
|
||
|
21E0000
|
direct allocation
|
page read and write
|
||
|
794000
|
heap
|
page read and write
|
||
|
6C4DF000
|
unkown
|
page read and write
|
||
|
775000
|
heap
|
page read and write
|
||
|
500000
|
unkown
|
page execute read
|
||
|
267B7213000
|
heap
|
page read and write
|
||
|
91F000
|
stack
|
page read and write
|
||
|
2B4F000
|
stack
|
page read and write
|
||
|
BAE000
|
stack
|
page read and write
|
||
|
FF0DD79000
|
stack
|
page read and write
|
||
|
370000
|
heap
|
page read and write
|
||
|
2B2B000
|
stack
|
page read and write
|
||
|
792000
|
heap
|
page read and write
|
||
|
6C4E0000
|
unkown
|
page write copy
|
||
|
7A6000
|
heap
|
page read and write
|
||
|
783000
|
heap
|
page read and write
|
||
|
7DA000
|
heap
|
page read and write
|
||
|
8DF000
|
stack
|
page read and write
|
||
|
67F9000
|
direct allocation
|
page read and write
|
||
|
22B8000
|
direct allocation
|
page read and write
|
||
|
170000
|
heap
|
page read and write
|
||
|
444000
|
unkown
|
page readonly
|
||
|
5CE000
|
stack
|
page read and write
|
||
|
3B19000
|
direct allocation
|
page read and write
|
||
|
FF0D6FE000
|
unkown
|
page readonly
|
||
|
2340000
|
heap
|
page read and write
|
||
|
978000
|
heap
|
page read and write
|
||
|
2300000
|
heap
|
page read and write
|
||
|
1CE33622000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
3B20000
|
direct allocation
|
page read and write
|
||
|
C0E000
|
unkown
|
page write copy
|
||
|
22FC000
|
direct allocation
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
7E5000
|
heap
|
page read and write
|
||
|
2226000
|
direct allocation
|
page read and write
|
||
|
BE1000
|
unkown
|
page execute read
|
||
|
64ED000
|
direct allocation
|
page read and write
|
||
|
660000
|
heap
|
page read and write
|
||
|
9C18DFE000
|
stack
|
page read and write
|
||
|
C10000
|
unkown
|
page readonly
|
||
|
764000
|
heap
|
page read and write
|
||
|
23F3000
|
heap
|
page read and write
|
||
|
22BB000
|
direct allocation
|
page read and write
|
||
|
23E0000
|
direct allocation
|
page read and write
|
||
|
20EF000
|
stack
|
page read and write
|
||
|
369E000
|
stack
|
page read and write
|
||
|
21C0000
|
direct allocation
|
page read and write
|
||
|
123E000
|
heap
|
page read and write
|
||
|
D4C000
|
stack
|
page read and write
|
||
|
267B72BD000
|
heap
|
page read and write
|
||
|
7FE39000
|
direct allocation
|
page read and write
|
||
|
C10000
|
unkown
|
page readonly
|
||
|
2AEF000
|
stack
|
page read and write
|
||
|
1D0000
|
heap
|
page read and write
|
||
|
7BC000
|
heap
|
page read and write
|
||
|
5AC000
|
stack
|
page read and write
|
||
|
267B71E0000
|
heap
|
page read and write
|
||
|
FF0DDFE000
|
unkown
|
page readonly
|
||
|
480000
|
heap
|
page read and write
|
||
|
FF0CF0B000
|
stack
|
page read and write
|
||
|
FF0DAFE000
|
unkown
|
page readonly
|
||
|
C0E000
|
unkown
|
page write copy
|
||
|
770000
|
heap
|
page read and write
|
||
|
2207000
|
direct allocation
|
page read and write
|
||
|
3FD000
|
stack
|
page read and write
|
||
|
7D2000
|
heap
|
page read and write
|
||
|
566000
|
unkown
|
page readonly
|
||
|
16C0000
|
heap
|
page read and write
|
||
|
21D5000
|
direct allocation
|
page read and write
|
||
|
2350000
|
direct allocation
|
page execute and read and write
|
||
|
1CE334C0000
|
heap
|
page read and write
|
||
|
BE0000
|
unkown
|
page readonly
|
||
|
400000
|
unkown
|
page readonly
|
||
|
10B000
|
stack
|
page read and write
|
||
|
41C000
|
unkown
|
page readonly
|
||
|
29CF000
|
stack
|
page read and write
|
||
|
B6E000
|
stack
|
page read and write
|
||
|
3B28000
|
direct allocation
|
page read and write
|
||
|
2A10000
|
heap
|
page read and write
|
||
|
6FE000
|
stack
|
page read and write
|
||
|
140025000
|
unkown
|
page readonly
|
||
|
75A000
|
heap
|
page read and write
|
||
|
298E000
|
stack
|
page read and write
|
||
|
421000
|
unkown
|
page execute read
|
||
|
BE1000
|
unkown
|
page execute read
|
||
|
56B000
|
stack
|
page read and write
|
||
|
C10000
|
unkown
|
page readonly
|
||
|
1CE33E02000
|
trusted library allocation
|
page read and write
|
||
|
C0E000
|
unkown
|
page read and write
|
||
|
1CE335A0000
|
heap
|
page read and write
|
||
|
140001000
|
unkown
|
page execute read
|
||
|
BE0000
|
unkown
|
page readonly
|
||
|
7E7000
|
heap
|
page read and write
|
||
|
2232000
|
direct allocation
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
50A000
|
unkown
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
2A1A000
|
heap
|
page read and write
|
||
|
769000
|
heap
|
page read and write
|
||
|
6C4E3000
|
unkown
|
page read and write
|
||
|
267B71F0000
|
heap
|
page read and write
|
||
|
7BA000
|
heap
|
page read and write
|
||
|
9C186FE000
|
unkown
|
page readonly
|
||
|
7CD000
|
heap
|
page read and write
|
||
|
6FB000
|
stack
|
page read and write
|
||
|
255D000
|
direct allocation
|
page read and write
|
||
|
2C2D000
|
stack
|
page read and write
|
||
|
1CE33613000
|
heap
|
page read and write
|
||
|
267B724F000
|
heap
|
page read and write
|
||
|
6C4E9000
|
unkown
|
page readonly
|
||
|
21B8000
|
direct allocation
|
page read and write
|
||
|
9C187FE000
|
stack
|
page read and write
|
||
|
1CE33702000
|
heap
|
page read and write
|
||
|
FF0D87A000
|
stack
|
page read and write
|
||
|
7FE35000
|
direct allocation
|
page read and write
|
||
|
420000
|
unkown
|
page readonly
|
||
|
22A3000
|
direct allocation
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
22E6000
|
direct allocation
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
1CE000
|
stack
|
page read and write
|
||
|
125C000
|
heap
|
page read and write
|
||
|
267B724F000
|
heap
|
page read and write
|
||
|
68E000
|
heap
|
page read and write
|
||
|
5E6000
|
heap
|
page read and write
|
||
|
C0E000
|
unkown
|
page read and write
|
||
|
76B000
|
heap
|
page read and write
|
||
|
2217000
|
direct allocation
|
page read and write
|
||
|
2261000
|
direct allocation
|
page read and write
|
||
|
C10000
|
unkown
|
page readonly
|
||
|
1CE335D0000
|
trusted library allocation
|
page read and write
|
||
|
1F8F000
|
stack
|
page read and write
|
||
|
68D000
|
heap
|
page read and write
|
||
|
420000
|
unkown
|
page readonly
|
||
|
1CE33602000
|
heap
|
page read and write
|
||
|
267B71C0000
|
heap
|
page read and write
|
||
|
3BE000
|
stack
|
page read and write
|
||
|
438000
|
unkown
|
page readonly
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
22A5000
|
direct allocation
|
page read and write
|
||
|
2214000
|
direct allocation
|
page read and write
|
||
|
2559000
|
direct allocation
|
page read and write
|
||
|
C12000
|
unkown
|
page readonly
|
||
|
1CE334A0000
|
heap
|
page read and write
|
||
|
11B0000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
6080000
|
direct allocation
|
page read and write
|
||
|
875000
|
heap
|
page read and write
|
||
|
67E1000
|
direct allocation
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
21F2000
|
direct allocation
|
page read and write
|
||
|
FF0E3FE000
|
unkown
|
page readonly
|
||
|
2205000
|
direct allocation
|
page read and write
|
||
|
7AA000
|
heap
|
page read and write
|
||
|
810000
|
heap
|
page read and write
|
||
|
284F000
|
stack
|
page read and write
|
||
|
1FF0000
|
heap
|
page read and write
|
||
|
267B729A000
|
heap
|
page read and write
|
||
|
14FF000
|
stack
|
page read and write
|
||
|
75F000
|
stack
|
page read and write
|
||
|
C12000
|
unkown
|
page readonly
|
||
|
267B7247000
|
heap
|
page read and write
|
||
|
267B7200000
|
heap
|
page read and write
|
||
|
10FB000
|
stack
|
page read and write
|
||
|
FF0E37A000
|
stack
|
page read and write
|
||
|
2318000
|
direct allocation
|
page read and write
|
||
|
67DD000
|
direct allocation
|
page read and write
|
||
|
29F0000
|
trusted library allocation
|
page read and write
|
||
|
267B7240000
|
heap
|
page read and write
|
||
|
C03000
|
unkown
|
page readonly
|
||
|
446000
|
unkown
|
page readonly
|
||
|
7E8000
|
heap
|
page read and write
|
||
|
9C188FE000
|
unkown
|
page readonly
|
||
|
21FE000
|
direct allocation
|
page read and write
|
||
|
1CE33656000
|
heap
|
page read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
7A1000
|
heap
|
page read and write
|
||
|
77D000
|
heap
|
page read and write
|
||
|
140002000
|
unkown
|
page readonly
|
||
|
421000
|
unkown
|
page execute read
|
||
|
48B000
|
heap
|
page read and write
|
||
|
65F000
|
heap
|
page read and write
|
||
|
470000
|
heap
|
page read and write
|
||
|
8E0000
|
heap
|
page read and write
|
||
|
2239000
|
direct allocation
|
page read and write
|
||
|
3B0A000
|
direct allocation
|
page read and write
|
||
|
32D0000
|
heap
|
page read and write
|
||
|
31F0000
|
heap
|
page read and write
|
||
|
7D8000
|
heap
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
C03000
|
unkown
|
page readonly
|
||
|
9C185FD000
|
stack
|
page read and write
|
||
|
267B7960000
|
trusted library allocation
|
page read and write
|
||
|
FF0E0FE000
|
unkown
|
page readonly
|
||
|
30B000
|
stack
|
page read and write
|
||
|
FF0D67E000
|
stack
|
page read and write
|
||
|
79E000
|
heap
|
page read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
7FCE0000
|
direct allocation
|
page read and write
|
||
|
1A0000
|
heap
|
page read and write
|
||
|
1CE3362B000
|
heap
|
page read and write
|
||
|
267B7A02000
|
trusted library allocation
|
page read and write
|
||
|
419000
|
unkown
|
page write copy
|
||
|
22AC000
|
direct allocation
|
page read and write
|
||
|
2400000
|
direct allocation
|
page read and write
|
||
|
21F9000
|
direct allocation
|
page read and write
|
||
|
221B000
|
direct allocation
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
BE0000
|
unkown
|
page readonly
|
||
|
267B72A9000
|
heap
|
page read and write
|
||
|
297F000
|
stack
|
page read and write
|
||
|
2400000
|
direct allocation
|
page read and write
|
||
|
60E000
|
stack
|
page read and write
|
||
|
442000
|
unkown
|
page write copy
|
||
|
1F0E000
|
stack
|
page read and write
|
||
|
140002000
|
unkown
|
page readonly
|
||
|
226B000
|
direct allocation
|
page read and write
|
||
|
2C30000
|
heap
|
page read and write
|
||
|
467000
|
unkown
|
page readonly
|
||
|
81E000
|
stack
|
page read and write
|
||
|
267B724F000
|
heap
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
788000
|
heap
|
page read and write
|
||
|
7A5000
|
heap
|
page read and write
|
||
|
2A0E000
|
stack
|
page read and write
|
||
|
18D000
|
stack
|
page read and write
|
||
|
2DDE000
|
stack
|
page read and write
|
||
|
FF0D8FE000
|
unkown
|
page readonly
|
There are 401 hidden memdumps, click here to show them.