Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Lakes_Environmental_WRPLOT_View_Freeware_V.8.0.2.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, RAR self-extracting archive
|
initial sample
|
||
|
C:\Config.Msi\49a8c1.rbs
|
data
|
dropped
|
||
|
C:\Lakes\WRPLOT View\WRPLOT_Samples\AER_Prof.pfl
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Lakes\WRPLOT View\WRPLOT_Samples\AER_Surf.sfc
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Lakes\WRPLOT View\WRPLOT_Samples\CARB.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Lakes\WRPLOT View\WRPLOT_Samples\CD-144.dat
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Lakes\WRPLOT View\WRPLOT_Samples\Generic.csv
|
CSV text
|
dropped
|
||
|
C:\Lakes\WRPLOT View\WRPLOT_Samples\HUSWO.hus
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Lakes\WRPLOT View\WRPLOT_Samples\ISC_Met.met
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Lakes\WRPLOT View\WRPLOT_Samples\LAKES_FORMAT.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Lakes\WRPLOT View\WRPLOT_Samples\SAMSON.sam
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Lakes\WRPLOT View\WRPLOT_Samples\SCRAM.dat
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Lakes\WRPLOT View\WRPLOT_Samples\TD-3505.DAT
|
ASCII text, with very long lines (649), with CRLF line terminators
|
dropped
|
||
|
C:\Lakes\WRPLOT View\WRPLOT_Samples\USWX_DECODED_OBS.TXT
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Lakes\WRPLOT View\Help\WRPLOT_View.chm
|
MS Windows HtmlHelp Data
|
dropped
|
||
|
C:\Program Files (x86)\Lakes\WRPLOT View\Stations\MetStations.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Program Files (x86)\Lakes\WRPLOT View\WRPLOT_View.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lakes Environmental\WRPLOT View - Freeware.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working
directory, Icon number=0, Archive, ctime=Wed Mar 21 08:23:08 2018, mtime=Wed May 8 18:55:34 2024, atime=Wed Mar 21 08:23:08
2018, length=13627904, window=hide
|
dropped
|
||
|
C:\Users\Public\Desktop\Lakes Environmental\WRPLOT View - Freeware.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working
directory, Icon number=0, Archive, ctime=Wed Mar 21 08:23:08 2018, mtime=Wed May 8 18:55:36 2024, atime=Wed Mar 21 08:23:08
2018, length=13627904, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSI4C67.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\RarSFX0\0x0409.ini
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\RarSFX0\Data1.cab
|
Microsoft Cabinet archive data, many, 14538947 bytes, 19 files, at 0x5c +A "_05552B74CCDE077E19276A4B56E61CF6", iFolder 0x1
+A "_B05A2AB076DDA62641C63DBF405CBA38", 7 cffolders, ID 1111, number 1, 105 datablocks, 0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\RarSFX0\Lakes Environmental WRPLOT View - Freeware V.8.0.2.MSI
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.0, MSI Installer, Code page: 1252, Title: Installation
Database, Author: InstallShield Software Corporation, Keywords: Installer,MSI,Database, Comments: Contact: Your local administrator,
Template: Intel;1033, Last Saved By: InstallShield, Revision Number: {79A894FC-A5C1-4F47-BD8C-296A0B8F9A34}, Last Printed:
Wed Mar 21 11:30:00 2018, Create Time/Date: Wed Mar 21 11:30:00 2018, Last Saved Time/Date: Wed Mar 21 11:30:00 2018, Number
of Pages: 200, Number of Words: 0, Number of Characters: 0, Name of Creating Application: InstallShield 2009 - Express Edition
15, Security: 1
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\RarSFX0\Setup.ini
|
Generic INItialization configuration [Startup]
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\RarSFX0\instmsia.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, MS CAB-Installer self-extracting archive
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\RarSFX0\instmsiw.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, MS CAB-Installer self-extracting archive
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\RarSFX0\setup.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\49a8c0.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.0, MSI Installer, Code page: 1252, Title: Installation
Database, Author: InstallShield Software Corporation, Keywords: Installer,MSI,Database, Comments: Contact: Your local administrator,
Template: Intel;1033, Last Saved By: InstallShield, Revision Number: {79A894FC-A5C1-4F47-BD8C-296A0B8F9A34}, Last Printed:
Wed Mar 21 11:30:00 2018, Create Time/Date: Wed Mar 21 11:30:00 2018, Last Saved Time/Date: Wed Mar 21 11:30:00 2018, Number
of Pages: 200, Number of Words: 0, Number of Characters: 0, Name of Creating Application: InstallShield 2009 - Express Edition
15, Security: 1
|
dropped
|
||
|
C:\Windows\Installer\49a8c2.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.0, MSI Installer, Code page: 1252, Title: Installation
Database, Author: InstallShield Software Corporation, Keywords: Installer,MSI,Database, Comments: Contact: Your local administrator,
Template: Intel;1033, Last Saved By: InstallShield, Revision Number: {79A894FC-A5C1-4F47-BD8C-296A0B8F9A34}, Last Printed:
Wed Mar 21 11:30:00 2018, Create Time/Date: Wed Mar 21 11:30:00 2018, Last Saved Time/Date: Wed Mar 21 11:30:00 2018, Number
of Pages: 200, Number of Words: 0, Number of Characters: 0, Name of Creating Application: InstallShield 2009 - Express Edition
15, Security: 1
|
dropped
|
||
|
C:\Windows\Installer\MSIAB50.tmp
|
data
|
dropped
|
||
|
C:\Windows\Installer\SourceHash{629C1CB5-295E-4B37-93AF-CFC787793E55}
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Installer\inprogressinstallinfo.ipi
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Installer\{629C1CB5-295E-4B37-93AF-CFC787793E55}\ARPPRODUCTICON.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\{629C1CB5-295E-4B37-93AF-CFC787793E55}\NewShortcut1_3EB8554C0E2944268585DB2A665787FC.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\{629C1CB5-295E-4B37-93AF-CFC787793E55}\NewShortcut2_6E47537717D44A78B035A8BD71F50183.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\SysWOW64\MIDAS.DLL
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\SysWOW64\libxl.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\SysWOW64\pegrp32d.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Temp\~DF13754D9C5DBDAB60.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF802056F38DF71FEE.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF831E9DD050E214CA.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF875105D74DCB1A8C.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF87CC2EC66D0BDF66.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF98C7ADD1062B7B88.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFA4A71AF09A031EA3.TMP
|
data
|
modified
|
||
|
C:\Windows\Temp\~DFC10F2D29FAB67764.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DFC352CB6671C57632.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DFE726C734EDBD95B1.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFE91DD56C4F8B6ACC.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFF6C0519FC400A75E.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\gdiplus.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
There are 42 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Lakes_Environmental_WRPLOT_View_Freeware_V.8.0.2.exe
|
"C:\Users\user\Desktop\Lakes_Environmental_WRPLOT_View_Freeware_V.8.0.2.exe"
|
||
|
C:\Users\user\AppData\Local\Temp\RarSFX0\setup.exe
|
"C:\Users\user\AppData\Local\Temp\RarSFX0\setup.exe" /w
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
MSIEXEC.EXE /i "C:\Users\user\AppData\Local\Temp\RarSFX0\Lakes Environmental WRPLOT View - Freeware V.8.0.2.msi" SETUPEXEDIR="C:\Users\user\AppData\Local\Temp\RarSFX0"
SETUPEXENAME="setup.exe"
|
||
|
C:\Windows\System32\msiexec.exe
|
C:\Windows\system32\msiexec.exe /V
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding A4B11C33E9E2E1AF2F89D4D9B1371E6B C
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.webLakes.com
|
unknown
|
||
|
http://www.weblakes.com/services/met_order.htmlU
|
unknown
|
||
|
http://tux.lakes-environmental.com/support/kb_WRPlotView/U
|
unknown
|
||
|
http://www.acresso.com0
|
unknown
|
||
|
http://www.turbopower.com
|
unknown
|
||
|
http://www.webLakes.com/kb/FreewareKB
|
unknown
|
||
|
http://crl.thawte.com/ThawteTimestampingCA.crl0
|
unknown
|
||
|
http://www.webLakes.com/kb/FreewareKBU
|
unknown
|
||
|
http://www.webLakes.com/products/wrplot/index.html
|
unknown
|
||
|
http://www.weblakes.com/lakereg.htmlU
|
unknown
|
||
|
http://earth.google.com/kml/2.0
|
unknown
|
||
|
http://ocsp.thawte.com0
|
unknown
|
||
|
http://www.lakes-environmental.comU
|
unknown
|
||
|
http://www.weblakes.com/images/Lakes_Logo_Google.gif
|
unknown
|
||
|
http://www.weblakes.com
|
unknown
|
||
|
http://www.weblakes.com/support/knowledgebase.htmlU
|
unknown
|
||
|
http://www.webmet.comU
|
unknown
|
There are 7 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer
|
GlobalAssocChangedCounter
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Config.Msi\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\49a8c1.rbs
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\49a8c1.rbsLow
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E170458C34D219B479F62B5937D2FB24
|
5BC1C926E59273B439FAFC7C7897E355
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D4E54044573742A43992C0D287921857
|
5BC1C926E59273B439FAFC7C7897E355
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E7FDF81CA35E84943ADA1F145C37FE7F
|
5BC1C926E59273B439FAFC7C7897E355
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9FE1AA3CA557EE748A366541EEFE14A6
|
5BC1C926E59273B439FAFC7C7897E355
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9B1DB62710EED5B4CB58A2C581FB389D
|
5BC1C926E59273B439FAFC7C7897E355
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1FA6BD4071A68348ABD6A6EBA77EB9D
|
5BC1C926E59273B439FAFC7C7897E355
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E77FC950D8F089F42B5F9BE8C1A1B411
|
5BC1C926E59273B439FAFC7C7897E355
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CBA05FB192D38A648A1B9E165A8341E6
|
5BC1C926E59273B439FAFC7C7897E355
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CBA852394BA1AEC4696D62282D85DB10
|
5BC1C926E59273B439FAFC7C7897E355
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30F09125BE68AFF449B4D15DD1D24B86
|
5BC1C926E59273B439FAFC7C7897E355
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA8A8D6EBF858514EA48C2531AB3CA02
|
5BC1C926E59273B439FAFC7C7897E355
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0382ACE003CCE6541AE63F0E926B7C19
|
5BC1C926E59273B439FAFC7C7897E355
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69AF580DA8D4DC146AE85B340678BB72
|
5BC1C926E59273B439FAFC7C7897E355
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5504D2B9DA42DF7488E2049AF913C01A
|
5BC1C926E59273B439FAFC7C7897E355
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DACC648E46CD1274BA33726E4A7013CA
|
5BC1C926E59273B439FAFC7C7897E355
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\92EE2BD74C02ACC4481500A68533BB80
|
5BC1C926E59273B439FAFC7C7897E355
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F1B496B301445D115AA4000972A8B18B
|
5BC1C926E59273B439FAFC7C7897E355
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls
|
C:\Windows\system32\libxl.dll
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls
|
C:\Windows\system32\MIDAS.DLL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls
|
C:\Windows\system32\pegrp32d.dll
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Program Files (x86)\Lakes\WRPLOT View\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Program Files (x86)\Lakes\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Lakes\WRPLOT View\WRPLOT_Samples\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Lakes\WRPLOT View\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Lakes\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Program Files (x86)\Lakes\WRPLOT View\Help\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Program Files (x86)\Lakes\WRPLOT View\Stations\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Windows\Installer\{629C1CB5-295E-4B37-93AF-CFC787793E55}\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lakes Environmental\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\Public\Desktop\Lakes Environmental\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Lakes Environmental Software\WRPlot View
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Lakes Environmental Software\WRPlot View
|
Install_Folder
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Lakes Environmental Software\WRPlot View
|
Product_Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Lakes Environmental Software\WRPlot View
|
Tutorial_Folder
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5BC1C926E59273B439FAFC7C7897E355\InstallProperties
|
LocalPackage
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5BC1C926E59273B439FAFC7C7897E355\InstallProperties
|
AuthorizedCDFPrefix
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5BC1C926E59273B439FAFC7C7897E355\InstallProperties
|
Comments
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5BC1C926E59273B439FAFC7C7897E355\InstallProperties
|
Contact
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5BC1C926E59273B439FAFC7C7897E355\InstallProperties
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5BC1C926E59273B439FAFC7C7897E355\InstallProperties
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5BC1C926E59273B439FAFC7C7897E355\InstallProperties
|
HelpTelephone
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5BC1C926E59273B439FAFC7C7897E355\InstallProperties
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5BC1C926E59273B439FAFC7C7897E355\InstallProperties
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5BC1C926E59273B439FAFC7C7897E355\InstallProperties
|
InstallSource
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5BC1C926E59273B439FAFC7C7897E355\InstallProperties
|
ModifyPath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5BC1C926E59273B439FAFC7C7897E355\InstallProperties
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5BC1C926E59273B439FAFC7C7897E355\InstallProperties
|
NoRepair
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5BC1C926E59273B439FAFC7C7897E355\InstallProperties
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5BC1C926E59273B439FAFC7C7897E355\InstallProperties
|
Readme
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5BC1C926E59273B439FAFC7C7897E355\InstallProperties
|
Size
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5BC1C926E59273B439FAFC7C7897E355\InstallProperties
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5BC1C926E59273B439FAFC7C7897E355\InstallProperties
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5BC1C926E59273B439FAFC7C7897E355\InstallProperties
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5BC1C926E59273B439FAFC7C7897E355\InstallProperties
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5BC1C926E59273B439FAFC7C7897E355\InstallProperties
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5BC1C926E59273B439FAFC7C7897E355\InstallProperties
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5BC1C926E59273B439FAFC7C7897E355\InstallProperties
|
WindowsInstaller
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5BC1C926E59273B439FAFC7C7897E355\InstallProperties
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5BC1C926E59273B439FAFC7C7897E355\InstallProperties
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{629C1CB5-295E-4B37-93AF-CFC787793E55}
|
AuthorizedCDFPrefix
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{629C1CB5-295E-4B37-93AF-CFC787793E55}
|
Comments
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{629C1CB5-295E-4B37-93AF-CFC787793E55}
|
Contact
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{629C1CB5-295E-4B37-93AF-CFC787793E55}
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{629C1CB5-295E-4B37-93AF-CFC787793E55}
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{629C1CB5-295E-4B37-93AF-CFC787793E55}
|
HelpTelephone
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{629C1CB5-295E-4B37-93AF-CFC787793E55}
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{629C1CB5-295E-4B37-93AF-CFC787793E55}
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{629C1CB5-295E-4B37-93AF-CFC787793E55}
|
InstallSource
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{629C1CB5-295E-4B37-93AF-CFC787793E55}
|
ModifyPath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{629C1CB5-295E-4B37-93AF-CFC787793E55}
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{629C1CB5-295E-4B37-93AF-CFC787793E55}
|
NoRepair
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{629C1CB5-295E-4B37-93AF-CFC787793E55}
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{629C1CB5-295E-4B37-93AF-CFC787793E55}
|
Readme
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{629C1CB5-295E-4B37-93AF-CFC787793E55}
|
Size
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{629C1CB5-295E-4B37-93AF-CFC787793E55}
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{629C1CB5-295E-4B37-93AF-CFC787793E55}
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{629C1CB5-295E-4B37-93AF-CFC787793E55}
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{629C1CB5-295E-4B37-93AF-CFC787793E55}
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{629C1CB5-295E-4B37-93AF-CFC787793E55}
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{629C1CB5-295E-4B37-93AF-CFC787793E55}
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{629C1CB5-295E-4B37-93AF-CFC787793E55}
|
WindowsInstaller
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{629C1CB5-295E-4B37-93AF-CFC787793E55}
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{629C1CB5-295E-4B37-93AF-CFC787793E55}
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7444323745BAB6247861922FC02537F0
|
5BC1C926E59273B439FAFC7C7897E355
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5BC1C926E59273B439FAFC7C7897E355\InstallProperties
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{629C1CB5-295E-4B37-93AF-CFC787793E55}
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\5BC1C926E59273B439FAFC7C7897E355
|
AlwaysInstall
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5BC1C926E59273B439FAFC7C7897E355\Features
|
AlwaysInstall
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\5BC1C926E59273B439FAFC7C7897E355
|
NewFeature1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5BC1C926E59273B439FAFC7C7897E355\Features
|
NewFeature1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5BC1C926E59273B439FAFC7C7897E355\Patches
|
AllPatches
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\5BC1C926E59273B439FAFC7C7897E355
|
ProductName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\5BC1C926E59273B439FAFC7C7897E355
|
PackageCode
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\5BC1C926E59273B439FAFC7C7897E355
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\5BC1C926E59273B439FAFC7C7897E355
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\5BC1C926E59273B439FAFC7C7897E355
|
Assignment
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\5BC1C926E59273B439FAFC7C7897E355
|
AdvertiseFlags
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\5BC1C926E59273B439FAFC7C7897E355
|
ProductIcon
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\5BC1C926E59273B439FAFC7C7897E355
|
InstanceType
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\5BC1C926E59273B439FAFC7C7897E355
|
AuthorizedLUAApp
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\5BC1C926E59273B439FAFC7C7897E355
|
DeploymentFlags
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\7444323745BAB6247861922FC02537F0
|
5BC1C926E59273B439FAFC7C7897E355
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\5BC1C926E59273B439FAFC7C7897E355\SourceList
|
PackageName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\5BC1C926E59273B439FAFC7C7897E355\SourceList\Net
|
1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\5BC1C926E59273B439FAFC7C7897E355\SourceList\Media
|
DiskPrompt
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\5BC1C926E59273B439FAFC7C7897E355\SourceList\Media
|
1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\5BC1C926E59273B439FAFC7C7897E355
|
Clients
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\5BC1C926E59273B439FAFC7C7897E355\SourceList
|
LastUsedSource
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings
|
StringCacheGeneration
|
There are 106 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
483000
|
unkown
|
page read and write
|
||
|
60C000
|
heap
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
5EB000
|
heap
|
page read and write
|
||
|
5EF000
|
heap
|
page read and write
|
||
|
5EF000
|
heap
|
page read and write
|
||
|
5FE000
|
heap
|
page read and write
|
||
|
2495000
|
heap
|
page read and write
|
||
|
278E000
|
stack
|
page read and write
|
||
|
5E1000
|
heap
|
page read and write
|
||
|
5F1000
|
heap
|
page read and write
|
||
|
2490000
|
heap
|
page read and write
|
||
|
3D50000
|
trusted library allocation
|
page read and write
|
||
|
60B000
|
heap
|
page read and write
|
||
|
3D42000
|
heap
|
page read and write
|
||
|
1F9E000
|
stack
|
page read and write
|
||
|
2497000
|
heap
|
page read and write
|
||
|
287C000
|
stack
|
page read and write
|
||
|
5C4000
|
heap
|
page read and write
|
||
|
29BF000
|
stack
|
page read and write
|
||
|
5D9000
|
heap
|
page read and write
|
||
|
5F5000
|
heap
|
page read and write
|
||
|
28BE000
|
stack
|
page read and write
|
||
|
5F1000
|
heap
|
page read and write
|
||
|
5EB000
|
heap
|
page read and write
|
||
|
21B0000
|
heap
|
page read and write
|
||
|
5C4000
|
heap
|
page read and write
|
||
|
5FE000
|
heap
|
page read and write
|
||
|
607000
|
heap
|
page read and write
|
||
|
2492000
|
heap
|
page read and write
|
||
|
5FE000
|
heap
|
page read and write
|
||
|
2495000
|
heap
|
page read and write
|
||
|
1F5F000
|
stack
|
page read and write
|
||
|
3B7F000
|
stack
|
page read and write
|
||
|
60C000
|
heap
|
page read and write
|
||
|
2492000
|
heap
|
page read and write
|
||
|
277C000
|
stack
|
page read and write
|
||
|
21C0000
|
heap
|
page read and write
|
||
|
5D9000
|
heap
|
page read and write
|
||
|
201E000
|
heap
|
page read and write
|
||
|
96000
|
stack
|
page read and write
|
||
|
194000
|
stack
|
page read and write
|
||
|
609000
|
heap
|
page read and write
|
||
|
60C000
|
heap
|
page read and write
|
||
|
2497000
|
heap
|
page read and write
|
||
|
3D40000
|
heap
|
page read and write
|
||
|
5E1000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2ADC000
|
stack
|
page read and write
|
||
|
5F1000
|
heap
|
page read and write
|
||
|
2017000
|
heap
|
page read and write
|
||
|
5E4000
|
heap
|
page read and write
|
||
|
5E8000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1FFE000
|
stack
|
page read and write
|
||
|
9A000
|
stack
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
201B000
|
heap
|
page read and write
|
||
|
604000
|
heap
|
page read and write
|
||
|
5CA000
|
heap
|
page read and write
|
||
|
5DF000
|
heap
|
page read and write
|
||
|
5F4000
|
heap
|
page read and write
|
||
|
2497000
|
heap
|
page read and write
|
||
|
26C0000
|
heap
|
page read and write
|
||
|
414000
|
unkown
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
58B000
|
heap
|
page read and write
|
||
|
6EE000
|
stack
|
page read and write
|
||
|
24BA000
|
heap
|
page read and write
|
||
|
3C7F000
|
stack
|
page read and write
|
||
|
47B000
|
unkown
|
page write copy
|
||
|
2130000
|
heap
|
page read and write
|
||
|
4A4D000
|
heap
|
page read and write
|
||
|
715000
|
heap
|
page read and write
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
619000
|
heap
|
page read and write
|
||
|
5CB000
|
heap
|
page read and write
|
||
|
5E1000
|
heap
|
page read and write
|
||
|
5EF000
|
heap
|
page read and write
|
||
|
209F000
|
stack
|
page read and write
|
||
|
1FBF000
|
stack
|
page read and write
|
||
|
2018000
|
heap
|
page read and write
|
||
|
482000
|
unkown
|
page write copy
|
||
|
2560000
|
trusted library allocation
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
5D6000
|
heap
|
page read and write
|
||
|
5B2000
|
heap
|
page read and write
|
||
|
5D4000
|
heap
|
page read and write
|
||
|
4A0000
|
heap
|
page read and write
|
||
|
5DD000
|
heap
|
page read and write
|
||
|
455000
|
heap
|
page read and write
|
||
|
619000
|
heap
|
page read and write
|
||
|
655000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
401000
|
unkown
|
page execute read
|
||
|
212F000
|
stack
|
page read and write
|
||
|
5F6000
|
heap
|
page read and write
|
||
|
27CE000
|
stack
|
page read and write
|
||
|
61D000
|
heap
|
page read and write
|
||
|
26A0000
|
heap
|
page read and write
|
||
|
5F5000
|
heap
|
page read and write
|
||
|
5D6000
|
heap
|
page read and write
|
||
|
2492000
|
heap
|
page read and write
|
||
|
1E5E000
|
stack
|
page read and write
|
||
|
466000
|
heap
|
page read and write
|
||
|
5E5000
|
heap
|
page read and write
|
||
|
5EB000
|
heap
|
page read and write
|
||
|
2492000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
619000
|
heap
|
page read and write
|
||
|
2497000
|
heap
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
201D000
|
heap
|
page read and write
|
||
|
188000
|
stack
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
421000
|
unkown
|
page readonly
|
||
|
5B2000
|
heap
|
page read and write
|
||
|
472F000
|
stack
|
page read and write
|
||
|
47B000
|
unkown
|
page write copy
|
||
|
488000
|
unkown
|
page readonly
|
||
|
2497000
|
heap
|
page read and write
|
||
|
5EB000
|
heap
|
page read and write
|
||
|
469000
|
unkown
|
page readonly
|
||
|
460000
|
heap
|
page read and write
|
||
|
609000
|
heap
|
page read and write
|
||
|
5E1000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
421000
|
unkown
|
page readonly
|
||
|
24E0000
|
heap
|
page read and write
|
||
|
480000
|
unkown
|
page read and write
|
||
|
2024000
|
heap
|
page read and write
|
||
|
2210000
|
heap
|
page read and write
|
||
|
604000
|
heap
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
5E8000
|
heap
|
page read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
5AF000
|
heap
|
page read and write
|
||
|
482F000
|
stack
|
page read and write
|
||
|
412000
|
unkown
|
page readonly
|
||
|
450000
|
heap
|
page read and write
|
||
|
2496000
|
heap
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
609000
|
heap
|
page read and write
|
||
|
619000
|
heap
|
page read and write
|
||
|
5DF000
|
heap
|
page read and write
|
||
|
5C1000
|
heap
|
page read and write
|
||
|
2497000
|
heap
|
page read and write
|
||
|
60C000
|
heap
|
page read and write
|
||
|
596000
|
heap
|
page read and write
|
||
|
2015000
|
heap
|
page read and write
|
||
|
488000
|
unkown
|
page readonly
|
||
|
24AF000
|
heap
|
page read and write
|
||
|
5F4000
|
heap
|
page read and write
|
||
|
29FE000
|
stack
|
page read and write
|
||
|
5B9000
|
heap
|
page read and write
|
||
|
2495000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
3D46000
|
heap
|
page read and write
|
||
|
41E000
|
unkown
|
page read and write
|
||
|
492C000
|
stack
|
page read and write
|
||
|
2010000
|
heap
|
page read and write
|
||
|
2020000
|
heap
|
page read and write
|
||
|
5BA000
|
heap
|
page read and write
|
||
|
18A000
|
stack
|
page read and write
|
||
|
440000
|
heap
|
page read and write
|
||
|
2214000
|
heap
|
page read and write
|
||
|
2494000
|
heap
|
page read and write
|
||
|
2492000
|
heap
|
page read and write
|
||
|
412000
|
unkown
|
page readonly
|
||
|
2492000
|
heap
|
page read and write
|
||
|
469000
|
unkown
|
page readonly
|
||
|
47E000
|
unkown
|
page read and write
|
||
|
5F1000
|
heap
|
page read and write
|
||
|
414000
|
unkown
|
page write copy
|
||
|
5F5000
|
heap
|
page read and write
|
||
|
655000
|
heap
|
page read and write
|
||
|
593000
|
heap
|
page read and write
|
||
|
201B000
|
heap
|
page read and write
|
||
|
45A000
|
heap
|
page read and write
|
||
|
2492000
|
heap
|
page read and write
|
||
|
24D5000
|
heap
|
page read and write
|
||
|
480000
|
unkown
|
page write copy
|
||
|
2497000
|
heap
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
25E0000
|
trusted library allocation
|
page read and write
|
||
|
5F5000
|
heap
|
page read and write
|
||
|
2A3E000
|
stack
|
page read and write
|
||
|
2497000
|
heap
|
page read and write
|
There are 179 hidden memdumps, click here to show them.