Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SCAN-068589.pdf.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: Adobe Font Pack 3.0.12.9, Author: Adobe Inc., Keywords: Installer, Comments: Adobe Font Pack, Template:
Intel;1033, Revision Number: {717A1233-ED34-40D0-B14C-98BF5C0B90FE}, Create Time/Date: Thu Jun 16 10:54:52 2022, Last Saved
Time/Date: Thu Jun 16 10:54:52 2022, Number of Pages: 200, Number of Words: 10, Name of Creating Application: Windows Installer
XML Toolset (3.11.2.4516), Security: 2
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\AdobeFontPack\main.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\x86\5507.nls
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Config.Msi\68bd59.rbs
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\AdobeFontPack\notify.vbs
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF275DF4B13EC3E34F.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF6CBE8E5B62F6E221.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF84F6DE3826C4FEB0.TMP
|
data
|
dropped
|
||
|
C:\Windows\Installer\68bd57.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: Adobe Font Pack 3.0.12.9, Author: Adobe Inc., Keywords: Installer, Comments: Adobe Font Pack, Template:
Intel;1033, Revision Number: {717A1233-ED34-40D0-B14C-98BF5C0B90FE}, Create Time/Date: Thu Jun 16 10:54:52 2022, Last Saved
Time/Date: Thu Jun 16 10:54:52 2022, Number of Pages: 200, Number of Words: 10, Name of Creating Application: Windows Installer
XML Toolset (3.11.2.4516), Security: 2
|
dropped
|
||
|
C:\Windows\Installer\68bd58.ipi
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Installer\68bd5a.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: Adobe Font Pack 3.0.12.9, Author: Adobe Inc., Keywords: Installer, Comments: Adobe Font Pack, Template:
Intel;1033, Revision Number: {717A1233-ED34-40D0-B14C-98BF5C0B90FE}, Create Time/Date: Thu Jun 16 10:54:52 2022, Last Saved
Time/Date: Thu Jun 16 10:54:52 2022, Number of Pages: 200, Number of Words: 10, Name of Creating Application: Windows Installer
XML Toolset (3.11.2.4516), Security: 2
|
dropped
|
||
|
C:\Windows\Installer\MSI7D9A.tmp
|
data
|
dropped
|
||
|
C:\Windows\Installer\SourceHash{CC038BA5-7236-4713-8948-DFF082243638}
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
There are 3 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\regsvr32.exe
|
regsvr32.exe -n -i:"Install" C:\Users\user\AppData\Local\AdobeFontPack\main.dll
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
-n -i:"Install" C:\Users\user\AppData\Local\AdobeFontPack\main.dll
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe -n -i:"Update?heck" "C:\Users\user\AppData\Local\x86\5507.nls"
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
-n -i:"Update?heck" "C:\Users\user\AppData\Local\x86\5507.nls"
|
|
|
|
C:\Windows\System32\msiexec.exe
|
"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\SCAN-068589.pdf.msi"
|
||
|
C:\Windows\System32\msiexec.exe
|
C:\Windows\system32\msiexec.exe /V
|
||
|
C:\Windows\System32\wscript.exe
|
wscript.exe C:\Users\user\AppData\Local\AdobeFontPack\notify.vbs
|
||
|
C:\Windows\System32\taskeng.exe
|
taskeng.exe {4CFB7DD2-D1A8-412D-8316-3EFD3FFEBE4B} S-1-5-21-966771315-3019405637-367336477-1006:user-PC\user:Interactive:[1]
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://telemetrysystemcollection.com/m8YYdu/mCQ2U9/home.aspx
|
213.226.114.15
|
|
|
|
http://collectiontelemetrysystem.com/cAUtfkUDaptk/ZRSeiy/requets/index.php
|
213.226.114.15
|
|
|
|
https://telemetrysystemcollection.com/m8YYdu/mCQ2U9/auth.aspx
|
213.226.114.15
|
|
|
|
http://telemetrysystemcollection.com/m8YYdu/mCQ2U9/home.aspx
|
unknown
|
||
|
https://collectiontelemetrysystem.com/m8YYdu/mCQ2U9/auth.aspx
|
unknown
|
||
|
http://collectiontelemetrysystem.com/m8YYdu/mCQ2U9/home.aspx
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
telemetrysystemcollection.com
|
213.226.114.15
|
|
|
|
collectiontelemetrysystem.com
|
213.226.114.15
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
213.226.114.15
|
telemetrysystemcollection.com
|
Russian Federation
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
IDENTIFY (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
IDENTIFY (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
PREPAREBACKUP (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
PREPAREBACKUP (Leave)
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
GETSTATE (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
GETSTATE (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\68bd59.rbs
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\68bd59.rbsLow
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Components\DF2B5B287322BA24F9303B9BAE3B0000
|
5AB830CC632731749884FD0F28426383
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Local\AdobeFontPack\
|
||
|
HKEY_CURRENT_USER\Software\AdobeFontPack
|
AdobeFontPack
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\5AB830CC632731749884FD0F28426383\InstallProperties
|
LocalPackage
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\5AB830CC632731749884FD0F28426383\InstallProperties
|
AuthorizedCDFPrefix
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\5AB830CC632731749884FD0F28426383\InstallProperties
|
Comments
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\5AB830CC632731749884FD0F28426383\InstallProperties
|
Contact
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\5AB830CC632731749884FD0F28426383\InstallProperties
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\5AB830CC632731749884FD0F28426383\InstallProperties
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\5AB830CC632731749884FD0F28426383\InstallProperties
|
HelpTelephone
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\5AB830CC632731749884FD0F28426383\InstallProperties
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\5AB830CC632731749884FD0F28426383\InstallProperties
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\5AB830CC632731749884FD0F28426383\InstallProperties
|
InstallSource
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\5AB830CC632731749884FD0F28426383\InstallProperties
|
ModifyPath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\5AB830CC632731749884FD0F28426383\InstallProperties
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\5AB830CC632731749884FD0F28426383\InstallProperties
|
Readme
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\5AB830CC632731749884FD0F28426383\InstallProperties
|
Size
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\5AB830CC632731749884FD0F28426383\InstallProperties
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\5AB830CC632731749884FD0F28426383\InstallProperties
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\5AB830CC632731749884FD0F28426383\InstallProperties
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\5AB830CC632731749884FD0F28426383\InstallProperties
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\5AB830CC632731749884FD0F28426383\InstallProperties
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\5AB830CC632731749884FD0F28426383\InstallProperties
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\5AB830CC632731749884FD0F28426383\InstallProperties
|
WindowsInstaller
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\5AB830CC632731749884FD0F28426383\InstallProperties
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\5AB830CC632731749884FD0F28426383\InstallProperties
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CC038BA5-7236-4713-8948-DFF082243638}
|
AuthorizedCDFPrefix
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CC038BA5-7236-4713-8948-DFF082243638}
|
Comments
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CC038BA5-7236-4713-8948-DFF082243638}
|
Contact
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CC038BA5-7236-4713-8948-DFF082243638}
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CC038BA5-7236-4713-8948-DFF082243638}
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CC038BA5-7236-4713-8948-DFF082243638}
|
HelpTelephone
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CC038BA5-7236-4713-8948-DFF082243638}
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CC038BA5-7236-4713-8948-DFF082243638}
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CC038BA5-7236-4713-8948-DFF082243638}
|
InstallSource
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CC038BA5-7236-4713-8948-DFF082243638}
|
ModifyPath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CC038BA5-7236-4713-8948-DFF082243638}
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CC038BA5-7236-4713-8948-DFF082243638}
|
Readme
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CC038BA5-7236-4713-8948-DFF082243638}
|
Size
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CC038BA5-7236-4713-8948-DFF082243638}
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CC038BA5-7236-4713-8948-DFF082243638}
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CC038BA5-7236-4713-8948-DFF082243638}
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CC038BA5-7236-4713-8948-DFF082243638}
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CC038BA5-7236-4713-8948-DFF082243638}
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CC038BA5-7236-4713-8948-DFF082243638}
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CC038BA5-7236-4713-8948-DFF082243638}
|
WindowsInstaller
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CC038BA5-7236-4713-8948-DFF082243638}
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CC038BA5-7236-4713-8948-DFF082243638}
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\100000007322BA24F9303B9BAE3B509A
|
5AB830CC632731749884FD0F28426383
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\5AB830CC632731749884FD0F28426383\InstallProperties
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CC038BA5-7236-4713-8948-DFF082243638}
|
DisplayName
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Installer\Features\5AB830CC632731749884FD0F28426383
|
MainProgram
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\5AB830CC632731749884FD0F28426383\Features
|
MainProgram
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Installer\Features\5AB830CC632731749884FD0F28426383
|
Complete
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\5AB830CC632731749884FD0F28426383\Features
|
Complete
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\5AB830CC632731749884FD0F28426383\Patches
|
AllPatches
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\5AB830CC632731749884FD0F28426383
|
ProductName
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\5AB830CC632731749884FD0F28426383
|
PackageCode
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\5AB830CC632731749884FD0F28426383
|
Language
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\5AB830CC632731749884FD0F28426383
|
Version
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\5AB830CC632731749884FD0F28426383
|
Assignment
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\5AB830CC632731749884FD0F28426383
|
AdvertiseFlags
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\5AB830CC632731749884FD0F28426383
|
InstanceType
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\5AB830CC632731749884FD0F28426383
|
AuthorizedLUAApp
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\5AB830CC632731749884FD0F28426383
|
DeploymentFlags
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Installer\UpgradeCodes\100000007322BA24F9303B9BAE3B509A
|
5AB830CC632731749884FD0F28426383
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\5AB830CC632731749884FD0F28426383\SourceList
|
PackageName
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\5AB830CC632731749884FD0F28426383\SourceList\Net
|
1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\5AB830CC632731749884FD0F28426383\SourceList\Media
|
1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\5AB830CC632731749884FD0F28426383
|
Clients
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\5AB830CC632731749884FD0F28426383\SourceList
|
LastUsedSource
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
|
SrCreateRp (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppCreate (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
|
LastIndex
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppGatherWriterMetadata (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppGatherWriterMetadata (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppAddInterestingComponents (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppAddInterestingComponents (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppCreate (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
|
SrCreateRp (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
|
SrCreateRp (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppCreate (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
|
LastIndex
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppGatherWriterMetadata (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
IDENTIFY (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
IDENTIFY (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppGatherWriterMetadata (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppAddInterestingComponents (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppAddInterestingComponents (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
PREPAREBACKUP (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
PREPAREBACKUP (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppCreate (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
|
SrCreateRp (Leave)
|
||
|
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\system32\p2pcollab.dll,-8042
|
||
|
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\system32\dnsapi.dll,-103
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake\{4CFB7DD2-D1A8-412D-8316-3EFD3FFEBE4B}
|
data
|
There are 105 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
320000
|
heap
|
page read and write
|
||
|
402000
|
heap
|
page read and write
|
||
|
333000
|
heap
|
page read and write
|
||
|
3CE0000
|
trusted library allocation
|
page read and write
|
||
|
3849000
|
trusted library allocation
|
page read and write
|
||
|
36E1000
|
trusted library allocation
|
page read and write
|
||
|
6E476000
|
unkown
|
page readonly
|
||
|
3DB0000
|
trusted library allocation
|
page read and write
|
||
|
2304000
|
trusted library allocation
|
page read and write
|
||
|
4A6000
|
heap
|
page read and write
|
||
|
3DA0000
|
trusted library allocation
|
page read and write
|
||
|
39C1000
|
trusted library allocation
|
page read and write
|
||
|
3DB0000
|
trusted library allocation
|
page read and write
|
||
|
38E1000
|
trusted library allocation
|
page read and write
|
||
|
3CE0000
|
trusted library allocation
|
page read and write
|
||
|
1D0000
|
trusted library allocation
|
page read and write
|
||
|
310E000
|
trusted library allocation
|
page read and write
|
||
|
87000
|
heap
|
page read and write
|
||
|
3DA0000
|
trusted library allocation
|
page read and write
|
||
|
1BA0000
|
heap
|
page read and write
|
||
|
420000
|
trusted library allocation
|
page read and write
|
||
|
3CE0000
|
trusted library allocation
|
page read and write
|
||
|
36E1000
|
trusted library allocation
|
page read and write
|
||
|
1F50000
|
heap
|
page read and write
|
||
|
744000
|
heap
|
page read and write
|
||
|
2308000
|
trusted library allocation
|
page read and write
|
||
|
3D80000
|
trusted library allocation
|
page read and write
|
||
|
31E000
|
heap
|
page read and write
|
||
|
2306000
|
trusted library allocation
|
page read and write
|
||
|
3DB0000
|
trusted library allocation
|
page read and write
|
||
|
1EF4000
|
heap
|
page read and write
|
||
|
420000
|
trusted library allocation
|
page read and write
|
||
|
1D20000
|
heap
|
page read and write
|
||
|
402000
|
heap
|
page read and write
|
||
|
38E1000
|
trusted library allocation
|
page read and write
|
||
|
29E0000
|
heap
|
page read and write
|
||
|
231E000
|
stack
|
page read and write
|
||
|
3CE0000
|
trusted library allocation
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
3A6000
|
heap
|
page read and write
|
||
|
2FE000
|
heap
|
page read and write
|
||
|
3BA7000
|
trusted library allocation
|
page read and write
|
||
|
3D80000
|
trusted library allocation
|
page read and write
|
||
|
3CE0000
|
trusted library allocation
|
page read and write
|
||
|
106000
|
heap
|
page read and write
|
||
|
420000
|
trusted library allocation
|
page read and write
|
||
|
C0000
|
heap
|
page read and write
|
||
|
226000
|
heap
|
page read and write
|
||
|
75F000
|
heap
|
page read and write
|
||
|
7EFE0000
|
unkown
|
page readonly
|
||
|
3168000
|
trusted library allocation
|
page read and write
|
||
|
420000
|
trusted library allocation
|
page read and write
|
||
|
38E1000
|
trusted library allocation
|
page read and write
|
||
|
3CE0000
|
trusted library allocation
|
page read and write
|
||
|
310E000
|
trusted library allocation
|
page read and write
|
||
|
2E0000
|
heap
|
page read and write
|
||
|
230C000
|
trusted library allocation
|
page read and write
|
||
|
3163000
|
trusted library allocation
|
page read and write
|
||
|
3D80000
|
trusted library allocation
|
page read and write
|
||
|
3E20000
|
trusted library allocation
|
page read and write
|
||
|
223B000
|
heap
|
page read and write
|
||
|
2120000
|
heap
|
page read and write
|
||
|
3CE0000
|
trusted library allocation
|
page read and write
|
||
|
420000
|
trusted library allocation
|
page read and write
|
||
|
3C59000
|
heap
|
page read and write
|
||
|
230D000
|
trusted library allocation
|
page read and write
|
||
|
6E474000
|
unkown
|
page read and write
|
||
|
3CE0000
|
trusted library allocation
|
page read and write
|
||
|
3CE0000
|
trusted library allocation
|
page read and write
|
||
|
2C40000
|
trusted library allocation
|
page read and write
|
||
|
356000
|
heap
|
page read and write
|
||
|
420000
|
trusted library allocation
|
page read and write
|
||
|
420000
|
trusted library allocation
|
page read and write
|
||
|
C22000
|
heap
|
page read and write
|
||
|
1BB2000
|
heap
|
page read and write
|
||
|
314A000
|
trusted library allocation
|
page read and write
|
||
|
C7000
|
heap
|
page read and write
|
||
|
3DA0000
|
trusted library allocation
|
page read and write
|
||
|
314D000
|
trusted library allocation
|
page read and write
|
||
|
2CE000
|
heap
|
page read and write
|
||
|
3DA0000
|
trusted library allocation
|
page read and write
|
||
|
376D000
|
trusted library allocation
|
page read and write
|
||
|
3F7000
|
heap
|
page read and write
|
||
|
265000
|
stack
|
page read and write
|
||
|
2980000
|
trusted library allocation
|
page read and write
|
||
|
2980000
|
trusted library allocation
|
page read and write
|
||
|
3825000
|
trusted library allocation
|
page read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
467000
|
heap
|
page read and write
|
||
|
3D90000
|
trusted library allocation
|
page read and write
|
||
|
3CE0000
|
trusted library allocation
|
page read and write
|
||
|
3CE0000
|
trusted library allocation
|
page read and write
|
||
|
38E1000
|
trusted library allocation
|
page read and write
|
||
|
1E0000
|
unkown
|
page read and write
|
||
|
80000
|
heap
|
page read and write
|
||
|
1BD1000
|
heap
|
page read and write
|
||
|
2A6000
|
heap
|
page read and write
|
||
|
360000
|
heap
|
page read and write
|
||
|
3D90000
|
trusted library allocation
|
page read and write
|
||
|
3D80000
|
trusted library allocation
|
page read and write
|
||
|
3E0000
|
heap
|
page read and write
|
||
|
310E000
|
trusted library allocation
|
page read and write
|
||
|
4B5000
|
heap
|
page read and write
|
||
|
2B0000
|
heap
|
page read and write
|
||
|
416000
|
heap
|
page read and write
|
||
|
1C64000
|
heap
|
page read and write
|
||
|
2C40000
|
trusted library allocation
|
page read and write
|
||
|
4F4000
|
heap
|
page read and write
|
||
|
1C73000
|
heap
|
page read and write
|
||
|
420000
|
trusted library allocation
|
page read and write
|
||
|
420000
|
trusted library allocation
|
page read and write
|
||
|
2C40000
|
trusted library allocation
|
page read and write
|
||
|
39C6000
|
trusted library allocation
|
page read and write
|
||
|
315F000
|
trusted library allocation
|
page read and write
|
||
|
6E46C000
|
unkown
|
page readonly
|
||
|
3D90000
|
trusted library allocation
|
page read and write
|
||
|
2302000
|
trusted library allocation
|
page read and write
|
||
|
240F000
|
stack
|
page read and write
|
||
|
2300000
|
trusted library allocation
|
page read and write
|
||
|
2A4000
|
heap
|
page read and write
|
||
|
36E1000
|
trusted library allocation
|
page read and write
|
||
|
2205000
|
heap
|
page read and write
|
||
|
3CE0000
|
trusted library allocation
|
page read and write
|
||
|
225F000
|
stack
|
page read and write
|
||
|
270000
|
heap
|
page read and write
|
||
|
3CE0000
|
trusted library allocation
|
page read and write
|
||
|
3CE0000
|
trusted library allocation
|
page read and write
|
||
|
23AF000
|
stack
|
page read and write
|
||
|
1BD2000
|
heap
|
page read and write
|
||
|
55F000
|
heap
|
page read and write
|
||
|
420000
|
trusted library allocation
|
page read and write
|
||
|
27CE000
|
stack
|
page read and write
|
||
|
6E410000
|
unkown
|
page readonly
|
||
|
2301000
|
trusted library allocation
|
page read and write
|
||
|
3800000
|
trusted library allocation
|
page read and write
|
||
|
23C000
|
stack
|
page read and write
|
||
|
277000
|
heap
|
page read and write
|
||
|
2C3000
|
heap
|
page read and write
|
||
|
2980000
|
trusted library allocation
|
page read and write
|
||
|
C1F000
|
stack
|
page read and write
|
||
|
61F000
|
stack
|
page read and write
|
||
|
3CE0000
|
trusted library allocation
|
page read and write
|
||
|
420000
|
trusted library allocation
|
page read and write
|
||
|
146F000
|
stack
|
page read and write
|
||
|
3CE0000
|
trusted library allocation
|
page read and write
|
||
|
1EF0000
|
heap
|
page read and write
|
||
|
390000
|
trusted library allocation
|
page read and write
|
||
|
310E000
|
trusted library allocation
|
page read and write
|
||
|
38E1000
|
trusted library allocation
|
page read and write
|
||
|
3DE000
|
heap
|
page read and write
|
||
|
3A60000
|
heap
|
page read and write
|
||
|
310E000
|
trusted library allocation
|
page read and write
|
||
|
310E000
|
trusted library allocation
|
page read and write
|
||
|
2980000
|
trusted library allocation
|
page read and write
|
||
|
420000
|
trusted library allocation
|
page read and write
|
||
|
26C000
|
stack
|
page read and write
|
||
|
1A0000
|
heap
|
page read and write
|
||
|
3DB0000
|
trusted library allocation
|
page read and write
|
||
|
220000
|
heap
|
page read and write
|
||
|
420000
|
trusted library allocation
|
page read and write
|
||
|
2230000
|
heap
|
page read and write
|
||
|
3D80000
|
trusted library allocation
|
page read and write
|
||
|
2309000
|
trusted library allocation
|
page read and write
|
||
|
2BB0000
|
trusted library allocation
|
page read and write
|
||
|
2980000
|
trusted library allocation
|
page read and write
|
||
|
36E1000
|
trusted library allocation
|
page read and write
|
||
|
310000
|
heap
|
page read and write
|
||
|
420000
|
trusted library allocation
|
page read and write
|
||
|
1C74000
|
heap
|
page read and write
|
||
|
36E1000
|
trusted library allocation
|
page read and write
|
||
|
10EC000
|
stack
|
page read and write
|
||
|
310E000
|
trusted library allocation
|
page read and write
|
||
|
2C40000
|
trusted library allocation
|
page read and write
|
||
|
285C000
|
stack
|
page read and write
|
||
|
3DA0000
|
trusted library allocation
|
page read and write
|
||
|
402000
|
heap
|
page read and write
|
||
|
154000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2200000
|
heap
|
page read and write
|
||
|
3769000
|
trusted library allocation
|
page read and write
|
||
|
2C40000
|
trusted library allocation
|
page read and write
|
||
|
3C50000
|
heap
|
page read and write
|
||
|
3CE0000
|
trusted library allocation
|
page read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
49E000
|
heap
|
page read and write
|
||
|
3CE0000
|
trusted library allocation
|
page read and write
|
||
|
1F80000
|
heap
|
page read and write
|
||
|
C8000
|
heap
|
page read and write
|
||
|
3A0000
|
heap
|
page read and write
|
||
|
3CE0000
|
trusted library allocation
|
page read and write
|
||
|
1BB8000
|
heap
|
page read and write
|
||
|
3CE0000
|
trusted library allocation
|
page read and write
|
||
|
2980000
|
trusted library allocation
|
page read and write
|
||
|
320000
|
heap
|
page read and write
|
||
|
420000
|
trusted library allocation
|
page read and write
|
||
|
36E1000
|
trusted library allocation
|
page read and write
|
||
|
3D90000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
1BAD000
|
heap
|
page read and write
|
||
|
460000
|
heap
|
page read and write
|
||
|
26C6000
|
heap
|
page read and write
|
||
|
3C55000
|
heap
|
page read and write
|
||
|
420000
|
trusted library allocation
|
page read and write
|
||
|
1BBB000
|
heap
|
page read and write
|
||
|
176000
|
heap
|
page read and write
|
||
|
3CE0000
|
trusted library allocation
|
page read and write
|
||
|
377E000
|
trusted library allocation
|
page read and write
|
||
|
230B000
|
trusted library allocation
|
page read and write
|
||
|
5F6000
|
heap
|
page read and write
|
||
|
310E000
|
trusted library allocation
|
page read and write
|
||
|
3FB000
|
heap
|
page read and write
|
||
|
C5D000
|
trusted library allocation
|
page read and write
|
||
|
3DB0000
|
trusted library allocation
|
page read and write
|
||
|
3D90000
|
trusted library allocation
|
page read and write
|
||
|
3CE0000
|
trusted library allocation
|
page read and write
|
||
|
2C0000
|
trusted library allocation
|
page read and write
|
||
|
3D80000
|
trusted library allocation
|
page read and write
|
||
|
1C68000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
3DA0000
|
trusted library allocation
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
3E40000
|
trusted library allocation
|
page read and write
|
||
|
46C000
|
stack
|
page read and write
|
||
|
3D90000
|
trusted library allocation
|
page read and write
|
||
|
420000
|
trusted library allocation
|
page read and write
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
235F000
|
stack
|
page read and write
|
||
|
3F6000
|
heap
|
page read and write
|
||
|
2307000
|
trusted library allocation
|
page read and write
|
||
|
3D90000
|
trusted library allocation
|
page read and write
|
||
|
29E5000
|
heap
|
page read and write
|
||
|
3A7000
|
heap
|
page read and write
|
||
|
1BAE000
|
heap
|
page read and write
|
||
|
B1C000
|
stack
|
page read and write
|
||
|
420000
|
trusted library allocation
|
page read and write
|
||
|
2B7000
|
heap
|
page read and write
|
||
|
2980000
|
trusted library allocation
|
page read and write
|
||
|
3CE0000
|
trusted library allocation
|
page read and write
|
||
|
1C63000
|
heap
|
page read and write
|
||
|
3CE0000
|
trusted library allocation
|
page read and write
|
||
|
53C000
|
heap
|
page read and write
|
||
|
CC000
|
stack
|
page read and write
|
||
|
4AB000
|
stack
|
page read and write
|
||
|
2C40000
|
trusted library allocation
|
page read and write
|
||
|
170000
|
heap
|
page read and write
|
||
|
2130000
|
heap
|
page read and write
|
||
|
3CE0000
|
trusted library allocation
|
page read and write
|
||
|
2C40000
|
trusted library allocation
|
page read and write
|
||
|
380000
|
remote allocation
|
page read and write
|
||
|
38E1000
|
trusted library allocation
|
page read and write
|
||
|
3DA0000
|
trusted library allocation
|
page read and write
|
||
|
15D0000
|
trusted library allocation
|
page read and write
|
||
|
1C77000
|
heap
|
page read and write
|
||
|
3791000
|
trusted library allocation
|
page read and write
|
||
|
370000
|
heap
|
page read and write
|
||
|
36E1000
|
trusted library allocation
|
page read and write
|
||
|
3CE0000
|
trusted library allocation
|
page read and write
|
||
|
370000
|
heap
|
page read and write
|
||
|
2A0000
|
heap
|
page read and write
|
||
|
2980000
|
trusted library allocation
|
page read and write
|
||
|
420000
|
trusted library allocation
|
page read and write
|
||
|
557000
|
heap
|
page read and write
|
||
|
2AE000
|
heap
|
page read and write
|
||
|
37AA000
|
trusted library allocation
|
page read and write
|
||
|
36E1000
|
trusted library allocation
|
page read and write
|
||
|
1EA000
|
stack
|
page read and write
|
||
|
3CE0000
|
trusted library allocation
|
page read and write
|
||
|
2A1B000
|
heap
|
page read and write
|
||
|
1BB1000
|
heap
|
page read and write
|
||
|
3CE0000
|
trusted library allocation
|
page read and write
|
||
|
3156000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2980000
|
trusted library allocation
|
page read and write
|
||
|
3136000
|
trusted library allocation
|
page read and write
|
||
|
3D80000
|
trusted library allocation
|
page read and write
|
||
|
313F000
|
trusted library allocation
|
page read and write
|
||
|
C40000
|
trusted library allocation
|
page read and write
|
||
|
D1000
|
heap
|
page read and write
|
||
|
420000
|
trusted library allocation
|
page read and write
|
||
|
420000
|
trusted library allocation
|
page read and write
|
||
|
11BF000
|
stack
|
page read and write
|
||
|
3D90000
|
trusted library allocation
|
page read and write
|
||
|
368000
|
heap
|
page read and write
|
||
|
2C40000
|
trusted library allocation
|
page read and write
|
||
|
C6000
|
heap
|
page read and write
|
||
|
2B6D000
|
stack
|
page read and write
|
||
|
D0000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2E7000
|
heap
|
page read and write
|
||
|
310E000
|
trusted library allocation
|
page read and write
|
||
|
3CE0000
|
trusted library allocation
|
page read and write
|
||
|
30C000
|
heap
|
page read and write
|
||
|
3D80000
|
trusted library allocation
|
page read and write
|
||
|
3AB5000
|
trusted library allocation
|
page read and write
|
||
|
2C40000
|
trusted library allocation
|
page read and write
|
||
|
420000
|
trusted library allocation
|
page read and write
|
||
|
744000
|
heap
|
page read and write
|
||
|
2305000
|
trusted library allocation
|
page read and write
|
||
|
3A6000
|
heap
|
page read and write
|
||
|
364000
|
heap
|
page read and write
|
||
|
3D80000
|
trusted library allocation
|
page read and write
|
||
|
BD000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
420000
|
trusted library allocation
|
page read and write
|
||
|
2FC000
|
heap
|
page read and write
|
||
|
3144000
|
trusted library allocation
|
page read and write
|
||
|
F10000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
1F85000
|
heap
|
page read and write
|
||
|
15D000
|
stack
|
page read and write
|
||
|
22B0000
|
trusted library allocation
|
page read and write
|
||
|
3148000
|
trusted library allocation
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
354000
|
heap
|
page read and write
|
||
|
3CE0000
|
trusted library allocation
|
page read and write
|
||
|
370000
|
trusted library allocation
|
page read and write
|
||
|
52D000
|
heap
|
page read and write
|
||
|
3F8000
|
heap
|
page read and write
|
||
|
2DC000
|
heap
|
page read and write
|
||
|
2A5E000
|
stack
|
page read and write
|
||
|
3DA0000
|
trusted library allocation
|
page read and write
|
||
|
304000
|
heap
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
100C000
|
stack
|
page read and write
|
||
|
33A000
|
heap
|
page read and write
|
||
|
727000
|
heap
|
page read and write
|
||
|
3A91000
|
trusted library allocation
|
page read and write
|
||
|
1C6B000
|
heap
|
page read and write
|
||
|
420000
|
trusted library allocation
|
page read and write
|
||
|
3A96000
|
heap
|
page read and write
|
||
|
3CE0000
|
trusted library allocation
|
page read and write
|
||
|
3779000
|
trusted library allocation
|
page read and write
|
||
|
3D80000
|
trusted library allocation
|
page read and write
|
||
|
2135000
|
heap
|
page read and write
|
||
|
1FBB000
|
heap
|
page read and write
|
||
|
26CF000
|
heap
|
page read and write
|
||
|
7EFE0000
|
unkown
|
page readonly
|
||
|
1D4000
|
heap
|
page read and write
|
||
|
2C40000
|
trusted library allocation
|
page read and write
|
||
|
297000
|
stack
|
page read and write
|
||
|
C04000
|
heap
|
page read and write
|
||
|
294E000
|
stack
|
page read and write
|
||
|
420000
|
trusted library allocation
|
page read and write
|
||
|
1DD0000
|
trusted library allocation
|
page read and write
|
||
|
2C40000
|
trusted library allocation
|
page read and write
|
||
|
420000
|
trusted library allocation
|
page read and write
|
||
|
313B000
|
trusted library allocation
|
page read and write
|
||
|
1968000
|
stack
|
page read and write
|
||
|
3CE0000
|
trusted library allocation
|
page read and write
|
||
|
27B0000
|
trusted library allocation
|
page read and write
|
||
|
39B4000
|
trusted library allocation
|
page read and write
|
||
|
310E000
|
trusted library allocation
|
page read and write
|
||
|
2124000
|
heap
|
page read and write
|
||
|
420000
|
trusted library allocation
|
page read and write
|
||
|
36E1000
|
trusted library allocation
|
page read and write
|
||
|
3D90000
|
trusted library allocation
|
page read and write
|
||
|
6E411000
|
unkown
|
page execute read
|
||
|
3151000
|
trusted library allocation
|
page read and write
|
||
|
3D90000
|
trusted library allocation
|
page read and write
|
||
|
363000
|
heap
|
page read and write
|
||
|
470000
|
heap
|
page read and write
|
||
|
420000
|
trusted library allocation
|
page read and write
|
||
|
3DB0000
|
trusted library allocation
|
page read and write
|
||
|
3CE0000
|
trusted library allocation
|
page read and write
|
||
|
598000
|
heap
|
page read and write
|
||
|
26D000
|
stack
|
page read and write
|
||
|
1C7E000
|
heap
|
page read and write
|
||
|
3DA0000
|
trusted library allocation
|
page read and write
|
||
|
2070000
|
heap
|
page read and write
|
||
|
1BCA000
|
heap
|
page read and write
|
||
|
216B000
|
heap
|
page read and write
|
||
|
2E6000
|
heap
|
page read and write
|
||
|
69C000
|
stack
|
page read and write
|
||
|
230A000
|
trusted library allocation
|
page read and write
|
||
|
13FF000
|
stack
|
page read and write
|
||
|
7EFE0000
|
unkown
|
page readonly
|
||
|
C00000
|
heap
|
page read and write
|
||
|
1A78000
|
stack
|
page read and write
|
||
|
36E1000
|
trusted library allocation
|
page read and write
|
||
|
2303000
|
trusted library allocation
|
page read and write
|
||
|
310E000
|
trusted library allocation
|
page read and write
|
||
|
364000
|
heap
|
page read and write
|
||
|
420000
|
trusted library allocation
|
page read and write
|
||
|
1C70000
|
heap
|
page read and write
|
||
|
310E000
|
trusted library allocation
|
page read and write
|
||
|
2CA000
|
heap
|
page read and write
|
||
|
5CF000
|
heap
|
page read and write
|
||
|
39D6000
|
trusted library allocation
|
page read and write
|
||
|
380000
|
remote allocation
|
page read and write
|
||
|
1BB2000
|
heap
|
page read and write
|
||
|
1C60000
|
heap
|
page read and write
|
||
|
245F000
|
stack
|
page read and write
|
||
|
3EF000
|
heap
|
page read and write
|
||
|
269000
|
stack
|
page read and write
|
||
|
3D80000
|
trusted library allocation
|
page read and write
|
||
|
3CE0000
|
trusted library allocation
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
310E000
|
trusted library allocation
|
page read and write
|
||
|
22B000
|
stack
|
page read and write
|
||
|
3CE0000
|
trusted library allocation
|
page read and write
|
||
|
3CE0000
|
trusted library allocation
|
page read and write
|
||
|
51D000
|
heap
|
page read and write
|
||
|
215B000
|
heap
|
page read and write
|
||
|
270000
|
heap
|
page read and write
|
||
|
5B4000
|
heap
|
page read and write
|
||
|
315A000
|
trusted library allocation
|
page read and write
|
||
|
357000
|
heap
|
page read and write
|
||
|
1489000
|
stack
|
page read and write
|
||
|
310E000
|
trusted library allocation
|
page read and write
|
||
|
3DB0000
|
trusted library allocation
|
page read and write
|
||
|
39DB000
|
trusted library allocation
|
page read and write
|
||
|
35B000
|
heap
|
page read and write
|
||
|
26DC000
|
heap
|
page read and write
|
||
|
420000
|
trusted library allocation
|
page read and write
|
||
|
306000
|
heap
|
page read and write
|
||
|
3DA0000
|
trusted library allocation
|
page read and write
|
||
|
15E000
|
heap
|
page read and write
|
||
|
3EA000
|
heap
|
page read and write
|
||
|
3E60000
|
trusted library allocation
|
page read and write
|
||
|
13CC000
|
stack
|
page read and write
|
||
|
35C000
|
heap
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
25D000
|
heap
|
page read and write
|
||
|
150000
|
heap
|
page read and write
|
||
|
4C0000
|
trusted library section
|
page read and write
|
||
|
230E000
|
trusted library allocation
|
page read and write
|
||
|
3190000
|
trusted library allocation
|
page read and write
|
||
|
310E000
|
trusted library allocation
|
page read and write
|
||
|
FE000
|
heap
|
page read and write
|
||
|
3CE0000
|
trusted library allocation
|
page read and write
|
||
|
2980000
|
trusted library allocation
|
page read and write
|
||
|
3C4000
|
heap
|
page read and write
|
||
|
365000
|
heap
|
page read and write
|
||
|
1E20000
|
heap
|
page read and write
|
||
|
362000
|
heap
|
page read and write
|
||
|
11C0000
|
trusted library allocation
|
page read and write
|
||
|
3CE0000
|
trusted library allocation
|
page read and write
|
||
|
1BB9000
|
heap
|
page read and write
|
||
|
26C1000
|
heap
|
page read and write
|
||
|
2980000
|
trusted library allocation
|
page read and write
|
||
|
27AF000
|
stack
|
page read and write
|
||
|
1D0000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
378B000
|
trusted library allocation
|
page read and write
|
There are 434 hidden memdumps, click here to show them.