Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
r3zg12.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: Adobe Acrobat PDF Browser Plugin 4.8.25, Author: Adobe Inc., Keywords: Installer, Comments: Adobe Acrobat
PDF Browser Plugin, Template: Intel;1033, Revision Number: {880CDD59-0C2C-49AC-BA45-82BB01CD8BD1}, Create Time/Date: Tue May
30 14:29:16 2023, Last Saved Time/Date: Tue May 30 14:29:16 2023, Number of Pages: 200, Number of Words: 10, Name of Creating
Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
|
initial sample
|
 |
|
|
C:\Config.Msi\5334e8.rbs
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\AdobeAcrobatPDFBrowserPlugin\main.dll
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\AdobeAcrobatPDFBrowserPlugin\notify.vbs
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Installer\5334e7.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: Adobe Acrobat PDF Browser Plugin 4.8.25, Author: Adobe Inc., Keywords: Installer, Comments: Adobe Acrobat
PDF Browser Plugin, Template: Intel;1033, Revision Number: {880CDD59-0C2C-49AC-BA45-82BB01CD8BD1}, Create Time/Date: Tue May
30 14:29:16 2023, Last Saved Time/Date: Tue May 30 14:29:16 2023, Number of Pages: 200, Number of Words: 10, Name of Creating
Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
|
dropped
|
||
|
C:\Windows\Installer\5334e9.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: Adobe Acrobat PDF Browser Plugin 4.8.25, Author: Adobe Inc., Keywords: Installer, Comments: Adobe Acrobat
PDF Browser Plugin, Template: Intel;1033, Revision Number: {880CDD59-0C2C-49AC-BA45-82BB01CD8BD1}, Create Time/Date: Tue May
30 14:29:16 2023, Last Saved Time/Date: Tue May 30 14:29:16 2023, Number of Pages: 200, Number of Words: 10, Name of Creating
Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
|
dropped
|
||
|
C:\Windows\Installer\MSI36EA.tmp
|
data
|
dropped
|
||
|
C:\Windows\Installer\SourceHash{BADFC54D-C40E-45B2-8055-C154444F1F83}
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Installer\inprogressinstallinfo.ipi
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\~DF09B6AE6DA39A576A.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF29580D728BC5B4ED.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF385081A1CE239BA3.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF3DD2B7692E631D41.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF4C3BF86A9825BAFE.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF5DF60473004ABCC7.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF6B3BC2C5354ED014.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF7864E6E6496DBA61.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF8AE2E68986D61390.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF934EA1F7B18385F5.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFC5E20CC9F13FECB6.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DFDD7490D2FF8A1B23.TMP
|
data
|
dropped
|
||
|
C:\Config.Msi\725f14.rbs
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF737A82605D542653.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF9424631930F5E6F6.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DFCE21E83529306783.TMP
|
data
|
dropped
|
||
|
C:\Windows\Installer\725f12.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: Adobe Acrobat PDF Browser Plugin 4.8.25, Author: Adobe Inc., Keywords: Installer, Comments: Adobe Acrobat
PDF Browser Plugin, Template: Intel;1033, Revision Number: {880CDD59-0C2C-49AC-BA45-82BB01CD8BD1}, Create Time/Date: Tue May
30 14:29:16 2023, Last Saved Time/Date: Tue May 30 14:29:16 2023, Number of Pages: 200, Number of Words: 10, Name of Creating
Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
|
dropped
|
||
|
C:\Windows\Installer\725f13.ipi
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Installer\725f15.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: Adobe Acrobat PDF Browser Plugin 4.8.25, Author: Adobe Inc., Keywords: Installer, Comments: Adobe Acrobat
PDF Browser Plugin, Template: Intel;1033, Revision Number: {880CDD59-0C2C-49AC-BA45-82BB01CD8BD1}, Create Time/Date: Tue May
30 14:29:16 2023, Last Saved Time/Date: Tue May 30 14:29:16 2023, Number of Pages: 200, Number of Words: 10, Name of Creating
Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
|
dropped
|
||
|
C:\Windows\Installer\MSIDFB6.tmp
|
data
|
dropped
|
There are 20 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\AppData\Local\AdobeAcrobatPDFBrowserPlugin\main.dll,next
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\AppData\Local\AdobeAcrobatPDFBrowserPlugin\main.dll,next
|
|
|
|
C:\Windows\SysWOW64\wermgr.exe
|
C:\Windows\SysWOW64\wermgr.exe
|
|
|
|
C:\Windows\System32\msiexec.exe
|
"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\r3zg12.msi"
|
||
|
C:\Windows\System32\msiexec.exe
|
C:\Windows\system32\msiexec.exe /V
|
||
|
C:\Windows\System32\wscript.exe
|
wscript.exe C:\Users\user\AppData\Local\AdobeAcrobatPDFBrowserPlugin\notify.vbs
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://streams.videolan.org/upload/
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
2.82.8.80
|
unknown
|
Portugal
|
|
|
|
70.160.67.203
|
unknown
|
United States
|
|
|
|
75.143.236.149
|
unknown
|
United States
|
|
|
|
83.110.223.61
|
unknown
|
United Arab Emirates
|
|
|
|
86.195.14.72
|
unknown
|
France
|
|
|
|
84.215.202.8
|
unknown
|
Norway
|
|
|
|
184.182.66.109
|
unknown
|
United States
|
|
|
|
105.184.103.97
|
unknown
|
South Africa
|
|
|
|
92.186.69.229
|
unknown
|
France
|
|
|
|
174.4.89.3
|
unknown
|
Canada
|
|
|
|
161.142.103.187
|
unknown
|
Malaysia
|
|
|
|
114.143.176.236
|
unknown
|
India
|
|
|
|
14.192.241.76
|
unknown
|
Malaysia
|
|
|
|
173.88.135.179
|
unknown
|
United States
|
|
|
|
84.108.200.161
|
unknown
|
Israel
|
|
|
|
47.34.30.133
|
unknown
|
United States
|
|
|
|
183.87.163.165
|
unknown
|
India
|
|
|
|
124.149.143.189
|
unknown
|
Australia
|
|
|
|
184.181.75.148
|
unknown
|
United States
|
|
|
|
84.35.26.14
|
unknown
|
Netherlands
|
|
|
|
73.29.92.128
|
unknown
|
United States
|
|
|
|
68.203.69.96
|
unknown
|
United States
|
|
|
|
82.131.141.209
|
unknown
|
Hungary
|
|
|
|
64.121.161.102
|
unknown
|
United States
|
|
|
|
178.175.187.254
|
unknown
|
Moldova Republic of
|
|
|
|
96.56.197.26
|
unknown
|
United States
|
|
|
|
186.64.67.30
|
unknown
|
Argentina
|
|
|
|
188.28.19.84
|
unknown
|
United Kingdom
|
|
|
|
125.99.76.102
|
unknown
|
India
|
|
|
|
81.101.185.146
|
unknown
|
United Kingdom
|
|
|
|
86.176.144.234
|
unknown
|
United Kingdom
|
|
|
|
59.28.84.65
|
unknown
|
Korea Republic of
|
|
|
|
76.86.31.59
|
unknown
|
United States
|
|
|
|
147.147.30.126
|
unknown
|
United Kingdom
|
|
|
|
96.87.28.170
|
unknown
|
United States
|
|
|
|
75.109.111.89
|
unknown
|
United States
|
|
|
|
78.92.133.215
|
unknown
|
Hungary
|
|
|
|
124.122.47.148
|
unknown
|
Thailand
|
|
|
|
88.126.94.4
|
unknown
|
France
|
|
|
|
51.14.29.227
|
unknown
|
United Kingdom
|
|
|
|
85.57.212.13
|
unknown
|
Spain
|
|
|
|
47.205.25.170
|
unknown
|
United States
|
|
|
|
95.45.50.93
|
unknown
|
Ireland
|
|
|
|
80.12.88.148
|
unknown
|
France
|
|
|
|
81.111.108.123
|
unknown
|
United Kingdom
|
|
|
|
69.133.162.35
|
unknown
|
United States
|
|
|
|
86.132.236.117
|
unknown
|
United Kingdom
|
|
|
|
151.62.238.176
|
unknown
|
Italy
|
|
|
|
70.112.206.5
|
unknown
|
United States
|
|
|
|
41.228.224.161
|
unknown
|
Tunisia
|
|
|
|
205.237.67.69
|
unknown
|
Canada
|
|
|
|
102.159.188.125
|
unknown
|
Tunisia
|
|
|
|
151.65.167.77
|
unknown
|
Italy
|
|
|
|
76.178.148.107
|
unknown
|
United States
|
|
|
|
89.36.206.69
|
unknown
|
Italy
|
|
|
|
69.242.31.249
|
unknown
|
United States
|
|
|
|
85.104.105.67
|
unknown
|
Turkey
|
|
|
|
94.207.104.225
|
unknown
|
United Arab Emirates
|
|
|
|
193.253.100.236
|
unknown
|
France
|
|
|
|
76.16.49.134
|
unknown
|
United States
|
|
|
|
201.244.108.183
|
unknown
|
Colombia
|
|
|
|
103.42.86.42
|
unknown
|
India
|
|
|
|
78.18.105.11
|
unknown
|
Ireland
|
|
|
|
80.6.50.34
|
unknown
|
United Kingdom
|
|
|
|
103.144.201.56
|
unknown
|
unknown
|
|
|
|
27.0.48.233
|
unknown
|
India
|
|
|
|
70.28.50.223
|
unknown
|
Canada
|
|
|
|
98.145.23.67
|
unknown
|
United States
|
|
|
|
82.125.44.236
|
unknown
|
France
|
|
|
|
81.229.117.95
|
unknown
|
Sweden
|
|
|
|
89.129.109.27
|
unknown
|
Spain
|
|
|
|
122.186.210.254
|
unknown
|
India
|
|
|
|
79.77.142.22
|
unknown
|
United Kingdom
|
|
|
|
90.78.147.141
|
unknown
|
France
|
|
|
|
122.184.143.86
|
unknown
|
India
|
|
|
|
186.75.95.6
|
unknown
|
Panama
|
|
|
|
50.68.186.195
|
unknown
|
Canada
|
|
|
|
12.172.173.82
|
unknown
|
United States
|
|
|
|
213.64.33.61
|
unknown
|
Sweden
|
|
|
|
79.168.224.165
|
unknown
|
Portugal
|
|
|
|
176.142.207.63
|
unknown
|
France
|
|
|
|
86.173.2.12
|
unknown
|
United Kingdom
|
|
|
|
92.154.17.149
|
unknown
|
France
|
|
|
|
78.160.146.127
|
unknown
|
Turkey
|
|
|
|
58.186.75.42
|
unknown
|
Viet Nam
|
|
|
|
223.166.13.95
|
unknown
|
China
|
|
|
|
65.95.141.84
|
unknown
|
Canada
|
|
|
|
50.68.204.71
|
unknown
|
Canada
|
|
|
|
71.38.155.217
|
unknown
|
United States
|
|
|
|
220.240.164.182
|
unknown
|
Australia
|
|
|
|
103.123.223.133
|
unknown
|
India
|
|
|
|
24.198.114.130
|
unknown
|
United States
|
|
|
|
2.36.64.159
|
unknown
|
Italy
|
|
|
|
198.2.51.242
|
unknown
|
United States
|
|
|
|
92.9.45.20
|
unknown
|
United Kingdom
|
|
|
|
113.11.92.30
|
unknown
|
Bangladesh
|
|
|
|
109.50.149.241
|
unknown
|
Portugal
|
|
|
|
69.119.123.159
|
unknown
|
United States
|
|
|
|
172.115.17.50
|
unknown
|
United States
|
|
|
|
147.219.4.194
|
unknown
|
United States
|
|
There are 90 hidden IPs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Config.Msi\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\5334e8.rbs
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\5334e8.rbsLow
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3853321935-2125563209-4053062332-1002\Components\DF2B5B287322BA24F9303B9BAE3B0000
|
D45CFDABE04C2B5408551C4544F4F138
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Local\AdobeAcrobatPDFBrowserPlugin\
|
||
|
HKEY_CURRENT_USER\Software\AdobeAcrobatPDFBrowserPlugin
|
AdobeAcrobatPDFBrowserPlugin
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3853321935-2125563209-4053062332-1002\Products\D45CFDABE04C2B5408551C4544F4F138\InstallProperties
|
LocalPackage
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3853321935-2125563209-4053062332-1002\Products\D45CFDABE04C2B5408551C4544F4F138\InstallProperties
|
AuthorizedCDFPrefix
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3853321935-2125563209-4053062332-1002\Products\D45CFDABE04C2B5408551C4544F4F138\InstallProperties
|
Comments
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3853321935-2125563209-4053062332-1002\Products\D45CFDABE04C2B5408551C4544F4F138\InstallProperties
|
Contact
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3853321935-2125563209-4053062332-1002\Products\D45CFDABE04C2B5408551C4544F4F138\InstallProperties
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3853321935-2125563209-4053062332-1002\Products\D45CFDABE04C2B5408551C4544F4F138\InstallProperties
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3853321935-2125563209-4053062332-1002\Products\D45CFDABE04C2B5408551C4544F4F138\InstallProperties
|
HelpTelephone
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3853321935-2125563209-4053062332-1002\Products\D45CFDABE04C2B5408551C4544F4F138\InstallProperties
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3853321935-2125563209-4053062332-1002\Products\D45CFDABE04C2B5408551C4544F4F138\InstallProperties
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3853321935-2125563209-4053062332-1002\Products\D45CFDABE04C2B5408551C4544F4F138\InstallProperties
|
InstallSource
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3853321935-2125563209-4053062332-1002\Products\D45CFDABE04C2B5408551C4544F4F138\InstallProperties
|
ModifyPath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3853321935-2125563209-4053062332-1002\Products\D45CFDABE04C2B5408551C4544F4F138\InstallProperties
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3853321935-2125563209-4053062332-1002\Products\D45CFDABE04C2B5408551C4544F4F138\InstallProperties
|
Readme
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3853321935-2125563209-4053062332-1002\Products\D45CFDABE04C2B5408551C4544F4F138\InstallProperties
|
Size
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3853321935-2125563209-4053062332-1002\Products\D45CFDABE04C2B5408551C4544F4F138\InstallProperties
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3853321935-2125563209-4053062332-1002\Products\D45CFDABE04C2B5408551C4544F4F138\InstallProperties
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3853321935-2125563209-4053062332-1002\Products\D45CFDABE04C2B5408551C4544F4F138\InstallProperties
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3853321935-2125563209-4053062332-1002\Products\D45CFDABE04C2B5408551C4544F4F138\InstallProperties
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3853321935-2125563209-4053062332-1002\Products\D45CFDABE04C2B5408551C4544F4F138\InstallProperties
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3853321935-2125563209-4053062332-1002\Products\D45CFDABE04C2B5408551C4544F4F138\InstallProperties
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3853321935-2125563209-4053062332-1002\Products\D45CFDABE04C2B5408551C4544F4F138\InstallProperties
|
WindowsInstaller
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3853321935-2125563209-4053062332-1002\Products\D45CFDABE04C2B5408551C4544F4F138\InstallProperties
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3853321935-2125563209-4053062332-1002\Products\D45CFDABE04C2B5408551C4544F4F138\InstallProperties
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BADFC54D-C40E-45B2-8055-C154444F1F83}
|
AuthorizedCDFPrefix
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BADFC54D-C40E-45B2-8055-C154444F1F83}
|
Comments
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BADFC54D-C40E-45B2-8055-C154444F1F83}
|
Contact
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BADFC54D-C40E-45B2-8055-C154444F1F83}
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BADFC54D-C40E-45B2-8055-C154444F1F83}
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BADFC54D-C40E-45B2-8055-C154444F1F83}
|
HelpTelephone
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BADFC54D-C40E-45B2-8055-C154444F1F83}
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BADFC54D-C40E-45B2-8055-C154444F1F83}
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BADFC54D-C40E-45B2-8055-C154444F1F83}
|
InstallSource
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BADFC54D-C40E-45B2-8055-C154444F1F83}
|
ModifyPath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BADFC54D-C40E-45B2-8055-C154444F1F83}
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BADFC54D-C40E-45B2-8055-C154444F1F83}
|
Readme
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BADFC54D-C40E-45B2-8055-C154444F1F83}
|
Size
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BADFC54D-C40E-45B2-8055-C154444F1F83}
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BADFC54D-C40E-45B2-8055-C154444F1F83}
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BADFC54D-C40E-45B2-8055-C154444F1F83}
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BADFC54D-C40E-45B2-8055-C154444F1F83}
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BADFC54D-C40E-45B2-8055-C154444F1F83}
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BADFC54D-C40E-45B2-8055-C154444F1F83}
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BADFC54D-C40E-45B2-8055-C154444F1F83}
|
WindowsInstaller
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BADFC54D-C40E-45B2-8055-C154444F1F83}
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BADFC54D-C40E-45B2-8055-C154444F1F83}
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\100000007322BA24F9303B9BAE3B502B
|
D45CFDABE04C2B5408551C4544F4F138
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3853321935-2125563209-4053062332-1002\Products\D45CFDABE04C2B5408551C4544F4F138\InstallProperties
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BADFC54D-C40E-45B2-8055-C154444F1F83}
|
DisplayName
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Installer\Features\D45CFDABE04C2B5408551C4544F4F138
|
MainProgram
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3853321935-2125563209-4053062332-1002\Products\D45CFDABE04C2B5408551C4544F4F138\Features
|
MainProgram
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Installer\Features\D45CFDABE04C2B5408551C4544F4F138
|
Complete
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3853321935-2125563209-4053062332-1002\Products\D45CFDABE04C2B5408551C4544F4F138\Features
|
Complete
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3853321935-2125563209-4053062332-1002\Products\D45CFDABE04C2B5408551C4544F4F138\Patches
|
AllPatches
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\D45CFDABE04C2B5408551C4544F4F138
|
ProductName
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\D45CFDABE04C2B5408551C4544F4F138
|
PackageCode
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\D45CFDABE04C2B5408551C4544F4F138
|
Language
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\D45CFDABE04C2B5408551C4544F4F138
|
Version
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\D45CFDABE04C2B5408551C4544F4F138
|
Assignment
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\D45CFDABE04C2B5408551C4544F4F138
|
AdvertiseFlags
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\D45CFDABE04C2B5408551C4544F4F138
|
InstanceType
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\D45CFDABE04C2B5408551C4544F4F138
|
AuthorizedLUAApp
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\D45CFDABE04C2B5408551C4544F4F138
|
DeploymentFlags
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Installer\UpgradeCodes\100000007322BA24F9303B9BAE3B502B
|
D45CFDABE04C2B5408551C4544F4F138
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\D45CFDABE04C2B5408551C4544F4F138\SourceList
|
PackageName
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\D45CFDABE04C2B5408551C4544F4F138\SourceList\Net
|
1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\D45CFDABE04C2B5408551C4544F4F138\SourceList\Media
|
1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\D45CFDABE04C2B5408551C4544F4F138
|
Clients
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\D45CFDABE04C2B5408551C4544F4F138\SourceList
|
LastUsedSource
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Iwzhphvqnftb
|
d05a95f2
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Iwzhphvqnftb
|
e5c545bc
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Iwzhphvqnftb
|
e78465c0
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Iwzhphvqnftb
|
5f3802a5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Iwzhphvqnftb
|
22304d2f
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Iwzhphvqnftb
|
9a8c2a4a
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Iwzhphvqnftb
|
5d7922d9
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Iwzhphvqnftb
|
af13fa04
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Iwzhphvqnftb
|
d05a95f2
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Iwzhphvqnftb
|
d05a95f2
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
IDENTIFY (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
IDENTIFY (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
PREPAREBACKUP (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
PREPAREBACKUP (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\725f14.rbs
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\725f14.rbsLow
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Components\DF2B5B287322BA24F9303B9BAE3B0000
|
D45CFDABE04C2B5408551C4544F4F138
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\D45CFDABE04C2B5408551C4544F4F138\InstallProperties
|
LocalPackage
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\D45CFDABE04C2B5408551C4544F4F138\InstallProperties
|
AuthorizedCDFPrefix
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\D45CFDABE04C2B5408551C4544F4F138\InstallProperties
|
Comments
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\D45CFDABE04C2B5408551C4544F4F138\InstallProperties
|
Contact
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\D45CFDABE04C2B5408551C4544F4F138\InstallProperties
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\D45CFDABE04C2B5408551C4544F4F138\InstallProperties
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\D45CFDABE04C2B5408551C4544F4F138\InstallProperties
|
HelpTelephone
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\D45CFDABE04C2B5408551C4544F4F138\InstallProperties
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\D45CFDABE04C2B5408551C4544F4F138\InstallProperties
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\D45CFDABE04C2B5408551C4544F4F138\InstallProperties
|
InstallSource
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\D45CFDABE04C2B5408551C4544F4F138\InstallProperties
|
ModifyPath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\D45CFDABE04C2B5408551C4544F4F138\InstallProperties
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\D45CFDABE04C2B5408551C4544F4F138\InstallProperties
|
Readme
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\D45CFDABE04C2B5408551C4544F4F138\InstallProperties
|
Size
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\D45CFDABE04C2B5408551C4544F4F138\InstallProperties
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\D45CFDABE04C2B5408551C4544F4F138\InstallProperties
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\D45CFDABE04C2B5408551C4544F4F138\InstallProperties
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\D45CFDABE04C2B5408551C4544F4F138\InstallProperties
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\D45CFDABE04C2B5408551C4544F4F138\InstallProperties
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\D45CFDABE04C2B5408551C4544F4F138\InstallProperties
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\D45CFDABE04C2B5408551C4544F4F138\InstallProperties
|
WindowsInstaller
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\D45CFDABE04C2B5408551C4544F4F138\InstallProperties
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\D45CFDABE04C2B5408551C4544F4F138\InstallProperties
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BADFC54D-C40E-45B2-8055-C154444F1F83}
|
AuthorizedCDFPrefix
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BADFC54D-C40E-45B2-8055-C154444F1F83}
|
Comments
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BADFC54D-C40E-45B2-8055-C154444F1F83}
|
Contact
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BADFC54D-C40E-45B2-8055-C154444F1F83}
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BADFC54D-C40E-45B2-8055-C154444F1F83}
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BADFC54D-C40E-45B2-8055-C154444F1F83}
|
HelpTelephone
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BADFC54D-C40E-45B2-8055-C154444F1F83}
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BADFC54D-C40E-45B2-8055-C154444F1F83}
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BADFC54D-C40E-45B2-8055-C154444F1F83}
|
InstallSource
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BADFC54D-C40E-45B2-8055-C154444F1F83}
|
ModifyPath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BADFC54D-C40E-45B2-8055-C154444F1F83}
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BADFC54D-C40E-45B2-8055-C154444F1F83}
|
Readme
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BADFC54D-C40E-45B2-8055-C154444F1F83}
|
Size
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BADFC54D-C40E-45B2-8055-C154444F1F83}
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BADFC54D-C40E-45B2-8055-C154444F1F83}
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BADFC54D-C40E-45B2-8055-C154444F1F83}
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BADFC54D-C40E-45B2-8055-C154444F1F83}
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BADFC54D-C40E-45B2-8055-C154444F1F83}
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BADFC54D-C40E-45B2-8055-C154444F1F83}
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BADFC54D-C40E-45B2-8055-C154444F1F83}
|
WindowsInstaller
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BADFC54D-C40E-45B2-8055-C154444F1F83}
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BADFC54D-C40E-45B2-8055-C154444F1F83}
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\D45CFDABE04C2B5408551C4544F4F138\InstallProperties
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BADFC54D-C40E-45B2-8055-C154444F1F83}
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\D45CFDABE04C2B5408551C4544F4F138\Features
|
MainProgram
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\D45CFDABE04C2B5408551C4544F4F138\Features
|
Complete
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-966771315-3019405637-367336477-1006\Products\D45CFDABE04C2B5408551C4544F4F138\Patches
|
AllPatches
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
|
SrCreateRp (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppCreate (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
|
LastIndex
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppGatherWriterMetadata (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppGatherWriterMetadata (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppAddInterestingComponents (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppAddInterestingComponents (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppCreate (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
|
SrCreateRp (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
|
SrCreateRp (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppCreate (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
|
LastIndex
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppGatherWriterMetadata (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
IDENTIFY (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
IDENTIFY (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppGatherWriterMetadata (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppAddInterestingComponents (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppAddInterestingComponents (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
PREPAREBACKUP (Enter)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
|
SppCreate (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
|
SrCreateRp (Leave)
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
|
PREPAREBACKUP (Leave)
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Vlotrabeib
|
ba1a3b32
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Vlotrabeib
|
8f85eb7c
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Vlotrabeib
|
8dc4cb00
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Vlotrabeib
|
3578ac65
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Vlotrabeib
|
4870e3ef
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Vlotrabeib
|
f0cc848a
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Vlotrabeib
|
37398c19
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Vlotrabeib
|
c55354c4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Vlotrabeib
|
ba1a3b32
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Vlotrabeib
|
ba1a3b32
|
There are 167 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2D8A000
|
heap
|
page read and write
|
|
|
|
4AB0000
|
heap
|
page read and write
|
|
|
|
2A67000
|
heap
|
page read and write
|
||
|
2DC0000
|
heap
|
page read and write
|
||
|
594D000
|
heap
|
page read and write
|
||
|
2CC4000
|
heap
|
page read and write
|
||
|
5650000
|
trusted library allocation
|
page read and write
|
||
|
58D8000
|
heap
|
page read and write
|
||
|
5650000
|
trusted library allocation
|
page read and write
|
||
|
2479A133000
|
heap
|
page read and write
|
||
|
2479A144000
|
heap
|
page read and write
|
||
|
22B871F0000
|
trusted library allocation
|
page read and write
|
||
|
48F0000
|
heap
|
page read and write
|
||
|
594D000
|
heap
|
page read and write
|
||
|
13311280000
|
heap
|
page read and write
|
||
|
5650000
|
trusted library allocation
|
page read and write
|
||
|
1A0858C000
|
stack
|
page read and write
|
||
|
597B000
|
heap
|
page read and write
|
||
|
2479A15C000
|
heap
|
page read and write
|
||
|
22B86290000
|
trusted library allocation
|
page read and write
|
||
|
5A6C000
|
heap
|
page read and write
|
||
|
5650000
|
trusted library allocation
|
page read and write
|
||
|
56C1000
|
heap
|
page read and write
|
||
|
22B86FA0000
|
trusted library allocation
|
page read and write
|
||
|
58DC000
|
heap
|
page read and write
|
||
|
597B000
|
heap
|
page read and write
|
||
|
2479A16C000
|
heap
|
page read and write
|
||
|
22B863DC000
|
heap
|
page read and write
|
||
|
597D000
|
heap
|
page read and write
|
||
|
101E1000
|
unkown
|
page write copy
|
||
|
2479A36B000
|
heap
|
page read and write
|
||
|
6ED3000
|
heap
|
page read and write
|
||
|
56C1000
|
heap
|
page read and write
|
||
|
29EE000
|
stack
|
page read and write
|
||
|
100AA000
|
unkown
|
page read and write
|
||
|
4B2F000
|
heap
|
page read and write
|
||
|
22B86310000
|
heap
|
page read and write
|
||
|
2D64000
|
heap
|
page read and write
|
||
|
2DBF000
|
heap
|
page read and write
|
||
|
22B86398000
|
heap
|
page read and write
|
||
|
58CC000
|
heap
|
page read and write
|
||
|
58DC000
|
heap
|
page read and write
|
||
|
597D000
|
heap
|
page read and write
|
||
|
133113A7000
|
heap
|
page read and write
|
||
|
2860000
|
heap
|
page read and write
|
||
|
2479A133000
|
heap
|
page read and write
|
||
|
58D8000
|
heap
|
page read and write
|
||
|
2970000
|
heap
|
page read and write
|
||
|
2479BC20000
|
heap
|
page read and write
|
||
|
2479BC24000
|
heap
|
page read and write
|
||
|
6AF0000
|
heap
|
page read and write
|
||
|
22B865EB000
|
heap
|
page read and write
|
||
|
597D000
|
heap
|
page read and write
|
||
|
57C0000
|
trusted library allocation
|
page read and write
|
||
|
47E4000
|
heap
|
page read and write
|
||
|
6AF0000
|
heap
|
page read and write
|
||
|
58D8000
|
heap
|
page read and write
|
||
|
58D8000
|
heap
|
page read and write
|
||
|
6AF0000
|
heap
|
page read and write
|
||
|
58CC000
|
heap
|
page read and write
|
||
|
2DCA000
|
heap
|
page read and write
|
||
|
4AD3000
|
heap
|
page read and write
|
||
|
597D000
|
heap
|
page read and write
|
||
|
5650000
|
trusted library allocation
|
page read and write
|
||
|
58DC000
|
heap
|
page read and write
|
||
|
6ED8000
|
heap
|
page read and write
|
||
|
133113A0000
|
heap
|
page read and write
|
||
|
2CC4000
|
heap
|
page read and write
|
||
|
2479A128000
|
heap
|
page read and write
|
||
|
877B3FF000
|
stack
|
page read and write
|
||
|
2D41000
|
heap
|
page read and write
|
||
|
58CC000
|
heap
|
page read and write
|
||
|
5B983F9000
|
stack
|
page read and write
|
||
|
2479A159000
|
heap
|
page read and write
|
||
|
2C80000
|
direct allocation
|
page execute read
|
||
|
2479A144000
|
heap
|
page read and write
|
||
|
22B865E9000
|
heap
|
page read and write
|
||
|
28CC000
|
stack
|
page read and write
|
||
|
13311330000
|
heap
|
page read and write
|
||
|
100AB000
|
unkown
|
page readonly
|
||
|
596F000
|
heap
|
page read and write
|
||
|
290B000
|
stack
|
page read and write
|
||
|
58DC000
|
heap
|
page read and write
|
||
|
2479A2E0000
|
heap
|
page read and write
|
||
|
5B985FE000
|
stack
|
page read and write
|
||
|
597D000
|
heap
|
page read and write
|
||
|
56C1000
|
heap
|
page read and write
|
||
|
6AF0000
|
heap
|
page read and write
|
||
|
73EE000
|
heap
|
page read and write
|
||
|
6302000
|
heap
|
page read and write
|
||
|
58DC000
|
heap
|
page read and write
|
||
|
5650000
|
trusted library allocation
|
page read and write
|
||
|
2479A15C000
|
heap
|
page read and write
|
||
|
58DC000
|
heap
|
page read and write
|
||
|
2A67000
|
heap
|
page read and write
|
||
|
22B863D5000
|
heap
|
page read and write
|
||
|
2479D6C0000
|
heap
|
page read and write
|
||
|
2CC0000
|
heap
|
page read and write
|
||
|
2C90000
|
direct allocation
|
page read and write
|
||
|
2A67000
|
heap
|
page read and write
|
||
|
597B000
|
heap
|
page read and write
|
||
|
596F000
|
heap
|
page read and write
|
||
|
56C1000
|
heap
|
page read and write
|
||
|
597B000
|
heap
|
page read and write
|
||
|
597B000
|
heap
|
page read and write
|
||
|
2A67000
|
heap
|
page read and write
|
||
|
22B863DC000
|
heap
|
page read and write
|
||
|
101D8000
|
unkown
|
page readonly
|
||
|
596F000
|
heap
|
page read and write
|
||
|
2479A144000
|
heap
|
page read and write
|
||
|
5B984FE000
|
stack
|
page read and write
|
||
|
5B98479000
|
stack
|
page read and write
|
||
|
2479A360000
|
heap
|
page read and write
|
||
|
22B871E0000
|
heap
|
page readonly
|
||
|
5640000
|
trusted library allocation
|
page read and write
|
||
|
597D000
|
heap
|
page read and write
|
||
|
5B982FE000
|
stack
|
page read and write
|
||
|
594D000
|
heap
|
page read and write
|
||
|
6B14000
|
heap
|
page read and write
|
||
|
6ED4000
|
heap
|
page read and write
|
||
|
6AF0000
|
heap
|
page read and write
|
||
|
2DCA000
|
heap
|
page read and write
|
||
|
58D8000
|
heap
|
page read and write
|
||
|
73E9000
|
heap
|
page read and write
|
||
|
6B14000
|
heap
|
page read and write
|
||
|
22B865F0000
|
trusted library allocation
|
page read and write
|
||
|
56C1000
|
heap
|
page read and write
|
||
|
2CD0000
|
trusted library allocation
|
page read and write
|
||
|
133113AB000
|
heap
|
page read and write
|
||
|
2A67000
|
heap
|
page read and write
|
||
|
2D8C000
|
heap
|
page read and write
|
||
|
6B14000
|
heap
|
page read and write
|
||
|
22B86390000
|
heap
|
page read and write
|
||
|
58DC000
|
heap
|
page read and write
|
||
|
1A0887F000
|
stack
|
page read and write
|
||
|
6B14000
|
heap
|
page read and write
|
||
|
2CC4000
|
heap
|
page read and write
|
||
|
2CC4000
|
heap
|
page read and write
|
||
|
2D98000
|
heap
|
page read and write
|
||
|
2DCA000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
2479A110000
|
heap
|
page read and write
|
||
|
2479A160000
|
heap
|
page read and write
|
||
|
22B862F0000
|
heap
|
page read and write
|
||
|
2479A144000
|
heap
|
page read and write
|
||
|
5640000
|
trusted library allocation
|
page read and write
|
||
|
5B9827B000
|
stack
|
page read and write
|
||
|
2479A178000
|
heap
|
page read and write
|
||
|
6246000
|
heap
|
page read and write
|
||
|
6AF0000
|
heap
|
page read and write
|
||
|
2DCA000
|
heap
|
page read and write
|
||
|
596F000
|
heap
|
page read and write
|
||
|
101DE000
|
unkown
|
page write copy
|
||
|
133113B3000
|
heap
|
page read and write
|
||
|
646E000
|
heap
|
page read and write
|
||
|
6AF0000
|
heap
|
page read and write
|
||
|
2479A136000
|
heap
|
page read and write
|
||
|
594D000
|
heap
|
page read and write
|
||
|
47D0000
|
heap
|
page read and write
|
||
|
2479A177000
|
heap
|
page read and write
|
||
|
7BE9000
|
heap
|
page read and write
|
||
|
5AA4000
|
heap
|
page read and write
|
||
|
2DBF000
|
heap
|
page read and write
|
||
|
2479A149000
|
heap
|
page read and write
|
||
|
597B000
|
heap
|
page read and write
|
||
|
2479BF70000
|
heap
|
page read and write
|
||
|
6B14000
|
heap
|
page read and write
|
||
|
2479A12D000
|
heap
|
page read and write
|
||
|
22B865E0000
|
heap
|
page read and write
|
||
|
597B000
|
heap
|
page read and write
|
||
|
596F000
|
heap
|
page read and write
|
||
|
58CC000
|
heap
|
page read and write
|
||
|
58DC000
|
heap
|
page read and write
|
||
|
2479D820000
|
trusted library allocation
|
page read and write
|
||
|
2DCA000
|
heap
|
page read and write
|
||
|
594D000
|
heap
|
page read and write
|
||
|
5640000
|
trusted library allocation
|
page read and write
|
||
|
4B2F000
|
heap
|
page read and write
|
||
|
2DCA000
|
heap
|
page read and write
|
||
|
597D000
|
heap
|
page read and write
|
||
|
1A088FF000
|
stack
|
page read and write
|
||
|
6AF0000
|
heap
|
page read and write
|
||
|
2479A137000
|
heap
|
page read and write
|
||
|
22B86380000
|
trusted library allocation
|
page read and write
|
||
|
5B9837E000
|
stack
|
page read and write
|
||
|
2D70000
|
heap
|
page read and write
|
||
|
877B1FE000
|
stack
|
page read and write
|
||
|
2479A300000
|
heap
|
page read and write
|
||
|
58D8000
|
heap
|
page read and write
|
||
|
22B863DC000
|
heap
|
page read and write
|
||
|
2DCA000
|
heap
|
page read and write
|
||
|
6B14000
|
heap
|
page read and write
|
||
|
22B863DE000
|
heap
|
page read and write
|
||
|
2C80000
|
heap
|
page read and write
|
||
|
2479BF72000
|
heap
|
page read and write
|
||
|
101FC000
|
unkown
|
page readonly
|
||
|
58CC000
|
heap
|
page read and write
|
||
|
101DD000
|
unkown
|
page read and write
|
||
|
58D8000
|
heap
|
page read and write
|
||
|
2479A15C000
|
heap
|
page read and write
|
||
|
2C40000
|
heap
|
page readonly
|
||
|
58CC000
|
heap
|
page read and write
|
||
|
2479A165000
|
heap
|
page read and write
|
||
|
596F000
|
heap
|
page read and write
|
||
|
48F1000
|
heap
|
page read and write
|
||
|
597B000
|
heap
|
page read and write
|
||
|
2479A12D000
|
heap
|
page read and write
|
||
|
6ED5000
|
heap
|
page read and write
|
||
|
2479A148000
|
heap
|
page read and write
|
||
|
73E5000
|
heap
|
page read and write
|
||
|
596F000
|
heap
|
page read and write
|
||
|
63BD000
|
heap
|
page read and write
|
||
|
597D000
|
heap
|
page read and write
|
||
|
2A67000
|
heap
|
page read and write
|
||
|
2A67000
|
heap
|
page read and write
|
||
|
2CAA000
|
direct allocation
|
page readonly
|
||
|
5650000
|
trusted library allocation
|
page read and write
|
||
|
2479A180000
|
heap
|
page read and write
|
||
|
2479A15C000
|
heap
|
page read and write
|
||
|
2CC4000
|
heap
|
page read and write
|
||
|
2479A118000
|
heap
|
page read and write
|
||
|
2C91000
|
direct allocation
|
page execute read
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
594C000
|
heap
|
page read and write
|
||
|
22B86560000
|
trusted library allocation
|
page read and write
|
||
|
48F1000
|
heap
|
page read and write
|
||
|
2CC4000
|
heap
|
page read and write
|
||
|
594D000
|
heap
|
page read and write
|
||
|
2DCA000
|
heap
|
page read and write
|
||
|
5DCB000
|
heap
|
page read and write
|
||
|
2CC4000
|
heap
|
page read and write
|
||
|
58CC000
|
heap
|
page read and write
|
||
|
22B86280000
|
heap
|
page read and write
|
||
|
58CC000
|
heap
|
page read and write
|
||
|
5B98579000
|
stack
|
page read and write
|
||
|
2479A090000
|
heap
|
page read and write
|
||
|
58DC000
|
heap
|
page read and write
|
||
|
2479A144000
|
heap
|
page read and write
|
||
|
6B14000
|
heap
|
page read and write
|
||
|
6ED4000
|
heap
|
page read and write
|
||
|
22B87250000
|
trusted library allocation
|
page read and write
|
||
|
58CC000
|
heap
|
page read and write
|
||
|
22B87200000
|
trusted library allocation
|
page read and write
|
||
|
2CAF000
|
direct allocation
|
page read and write
|
||
|
2479A133000
|
heap
|
page read and write
|
||
|
56C1000
|
heap
|
page read and write
|
||
|
2479A15C000
|
heap
|
page read and write
|
||
|
2D80000
|
heap
|
page read and write
|
||
|
6EDF000
|
heap
|
page read and write
|
||
|
2CC4000
|
heap
|
page read and write
|
||
|
2CB2000
|
direct allocation
|
page readonly
|
||
|
2D71000
|
heap
|
page read and write
|
||
|
2479A161000
|
heap
|
page read and write
|
||
|
2DCA000
|
heap
|
page read and write
|
||
|
6ED8000
|
heap
|
page read and write
|
||
|
594D000
|
heap
|
page read and write
|
||
|
2D9C000
|
heap
|
page read and write
|
||
|
56C1000
|
heap
|
page read and write
|
||
|
6B14000
|
heap
|
page read and write
|
||
|
877ABA9000
|
stack
|
page read and write
|
||
|
58D8000
|
heap
|
page read and write
|
||
|
76DE000
|
heap
|
page read and write
|
||
|
133112F0000
|
heap
|
page read and write
|
||
|
596F000
|
heap
|
page read and write
|
||
|
2C3E000
|
stack
|
page read and write
|
||
|
65C2000
|
heap
|
page read and write
|
||
|
58D8000
|
heap
|
page read and write
|
||
|
2479A365000
|
heap
|
page read and write
|
||
|
594D000
|
heap
|
page read and write
|
||
|
13311320000
|
heap
|
page read and write
|
||
|
22B865C0000
|
trusted library allocation
|
page read and write
|
||
|
13311325000
|
heap
|
page read and write
|
||
|
22B871D0000
|
trusted library allocation
|
page read and write
|
||
|
877B4FF000
|
stack
|
page read and write
|
||
|
5650000
|
trusted library allocation
|
page read and write
|
||
|
22B865E5000
|
heap
|
page read and write
|
||
|
30E0000
|
heap
|
page read and write
|
There are 267 hidden memdumps, click here to show them.