Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
PSL5339.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: Pulse Application Launcher, Author: Pulse Secure, LLC, Keywords: Installer, Comments: This installer database
contains the logic and data required to install Pulse Application Launcher., Template: Intel;1033, Revision Number: {E2CACB07-A3C0-4CC0-9540-93B3C2592DC4},
Create Time/Date: Sun Jan 2 16:42:28 2022, Last Saved Time/Date: Sun Jan 2 16:42:28 2022, Number of Pages: 300, Number of
Words: 10, Name of Creating Application: Windows Installer XML Toolset (3.14.0.4118), Security: 2
|
initial sample
|
||
C:\Users\user\AppData\Roaming\Pulse Secure\PSAL\PulseApplicationLauncher.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Config.Msi\5b6325.rbs
|
data
|
modified
|
||
C:\Users\Public\Pulse Secure\Logging\PulseClient.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Installer\{A85F9180-F7FE-4E81-B67F-BB54A1BD2CDB}\psal.ico
|
MS Windows icon resource - 8 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
|
dropped
|
||
C:\Users\user\AppData\Roaming\Pulse Secure\PSAL\PSALResource_DE.txt
|
Unicode text, UTF-8 (with BOM) text, with very long lines (315), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Pulse Secure\PSAL\PSALResource_EN.txt
|
Unicode text, UTF-8 (with BOM) text, with very long lines (315), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Pulse Secure\PSAL\PSALResource_ES.txt
|
Unicode text, UTF-8 (with BOM) text, with very long lines (315), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Pulse Secure\PSAL\PSALResource_FR.txt
|
Unicode text, UTF-8 (with BOM) text, with very long lines (315), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Pulse Secure\PSAL\PSALResource_IT.txt
|
Unicode text, UTF-8 (with BOM) text, with very long lines (315), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Pulse Secure\PSAL\PSALResource_JA.txt
|
Unicode text, UTF-8 (with BOM) text, with very long lines (315), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Pulse Secure\PSAL\PSALResource_KO.txt
|
Unicode text, UTF-8 (with BOM) text, with very long lines (315), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Pulse Secure\PSAL\PSALResource_PL.txt
|
Unicode text, UTF-8 (with BOM) text, with very long lines (315), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Pulse Secure\PSAL\PSALResource_ZH-CN.txt
|
Unicode text, UTF-8 (with BOM) text, with very long lines (315), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Pulse Secure\PSAL\PSALResource_ZH.txt
|
Unicode text, UTF-8 (with BOM) text, with very long lines (315), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Pulse Secure\PSAL\PulseExt.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Roaming\Pulse Secure\PSAL\PulseExt64.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Roaming\Pulse Secure\PSAL\Version.ini
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Pulse Secure\PSAL\psalswitch.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Roaming\Pulse Secure\PSAL\pulse.png
|
PNG image data, 99 x 40, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\user\AppData\Roaming\Pulse Secure\PSAL\pulse_toolbar.png
|
PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\user\AppData\Roaming\Pulse Secure\PSAL\x64\PulseApplicationLauncher.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Roaming\Pulse Secure\PSAL\x86\PulseApplicationLauncher.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Windows\Installer\5b6324.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: Pulse Application Launcher, Author: Pulse Secure, LLC, Keywords: Installer, Comments: This installer database
contains the logic and data required to install Pulse Application Launcher., Template: Intel;1033, Revision Number: {E2CACB07-A3C0-4CC0-9540-93B3C2592DC4},
Create Time/Date: Sun Jan 2 16:42:28 2022, Last Saved Time/Date: Sun Jan 2 16:42:28 2022, Number of Pages: 300, Number of
Words: 10, Name of Creating Application: Windows Installer XML Toolset (3.14.0.4118), Security: 2
|
dropped
|
||
C:\Windows\Installer\5b6326.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: Pulse Application Launcher, Author: Pulse Secure, LLC, Keywords: Installer, Comments: This installer database
contains the logic and data required to install Pulse Application Launcher., Template: Intel;1033, Revision Number: {E2CACB07-A3C0-4CC0-9540-93B3C2592DC4},
Create Time/Date: Sun Jan 2 16:42:28 2022, Last Saved Time/Date: Sun Jan 2 16:42:28 2022, Number of Pages: 300, Number of
Words: 10, Name of Creating Application: Windows Installer XML Toolset (3.14.0.4118), Security: 2
|
dropped
|
||
C:\Windows\Installer\MSI646C.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Windows\Installer\MSI64FA.tmp
|
data
|
dropped
|
||
C:\Windows\Installer\SourceHash{A85F9180-F7FE-4E81-B67F-BB54A1BD2CDB}
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
C:\Windows\Installer\inprogressinstallinfo.ipi
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
C:\Windows\Temp\~DF208A1E4CC869EDD0.TMP
|
data
|
dropped
|
||
C:\Windows\Temp\~DF49BDEABCCCCBFED9.TMP
|
data
|
dropped
|
||
C:\Windows\Temp\~DF799DDD98B2193694.TMP
|
data
|
dropped
|
||
C:\Windows\Temp\~DF7FCF299F81720CB0.TMP
|
data
|
dropped
|
||
C:\Windows\Temp\~DF85C8DE136972D919.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
C:\Windows\Temp\~DF8A819C4D9B88B866.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
C:\Windows\Temp\~DF97387FC112C56D20.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
C:\Windows\Temp\~DF9F82147F3DCEA29C.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
C:\Windows\Temp\~DFCE01AA5E73C433C0.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
C:\Windows\Temp\~DFD08E7A18ACBB2665.TMP
|
data
|
dropped
|
||
C:\Windows\Temp\~DFD4A1C2EE9AFA24AB.TMP
|
data
|
dropped
|
||
C:\Windows\Temp\~DFE4613ACB9635700E.TMP
|
data
|
dropped
|
There are 32 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\AppData\Roaming\Pulse Secure\PSAL\PulseApplicationLauncher.exe
|
"C:\Users\user\AppData\Roaming\Pulse Secure\PSAL\PulseApplicationLauncher.exe" PSALInstallFinished
|
||
C:\Windows\System32\msiexec.exe
|
"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\PSL5339.msi"
|
||
C:\Windows\System32\msiexec.exe
|
C:\Windows\system32\msiexec.exe /V
|
||
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding 940058BE92977F245B44AFFE26674F7A
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://%3cfnc1%3e(79)/
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1824,i,13947100179998375561,13646205961899372581,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://wixtoolset.org
|
unknown
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
google.com
|
172.253.115.139
|
||
www.google.com
|
172.253.63.99
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
239.255.255.250
|
unknown
|
Reserved
|
||
172.253.63.99
|
www.google.com
|
United States
|
||
192.168.2.4
|
unknown
|
unknown
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Config.Msi\
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\5b6325.rbs
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\5b6325.rbsLow
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Roaming\Microsoft\Installer\
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\59CEC1C59CCC29949AE4CBC08C816C5C
|
0819F58AEF7F18E46BF7BB451ADBC2BD
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\AE9926F6E51054F4A8EEF5CF9ED6E54D
|
0819F58AEF7F18E46BF7BB451ADBC2BD
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\CB50E58186817BA458062D68B8E791FB
|
0819F58AEF7F18E46BF7BB451ADBC2BD
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\D11917728E067DA428613C3630C3CC8C
|
0819F58AEF7F18E46BF7BB451ADBC2BD
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\4EE6A2C7AE665E3488676EFE5425C636
|
0819F58AEF7F18E46BF7BB451ADBC2BD
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\9EEC6A3308AAC3941BB8761706B28961
|
0819F58AEF7F18E46BF7BB451ADBC2BD
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\66DE2D24E41F1A54AB4F05173A249203
|
0819F58AEF7F18E46BF7BB451ADBC2BD
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Roaming\Pulse Secure\PSAL\x86\
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Roaming\Pulse Secure\PSAL\
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Roaming\Pulse Secure\
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Roaming\Pulse Secure\PSAL\x64\
|
||
HKEY_CURRENT_USER\SOFTWARE\Pulse Secure\PSAL
|
Version
|
||
HKEY_CURRENT_USER\SOFTWARE\Pulse Secure\PSAL
|
Downloader64Installed
|
||
HKEY_CURRENT_USER\SOFTWARE\Pulse Secure\PSAL
|
DownloaderInstalled
|
||
HKEY_CURRENT_USER\SOFTWARE\Pulse Secure\PSAL
|
x86Installed
|
||
HKEY_CURRENT_USER\SOFTWARE\Pulse Secure\PSAL
|
x64Installed
|
||
HKEY_CURRENT_USER\SOFTWARE\Pulse Secure\PSAL
|
psalswitch
|
||
HKEY_CURRENT_USER\SOFTWARE\Pulse Secure\PSAL
|
ResourcesInstalled
|
||
HKEY_CURRENT_USER\SOFTWARE\Pulse Secure\PSAL
|
AppletPath
|
||
HKEY_CURRENT_USER_Classes\PulseSecure
|
NULL
|
||
HKEY_CURRENT_USER_Classes\PulseSecure
|
URL Protocol
|
||
HKEY_CURRENT_USER_Classes\PulseSecure
|
EditFlags
|
||
HKEY_CURRENT_USER_Classes\PulseSecure\shell\open\command
|
NULL
|
||
HKEY_CURRENT_USER_Classes\PulseSecure2\shell\open\command
|
NULL
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\0819F58AEF7F18E46BF7BB451ADBC2BD\InstallProperties
|
LocalPackage
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\0819F58AEF7F18E46BF7BB451ADBC2BD\InstallProperties
|
AuthorizedCDFPrefix
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\0819F58AEF7F18E46BF7BB451ADBC2BD\InstallProperties
|
Comments
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\0819F58AEF7F18E46BF7BB451ADBC2BD\InstallProperties
|
Contact
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\0819F58AEF7F18E46BF7BB451ADBC2BD\InstallProperties
|
DisplayVersion
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\0819F58AEF7F18E46BF7BB451ADBC2BD\InstallProperties
|
HelpLink
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\0819F58AEF7F18E46BF7BB451ADBC2BD\InstallProperties
|
HelpTelephone
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\0819F58AEF7F18E46BF7BB451ADBC2BD\InstallProperties
|
InstallDate
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\0819F58AEF7F18E46BF7BB451ADBC2BD\InstallProperties
|
InstallLocation
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\0819F58AEF7F18E46BF7BB451ADBC2BD\InstallProperties
|
InstallSource
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\0819F58AEF7F18E46BF7BB451ADBC2BD\InstallProperties
|
ModifyPath
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\0819F58AEF7F18E46BF7BB451ADBC2BD\InstallProperties
|
NoModify
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\0819F58AEF7F18E46BF7BB451ADBC2BD\InstallProperties
|
Publisher
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\0819F58AEF7F18E46BF7BB451ADBC2BD\InstallProperties
|
Readme
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\0819F58AEF7F18E46BF7BB451ADBC2BD\InstallProperties
|
Size
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\0819F58AEF7F18E46BF7BB451ADBC2BD\InstallProperties
|
EstimatedSize
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\0819F58AEF7F18E46BF7BB451ADBC2BD\InstallProperties
|
UninstallString
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\0819F58AEF7F18E46BF7BB451ADBC2BD\InstallProperties
|
URLInfoAbout
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\0819F58AEF7F18E46BF7BB451ADBC2BD\InstallProperties
|
URLUpdateInfo
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\0819F58AEF7F18E46BF7BB451ADBC2BD\InstallProperties
|
VersionMajor
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\0819F58AEF7F18E46BF7BB451ADBC2BD\InstallProperties
|
VersionMinor
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\0819F58AEF7F18E46BF7BB451ADBC2BD\InstallProperties
|
WindowsInstaller
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\0819F58AEF7F18E46BF7BB451ADBC2BD\InstallProperties
|
Version
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\0819F58AEF7F18E46BF7BB451ADBC2BD\InstallProperties
|
Language
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A85F9180-F7FE-4E81-B67F-BB54A1BD2CDB}
|
AuthorizedCDFPrefix
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A85F9180-F7FE-4E81-B67F-BB54A1BD2CDB}
|
Comments
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A85F9180-F7FE-4E81-B67F-BB54A1BD2CDB}
|
Contact
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A85F9180-F7FE-4E81-B67F-BB54A1BD2CDB}
|
DisplayVersion
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A85F9180-F7FE-4E81-B67F-BB54A1BD2CDB}
|
HelpLink
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A85F9180-F7FE-4E81-B67F-BB54A1BD2CDB}
|
HelpTelephone
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A85F9180-F7FE-4E81-B67F-BB54A1BD2CDB}
|
InstallDate
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A85F9180-F7FE-4E81-B67F-BB54A1BD2CDB}
|
InstallLocation
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A85F9180-F7FE-4E81-B67F-BB54A1BD2CDB}
|
InstallSource
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A85F9180-F7FE-4E81-B67F-BB54A1BD2CDB}
|
ModifyPath
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A85F9180-F7FE-4E81-B67F-BB54A1BD2CDB}
|
NoModify
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A85F9180-F7FE-4E81-B67F-BB54A1BD2CDB}
|
Publisher
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A85F9180-F7FE-4E81-B67F-BB54A1BD2CDB}
|
Readme
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A85F9180-F7FE-4E81-B67F-BB54A1BD2CDB}
|
Size
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A85F9180-F7FE-4E81-B67F-BB54A1BD2CDB}
|
EstimatedSize
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A85F9180-F7FE-4E81-B67F-BB54A1BD2CDB}
|
UninstallString
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A85F9180-F7FE-4E81-B67F-BB54A1BD2CDB}
|
URLInfoAbout
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A85F9180-F7FE-4E81-B67F-BB54A1BD2CDB}
|
URLUpdateInfo
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A85F9180-F7FE-4E81-B67F-BB54A1BD2CDB}
|
VersionMajor
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A85F9180-F7FE-4E81-B67F-BB54A1BD2CDB}
|
VersionMinor
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A85F9180-F7FE-4E81-B67F-BB54A1BD2CDB}
|
WindowsInstaller
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A85F9180-F7FE-4E81-B67F-BB54A1BD2CDB}
|
Version
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A85F9180-F7FE-4E81-B67F-BB54A1BD2CDB}
|
Language
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\ADCEB3F769BFE9543814E6B950DBF46B
|
0819F58AEF7F18E46BF7BB451ADBC2BD
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\0819F58AEF7F18E46BF7BB451ADBC2BD\InstallProperties
|
DisplayName
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A85F9180-F7FE-4E81-B67F-BB54A1BD2CDB}
|
DisplayName
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Features\0819F58AEF7F18E46BF7BB451ADBC2BD
|
PulseAppLauncher
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\0819F58AEF7F18E46BF7BB451ADBC2BD\Features
|
PulseAppLauncher
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Roaming\Microsoft\Installer\{A85F9180-F7FE-4E81-B67F-BB54A1BD2CDB}\
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\0819F58AEF7F18E46BF7BB451ADBC2BD\Patches
|
AllPatches
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\0819F58AEF7F18E46BF7BB451ADBC2BD
|
ProductName
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\0819F58AEF7F18E46BF7BB451ADBC2BD
|
PackageCode
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\0819F58AEF7F18E46BF7BB451ADBC2BD
|
Language
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\0819F58AEF7F18E46BF7BB451ADBC2BD
|
Version
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\0819F58AEF7F18E46BF7BB451ADBC2BD
|
Assignment
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\0819F58AEF7F18E46BF7BB451ADBC2BD
|
AdvertiseFlags
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\0819F58AEF7F18E46BF7BB451ADBC2BD
|
ProductIcon
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\0819F58AEF7F18E46BF7BB451ADBC2BD
|
InstanceType
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\0819F58AEF7F18E46BF7BB451ADBC2BD
|
AuthorizedLUAApp
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\0819F58AEF7F18E46BF7BB451ADBC2BD
|
DeploymentFlags
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\UpgradeCodes\ADCEB3F769BFE9543814E6B950DBF46B
|
0819F58AEF7F18E46BF7BB451ADBC2BD
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\0819F58AEF7F18E46BF7BB451ADBC2BD\SourceList
|
PackageName
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\0819F58AEF7F18E46BF7BB451ADBC2BD\SourceList\Net
|
1
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\0819F58AEF7F18E46BF7BB451ADBC2BD\SourceList\Media
|
1
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\0819F58AEF7F18E46BF7BB451ADBC2BD
|
Clients
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\0819F58AEF7F18E46BF7BB451ADBC2BD\SourceList
|
LastUsedSource
|
There are 91 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
281000
|
unkown
|
page readonly
|
||
5E9000
|
heap
|
page read and write
|
||
BEA000
|
heap
|
page read and write
|
||
5C0000
|
unclassified section
|
page read and write
|
||
277F000
|
stack
|
page read and write
|
||
BA0000
|
heap
|
page read and write
|
||
51A000
|
stack
|
page read and write
|
||
253F000
|
stack
|
page read and write
|
||
C0A000
|
heap
|
page read and write
|
||
B9E000
|
stack
|
page read and write
|
||
2DF000
|
unkown
|
page readonly
|
||
235000
|
unkown
|
page readonly
|
||
BEA000
|
heap
|
page read and write
|
||
BF6000
|
heap
|
page read and write
|
||
BF1000
|
heap
|
page read and write
|
||
BE0000
|
heap
|
page read and write
|
||
BDE000
|
heap
|
page read and write
|
||
235000
|
unkown
|
page readonly
|
||
580000
|
heap
|
page read and write
|
||
5E0000
|
heap
|
page read and write
|
||
267E000
|
stack
|
page read and write
|
||
2DA0000
|
heap
|
page read and write
|
||
281000
|
unkown
|
page readonly
|
||
8FC000
|
stack
|
page read and write
|
||
A55000
|
heap
|
page read and write
|
||
5E6000
|
heap
|
page read and write
|
||
B5F000
|
stack
|
page read and write
|
||
27A000
|
unkown
|
page write copy
|
||
A0D000
|
stack
|
page read and write
|
||
2C30000
|
heap
|
page read and write
|
||
2DD4000
|
heap
|
page read and write
|
||
277000
|
unkown
|
page write copy
|
||
27BE000
|
stack
|
page read and write
|
||
BF9000
|
heap
|
page read and write
|
||
BDC000
|
heap
|
page read and write
|
||
101000
|
unkown
|
page execute read
|
||
2E6000
|
unkown
|
page readonly
|
||
277000
|
unkown
|
page read and write
|
||
C17000
|
heap
|
page read and write
|
||
27F000
|
unkown
|
page read and write
|
||
A4E000
|
stack
|
page read and write
|
||
2DF000
|
unkown
|
page readonly
|
||
27C000
|
unkown
|
page read and write
|
||
28BF000
|
stack
|
page read and write
|
||
263F000
|
stack
|
page read and write
|
||
BDE000
|
heap
|
page read and write
|
||
590000
|
heap
|
page read and write
|
||
100000
|
unkown
|
page readonly
|
||
101000
|
unkown
|
page execute read
|
||
BF9000
|
heap
|
page read and write
|
||
A50000
|
heap
|
page read and write
|
||
4600000
|
trusted library allocation
|
page read and write
|
||
C17000
|
heap
|
page read and write
|
||
BF9000
|
heap
|
page read and write
|
||
2DD0000
|
heap
|
page read and write
|
||
BF1000
|
heap
|
page read and write
|
||
2E6000
|
unkown
|
page readonly
|
||
BCB000
|
heap
|
page read and write
|
||
101000
|
unkown
|
page execute read
|
||
BDD000
|
heap
|
page read and write
|
||
100000
|
unkown
|
page readonly
|
||
2D90000
|
heap
|
page read and write
|
||
BE1000
|
heap
|
page read and write
|
||
BFB000
|
heap
|
page read and write
|
There are 54 hidden memdumps, click here to show them.