IOC Report
iieCxV2b1n.msi

loading gif

Files

File Path
Type
Category
Malicious
iieCxV2b1n.msi
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Semolina, Author: Kwela Eirenicon, Keywords: Installer, Comments: This installer database contains the logic and data required to install Semolina., Template: Intel;1033, Revision Number: {E399BBE4-4063-457E-BB84-F6CBF9E31491}, Create Time/Date: Wed Oct 9 11:42:28 2024, Last Saved Time/Date: Wed Oct 9 11:42:28 2024, Number of Pages: 500, Number of Words: 10, Name of Creating Application: WiX Toolset (4.0.0.0), Security: 2
initial sample
 malicious
C:\Users\user\AppData\Local\Ormolu\CrashRpt.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Ormolu\ManyCam.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Ormolu\cv099.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Ormolu\cxcore099.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Ormolu\cximagecrt.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Ormolu\dbghelp.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Ormolu\highgui099.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\ndae
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\svubpwldttjkvt
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\demoArchivebcz\CrashRpt.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\demoArchivebcz\ManyCam.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\demoArchivebcz\cv099.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\demoArchivebcz\cxcore099.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\demoArchivebcz\cximagecrt.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\demoArchivebcz\dbghelp.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\demoArchivebcz\highgui099.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Config.Msi\6c18ea.rbs
data
modified
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MSBuild.exe.log
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Ormolu\gxfiogr
data
dropped
C:\Users\user\AppData\Local\Ormolu\rsjddfw
data
dropped
C:\Users\user\AppData\Local\Temp\804a2825
data
dropped
C:\Users\user\AppData\Local\Temp\8f084743
data
dropped
C:\Users\user\AppData\Local\Temp\exuquepx
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri Oct 18 09:09:10 2024, mtime=Fri Oct 18 09:09:10 2024, atime=Wed Oct 9 15:39:50 2024, length=1756232, window=hide
dropped
C:\Users\user\AppData\Roaming\demoArchivebcz\gxfiogr
data
dropped
C:\Users\user\AppData\Roaming\demoArchivebcz\rsjddfw
data
dropped
C:\Windows\Installer\6c18e9.msi
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Semolina, Author: Kwela Eirenicon, Keywords: Installer, Comments: This installer database contains the logic and data required to install Semolina., Template: Intel;1033, Revision Number: {E399BBE4-4063-457E-BB84-F6CBF9E31491}, Create Time/Date: Wed Oct 9 11:42:28 2024, Last Saved Time/Date: Wed Oct 9 11:42:28 2024, Number of Pages: 500, Number of Words: 10, Name of Creating Application: WiX Toolset (4.0.0.0), Security: 2
dropped
C:\Windows\Installer\6c18eb.msi
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Semolina, Author: Kwela Eirenicon, Keywords: Installer, Comments: This installer database contains the logic and data required to install Semolina., Template: Intel;1033, Revision Number: {E399BBE4-4063-457E-BB84-F6CBF9E31491}, Create Time/Date: Wed Oct 9 11:42:28 2024, Last Saved Time/Date: Wed Oct 9 11:42:28 2024, Number of Pages: 500, Number of Words: 10, Name of Creating Application: WiX Toolset (4.0.0.0), Security: 2
dropped
C:\Windows\Installer\MSI1A22.tmp
data
dropped
C:\Windows\Installer\SourceHash{39F520E4-6237-4FBB-8F2E-71C60962EC87}
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Installer\inprogressinstallinfo.ipi
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Windows\Temp\~DF0990806D57BC3AEC.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DF14890820A40800E0.TMP
data
dropped
C:\Windows\Temp\~DF3044E6FF2211BFB4.TMP
data
dropped
C:\Windows\Temp\~DF46874C96EA2F3823.TMP
data
dropped
C:\Windows\Temp\~DF49307B85DBB1A515.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DF551A278F797377D0.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DF8B2F9407D39D8958.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DF98277DCBF98DF427.TMP
data
dropped
C:\Windows\Temp\~DF9D929FC9F6DAB395.TMP
data
dropped
C:\Windows\Temp\~DFBCF32403695355B2.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DFE130414A9DA75E26.TMP
data
dropped
C:\Windows\Temp\~DFF585C7427396405F.TMP
data
dropped
There are 34 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\AppData\Local\Ormolu\ManyCam.exe
"C:\Users\user\AppData\Local\Ormolu\ManyCam.exe"
 malicious
C:\Users\user\AppData\Roaming\demoArchivebcz\ManyCam.exe
C:\Users\user\AppData\Roaming\demoArchivebcz\ManyCam.exe
 malicious
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
 malicious
C:\Users\user\AppData\Roaming\demoArchivebcz\ManyCam.exe
"C:\Users\user\AppData\Roaming\demoArchivebcz\ManyCam.exe"
malicious
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
 malicious
C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\iieCxV2b1n.msi"
C:\Windows\System32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\System32\pcaui.exe
"C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Local\Ormolu\ManyCam.exe"
C:\Windows\System32\pcaui.exe
"C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Roaming\demoArchivebcz\ManyCam.exe"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\pcaui.exe
"C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Roaming\demoArchivebcz\ManyCam.exe"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 4 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://www.manycam.com/codec
unknown
http://www.manycam.com/codecVerdanaTo
unknown
http://www.vmware.com/0
unknown
http://www.manycam.com/help/effects/snapshot/these
unknown
http://www.manycam.com/codecVerdanaThis
unknown
https://pastebin.com/raw/TeiUkREy
unknown
http://www.symauth.com/rpa00
unknown
http://manycam.com/help/effects
unknown
http://manycam.com/upload_effect?filepath=ManyCam
unknown
https://pastebin.com/raw/TeiUkREyPO
unknown
http://www.manycam.com0
unknown
http://download.manycam.comVerdanaThis
unknown
http://www.info-zip.org/
unknown
http://download.manycam.com
unknown
http://www.manycam.comhttp://manycam.com/feedback/?version=%sAnchor
unknown
http://www.vmware.com/0/
unknown
http://download.manycam.com/effects/%s/%s?v=%sBackgroundsDynamicDynamic
unknown
http://download.manycam.com/effects/%s/%s?v=%sManyCam
unknown
http://download.manycam.comNew
unknown
http://www.symauth.com/cps0(
unknown
http://www.manycam.com
unknown
http://manycam.com/feedback/?version=%s
unknown
There are 12 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
s-part-0032.t-0009.t-msedge.net
13.107.246.60
fp2e7a.wpc.phicdn.net
192.229.221.95

IPs

IP
Domain
Country
Malicious
91.240.118.154
unknown
unknown
malicious

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Owner
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
SessionHash
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Sequence
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Config.Msi\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\6c18ea.rbs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\6c18ea.rbsLow
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Users\user\AppData\Roaming\Microsoft\Installer\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\162AD73B5A63F7959BE041468351DDF3
4E025F937326BBF4F8E2176C9026CE78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\26F77710D51CF7358B761A50575789CC
4E025F937326BBF4F8E2176C9026CE78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\79D6585F7B8AEF65AB47BB396054CD5B
4E025F937326BBF4F8E2176C9026CE78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\C211A4BDF3E23B553875602E3AD16B5D
4E025F937326BBF4F8E2176C9026CE78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\80DA6156C4ABA0453BA622FB968DE9F2
4E025F937326BBF4F8E2176C9026CE78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\86280FDD32BAE8C509533984CA27BAE4
4E025F937326BBF4F8E2176C9026CE78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\F98AB89274B46315E97590357EE73945
4E025F937326BBF4F8E2176C9026CE78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\F714C411421885A5B80009E76F019362
4E025F937326BBF4F8E2176C9026CE78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\A4E8B871B7654705D98A33D5C9A76113
4E025F937326BBF4F8E2176C9026CE78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Users\user\AppData\Local\Ormolu\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\4E025F937326BBF4F8E2176C9026CE78\InstallProperties
LocalPackage
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\4E025F937326BBF4F8E2176C9026CE78\InstallProperties
AuthorizedCDFPrefix
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\4E025F937326BBF4F8E2176C9026CE78\InstallProperties
Comments
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\4E025F937326BBF4F8E2176C9026CE78\InstallProperties
Contact
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\4E025F937326BBF4F8E2176C9026CE78\InstallProperties
DisplayVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\4E025F937326BBF4F8E2176C9026CE78\InstallProperties
HelpLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\4E025F937326BBF4F8E2176C9026CE78\InstallProperties
HelpTelephone
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\4E025F937326BBF4F8E2176C9026CE78\InstallProperties
InstallDate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\4E025F937326BBF4F8E2176C9026CE78\InstallProperties
InstallLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\4E025F937326BBF4F8E2176C9026CE78\InstallProperties
InstallSource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\4E025F937326BBF4F8E2176C9026CE78\InstallProperties
ModifyPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\4E025F937326BBF4F8E2176C9026CE78\InstallProperties
Publisher
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\4E025F937326BBF4F8E2176C9026CE78\InstallProperties
Readme
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\4E025F937326BBF4F8E2176C9026CE78\InstallProperties
Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\4E025F937326BBF4F8E2176C9026CE78\InstallProperties
EstimatedSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\4E025F937326BBF4F8E2176C9026CE78\InstallProperties
UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\4E025F937326BBF4F8E2176C9026CE78\InstallProperties
URLInfoAbout
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\4E025F937326BBF4F8E2176C9026CE78\InstallProperties
URLUpdateInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\4E025F937326BBF4F8E2176C9026CE78\InstallProperties
VersionMajor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\4E025F937326BBF4F8E2176C9026CE78\InstallProperties
VersionMinor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\4E025F937326BBF4F8E2176C9026CE78\InstallProperties
WindowsInstaller
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\4E025F937326BBF4F8E2176C9026CE78\InstallProperties
Version
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\4E025F937326BBF4F8E2176C9026CE78\InstallProperties
Language
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{39F520E4-6237-4FBB-8F2E-71C60962EC87}
AuthorizedCDFPrefix
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{39F520E4-6237-4FBB-8F2E-71C60962EC87}
Comments
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{39F520E4-6237-4FBB-8F2E-71C60962EC87}
Contact
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{39F520E4-6237-4FBB-8F2E-71C60962EC87}
DisplayVersion
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{39F520E4-6237-4FBB-8F2E-71C60962EC87}
HelpLink
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{39F520E4-6237-4FBB-8F2E-71C60962EC87}
HelpTelephone
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{39F520E4-6237-4FBB-8F2E-71C60962EC87}
InstallDate
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{39F520E4-6237-4FBB-8F2E-71C60962EC87}
InstallLocation
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{39F520E4-6237-4FBB-8F2E-71C60962EC87}
InstallSource
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{39F520E4-6237-4FBB-8F2E-71C60962EC87}
ModifyPath
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{39F520E4-6237-4FBB-8F2E-71C60962EC87}
Publisher
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{39F520E4-6237-4FBB-8F2E-71C60962EC87}
Readme
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{39F520E4-6237-4FBB-8F2E-71C60962EC87}
Size
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{39F520E4-6237-4FBB-8F2E-71C60962EC87}
EstimatedSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{39F520E4-6237-4FBB-8F2E-71C60962EC87}
UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{39F520E4-6237-4FBB-8F2E-71C60962EC87}
URLInfoAbout
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{39F520E4-6237-4FBB-8F2E-71C60962EC87}
URLUpdateInfo
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{39F520E4-6237-4FBB-8F2E-71C60962EC87}
VersionMajor
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{39F520E4-6237-4FBB-8F2E-71C60962EC87}
VersionMinor
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{39F520E4-6237-4FBB-8F2E-71C60962EC87}
WindowsInstaller
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{39F520E4-6237-4FBB-8F2E-71C60962EC87}
Version
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{39F520E4-6237-4FBB-8F2E-71C60962EC87}
Language
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\0CC4FAA3E43A61146AE40F4A4D37B7DB
4E025F937326BBF4F8E2176C9026CE78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\4E025F937326BBF4F8E2176C9026CE78\InstallProperties
DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{39F520E4-6237-4FBB-8F2E-71C60962EC87}
DisplayName
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Features\4E025F937326BBF4F8E2176C9026CE78
TelepathyFeature
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\4E025F937326BBF4F8E2176C9026CE78\Features
TelepathyFeature
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\4E025F937326BBF4F8E2176C9026CE78\Patches
AllPatches
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\4E025F937326BBF4F8E2176C9026CE78
ProductName
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\4E025F937326BBF4F8E2176C9026CE78
PackageCode
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\4E025F937326BBF4F8E2176C9026CE78
Language
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\4E025F937326BBF4F8E2176C9026CE78
Version
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\4E025F937326BBF4F8E2176C9026CE78
Assignment
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\4E025F937326BBF4F8E2176C9026CE78
AdvertiseFlags
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\4E025F937326BBF4F8E2176C9026CE78
InstanceType
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\4E025F937326BBF4F8E2176C9026CE78
AuthorizedLUAApp
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\4E025F937326BBF4F8E2176C9026CE78
DeploymentFlags
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\UpgradeCodes\0CC4FAA3E43A61146AE40F4A4D37B7DB
4E025F937326BBF4F8E2176C9026CE78
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\4E025F937326BBF4F8E2176C9026CE78\SourceList
PackageName
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\4E025F937326BBF4F8E2176C9026CE78\SourceList\Net
1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\4E025F937326BBF4F8E2176C9026CE78\SourceList\Media
1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\4E025F937326BBF4F8E2176C9026CE78
Clients
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\4E025F937326BBF4F8E2176C9026CE78\SourceList
LastUsedSource
There are 73 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
56B0000
direct allocation
page read and write
 malicious
E22000
unkown
page readonly
 malicious
5680000
direct allocation
page read and write
 malicious
EC0000
heap
page read and write
E96000
heap
page read and write
2D04000
unkown
page read and write
401000
unkown
page execute read
4EF4000
trusted library allocation
page read and write
1D551856000
heap
page read and write
4F2E000
direct allocation
page read and write
2EC4000
heap
page read and write
36D0000
heap
page read and write
59C000
unkown
page write copy
2A8C000
stack
page read and write
2750000
unkown
page readonly
2914000
unkown
page read and write
2914000
unkown
page read and write
29B0000
trusted library allocation
page read and write
2CE0000
direct allocation
page read and write
3124000
unkown
page read and write
201A000
unkown
page readonly
4E05000
heap
page read and write
B8E000
stack
page read and write
2914000
unkown
page read and write
246BE905000
heap
page read and write
36D5000
heap
page read and write
1A4000
heap
page read and write
1D5533C0000
heap
page read and write
3448000
heap
page read and write
1790000
unkown
page readonly
AB6000
stack
page read and write
14D0000
trusted library allocation
page execute and read and write
B90000
heap
page read and write
1E60000
heap
page read and write
3EE1000
heap
page read and write
1FE000
stack
page read and write
2C54000
unkown
page read and write
2914000
unkown
page read and write
400000
unkown
page readonly
400000
unkown
page readonly
1D04FC80000
heap
page read and write
2914000
unkown
page read and write
2740000
unkown
page readonly
2AEE000
unkown
page read and write
103E000
stack
page read and write
2820000
trusted library allocation
page read and write
3BA1000
trusted library allocation
page read and write
5010000
trusted library allocation
page execute and read and write
2E9F000
trusted library allocation
page read and write
1A5000
heap
page read and write
B98000
heap
page read and write
BEC000
unkown
page read and write
4CE2000
heap
page read and write
1D04FED0000
heap
page read and write
F13000
trusted library allocation
page execute and read and write
1311000
unkown
page execute read
298B000
trusted library allocation
page read and write
4FBE000
stack
page read and write
952C5DD000
stack
page read and write
121F000
stack
page read and write
C24000
heap
page read and write
1164000
heap
page read and write
189A000
unkown
page read and write
43A9000
trusted library allocation
page read and write
1E0000
heap
page read and write
2914000
unkown
page read and write
4F84000
trusted library allocation
page read and write
6D510000
unkown
page readonly
27F8000
heap
page read and write
27A0000
heap
page read and write
F47000
trusted library allocation
page execute and read and write
566E000
stack
page read and write
1C91000
heap
page read and write
C10000
heap
page read and write
C20000
heap
page read and write
BEB000
unkown
page write copy
2019000
unkown
page read and write
582E000
stack
page read and write
2EA1000
trusted library allocation
page read and write
B30000
heap
page read and write
CC0000
heap
page read and write
504F000
trusted library allocation
page read and write
BE6000
unkown
page read and write
F1D000
trusted library allocation
page execute and read and write
13B8000
unkown
page readonly
4D90000
direct allocation
page read and write
2914000
unkown
page read and write
C87000
heap
page read and write
BFB000
unkown
page write copy
DFE000
stack
page read and write
2EC1000
trusted library allocation
page read and write
47E0000
unkown
page read and write
6D580000
unkown
page write copy
54BE000
stack
page read and write
4F18000
trusted library allocation
page read and write
26FA000
stack
page read and write
10062000
unkown
page readonly
2914000
unkown
page read and write
C3F000
heap
page read and write
1D551830000
heap
page read and write
2770000
unkown
page read and write
100000
heap
page read and write
43F2000
heap
page read and write
2970000
trusted library allocation
page execute and read and write
CA2000
heap
page read and write
6D580000
unkown
page write copy
2914000
unkown
page read and write
43AD000
trusted library allocation
page read and write
2C50000
unkown
page read and write
6D510000
unkown
page readonly
2914000
unkown
page read and write
B3E000
stack
page read and write
10000000
unkown
page readonly
27A8000
heap
page read and write
605E000
stack
page read and write
C8A000
heap
page read and write
6420000
heap
page read and write
1791000
unkown
page execute read
D20000
unkown
page readonly
14EB000
trusted library allocation
page read and write
1E4000
heap
page read and write
5A4000
unkown
page readonly
B3E000
stack
page read and write
2000000
unkown
page readonly
592E000
stack
page read and write
10074000
unkown
page readonly
2D04000
unkown
page read and write
2914000
unkown
page read and write
52FD000
direct allocation
page read and write
530B000
trusted library allocation
page read and write
5581000
unkown
page read and write
BE8000
stack
page read and write
E7E000
stack
page read and write
1550000
heap
page read and write
2D04000
unkown
page read and write
55EE000
stack
page read and write
461D000
unkown
page read and write
189B000
unkown
page write copy
12BE000
stack
page read and write
1050000
heap
page read and write
6D585000
unkown
page readonly
2012000
unkown
page readonly
438D000
trusted library allocation
page read and write
E10000
heap
page read and write
190E000
stack
page read and write
18BF000
stack
page read and write
151C000
trusted library allocation
page read and write
D21000
unkown
page execute read
2914000
unkown
page read and write
3DC6000
heap
page read and write
487D000
trusted library allocation
page read and write
2D04000
unkown
page read and write
1538000
trusted library allocation
page read and write
DC8000
unkown
page readonly
CFD000
heap
page read and write
2914000
unkown
page read and write
53B000
unkown
page readonly
1841000
unkown
page execute read
6D580000
unkown
page write copy
E7B000
heap
page read and write
3EC1000
trusted library allocation
page read and write
59B000
unkown
page read and write
2914000
unkown
page read and write
47C0000
unkown
page read and write
4123000
heap
page read and write
1F0000
heap
page read and write
BEE000
unkown
page readonly
400000
unkown
page readonly
3C4A000
heap
page read and write
2914000
unkown
page read and write
CE1000
unkown
page readonly
5A4000
unkown
page readonly
2914000
unkown
page read and write
BA0000
unkown
page readonly
BFB000
heap
page read and write
6D1C4FE000
stack
page read and write
BF5000
heap
page read and write
1D04FC00000
heap
page read and write
2914000
unkown
page read and write
595000
unkown
page write copy
1840000
unkown
page readonly
1500000
trusted library allocation
page read and write
C24000
heap
page read and write
D14000
unkown
page readonly
12F4000
unkown
page read and write
3BA7000
trusted library allocation
page read and write
2B8E000
stack
page read and write
59B000
unkown
page read and write
121B000
trusted library allocation
page execute and read and write
6D511000
unkown
page execute read
2B2E000
unkown
page read and write
4833000
unkown
page read and write
1A5000
heap
page read and write
1210000
trusted library allocation
page read and write
6D1C57E000
stack
page read and write
2914000
unkown
page read and write
3437000
heap
page read and write
2B90000
heap
page execute and read and write
1D04FC9A000
heap
page read and write
1E0F000
stack
page read and write
1A4000
heap
page read and write
595000
unkown
page write copy
CF8000
heap
page read and write
3124000
unkown
page read and write
48B7000
heap
page read and write
246BEA80000
heap
page read and write
4F30000
trusted library allocation
page read and write
4F0E000
trusted library allocation
page read and write
1A4000
heap
page read and write
AFE000
stack
page read and write
BF6000
unkown
page read and write
2E00000
heap
page execute and read and write
2914000
unkown
page read and write
10074000
unkown
page readonly
55AE000
stack
page read and write
C44000
unkown
page readonly
11F0000
trusted library allocation
page read and write
2EB0000
heap
page read and write
B91000
unkown
page execute read
4F9C000
trusted library allocation
page read and write
1838000
unkown
page readonly
12D1000
unkown
page readonly
1D04FC89000
heap
page read and write
2914000
unkown
page read and write
C24000
heap
page read and write
4F48000
trusted library allocation
page read and write
5290000
heap
page execute and read and write
E1C000
heap
page read and write
111E000
heap
page read and write
5F1C000
stack
page read and write
9C000
stack
page read and write
6FB000
stack
page read and write
57EF000
stack
page read and write
401000
unkown
page execute read
5097000
trusted library allocation
page read and write
14E0000
trusted library allocation
page read and write
1C90000
heap
page read and write
1D551A00000
heap
page read and write
556F000
stack
page read and write
28DE000
unkown
page read and write
C4D000
heap
page read and write
565F000
stack
page read and write
1897000
unkown
page write copy
C24000
heap
page read and write
1E30000
heap
page read and write
2914000
unkown
page read and write
DBE000
stack
page read and write
181F000
unkown
page readonly
5F5E000
stack
page read and write
3120000
unkown
page read and write
2914000
unkown
page read and write
2914000
unkown
page read and write
C73000
heap
page read and write
BFE000
unkown
page readonly
1070000
heap
page read and write
189E000
unkown
page readonly
10073000
unkown
page read and write
404A000
heap
page read and write
246BE760000
heap
page read and write
2914000
unkown
page read and write
B61000
unkown
page execute read
BA1000
unkown
page execute read
246BE840000
heap
page read and write
14CE000
stack
page read and write
2914000
unkown
page read and write
1C91000
heap
page read and write
4F40000
trusted library allocation
page read and write
4389000
trusted library allocation
page read and write
B60000
unkown
page readonly
B90000
unkown
page readonly
AEB000
stack
page read and write
1302000
unkown
page read and write
C90000
heap
page read and write
4F70000
heap
page read and write
2914000
unkown
page read and write
ABB000
stack
page read and write
2914000
unkown
page read and write
5310000
trusted library allocation
page read and write
C24000
heap
page read and write
48EE000
trusted library allocation
page read and write
4F04000
trusted library allocation
page read and write
BAE000
heap
page read and write
4C58000
trusted library allocation
page read and write
CA5000
heap
page read and write
296F000
stack
page read and write
555E000
stack
page read and write
36F9000
heap
page read and write
4F86000
trusted library allocation
page read and write
10E8000
heap
page read and write
27B4000
heap
page read and write
29B8000
trusted library allocation
page read and write
3EE0000
heap
page read and write
1D04FCA6000
heap
page read and write
2C54000
unkown
page read and write
BDD000
unkown
page readonly
952C55C000
stack
page read and write
13CE000
stack
page read and write
E22000
heap
page read and write
10001000
unkown
page execute read
2012000
unkown
page readonly
5E1F000
stack
page read and write
100000
heap
page read and write
DAF000
unkown
page readonly
59C000
unkown
page write copy
7F8000
stack
page read and write
BFC000
unkown
page read and write
53B000
unkown
page readonly
400000
unkown
page readonly
30F0000
heap
page read and write
4F39000
trusted library allocation
page read and write
2A8E000
stack
page read and write
246BE8E0000
heap
page read and write
3FE6000
heap
page read and write
595000
unkown
page write copy
401000
unkown
page execute read
BF7000
unkown
page write copy
10073000
unkown
page read and write
2D04000
unkown
page read and write
53BE000
stack
page read and write
1A4000
heap
page read and write
401000
unkown
page execute read
56EE000
stack
page read and write
59B000
unkown
page read and write
2990000
trusted library allocation
page read and write
1E35000
heap
page read and write
E3E000
stack
page read and write
536E000
stack
page read and write
D33000
heap
page read and write
4C10000
trusted library allocation
page read and write
556E000
stack
page read and write
2019000
unkown
page read and write
F00000
trusted library allocation
page read and write
1230000
trusted library allocation
page read and write
F10000
trusted library allocation
page read and write
110C000
heap
page read and write
106E000
stack
page read and write
DBE000
unkown
page read and write
2914000
unkown
page read and write
F60000
heap
page read and write
182E000
unkown
page read and write
6D511000
unkown
page execute read
F37000
trusted library allocation
page execute and read and write
10073000
unkown
page read and write
100000
heap
page read and write
9C000
stack
page read and write
595000
unkown
page write copy
4260000
trusted library allocation
page read and write
6D511000
unkown
page execute read
2DFE000
stack
page read and write
2D4E000
unkown
page read and write
5320000
trusted library allocation
page read and write
152E000
trusted library allocation
page read and write
595000
unkown
page write copy
1C91000
heap
page read and write
2DCB000
heap
page read and write
188D000
unkown
page readonly
246BE8F8000
heap
page read and write
1E0000
heap
page read and write
139F000
unkown
page readonly
246BE880000
heap
page read and write
178F000
stack
page read and write
2914000
unkown
page read and write
53B000
unkown
page readonly
5A4000
unkown
page readonly
10062000
unkown
page readonly
1C90000
heap
page read and write
1D551810000
heap
page read and write
1E4000
heap
page read and write
1531000
trusted library allocation
page read and write
5141000
unkown
page read and write
2B8A000
stack
page read and write
2BE0000
unkown
page readonly
2780000
direct allocation
page read and write
1D04FFA0000
heap
page read and write
1A0000
heap
page read and write
619E000
stack
page read and write
C42000
unkown
page read and write
2000000
unkown
page readonly
4A10000
unkown
page read and write
1A5000
heap
page read and write
6D1C47C000
stack
page read and write
C2C000
heap
page read and write
2914000
unkown
page read and write
246C0400000
heap
page read and write
665E000
stack
page read and write
4F25000
trusted library allocation
page read and write
53B000
unkown
page readonly
500D000
stack
page read and write
4756000
unkown
page read and write
5A4000
unkown
page readonly
952C87F000
stack
page read and write
2980000
trusted library allocation
page read and write
CA0000
heap
page read and write
3F27000
heap
page read and write
2914000
unkown
page read and write
23FC000
stack
page read and write
2760000
heap
page read and write
1A5000
heap
page read and write
1D04FC50000
heap
page read and write
1150000
heap
page read and write
DF0000
heap
page read and write
201A000
unkown
page readonly
2910000
heap
page read and write
2EB0000
heap
page read and write
2012000
unkown
page readonly
1A5000
heap
page read and write
4879000
trusted library allocation
page read and write
53B000
unkown
page readonly
110000
heap
page read and write
DD6193C000
stack
page read and write
C9C000
heap
page read and write
10001000
unkown
page execute read
10062000
unkown
page readonly
C24000
heap
page read and write
F20000
trusted library allocation
page read and write
C34000
unkown
page read and write
1A5000
heap
page read and write
2914000
unkown
page read and write
5460000
heap
page read and write
10D0000
trusted library allocation
page read and write
2914000
unkown
page read and write
3100000
unkown
page read and write
1A4000
heap
page read and write
2914000
unkown
page read and write
1E4000
heap
page read and write
4F16000
trusted library allocation
page read and write
C24000
heap
page read and write
15E000
stack
page read and write
4853000
unkown
page read and write
1A4000
heap
page read and write
9C000
stack
page read and write
3D70000
heap
page read and write
1545000
trusted library allocation
page read and write
1524000
trusted library allocation
page read and write
2914000
unkown
page read and write
127E000
stack
page read and write
2914000
unkown
page read and write
1E4000
heap
page read and write
1D551A30000
heap
page read and write
E7E000
heap
page read and write
2BD0000
unkown
page readonly
10000000
unkown
page readonly
1D04FCA3000
heap
page read and write
5141000
unkown
page read and write
3C3C000
heap
page read and write
4740000
unkown
page read and write
F20000
heap
page read and write
5770000
unkown
page read and write
1104000
heap
page read and write
2E8E000
unkown
page read and write
2D04000
unkown
page read and write
C24000
heap
page read and write
4F8A000
trusted library allocation
page read and write
49DA000
heap
page read and write
4FA5000
trusted library allocation
page read and write
14F0000
trusted library allocation
page read and write
2730000
unkown
page readonly
5250000
trusted library allocation
page execute and read and write
1D04FC95000
heap
page read and write
201A000
unkown
page readonly
6446000
heap
page read and write
BBB000
heap
page read and write
3EC5000
trusted library allocation
page read and write
4FA0000
trusted library allocation
page read and write
10000000
unkown
page readonly
3F0F000
heap
page read and write
537E000
unkown
page read and write
1E4000
heap
page read and write
D04000
unkown
page read and write
6D510000
unkown
page readonly
4F95000
trusted library allocation
page read and write
441E000
trusted library allocation
page read and write
E20000
unkown
page readonly
49C8000
unkown
page read and write
C24000
heap
page read and write
5A4000
unkown
page readonly
10001000
unkown
page execute read
595000
unkown
page write copy
2000000
unkown
page readonly
343F000
heap
page read and write
4032000
heap
page read and write
F3A000
trusted library allocation
page execute and read and write
4750000
trusted library allocation
page read and write
2D04000
unkown
page read and write
536E000
direct allocation
page read and write
C0D000
heap
page read and write
C24000
heap
page read and write
1A40000
heap
page read and write
ECD000
heap
page read and write
59C000
unkown
page write copy
4F3B000
trusted library allocation
page read and write
10074000
unkown
page readonly
1C91000
heap
page read and write
1D551838000
heap
page read and write
12C0000
heap
page read and write
2C2E000
unkown
page read and write
2914000
unkown
page read and write
4EE0000
trusted library allocation
page read and write
29A0000
heap
page read and write
5581000
unkown
page read and write
400000
unkown
page readonly
AFE000
stack
page read and write
400000
unkown
page readonly
2E98000
trusted library allocation
page read and write
F4B000
trusted library allocation
page execute and read and write
1E46000
heap
page read and write
BC7000
heap
page read and write
5140000
unkown
page read and write
2D04000
unkown
page read and write
4F50000
trusted library allocation
page read and write
2CD0000
unkown
page read and write
2001000
unkown
page execute read
EAC000
heap
page read and write
48E0000
unkown
page read and write
1516000
trusted library allocation
page read and write
F14000
trusted library allocation
page read and write
11E3000
trusted library allocation
page execute and read and write
3450000
heap
page read and write
609E000
stack
page read and write
4EBD000
direct allocation
page read and write
B80000
heap
page read and write
2BA1000
trusted library allocation
page read and write
4F00000
trusted library allocation
page read and write
2019000
unkown
page read and write
AB6000
stack
page read and write
1220000
unkown
page readonly
2001000
unkown
page execute read
BEA000
unkown
page read and write
401000
unkown
page execute read
655E000
stack
page read and write
4633000
unkown
page read and write
5580000
unkown
page read and write
BFA000
unkown
page read and write
1221000
unkown
page execute read
2DC0000
heap
page read and write
1D04FCA3000
heap
page read and write
1A80000
heap
page read and write
C30000
unkown
page readonly
1521000
trusted library allocation
page read and write
49EB000
unkown
page read and write
4EFC000
trusted library allocation
page read and write
52F9000
direct allocation
page read and write
10E0000
heap
page read and write
30AF000
unkown
page read and write
2EA5000
trusted library allocation
page read and write
4F90000
trusted library allocation
page read and write
1E4000
heap
page read and write
BE7000
unkown
page write copy
51D0000
direct allocation
page read and write
13AE000
unkown
page read and write
C31000
unkown
page execute read
1A80000
heap
page read and write
ABB000
stack
page read and write
1304000
unkown
page readonly
1A4000
heap
page read and write
D12000
unkown
page read and write
1D04FC10000
heap
page read and write
4EF6000
trusted library allocation
page read and write
3110000
unkown
page read and write
6D585000
unkown
page readonly
2914000
unkown
page read and write
2BC0000
unkown
page readonly
6D585000
unkown
page readonly
BED000
unkown
page readonly
5309000
trusted library allocation
page read and write
2914000
unkown
page read and write
1E55000
heap
page read and write
E00000
heap
page read and write
56AE000
stack
page read and write
11F4000
trusted library allocation
page read and write
4EB9000
direct allocation
page read and write
5300000
trusted library allocation
page read and write
128E000
stack
page read and write
2D00000
heap
page read and write
2914000
unkown
page read and write
140F000
stack
page read and write
2001000
unkown
page execute read
1896000
unkown
page read and write
5318000
trusted library allocation
page read and write
2EBC000
heap
page read and write
401000
unkown
page execute read
48C0000
unkown
page read and write
3D8F000
heap
page read and write
1D551B30000
heap
page read and write
53B000
unkown
page readonly
4A33000
unkown
page read and write
1310000
unkown
page readonly
1E50000
heap
page read and write
2D04000
unkown
page read and write
C24000
heap
page read and write
42BE000
heap
page read and write
4515000
heap
page read and write
286E000
stack
page read and write
2914000
unkown
page read and write
54C0000
unkown
page read and write
5141000
unkown
page read and write
2914000
unkown
page read and write
ABB000
stack
page read and write
2BF0000
heap
page read and write
189C000
unkown
page read and write
11E4000
trusted library allocation
page read and write
AB6000
stack
page read and write
43FE000
trusted library allocation
page read and write
C11000
unkown
page readonly
4268000
heap
page read and write
109E000
stack
page read and write
246BE8E9000
heap
page read and write
5A4000
unkown
page readonly
2E4E000
unkown
page read and write
4280000
trusted library allocation
page read and write
3DE5000
heap
page read and write
C20000
heap
page read and write
5D1E000
stack
page read and write
E96000
heap
page read and write
1040000
heap
page read and write
2914000
unkown
page read and write
36E8000
heap
page read and write
2914000
unkown
page read and write
527E000
unkown
page read and write
E96000
heap
page read and write
1E4000
heap
page read and write
4F11000
trusted library allocation
page read and write
51CE000
stack
page read and write
B7E000
stack
page read and write
There are 614 hidden memdumps, click here to show them.