IOC Report
Sage.Eb.eIDSign.Windows.Installer.exe

loading gif

Files

File Path
Type
Category
Malicious
Sage.Eb.eIDSign.Windows.Installer.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\Program Files (x86)\Sage\eIDSign\Sage.Eb.UniSign.Windows.exe
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Program Files (x86)\Sage\eIDSign\Sage.Eb.UniSign.Windows.exe.config
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\m8f4v4pw.default\user.js
ASCII text, with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\user.js
ASCII text, with CRLF line terminators
dropped
malicious
C:\Config.Msi\46f828.rbs
data
dropped
C:\Config.Msi\46f82a.rbs
data
dropped
C:\Program Files (x86)\Sage\eIDSign\Microsoft.Diagnostics.Tracing.EventSource.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files (x86)\Sage\eIDSign\Microsoft.Practices.EnterpriseLibrary.SemanticLogging.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files (x86)\Sage\eIDSign\Newtonsoft.Json.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files (x86)\Sage\eIDSign\Sage.Eb.UniSign.PCL.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files (x86)\Sage\eIDSign\Sage.Eb.UniSign.Windows.Sage-Eb-UniSignWindows.etwManifest.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files (x86)\Sage\eIDSign\Sage.Eb.UniSign.Windows.Sage-Eb-UniSignWindows.etwManifest.man
ASCII text, with very long lines (493), with CRLF line terminators
dropped
C:\Program Files (x86)\Sage\eIDSign\Security.Cryptography.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files (x86)\Sage\eIDSign\crypto.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files (x86)\Sage\eIDSign\eIDSignCa.cer
Certificate, Version=3
dropped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b583aac24530c067308fa99a4fa8011e_9e146be9-c76a-4720-bcdb-53011b87bd06
data
dropped
C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\b583aac24530c067308fa99a4fa8011e_9e146be9-c76a-4720-bcdb-53011b87bd06
data
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage\Sage.Eb.UniSign.Windows\Launch Sage.Eb.UniSign.Windows.exe.lnk
MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
dropped
C:\Users\user\AppData\Local\Downloaded Installations\{B567D723-533A-4254-ABAB-0B467014446B}\1033.MST
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Title: Installation Database, Subject: Blank Project Template, Author: Sage, Keywords: Installer,MSI,Database, Comments: Contact: Your local administrator, Create Time/Date: Tue Feb 8 17:38:06 2022, Name of Creating Application: InstallShield 2015 - Premier Edition with Virtualization Pack 22, Security: 1, Template: Intel;0,1033,1036,1034, Last Saved By: Intel;1033, Revision Number: {9F90421B-05FE-4A89-802E-B4C70995335E}2.0.100.25;{9F90421B-05FE-4A89-802E-B4C70995335E}2.0.100.25;{75C82E09-EB7C-4612-8FAD-E0B8438B7465}, Number of Pages: 405, Number of Characters: 1
dropped
C:\Users\user\AppData\Local\Downloaded Installations\{B567D723-533A-4254-ABAB-0B467014446B}\Sage.Eb.eIDSign.Windows.msi
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: Installation Database, Comments: Contact: Your local administrator, Keywords: Installer,MSI,Database, Subject: Blank Project Template, Author: Sage, Security: 1, Number of Pages: 405, Name of Creating Application: InstallShield 2015 - Premier Edition with Virtualization Pack 22, Last Saved Time/Date: Tue Feb 8 17:38:05 2022, Create Time/Date: Tue Feb 8 17:38:05 2022, Last Printed: Tue Feb 8 17:38:05 2022, Revision Number: {B567D723-533A-4254-ABAB-0B467014446B}, Code page: 0, Template: Intel;0,1033,1036,1034
dropped
C:\Users\user\AppData\Local\Temp\MSI6e75e.LOG
Unicode text, UTF-16, little-endian text, with very long lines (326), with CRLF, LF line terminators
dropped
C:\Users\user\AppData\Local\Temp\MSIE8D5.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\{C7A8A1A5-6E4B-4B26-BD0A-B5C9FBE8A2D4}\0x0409.ini
Unicode text, UTF-16, little-endian text, with very long lines (308), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\{C7A8A1A5-6E4B-4B26-BD0A-B5C9FBE8A2D4}\0x040a.ini
Unicode text, UTF-16, little-endian text, with very long lines (308), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\{C7A8A1A5-6E4B-4B26-BD0A-B5C9FBE8A2D4}\0x040c.ini
Unicode text, UTF-16, little-endian text, with very long lines (317), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\{C7A8A1A5-6E4B-4B26-BD0A-B5C9FBE8A2D4}\1033.MST
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Title: Installation Database, Subject: Blank Project Template, Author: Sage, Keywords: Installer,MSI,Database, Comments: Contact: Your local administrator, Create Time/Date: Tue Feb 8 17:38:06 2022, Name of Creating Application: InstallShield 2015 - Premier Edition with Virtualization Pack 22, Security: 1, Template: Intel;0,1033,1036,1034, Last Saved By: Intel;1033, Revision Number: {9F90421B-05FE-4A89-802E-B4C70995335E}2.0.100.25;{9F90421B-05FE-4A89-802E-B4C70995335E}2.0.100.25;{75C82E09-EB7C-4612-8FAD-E0B8438B7465}, Number of Pages: 405, Number of Characters: 1
dropped
C:\Users\user\AppData\Local\Temp\{C7A8A1A5-6E4B-4B26-BD0A-B5C9FBE8A2D4}\Microsoft .NET Framework 4.5 Web .prq
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\{C7A8A1A5-6E4B-4B26-BD0A-B5C9FBE8A2D4}\Sage.Eb.eIDSign.Windows.Installer.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\{C7A8A1A5-6E4B-4B26-BD0A-B5C9FBE8A2D4}\Sage.Eb.eIDSign.Windows.Installer.exe:Zone.Identifier
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\{C7A8A1A5-6E4B-4B26-BD0A-B5C9FBE8A2D4}\Sage.Eb.eIDSign.Windows.msi
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: Installation Database, Comments: Contact: Your local administrator, Keywords: Installer,MSI,Database, Subject: Blank Project Template, Author: Sage, Security: 1, Number of Pages: 405, Name of Creating Application: InstallShield 2015 - Premier Edition with Virtualization Pack 22, Last Saved Time/Date: Tue Feb 8 17:38:05 2022, Create Time/Date: Tue Feb 8 17:38:05 2022, Last Printed: Tue Feb 8 17:38:05 2022, Revision Number: {B567D723-533A-4254-ABAB-0B467014446B}, Code page: 0, Template: Intel;0,1033,1036,1034
dropped
C:\Users\user\AppData\Local\Temp\{C7A8A1A5-6E4B-4B26-BD0A-B5C9FBE8A2D4}\Setup.INI
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\{C7A8A1A5-6E4B-4B26-BD0A-B5C9FBE8A2D4}\_ISMSIDEL.INI
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\~D0E8.tmp
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\~D0E9.tmp
Unicode text, UTF-16, little-endian text, with CRLF line terminators
modified
C:\Users\user\AppData\Local\Temp\~D1A3.tmp
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\~D1B4.tmp
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\~D4F1.tmp
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Windows\Installer\46f826.msi
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: Installation Database, Comments: Contact: Your local administrator, Keywords: Installer,MSI,Database, Subject: Blank Project Template, Author: Sage, Security: 1, Number of Pages: 405, Name of Creating Application: InstallShield 2015 - Premier Edition with Virtualization Pack 22, Last Saved Time/Date: Tue Feb 8 17:38:05 2022, Create Time/Date: Tue Feb 8 17:38:05 2022, Last Printed: Tue Feb 8 17:38:05 2022, Revision Number: {B567D723-533A-4254-ABAB-0B467014446B}, Code page: 0, Template: Intel;0,1033,1036,1034
dropped
C:\Windows\Installer\46f827.mst
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Title: Installation Database, Subject: Blank Project Template, Author: Sage, Keywords: Installer,MSI,Database, Comments: Contact: Your local administrator, Create Time/Date: Tue Feb 8 17:38:06 2022, Name of Creating Application: InstallShield 2015 - Premier Edition with Virtualization Pack 22, Security: 1, Template: Intel;0,1033,1036,1034, Last Saved By: Intel;1033, Revision Number: {9F90421B-05FE-4A89-802E-B4C70995335E}2.0.100.25;{9F90421B-05FE-4A89-802E-B4C70995335E}2.0.100.25;{75C82E09-EB7C-4612-8FAD-E0B8438B7465}, Number of Pages: 405, Number of Characters: 1
dropped
C:\Windows\Installer\46f829.msi
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: Installation Database, Comments: Contact: Your local administrator, Keywords: Installer,MSI,Database, Subject: Blank Project Template, Author: Sage, Security: 1, Number of Pages: 405, Name of Creating Application: InstallShield 2015 - Premier Edition with Virtualization Pack 22, Last Saved Time/Date: Tue Feb 8 17:38:05 2022, Create Time/Date: Tue Feb 8 17:38:05 2022, Last Printed: Tue Feb 8 17:38:05 2022, Revision Number: {B567D723-533A-4254-ABAB-0B467014446B}, Code page: 0, Template: Intel;0,1033,1036,1034
dropped
C:\Windows\Installer\MSI15F.tmp
data
dropped
C:\Windows\Installer\MSI1AE.tmp
PE32 executable (console) Intel 80386, for MS Windows
modified
C:\Windows\Installer\MSIF9FB.tmp
data
dropped
C:\Windows\Installer\SourceHash{9F90421B-05FE-4A89-802E-B4C70995335E}
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Installer\inprogressinstallinfo.ipi
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Installer\{9F90421B-05FE-4A89-802E-B4C70995335E}\1033.MST
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Title: Installation Database, Subject: Blank Project Template, Author: Sage, Keywords: Installer,MSI,Database, Comments: Contact: Your local administrator, Create Time/Date: Tue Feb 8 17:38:06 2022, Name of Creating Application: InstallShield 2015 - Premier Edition with Virtualization Pack 22, Security: 1, Template: Intel;0,1033,1036,1034, Last Saved By: Intel;1033, Revision Number: {9F90421B-05FE-4A89-802E-B4C70995335E}2.0.100.25;{9F90421B-05FE-4A89-802E-B4C70995335E}2.0.100.25;{75C82E09-EB7C-4612-8FAD-E0B8438B7465}, Number of Pages: 405, Number of Characters: 1
dropped
C:\Windows\Installer\{9F90421B-05FE-4A89-802E-B4C70995335E}\ARPPRODUCTICON.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Windows\Installer\{9F90421B-05FE-4A89-802E-B4C70995335E}\Sage.Eb.UniSign.Wi_37336D9213AE4656967C642667C0FAB6.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log
Unicode text, UTF-16, little-endian text, with CRLF line terminators
modified
C:\Windows\Temp\~DF050B908AED57D257.TMP
data
dropped
C:\Windows\Temp\~DF1874328959ECE67C.TMP
data
dropped
C:\Windows\Temp\~DF1CF1D5A034DF72F2.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DF30B048FC0FA2C840.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DF374268AF827577A8.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DF5728993245DD43F6.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DF61A785FE2097878F.TMP
data
dropped
C:\Windows\Temp\~DF63952C9AC8F13992.TMP
data
dropped
C:\Windows\Temp\~DF7E1EEEB666975C99.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DFA2DE60B3C48C5AE5.TMP
data
dropped
C:\Windows\Temp\~DFAC020C12CD79C761.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DFD31B1357449DC22D.TMP
data
dropped
C:\Windows\Temp\~DFE49AB6D4130DAC97.TMP
data
dropped
C:\Windows\Temp\~DFFEE2B1AAC8D702CF.TMP
data
dropped
There are 55 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p
malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
malicious
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup
malicious
C:\Windows\System32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
malicious
C:\Program Files (x86)\Sage\eIDSign\Sage.Eb.UniSign.Windows.exe
"C:\Program Files (x86)\Sage\eIDSign\Sage.Eb.UniSign.Windows.exe"
malicious
C:\Windows\Installer\MSI1AE.tmp
"C:\Windows\Installer\MSI1AE.tmp" im "C:\Program Files (x86)\Sage\eIDSign\\Sage.Eb.UniSign.Windows.Sage-Eb-UniSignWindows.etwManifest.man" /rf:"C:\Program Files (x86)\Sage\eIDSign\\Sage.Eb.UniSign.Windows.Sage-Eb-UniSignWindows.etwManifest.dll" /mf:"C:\Program Files (x86)\Sage\eIDSign\\Sage.Eb.UniSign.Windows.Sage-Eb-UniSignWindows.etwManifest.dll"
malicious
C:\Windows\System32\wevtutil.exe
"C:\Windows\Installer\MSI1AE.tmp" im "C:\Program Files (x86)\Sage\eIDSign\\Sage.Eb.UniSign.Windows.Sage-Eb-UniSignWindows.etwManifest.man" /rf:"C:\Program Files (x86)\Sage\eIDSign\\Sage.Eb.UniSign.Windows.Sage-Eb-UniSignWindows.etwManifest.dll" /mf:"C:\Program Files (x86)\Sage\eIDSign\\Sage.Eb.UniSign.Windows.Sage-Eb-UniSignWindows.etwManifest.dll" /fromwow64
malicious
C:\Program Files (x86)\Sage\eIDSign\Sage.Eb.UniSign.Windows.exe
"C:\Program Files (x86)\Sage\eIDSign\Sage.Eb.UniSign.Windows.exe" firefox-addin
malicious
C:\Users\user\Desktop\Sage.Eb.eIDSign.Windows.Installer.exe
"C:\Users\user\Desktop\Sage.Eb.eIDSign.Windows.Installer.exe"
C:\Users\user\AppData\Local\Temp\{C7A8A1A5-6E4B-4B26-BD0A-B5C9FBE8A2D4}\Sage.Eb.eIDSign.Windows.Installer.exe
C:\Users\user\AppData\Local\Temp\{C7A8A1A5-6E4B-4B26-BD0A-B5C9FBE8A2D4}\Sage.Eb.eIDSign.Windows.Installer.exe /q"C:\Users\user\Desktop\Sage.Eb.eIDSign.Windows.Installer.exe" /tempdisk1folder"C:\Users\user\AppData\Local\Temp\{C7A8A1A5-6E4B-4B26-BD0A-B5C9FBE8A2D4}" /IS_temp
C:\Windows\System32\SgrmBroker.exe
C:\Windows\system32\SgrmBroker.exe
C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\system32\MSIEXEC.EXE" /i "C:\Users\user\AppData\Local\Downloaded Installations\{B567D723-533A-4254-ABAB-0B467014446B}\Sage.Eb.eIDSign.Windows.msi" TRANSFORMS="C:\Users\user\AppData\Local\Downloaded Installations\{B567D723-533A-4254-ABAB-0B467014446B}\1033.MST" SETUPEXEDIR="C:\Users\user\Desktop" SETUPEXENAME="Sage.Eb.eIDSign.Windows.Installer.exe"
C:\Windows\SysWOW64\msiexec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 634E06A54BB5FC4E5F05F278FBCAD869 C
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\explorer.exe
explorer.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 9 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://dev.ditu.live.com/REST/v1/Routes/
unknown
https://dev.virtualearth.net/REST/v1/Routes/Driving
unknown
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
unknown
https://twitter.com/sagespain
unknown
https://dev.virtualearth.net/REST/v1/Routes/Walking
unknown
http://www.installshield.com/isetup/ProErrorCentral.asp?ErrorCode=%d
unknown
https://dev.ditu.live.com/mapcontrol/logging.ashx
unknown
https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
unknown
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
unknown
https://dev.virtualearth.net/REST/v1/Transit/Schedules/
unknown
http://crl.thawte.com/ThawteTimestampingCA.crl0
unknown
https://twitter.com/sagefrance
unknown
http://cacerts.digi
unknown
http://saturn.installshield.com/is/prerequisites/Microsoft
unknown
https://t0.ssl.ak.dynamic
unknown
https://d.sy
unknown
https://t0.ssl.ak.dynamic.tiles.virtuha
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
http://www.flexerasoftware.com0
unknown
http://www.bingmapsportal.com
unknown
https://dev.virtualearth.net/REST/v1/Imagery/Copyright/
unknown
https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
unknown
http://www.sage.comcaRemoveVRoots1ISCHECKFORPRODUCTUPDATESAllUsersApplicationUsersNoAgreeToLicenseCh
unknown
https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
unknown
https://127.0.0.1:48080/UniSign//Tq
unknown
https://t0.s
unknown
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs(e
unknown
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=
unknown
https://dev.ditu.live.com/REST/v1/Transit/Stops/
unknown
http://ocsp.thawte.com0
unknown
https://dev.virtualearth.net/REST/v1/Routes/
unknown
https://dev.virtualearth.net/REST/v1/Traffic/Incidents/
unknown
https://t0.ss
unknown
https://t0.ssl.ak.dynamic.tiles.virtua
unknown
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
unknown
https://dynamic.api.tiles.ditu.live.com/odvs/gri?pv=1&r=
unknown
https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
unknown
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
unknown
https://ecn.dev.virtualearth.net/REST/V1/MapControlConfiguration/native/
unknown
http://www.symauth.com/cps0(
unknown
https://dev.virtualearth.net/REST/v1/Locations
unknown
https://dev.ditu.live.com/REST/V1/MapControlConfiguration/native/
unknown
https://dev.virtualearth.net/mapcontrol/logging.ashx
unknown
http://james.newtonking.com/projects/json
unknown
http://www.newtonsoft.com/jsonschema
unknown
https://plus.google.com/
unknown
https://t0.ssl.ak.dyn
unknown
https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
unknown
https://127.0.0.1:48080/UniSign/
unknown
https://dynamic.t
unknown
https://127.0.0.1
unknown
http://www.symauth.com/rpa00
unknown
https://dev.virtualearth.net/REST/v1/Routes/Transit
unknown
https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
unknown
https://tiles.virtualearth.net/tiles/cmd/StreetSideBubbleMetaData?north=
unknown
http://127.0.0.1:48081/UniSign/
unknown
https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
unknown
http://sv.symcb.co
unknown
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/
unknown
https://dev.ditu.live.com/REST/v1/Locations
unknown
http://www.sage.com
unknown
https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/
unknown
https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
unknown
There are 53 hidden URLs, click here to show them.

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
cval
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A90B05DEF62436E8FD05D53CE1B2CB74ABE8E9FF
Blob
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Sage-Eb-UniSignWindows/Admin
OwningPublisher
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Sage-Eb-UniSignWindows/Admin
Enabled
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Sage-Eb-UniSignWindows/Admin
Isolation
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Sage-Eb-UniSignWindows/Admin
ChannelAccess
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Sage-Eb-UniSignWindows/Admin
Type
malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1
https
malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1
:Range
malicious
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
PendingFileRenameOperations
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Security
c688cf83-9945-5ff6-0e1e-1ff1f8a2ec9a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer
GlobalAssocChangedCounter
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Owner
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
SessionHash
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Sequence
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Config.Msi\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\46f828.rbs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\46f828.rbsLow
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls
C:\Program Files (x86)\Sage\eIDSign\Microsoft.Diagnostics.Tracing.EventSource.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EFD19E51C0F72844E8C5A0438C46044A
B12409F9EF5098A408E24B7C905933E5
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls
C:\Program Files (x86)\Sage\eIDSign\Microsoft.Practices.EnterpriseLibrary.SemanticLogging.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1963AFF04F8D3B243A499655177A03BC
B12409F9EF5098A408E24B7C905933E5
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls
C:\Program Files (x86)\Sage\eIDSign\Newtonsoft.Json.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\56AB228366DFD444CA0600E612518D6E
B12409F9EF5098A408E24B7C905933E5
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls
C:\Program Files (x86)\Sage\eIDSign\Sage.Eb.UniSign.PCL.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\671008639C803CE47A5DCDF00394EC95
B12409F9EF5098A408E24B7C905933E5
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls
C:\Program Files (x86)\Sage\eIDSign\Sage.Eb.UniSign.Windows.Sage-Eb-UniSignWindows.etwManifest.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DEAF4EB38BCC16340B096B150F2E7555
B12409F9EF5098A408E24B7C905933E5
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls
C:\Program Files (x86)\Sage\eIDSign\Sage.Eb.UniSign.Windows.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\802BDE3909CCC414992236B835D086B9
B12409F9EF5098A408E24B7C905933E5
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls
C:\Program Files (x86)\Sage\eIDSign\Security.Cryptography.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6925B6A50CBD80849A6459A5922F935E
B12409F9EF5098A408E24B7C905933E5
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls
C:\Program Files (x86)\Sage\eIDSign\crypto.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9EC9FD0D94C7F6E4E9A5C96FD99A907C
B12409F9EF5098A408E24B7C905933E5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files (x86)\Sage\eIDSign\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files (x86)\Sage\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Windows\Installer\{9F90421B-05FE-4A89-802E-B4C70995335E}\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage\Sage.Eb.UniSign.Windows\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
RegOwner
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
RegCompany
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
ProductID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
LocalPackage
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
AuthorizedCDFPrefix
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
Comments
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
Contact
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
DisplayVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
HelpLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
HelpTelephone
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
InstallDate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
InstallLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
InstallSource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
ModifyPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
Publisher
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
Readme
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
EstimatedSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
URLInfoAbout
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
URLUpdateInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
VersionMajor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
VersionMinor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
WindowsInstaller
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
Version
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
Language
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F90421B-05FE-4A89-802E-B4C70995335E}
AuthorizedCDFPrefix
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F90421B-05FE-4A89-802E-B4C70995335E}
Comments
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F90421B-05FE-4A89-802E-B4C70995335E}
Contact
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F90421B-05FE-4A89-802E-B4C70995335E}
DisplayVersion
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F90421B-05FE-4A89-802E-B4C70995335E}
HelpLink
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F90421B-05FE-4A89-802E-B4C70995335E}
HelpTelephone
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F90421B-05FE-4A89-802E-B4C70995335E}
InstallDate
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F90421B-05FE-4A89-802E-B4C70995335E}
InstallLocation
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F90421B-05FE-4A89-802E-B4C70995335E}
InstallSource
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F90421B-05FE-4A89-802E-B4C70995335E}
ModifyPath
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F90421B-05FE-4A89-802E-B4C70995335E}
Publisher
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F90421B-05FE-4A89-802E-B4C70995335E}
Readme
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F90421B-05FE-4A89-802E-B4C70995335E}
Size
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F90421B-05FE-4A89-802E-B4C70995335E}
EstimatedSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F90421B-05FE-4A89-802E-B4C70995335E}
UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F90421B-05FE-4A89-802E-B4C70995335E}
URLInfoAbout
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F90421B-05FE-4A89-802E-B4C70995335E}
URLUpdateInfo
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F90421B-05FE-4A89-802E-B4C70995335E}
VersionMajor
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F90421B-05FE-4A89-802E-B4C70995335E}
VersionMinor
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F90421B-05FE-4A89-802E-B4C70995335E}
WindowsInstaller
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F90421B-05FE-4A89-802E-B4C70995335E}
Version
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F90421B-05FE-4A89-802E-B4C70995335E}
Language
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\90E28C57C7BE2164F8DA0E8B34B84756
B12409F9EF5098A408E24B7C905933E5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F90421B-05FE-4A89-802E-B4C70995335E}
DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Sage|eIDSign|Microsoft.Diagnostics.Tracing.EventSource.dll
Microsoft.Diagnostics.Tracing.EventSource,Version="1.1.28.0",PublicKeyToken="B03F5F7F11D50A3A",Culture="neutral",FileVersion="65535.0.0.0",ProcessorArchitecture="MSIL"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Sage|eIDSign|Microsoft.Practices.EnterpriseLibrary.SemanticLogging.dll
Microsoft.Practices.EnterpriseLibrary.SemanticLogging,Version="2.0.0.0",Culture="neutral",FileVersion="65535.0.0.0",ProcessorArchitecture="MSIL"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Sage|eIDSign|Newtonsoft.Json.dll
Newtonsoft.Json,Version="8.0.0.0",PublicKeyToken="30AD4FE6B2A6AEED",Culture="neutral",FileVersion="65535.0.0.0",ProcessorArchitecture="MSIL"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Sage|eIDSign|Sage.Eb.UniSign.PCL.dll
Sage.Eb.UniSign.PCL,Version="2.0.0.0",Culture="neutral",FileVersion="65535.0.0.0",ProcessorArchitecture="MSIL"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Sage|eIDSign|Sage.Eb.UniSign.Windows.Sage-Eb-UniSignWindows.etwManifest.dll
Sage.Eb.UniSign.Windows.Sage-Eb-UniSignWindows.etwManifest,Version="0.0.0.0",Culture="neutral",FileVersion="65535.0.0.0",ProcessorArchitecture="MSIL"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Sage|eIDSign|Sage.Eb.UniSign.Windows.exe
Sage.Eb.UniSign.Windows,Version="2.0.0.0",Culture="neutral",FileVersion="65535.0.0.0",ProcessorArchitecture="MSIL"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Sage|eIDSign|Security.Cryptography.dll
Security.Cryptography,Version="1.7.1.0",Culture="neutral",FileVersion="65535.0.0.0",ProcessorArchitecture="MSIL"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Sage|eIDSign|crypto.dll
crypto,Version="1.8.1.0",PublicKeyToken="0E99375E54769942",Culture="neutral",FileVersion="65535.0.0.0",ProcessorArchitecture="MSIL"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\B12409F9EF5098A408E24B7C905933E5
NSUniSignWindows_Files
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\Features
NSUniSignWindows_Files
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\Patches
AllPatches
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B12409F9EF5098A408E24B7C905933E5
ProductName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B12409F9EF5098A408E24B7C905933E5
PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B12409F9EF5098A408E24B7C905933E5
Language
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B12409F9EF5098A408E24B7C905933E5
Version
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B12409F9EF5098A408E24B7C905933E5
Transforms
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B12409F9EF5098A408E24B7C905933E5
Assignment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B12409F9EF5098A408E24B7C905933E5
AdvertiseFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B12409F9EF5098A408E24B7C905933E5
ProductIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B12409F9EF5098A408E24B7C905933E5
InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B12409F9EF5098A408E24B7C905933E5
AuthorizedLUAApp
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B12409F9EF5098A408E24B7C905933E5
DeploymentFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\90E28C57C7BE2164F8DA0E8B34B84756
B12409F9EF5098A408E24B7C905933E5
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B12409F9EF5098A408E24B7C905933E5\SourceList
PackageName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B12409F9EF5098A408E24B7C905933E5\SourceList\Net
1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B12409F9EF5098A408E24B7C905933E5\SourceList\Media
DiskPrompt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B12409F9EF5098A408E24B7C905933E5\SourceList\Media
1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B12409F9EF5098A408E24B7C905933E5
Clients
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B12409F9EF5098A408E24B7C905933E5\SourceList
LastUsedSource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\46f82a.rbs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\46f82a.rbsLow
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\TempPackages
C:\Windows\Installer\46f827.mst
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings
StringCacheGeneration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings
StringCacheGeneration
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\MY\Certificates\B89EFDA003BB8B8D2F0B257B7E4800964D4D006B
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\MY\Keys\4059DC1CBE5E165CBAD0EA1A63AFB7894911ABAD
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\MY\Certificates\B89EFDA003BB8B8D2F0B257B7E4800964D4D006B
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Sage-Eb-UniSignWindows/Debug
OwningPublisher
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Sage-Eb-UniSignWindows/Debug
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Sage-Eb-UniSignWindows/Debug
Isolation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Sage-Eb-UniSignWindows/Debug
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Sage-Eb-UniSignWindows/Debug
Type
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Sage-Eb-UniSignWindows/Analytic
OwningPublisher
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Sage-Eb-UniSignWindows/Analytic
Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Sage-Eb-UniSignWindows/Analytic
Isolation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Sage-Eb-UniSignWindows/Analytic
ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Sage-Eb-UniSignWindows/Analytic
Type
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{59a5d327-553f-5b27-9a3b-89b17532dd9d}
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{59a5d327-553f-5b27-9a3b-89b17532dd9d}
ResourceFileName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{59a5d327-553f-5b27-9a3b-89b17532dd9d}
MessageFileName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{59a5d327-553f-5b27-9a3b-89b17532dd9d}\ChannelReferences
Count
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{59a5d327-553f-5b27-9a3b-89b17532dd9d}\ChannelReferences\0
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{59a5d327-553f-5b27-9a3b-89b17532dd9d}\ChannelReferences\0
Id
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{59a5d327-553f-5b27-9a3b-89b17532dd9d}\ChannelReferences\0
Flags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{59a5d327-553f-5b27-9a3b-89b17532dd9d}\ChannelReferences\1
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{59a5d327-553f-5b27-9a3b-89b17532dd9d}\ChannelReferences\1
Id
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{59a5d327-553f-5b27-9a3b-89b17532dd9d}\ChannelReferences\1
Flags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{59a5d327-553f-5b27-9a3b-89b17532dd9d}\ChannelReferences\2
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{59a5d327-553f-5b27-9a3b-89b17532dd9d}\ChannelReferences\2
Id
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{59a5d327-553f-5b27-9a3b-89b17532dd9d}\ChannelReferences\2
Flags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Autologger\EventLog-Application\{59a5d327-553f-5b27-9a3b-89b17532dd9d}
Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Autologger\EventLog-Application\{59a5d327-553f-5b27-9a3b-89b17532dd9d}
EnableLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Autologger\EventLog-Application\{59a5d327-553f-5b27-9a3b-89b17532dd9d}
LoggerName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Autologger\EventLog-Application\{59a5d327-553f-5b27-9a3b-89b17532dd9d}
MatchAnyKeyword
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Autologger\EventLog-Application\{59a5d327-553f-5b27-9a3b-89b17532dd9d}
MatchAllKeyword
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Autologger\EventLog-Application\{59a5d327-553f-5b27-9a3b-89b17532dd9d}
EnableProperty
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{59a5d327-553f-5b27-9a3b-89b17532dd9d}\ChannelReferences
Count
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\21\417C44EB
@%SystemRoot%\system32\dnsapi.dll,-103
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\21\417C44EB
@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124
There are 151 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
3E7E000
stack
page read and write
1BA8DDB0000
remote allocation
page read and write
80E000
heap
page read and write
650000
heap
page read and write
1DC18881000
heap
page read and write
7BB000
heap
page read and write
79E000
heap
page read and write
62A6F76000
stack
page read and write
5F5467E000
stack
page read and write
7C5000
heap
page read and write
F4D000
trusted library allocation
page execute and read and write
1092000
trusted library allocation
page read and write
1BA8DDB0000
remote allocation
page read and write
93E000
stack
page read and write
2850000
heap
page read and write
22249202000
trusted library allocation
page read and write
1DC18861000
heap
page read and write
711F9FE000
stack
page read and write
51D2000
unkown
page readonly
4D8E000
stack
page read and write
7AA000
heap
page read and write
F50000
trusted library allocation
page read and write
788000
heap
page read and write
79E000
heap
page read and write
77A000
heap
page read and write
7B8000
heap
page read and write
A90000
heap
page read and write
7AA000
heap
page read and write
222489F0000
trusted library allocation
page read and write
7B7000
heap
page read and write
7D2000
heap
page read and write
7A1000
heap
page read and write
5F53E7E000
unkown
page readonly
ACD000
heap
page read and write
21A9E2F0000
heap
page read and write
781000
heap
page read and write
7E1000
heap
page read and write
7B6000
heap
page read and write
1A519B02000
heap
page read and write
7AE000
heap
page read and write
B5A000
heap
page read and write
1DC1886B000
heap
page read and write
21A9E9E4000
heap
page read and write
D40000
heap
page read and write
7AC000
heap
page read and write
711FAFD000
stack
page read and write
37ED000
stack
page read and write
1DC18750000
heap
page read and write
21B000
unkown
page readonly
52B0000
heap
page execute and read and write
AF8000
stack
page read and write
4B0C000
stack
page read and write
7B3000
heap
page read and write
79C000
heap
page read and write
778000
heap
page read and write
4D3407E000
stack
page read and write
2A80000
trusted library allocation
page read and write
1DC18870000
heap
page read and write
F75000
trusted library allocation
page execute and read and write
E5D000
trusted library allocation
page execute and read and write
77E000
heap
page read and write
77E000
heap
page read and write
535000
unkown
page read and write
77B000
heap
page read and write
7BD000
heap
page read and write
21A9E9BA000
heap
page read and write
62A737E000
stack
page read and write
297E000
stack
page read and write
809000
heap
page read and write
79A000
heap
page read and write
22248A13000
heap
page read and write
1BA8C3E0000
trusted library allocation
page read and write
7A1000
heap
page read and write
7AD000
heap
page read and write
1BA8C500000
heap
page read and write
5554000
heap
page read and write
7CB000
heap
page read and write
1BA8C3C0000
trusted library allocation
page read and write
E60000
trusted library allocation
page read and write
7B3000
heap
page read and write
7C0000
heap
page read and write
776000
heap
page read and write
1DC18825000
heap
page read and write
1DC18670000
heap
page read and write
5F539DB000
stack
page read and write
1BA8C48D000
heap
page read and write
2B15000
trusted library allocation
page read and write
1BA8C400000
heap
page read and write
4D342FE000
unkown
page readonly
1BA8C502000
heap
page read and write
7A8000
heap
page read and write
78F000
heap
page read and write
1BA8C390000
heap
page read and write
1A519A81000
heap
page read and write
7D2000
heap
page read and write
1BA8C2B0000
heap
page read and write
7BA000
heap
page read and write
792000
heap
page read and write
21A9E9F7000
heap
page read and write
109B000
trusted library allocation
page execute and read and write
7A8000
heap
page read and write
1DC1884D000
heap
page read and write
798000
heap
page read and write
A70000
heap
page read and write
7AA000
heap
page read and write
2360000
heap
page read and write
696000
heap
page read and write
77E000
heap
page read and write
B7E000
stack
page read and write
7D2000
heap
page read and write
7E0000
heap
page read and write
21A9E3F0000
heap
page read and write
733C5FE000
stack
page read and write
21A9E9F7000
heap
page read and write
7B7000
heap
page read and write
590000
heap
page read and write
7A4000
heap
page read and write
21A9E9B7000
heap
page read and write
5F53CFE000
stack
page read and write
21A9E9E5000
heap
page read and write
22248A00000
heap
page read and write
1A519A65000
heap
page read and write
21A9E9DA000
heap
page read and write
2ADE000
stack
page read and write
E0E000
stack
page read and write
1400000
trusted library allocation
page read and write
1A519A4C000
heap
page read and write
21A9E9CC000
heap
page read and write
78E000
heap
page read and write
79C000
heap
page read and write
2860000
heap
page read and write
3C03000
heap
page execute and read and write
510000
unkown
page readonly
E4E000
stack
page read and write
7B2000
heap
page read and write
7B5000
heap
page read and write
50B0000
unkown
page readonly
14B0000
trusted library allocation
page read and write
7DA000
heap
page read and write
7C5000
heap
page read and write
5CC000
stack
page read and write
5C10000
heap
page read and write
6DE000
stack
page read and write
9FE000
stack
page read and write
22248A48000
heap
page read and write
77D000
heap
page read and write
21A9E30C000
heap
page read and write
7EC000
stack
page read and write
788000
heap
page read and write
7B1000
heap
page read and write
199000
stack
page read and write
1DC1885E000
heap
page read and write
1F1000
unkown
page execute read
1A519A0B000
heap
page read and write
5102000
unkown
page readonly
78F000
heap
page read and write
1DC18833000
heap
page read and write
5570000
heap
page read and write
1DC18848000
heap
page read and write
793000
heap
page read and write
7B7000
heap
page read and write
5081000
trusted library allocation
page read and write
531000
unkown
page write copy
21A9E9BB000
heap
page read and write
78E000
heap
page read and write
62A727E000
unkown
page readonly
7F4000
heap
page read and write
5F5477E000
unkown
page readonly
781000
heap
page read and write
7A5000
heap
page read and write
7C3000
heap
page read and write
F7B000
trusted library allocation
page execute and read and write
7E0000
heap
page read and write
7B2000
heap
page read and write
2840000
heap
page read and write
7A2000
heap
page read and write
21A9E9CE000
heap
page read and write
1DC18780000
trusted library allocation
page read and write
7E5000
heap
page read and write
2C6E000
stack
page read and write
78E000
heap
page read and write
29EA000
heap
page read and write
5F5457E000
unkown
page readonly
7A8000
heap
page read and write
7BD000
heap
page read and write
1DC18827000
heap
page read and write
21A9E9E0000
heap
page read and write
1A519A00000
heap
page read and write
7D4000
heap
page read and write
78E000
heap
page read and write
22248A37000
heap
page read and write
7ED000
heap
page read and write
1DC18650000
heap
page read and write
62A767E000
unkown
page readonly
797000
heap
page read and write
7A7000
heap
page read and write
7F6000
heap
page read and write
10B0000
trusted library allocation
page read and write
A3F000
stack
page read and write
21A9E9B0000
heap
page read and write
F72000
trusted library allocation
page read and write
4013000
heap
page read and write
1A5199D0000
trusted library allocation
page read and write
4ECE000
stack
page read and write
7A4000
heap
page read and write
77B000
heap
page read and write
21A9E9EA000
heap
page read and write
788000
heap
page read and write
7AC000
heap
page read and write
7A6000
heap
page read and write
5138000
trusted library allocation
page read and write
3658000
trusted library allocation
page read and write
21A9E9C8000
heap
page read and write
78E000
heap
page read and write
655000
heap
page read and write
7F0000
heap
page read and write
1BA8C413000
heap
page read and write
1BA8C513000
heap
page read and write
7AF000
heap
page read and write
7A6000
heap
page read and write
4D33EFD000
stack
page read and write
7BD000
heap
page read and write
7A4000
heap
page read and write
79E000
heap
page read and write
7A3000
heap
page read and write
2A90000
heap
page read and write
2B5F000
stack
page read and write
1BA8C528000
heap
page read and write
3C77000
trusted library allocation
page read and write
F5D000
trusted library allocation
page execute and read and write
7F0000
heap
page read and write
2CA2000
trusted library allocation
page read and write
19A000
stack
page read and write
217000
unkown
page write copy
F60000
trusted library allocation
page read and write
4D336FD000
stack
page read and write
21A9E9B5000
heap
page read and write
1A51A200000
heap
page read and write
794000
heap
page read and write
7E9000
heap
page read and write
1DC18841000
heap
page read and write
1130000
heap
page read and write
7B0000
heap
page read and write
781000
heap
page read and write
29E0000
heap
page read and write
51D0000
unkown
page readonly
2550000
heap
page read and write
259D000
stack
page read and write
D8F000
heap
page read and write
CD8000
heap
page read and write
1DC18868000
heap
page read and write
77F000
heap
page read and write
61E000
stack
page read and write
711FCFE000
stack
page read and write
21A9E9E4000
heap
page read and write
21A9E9D3000
heap
page read and write
5F5437E000
unkown
page readonly
79B000
heap
page read and write
7D7000
heap
page read and write
740000
heap
page read and write
772000
heap
page read and write
21A9E490000
heap
page read and write
E54000
trusted library allocation
page read and write
21A9E320000
heap
page read and write
7A7000
heap
page read and write
7A2000
heap
page read and write
807000
heap
page read and write
7D3000
heap
page read and write
1540000
heap
page execute and read and write
21A9E9F9000
heap
page read and write
E6D000
trusted library allocation
page execute and read and write
21A9E9B4000
heap
page read and write
1120000
trusted library allocation
page read and write
21A9E9B7000
heap
page read and write
E50000
trusted library allocation
page read and write
21A9E311000
heap
page read and write
1DC1885B000
heap
page read and write
5130000
trusted library allocation
page read and write
222489B0000
heap
page read and write
77E000
heap
page read and write
4D33FFE000
unkown
page readonly
5128000
unkown
page readonly
218000
unkown
page readonly
7B7000
heap
page read and write
F66000
trusted library allocation
page execute and read and write
21A9E9CE000
heap
page read and write
21A9E9D5000
heap
page read and write
78E000
heap
page read and write
1DC18844000
heap
page read and write
7FC000
heap
page read and write
7D3000
heap
page read and write
E70000
trusted library allocation
page read and write
7A0000
heap
page read and write
1A5198A0000
heap
page read and write
7CA000
heap
page read and write
4D3307B000
stack
page read and write
50D0000
trusted library allocation
page read and write
7F0000
heap
page read and write
778000
heap
page read and write
1A519A2B000
heap
page read and write
5F53DFE000
stack
page read and write
7D1000
heap
page read and write
7F8000
heap
page read and write
797000
heap
page read and write
29EE000
heap
page read and write
1DC1889D000
heap
page read and write
7BF000
heap
page read and write
22248990000
heap
page read and write
78E000
heap
page read and write
778000
heap
page read and write
7A8000
heap
page read and write
790000
heap
page read and write
5134000
trusted library allocation
page read and write
7F6000
heap
page read and write
74C000
heap
page read and write
E76000
trusted library allocation
page execute and read and write
1110000
trusted library allocation
page read and write
21A9E9E4000
heap
page read and write
21A9E9BA000
heap
page read and write
7FA000
heap
page read and write
4970000
trusted library allocation
page execute and read and write
7C5000
heap
page read and write
788000
heap
page read and write
7AA000
heap
page read and write
AFF000
stack
page read and write
1BA8DDB0000
remote allocation
page read and write
79F000
heap
page read and write
54CB000
stack
page read and write
21A9E9F0000
heap
page read and write
1DC188A8000
heap
page read and write
7E3000
heap
page read and write
21A9E9BA000
heap
page read and write
779000
heap
page read and write
5F53D7E000
unkown
page readonly
78E000
heap
page read and write
1505000
trusted library allocation
page read and write
793000
heap
page read and write
21A9E2F9000
heap
page read and write
7AC000
heap
page read and write
1DC1886E000
heap
page read and write
1DC188A4000
heap
page read and write
792000
heap
page read and write
788000
heap
page read and write
7A0000
heap
page read and write
21A9E9B2000
heap
page read and write
789000
heap
page read and write
23E0000
heap
page read and write
78F000
heap
page read and write
7CE000
heap
page read and write
21A9E9F7000
heap
page read and write
535000
unkown
page read and write
3C66000
trusted library allocation
page read and write
7A8000
heap
page read and write
7D4000
heap
page read and write
590000
heap
page read and write
4D33CFE000
stack
page read and write
21A9E2D0000
heap
page read and write
1BA8C402000
heap
page read and write
7BA000
heap
page read and write
78E000
heap
page read and write
4D33AFE000
unkown
page readonly
1A519A83000
heap
page read and write
62A717B000
stack
page read and write
7BA000
heap
page read and write
78E000
heap
page read and write
21A9E9DE000
heap
page read and write
21A9E440000
heap
page read and write
1DC1888F000
heap
page read and write
3C60000
trusted library allocation
page read and write
7BD000
heap
page read and write
79C000
heap
page read and write
7A7000
heap
page read and write
7B4000
heap
page read and write
7E1000
heap
page read and write
4D341FE000
stack
page read and write
2661000
trusted library allocation
page read and write
7C6000
heap
page read and write
50C2000
unkown
page readonly
401000
unkown
page execute read
798000
heap
page read and write
7C7000
heap
page read and write
3C79000
trusted library allocation
page read and write
7A7000
heap
page read and write
7BF000
heap
page read and write
5F5427E000
stack
page read and write
78E000
heap
page read and write
2B20000
trusted library allocation
page read and write
512000
unkown
page readonly
7B8000
heap
page read and write
7D2000
heap
page read and write
778000
heap
page read and write
794000
heap
page read and write
9A000
stack
page read and write
1A519B13000
heap
page read and write
179B000
trusted library allocation
page read and write
792000
heap
page read and write
50B2000
unkown
page readonly
7B0000
heap
page read and write
7E2000
heap
page read and write
7B9000
heap
page read and write
4EF000
unkown
page readonly
790000
heap
page read and write
762000
heap
page read and write
4FCE000
stack
page read and write
53C000
unkown
page readonly
D07000
heap
page read and write
4D33A7D000
stack
page read and write
2C00000
heap
page read and write
1F0000
unkown
page readonly
BFF000
stack
page read and write
7A2000
heap
page read and write
CD0000
heap
page read and write
79B000
heap
page read and write
22248A02000
heap
page read and write
7C5000
heap
page read and write
3BE0000
trusted library allocation
page read and write
E7A000
trusted library allocation
page execute and read and write
10FE000
stack
page read and write
1651000
trusted library allocation
page read and write
531000
unkown
page read and write
8F8000
stack
page read and write
21A9E1F0000
heap
page read and write
783000
heap
page read and write
1DC19002000
trusted library allocation
page read and write
544E000
stack
page read and write
7AA000
heap
page read and write
22248A50000
heap
page read and write
1BA8C440000
heap
page read and write
E53000
trusted library allocation
page execute and read and write
F62000
trusted library allocation
page read and write
7FB000
heap
page read and write
3FC6000
heap
page read and write
778000
heap
page read and write
711F87C000
stack
page read and write
5F5447E000
stack
page read and write
7C4000
heap
page read and write
D20000
heap
page read and write
1516000
trusted library allocation
page read and write
7CA000
heap
page read and write
2651000
trusted library allocation
page read and write
A9A000
heap
page read and write
5020000
trusted library allocation
page read and write
796000
heap
page read and write
76C000
heap
page read and write
7A0000
heap
page read and write
7DE000
heap
page read and write
5010000
heap
page execute and read and write
1DC1886D000
heap
page read and write
164E000
stack
page read and write
7F2000
heap
page read and write
21A9E9D1000
heap
page read and write
F77000
trusted library allocation
page execute and read and write
7AC000
heap
page read and write
77E000
heap
page read and write
733C4FE000
stack
page read and write
779000
heap
page read and write
52C0000
unkown
page readonly
21A9E9CB000
heap
page read and write
7A6000
heap
page read and write
CC0000
trusted library allocation
page read and write
78E000
heap
page read and write
22248A5A000
heap
page read and write
3B7F000
trusted library allocation
page read and write
930000
heap
page read and write
7A0000
heap
page read and write
2C71000
trusted library allocation
page read and write
25DD000
stack
page read and write
62A68EB000
stack
page read and write
F6A000
trusted library allocation
page execute and read and write
690000
heap
page read and write
77E000
heap
page read and write
50DE000
stack
page read and write
22248A16000
heap
page read and write
796000
heap
page read and write
7AE000
heap
page read and write
7AA000
heap
page read and write
52C2000
unkown
page readonly
2B60000
heap
page execute and read and write
4D337FE000
unkown
page readonly
401C000
heap
page read and write
55CF000
stack
page read and write
1BA8C461000
heap
page read and write
21A9E9D9000
heap
page read and write
7CF000
heap
page read and write
792000
heap
page read and write
4D4E000
stack
page read and write
7FA000
heap
page read and write
798000
heap
page read and write
791000
heap
page read and write
733C57E000
stack
page read and write
56D000
unkown
page readonly
7B8000
heap
page read and write
7AA000
heap
page read and write
778000
heap
page read and write
7D1000
heap
page read and write
7A7000
heap
page read and write
4950000
trusted library allocation
page execute and read and write
1DC18859000
heap
page read and write
7C8000
heap
page read and write
7AE000
heap
page read and write
7A4000
heap
page read and write
792000
heap
page read and write
1A519A8D000
heap
page read and write
7BD000
heap
page read and write
779000
heap
page read and write
1A519A94000
heap
page read and write
77B000
heap
page read and write
7A4000
heap
page read and write
21A9E9DD000
heap
page read and write
1136000
heap
page read and write
62A757E000
stack
page read and write
79B000
heap
page read and write
2AEE000
trusted library allocation
page read and write
21A9E316000
heap
page read and write
790000
heap
page read and write
79E000
heap
page read and write
1DC1886C000
heap
page read and write
78E000
heap
page read and write
1BA8C517000
heap
page read and write
21A9E9D9000
heap
page read and write
108E000
stack
page read and write
7A3000
heap
page read and write
7CB000
heap
page read and write
7B7000
heap
page read and write
4E8E000
stack
page read and write
780000
heap
page read and write
53B000
unkown
page readonly
4910000
trusted library allocation
page read and write
5550000
heap
page read and write
7D3000
heap
page read and write
1A51A215000
heap
page read and write
80B000
heap
page read and write
D45000
heap
page read and write
1DC18857000
heap
page read and write
4D3337D000
stack
page read and write
3C00000
heap
page execute and read and write
4D33BFE000
unkown
page readonly
A9E000
heap
page read and write
7A2000
heap
page read and write
144E000
stack
page read and write
7EC000
heap
page read and write
7BD000
heap
page read and write
21A9E9C7000
heap
page read and write
A20000
heap
page read and write
21A9E9E8000
heap
page read and write
77B000
heap
page read and write
7D0000
heap
page read and write
3FD0000
heap
page read and write
7FC000
heap
page read and write
21A9E9FE000
heap
page read and write
1DC1885D000
heap
page read and write
733C47B000
stack
page read and write
1BA8C290000
heap
page read and write
1687000
trusted library allocation
page read and write
3FC0000
heap
page read and write
7DC000
heap
page read and write
1DC1884B000
heap
page read and write
79F000
heap
page read and write
F40000
trusted library allocation
page read and write
1BA8DE02000
trusted library allocation
page read and write
780000
heap
page read and write
76E000
stack
page read and write
7F0000
heap
page read and write
14A0000
heap
page read and write
77A000
heap
page read and write
1BA8C490000
heap
page read and write
1490000
trusted library allocation
page execute and read and write
77F000
heap
page read and write
A7E000
stack
page read and write
75F000
heap
page read and write
7CA000
heap
page read and write
1DC1885F000
heap
page read and write
1A519A13000
heap
page read and write
7C0000
heap
page read and write
1097000
trusted library allocation
page execute and read and write
7D2000
heap
page read and write
80B000
heap
page read and write
7B8000
heap
page read and write
1DC18851000
heap
page read and write
7A7000
heap
page read and write
53CA000
unkown
page readonly
F80000
heap
page read and write
5DE000
stack
page read and write
5100000
unkown
page readonly
7D7000
heap
page read and write
3C6F000
trusted library allocation
page read and write
217000
unkown
page read and write
1BA8C45F000
heap
page read and write
7A4000
heap
page read and write
AC0000
heap
page read and write
7A3000
heap
page read and write
1090000
trusted library allocation
page read and write
1DC18831000
heap
page read and write
57D000
unkown
page readonly
1A5199A0000
heap
page read and write
3B70000
trusted library allocation
page read and write
1510000
trusted library allocation
page read and write
7D8000
heap
page read and write
79A000
heap
page read and write
50F0000
trusted library allocation
page read and write
4D338FE000
stack
page read and write
1DC1885A000
heap
page read and write
670000
heap
page read and write
1A519A7C000
heap
page read and write
7F0000
heap
page read and write
7BD000
heap
page read and write
7A6000
heap
page read and write
2553000
heap
page read and write
21A9E495000
heap
page read and write
3B90000
trusted library allocation
page read and write
1A519A40000
heap
page read and write
1A519B00000
heap
page read and write
77E000
heap
page read and write
79A000
heap
page read and write
7DA000
heap
page read and write
7AC000
heap
page read and write
77E000
heap
page read and write
4D339FE000
unkown
page readonly
2B1E000
stack
page read and write
781000
heap
page read and write
22248B02000
heap
page read and write
21A9E9DE000
heap
page read and write
21A9E9EF000
heap
page read and write
123F000
stack
page read and write
7AC000
heap
page read and write
23CD000
heap
page read and write
1DC1884F000
heap
page read and write
1DC18813000
heap
page read and write
79C000
heap
page read and write
B80000
heap
page read and write
3B7A000
trusted library allocation
page read and write
21A9E9ED000
heap
page read and write
522E000
stack
page read and write
7B8000
heap
page read and write
7C6000
heap
page read and write
7F6000
heap
page read and write
4EF000
unkown
page readonly
1DC1888D000
heap
page read and write
1DC18800000
heap
page read and write
7D3000
heap
page read and write
3C71000
trusted library allocation
page read and write
1514000
trusted library allocation
page read and write
F8E000
stack
page read and write
780000
heap
page read and write
7BD000
heap
page read and write
2A86000
trusted library allocation
page read and write
1100000
trusted library allocation
page execute and read and write
3CDE000
stack
page read and write
7B6000
heap
page read and write
7C5000
heap
page read and write
B60000
heap
page read and write
21A9E9B3000
heap
page read and write
78E000
heap
page read and write
1A519A39000
heap
page read and write
222489C0000
heap
page read and write
1A5198C0000
heap
page read and write
1BA8C42B000
heap
page read and write
77B000
heap
page read and write
F44000
trusted library allocation
page read and write
7BD000
heap
page read and write
1DC1883A000
heap
page read and write
21A9E9E2000
heap
page read and write
537000
unkown
page read and write
511E000
stack
page read and write
3CE0000
trusted library allocation
page read and write
9B000
stack
page read and write
7AA000
heap
page read and write
1DC188A2000
heap
page read and write
1DC18886000
heap
page read and write
792000
heap
page read and write
7F0000
heap
page read and write
79E000
heap
page read and write
29ED000
heap
page read and write
793000
heap
page read and write
196000
stack
page read and write
F30000
trusted library allocation
page read and write
62A747E000
unkown
page readonly
7AF000
heap
page read and write
3C71000
trusted library allocation
page read and write
7AE000
heap
page read and write
7D1000
heap
page read and write
4D33DFE000
unkown
page readonly
7F4000
heap
page read and write
79A000
heap
page read and write
4D33B7E000
stack
page read and write
1A519A92000
heap
page read and write
7E0000
heap
page read and write
1DC18902000
heap
page read and write
21A9E9BE000
heap
page read and write
788000
heap
page read and write
1DC18862000
heap
page read and write
5192000
unkown
page readonly
7D3000
heap
page read and write
7D3000
heap
page read and write
21A9E9C0000
heap
page read and write
1DC18867000
heap
page read and write
79C000
heap
page read and write
7D0000
heap
page read and write
21A9E9D2000
heap
page read and write
776000
heap
page read and write
1DC18865000
heap
page read and write
1DC1889F000
heap
page read and write
620000
heap
page read and write
531000
unkown
page read and write
F43000
trusted library allocation
page execute and read and write
4C09000
stack
page read and write
7A5000
heap
page read and write
1DC18853000
heap
page read and write
7BE000
heap
page read and write
4D333FE000
stack
page readonly
21A9E9E3000
heap
page read and write
78E000
heap
page read and write
193000
stack
page read and write
1A51A202000
heap
page read and write
CF9000
heap
page read and write
7AC000
heap
page read and write
21A9E9EB000
heap
page read and write
7BF000
heap
page read and write
21A9E9E4000
heap
page read and write
79E000
heap
page read and write
71E000
stack
page read and write
1DC18855000
heap
page read and write
21A9E9CE000
heap
page read and write
2CFB000
trusted library allocation
page read and write
796000
heap
page read and write
1DC1883F000
heap
page read and write
1DC18897000
heap
page read and write
792000
heap
page read and write
79B000
heap
page read and write
4C4E000
stack
page read and write
780000
heap
page read and write
218000
unkown
page readonly
7BD000
heap
page read and write
76C000
heap
page read and write
62A707E000
unkown
page readonly
29BF000
stack
page read and write
3B80000
trusted library allocation
page read and write
5342000
unkown
page readonly
78E000
heap
page read and write
79E000
heap
page read and write
7FA000
heap
page read and write
3C99000
trusted library allocation
page read and write
E80000
heap
page read and write
4D340FE000
unkown
page readonly
801000
heap
page read and write
21A9E9CE000
heap
page read and write
5F53EFE000
stack
page read and write
79E000
heap
page read and write
1BA8C471000
heap
page read and write
1DC18836000
heap
page read and write
5F53F7E000
unkown
page readonly
799000
heap
page read and write
4FF0000
trusted library allocation
page execute and read and write
7D7000
heap
page read and write
7AC000
heap
page read and write
711F67B000
stack
page read and write
22248A74000
heap
page read and write
21A9E9FC000
heap
page read and write
50E0000
trusted library allocation
page read and write
21A9E9D9000
heap
page read and write
14C0000
trusted library allocation
page read and write
2D3D000
trusted library allocation
page read and write
7A7000
heap
page read and write
774000
heap
page read and write
7B8000
heap
page read and write
78E000
heap
page read and write
797000
heap
page read and write
7AC000
heap
page read and write
711FBFC000
stack
page read and write
1DC18858000
heap
page read and write
554F000
stack
page read and write
7A5000
heap
page read and write
7B7000
heap
page read and write
800000
heap
page read and write
22248A6F000
heap
page read and write
4940000
trusted library allocation
page read and write
1095000
trusted library allocation
page execute and read and write
A10000
heap
page read and write
21A9E31C000
heap
page read and write
5140000
heap
page read and write
7AD000
heap
page read and write
779000
heap
page read and write
78F000
heap
page read and write
7E4000
heap
page read and write
7A2000
heap
page read and write
3B7C000
trusted library allocation
page read and write
AD0000
heap
page read and write
C9E000
stack
page read and write
7C0000
heap
page read and write
7D2000
heap
page read and write
77D000
heap
page read and write
2380000
heap
page read and write
78E000
heap
page read and write
4D6D000
stack
page read and write
771000
heap
page read and write
2657000
trusted library allocation
page read and write
B50000
heap
page read and write
DA0000
heap
page read and write
400000
unkown
page readonly
790000
heap
page read and write
7B8000
heap
page read and write
7D7000
heap
page read and write
21A9E328000
heap
page read and write
79D000
heap
page read and write
526E000
stack
page read and write
79F000
heap
page read and write
782000
heap
page read and write
1520000
trusted library allocation
page read and write
7D1000
heap
page read and write
5190000
unkown
page readonly
148C000
stack
page read and write
7A2000
heap
page read and write
7A0000
heap
page read and write
There are 803 hidden memdumps, click here to show them.