Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
Sage.Eb.eIDSign.Windows.Installer.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
C:\Program Files (x86)\Sage\eIDSign\Sage.Eb.UniSign.Windows.exe
|
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
C:\Program Files (x86)\Sage\eIDSign\Sage.Eb.UniSign.Windows.exe.config
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\m8f4v4pw.default\user.js
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\user.js
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Config.Msi\46f828.rbs
|
data
|
dropped
|
||
C:\Config.Msi\46f82a.rbs
|
data
|
dropped
|
||
C:\Program Files (x86)\Sage\eIDSign\Microsoft.Diagnostics.Tracing.EventSource.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
C:\Program Files (x86)\Sage\eIDSign\Microsoft.Practices.EnterpriseLibrary.SemanticLogging.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
C:\Program Files (x86)\Sage\eIDSign\Newtonsoft.Json.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
C:\Program Files (x86)\Sage\eIDSign\Sage.Eb.UniSign.PCL.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
C:\Program Files (x86)\Sage\eIDSign\Sage.Eb.UniSign.Windows.Sage-Eb-UniSignWindows.etwManifest.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
C:\Program Files (x86)\Sage\eIDSign\Sage.Eb.UniSign.Windows.Sage-Eb-UniSignWindows.etwManifest.man
|
ASCII text, with very long lines (493), with CRLF line terminators
|
dropped
|
||
C:\Program Files (x86)\Sage\eIDSign\Security.Cryptography.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
C:\Program Files (x86)\Sage\eIDSign\crypto.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
C:\Program Files (x86)\Sage\eIDSign\eIDSignCa.cer
|
Certificate, Version=3
|
dropped
|
||
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b583aac24530c067308fa99a4fa8011e_9e146be9-c76a-4720-bcdb-53011b87bd06
|
data
|
dropped
|
||
C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\b583aac24530c067308fa99a4fa8011e_9e146be9-c76a-4720-bcdb-53011b87bd06
|
data
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage\Sage.Eb.UniSign.Windows\Launch Sage.Eb.UniSign.Windows.exe.lnk
|
MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, Has command line arguments, Icon number=0,
ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
|
dropped
|
||
C:\Users\user\AppData\Local\Downloaded Installations\{B567D723-533A-4254-ABAB-0B467014446B}\1033.MST
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Title: Installation Database,
Subject: Blank Project Template, Author: Sage, Keywords: Installer,MSI,Database, Comments: Contact: Your local administrator,
Create Time/Date: Tue Feb 8 17:38:06 2022, Name of Creating Application: InstallShield 2015 - Premier Edition with Virtualization
Pack 22, Security: 1, Template: Intel;0,1033,1036,1034, Last Saved By: Intel;1033, Revision Number: {9F90421B-05FE-4A89-802E-B4C70995335E}2.0.100.25;{9F90421B-05FE-4A89-802E-B4C70995335E}2.0.100.25;{75C82E09-EB7C-4612-8FAD-E0B8438B7465},
Number of Pages: 405, Number of Characters: 1
|
dropped
|
||
C:\Users\user\AppData\Local\Downloaded Installations\{B567D723-533A-4254-ABAB-0B467014446B}\Sage.Eb.eIDSign.Windows.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Number of Characters: 0, Last
Saved By: InstallShield, Number of Words: 0, Title: Installation Database, Comments: Contact: Your local administrator, Keywords:
Installer,MSI,Database, Subject: Blank Project Template, Author: Sage, Security: 1, Number of Pages: 405, Name of Creating
Application: InstallShield 2015 - Premier Edition with Virtualization Pack 22, Last Saved Time/Date: Tue Feb 8 17:38:05
2022, Create Time/Date: Tue Feb 8 17:38:05 2022, Last Printed: Tue Feb 8 17:38:05 2022, Revision Number: {B567D723-533A-4254-ABAB-0B467014446B},
Code page: 0, Template: Intel;0,1033,1036,1034
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\MSI6e75e.LOG
|
Unicode text, UTF-16, little-endian text, with very long lines (326), with CRLF, LF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\MSIE8D5.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\{C7A8A1A5-6E4B-4B26-BD0A-B5C9FBE8A2D4}\0x0409.ini
|
Unicode text, UTF-16, little-endian text, with very long lines (308), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\{C7A8A1A5-6E4B-4B26-BD0A-B5C9FBE8A2D4}\0x040a.ini
|
Unicode text, UTF-16, little-endian text, with very long lines (308), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\{C7A8A1A5-6E4B-4B26-BD0A-B5C9FBE8A2D4}\0x040c.ini
|
Unicode text, UTF-16, little-endian text, with very long lines (317), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\{C7A8A1A5-6E4B-4B26-BD0A-B5C9FBE8A2D4}\1033.MST
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Title: Installation Database,
Subject: Blank Project Template, Author: Sage, Keywords: Installer,MSI,Database, Comments: Contact: Your local administrator,
Create Time/Date: Tue Feb 8 17:38:06 2022, Name of Creating Application: InstallShield 2015 - Premier Edition with Virtualization
Pack 22, Security: 1, Template: Intel;0,1033,1036,1034, Last Saved By: Intel;1033, Revision Number: {9F90421B-05FE-4A89-802E-B4C70995335E}2.0.100.25;{9F90421B-05FE-4A89-802E-B4C70995335E}2.0.100.25;{75C82E09-EB7C-4612-8FAD-E0B8438B7465},
Number of Pages: 405, Number of Characters: 1
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\{C7A8A1A5-6E4B-4B26-BD0A-B5C9FBE8A2D4}\Microsoft .NET Framework 4.5 Web .prq
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\{C7A8A1A5-6E4B-4B26-BD0A-B5C9FBE8A2D4}\Sage.Eb.eIDSign.Windows.Installer.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\{C7A8A1A5-6E4B-4B26-BD0A-B5C9FBE8A2D4}\Sage.Eb.eIDSign.Windows.Installer.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\{C7A8A1A5-6E4B-4B26-BD0A-B5C9FBE8A2D4}\Sage.Eb.eIDSign.Windows.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Number of Characters: 0, Last
Saved By: InstallShield, Number of Words: 0, Title: Installation Database, Comments: Contact: Your local administrator, Keywords:
Installer,MSI,Database, Subject: Blank Project Template, Author: Sage, Security: 1, Number of Pages: 405, Name of Creating
Application: InstallShield 2015 - Premier Edition with Virtualization Pack 22, Last Saved Time/Date: Tue Feb 8 17:38:05
2022, Create Time/Date: Tue Feb 8 17:38:05 2022, Last Printed: Tue Feb 8 17:38:05 2022, Revision Number: {B567D723-533A-4254-ABAB-0B467014446B},
Code page: 0, Template: Intel;0,1033,1036,1034
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\{C7A8A1A5-6E4B-4B26-BD0A-B5C9FBE8A2D4}\Setup.INI
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\{C7A8A1A5-6E4B-4B26-BD0A-B5C9FBE8A2D4}\_ISMSIDEL.INI
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\~D0E8.tmp
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\~D0E9.tmp
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
modified
|
||
C:\Users\user\AppData\Local\Temp\~D1A3.tmp
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\~D1B4.tmp
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\~D4F1.tmp
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Windows\Installer\46f826.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Number of Characters: 0, Last
Saved By: InstallShield, Number of Words: 0, Title: Installation Database, Comments: Contact: Your local administrator, Keywords:
Installer,MSI,Database, Subject: Blank Project Template, Author: Sage, Security: 1, Number of Pages: 405, Name of Creating
Application: InstallShield 2015 - Premier Edition with Virtualization Pack 22, Last Saved Time/Date: Tue Feb 8 17:38:05
2022, Create Time/Date: Tue Feb 8 17:38:05 2022, Last Printed: Tue Feb 8 17:38:05 2022, Revision Number: {B567D723-533A-4254-ABAB-0B467014446B},
Code page: 0, Template: Intel;0,1033,1036,1034
|
dropped
|
||
C:\Windows\Installer\46f827.mst
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Title: Installation Database,
Subject: Blank Project Template, Author: Sage, Keywords: Installer,MSI,Database, Comments: Contact: Your local administrator,
Create Time/Date: Tue Feb 8 17:38:06 2022, Name of Creating Application: InstallShield 2015 - Premier Edition with Virtualization
Pack 22, Security: 1, Template: Intel;0,1033,1036,1034, Last Saved By: Intel;1033, Revision Number: {9F90421B-05FE-4A89-802E-B4C70995335E}2.0.100.25;{9F90421B-05FE-4A89-802E-B4C70995335E}2.0.100.25;{75C82E09-EB7C-4612-8FAD-E0B8438B7465},
Number of Pages: 405, Number of Characters: 1
|
dropped
|
||
C:\Windows\Installer\46f829.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Number of Characters: 0, Last
Saved By: InstallShield, Number of Words: 0, Title: Installation Database, Comments: Contact: Your local administrator, Keywords:
Installer,MSI,Database, Subject: Blank Project Template, Author: Sage, Security: 1, Number of Pages: 405, Name of Creating
Application: InstallShield 2015 - Premier Edition with Virtualization Pack 22, Last Saved Time/Date: Tue Feb 8 17:38:05
2022, Create Time/Date: Tue Feb 8 17:38:05 2022, Last Printed: Tue Feb 8 17:38:05 2022, Revision Number: {B567D723-533A-4254-ABAB-0B467014446B},
Code page: 0, Template: Intel;0,1033,1036,1034
|
dropped
|
||
C:\Windows\Installer\MSI15F.tmp
|
data
|
dropped
|
||
C:\Windows\Installer\MSI1AE.tmp
|
PE32 executable (console) Intel 80386, for MS Windows
|
modified
|
||
C:\Windows\Installer\MSIF9FB.tmp
|
data
|
dropped
|
||
C:\Windows\Installer\SourceHash{9F90421B-05FE-4A89-802E-B4C70995335E}
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
C:\Windows\Installer\inprogressinstallinfo.ipi
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
C:\Windows\Installer\{9F90421B-05FE-4A89-802E-B4C70995335E}\1033.MST
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Title: Installation Database,
Subject: Blank Project Template, Author: Sage, Keywords: Installer,MSI,Database, Comments: Contact: Your local administrator,
Create Time/Date: Tue Feb 8 17:38:06 2022, Name of Creating Application: InstallShield 2015 - Premier Edition with Virtualization
Pack 22, Security: 1, Template: Intel;0,1033,1036,1034, Last Saved By: Intel;1033, Revision Number: {9F90421B-05FE-4A89-802E-B4C70995335E}2.0.100.25;{9F90421B-05FE-4A89-802E-B4C70995335E}2.0.100.25;{75C82E09-EB7C-4612-8FAD-E0B8438B7465},
Number of Pages: 405, Number of Characters: 1
|
dropped
|
||
C:\Windows\Installer\{9F90421B-05FE-4A89-802E-B4C70995335E}\ARPPRODUCTICON.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Windows\Installer\{9F90421B-05FE-4A89-802E-B4C70995335E}\Sage.Eb.UniSign.Wi_37336D9213AE4656967C642667C0FAB6.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
modified
|
||
C:\Windows\Temp\~DF050B908AED57D257.TMP
|
data
|
dropped
|
||
C:\Windows\Temp\~DF1874328959ECE67C.TMP
|
data
|
dropped
|
||
C:\Windows\Temp\~DF1CF1D5A034DF72F2.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
C:\Windows\Temp\~DF30B048FC0FA2C840.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
C:\Windows\Temp\~DF374268AF827577A8.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
C:\Windows\Temp\~DF5728993245DD43F6.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
C:\Windows\Temp\~DF61A785FE2097878F.TMP
|
data
|
dropped
|
||
C:\Windows\Temp\~DF63952C9AC8F13992.TMP
|
data
|
dropped
|
||
C:\Windows\Temp\~DF7E1EEEB666975C99.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
C:\Windows\Temp\~DFA2DE60B3C48C5AE5.TMP
|
data
|
dropped
|
||
C:\Windows\Temp\~DFAC020C12CD79C761.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
C:\Windows\Temp\~DFD31B1357449DC22D.TMP
|
data
|
dropped
|
||
C:\Windows\Temp\~DFE49AB6D4130DAC97.TMP
|
data
|
dropped
|
||
C:\Windows\Temp\~DFFEE2B1AAC8D702CF.TMP
|
data
|
dropped
|
There are 55 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k NetworkService -p
|
||
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
|
||
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
|
||
C:\Windows\System32\svchost.exe
|
C:\Windows\system32\svchost.exe -k UnistackSvcGroup
|
||
C:\Windows\System32\msiexec.exe
|
C:\Windows\system32\msiexec.exe /V
|
||
C:\Program Files (x86)\Sage\eIDSign\Sage.Eb.UniSign.Windows.exe
|
"C:\Program Files (x86)\Sage\eIDSign\Sage.Eb.UniSign.Windows.exe"
|
||
C:\Windows\Installer\MSI1AE.tmp
|
"C:\Windows\Installer\MSI1AE.tmp" im "C:\Program Files (x86)\Sage\eIDSign\\Sage.Eb.UniSign.Windows.Sage-Eb-UniSignWindows.etwManifest.man"
/rf:"C:\Program Files (x86)\Sage\eIDSign\\Sage.Eb.UniSign.Windows.Sage-Eb-UniSignWindows.etwManifest.dll" /mf:"C:\Program
Files (x86)\Sage\eIDSign\\Sage.Eb.UniSign.Windows.Sage-Eb-UniSignWindows.etwManifest.dll"
|
||
C:\Windows\System32\wevtutil.exe
|
"C:\Windows\Installer\MSI1AE.tmp" im "C:\Program Files (x86)\Sage\eIDSign\\Sage.Eb.UniSign.Windows.Sage-Eb-UniSignWindows.etwManifest.man"
/rf:"C:\Program Files (x86)\Sage\eIDSign\\Sage.Eb.UniSign.Windows.Sage-Eb-UniSignWindows.etwManifest.dll" /mf:"C:\Program
Files (x86)\Sage\eIDSign\\Sage.Eb.UniSign.Windows.Sage-Eb-UniSignWindows.etwManifest.dll" /fromwow64
|
||
C:\Program Files (x86)\Sage\eIDSign\Sage.Eb.UniSign.Windows.exe
|
"C:\Program Files (x86)\Sage\eIDSign\Sage.Eb.UniSign.Windows.exe" firefox-addin
|
||
C:\Users\user\Desktop\Sage.Eb.eIDSign.Windows.Installer.exe
|
"C:\Users\user\Desktop\Sage.Eb.eIDSign.Windows.Installer.exe"
|
||
C:\Users\user\AppData\Local\Temp\{C7A8A1A5-6E4B-4B26-BD0A-B5C9FBE8A2D4}\Sage.Eb.eIDSign.Windows.Installer.exe
|
C:\Users\user\AppData\Local\Temp\{C7A8A1A5-6E4B-4B26-BD0A-B5C9FBE8A2D4}\Sage.Eb.eIDSign.Windows.Installer.exe /q"C:\Users\user\Desktop\Sage.Eb.eIDSign.Windows.Installer.exe"
/tempdisk1folder"C:\Users\user\AppData\Local\Temp\{C7A8A1A5-6E4B-4B26-BD0A-B5C9FBE8A2D4}" /IS_temp
|
||
C:\Windows\System32\SgrmBroker.exe
|
C:\Windows\system32\SgrmBroker.exe
|
||
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\system32\MSIEXEC.EXE" /i "C:\Users\user\AppData\Local\Downloaded Installations\{B567D723-533A-4254-ABAB-0B467014446B}\Sage.Eb.eIDSign.Windows.msi"
TRANSFORMS="C:\Users\user\AppData\Local\Downloaded Installations\{B567D723-533A-4254-ABAB-0B467014446B}\1033.MST" SETUPEXEDIR="C:\Users\user\Desktop"
SETUPEXENAME="Sage.Eb.eIDSign.Windows.Installer.exe"
|
||
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding 634E06A54BB5FC4E5F05F278FBCAD869 C
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\SysWOW64\explorer.exe
|
explorer.exe
|
||
C:\Program Files\Windows Defender\MpCmdRun.exe
|
"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 9 hidden processes, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://dev.ditu.live.com/REST/v1/Routes/
|
unknown
|
||
https://dev.virtualearth.net/REST/v1/Routes/Driving
|
unknown
|
||
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
|
unknown
|
||
https://twitter.com/sagespain
|
unknown
|
||
https://dev.virtualearth.net/REST/v1/Routes/Walking
|
unknown
|
||
http://www.installshield.com/isetup/ProErrorCentral.asp?ErrorCode=%d
|
unknown
|
||
https://dev.ditu.live.com/mapcontrol/logging.ashx
|
unknown
|
||
https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
|
unknown
|
||
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
|
unknown
|
||
https://dev.virtualearth.net/REST/v1/Transit/Schedules/
|
unknown
|
||
http://crl.thawte.com/ThawteTimestampingCA.crl0
|
unknown
|
||
https://twitter.com/sagefrance
|
unknown
|
||
http://cacerts.digi
|
unknown
|
||
http://saturn.installshield.com/is/prerequisites/Microsoft
|
unknown
|
||
https://t0.ssl.ak.dynamic
|
unknown
|
||
https://d.sy
|
unknown
|
||
https://t0.ssl.ak.dynamic.tiles.virtuha
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
http://www.flexerasoftware.com0
|
unknown
|
||
http://www.bingmapsportal.com
|
unknown
|
||
https://dev.virtualearth.net/REST/v1/Imagery/Copyright/
|
unknown
|
||
https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
|
unknown
|
||
http://www.sage.comcaRemoveVRoots1ISCHECKFORPRODUCTUPDATESAllUsersApplicationUsersNoAgreeToLicenseCh
|
unknown
|
||
https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
|
unknown
|
||
https://127.0.0.1:48080/UniSign//Tq
|
unknown
|
||
https://t0.s
|
unknown
|
||
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs(e
|
unknown
|
||
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=
|
unknown
|
||
https://dev.ditu.live.com/REST/v1/Transit/Stops/
|
unknown
|
||
http://ocsp.thawte.com0
|
unknown
|
||
https://dev.virtualearth.net/REST/v1/Routes/
|
unknown
|
||
https://dev.virtualearth.net/REST/v1/Traffic/Incidents/
|
unknown
|
||
https://t0.ss
|
unknown
|
||
https://t0.ssl.ak.dynamic.tiles.virtua
|
unknown
|
||
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
|
unknown
|
||
https://dynamic.api.tiles.ditu.live.com/odvs/gri?pv=1&r=
|
unknown
|
||
https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
|
unknown
|
||
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
|
unknown
|
||
https://ecn.dev.virtualearth.net/REST/V1/MapControlConfiguration/native/
|
unknown
|
||
http://www.symauth.com/cps0(
|
unknown
|
||
https://dev.virtualearth.net/REST/v1/Locations
|
unknown
|
||
https://dev.ditu.live.com/REST/V1/MapControlConfiguration/native/
|
unknown
|
||
https://dev.virtualearth.net/mapcontrol/logging.ashx
|
unknown
|
||
http://james.newtonking.com/projects/json
|
unknown
|
||
http://www.newtonsoft.com/jsonschema
|
unknown
|
||
https://plus.google.com/
|
unknown
|
||
https://t0.ssl.ak.dyn
|
unknown
|
||
https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
|
unknown
|
||
https://127.0.0.1:48080/UniSign/
|
unknown
|
||
https://dynamic.t
|
unknown
|
||
https://127.0.0.1
|
unknown
|
||
http://www.symauth.com/rpa00
|
unknown
|
||
https://dev.virtualearth.net/REST/v1/Routes/Transit
|
unknown
|
||
https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
|
unknown
|
||
https://tiles.virtualearth.net/tiles/cmd/StreetSideBubbleMetaData?north=
|
unknown
|
||
http://127.0.0.1:48081/UniSign/
|
unknown
|
||
https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
|
unknown
|
||
http://sv.symcb.co
|
unknown
|
||
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/
|
unknown
|
||
https://dev.ditu.live.com/REST/v1/Locations
|
unknown
|
||
http://www.sage.com
|
unknown
|
||
https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/
|
unknown
|
||
https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
|
unknown
|
There are 53 hidden URLs, click here to show them.
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
|
cval
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A90B05DEF62436E8FD05D53CE1B2CB74ABE8E9FF
|
Blob
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Sage-Eb-UniSignWindows/Admin
|
OwningPublisher
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Sage-Eb-UniSignWindows/Admin
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Sage-Eb-UniSignWindows/Admin
|
Isolation
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Sage-Eb-UniSignWindows/Admin
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Sage-Eb-UniSignWindows/Admin
|
Type
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1
|
https
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1
|
:Range
|
||
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
|
PendingFileRenameOperations
|
||
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Security
|
c688cf83-9945-5ff6-0e1e-1ff1f8a2ec9a
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
|
Blob
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
|
Blob
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer
|
GlobalAssocChangedCounter
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Config.Msi\
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\46f828.rbs
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\46f828.rbsLow
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls
|
C:\Program Files (x86)\Sage\eIDSign\Microsoft.Diagnostics.Tracing.EventSource.dll
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EFD19E51C0F72844E8C5A0438C46044A
|
B12409F9EF5098A408E24B7C905933E5
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls
|
C:\Program Files (x86)\Sage\eIDSign\Microsoft.Practices.EnterpriseLibrary.SemanticLogging.dll
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1963AFF04F8D3B243A499655177A03BC
|
B12409F9EF5098A408E24B7C905933E5
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls
|
C:\Program Files (x86)\Sage\eIDSign\Newtonsoft.Json.dll
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\56AB228366DFD444CA0600E612518D6E
|
B12409F9EF5098A408E24B7C905933E5
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls
|
C:\Program Files (x86)\Sage\eIDSign\Sage.Eb.UniSign.PCL.dll
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\671008639C803CE47A5DCDF00394EC95
|
B12409F9EF5098A408E24B7C905933E5
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls
|
C:\Program Files (x86)\Sage\eIDSign\Sage.Eb.UniSign.Windows.Sage-Eb-UniSignWindows.etwManifest.dll
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DEAF4EB38BCC16340B096B150F2E7555
|
B12409F9EF5098A408E24B7C905933E5
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls
|
C:\Program Files (x86)\Sage\eIDSign\Sage.Eb.UniSign.Windows.exe
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\802BDE3909CCC414992236B835D086B9
|
B12409F9EF5098A408E24B7C905933E5
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls
|
C:\Program Files (x86)\Sage\eIDSign\Security.Cryptography.dll
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6925B6A50CBD80849A6459A5922F935E
|
B12409F9EF5098A408E24B7C905933E5
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls
|
C:\Program Files (x86)\Sage\eIDSign\crypto.dll
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9EC9FD0D94C7F6E4E9A5C96FD99A907C
|
B12409F9EF5098A408E24B7C905933E5
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Program Files (x86)\Sage\eIDSign\
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Program Files (x86)\Sage\
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Windows\Installer\{9F90421B-05FE-4A89-802E-B4C70995335E}\
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage\Sage.Eb.UniSign.Windows\
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage\
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
|
RegOwner
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
|
RegCompany
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
|
ProductID
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
|
LocalPackage
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
|
AuthorizedCDFPrefix
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
|
Comments
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
|
Contact
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
|
DisplayVersion
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
|
HelpLink
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
|
HelpTelephone
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
|
InstallDate
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
|
InstallLocation
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
|
InstallSource
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
|
ModifyPath
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
|
Publisher
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
|
Readme
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
|
Size
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
|
EstimatedSize
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
|
UninstallString
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
|
URLInfoAbout
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
|
URLUpdateInfo
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
|
VersionMajor
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
|
VersionMinor
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
|
WindowsInstaller
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
|
Version
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
|
Language
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F90421B-05FE-4A89-802E-B4C70995335E}
|
AuthorizedCDFPrefix
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F90421B-05FE-4A89-802E-B4C70995335E}
|
Comments
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F90421B-05FE-4A89-802E-B4C70995335E}
|
Contact
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F90421B-05FE-4A89-802E-B4C70995335E}
|
DisplayVersion
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F90421B-05FE-4A89-802E-B4C70995335E}
|
HelpLink
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F90421B-05FE-4A89-802E-B4C70995335E}
|
HelpTelephone
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F90421B-05FE-4A89-802E-B4C70995335E}
|
InstallDate
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F90421B-05FE-4A89-802E-B4C70995335E}
|
InstallLocation
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F90421B-05FE-4A89-802E-B4C70995335E}
|
InstallSource
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F90421B-05FE-4A89-802E-B4C70995335E}
|
ModifyPath
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F90421B-05FE-4A89-802E-B4C70995335E}
|
Publisher
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F90421B-05FE-4A89-802E-B4C70995335E}
|
Readme
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F90421B-05FE-4A89-802E-B4C70995335E}
|
Size
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F90421B-05FE-4A89-802E-B4C70995335E}
|
EstimatedSize
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F90421B-05FE-4A89-802E-B4C70995335E}
|
UninstallString
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F90421B-05FE-4A89-802E-B4C70995335E}
|
URLInfoAbout
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F90421B-05FE-4A89-802E-B4C70995335E}
|
URLUpdateInfo
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F90421B-05FE-4A89-802E-B4C70995335E}
|
VersionMajor
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F90421B-05FE-4A89-802E-B4C70995335E}
|
VersionMinor
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F90421B-05FE-4A89-802E-B4C70995335E}
|
WindowsInstaller
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F90421B-05FE-4A89-802E-B4C70995335E}
|
Version
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F90421B-05FE-4A89-802E-B4C70995335E}
|
Language
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\90E28C57C7BE2164F8DA0E8B34B84756
|
B12409F9EF5098A408E24B7C905933E5
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\InstallProperties
|
DisplayName
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9F90421B-05FE-4A89-802E-B4C70995335E}
|
DisplayName
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Sage|eIDSign|Microsoft.Diagnostics.Tracing.EventSource.dll
|
Microsoft.Diagnostics.Tracing.EventSource,Version="1.1.28.0",PublicKeyToken="B03F5F7F11D50A3A",Culture="neutral",FileVersion="65535.0.0.0",ProcessorArchitecture="MSIL"
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Sage|eIDSign|Microsoft.Practices.EnterpriseLibrary.SemanticLogging.dll
|
Microsoft.Practices.EnterpriseLibrary.SemanticLogging,Version="2.0.0.0",Culture="neutral",FileVersion="65535.0.0.0",ProcessorArchitecture="MSIL"
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Sage|eIDSign|Newtonsoft.Json.dll
|
Newtonsoft.Json,Version="8.0.0.0",PublicKeyToken="30AD4FE6B2A6AEED",Culture="neutral",FileVersion="65535.0.0.0",ProcessorArchitecture="MSIL"
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Sage|eIDSign|Sage.Eb.UniSign.PCL.dll
|
Sage.Eb.UniSign.PCL,Version="2.0.0.0",Culture="neutral",FileVersion="65535.0.0.0",ProcessorArchitecture="MSIL"
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Sage|eIDSign|Sage.Eb.UniSign.Windows.Sage-Eb-UniSignWindows.etwManifest.dll
|
Sage.Eb.UniSign.Windows.Sage-Eb-UniSignWindows.etwManifest,Version="0.0.0.0",Culture="neutral",FileVersion="65535.0.0.0",ProcessorArchitecture="MSIL"
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Sage|eIDSign|Sage.Eb.UniSign.Windows.exe
|
Sage.Eb.UniSign.Windows,Version="2.0.0.0",Culture="neutral",FileVersion="65535.0.0.0",ProcessorArchitecture="MSIL"
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Sage|eIDSign|Security.Cryptography.dll
|
Security.Cryptography,Version="1.7.1.0",Culture="neutral",FileVersion="65535.0.0.0",ProcessorArchitecture="MSIL"
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files (x86)|Sage|eIDSign|crypto.dll
|
crypto,Version="1.8.1.0",PublicKeyToken="0E99375E54769942",Culture="neutral",FileVersion="65535.0.0.0",ProcessorArchitecture="MSIL"
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\B12409F9EF5098A408E24B7C905933E5
|
NSUniSignWindows_Files
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\Features
|
NSUniSignWindows_Files
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B12409F9EF5098A408E24B7C905933E5\Patches
|
AllPatches
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B12409F9EF5098A408E24B7C905933E5
|
ProductName
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B12409F9EF5098A408E24B7C905933E5
|
PackageCode
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B12409F9EF5098A408E24B7C905933E5
|
Language
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B12409F9EF5098A408E24B7C905933E5
|
Version
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B12409F9EF5098A408E24B7C905933E5
|
Transforms
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B12409F9EF5098A408E24B7C905933E5
|
Assignment
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B12409F9EF5098A408E24B7C905933E5
|
AdvertiseFlags
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B12409F9EF5098A408E24B7C905933E5
|
ProductIcon
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B12409F9EF5098A408E24B7C905933E5
|
InstanceType
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B12409F9EF5098A408E24B7C905933E5
|
AuthorizedLUAApp
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B12409F9EF5098A408E24B7C905933E5
|
DeploymentFlags
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\90E28C57C7BE2164F8DA0E8B34B84756
|
B12409F9EF5098A408E24B7C905933E5
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B12409F9EF5098A408E24B7C905933E5\SourceList
|
PackageName
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B12409F9EF5098A408E24B7C905933E5\SourceList\Net
|
1
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B12409F9EF5098A408E24B7C905933E5\SourceList\Media
|
DiskPrompt
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B12409F9EF5098A408E24B7C905933E5\SourceList\Media
|
1
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B12409F9EF5098A408E24B7C905933E5
|
Clients
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B12409F9EF5098A408E24B7C905933E5\SourceList
|
LastUsedSource
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\46f82a.rbs
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\46f82a.rbsLow
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\TempPackages
|
C:\Windows\Installer\46f827.mst
|
||
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings
|
StringCacheGeneration
|
||
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings
|
StringCacheGeneration
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\MY\Certificates\B89EFDA003BB8B8D2F0B257B7E4800964D4D006B
|
Blob
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\MY\Keys\4059DC1CBE5E165CBAD0EA1A63AFB7894911ABAD
|
Blob
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\MY\Certificates\B89EFDA003BB8B8D2F0B257B7E4800964D4D006B
|
Blob
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Sage-Eb-UniSignWindows/Debug
|
OwningPublisher
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Sage-Eb-UniSignWindows/Debug
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Sage-Eb-UniSignWindows/Debug
|
Isolation
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Sage-Eb-UniSignWindows/Debug
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Sage-Eb-UniSignWindows/Debug
|
Type
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Sage-Eb-UniSignWindows/Analytic
|
OwningPublisher
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Sage-Eb-UniSignWindows/Analytic
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Sage-Eb-UniSignWindows/Analytic
|
Isolation
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Sage-Eb-UniSignWindows/Analytic
|
ChannelAccess
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Sage-Eb-UniSignWindows/Analytic
|
Type
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{59a5d327-553f-5b27-9a3b-89b17532dd9d}
|
NULL
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{59a5d327-553f-5b27-9a3b-89b17532dd9d}
|
ResourceFileName
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{59a5d327-553f-5b27-9a3b-89b17532dd9d}
|
MessageFileName
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{59a5d327-553f-5b27-9a3b-89b17532dd9d}\ChannelReferences
|
Count
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{59a5d327-553f-5b27-9a3b-89b17532dd9d}\ChannelReferences\0
|
NULL
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{59a5d327-553f-5b27-9a3b-89b17532dd9d}\ChannelReferences\0
|
Id
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{59a5d327-553f-5b27-9a3b-89b17532dd9d}\ChannelReferences\0
|
Flags
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{59a5d327-553f-5b27-9a3b-89b17532dd9d}\ChannelReferences\1
|
NULL
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{59a5d327-553f-5b27-9a3b-89b17532dd9d}\ChannelReferences\1
|
Id
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{59a5d327-553f-5b27-9a3b-89b17532dd9d}\ChannelReferences\1
|
Flags
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{59a5d327-553f-5b27-9a3b-89b17532dd9d}\ChannelReferences\2
|
NULL
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{59a5d327-553f-5b27-9a3b-89b17532dd9d}\ChannelReferences\2
|
Id
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{59a5d327-553f-5b27-9a3b-89b17532dd9d}\ChannelReferences\2
|
Flags
|
||
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Autologger\EventLog-Application\{59a5d327-553f-5b27-9a3b-89b17532dd9d}
|
Enabled
|
||
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Autologger\EventLog-Application\{59a5d327-553f-5b27-9a3b-89b17532dd9d}
|
EnableLevel
|
||
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Autologger\EventLog-Application\{59a5d327-553f-5b27-9a3b-89b17532dd9d}
|
LoggerName
|
||
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Autologger\EventLog-Application\{59a5d327-553f-5b27-9a3b-89b17532dd9d}
|
MatchAnyKeyword
|
||
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Autologger\EventLog-Application\{59a5d327-553f-5b27-9a3b-89b17532dd9d}
|
MatchAllKeyword
|
||
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Autologger\EventLog-Application\{59a5d327-553f-5b27-9a3b-89b17532dd9d}
|
EnableProperty
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{59a5d327-553f-5b27-9a3b-89b17532dd9d}\ChannelReferences
|
Count
|
||
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\21\417C44EB
|
@%SystemRoot%\system32\dnsapi.dll,-103
|
||
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\21\417C44EB
|
@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124
|
There are 151 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
3E7E000
|
stack
|
page read and write
|
||
1BA8DDB0000
|
remote allocation
|
page read and write
|
||
80E000
|
heap
|
page read and write
|
||
650000
|
heap
|
page read and write
|
||
1DC18881000
|
heap
|
page read and write
|
||
7BB000
|
heap
|
page read and write
|
||
79E000
|
heap
|
page read and write
|
||
62A6F76000
|
stack
|
page read and write
|
||
5F5467E000
|
stack
|
page read and write
|
||
7C5000
|
heap
|
page read and write
|
||
F4D000
|
trusted library allocation
|
page execute and read and write
|
||
1092000
|
trusted library allocation
|
page read and write
|
||
1BA8DDB0000
|
remote allocation
|
page read and write
|
||
93E000
|
stack
|
page read and write
|
||
2850000
|
heap
|
page read and write
|
||
22249202000
|
trusted library allocation
|
page read and write
|
||
1DC18861000
|
heap
|
page read and write
|
||
711F9FE000
|
stack
|
page read and write
|
||
51D2000
|
unkown
|
page readonly
|
||
4D8E000
|
stack
|
page read and write
|
||
7AA000
|
heap
|
page read and write
|
||
F50000
|
trusted library allocation
|
page read and write
|
||
788000
|
heap
|
page read and write
|
||
79E000
|
heap
|
page read and write
|
||
77A000
|
heap
|
page read and write
|
||
7B8000
|
heap
|
page read and write
|
||
A90000
|
heap
|
page read and write
|
||
7AA000
|
heap
|
page read and write
|
||
222489F0000
|
trusted library allocation
|
page read and write
|
||
7B7000
|
heap
|
page read and write
|
||
7D2000
|
heap
|
page read and write
|
||
7A1000
|
heap
|
page read and write
|
||
5F53E7E000
|
unkown
|
page readonly
|
||
ACD000
|
heap
|
page read and write
|
||
21A9E2F0000
|
heap
|
page read and write
|
||
781000
|
heap
|
page read and write
|
||
7E1000
|
heap
|
page read and write
|
||
7B6000
|
heap
|
page read and write
|
||
1A519B02000
|
heap
|
page read and write
|
||
7AE000
|
heap
|
page read and write
|
||
B5A000
|
heap
|
page read and write
|
||
1DC1886B000
|
heap
|
page read and write
|
||
21A9E9E4000
|
heap
|
page read and write
|
||
D40000
|
heap
|
page read and write
|
||
7AC000
|
heap
|
page read and write
|
||
711FAFD000
|
stack
|
page read and write
|
||
37ED000
|
stack
|
page read and write
|
||
1DC18750000
|
heap
|
page read and write
|
||
21B000
|
unkown
|
page readonly
|
||
52B0000
|
heap
|
page execute and read and write
|
||
AF8000
|
stack
|
page read and write
|
||
4B0C000
|
stack
|
page read and write
|
||
7B3000
|
heap
|
page read and write
|
||
79C000
|
heap
|
page read and write
|
||
778000
|
heap
|
page read and write
|
||
4D3407E000
|
stack
|
page read and write
|
||
2A80000
|
trusted library allocation
|
page read and write
|
||
1DC18870000
|
heap
|
page read and write
|
||
F75000
|
trusted library allocation
|
page execute and read and write
|
||
E5D000
|
trusted library allocation
|
page execute and read and write
|
||
77E000
|
heap
|
page read and write
|
||
77E000
|
heap
|
page read and write
|
||
535000
|
unkown
|
page read and write
|
||
77B000
|
heap
|
page read and write
|
||
7BD000
|
heap
|
page read and write
|
||
21A9E9BA000
|
heap
|
page read and write
|
||
62A737E000
|
stack
|
page read and write
|
||
297E000
|
stack
|
page read and write
|
||
809000
|
heap
|
page read and write
|
||
79A000
|
heap
|
page read and write
|
||
22248A13000
|
heap
|
page read and write
|
||
1BA8C3E0000
|
trusted library allocation
|
page read and write
|
||
7A1000
|
heap
|
page read and write
|
||
7AD000
|
heap
|
page read and write
|
||
1BA8C500000
|
heap
|
page read and write
|
||
5554000
|
heap
|
page read and write
|
||
7CB000
|
heap
|
page read and write
|
||
1BA8C3C0000
|
trusted library allocation
|
page read and write
|
||
E60000
|
trusted library allocation
|
page read and write
|
||
7B3000
|
heap
|
page read and write
|
||
7C0000
|
heap
|
page read and write
|
||
776000
|
heap
|
page read and write
|
||
1DC18825000
|
heap
|
page read and write
|
||
1DC18670000
|
heap
|
page read and write
|
||
5F539DB000
|
stack
|
page read and write
|
||
1BA8C48D000
|
heap
|
page read and write
|
||
2B15000
|
trusted library allocation
|
page read and write
|
||
1BA8C400000
|
heap
|
page read and write
|
||
4D342FE000
|
unkown
|
page readonly
|
||
1BA8C502000
|
heap
|
page read and write
|
||
7A8000
|
heap
|
page read and write
|
||
78F000
|
heap
|
page read and write
|
||
1BA8C390000
|
heap
|
page read and write
|
||
1A519A81000
|
heap
|
page read and write
|
||
7D2000
|
heap
|
page read and write
|
||
1BA8C2B0000
|
heap
|
page read and write
|
||
7BA000
|
heap
|
page read and write
|
||
792000
|
heap
|
page read and write
|
||
21A9E9F7000
|
heap
|
page read and write
|
||
109B000
|
trusted library allocation
|
page execute and read and write
|
||
7A8000
|
heap
|
page read and write
|
||
1DC1884D000
|
heap
|
page read and write
|
||
798000
|
heap
|
page read and write
|
||
A70000
|
heap
|
page read and write
|
||
7AA000
|
heap
|
page read and write
|
||
2360000
|
heap
|
page read and write
|
||
696000
|
heap
|
page read and write
|
||
77E000
|
heap
|
page read and write
|
||
B7E000
|
stack
|
page read and write
|
||
7D2000
|
heap
|
page read and write
|
||
7E0000
|
heap
|
page read and write
|
||
21A9E3F0000
|
heap
|
page read and write
|
||
733C5FE000
|
stack
|
page read and write
|
||
21A9E9F7000
|
heap
|
page read and write
|
||
7B7000
|
heap
|
page read and write
|
||
590000
|
heap
|
page read and write
|
||
7A4000
|
heap
|
page read and write
|
||
21A9E9B7000
|
heap
|
page read and write
|
||
5F53CFE000
|
stack
|
page read and write
|
||
21A9E9E5000
|
heap
|
page read and write
|
||
22248A00000
|
heap
|
page read and write
|
||
1A519A65000
|
heap
|
page read and write
|
||
21A9E9DA000
|
heap
|
page read and write
|
||
2ADE000
|
stack
|
page read and write
|
||
E0E000
|
stack
|
page read and write
|
||
1400000
|
trusted library allocation
|
page read and write
|
||
1A519A4C000
|
heap
|
page read and write
|
||
21A9E9CC000
|
heap
|
page read and write
|
||
78E000
|
heap
|
page read and write
|
||
79C000
|
heap
|
page read and write
|
||
2860000
|
heap
|
page read and write
|
||
3C03000
|
heap
|
page execute and read and write
|
||
510000
|
unkown
|
page readonly
|
||
E4E000
|
stack
|
page read and write
|
||
7B2000
|
heap
|
page read and write
|
||
7B5000
|
heap
|
page read and write
|
||
50B0000
|
unkown
|
page readonly
|
||
14B0000
|
trusted library allocation
|
page read and write
|
||
7DA000
|
heap
|
page read and write
|
||
7C5000
|
heap
|
page read and write
|
||
5CC000
|
stack
|
page read and write
|
||
5C10000
|
heap
|
page read and write
|
||
6DE000
|
stack
|
page read and write
|
||
9FE000
|
stack
|
page read and write
|
||
22248A48000
|
heap
|
page read and write
|
||
77D000
|
heap
|
page read and write
|
||
21A9E30C000
|
heap
|
page read and write
|
||
7EC000
|
stack
|
page read and write
|
||
788000
|
heap
|
page read and write
|
||
7B1000
|
heap
|
page read and write
|
||
199000
|
stack
|
page read and write
|
||
1DC1885E000
|
heap
|
page read and write
|
||
1F1000
|
unkown
|
page execute read
|
||
1A519A0B000
|
heap
|
page read and write
|
||
5102000
|
unkown
|
page readonly
|
||
78F000
|
heap
|
page read and write
|
||
1DC18833000
|
heap
|
page read and write
|
||
5570000
|
heap
|
page read and write
|
||
1DC18848000
|
heap
|
page read and write
|
||
793000
|
heap
|
page read and write
|
||
7B7000
|
heap
|
page read and write
|
||
5081000
|
trusted library allocation
|
page read and write
|
||
531000
|
unkown
|
page write copy
|
||
21A9E9BB000
|
heap
|
page read and write
|
||
78E000
|
heap
|
page read and write
|
||
62A727E000
|
unkown
|
page readonly
|
||
7F4000
|
heap
|
page read and write
|
||
5F5477E000
|
unkown
|
page readonly
|
||
781000
|
heap
|
page read and write
|
||
7A5000
|
heap
|
page read and write
|
||
7C3000
|
heap
|
page read and write
|
||
F7B000
|
trusted library allocation
|
page execute and read and write
|
||
7E0000
|
heap
|
page read and write
|
||
7B2000
|
heap
|
page read and write
|
||
2840000
|
heap
|
page read and write
|
||
7A2000
|
heap
|
page read and write
|
||
21A9E9CE000
|
heap
|
page read and write
|
||
1DC18780000
|
trusted library allocation
|
page read and write
|
||
7E5000
|
heap
|
page read and write
|
||
2C6E000
|
stack
|
page read and write
|
||
78E000
|
heap
|
page read and write
|
||
29EA000
|
heap
|
page read and write
|
||
5F5457E000
|
unkown
|
page readonly
|
||
7A8000
|
heap
|
page read and write
|
||
7BD000
|
heap
|
page read and write
|
||
1DC18827000
|
heap
|
page read and write
|
||
21A9E9E0000
|
heap
|
page read and write
|
||
1A519A00000
|
heap
|
page read and write
|
||
7D4000
|
heap
|
page read and write
|
||
78E000
|
heap
|
page read and write
|
||
22248A37000
|
heap
|
page read and write
|
||
7ED000
|
heap
|
page read and write
|
||
1DC18650000
|
heap
|
page read and write
|
||
62A767E000
|
unkown
|
page readonly
|
||
797000
|
heap
|
page read and write
|
||
7A7000
|
heap
|
page read and write
|
||
7F6000
|
heap
|
page read and write
|
||
10B0000
|
trusted library allocation
|
page read and write
|
||
A3F000
|
stack
|
page read and write
|
||
21A9E9B0000
|
heap
|
page read and write
|
||
F72000
|
trusted library allocation
|
page read and write
|
||
4013000
|
heap
|
page read and write
|
||
1A5199D0000
|
trusted library allocation
|
page read and write
|
||
4ECE000
|
stack
|
page read and write
|
||
7A4000
|
heap
|
page read and write
|
||
77B000
|
heap
|
page read and write
|
||
21A9E9EA000
|
heap
|
page read and write
|
||
788000
|
heap
|
page read and write
|
||
7AC000
|
heap
|
page read and write
|
||
7A6000
|
heap
|
page read and write
|
||
5138000
|
trusted library allocation
|
page read and write
|
||
3658000
|
trusted library allocation
|
page read and write
|
||
21A9E9C8000
|
heap
|
page read and write
|
||
78E000
|
heap
|
page read and write
|
||
655000
|
heap
|
page read and write
|
||
7F0000
|
heap
|
page read and write
|
||
1BA8C413000
|
heap
|
page read and write
|
||
1BA8C513000
|
heap
|
page read and write
|
||
7AF000
|
heap
|
page read and write
|
||
7A6000
|
heap
|
page read and write
|
||
4D33EFD000
|
stack
|
page read and write
|
||
7BD000
|
heap
|
page read and write
|
||
7A4000
|
heap
|
page read and write
|
||
79E000
|
heap
|
page read and write
|
||
7A3000
|
heap
|
page read and write
|
||
2A90000
|
heap
|
page read and write
|
||
2B5F000
|
stack
|
page read and write
|
||
1BA8C528000
|
heap
|
page read and write
|
||
3C77000
|
trusted library allocation
|
page read and write
|
||
F5D000
|
trusted library allocation
|
page execute and read and write
|
||
7F0000
|
heap
|
page read and write
|
||
2CA2000
|
trusted library allocation
|
page read and write
|
||
19A000
|
stack
|
page read and write
|
||
217000
|
unkown
|
page write copy
|
||
F60000
|
trusted library allocation
|
page read and write
|
||
4D336FD000
|
stack
|
page read and write
|
||
21A9E9B5000
|
heap
|
page read and write
|
||
1A51A200000
|
heap
|
page read and write
|
||
794000
|
heap
|
page read and write
|
||
7E9000
|
heap
|
page read and write
|
||
1DC18841000
|
heap
|
page read and write
|
||
1130000
|
heap
|
page read and write
|
||
7B0000
|
heap
|
page read and write
|
||
781000
|
heap
|
page read and write
|
||
29E0000
|
heap
|
page read and write
|
||
51D0000
|
unkown
|
page readonly
|
||
2550000
|
heap
|
page read and write
|
||
259D000
|
stack
|
page read and write
|
||
D8F000
|
heap
|
page read and write
|
||
CD8000
|
heap
|
page read and write
|
||
1DC18868000
|
heap
|
page read and write
|
||
77F000
|
heap
|
page read and write
|
||
61E000
|
stack
|
page read and write
|
||
711FCFE000
|
stack
|
page read and write
|
||
21A9E9E4000
|
heap
|
page read and write
|
||
21A9E9D3000
|
heap
|
page read and write
|
||
5F5437E000
|
unkown
|
page readonly
|
||
79B000
|
heap
|
page read and write
|
||
7D7000
|
heap
|
page read and write
|
||
740000
|
heap
|
page read and write
|
||
772000
|
heap
|
page read and write
|
||
21A9E490000
|
heap
|
page read and write
|
||
E54000
|
trusted library allocation
|
page read and write
|
||
21A9E320000
|
heap
|
page read and write
|
||
7A7000
|
heap
|
page read and write
|
||
7A2000
|
heap
|
page read and write
|
||
807000
|
heap
|
page read and write
|
||
7D3000
|
heap
|
page read and write
|
||
1540000
|
heap
|
page execute and read and write
|
||
21A9E9F9000
|
heap
|
page read and write
|
||
E6D000
|
trusted library allocation
|
page execute and read and write
|
||
21A9E9B4000
|
heap
|
page read and write
|
||
1120000
|
trusted library allocation
|
page read and write
|
||
21A9E9B7000
|
heap
|
page read and write
|
||
E50000
|
trusted library allocation
|
page read and write
|
||
21A9E311000
|
heap
|
page read and write
|
||
1DC1885B000
|
heap
|
page read and write
|
||
5130000
|
trusted library allocation
|
page read and write
|
||
222489B0000
|
heap
|
page read and write
|
||
77E000
|
heap
|
page read and write
|
||
4D33FFE000
|
unkown
|
page readonly
|
||
5128000
|
unkown
|
page readonly
|
||
218000
|
unkown
|
page readonly
|
||
7B7000
|
heap
|
page read and write
|
||
F66000
|
trusted library allocation
|
page execute and read and write
|
||
21A9E9CE000
|
heap
|
page read and write
|
||
21A9E9D5000
|
heap
|
page read and write
|
||
78E000
|
heap
|
page read and write
|
||
1DC18844000
|
heap
|
page read and write
|
||
7FC000
|
heap
|
page read and write
|
||
7D3000
|
heap
|
page read and write
|
||
E70000
|
trusted library allocation
|
page read and write
|
||
7A0000
|
heap
|
page read and write
|
||
1A5198A0000
|
heap
|
page read and write
|
||
7CA000
|
heap
|
page read and write
|
||
4D3307B000
|
stack
|
page read and write
|
||
50D0000
|
trusted library allocation
|
page read and write
|
||
7F0000
|
heap
|
page read and write
|
||
778000
|
heap
|
page read and write
|
||
1A519A2B000
|
heap
|
page read and write
|
||
5F53DFE000
|
stack
|
page read and write
|
||
7D1000
|
heap
|
page read and write
|
||
7F8000
|
heap
|
page read and write
|
||
797000
|
heap
|
page read and write
|
||
29EE000
|
heap
|
page read and write
|
||
1DC1889D000
|
heap
|
page read and write
|
||
7BF000
|
heap
|
page read and write
|
||
22248990000
|
heap
|
page read and write
|
||
78E000
|
heap
|
page read and write
|
||
778000
|
heap
|
page read and write
|
||
7A8000
|
heap
|
page read and write
|
||
790000
|
heap
|
page read and write
|
||
5134000
|
trusted library allocation
|
page read and write
|
||
7F6000
|
heap
|
page read and write
|
||
74C000
|
heap
|
page read and write
|
||
E76000
|
trusted library allocation
|
page execute and read and write
|
||
1110000
|
trusted library allocation
|
page read and write
|
||
21A9E9E4000
|
heap
|
page read and write
|
||
21A9E9BA000
|
heap
|
page read and write
|
||
7FA000
|
heap
|
page read and write
|
||
4970000
|
trusted library allocation
|
page execute and read and write
|
||
7C5000
|
heap
|
page read and write
|
||
788000
|
heap
|
page read and write
|
||
7AA000
|
heap
|
page read and write
|
||
AFF000
|
stack
|
page read and write
|
||
1BA8DDB0000
|
remote allocation
|
page read and write
|
||
79F000
|
heap
|
page read and write
|
||
54CB000
|
stack
|
page read and write
|
||
21A9E9F0000
|
heap
|
page read and write
|
||
1DC188A8000
|
heap
|
page read and write
|
||
7E3000
|
heap
|
page read and write
|
||
21A9E9BA000
|
heap
|
page read and write
|
||
779000
|
heap
|
page read and write
|
||
5F53D7E000
|
unkown
|
page readonly
|
||
78E000
|
heap
|
page read and write
|
||
1505000
|
trusted library allocation
|
page read and write
|
||
793000
|
heap
|
page read and write
|
||
21A9E2F9000
|
heap
|
page read and write
|
||
7AC000
|
heap
|
page read and write
|
||
1DC1886E000
|
heap
|
page read and write
|
||
1DC188A4000
|
heap
|
page read and write
|
||
792000
|
heap
|
page read and write
|
||
788000
|
heap
|
page read and write
|
||
7A0000
|
heap
|
page read and write
|
||
21A9E9B2000
|
heap
|
page read and write
|
||
789000
|
heap
|
page read and write
|
||
23E0000
|
heap
|
page read and write
|
||
78F000
|
heap
|
page read and write
|
||
7CE000
|
heap
|
page read and write
|
||
21A9E9F7000
|
heap
|
page read and write
|
||
535000
|
unkown
|
page read and write
|
||
3C66000
|
trusted library allocation
|
page read and write
|
||
7A8000
|
heap
|
page read and write
|
||
7D4000
|
heap
|
page read and write
|
||
590000
|
heap
|
page read and write
|
||
4D33CFE000
|
stack
|
page read and write
|
||
21A9E2D0000
|
heap
|
page read and write
|
||
1BA8C402000
|
heap
|
page read and write
|
||
7BA000
|
heap
|
page read and write
|
||
78E000
|
heap
|
page read and write
|
||
4D33AFE000
|
unkown
|
page readonly
|
||
1A519A83000
|
heap
|
page read and write
|
||
62A717B000
|
stack
|
page read and write
|
||
7BA000
|
heap
|
page read and write
|
||
78E000
|
heap
|
page read and write
|
||
21A9E9DE000
|
heap
|
page read and write
|
||
21A9E440000
|
heap
|
page read and write
|
||
1DC1888F000
|
heap
|
page read and write
|
||
3C60000
|
trusted library allocation
|
page read and write
|
||
7BD000
|
heap
|
page read and write
|
||
79C000
|
heap
|
page read and write
|
||
7A7000
|
heap
|
page read and write
|
||
7B4000
|
heap
|
page read and write
|
||
7E1000
|
heap
|
page read and write
|
||
4D341FE000
|
stack
|
page read and write
|
||
2661000
|
trusted library allocation
|
page read and write
|
||
7C6000
|
heap
|
page read and write
|
||
50C2000
|
unkown
|
page readonly
|
||
401000
|
unkown
|
page execute read
|
||
798000
|
heap
|
page read and write
|
||
7C7000
|
heap
|
page read and write
|
||
3C79000
|
trusted library allocation
|
page read and write
|
||
7A7000
|
heap
|
page read and write
|
||
7BF000
|
heap
|
page read and write
|
||
5F5427E000
|
stack
|
page read and write
|
||
78E000
|
heap
|
page read and write
|
||
2B20000
|
trusted library allocation
|
page read and write
|
||
512000
|
unkown
|
page readonly
|
||
7B8000
|
heap
|
page read and write
|
||
7D2000
|
heap
|
page read and write
|
||
778000
|
heap
|
page read and write
|
||
794000
|
heap
|
page read and write
|
||
9A000
|
stack
|
page read and write
|
||
1A519B13000
|
heap
|
page read and write
|
||
179B000
|
trusted library allocation
|
page read and write
|
||
792000
|
heap
|
page read and write
|
||
50B2000
|
unkown
|
page readonly
|
||
7B0000
|
heap
|
page read and write
|
||
7E2000
|
heap
|
page read and write
|
||
7B9000
|
heap
|
page read and write
|
||
4EF000
|
unkown
|
page readonly
|
||
790000
|
heap
|
page read and write
|
||
762000
|
heap
|
page read and write
|
||
4FCE000
|
stack
|
page read and write
|
||
53C000
|
unkown
|
page readonly
|
||
D07000
|
heap
|
page read and write
|
||
4D33A7D000
|
stack
|
page read and write
|
||
2C00000
|
heap
|
page read and write
|
||
1F0000
|
unkown
|
page readonly
|
||
BFF000
|
stack
|
page read and write
|
||
7A2000
|
heap
|
page read and write
|
||
CD0000
|
heap
|
page read and write
|
||
79B000
|
heap
|
page read and write
|
||
22248A02000
|
heap
|
page read and write
|
||
7C5000
|
heap
|
page read and write
|
||
3BE0000
|
trusted library allocation
|
page read and write
|
||
E7A000
|
trusted library allocation
|
page execute and read and write
|
||
10FE000
|
stack
|
page read and write
|
||
1651000
|
trusted library allocation
|
page read and write
|
||
531000
|
unkown
|
page read and write
|
||
8F8000
|
stack
|
page read and write
|
||
21A9E1F0000
|
heap
|
page read and write
|
||
783000
|
heap
|
page read and write
|
||
1DC19002000
|
trusted library allocation
|
page read and write
|
||
544E000
|
stack
|
page read and write
|
||
7AA000
|
heap
|
page read and write
|
||
22248A50000
|
heap
|
page read and write
|
||
1BA8C440000
|
heap
|
page read and write
|
||
E53000
|
trusted library allocation
|
page execute and read and write
|
||
F62000
|
trusted library allocation
|
page read and write
|
||
7FB000
|
heap
|
page read and write
|
||
3FC6000
|
heap
|
page read and write
|
||
778000
|
heap
|
page read and write
|
||
711F87C000
|
stack
|
page read and write
|
||
5F5447E000
|
stack
|
page read and write
|
||
7C4000
|
heap
|
page read and write
|
||
D20000
|
heap
|
page read and write
|
||
1516000
|
trusted library allocation
|
page read and write
|
||
7CA000
|
heap
|
page read and write
|
||
2651000
|
trusted library allocation
|
page read and write
|
||
A9A000
|
heap
|
page read and write
|
||
5020000
|
trusted library allocation
|
page read and write
|
||
796000
|
heap
|
page read and write
|
||
76C000
|
heap
|
page read and write
|
||
7A0000
|
heap
|
page read and write
|
||
7DE000
|
heap
|
page read and write
|
||
5010000
|
heap
|
page execute and read and write
|
||
1DC1886D000
|
heap
|
page read and write
|
||
164E000
|
stack
|
page read and write
|
||
7F2000
|
heap
|
page read and write
|
||
21A9E9D1000
|
heap
|
page read and write
|
||
F77000
|
trusted library allocation
|
page execute and read and write
|
||
7AC000
|
heap
|
page read and write
|
||
77E000
|
heap
|
page read and write
|
||
733C4FE000
|
stack
|
page read and write
|
||
779000
|
heap
|
page read and write
|
||
52C0000
|
unkown
|
page readonly
|
||
21A9E9CB000
|
heap
|
page read and write
|
||
7A6000
|
heap
|
page read and write
|
||
CC0000
|
trusted library allocation
|
page read and write
|
||
78E000
|
heap
|
page read and write
|
||
22248A5A000
|
heap
|
page read and write
|
||
3B7F000
|
trusted library allocation
|
page read and write
|
||
930000
|
heap
|
page read and write
|
||
7A0000
|
heap
|
page read and write
|
||
2C71000
|
trusted library allocation
|
page read and write
|
||
25DD000
|
stack
|
page read and write
|
||
62A68EB000
|
stack
|
page read and write
|
||
F6A000
|
trusted library allocation
|
page execute and read and write
|
||
690000
|
heap
|
page read and write
|
||
77E000
|
heap
|
page read and write
|
||
50DE000
|
stack
|
page read and write
|
||
22248A16000
|
heap
|
page read and write
|
||
796000
|
heap
|
page read and write
|
||
7AE000
|
heap
|
page read and write
|
||
7AA000
|
heap
|
page read and write
|
||
52C2000
|
unkown
|
page readonly
|
||
2B60000
|
heap
|
page execute and read and write
|
||
4D337FE000
|
unkown
|
page readonly
|
||
401C000
|
heap
|
page read and write
|
||
55CF000
|
stack
|
page read and write
|
||
1BA8C461000
|
heap
|
page read and write
|
||
21A9E9D9000
|
heap
|
page read and write
|
||
7CF000
|
heap
|
page read and write
|
||
792000
|
heap
|
page read and write
|
||
4D4E000
|
stack
|
page read and write
|
||
7FA000
|
heap
|
page read and write
|
||
798000
|
heap
|
page read and write
|
||
791000
|
heap
|
page read and write
|
||
733C57E000
|
stack
|
page read and write
|
||
56D000
|
unkown
|
page readonly
|
||
7B8000
|
heap
|
page read and write
|
||
7AA000
|
heap
|
page read and write
|
||
778000
|
heap
|
page read and write
|
||
7D1000
|
heap
|
page read and write
|
||
7A7000
|
heap
|
page read and write
|
||
4950000
|
trusted library allocation
|
page execute and read and write
|
||
1DC18859000
|
heap
|
page read and write
|
||
7C8000
|
heap
|
page read and write
|
||
7AE000
|
heap
|
page read and write
|
||
7A4000
|
heap
|
page read and write
|
||
792000
|
heap
|
page read and write
|
||
1A519A8D000
|
heap
|
page read and write
|
||
7BD000
|
heap
|
page read and write
|
||
779000
|
heap
|
page read and write
|
||
1A519A94000
|
heap
|
page read and write
|
||
77B000
|
heap
|
page read and write
|
||
7A4000
|
heap
|
page read and write
|
||
21A9E9DD000
|
heap
|
page read and write
|
||
1136000
|
heap
|
page read and write
|
||
62A757E000
|
stack
|
page read and write
|
||
79B000
|
heap
|
page read and write
|
||
2AEE000
|
trusted library allocation
|
page read and write
|
||
21A9E316000
|
heap
|
page read and write
|
||
790000
|
heap
|
page read and write
|
||
79E000
|
heap
|
page read and write
|
||
1DC1886C000
|
heap
|
page read and write
|
||
78E000
|
heap
|
page read and write
|
||
1BA8C517000
|
heap
|
page read and write
|
||
21A9E9D9000
|
heap
|
page read and write
|
||
108E000
|
stack
|
page read and write
|
||
7A3000
|
heap
|
page read and write
|
||
7CB000
|
heap
|
page read and write
|
||
7B7000
|
heap
|
page read and write
|
||
4E8E000
|
stack
|
page read and write
|
||
780000
|
heap
|
page read and write
|
||
53B000
|
unkown
|
page readonly
|
||
4910000
|
trusted library allocation
|
page read and write
|
||
5550000
|
heap
|
page read and write
|
||
7D3000
|
heap
|
page read and write
|
||
1A51A215000
|
heap
|
page read and write
|
||
80B000
|
heap
|
page read and write
|
||
D45000
|
heap
|
page read and write
|
||
1DC18857000
|
heap
|
page read and write
|
||
4D3337D000
|
stack
|
page read and write
|
||
3C00000
|
heap
|
page execute and read and write
|
||
4D33BFE000
|
unkown
|
page readonly
|
||
A9E000
|
heap
|
page read and write
|
||
7A2000
|
heap
|
page read and write
|
||
144E000
|
stack
|
page read and write
|
||
7EC000
|
heap
|
page read and write
|
||
7BD000
|
heap
|
page read and write
|
||
21A9E9C7000
|
heap
|
page read and write
|
||
A20000
|
heap
|
page read and write
|
||
21A9E9E8000
|
heap
|
page read and write
|
||
77B000
|
heap
|
page read and write
|
||
7D0000
|
heap
|
page read and write
|
||
3FD0000
|
heap
|
page read and write
|
||
7FC000
|
heap
|
page read and write
|
||
21A9E9FE000
|
heap
|
page read and write
|
||
1DC1885D000
|
heap
|
page read and write
|
||
733C47B000
|
stack
|
page read and write
|
||
1BA8C290000
|
heap
|
page read and write
|
||
1687000
|
trusted library allocation
|
page read and write
|
||
3FC0000
|
heap
|
page read and write
|
||
7DC000
|
heap
|
page read and write
|
||
1DC1884B000
|
heap
|
page read and write
|
||
79F000
|
heap
|
page read and write
|
||
F40000
|
trusted library allocation
|
page read and write
|
||
1BA8DE02000
|
trusted library allocation
|
page read and write
|
||
780000
|
heap
|
page read and write
|
||
76E000
|
stack
|
page read and write
|
||
7F0000
|
heap
|
page read and write
|
||
14A0000
|
heap
|
page read and write
|
||
77A000
|
heap
|
page read and write
|
||
1BA8C490000
|
heap
|
page read and write
|
||
1490000
|
trusted library allocation
|
page execute and read and write
|
||
77F000
|
heap
|
page read and write
|
||
A7E000
|
stack
|
page read and write
|
||
75F000
|
heap
|
page read and write
|
||
7CA000
|
heap
|
page read and write
|
||
1DC1885F000
|
heap
|
page read and write
|
||
1A519A13000
|
heap
|
page read and write
|
||
7C0000
|
heap
|
page read and write
|
||
1097000
|
trusted library allocation
|
page execute and read and write
|
||
7D2000
|
heap
|
page read and write
|
||
80B000
|
heap
|
page read and write
|
||
7B8000
|
heap
|
page read and write
|
||
1DC18851000
|
heap
|
page read and write
|
||
7A7000
|
heap
|
page read and write
|
||
53CA000
|
unkown
|
page readonly
|
||
F80000
|
heap
|
page read and write
|
||
5DE000
|
stack
|
page read and write
|
||
5100000
|
unkown
|
page readonly
|
||
7D7000
|
heap
|
page read and write
|
||
3C6F000
|
trusted library allocation
|
page read and write
|
||
217000
|
unkown
|
page read and write
|
||
1BA8C45F000
|
heap
|
page read and write
|
||
7A4000
|
heap
|
page read and write
|
||
AC0000
|
heap
|
page read and write
|
||
7A3000
|
heap
|
page read and write
|
||
1090000
|
trusted library allocation
|
page read and write
|
||
1DC18831000
|
heap
|
page read and write
|
||
57D000
|
unkown
|
page readonly
|
||
1A5199A0000
|
heap
|
page read and write
|
||
3B70000
|
trusted library allocation
|
page read and write
|
||
1510000
|
trusted library allocation
|
page read and write
|
||
7D8000
|
heap
|
page read and write
|
||
79A000
|
heap
|
page read and write
|
||
50F0000
|
trusted library allocation
|
page read and write
|
||
4D338FE000
|
stack
|
page read and write
|
||
1DC1885A000
|
heap
|
page read and write
|
||
670000
|
heap
|
page read and write
|
||
1A519A7C000
|
heap
|
page read and write
|
||
7F0000
|
heap
|
page read and write
|
||
7BD000
|
heap
|
page read and write
|
||
7A6000
|
heap
|
page read and write
|
||
2553000
|
heap
|
page read and write
|
||
21A9E495000
|
heap
|
page read and write
|
||
3B90000
|
trusted library allocation
|
page read and write
|
||
1A519A40000
|
heap
|
page read and write
|
||
1A519B00000
|
heap
|
page read and write
|
||
77E000
|
heap
|
page read and write
|
||
79A000
|
heap
|
page read and write
|
||
7DA000
|
heap
|
page read and write
|
||
7AC000
|
heap
|
page read and write
|
||
77E000
|
heap
|
page read and write
|
||
4D339FE000
|
unkown
|
page readonly
|
||
2B1E000
|
stack
|
page read and write
|
||
781000
|
heap
|
page read and write
|
||
22248B02000
|
heap
|
page read and write
|
||
21A9E9DE000
|
heap
|
page read and write
|
||
21A9E9EF000
|
heap
|
page read and write
|
||
123F000
|
stack
|
page read and write
|
||
7AC000
|
heap
|
page read and write
|
||
23CD000
|
heap
|
page read and write
|
||
1DC1884F000
|
heap
|
page read and write
|
||
1DC18813000
|
heap
|
page read and write
|
||
79C000
|
heap
|
page read and write
|
||
B80000
|
heap
|
page read and write
|
||
3B7A000
|
trusted library allocation
|
page read and write
|
||
21A9E9ED000
|
heap
|
page read and write
|
||
522E000
|
stack
|
page read and write
|
||
7B8000
|
heap
|
page read and write
|
||
7C6000
|
heap
|
page read and write
|
||
7F6000
|
heap
|
page read and write
|
||
4EF000
|
unkown
|
page readonly
|
||
1DC1888D000
|
heap
|
page read and write
|
||
1DC18800000
|
heap
|
page read and write
|
||
7D3000
|
heap
|
page read and write
|
||
3C71000
|
trusted library allocation
|
page read and write
|
||
1514000
|
trusted library allocation
|
page read and write
|
||
F8E000
|
stack
|
page read and write
|
||
780000
|
heap
|
page read and write
|
||
7BD000
|
heap
|
page read and write
|
||
2A86000
|
trusted library allocation
|
page read and write
|
||
1100000
|
trusted library allocation
|
page execute and read and write
|
||
3CDE000
|
stack
|
page read and write
|
||
7B6000
|
heap
|
page read and write
|
||
7C5000
|
heap
|
page read and write
|
||
B60000
|
heap
|
page read and write
|
||
21A9E9B3000
|
heap
|
page read and write
|
||
78E000
|
heap
|
page read and write
|
||
1A519A39000
|
heap
|
page read and write
|
||
222489C0000
|
heap
|
page read and write
|
||
1A5198C0000
|
heap
|
page read and write
|
||
1BA8C42B000
|
heap
|
page read and write
|
||
77B000
|
heap
|
page read and write
|
||
F44000
|
trusted library allocation
|
page read and write
|
||
7BD000
|
heap
|
page read and write
|
||
1DC1883A000
|
heap
|
page read and write
|
||
21A9E9E2000
|
heap
|
page read and write
|
||
537000
|
unkown
|
page read and write
|
||
511E000
|
stack
|
page read and write
|
||
3CE0000
|
trusted library allocation
|
page read and write
|
||
9B000
|
stack
|
page read and write
|
||
7AA000
|
heap
|
page read and write
|
||
1DC188A2000
|
heap
|
page read and write
|
||
1DC18886000
|
heap
|
page read and write
|
||
792000
|
heap
|
page read and write
|
||
7F0000
|
heap
|
page read and write
|
||
79E000
|
heap
|
page read and write
|
||
29ED000
|
heap
|
page read and write
|
||
793000
|
heap
|
page read and write
|
||
196000
|
stack
|
page read and write
|
||
F30000
|
trusted library allocation
|
page read and write
|
||
62A747E000
|
unkown
|
page readonly
|
||
7AF000
|
heap
|
page read and write
|
||
3C71000
|
trusted library allocation
|
page read and write
|
||
7AE000
|
heap
|
page read and write
|
||
7D1000
|
heap
|
page read and write
|
||
4D33DFE000
|
unkown
|
page readonly
|
||
7F4000
|
heap
|
page read and write
|
||
79A000
|
heap
|
page read and write
|
||
4D33B7E000
|
stack
|
page read and write
|
||
1A519A92000
|
heap
|
page read and write
|
||
7E0000
|
heap
|
page read and write
|
||
1DC18902000
|
heap
|
page read and write
|
||
21A9E9BE000
|
heap
|
page read and write
|
||
788000
|
heap
|
page read and write
|
||
1DC18862000
|
heap
|
page read and write
|
||
5192000
|
unkown
|
page readonly
|
||
7D3000
|
heap
|
page read and write
|
||
7D3000
|
heap
|
page read and write
|
||
21A9E9C0000
|
heap
|
page read and write
|
||
1DC18867000
|
heap
|
page read and write
|
||
79C000
|
heap
|
page read and write
|
||
7D0000
|
heap
|
page read and write
|
||
21A9E9D2000
|
heap
|
page read and write
|
||
776000
|
heap
|
page read and write
|
||
1DC18865000
|
heap
|
page read and write
|
||
1DC1889F000
|
heap
|
page read and write
|
||
620000
|
heap
|
page read and write
|
||
531000
|
unkown
|
page read and write
|
||
F43000
|
trusted library allocation
|
page execute and read and write
|
||
4C09000
|
stack
|
page read and write
|
||
7A5000
|
heap
|
page read and write
|
||
1DC18853000
|
heap
|
page read and write
|
||
7BE000
|
heap
|
page read and write
|
||
4D333FE000
|
stack
|
page readonly
|
||
21A9E9E3000
|
heap
|
page read and write
|
||
78E000
|
heap
|
page read and write
|
||
193000
|
stack
|
page read and write
|
||
1A51A202000
|
heap
|
page read and write
|
||
CF9000
|
heap
|
page read and write
|
||
7AC000
|
heap
|
page read and write
|
||
21A9E9EB000
|
heap
|
page read and write
|
||
7BF000
|
heap
|
page read and write
|
||
21A9E9E4000
|
heap
|
page read and write
|
||
79E000
|
heap
|
page read and write
|
||
71E000
|
stack
|
page read and write
|
||
1DC18855000
|
heap
|
page read and write
|
||
21A9E9CE000
|
heap
|
page read and write
|
||
2CFB000
|
trusted library allocation
|
page read and write
|
||
796000
|
heap
|
page read and write
|
||
1DC1883F000
|
heap
|
page read and write
|
||
1DC18897000
|
heap
|
page read and write
|
||
792000
|
heap
|
page read and write
|
||
79B000
|
heap
|
page read and write
|
||
4C4E000
|
stack
|
page read and write
|
||
780000
|
heap
|
page read and write
|
||
218000
|
unkown
|
page readonly
|
||
7BD000
|
heap
|
page read and write
|
||
76C000
|
heap
|
page read and write
|
||
62A707E000
|
unkown
|
page readonly
|
||
29BF000
|
stack
|
page read and write
|
||
3B80000
|
trusted library allocation
|
page read and write
|
||
5342000
|
unkown
|
page readonly
|
||
78E000
|
heap
|
page read and write
|
||
79E000
|
heap
|
page read and write
|
||
7FA000
|
heap
|
page read and write
|
||
3C99000
|
trusted library allocation
|
page read and write
|
||
E80000
|
heap
|
page read and write
|
||
4D340FE000
|
unkown
|
page readonly
|
||
801000
|
heap
|
page read and write
|
||
21A9E9CE000
|
heap
|
page read and write
|
||
5F53EFE000
|
stack
|
page read and write
|
||
79E000
|
heap
|
page read and write
|
||
1BA8C471000
|
heap
|
page read and write
|
||
1DC18836000
|
heap
|
page read and write
|
||
5F53F7E000
|
unkown
|
page readonly
|
||
799000
|
heap
|
page read and write
|
||
4FF0000
|
trusted library allocation
|
page execute and read and write
|
||
7D7000
|
heap
|
page read and write
|
||
7AC000
|
heap
|
page read and write
|
||
711F67B000
|
stack
|
page read and write
|
||
22248A74000
|
heap
|
page read and write
|
||
21A9E9FC000
|
heap
|
page read and write
|
||
50E0000
|
trusted library allocation
|
page read and write
|
||
21A9E9D9000
|
heap
|
page read and write
|
||
14C0000
|
trusted library allocation
|
page read and write
|
||
2D3D000
|
trusted library allocation
|
page read and write
|
||
7A7000
|
heap
|
page read and write
|
||
774000
|
heap
|
page read and write
|
||
7B8000
|
heap
|
page read and write
|
||
78E000
|
heap
|
page read and write
|
||
797000
|
heap
|
page read and write
|
||
7AC000
|
heap
|
page read and write
|
||
711FBFC000
|
stack
|
page read and write
|
||
1DC18858000
|
heap
|
page read and write
|
||
554F000
|
stack
|
page read and write
|
||
7A5000
|
heap
|
page read and write
|
||
7B7000
|
heap
|
page read and write
|
||
800000
|
heap
|
page read and write
|
||
22248A6F000
|
heap
|
page read and write
|
||
4940000
|
trusted library allocation
|
page read and write
|
||
1095000
|
trusted library allocation
|
page execute and read and write
|
||
A10000
|
heap
|
page read and write
|
||
21A9E31C000
|
heap
|
page read and write
|
||
5140000
|
heap
|
page read and write
|
||
7AD000
|
heap
|
page read and write
|
||
779000
|
heap
|
page read and write
|
||
78F000
|
heap
|
page read and write
|
||
7E4000
|
heap
|
page read and write
|
||
7A2000
|
heap
|
page read and write
|
||
3B7C000
|
trusted library allocation
|
page read and write
|
||
AD0000
|
heap
|
page read and write
|
||
C9E000
|
stack
|
page read and write
|
||
7C0000
|
heap
|
page read and write
|
||
7D2000
|
heap
|
page read and write
|
||
77D000
|
heap
|
page read and write
|
||
2380000
|
heap
|
page read and write
|
||
78E000
|
heap
|
page read and write
|
||
4D6D000
|
stack
|
page read and write
|
||
771000
|
heap
|
page read and write
|
||
2657000
|
trusted library allocation
|
page read and write
|
||
B50000
|
heap
|
page read and write
|
||
DA0000
|
heap
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
790000
|
heap
|
page read and write
|
||
7B8000
|
heap
|
page read and write
|
||
7D7000
|
heap
|
page read and write
|
||
21A9E328000
|
heap
|
page read and write
|
||
79D000
|
heap
|
page read and write
|
||
526E000
|
stack
|
page read and write
|
||
79F000
|
heap
|
page read and write
|
||
782000
|
heap
|
page read and write
|
||
1520000
|
trusted library allocation
|
page read and write
|
||
7D1000
|
heap
|
page read and write
|
||
5190000
|
unkown
|
page readonly
|
||
148C000
|
stack
|
page read and write
|
||
7A2000
|
heap
|
page read and write
|
||
7A0000
|
heap
|
page read and write
|
There are 803 hidden memdumps, click here to show them.