Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
62f928.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: Fossa, Author: Dekko Ohm, Keywords: Installer, Comments: This installer database contains the logic and
data required to install Fossa., Template: Intel;1033, Revision Number: {6729BE5C-C13E-40DC-A40C-D2D5371CABA4}, Create Time/Date:
Tue Dec 10 10:20:28 2024, Last Saved Time/Date: Tue Dec 10 10:20:28 2024, Number of Pages: 500, Number of Words: 10, Name
of Creating Application: WiX Toolset (4.0.0.0), Security: 2
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Regma\CrashRpt.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Regma\ManyCam.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Regma\cv099.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Regma\cxcore099.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Regma\cximagecrt.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Regma\highgui099.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Demowordpad.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\krdqojnmbomp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\srpcrmxgav
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\SyncvalidKil3\CrashRpt.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\SyncvalidKil3\cv099.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\SyncvalidKil3\cxcore099.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\SyncvalidKil3\cximagecrt.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\SyncvalidKil3\highgui099.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Config.Msi\6e2516.rbs
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Regma\dbghelp.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Regma\sobrt
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Regma\xtda
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\b7f8a9a
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\e990ee81
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\wwaxt
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Sat Dec 21 13:02:26
2024, mtime=Sat Dec 21 13:02:27 2024, atime=Tue Dec 10 15:18:26 2024, length=1756232, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\SyncvalidKil3\dbghelp.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\SyncvalidKil3\sobrt
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\SyncvalidKil3\xtda
|
data
|
dropped
|
||
|
C:\Windows\Installer\6e2515.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: Fossa, Author: Dekko Ohm, Keywords: Installer, Comments: This installer database contains the logic and
data required to install Fossa., Template: Intel;1033, Revision Number: {6729BE5C-C13E-40DC-A40C-D2D5371CABA4}, Create Time/Date:
Tue Dec 10 10:20:28 2024, Last Saved Time/Date: Tue Dec 10 10:20:28 2024, Number of Pages: 500, Number of Words: 10, Name
of Creating Application: WiX Toolset (4.0.0.0), Security: 2
|
dropped
|
||
|
C:\Windows\Installer\6e2517.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: Fossa, Author: Dekko Ohm, Keywords: Installer, Comments: This installer database contains the logic and
data required to install Fossa., Template: Intel;1033, Revision Number: {6729BE5C-C13E-40DC-A40C-D2D5371CABA4}, Create Time/Date:
Tue Dec 10 10:20:28 2024, Last Saved Time/Date: Tue Dec 10 10:20:28 2024, Number of Pages: 500, Number of Words: 10, Name
of Creating Application: WiX Toolset (4.0.0.0), Security: 2
|
dropped
|
||
|
C:\Windows\Installer\MSI265D.tmp
|
data
|
dropped
|
||
|
C:\Windows\Installer\SourceHash{9C7064B9-89ED-41DD-86B6-540DFCC59041}
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Installer\inprogressinstallinfo.ipi
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\~DF00362BAAC093916C.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF0724E6B1F1805CD2.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF4D55995EA9DC11C3.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF7D2D14DB8B445E62.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF922745D2A5985678.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF9362F87E879B54AD.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFAFA4D0FC48C8D18D.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFB78D9C116250DC15.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFB8A5A2843155FF30.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFC3377944FB0407BE.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DFF11F3B956D8C6194.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFFF87292FADB1AC8C.TMP
|
data
|
dropped
|
There are 34 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\AppData\Local\Regma\ManyCam.exe
|
"C:\Users\user\AppData\Local\Regma\ManyCam.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exe
|
C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exe
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\SysWOW64\cmd.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\Demowordpad.exe
|
C:\Users\user\AppData\Local\Temp\Demowordpad.exe
|
|
|
|
C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exe
|
"C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\SysWOW64\cmd.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\Demowordpad.exe
|
C:\Users\user\AppData\Local\Temp\Demowordpad.exe
|
|
|
|
C:\Windows\System32\msiexec.exe
|
"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\62f928.msi"
|
||
|
C:\Windows\System32\msiexec.exe
|
C:\Windows\system32\msiexec.exe /V
|
||
|
C:\Windows\System32\pcaui.exe
|
"C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam"
-v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Local\Regma\ManyCam.exe"
|
||
|
C:\Windows\System32\pcaui.exe
|
"C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam"
-v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exe"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\pcaui.exe
|
"C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam"
-v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exe"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 4 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
adminitpal.com
|
|
||
|
http://www.manycam.com/codec
|
unknown
|
||
|
http://crl.m
|
unknown
|
||
|
http://www.manycam.com/codecVerdanaTo
|
unknown
|
||
|
https://www.digicert.c
|
unknown
|
||
|
http://www.vmware.com/0
|
unknown
|
||
|
http://www.manycam.com/help/effects/snapshot/these
|
unknown
|
||
|
http://www.manycam.com/codecVerdanaThis
|
unknown
|
||
|
http://www.symauth.com/rpa00
|
unknown
|
||
|
http://manycam.com/help/effects
|
unknown
|
||
|
http://manycam.com/upload_effect?filepath=ManyCam
|
unknown
|
||
|
http://www.manycam.com0
|
unknown
|
||
|
http://download.manycam.comVerdanaThis
|
unknown
|
||
|
http://www.info-zip.org/
|
unknown
|
||
|
http://download.manycam.com
|
unknown
|
||
|
http://www.manycam.comhttp://manycam.com/feedback/?version=%sAnchor
|
unknown
|
||
|
http://www.vmware.com/0/
|
unknown
|
||
|
http://download.manycam.com/effects/%s/%s?v=%sBackgroundsDynamicDynamic
|
unknown
|
||
|
http://download.manycam.com/effects/%s/%s?v=%sManyCam
|
unknown
|
||
|
http://download.manycam.comNew
|
unknown
|
||
|
http://c0rl.m%L
|
unknown
|
||
|
http://www.symauth.com/cps0(
|
unknown
|
||
|
http://www.manycam.com
|
unknown
|
||
|
http://manycam.com/feedback/?version=%s
|
unknown
|
There are 14 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
fp2e7a.wpc.phicdn.net
|
192.229.221.95
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Config.Msi\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\6e2516.rbs
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\6e2516.rbsLow
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Roaming\Microsoft\Installer\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\E887008F4ACD00158A02F3C4FE2DE046
|
9B4607C9DE98DD14686B45D0CF5C0914
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\4E4F28717CD6EBD52AB8BC02ADBB6B7D
|
9B4607C9DE98DD14686B45D0CF5C0914
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\2A048589C2BF7EF5D83BDE8BA198E8EF
|
9B4607C9DE98DD14686B45D0CF5C0914
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\5532CFAFC6E024C5491B01D10493104E
|
9B4607C9DE98DD14686B45D0CF5C0914
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\7DE7304AA07101958B1136CF90B195E9
|
9B4607C9DE98DD14686B45D0CF5C0914
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\7C2B8C0BD6645EB57A85FF0855CA3A5B
|
9B4607C9DE98DD14686B45D0CF5C0914
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\8A55567339F41535998914CF6D047299
|
9B4607C9DE98DD14686B45D0CF5C0914
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\287790015384A7658809910F1A899AFA
|
9B4607C9DE98DD14686B45D0CF5C0914
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\801D7FA607993F357836DB5C6B977D31
|
9B4607C9DE98DD14686B45D0CF5C0914
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Local\Regma\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\9B4607C9DE98DD14686B45D0CF5C0914\InstallProperties
|
LocalPackage
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\9B4607C9DE98DD14686B45D0CF5C0914\InstallProperties
|
AuthorizedCDFPrefix
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\9B4607C9DE98DD14686B45D0CF5C0914\InstallProperties
|
Comments
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\9B4607C9DE98DD14686B45D0CF5C0914\InstallProperties
|
Contact
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\9B4607C9DE98DD14686B45D0CF5C0914\InstallProperties
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\9B4607C9DE98DD14686B45D0CF5C0914\InstallProperties
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\9B4607C9DE98DD14686B45D0CF5C0914\InstallProperties
|
HelpTelephone
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\9B4607C9DE98DD14686B45D0CF5C0914\InstallProperties
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\9B4607C9DE98DD14686B45D0CF5C0914\InstallProperties
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\9B4607C9DE98DD14686B45D0CF5C0914\InstallProperties
|
InstallSource
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\9B4607C9DE98DD14686B45D0CF5C0914\InstallProperties
|
ModifyPath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\9B4607C9DE98DD14686B45D0CF5C0914\InstallProperties
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\9B4607C9DE98DD14686B45D0CF5C0914\InstallProperties
|
Readme
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\9B4607C9DE98DD14686B45D0CF5C0914\InstallProperties
|
Size
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\9B4607C9DE98DD14686B45D0CF5C0914\InstallProperties
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\9B4607C9DE98DD14686B45D0CF5C0914\InstallProperties
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\9B4607C9DE98DD14686B45D0CF5C0914\InstallProperties
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\9B4607C9DE98DD14686B45D0CF5C0914\InstallProperties
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\9B4607C9DE98DD14686B45D0CF5C0914\InstallProperties
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\9B4607C9DE98DD14686B45D0CF5C0914\InstallProperties
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\9B4607C9DE98DD14686B45D0CF5C0914\InstallProperties
|
WindowsInstaller
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\9B4607C9DE98DD14686B45D0CF5C0914\InstallProperties
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\9B4607C9DE98DD14686B45D0CF5C0914\InstallProperties
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9C7064B9-89ED-41DD-86B6-540DFCC59041}
|
AuthorizedCDFPrefix
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9C7064B9-89ED-41DD-86B6-540DFCC59041}
|
Comments
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9C7064B9-89ED-41DD-86B6-540DFCC59041}
|
Contact
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9C7064B9-89ED-41DD-86B6-540DFCC59041}
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9C7064B9-89ED-41DD-86B6-540DFCC59041}
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9C7064B9-89ED-41DD-86B6-540DFCC59041}
|
HelpTelephone
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9C7064B9-89ED-41DD-86B6-540DFCC59041}
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9C7064B9-89ED-41DD-86B6-540DFCC59041}
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9C7064B9-89ED-41DD-86B6-540DFCC59041}
|
InstallSource
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9C7064B9-89ED-41DD-86B6-540DFCC59041}
|
ModifyPath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9C7064B9-89ED-41DD-86B6-540DFCC59041}
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9C7064B9-89ED-41DD-86B6-540DFCC59041}
|
Readme
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9C7064B9-89ED-41DD-86B6-540DFCC59041}
|
Size
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9C7064B9-89ED-41DD-86B6-540DFCC59041}
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9C7064B9-89ED-41DD-86B6-540DFCC59041}
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9C7064B9-89ED-41DD-86B6-540DFCC59041}
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9C7064B9-89ED-41DD-86B6-540DFCC59041}
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9C7064B9-89ED-41DD-86B6-540DFCC59041}
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9C7064B9-89ED-41DD-86B6-540DFCC59041}
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9C7064B9-89ED-41DD-86B6-540DFCC59041}
|
WindowsInstaller
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9C7064B9-89ED-41DD-86B6-540DFCC59041}
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9C7064B9-89ED-41DD-86B6-540DFCC59041}
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1FA67860DC92B8740B6E189401106D49
|
9B4607C9DE98DD14686B45D0CF5C0914
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\9B4607C9DE98DD14686B45D0CF5C0914\InstallProperties
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9C7064B9-89ED-41DD-86B6-540DFCC59041}
|
DisplayName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Features\9B4607C9DE98DD14686B45D0CF5C0914
|
AndesineFeature
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\9B4607C9DE98DD14686B45D0CF5C0914\Features
|
AndesineFeature
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\9B4607C9DE98DD14686B45D0CF5C0914\Patches
|
AllPatches
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\9B4607C9DE98DD14686B45D0CF5C0914
|
ProductName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\9B4607C9DE98DD14686B45D0CF5C0914
|
PackageCode
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\9B4607C9DE98DD14686B45D0CF5C0914
|
Language
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\9B4607C9DE98DD14686B45D0CF5C0914
|
Version
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\9B4607C9DE98DD14686B45D0CF5C0914
|
Assignment
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\9B4607C9DE98DD14686B45D0CF5C0914
|
AdvertiseFlags
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\9B4607C9DE98DD14686B45D0CF5C0914
|
InstanceType
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\9B4607C9DE98DD14686B45D0CF5C0914
|
AuthorizedLUAApp
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\9B4607C9DE98DD14686B45D0CF5C0914
|
DeploymentFlags
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\UpgradeCodes\1FA67860DC92B8740B6E189401106D49
|
9B4607C9DE98DD14686B45D0CF5C0914
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\9B4607C9DE98DD14686B45D0CF5C0914\SourceList
|
PackageName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\9B4607C9DE98DD14686B45D0CF5C0914\SourceList\Net
|
1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\9B4607C9DE98DD14686B45D0CF5C0914\SourceList\Media
|
1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\9B4607C9DE98DD14686B45D0CF5C0914
|
Clients
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\9B4607C9DE98DD14686B45D0CF5C0914\SourceList
|
LastUsedSource
|
There are 73 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
457000
|
unkown
|
page readonly
|
|
|
|
9BF6000
|
heap
|
page read and write
|
|
|
|
4F04000
|
trusted library allocation
|
page read and write
|
|
|
|
2F48000
|
trusted library allocation
|
page read and write
|
|
|
|
5950000
|
direct allocation
|
page read and write
|
|
|
|
534C000
|
trusted library allocation
|
page read and write
|
|
|
|
59D0000
|
direct allocation
|
page read and write
|
|
|
|
9B06000
|
heap
|
page read and write
|
|
|
|
9B47000
|
heap
|
page read and write
|
|
|
|
401000
|
unkown
|
page execute read
|
||
|
55C9000
|
direct allocation
|
page read and write
|
||
|
134000
|
unkown
|
page write copy
|
||
|
2774000
|
unkown
|
page read and write
|
||
|
2001000
|
unkown
|
page execute read
|
||
|
31DE000
|
unkown
|
page read and write
|
||
|
18C5000
|
heap
|
page read and write
|
||
|
518D000
|
direct allocation
|
page read and write
|
||
|
5A4000
|
unkown
|
page readonly
|
||
|
1691000
|
unkown
|
page execute read
|
||
|
2774000
|
unkown
|
page read and write
|
||
|
1E4000
|
heap
|
page read and write
|
||
|
29868BF0000
|
heap
|
page read and write
|
||
|
186A000
|
unkown
|
page read and write
|
||
|
4C74000
|
heap
|
page read and write
|
||
|
2F40000
|
unkown
|
page read and write
|
||
|
10073000
|
unkown
|
page read and write
|
||
|
17DE000
|
unkown
|
page readonly
|
||
|
2986A500000
|
heap
|
page read and write
|
||
|
A12D000
|
trusted library allocation
|
page read and write
|
||
|
4B51000
|
heap
|
page read and write
|
||
|
1E4000
|
heap
|
page read and write
|
||
|
2AEC000
|
stack
|
page read and write
|
||
|
D8D000
|
unkown
|
page readonly
|
||
|
F1A000
|
heap
|
page read and write
|
||
|
E0000
|
unkown
|
page readonly
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
2774000
|
unkown
|
page read and write
|
||
|
59B000
|
unkown
|
page read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
164000
|
heap
|
page read and write
|
||
|
C91000
|
unkown
|
page execute read
|
||
|
2774000
|
unkown
|
page read and write
|
||
|
2001000
|
unkown
|
page execute read
|
||
|
17CD000
|
unkown
|
page readonly
|
||
|
A4A0000
|
unkown
|
page read and write
|
||
|
2E64000
|
unkown
|
page read and write
|
||
|
6D581000
|
unkown
|
page write copy
|
||
|
401000
|
unkown
|
page execute read
|
||
|
6D580000
|
unkown
|
page read and write
|
||
|
6D510000
|
unkown
|
page readonly
|
||
|
9A71000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
2774000
|
unkown
|
page read and write
|
||
|
D2E000
|
unkown
|
page read and write
|
||
|
A0E9000
|
trusted library allocation
|
page read and write
|
||
|
1E30000
|
heap
|
page read and write
|
||
|
2000000
|
unkown
|
page readonly
|
||
|
1120000
|
unkown
|
page readonly
|
||
|
192F000
|
stack
|
page read and write
|
||
|
164000
|
heap
|
page read and write
|
||
|
B7F000
|
heap
|
page read and write
|
||
|
A1D9000
|
trusted library allocation
|
page read and write
|
||
|
193000
|
unkown
|
page readonly
|
||
|
2C70000
|
heap
|
page read and write
|
||
|
53B000
|
unkown
|
page readonly
|
||
|
50CB000
|
heap
|
page read and write
|
||
|
6D511000
|
unkown
|
page execute read
|
||
|
1781000
|
unkown
|
page execute read
|
||
|
1866000
|
unkown
|
page read and write
|
||
|
164000
|
heap
|
page read and write
|
||
|
C84000
|
heap
|
page read and write
|
||
|
18C0000
|
heap
|
page read and write
|
||
|
2774000
|
unkown
|
page read and write
|
||
|
111E000
|
stack
|
page read and write
|
||
|
5411000
|
unkown
|
page read and write
|
||
|
185D000
|
unkown
|
page readonly
|
||
|
164000
|
heap
|
page read and write
|
||
|
100000
|
heap
|
page read and write
|
||
|
29868C90000
|
heap
|
page read and write
|
||
|
29868B12000
|
heap
|
page read and write
|
||
|
33E4000
|
unkown
|
page read and write
|
||
|
1809E6B0000
|
heap
|
page read and write
|
||
|
19B0000
|
heap
|
page read and write
|
||
|
C84000
|
heap
|
page read and write
|
||
|
C84000
|
heap
|
page read and write
|
||
|
2774000
|
unkown
|
page read and write
|
||
|
9E7B000
|
heap
|
page read and write
|
||
|
17DB000
|
unkown
|
page write copy
|
||
|
271C000
|
stack
|
page read and write
|
||
|
9945000
|
heap
|
page read and write
|
||
|
C84000
|
heap
|
page read and write
|
||
|
59B000
|
unkown
|
page read and write
|
||
|
1809E870000
|
heap
|
page read and write
|
||
|
201A000
|
unkown
|
page readonly
|
||
|
2000000
|
unkown
|
page readonly
|
||
|
9C6B000
|
heap
|
page read and write
|
||
|
3436000
|
heap
|
page read and write
|
||
|
1810000
|
unkown
|
page readonly
|
||
|
59B000
|
unkown
|
page read and write
|
||
|
2774000
|
unkown
|
page read and write
|
||
|
17F0000
|
unkown
|
page readonly
|
||
|
E0000
|
unkown
|
page readonly
|
||
|
3445000
|
heap
|
page read and write
|
||
|
9DCE000
|
heap
|
page read and write
|
||
|
122E000
|
stack
|
page read and write
|
||
|
2EFF000
|
trusted library allocation
|
page read and write
|
||
|
1220000
|
unkown
|
page readonly
|
||
|
2774000
|
unkown
|
page read and write
|
||
|
2E6E000
|
unkown
|
page read and write
|
||
|
27E0000
|
unkown
|
page read and write
|
||
|
1690000
|
unkown
|
page readonly
|
||
|
27F0000
|
direct allocation
|
page read and write
|
||
|
2EBD6470000
|
heap
|
page read and write
|
||
|
E3C000
|
heap
|
page read and write
|
||
|
1764000
|
unkown
|
page read and write
|
||
|
55CD000
|
direct allocation
|
page read and write
|
||
|
1F40000
|
heap
|
page read and write
|
||
|
B11000
|
unkown
|
page execute read
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
2774000
|
unkown
|
page read and write
|
||
|
1A10000
|
heap
|
page read and write
|
||
|
30A0000
|
direct allocation
|
page read and write
|
||
|
C84000
|
heap
|
page read and write
|
||
|
2774000
|
unkown
|
page read and write
|
||
|
5410000
|
unkown
|
page read and write
|
||
|
D38000
|
unkown
|
page readonly
|
||
|
54A0000
|
direct allocation
|
page read and write
|
||
|
2774000
|
unkown
|
page read and write
|
||
|
6D585000
|
unkown
|
page readonly
|
||
|
5810000
|
unkown
|
page read and write
|
||
|
3434000
|
heap
|
page read and write
|
||
|
2E64000
|
unkown
|
page read and write
|
||
|
A19E000
|
trusted library allocation
|
page read and write
|
||
|
1121000
|
unkown
|
page execute read
|
||
|
A24E000
|
trusted library allocation
|
page read and write
|
||
|
1E4000
|
heap
|
page read and write
|
||
|
2F90000
|
unkown
|
page read and write
|
||
|
130E000
|
stack
|
page read and write
|
||
|
563E000
|
direct allocation
|
page read and write
|
||
|
2774000
|
unkown
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
18C1000
|
heap
|
page read and write
|
||
|
47F000
|
unkown
|
page write copy
|
||
|
10062000
|
unkown
|
page readonly
|
||
|
53B000
|
unkown
|
page readonly
|
||
|
29868AB0000
|
heap
|
page read and write
|
||
|
2EBD64C0000
|
heap
|
page read and write
|
||
|
126E000
|
stack
|
page read and write
|
||
|
2774000
|
unkown
|
page read and write
|
||
|
595000
|
unkown
|
page write copy
|
||
|
1E4000
|
heap
|
page read and write
|
||
|
580F000
|
stack
|
page read and write
|
||
|
2C6B000
|
heap
|
page read and write
|
||
|
164000
|
heap
|
page read and write
|
||
|
2774000
|
unkown
|
page read and write
|
||
|
186B000
|
unkown
|
page write copy
|
||
|
1221000
|
unkown
|
page execute read
|
||
|
2C60000
|
heap
|
page read and write
|
||
|
10062000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
6D510000
|
unkown
|
page readonly
|
||
|
570E000
|
stack
|
page read and write
|
||
|
19B0000
|
heap
|
page read and write
|
||
|
1E4000
|
heap
|
page read and write
|
||
|
6D583000
|
unkown
|
page read and write
|
||
|
112D000
|
stack
|
page read and write
|
||
|
5411000
|
unkown
|
page read and write
|
||
|
9D8E000
|
heap
|
page read and write
|
||
|
6D580000
|
unkown
|
page read and write
|
||
|
2F94000
|
unkown
|
page read and write
|
||
|
AE0000
|
heap
|
page read and write
|
||
|
1D82000
|
heap
|
page read and write
|
||
|
2780000
|
unkown
|
page readonly
|
||
|
99E0000
|
heap
|
page read and write
|
||
|
298689D0000
|
heap
|
page read and write
|
||
|
C11000
|
heap
|
page read and write
|
||
|
C11000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
1780000
|
unkown
|
page readonly
|
||
|
2770000
|
heap
|
page read and write
|
||
|
C4E000
|
stack
|
page read and write
|
||
|
D41000
|
unkown
|
page execute read
|
||
|
1D50000
|
heap
|
page read and write
|
||
|
6D583000
|
unkown
|
page read and write
|
||
|
4FA8000
|
heap
|
page read and write
|
||
|
D9A000
|
unkown
|
page read and write
|
||
|
2E20000
|
unkown
|
page readonly
|
||
|
A1DD000
|
trusted library allocation
|
page read and write
|
||
|
595000
|
unkown
|
page write copy
|
||
|
29868B09000
|
heap
|
page read and write
|
||
|
53B000
|
unkown
|
page readonly
|
||
|
2F94000
|
unkown
|
page read and write
|
||
|
6D583000
|
unkown
|
page read and write
|
||
|
2E40000
|
unkown
|
page readonly
|
||
|
A593000
|
unkown
|
page read and write
|
||
|
2EBD64E6000
|
heap
|
page read and write
|
||
|
C90000
|
unkown
|
page readonly
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
168E000
|
stack
|
page read and write
|
||
|
1E4000
|
heap
|
page read and write
|
||
|
A610000
|
unkown
|
page read and write
|
||
|
C84000
|
heap
|
page read and write
|
||
|
2EBD64C8000
|
heap
|
page read and write
|
||
|
9843000
|
heap
|
page read and write
|
||
|
2774000
|
unkown
|
page read and write
|
||
|
319F000
|
unkown
|
page read and write
|
||
|
5A70000
|
unkown
|
page read and write
|
||
|
5420000
|
unkown
|
page read and write
|
||
|
2774000
|
unkown
|
page read and write
|
||
|
2774000
|
unkown
|
page read and write
|
||
|
33D0000
|
unkown
|
page read and write
|
||
|
997E000
|
heap
|
page read and write
|
||
|
142E000
|
stack
|
page read and write
|
||
|
31CD000
|
direct allocation
|
page read and write
|
||
|
29868AF9000
|
heap
|
page read and write
|
||
|
C84000
|
heap
|
page read and write
|
||
|
5851000
|
unkown
|
page read and write
|
||
|
18B0000
|
heap
|
page read and write
|
||
|
B47000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
2012000
|
unkown
|
page readonly
|
||
|
BC1000
|
unkown
|
page readonly
|
||
|
595000
|
unkown
|
page write copy
|
||
|
1809EA10000
|
heap
|
page read and write
|
||
|
2E50000
|
heap
|
page read and write
|
||
|
2B9E000
|
heap
|
page read and write
|
||
|
118F000
|
stack
|
page read and write
|
||
|
17F1000
|
unkown
|
page execute read
|
||
|
193000
|
unkown
|
page readonly
|
||
|
9841000
|
heap
|
page read and write
|
||
|
188E000
|
unkown
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
344B000
|
heap
|
page read and write
|
||
|
C84AE7F000
|
stack
|
page read and write
|
||
|
134000
|
unkown
|
page write copy
|
||
|
12AF000
|
unkown
|
page readonly
|
||
|
180A0310000
|
heap
|
page read and write
|
||
|
E5C000
|
stack
|
page read and write
|
||
|
6D585000
|
unkown
|
page readonly
|
||
|
1D51000
|
heap
|
page read and write
|
||
|
33E0000
|
unkown
|
page read and write
|
||
|
2EBD7EF0000
|
heap
|
page read and write
|
||
|
6D510000
|
unkown
|
page readonly
|
||
|
2760000
|
unkown
|
page readonly
|
||
|
5060000
|
direct allocation
|
page read and write
|
||
|
D1F000
|
unkown
|
page readonly
|
||
|
3447000
|
heap
|
page read and write
|
||
|
A46E000
|
unkown
|
page read and write
|
||
|
10062000
|
unkown
|
page readonly
|
||
|
2774000
|
unkown
|
page read and write
|
||
|
2774000
|
unkown
|
page read and write
|
||
|
2E64000
|
unkown
|
page read and write
|
||
|
2F50000
|
direct allocation
|
page read and write
|
||
|
1898000
|
unkown
|
page readonly
|
||
|
A725000
|
unkown
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
59C000
|
unkown
|
page write copy
|
||
|
2012000
|
unkown
|
page readonly
|
||
|
5411000
|
unkown
|
page read and write
|
||
|
2C7C000
|
heap
|
page read and write
|
||
|
C84AEFF000
|
stack
|
page read and write
|
||
|
1E4000
|
heap
|
page read and write
|
||
|
31C9000
|
direct allocation
|
page read and write
|
||
|
C29000
|
heap
|
page read and write
|
||
|
12C8000
|
unkown
|
page readonly
|
||
|
595000
|
unkown
|
page write copy
|
||
|
12BE000
|
unkown
|
page read and write
|
||
|
201A000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
C1E000
|
stack
|
page read and write
|
||
|
1E4000
|
heap
|
page read and write
|
||
|
11D1000
|
unkown
|
page readonly
|
||
|
51FE000
|
direct allocation
|
page read and write
|
||
|
1D51000
|
heap
|
page read and write
|
||
|
A67D000
|
unkown
|
page read and write
|
||
|
18C0000
|
heap
|
page read and write
|
||
|
2F60000
|
heap
|
page read and write
|
||
|
E9C000
|
stack
|
page read and write
|
||
|
C12000
|
heap
|
page read and write
|
||
|
180F000
|
stack
|
page read and write
|
||
|
AFE000
|
stack
|
page read and write
|
||
|
BE4000
|
unkown
|
page read and write
|
||
|
AEC000
|
heap
|
page read and write
|
||
|
C84000
|
heap
|
page read and write
|
||
|
186E000
|
unkown
|
page readonly
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
2F6C000
|
heap
|
page read and write
|
||
|
164000
|
heap
|
page read and write
|
||
|
2E30000
|
unkown
|
page readonly
|
||
|
10073000
|
unkown
|
page read and write
|
||
|
C84000
|
heap
|
page read and write
|
||
|
10073000
|
unkown
|
page read and write
|
||
|
5E21DAC000
|
stack
|
page read and write
|
||
|
186C000
|
unkown
|
page read and write
|
||
|
C84ABAD000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2774000
|
unkown
|
page read and write
|
||
|
A129000
|
trusted library allocation
|
page read and write
|
||
|
2774000
|
unkown
|
page read and write
|
||
|
55CD000
|
unkown
|
page read and write
|
||
|
4EBB000
|
trusted library allocation
|
page read and write
|
||
|
17DA000
|
unkown
|
page read and write
|
||
|
2C85000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
5850000
|
unkown
|
page read and write
|
||
|
1809E7D0000
|
heap
|
page read and write
|
||
|
17D7000
|
unkown
|
page write copy
|
||
|
D96000
|
unkown
|
page read and write
|
||
|
193000
|
unkown
|
page readonly
|
||
|
1E4000
|
heap
|
page read and write
|
||
|
33E4000
|
unkown
|
page read and write
|
||
|
E0000
|
unkown
|
page readonly
|
||
|
2EBD6690000
|
heap
|
page read and write
|
||
|
984B000
|
heap
|
page read and write
|
||
|
F5FAE7C000
|
stack
|
page read and write
|
||
|
D9B000
|
unkown
|
page write copy
|
||
|
110000
|
heap
|
page read and write
|
||
|
164000
|
heap
|
page read and write
|
||
|
C84000
|
heap
|
page read and write
|
||
|
1809E889000
|
heap
|
page read and write
|
||
|
2774000
|
unkown
|
page read and write
|
||
|
2774000
|
unkown
|
page read and write
|
||
|
2774000
|
unkown
|
page read and write
|
||
|
E0000
|
unkown
|
page readonly
|
||
|
2EBD66B0000
|
heap
|
page read and write
|
||
|
5303000
|
trusted library allocation
|
page read and write
|
||
|
ABB000
|
stack
|
page read and write
|
||
|
29868AF0000
|
heap
|
page read and write
|
||
|
9FC0000
|
trusted library allocation
|
page read and write
|
||
|
10074000
|
unkown
|
page readonly
|
||
|
A863000
|
unkown
|
page read and write
|
||
|
100000
|
heap
|
page read and write
|
||
|
309E000
|
unkown
|
page read and write
|
||
|
2774000
|
unkown
|
page read and write
|
||
|
AB6000
|
stack
|
page read and write
|
||
|
164000
|
heap
|
page read and write
|
||
|
2774000
|
unkown
|
page read and write
|
||
|
5411000
|
unkown
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
5A4000
|
unkown
|
page readonly
|
||
|
9840000
|
heap
|
page read and write
|
||
|
19B5000
|
heap
|
page read and write
|
||
|
9AF0000
|
heap
|
page read and write
|
||
|
18E0000
|
unkown
|
page read and write
|
||
|
32DF000
|
unkown
|
page read and write
|
||
|
53B000
|
unkown
|
page readonly
|
||
|
1E80000
|
heap
|
page read and write
|
||
|
D9E000
|
unkown
|
page readonly
|
||
|
15E000
|
stack
|
page read and write
|
||
|
10E0000
|
heap
|
page read and write
|
||
|
5A4000
|
unkown
|
page readonly
|
||
|
1E4000
|
heap
|
page read and write
|
||
|
1204000
|
unkown
|
page readonly
|
||
|
BF6000
|
heap
|
page read and write
|
||
|
2001000
|
unkown
|
page execute read
|
||
|
323E000
|
direct allocation
|
page read and write
|
||
|
595000
|
unkown
|
page write copy
|
||
|
33C0000
|
unkown
|
page read and write
|
||
|
E1000
|
unkown
|
page execute read
|
||
|
E1000
|
unkown
|
page execute read
|
||
|
1F45000
|
heap
|
page read and write
|
||
|
187F000
|
unkown
|
page readonly
|
||
|
A620000
|
unkown
|
page read and write
|
||
|
D97000
|
unkown
|
page write copy
|
||
|
59C000
|
unkown
|
page write copy
|
||
|
AB6000
|
stack
|
page read and write
|
||
|
C11000
|
heap
|
page read and write
|
||
|
A0B0000
|
trusted library allocation
|
page read and write
|
||
|
2774000
|
unkown
|
page read and write
|
||
|
AB6000
|
stack
|
page read and write
|
||
|
193000
|
unkown
|
page readonly
|
||
|
9B9F000
|
heap
|
page read and write
|
||
|
2E60000
|
heap
|
page read and write
|
||
|
B9C000
|
heap
|
page read and write
|
||
|
1811000
|
unkown
|
page execute read
|
||
|
19E0000
|
heap
|
page read and write
|
||
|
33B0000
|
heap
|
page read and write
|
||
|
164000
|
heap
|
page read and write
|
||
|
2C0E000
|
unkown
|
page read and write
|
||
|
2774000
|
unkown
|
page read and write
|
||
|
1AE000
|
stack
|
page read and write
|
||
|
5A4000
|
unkown
|
page readonly
|
||
|
2774000
|
unkown
|
page read and write
|
||
|
164000
|
heap
|
page read and write
|
||
|
134000
|
unkown
|
page write copy
|
||
|
E30000
|
heap
|
page read and write
|
||
|
2774000
|
unkown
|
page read and write
|
||
|
2790000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
F00000
|
heap
|
page read and write
|
||
|
1809E892000
|
heap
|
page read and write
|
||
|
C84000
|
heap
|
page read and write
|
||
|
17D6000
|
unkown
|
page read and write
|
||
|
B42000
|
heap
|
page read and write
|
||
|
BF2000
|
heap
|
page read and write
|
||
|
343A000
|
heap
|
page read and write
|
||
|
2E64000
|
unkown
|
page read and write
|
||
|
2774000
|
unkown
|
page read and write
|
||
|
1867000
|
unkown
|
page write copy
|
||
|
164000
|
heap
|
page read and write
|
||
|
E93000
|
heap
|
page read and write
|
||
|
2AFA000
|
stack
|
page read and write
|
||
|
6D511000
|
unkown
|
page execute read
|
||
|
C84000
|
heap
|
page read and write
|
||
|
2774000
|
unkown
|
page read and write
|
||
|
6D511000
|
unkown
|
page execute read
|
||
|
2019000
|
unkown
|
page read and write
|
||
|
D40000
|
unkown
|
page readonly
|
||
|
400000
|
unkown
|
page readonly
|
||
|
27DD000
|
unkown
|
page read and write
|
||
|
2774000
|
unkown
|
page read and write
|
||
|
2019000
|
unkown
|
page read and write
|
||
|
F5FAEFE000
|
stack
|
page read and write
|
||
|
B10000
|
unkown
|
page readonly
|
||
|
58AE000
|
stack
|
page read and write
|
||
|
C84000
|
heap
|
page read and write
|
||
|
2F6E000
|
unkown
|
page read and write
|
||
|
6D585000
|
unkown
|
page readonly
|
||
|
10074000
|
unkown
|
page readonly
|
||
|
9D58000
|
heap
|
page read and write
|
||
|
A81A000
|
unkown
|
page read and write
|
||
|
2B80000
|
heap
|
page read and write
|
||
|
595000
|
unkown
|
page write copy
|
||
|
ED0000
|
heap
|
page read and write
|
||
|
59D0000
|
unkown
|
page read and write
|
||
|
F10000
|
heap
|
page read and write
|
||
|
A591000
|
unkown
|
page read and write
|
||
|
33BB000
|
heap
|
page read and write
|
||
|
2774000
|
unkown
|
page read and write
|
||
|
D9C000
|
unkown
|
page read and write
|
||
|
2CC9000
|
heap
|
page read and write
|
||
|
2019000
|
unkown
|
page read and write
|
||
|
A76E000
|
unkown
|
page read and write
|
||
|
2774000
|
unkown
|
page read and write
|
||
|
59AF000
|
stack
|
page read and write
|
||
|
C84000
|
heap
|
page read and write
|
||
|
164000
|
heap
|
page read and write
|
||
|
164000
|
heap
|
page read and write
|
||
|
2E64000
|
unkown
|
page read and write
|
||
|
E1000
|
unkown
|
page execute read
|
||
|
2E64000
|
unkown
|
page read and write
|
||
|
F5FAF7F000
|
stack
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
6D581000
|
unkown
|
page write copy
|
||
|
59C000
|
unkown
|
page write copy
|
||
|
18B0000
|
heap
|
page read and write
|
||
|
C80000
|
heap
|
page read and write
|
||
|
A37D000
|
unkown
|
page read and write
|
||
|
ABB000
|
stack
|
page read and write
|
||
|
470000
|
unkown
|
page read and write
|
||
|
164000
|
heap
|
page read and write
|
||
|
160000
|
heap
|
page read and write
|
||
|
2774000
|
unkown
|
page read and write
|
||
|
164000
|
heap
|
page read and write
|
||
|
10074000
|
unkown
|
page readonly
|
||
|
5189000
|
direct allocation
|
page read and write
|
||
|
2CC1000
|
heap
|
page read and write
|
||
|
A000000
|
trusted library allocation
|
page read and write
|
||
|
A0ED000
|
trusted library allocation
|
page read and write
|
||
|
A15E000
|
trusted library allocation
|
page read and write
|
||
|
AF2000
|
heap
|
page read and write
|
||
|
C12000
|
heap
|
page read and write
|
||
|
2774000
|
unkown
|
page read and write
|
||
|
56CE000
|
unkown
|
page read and write
|
||
|
2774000
|
unkown
|
page read and write
|
||
|
136F000
|
stack
|
page read and write
|
||
|
2EBD6460000
|
heap
|
page read and write
|
||
|
11F4000
|
unkown
|
page read and write
|
||
|
1741000
|
unkown
|
page readonly
|
||
|
9C000
|
stack
|
page read and write
|
||
|
A520000
|
unkown
|
page read and write
|
||
|
1809E879000
|
heap
|
page read and write
|
||
|
E8F000
|
heap
|
page read and write
|
||
|
ECD000
|
heap
|
page read and write
|
||
|
2750000
|
unkown
|
page readonly
|
||
|
F1E000
|
heap
|
page read and write
|
||
|
5A4000
|
unkown
|
page readonly
|
||
|
17DC000
|
unkown
|
page read and write
|
||
|
1E4000
|
heap
|
page read and write
|
||
|
2774000
|
unkown
|
page read and write
|
||
|
A710000
|
unkown
|
page read and write
|
||
|
2E64000
|
unkown
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
53B000
|
unkown
|
page readonly
|
||
|
C84000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
53B000
|
unkown
|
page readonly
|
||
|
5A4000
|
unkown
|
page readonly
|
||
|
476000
|
unkown
|
page readonly
|
||
|
1809E790000
|
heap
|
page read and write
|
||
|
1E4000
|
heap
|
page read and write
|
||
|
2012000
|
unkown
|
page readonly
|
||
|
2774000
|
unkown
|
page read and write
|
||
|
2E64000
|
unkown
|
page read and write
|
||
|
BF4000
|
unkown
|
page readonly
|
||
|
2774000
|
unkown
|
page read and write
|
||
|
1774000
|
unkown
|
page readonly
|
||
|
DD0000
|
unkown
|
page read and write
|
||
|
E1000
|
unkown
|
page execute read
|
||
|
2000000
|
unkown
|
page readonly
|
||
|
9C000
|
stack
|
page read and write
|
||
|
2E64000
|
unkown
|
page read and write
|
||
|
9841000
|
heap
|
page read and write
|
||
|
2774000
|
unkown
|
page read and write
|
||
|
C84000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
BA2000
|
heap
|
page read and write
|
||
|
6D580000
|
unkown
|
page read and write
|
||
|
6D581000
|
unkown
|
page write copy
|
||
|
9CAB000
|
heap
|
page read and write
|
||
|
5851000
|
unkown
|
page read and write
|
||
|
134000
|
unkown
|
page write copy
|
||
|
ABB000
|
stack
|
page read and write
|
||
|
201A000
|
unkown
|
page readonly
|
||
|
2BEA000
|
stack
|
page read and write
|
||
|
2774000
|
unkown
|
page read and write
|
||
|
2774000
|
unkown
|
page read and write
|
||
|
9AAF000
|
heap
|
page read and write
|
||
|
100000
|
heap
|
page read and write
|
There are 510 hidden memdumps, click here to show them.