Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
setup.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252,
Revision Number: {394343F4-E39C-409D-BD57-1C70A6E4B89C}, Number of Words: 10, Subject: Cave App, Author: Weqos Apps Industries,
Name of Creating Application: Cave App, Template: x64;2057, Comments: This installer database contains the logic and data
required to install Cave App., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Thu Dec
26 06:52:15 2024, Last Saved Time/Date: Thu Dec 26 06:52:15 2024, Last Printed: Thu Dec 26 06:52:15 2024, Number of Pages:
450
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\msi8CFF.txt
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\pss8D12.ps1
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scr8D00.ps1
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
modified
|
|
|
|
C:\Config.Msi\5f599d.rbs
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bs5rtfer.mha.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mtlde4y2.01x.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Installer\{1C4A5FBA-760B-4754-A971-45D0AA1EA01D}\icon_22.exe
|
MS Windows icon resource - 7 icons, 256x256, 32 bits/pixel, -128x-128, 32 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\BCUninstaller.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\ImporterREDServer.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\UnRar.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-console-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-console-l1-2-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-datetime-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-debug-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-errorhandling-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-file-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-file-l1-2-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-file-l2-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-handle-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-heap-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-interlocked-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-libraryloader-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-localization-l1-2-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-memory-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-namedpipe-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-processenvironment-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-processthreads-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-processthreads-l1-1-1.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-profile-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-rtlsupport-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-string-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-synch-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-synch-l1-2-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-sysinfo-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-timezone-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-core-util-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-crt-conio-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-crt-convert-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-crt-environment-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\api-ms-win-crt-filesystem-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\boost_date_time.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\boost_filesystem.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\boost_program_options.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\boost_regex.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\boost_system.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\boost_threads.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\createdump.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\dvacore.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\dvaunittesting.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\ghiuoqfj.rar
|
RAR archive data, v5
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\msvcp140.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\suriqk.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\una_front\classes.jsa
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\una_front\classes_nocoops.jsa
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\una_front\java.datatransfer.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\una_front\java.desktop.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\una_front\java.instrument.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\una_front\java.logging.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\una_front\java.management.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\utest.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\vcruntime140.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\vcruntime140_1.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\5f599b.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252,
Revision Number: {394343F4-E39C-409D-BD57-1C70A6E4B89C}, Number of Words: 10, Subject: Cave App, Author: Weqos Apps Industries,
Name of Creating Application: Cave App, Template: x64;2057, Comments: This installer database contains the logic and data
required to install Cave App., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Thu Dec
26 06:52:15 2024, Last Saved Time/Date: Thu Dec 26 06:52:15 2024, Last Printed: Thu Dec 26 06:52:15 2024, Number of Pages:
450
|
dropped
|
||
|
C:\Windows\Installer\5f599e.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252,
Revision Number: {394343F4-E39C-409D-BD57-1C70A6E4B89C}, Number of Words: 10, Subject: Cave App, Author: Weqos Apps Industries,
Name of Creating Application: Cave App, Template: x64;2057, Comments: This installer database contains the logic and data
required to install Cave App., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Thu Dec
26 06:52:15 2024, Last Saved Time/Date: Thu Dec 26 06:52:15 2024, Last Printed: Thu Dec 26 06:52:15 2024, Number of Pages:
450
|
dropped
|
||
|
C:\Windows\Installer\MSI62D2.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSI6360.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSI63BF.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSI63EF.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSI644D.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSI64CB.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSI650B.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSI8093.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSI8C3C.tmp
|
data
|
dropped
|
||
|
C:\Windows\Installer\MSI8C5C.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\SourceHash{1C4A5FBA-760B-4754-A971-45D0AA1EA01D}
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Installer\inprogressinstallinfo.ipi
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\~DF0B49CCBA23EE7EB9.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF287DBA3976560A5A.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF39CF3C833818412B.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF418E16F63F8B764C.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF42C9C193E0DFE6A0.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF7B7EA869F5086E88.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF83E642EC4719CBEB.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF89C1DB451BD39A80.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF9BA85424D37BB6DB.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFC9DBA616F7219380.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DFDBBED6A2ABEE4AFE.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DFEE62185E1A838413.TMP
|
data
|
dropped
|
||
|
\Device\ConDrv
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 82 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\msiexec.exe
|
"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\setup.msi"
|
|
|
|
C:\Windows\System32\msiexec.exe
|
C:\Windows\system32\msiexec.exe /V
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding 45E70E686A70EB9A9EBD77437EA9ABD2
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
-NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pss8D12.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msi8CFF.txt"
-scriptFile "C:\Users\user\AppData\Local\Temp\scr8D00.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scr8D01.txt"
-propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\suriqk.bat" "C:\Users\user\AppData\Roaming\Weqos
Apps Industries\Cave App\ImporterREDServer.exe""
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\createdump.exe
|
"C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\createdump.exe"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\ImporterREDServer.exe
|
"C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\ImporterREDServer.exe"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 1 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://successroadway.com/updater.php
|
104.21.6.3
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://crl.certum.pl/ctsca2021.crl0o
|
unknown
|
||
|
https://aka.ms/dotnet-core-applaunch?You
|
unknown
|
||
|
http://repository.certum.pl/ctnca.cer09
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://crl.certum.pl/ctnca.crl0k
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://java.oracle.com/
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://ccsca2021.crl.certum.pl/ccsca2021.crl0s
|
unknown
|
||
|
http://schemas.mick
|
unknown
|
||
|
https://aka.ms/dotnet/app-launch-failed
|
unknown
|
||
|
https://aka.ms/dotnet/app-launch-failed&gui=trueShowing
|
unknown
|
||
|
https://www.certum.pl/CPS0
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://repository.certum.pl/ccsca2021.cer0
|
unknown
|
||
|
https://aka.ms/dotnet-core-applaunch?
|
unknown
|
||
|
https://successroadway.com/updater.phpx
|
unknown
|
||
|
http://repository.certum.pl/ctsca2021.cer0
|
unknown
|
||
|
https://aka.ms/pscore6lB
|
unknown
|
||
|
http://subca.ocsp-certum.com05
|
unknown
|
||
|
http://subca.ocsp-certum.com02
|
unknown
|
||
|
http://subca.ocsp-certum.com01
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://crl.certum.pl/ctnca2.crl0l
|
unknown
|
||
|
http://repository.certum.pl/ctnca2.cer09
|
unknown
|
||
|
http://xml.org/sax/features/external-general-entitieshttp://xml.org/sax/features/external-parameter-
|
unknown
|
||
|
http://ccsca2021.ocsp-certum.com05
|
unknown
|
||
|
https://aka.ms/winui2/webview2download/Reload():
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.certum.pl/CPS0
|
unknown
|
There are 25 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
successroadway.com
|
104.21.6.3
|
|
|
|
fp2e7a.wpc.phicdn.net
|
192.229.221.95
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
104.21.6.3
|
successroadway.com
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Config.Msi\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\5f599d.rbs
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\5f599d.rbsLow
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Roaming\Microsoft\Installer\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\E443C93FE38A0674D88A2F672090B5F4
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\187E38CB2ED78A74793CE2C69CCBDA28
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\E7EE285D6BCFBB0488FD8D57166FADAC
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\51125544FAB230246BBFE149506FE373
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\065A82ED1E5E5304C83A443964682A94
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\89B93D30BB7E2604DB2903D746A2C51F
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\3E23C972A00A3154A9B83D89A4146ABF
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\574D5B86D91DF25448D9F526CAAE9C9D
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\14BA7B05AF5C8754DA7B962E06A867B6
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\9B5AF4DE1AB2060489B6AE7B3EA194D6
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\49982E48A3B4BC04FA606F6079F49621
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\C66308C74B87A2543A43E47D5062F642
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\23FCC08CDC982854E8B3DC110D4BA6F0
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\4E53B16B1EB817146BB92E24C39E71F9
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\EE69BDDFD74852B4581B566E26FC368A
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\DE8D80696CE804542B23A42863608F26
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\6D8E6B71400CBD04BBD221D5C7C12CE1
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\9737E2B1877BA2647A4AC547869EDF03
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\65624D8381D30F249B874F58E818676E
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\1D6B9F26743114741949E7CBD0850B50
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\876E9D03A3628184781AD86C940640F7
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\281AF9D8612EF2E47BDAFD353EBB66DB
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\D63B3F7EA8654C24FB42180178BBBF34
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\C04D16F8CDF5F4543AC9A3616BA42840
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\74BFD8668DF9CDF4DAE798C67C0F5E07
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\E84195AD854B9A744A14CCC0101E24CE
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\1DD769335A51CEF409558BD4F1FD0D16
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\A90F39F166BA2EA44BC33F5B99568A56
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\448F614546145E44A8D80DE268772838
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\05FD0BAA4CB2CD9439DCE5CDE594202A
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\314863730BAF8734C8564E85B3A047C8
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\EA86D228823216D438705787F640D3A5
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\6B5745FE5D94C414FA11D00F7E2AB400
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\6B581FFC20289EB4099D141CDE7359BB
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\99506DC9F6A09D640842631E2BC2AC70
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\210EE68B5FD50E34281311DD8E8CA8CE
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\BF72C907D7DD14443B547200FB74B315
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\E7F5D6A9A9F5C584282653FB24AE4CCB
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\B218C6F033F3D9F4E9F7F1687CFC5E4E
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\ECEF6DC4638DFEF4686CB4AA8C90A457
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\799575847269DFB4B90DB80E9AE3F513
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\9AB49572650F2254CB98AFD3B7DA9B2E
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\1DA51AE393E3A2E44AD642274DF874C9
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\EE9277BB1523DD045952C0B8CCCF2CF8
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\27B23E0DE8354FA4984FE3E6EA64A0DA
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\E053C72B9492790418B6BC8963A132B1
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\418D33948A06A3141BB101F3E34641AE
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\30E3084F57A08354080B6375A86D0459
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\57D46BCA90CDE574793A997F4D70B5FE
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\BE3F70CAE98AB094E896B57BD601796E
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\E571FA2CC5C29C246B485717ABC8D733
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\6518C1A5576E11E4FBC0C0E45F2E3C59
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Roaming\Weqos Apps Industries\Cave App\una_front\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Roaming\Microsoft\Installer\{1C4A5FBA-760B-4754-A971-45D0AA1EA01D}\
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Weqos Apps Industries\Cave App
|
Version
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Weqos Apps Industries\Cave App
|
Path
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Weqos Apps Industries\Cave App
|
TruaiLicQuota
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Weqos Apps Industries\Cave App\Durox
|
Ver
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\ABF5A4C1B06745749A17540DAAE10AD1\InstallProperties
|
LocalPackage
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\ABF5A4C1B06745749A17540DAAE10AD1\InstallProperties
|
AuthorizedCDFPrefix
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\ABF5A4C1B06745749A17540DAAE10AD1\InstallProperties
|
Comments
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\ABF5A4C1B06745749A17540DAAE10AD1\InstallProperties
|
Contact
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\ABF5A4C1B06745749A17540DAAE10AD1\InstallProperties
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\ABF5A4C1B06745749A17540DAAE10AD1\InstallProperties
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\ABF5A4C1B06745749A17540DAAE10AD1\InstallProperties
|
HelpTelephone
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\ABF5A4C1B06745749A17540DAAE10AD1\InstallProperties
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\ABF5A4C1B06745749A17540DAAE10AD1\InstallProperties
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\ABF5A4C1B06745749A17540DAAE10AD1\InstallProperties
|
InstallSource
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\ABF5A4C1B06745749A17540DAAE10AD1\InstallProperties
|
ModifyPath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\ABF5A4C1B06745749A17540DAAE10AD1\InstallProperties
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\ABF5A4C1B06745749A17540DAAE10AD1\InstallProperties
|
NoRepair
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\ABF5A4C1B06745749A17540DAAE10AD1\InstallProperties
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\ABF5A4C1B06745749A17540DAAE10AD1\InstallProperties
|
Readme
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\ABF5A4C1B06745749A17540DAAE10AD1\InstallProperties
|
Size
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\ABF5A4C1B06745749A17540DAAE10AD1\InstallProperties
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\ABF5A4C1B06745749A17540DAAE10AD1\InstallProperties
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\ABF5A4C1B06745749A17540DAAE10AD1\InstallProperties
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\ABF5A4C1B06745749A17540DAAE10AD1\InstallProperties
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\ABF5A4C1B06745749A17540DAAE10AD1\InstallProperties
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\ABF5A4C1B06745749A17540DAAE10AD1\InstallProperties
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\ABF5A4C1B06745749A17540DAAE10AD1\InstallProperties
|
WindowsInstaller
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\ABF5A4C1B06745749A17540DAAE10AD1\InstallProperties
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\ABF5A4C1B06745749A17540DAAE10AD1\InstallProperties
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1C4A5FBA-760B-4754-A971-45D0AA1EA01D}
|
AuthorizedCDFPrefix
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1C4A5FBA-760B-4754-A971-45D0AA1EA01D}
|
Comments
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1C4A5FBA-760B-4754-A971-45D0AA1EA01D}
|
Contact
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1C4A5FBA-760B-4754-A971-45D0AA1EA01D}
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1C4A5FBA-760B-4754-A971-45D0AA1EA01D}
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1C4A5FBA-760B-4754-A971-45D0AA1EA01D}
|
HelpTelephone
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1C4A5FBA-760B-4754-A971-45D0AA1EA01D}
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1C4A5FBA-760B-4754-A971-45D0AA1EA01D}
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1C4A5FBA-760B-4754-A971-45D0AA1EA01D}
|
InstallSource
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1C4A5FBA-760B-4754-A971-45D0AA1EA01D}
|
ModifyPath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1C4A5FBA-760B-4754-A971-45D0AA1EA01D}
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1C4A5FBA-760B-4754-A971-45D0AA1EA01D}
|
NoRepair
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1C4A5FBA-760B-4754-A971-45D0AA1EA01D}
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1C4A5FBA-760B-4754-A971-45D0AA1EA01D}
|
Readme
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1C4A5FBA-760B-4754-A971-45D0AA1EA01D}
|
Size
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1C4A5FBA-760B-4754-A971-45D0AA1EA01D}
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1C4A5FBA-760B-4754-A971-45D0AA1EA01D}
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1C4A5FBA-760B-4754-A971-45D0AA1EA01D}
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1C4A5FBA-760B-4754-A971-45D0AA1EA01D}
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1C4A5FBA-760B-4754-A971-45D0AA1EA01D}
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1C4A5FBA-760B-4754-A971-45D0AA1EA01D}
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1C4A5FBA-760B-4754-A971-45D0AA1EA01D}
|
WindowsInstaller
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1C4A5FBA-760B-4754-A971-45D0AA1EA01D}
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1C4A5FBA-760B-4754-A971-45D0AA1EA01D}
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\424F5E0DD9224C14E9B1EC66DE7BC6E3
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\ABF5A4C1B06745749A17540DAAE10AD1\InstallProperties
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1C4A5FBA-760B-4754-A971-45D0AA1EA01D}
|
DisplayName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Features\ABF5A4C1B06745749A17540DAAE10AD1
|
MainFeature
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\ABF5A4C1B06745749A17540DAAE10AD1\Features
|
MainFeature
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\ABF5A4C1B06745749A17540DAAE10AD1\Patches
|
AllPatches
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\ABF5A4C1B06745749A17540DAAE10AD1
|
ProductName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\ABF5A4C1B06745749A17540DAAE10AD1
|
PackageCode
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\ABF5A4C1B06745749A17540DAAE10AD1
|
Language
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\ABF5A4C1B06745749A17540DAAE10AD1
|
Version
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\ABF5A4C1B06745749A17540DAAE10AD1
|
Assignment
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\ABF5A4C1B06745749A17540DAAE10AD1
|
AdvertiseFlags
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\ABF5A4C1B06745749A17540DAAE10AD1
|
ProductIcon
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\ABF5A4C1B06745749A17540DAAE10AD1
|
InstanceType
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\ABF5A4C1B06745749A17540DAAE10AD1
|
AuthorizedLUAApp
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\ABF5A4C1B06745749A17540DAAE10AD1
|
DeploymentFlags
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\UpgradeCodes\424F5E0DD9224C14E9B1EC66DE7BC6E3
|
ABF5A4C1B06745749A17540DAAE10AD1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\ABF5A4C1B06745749A17540DAAE10AD1\SourceList
|
PackageName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\ABF5A4C1B06745749A17540DAAE10AD1\SourceList\Net
|
1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\ABF5A4C1B06745749A17540DAAE10AD1\SourceList\Media
|
DiskPrompt
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\ABF5A4C1B06745749A17540DAAE10AD1\SourceList\Media
|
1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\ABF5A4C1B06745749A17540DAAE10AD1
|
Clients
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\ABF5A4C1B06745749A17540DAAE10AD1\SourceList
|
LastUsedSource
|
There are 129 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7B6E000
|
stack
|
page read and write
|
||
|
3480000
|
trusted library allocation
|
page read and write
|
||
|
79D3000
|
heap
|
page read and write
|
||
|
7FF72D5CC000
|
unkown
|
page read and write
|
||
|
79C8000
|
heap
|
page read and write
|
||
|
3449000
|
trusted library allocation
|
page read and write
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
61F1000
|
trusted library allocation
|
page read and write
|
||
|
44C000
|
heap
|
page read and write
|
||
|
3079000
|
stack
|
page read and write
|
||
|
7FFD94451000
|
unkown
|
page execute read
|
||
|
751E000
|
stack
|
page read and write
|
||
|
51F1000
|
trusted library allocation
|
page read and write
|
||
|
7842000
|
heap
|
page read and write
|
||
|
7FFDAC131000
|
unkown
|
page read and write
|
||
|
140013000
|
unkown
|
page read and write
|
||
|
7A03000
|
heap
|
page read and write
|
||
|
7FFDAC121000
|
unkown
|
page execute read
|
||
|
5B62000
|
trusted library allocation
|
page read and write
|
||
|
3401000
|
heap
|
page read and write
|
||
|
140000000
|
unkown
|
page readonly
|
||
|
4E9E000
|
stack
|
page read and write
|
||
|
1FF0A920000
|
heap
|
page read and write
|
||
|
6219000
|
trusted library allocation
|
page read and write
|
||
|
329E000
|
stack
|
page read and write
|
||
|
625A000
|
trusted library allocation
|
page read and write
|
||
|
3520000
|
trusted library allocation
|
page read and write
|
||
|
3348000
|
heap
|
page read and write
|
||
|
34CE000
|
stack
|
page read and write
|
||
|
350F000
|
stack
|
page read and write
|
||
|
7FF72D5C0000
|
unkown
|
page readonly
|
||
|
8810000
|
trusted library allocation
|
page read and write
|
||
|
7C00000
|
trusted library allocation
|
page execute and read and write
|
||
|
7987000
|
heap
|
page read and write
|
||
|
31D0000
|
heap
|
page read and write
|
||
|
79B3000
|
heap
|
page read and write
|
||
|
7C90000
|
trusted library allocation
|
page read and write
|
||
|
75A0000
|
heap
|
page read and write
|
||
|
7FFD944D7000
|
unkown
|
page readonly
|
||
|
7FFD944A6000
|
unkown
|
page readonly
|
||
|
798B000
|
heap
|
page read and write
|
||
|
190000
|
heap
|
page read and write
|
||
|
7A40000
|
heap
|
page execute and read and write
|
||
|
5346000
|
trusted library allocation
|
page read and write
|
||
|
72CE000
|
stack
|
page read and write
|
||
|
7CD0000
|
trusted library allocation
|
page read and write
|
||
|
3550000
|
heap
|
page read and write
|
||
|
7FFDAC136000
|
unkown
|
page read and write
|
||
|
7FF72D5CD000
|
unkown
|
page readonly
|
||
|
180426000
|
unkown
|
page write copy
|
||
|
30C0000
|
heap
|
page read and write
|
||
|
7FFD944D3000
|
unkown
|
page read and write
|
||
|
140001000
|
unkown
|
page execute read
|
||
|
7CC0000
|
trusted library allocation
|
page read and write
|
||
|
1FF0AAE0000
|
heap
|
page read and write
|
||
|
735D000
|
stack
|
page read and write
|
||
|
336C000
|
heap
|
page read and write
|
||
|
3320000
|
trusted library allocation
|
page read and write
|
||
|
7BAE000
|
stack
|
page read and write
|
||
|
14001A000
|
unkown
|
page read and write
|
||
|
73DE000
|
stack
|
page read and write
|
||
|
4DC0000
|
heap
|
page execute and read and write
|
||
|
780E000
|
stack
|
page read and write
|
||
|
1FF0AA20000
|
heap
|
page read and write
|
||
|
4D80000
|
trusted library allocation
|
page read and write
|
||
|
3558000
|
heap
|
page read and write
|
||
|
140014000
|
unkown
|
page readonly
|
||
|
31A0000
|
heap
|
page read and write
|
||
|
7997000
|
heap
|
page read and write
|
||
|
140000000
|
unkown
|
page readonly
|
||
|
7C20000
|
trusted library allocation
|
page read and write
|
||
|
7AE9000
|
trusted library allocation
|
page read and write
|
||
|
1FF0AA00000
|
heap
|
page read and write
|
||
|
87E0000
|
heap
|
page read and write
|
||
|
7CA0000
|
trusted library allocation
|
page read and write
|
||
|
14C000
|
stack
|
page read and write
|
||
|
449000
|
heap
|
page read and write
|
||
|
303C000
|
stack
|
page read and write
|
||
|
8700000
|
trusted library allocation
|
page read and write
|
||
|
140001000
|
unkown
|
page execute read
|
||
|
878E000
|
stack
|
page read and write
|
||
|
546D000
|
trusted library allocation
|
page read and write
|
||
|
7FFD944D4000
|
unkown
|
page write copy
|
||
|
7FF72D5C8000
|
unkown
|
page readonly
|
||
|
554F000
|
trusted library allocation
|
page read and write
|
||
|
7A87000
|
trusted library allocation
|
page read and write
|
||
|
79CF000
|
heap
|
page read and write
|
||
|
7A80000
|
trusted library allocation
|
page read and write
|
||
|
741E000
|
stack
|
page read and write
|
||
|
87A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7BF0000
|
trusted library allocation
|
page read and write
|
||
|
7A60000
|
trusted library allocation
|
page read and write
|
||
|
140013000
|
unkown
|
page readonly
|
||
|
749A000
|
stack
|
page read and write
|
||
|
739B000
|
stack
|
page read and write
|
||
|
80F000
|
stack
|
page read and write
|
||
|
7A0F000
|
heap
|
page read and write
|
||
|
86F0000
|
trusted library allocation
|
page read and write
|
||
|
726E000
|
stack
|
page read and write
|
||
|
3540000
|
trusted library allocation
|
page execute and read and write
|
||
|
79A8000
|
heap
|
page read and write
|
||
|
7A67000
|
trusted library allocation
|
page read and write
|
||
|
87F0000
|
trusted library allocation
|
page read and write
|
||
|
3465000
|
trusted library allocation
|
page execute and read and write
|
||
|
7940000
|
heap
|
page read and write
|
||
|
14001B000
|
unkown
|
page readonly
|
||
|
7C10000
|
trusted library allocation
|
page read and write
|
||
|
75B0000
|
heap
|
page read and write
|
||
|
7FFDAC120000
|
unkown
|
page readonly
|
||
|
3462000
|
trusted library allocation
|
page read and write
|
||
|
7C30000
|
trusted library allocation
|
page read and write
|
||
|
7A14000
|
heap
|
page read and write
|
||
|
3419000
|
heap
|
page read and write
|
||
|
5252000
|
trusted library allocation
|
page read and write
|
||
|
86C0000
|
heap
|
page read and write
|
||
|
333D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7CB0000
|
trusted library allocation
|
page read and write
|
||
|
4E5E000
|
stack
|
page read and write
|
||
|
7FF72D5C8000
|
unkown
|
page readonly
|
||
|
4EA0000
|
heap
|
page read and write
|
||
|
33E0000
|
heap
|
page read and write
|
||
|
61F9000
|
trusted library allocation
|
page read and write
|
||
|
8790000
|
heap
|
page read and write
|
||
|
7A90000
|
trusted library allocation
|
page read and write
|
||
|
3510000
|
heap
|
page readonly
|
||
|
79B7000
|
heap
|
page read and write
|
||
|
4D7D000
|
stack
|
page read and write
|
||
|
874D000
|
stack
|
page read and write
|
||
|
7C80000
|
trusted library allocation
|
page read and write
|
||
|
3460000
|
trusted library allocation
|
page read and write
|
||
|
7FF72D5CD000
|
unkown
|
page readonly
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
3378000
|
heap
|
page read and write
|
||
|
7C40000
|
trusted library allocation
|
page read and write
|
||
|
440000
|
heap
|
page read and write
|
||
|
7FF72D5CC000
|
unkown
|
page write copy
|
||
|
8CD6B7F000
|
stack
|
page read and write
|
||
|
3440000
|
trusted library allocation
|
page read and write
|
||
|
722E000
|
stack
|
page read and write
|
||
|
1FF0AB00000
|
heap
|
page read and write
|
||
|
325F000
|
stack
|
page read and write
|
||
|
180479000
|
unkown
|
page readonly
|
||
|
3330000
|
trusted library allocation
|
page read and write
|
||
|
7A0C000
|
heap
|
page read and write
|
||
|
1FF0AB0B000
|
heap
|
page read and write
|
||
|
3528000
|
trusted library allocation
|
page read and write
|
||
|
55E2000
|
trusted library allocation
|
page read and write
|
||
|
79EA000
|
heap
|
page read and write
|
||
|
745D000
|
stack
|
page read and write
|
||
|
7CE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7C60000
|
trusted library allocation
|
page read and write
|
||
|
3340000
|
heap
|
page read and write
|
||
|
8CD6CFE000
|
stack
|
page read and write
|
||
|
3334000
|
trusted library allocation
|
page read and write
|
||
|
14001A000
|
unkown
|
page write copy
|
||
|
32E0000
|
heap
|
page read and write
|
||
|
321E000
|
stack
|
page read and write
|
||
|
70E000
|
stack
|
page read and write
|
||
|
7C50000
|
trusted library allocation
|
page read and write
|
||
|
7AE0000
|
trusted library allocation
|
page read and write
|
||
|
74DE000
|
stack
|
page read and write
|
||
|
759B000
|
stack
|
page read and write
|
||
|
7C70000
|
trusted library allocation
|
page read and write
|
||
|
1802BB000
|
unkown
|
page read and write
|
||
|
7AD5000
|
trusted library allocation
|
page read and write
|
||
|
7FFDAC132000
|
unkown
|
page readonly
|
||
|
4E10000
|
heap
|
page read and write
|
||
|
1802BD000
|
unkown
|
page readonly
|
||
|
4E0E000
|
stack
|
page read and write
|
||
|
796D000
|
heap
|
page read and write
|
||
|
7B2E000
|
stack
|
page read and write
|
||
|
774E000
|
stack
|
page read and write
|
||
|
14001B000
|
unkown
|
page readonly
|
||
|
5654000
|
trusted library allocation
|
page read and write
|
||
|
7280000
|
heap
|
page execute and read and write
|
||
|
755E000
|
stack
|
page read and write
|
||
|
7FFD94450000
|
unkown
|
page readonly
|
||
|
7FFD944A5000
|
unkown
|
page read and write
|
||
|
778E000
|
stack
|
page read and write
|
||
|
7FF72D5C1000
|
unkown
|
page execute read
|
||
|
7285000
|
heap
|
page execute and read and write
|
||
|
7FF72D5C0000
|
unkown
|
page readonly
|
||
|
4D3C000
|
stack
|
page read and write
|
||
|
7A70000
|
trusted library allocation
|
page read and write
|
||
|
32DF000
|
stack
|
page read and write
|
||
|
77CE000
|
stack
|
page read and write
|
||
|
180429000
|
unkown
|
page write copy
|
||
|
180428000
|
unkown
|
page read and write
|
||
|
7FF72D5C1000
|
unkown
|
page execute read
|
||
|
3333000
|
trusted library allocation
|
page execute and read and write
|
||
|
8CD67BD000
|
stack
|
page read and write
|
||
|
31D6000
|
heap
|
page read and write
|
||
|
7BED000
|
stack
|
page read and write
|
||
|
1B0000
|
heap
|
page read and write
|
||
|
7FFDAC137000
|
unkown
|
page readonly
|
||
|
5B64000
|
trusted library allocation
|
page read and write
|
There are 186 hidden memdumps, click here to show them.