Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
1944b321.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: MPK_EM, Author: Mipko, Keywords: Installer, Comments: This installer database contains the logic and data
required to install MPK_EM., Template: Intel;1033, Revision Number: {13B3FD70-0ECC-42BA-8BCE-4711A2312FB6}, Create Time/Date:
Wed Feb 18 13:48:52 2015, Last Saved Time/Date: Wed Feb 18 13:48:52 2015, Number of Pages: 300, Number of Words: 2, Name of
Creating Application: Windows Installer XML (3.7.1224.0), Security: 2
|
initial sample
|
 |
|
|
C:\ProgramData\MPK\MPK.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\MPK\MPK.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\MPK\MPK64.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\MPK\MPKInst.exe (copy)
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\MPK\MpkHCA.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\MPK\MpkL64.exe (copy)
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\MPK\Vorbis.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\MPK\is-3LL6A.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\MPK\is-5U9RI.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\MPK\is-7IT87.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\MPK\is-89R70.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\MPK\is-9EF5L.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\MPK\is-BV3PJ.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\MPK\is-EQREG.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\MPK\is-GH6IU.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\MPK\is-H68I0.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\MPK\is-I4L15.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\MPK\is-M13BC.tmp
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\MPK\is-NK5I1.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\MPK\is-RJO8C.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\MPK\is-SUMV4.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\MPK\is-URL53.tmp
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\MPK\libeay32.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\MPK\lsynchost.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\MPK\mpk_emni_mpk.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\MPK\ogg.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\MPK\ssleay32.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\MPK\unins000.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\MPK\vorbisenc.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\MPK\vorbisfile.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\MPK\zlib1.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-EVFO2.tmp\mpk_emni_mpk.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-TDMRE.tmp\_isetup\_isdecmp.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-TDMRE.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\SysWOW64\inspect.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Windows\SysWOW64\is-ARHTI.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Config.Msi\4e7f66.rbs
|
data
|
dropped
|
||
|
C:\ProgramData\MPK\cinfo.bin (copy)
|
PEM certificate
|
dropped
|
||
|
C:\ProgramData\MPK\is-HFVOH.tmp
|
PEM certificate
|
dropped
|
||
|
C:\ProgramData\MPK\is-JS61I.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\MPK\is-LNEHG.tmp
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\MPK\mpk_em_log.txt
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\MPK\sqlite3.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\MPK\trial_net.ini (copy)
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\MPK\unins000.dat
|
InnoSetup Log 64-bit Employee Monitor, version 0x418, 36285 bytes, 783875\37\SYSTEM\37, C:\ProgramData\MPK\376\377\377\007
\0
|
dropped
|
||
|
C:\ProgramData\MPK\unins000.msg
|
InnoSetup messages, version 5.5.3, 221 messages (UTF-16), &\036 ?@>3@0<<5...
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-TDMRE.tmp\_isetup\_shfoldr.dll
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\4e7f65.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: MPK_EM, Author: Mipko, Keywords: Installer, Comments: This installer database contains the logic and data
required to install MPK_EM., Template: Intel;1033, Revision Number: {13B3FD70-0ECC-42BA-8BCE-4711A2312FB6}, Create Time/Date:
Wed Feb 18 13:48:52 2015, Last Saved Time/Date: Wed Feb 18 13:48:52 2015, Number of Pages: 300, Number of Words: 2, Name of
Creating Application: Windows Installer XML (3.7.1224.0), Security: 2
|
dropped
|
||
|
C:\Windows\Installer\4e7f67.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: MPK_EM, Author: Mipko, Keywords: Installer, Comments: This installer database contains the logic and data
required to install MPK_EM., Template: Intel;1033, Revision Number: {13B3FD70-0ECC-42BA-8BCE-4711A2312FB6}, Create Time/Date:
Wed Feb 18 13:48:52 2015, Last Saved Time/Date: Wed Feb 18 13:48:52 2015, Number of Pages: 300, Number of Words: 2, Name of
Creating Application: Windows Installer XML (3.7.1224.0), Security: 2
|
dropped
|
||
|
C:\Windows\Installer\MSI83EA.tmp
|
data
|
dropped
|
||
|
C:\Windows\Installer\SourceHash{9EBEE94E-B80E-4DDF-961B-A35BE6877C22}
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Installer\inprogressinstallinfo.ipi
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\~DF13A8E2FACE6496FD.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF1C4FEAA2E3A3C744.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF292CF65E628468E7.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF351EF6164E266DEF.TMP
|
data
|
modified
|
||
|
C:\Windows\Temp\~DF39DD0387BB6EF8BA.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF41B79A2990E59A2A.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF6B24AE1C4385ECB6.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF8CD3A19676C97F67.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DFAFB44D2E754922C2.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DFBB43AE07B76BD267.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DFCF6D3EA99DEBE3A6.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DFEDA63B10F1214E09.TMP
|
data
|
dropped
|
||
|
\Device\ConDrv
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 57 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\ProgramData\MPK\mpk_emni_mpk.exe
|
"C:\ProgramData\MPK\mpk_emni_mpk.exe" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SDIR "C:\Users\user\Desktop\" /LOG="C:\ProgramData\MPK\mpk_em_log.txt"
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-EVFO2.tmp\mpk_emni_mpk.tmp
|
"C:\Users\user\AppData\Local\Temp\is-EVFO2.tmp\mpk_emni_mpk.tmp" /SL5="$3049C,4852295,119296,C:\ProgramData\MPK\mpk_emni_mpk.exe"
/VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SDIR "C:\Users\user\Desktop\" /LOG="C:\ProgramData\MPK\mpk_em_log.txt"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\SysWOW64\cmd.exe" /c netsh advfirewall firewall add rule name="TCP\IP" dir=in action=allow program="C:\ProgramData\MPK\mpk.exe"
enable=yes
|
|
|
|
C:\Windows\SysWOW64\netsh.exe
|
netsh advfirewall firewall add rule name="TCP\IP" dir=in action=allow program="C:\ProgramData\MPK\mpk.exe" enable=yes
|
|
|
|
C:\Windows\System32\msiexec.exe
|
"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\1944b321.msi"
|
||
|
C:\Windows\System32\msiexec.exe
|
C:\Windows\system32\msiexec.exe /V
|
||
|
C:\Users\user\AppData\Local\Temp\is-TDMRE.tmp\_isetup\_setup64.tmp
|
helper 105 0x3DC
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\ProgramData\MPK\MPKInst.exe
|
"C:\ProgramData\MPK\MPKInst.exe" /i /dr /cp
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\ProgramData\MPK\lsynchost.exe
|
c:\programdata\mpk\\lsynchost.exe /install /silent
|
||
|
C:\ProgramData\MPK\lsynchost.exe
|
c:\programdata\mpk\lsynchost.exe /startedbyscm:E4233B4F-40E3FE91-MPKService
|
||
|
C:\ProgramData\MPK\lsynchost.exe
|
"c:\programdata\mpk\lsynchost.exe" /runsrv
|
||
|
C:\ProgramData\MPK\lsynchost.exe
|
"c:\programdata\mpk\lsynchost.exe" /runsrv \MID:D
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
|
There are 6 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.dk-soft.org/0
|
unknown
|
||
|
http://www.innosetup.com/
|
unknown
|
||
|
http://www.openssl.org/support/faq.html....................rbwb.rndC:HOMERANDFILEPRNG
|
unknown
|
||
|
http://www.mipko.ru/
|
unknown
|
||
|
http://www.mipko.ru/register.php?reffrominfo=INSTALL&refverinfo=0
|
unknown
|
||
|
http://www.openssl.org/V
|
unknown
|
||
|
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
|
unknown
|
||
|
http://www.mipko.ru/uninstall.htm?reffrominfo=INSTALL&refverinfo=0
|
unknown
|
||
|
http://www.mipko.ru/helponline.php?reffrominfo=INSTALL&refverinfo=0q
|
unknown
|
||
|
http://www.mipko.ru/(http://www.mipko.ru/(http://www.mipko.ru/(
|
unknown
|
||
|
http://www.mipko.ru/uninstall.htm?reffrominfo=INSTALL&refverinfo=09
|
unknown
|
||
|
http://www.mipko.ru/1
|
unknown
|
||
|
http://www.mipko.ru/q
|
unknown
|
||
|
http://www.mipko.ru/$QuickHelpMainLabel
|
unknown
|
||
|
http://www.remobjects.com/ps
|
unknown
|
||
|
http://www.mipko.ru/helponline.php?reffrominfo=INSTALL&refverinfo=0
|
unknown
|
||
|
http://www.mipko.ru/helponline.php?reffrominfo=INSTALL&refverinfo=0a
|
unknown
|
||
|
http://www.openssl.org/support/faq.html
|
unknown
|
||
|
http://www.dk-soft.org/
|
unknown
|
||
|
http://www.mipko.ru/employee-monitor/tutorial-msi.php?reffrominfo=INSTALL&refverinfo=0
|
unknown
|
There are 10 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
|
C:\ProgramData\MPK\MPK.exe
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
|
Userinit
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
|
Blob
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Config.Msi\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\4e7f66.rbs
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\4e7f66.rbsLow
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\406CFF9F5EC225240B13432233293D4E
|
E49EEBE9E08BFDD469B13AB56E78C722
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0B342EB26A3314A47B72075294633D0E
|
E49EEBE9E08BFDD469B13AB56E78C722
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\ProgramData\MPK\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E49EEBE9E08BFDD469B13AB56E78C722\InstallProperties
|
LocalPackage
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E49EEBE9E08BFDD469B13AB56E78C722\InstallProperties
|
AuthorizedCDFPrefix
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E49EEBE9E08BFDD469B13AB56E78C722\InstallProperties
|
Comments
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E49EEBE9E08BFDD469B13AB56E78C722\InstallProperties
|
Contact
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E49EEBE9E08BFDD469B13AB56E78C722\InstallProperties
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E49EEBE9E08BFDD469B13AB56E78C722\InstallProperties
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E49EEBE9E08BFDD469B13AB56E78C722\InstallProperties
|
HelpTelephone
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E49EEBE9E08BFDD469B13AB56E78C722\InstallProperties
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E49EEBE9E08BFDD469B13AB56E78C722\InstallProperties
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E49EEBE9E08BFDD469B13AB56E78C722\InstallProperties
|
InstallSource
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E49EEBE9E08BFDD469B13AB56E78C722\InstallProperties
|
ModifyPath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E49EEBE9E08BFDD469B13AB56E78C722\InstallProperties
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E49EEBE9E08BFDD469B13AB56E78C722\InstallProperties
|
Readme
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E49EEBE9E08BFDD469B13AB56E78C722\InstallProperties
|
Size
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E49EEBE9E08BFDD469B13AB56E78C722\InstallProperties
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E49EEBE9E08BFDD469B13AB56E78C722\InstallProperties
|
SystemComponent
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E49EEBE9E08BFDD469B13AB56E78C722\InstallProperties
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E49EEBE9E08BFDD469B13AB56E78C722\InstallProperties
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E49EEBE9E08BFDD469B13AB56E78C722\InstallProperties
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E49EEBE9E08BFDD469B13AB56E78C722\InstallProperties
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E49EEBE9E08BFDD469B13AB56E78C722\InstallProperties
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E49EEBE9E08BFDD469B13AB56E78C722\InstallProperties
|
WindowsInstaller
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E49EEBE9E08BFDD469B13AB56E78C722\InstallProperties
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E49EEBE9E08BFDD469B13AB56E78C722\InstallProperties
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9EBEE94E-B80E-4DDF-961B-A35BE6877C22}
|
AuthorizedCDFPrefix
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9EBEE94E-B80E-4DDF-961B-A35BE6877C22}
|
Comments
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9EBEE94E-B80E-4DDF-961B-A35BE6877C22}
|
Contact
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9EBEE94E-B80E-4DDF-961B-A35BE6877C22}
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9EBEE94E-B80E-4DDF-961B-A35BE6877C22}
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9EBEE94E-B80E-4DDF-961B-A35BE6877C22}
|
HelpTelephone
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9EBEE94E-B80E-4DDF-961B-A35BE6877C22}
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9EBEE94E-B80E-4DDF-961B-A35BE6877C22}
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9EBEE94E-B80E-4DDF-961B-A35BE6877C22}
|
InstallSource
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9EBEE94E-B80E-4DDF-961B-A35BE6877C22}
|
ModifyPath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9EBEE94E-B80E-4DDF-961B-A35BE6877C22}
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9EBEE94E-B80E-4DDF-961B-A35BE6877C22}
|
Readme
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9EBEE94E-B80E-4DDF-961B-A35BE6877C22}
|
Size
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9EBEE94E-B80E-4DDF-961B-A35BE6877C22}
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9EBEE94E-B80E-4DDF-961B-A35BE6877C22}
|
SystemComponent
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9EBEE94E-B80E-4DDF-961B-A35BE6877C22}
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9EBEE94E-B80E-4DDF-961B-A35BE6877C22}
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9EBEE94E-B80E-4DDF-961B-A35BE6877C22}
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9EBEE94E-B80E-4DDF-961B-A35BE6877C22}
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9EBEE94E-B80E-4DDF-961B-A35BE6877C22}
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9EBEE94E-B80E-4DDF-961B-A35BE6877C22}
|
WindowsInstaller
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9EBEE94E-B80E-4DDF-961B-A35BE6877C22}
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9EBEE94E-B80E-4DDF-961B-A35BE6877C22}
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\78C760E3B6F1253459D37C4CA985F018
|
E49EEBE9E08BFDD469B13AB56E78C722
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E49EEBE9E08BFDD469B13AB56E78C722\InstallProperties
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9EBEE94E-B80E-4DDF-961B-A35BE6877C22}
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\E49EEBE9E08BFDD469B13AB56E78C722
|
MainApplication
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E49EEBE9E08BFDD469B13AB56E78C722\Features
|
MainApplication
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E49EEBE9E08BFDD469B13AB56E78C722\Patches
|
AllPatches
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E49EEBE9E08BFDD469B13AB56E78C722
|
ProductName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E49EEBE9E08BFDD469B13AB56E78C722
|
PackageCode
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E49EEBE9E08BFDD469B13AB56E78C722
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E49EEBE9E08BFDD469B13AB56E78C722
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E49EEBE9E08BFDD469B13AB56E78C722
|
Assignment
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E49EEBE9E08BFDD469B13AB56E78C722
|
AdvertiseFlags
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E49EEBE9E08BFDD469B13AB56E78C722
|
InstanceType
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E49EEBE9E08BFDD469B13AB56E78C722
|
AuthorizedLUAApp
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E49EEBE9E08BFDD469B13AB56E78C722
|
DeploymentFlags
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\78C760E3B6F1253459D37C4CA985F018
|
E49EEBE9E08BFDD469B13AB56E78C722
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E49EEBE9E08BFDD469B13AB56E78C722\SourceList
|
PackageName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E49EEBE9E08BFDD469B13AB56E78C722\SourceList\Net
|
1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E49EEBE9E08BFDD469B13AB56E78C722\SourceList\Media
|
1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E49EEBE9E08BFDD469B13AB56E78C722
|
Clients
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E49EEBE9E08BFDD469B13AB56E78C722\SourceList
|
LastUsedSource
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings
|
StringCacheGeneration
|
||
|
HKEY_USERS.DEFAULT\Software\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_USERS.DEFAULT\Software\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_USERS.DEFAULT\Software\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_USERS.DEFAULT\Software\Microsoft\RestartManager\Session0000
|
RegFiles0000
|
||
|
HKEY_USERS.DEFAULT\Software\Microsoft\RestartManager\Session0000
|
RegFilesHash
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\SysProcs
|
Mpk.exe
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\SysProcs
|
MpkL64.exe
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
|
LocalAccountTokenFilterPolicy
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Environment
|
Path
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceGroupOrder
|
List
|
There are 84 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1F6B47F0000
|
trusted library allocation
|
page read and write
|
||
|
23BB000
|
direct allocation
|
page read and write
|
||
|
23EA000
|
direct allocation
|
page read and write
|
||
|
4C6000
|
heap
|
page read and write
|
||
|
2990000
|
direct allocation
|
page read and write
|
||
|
73E000
|
stack
|
page read and write
|
||
|
94F000
|
stack
|
page read and write
|
||
|
745000
|
heap
|
page read and write
|
||
|
2193000
|
direct allocation
|
page read and write
|
||
|
F7D000
|
direct allocation
|
page read and write
|
||
|
F7C000
|
direct allocation
|
page read and write
|
||
|
223A000
|
direct allocation
|
page read and write
|
||
|
546000
|
unkown
|
page write copy
|
||
|
670000
|
heap
|
page read and write
|
||
|
F8B000
|
direct allocation
|
page read and write
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
1F6B4800000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
10E9000
|
direct allocation
|
page read and write
|
||
|
53BC000
|
stack
|
page read and write
|
||
|
709000
|
heap
|
page read and write
|
||
|
23DF000
|
direct allocation
|
page read and write
|
||
|
21B1000
|
direct allocation
|
page read and write
|
||
|
140000000
|
unkown
|
page readonly
|
||
|
1F6B4902000
|
heap
|
page read and write
|
||
|
21F8000
|
direct allocation
|
page read and write
|
||
|
109E000
|
stack
|
page read and write
|
||
|
B3F000
|
stack
|
page read and write
|
||
|
1074000
|
direct allocation
|
page read and write
|
||
|
23D8000
|
direct allocation
|
page read and write
|
||
|
2491000
|
direct allocation
|
page read and write
|
||
|
4CC000
|
heap
|
page read and write
|
||
|
1F6B5002000
|
trusted library allocation
|
page read and write
|
||
|
1140000
|
heap
|
page read and write
|
||
|
622000
|
heap
|
page read and write
|
||
|
1A2E000
|
stack
|
page read and write
|
||
|
1083000
|
direct allocation
|
page read and write
|
||
|
72F000
|
heap
|
page read and write
|
||
|
F3D000
|
direct allocation
|
page read and write
|
||
|
55E000
|
unkown
|
page write copy
|
||
|
21A1000
|
direct allocation
|
page read and write
|
||
|
2311000
|
direct allocation
|
page read and write
|
||
|
2A81000
|
heap
|
page read and write
|
||
|
23C2000
|
direct allocation
|
page read and write
|
||
|
73A000
|
heap
|
page read and write
|
||
|
13F0000
|
heap
|
page read and write
|
||
|
553000
|
unkown
|
page read and write
|
||
|
2176000
|
direct allocation
|
page read and write
|
||
|
2370000
|
direct allocation
|
page read and write
|
||
|
18F000
|
stack
|
page read and write
|
||
|
30AE000
|
stack
|
page read and write
|
||
|
527E000
|
stack
|
page read and write
|
||
|
670000
|
heap
|
page read and write
|
||
|
F51000
|
direct allocation
|
page read and write
|
||
|
140025000
|
unkown
|
page readonly
|
||
|
22BB000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2418000
|
direct allocation
|
page read and write
|
||
|
1F6B46C0000
|
heap
|
page read and write
|
||
|
1F6B46E0000
|
heap
|
page read and write
|
||
|
553000
|
unkown
|
page read and write
|
||
|
F85000
|
direct allocation
|
page read and write
|
||
|
FBF000
|
direct allocation
|
page read and write
|
||
|
548000
|
unkown
|
page read and write
|
||
|
F75000
|
direct allocation
|
page read and write
|
||
|
6BE000
|
stack
|
page read and write
|
||
|
2483000
|
direct allocation
|
page read and write
|
||
|
6AA000
|
heap
|
page read and write
|
||
|
FF1000
|
direct allocation
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
F16000
|
direct allocation
|
page read and write
|
||
|
2361000
|
direct allocation
|
page read and write
|
||
|
78F000
|
stack
|
page read and write
|
||
|
21B0000
|
heap
|
page read and write
|
||
|
1F6B4813000
|
heap
|
page read and write
|
||
|
230A000
|
direct allocation
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
178E000
|
stack
|
page read and write
|
||
|
608000
|
heap
|
page read and write
|
||
|
FD3000
|
direct allocation
|
page read and write
|
||
|
1B2F000
|
stack
|
page read and write
|
||
|
2FAE000
|
stack
|
page read and write
|
||
|
245F000
|
direct allocation
|
page read and write
|
||
|
6FB000
|
heap
|
page read and write
|
||
|
2CAD000
|
direct allocation
|
page read and write
|
||
|
E90000
|
direct allocation
|
page execute and read and write
|
||
|
2388000
|
direct allocation
|
page read and write
|
||
|
22C9000
|
direct allocation
|
page read and write
|
||
|
F61000
|
direct allocation
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
222C000
|
direct allocation
|
page read and write
|
||
|
F92000
|
direct allocation
|
page read and write
|
||
|
2870000
|
heap
|
page read and write
|
||
|
29A0000
|
direct allocation
|
page read and write
|
||
|
2DE2000
|
heap
|
page read and write
|
||
|
5CE000
|
stack
|
page read and write
|
||
|
29A0000
|
direct allocation
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
FA9000
|
direct allocation
|
page read and write
|
||
|
2233000
|
direct allocation
|
page read and write
|
||
|
2358000
|
direct allocation
|
page read and write
|
||
|
228B000
|
direct allocation
|
page read and write
|
||
|
62D000
|
heap
|
page read and write
|
||
|
2241000
|
direct allocation
|
page read and write
|
||
|
2990000
|
direct allocation
|
page read and write
|
||
|
22F4000
|
direct allocation
|
page read and write
|
||
|
FCC000
|
direct allocation
|
page read and write
|
||
|
FE3000
|
direct allocation
|
page read and write
|
||
|
2368000
|
direct allocation
|
page read and write
|
||
|
504000
|
unkown
|
page read and write
|
||
|
F94000
|
direct allocation
|
page read and write
|
||
|
2403000
|
direct allocation
|
page read and write
|
||
|
207E000
|
stack
|
page read and write
|
||
|
248A000
|
direct allocation
|
page read and write
|
||
|
2159000
|
direct allocation
|
page read and write
|
||
|
2396000
|
direct allocation
|
page read and write
|
||
|
1F6B4802000
|
heap
|
page read and write
|
||
|
86A000
|
heap
|
page read and write
|
||
|
21B8000
|
direct allocation
|
page read and write
|
||
|
14D000
|
stack
|
page read and write
|
||
|
21C0000
|
direct allocation
|
page execute and read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
FBD000
|
direct allocation
|
page read and write
|
||
|
2D60000
|
heap
|
page read and write
|
||
|
79BFE7B000
|
stack
|
page read and write
|
||
|
1A0F000
|
stack
|
page read and write
|
||
|
23B4000
|
direct allocation
|
page read and write
|
||
|
718000
|
heap
|
page read and write
|
||
|
224A000
|
direct allocation
|
page read and write
|
||
|
F76000
|
direct allocation
|
page read and write
|
||
|
558000
|
unkown
|
page readonly
|
||
|
770000
|
heap
|
page read and write
|
||
|
850000
|
direct allocation
|
page execute and read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
518000
|
unkown
|
page readonly
|
||
|
2184000
|
direct allocation
|
page read and write
|
||
|
6DF000
|
heap
|
page read and write
|
||
|
2284000
|
direct allocation
|
page read and write
|
||
|
67E000
|
heap
|
page read and write
|
||
|
54F000
|
unkown
|
page read and write
|
||
|
555000
|
unkown
|
page read and write
|
||
|
F52000
|
direct allocation
|
page read and write
|
||
|
2C3D000
|
direct allocation
|
page read and write
|
||
|
6E8000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
1092000
|
direct allocation
|
page read and write
|
||
|
219A000
|
direct allocation
|
page read and write
|
||
|
511000
|
unkown
|
page readonly
|
||
|
F34000
|
direct allocation
|
page read and write
|
||
|
F68000
|
direct allocation
|
page read and write
|
||
|
2303000
|
direct allocation
|
page read and write
|
||
|
21D5000
|
direct allocation
|
page read and write
|
||
|
108B000
|
direct allocation
|
page read and write
|
||
|
FB8000
|
direct allocation
|
page read and write
|
||
|
220F000
|
direct allocation
|
page read and write
|
||
|
21EB000
|
direct allocation
|
page read and write
|
||
|
2450000
|
direct allocation
|
page read and write
|
||
|
8FF000
|
stack
|
page read and write
|
||
|
22AC000
|
direct allocation
|
page read and write
|
||
|
190000
|
heap
|
page read and write
|
||
|
E90000
|
direct allocation
|
page execute and read and write
|
||
|
1210000
|
heap
|
page read and write
|
||
|
21BF000
|
direct allocation
|
page read and write
|
||
|
50B000
|
unkown
|
page read and write
|
||
|
23C9000
|
direct allocation
|
page read and write
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
6AE000
|
stack
|
page read and write
|
||
|
2920000
|
heap
|
page read and write
|
||
|
793000
|
heap
|
page read and write
|
||
|
10CC000
|
direct allocation
|
page read and write
|
||
|
FE8000
|
direct allocation
|
page read and write
|
||
|
21A8000
|
direct allocation
|
page read and write
|
||
|
2900000
|
heap
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
2613000
|
heap
|
page read and write
|
||
|
6ED000
|
heap
|
page read and write
|
||
|
10FF000
|
direct allocation
|
page read and write
|
||
|
1600000
|
heap
|
page read and write
|
||
|
23D0000
|
direct allocation
|
page read and write
|
||
|
15FC000
|
stack
|
page read and write
|
||
|
412000
|
unkown
|
page write copy
|
||
|
2224000
|
direct allocation
|
page read and write
|
||
|
1114000
|
direct allocation
|
page read and write
|
||
|
238F000
|
direct allocation
|
page read and write
|
||
|
23ED000
|
direct allocation
|
page read and write
|
||
|
23FC000
|
direct allocation
|
page read and write
|
||
|
22FC000
|
direct allocation
|
page read and write
|
||
|
189E000
|
stack
|
page read and write
|
||
|
840000
|
heap
|
page read and write
|
||
|
2216000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
412000
|
unkown
|
page read and write
|
||
|
419000
|
unkown
|
page write copy
|
||
|
240A000
|
direct allocation
|
page read and write
|
||
|
247C000
|
direct allocation
|
page read and write
|
||
|
79C04FE000
|
unkown
|
page readonly
|
||
|
740000
|
heap
|
page read and write
|
||
|
84A000
|
heap
|
page read and write
|
||
|
79C08FE000
|
unkown
|
page readonly
|
||
|
107C000
|
direct allocation
|
page read and write
|
||
|
F2D000
|
direct allocation
|
page read and write
|
||
|
2251000
|
direct allocation
|
page read and write
|
||
|
FD4000
|
direct allocation
|
page read and write
|
||
|
416000
|
unkown
|
page execute read
|
||
|
86F000
|
stack
|
page read and write
|
||
|
2226000
|
direct allocation
|
page read and write
|
||
|
F6D000
|
direct allocation
|
page read and write
|
||
|
562000
|
unkown
|
page read and write
|
||
|
55C000
|
unkown
|
page read and write
|
||
|
236B000
|
direct allocation
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
2200000
|
direct allocation
|
page read and write
|
||
|
21C6000
|
direct allocation
|
page read and write
|
||
|
6F6000
|
heap
|
page read and write
|
||
|
2243000
|
direct allocation
|
page read and write
|
||
|
745000
|
heap
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
EFC000
|
direct allocation
|
page read and write
|
||
|
6B0000
|
heap
|
page read and write
|
||
|
2318000
|
direct allocation
|
page read and write
|
||
|
6AE000
|
heap
|
page read and write
|
||
|
242C000
|
direct allocation
|
page read and write
|
||
|
4C9000
|
heap
|
page read and write
|
||
|
724000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2381000
|
direct allocation
|
page read and write
|
||
|
51D000
|
unkown
|
page readonly
|
||
|
140001000
|
unkown
|
page execute read
|
||
|
23F9000
|
direct allocation
|
page read and write
|
||
|
246D000
|
direct allocation
|
page read and write
|
||
|
F44000
|
direct allocation
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
140001000
|
unkown
|
page execute read
|
||
|
2209000
|
direct allocation
|
page read and write
|
||
|
2458000
|
direct allocation
|
page read and write
|
||
|
10E2000
|
direct allocation
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
79C03FE000
|
stack
|
page read and write
|
||
|
10B6000
|
direct allocation
|
page read and write
|
||
|
75C000
|
heap
|
page read and write
|
||
|
2DE2000
|
heap
|
page read and write
|
||
|
75F000
|
heap
|
page read and write
|
||
|
F06000
|
direct allocation
|
page read and write
|
||
|
FF0000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
6E7000
|
heap
|
page read and write
|
||
|
6E2000
|
heap
|
page read and write
|
||
|
22E6000
|
direct allocation
|
page read and write
|
||
|
F42000
|
direct allocation
|
page read and write
|
||
|
2408000
|
direct allocation
|
page read and write
|
||
|
F3B000
|
direct allocation
|
page read and write
|
||
|
239D000
|
direct allocation
|
page read and write
|
||
|
FCD000
|
direct allocation
|
page read and write
|
||
|
500000
|
unkown
|
page write copy
|
||
|
7FE41000
|
direct allocation
|
page read and write
|
||
|
2C8C000
|
direct allocation
|
page read and write
|
||
|
2D20000
|
heap
|
page read and write
|
||
|
79C07FC000
|
stack
|
page read and write
|
||
|
217F000
|
stack
|
page read and write
|
||
|
140002000
|
unkown
|
page readonly
|
||
|
6F4000
|
heap
|
page read and write
|
||
|
553000
|
unkown
|
page read and write
|
||
|
7FE000
|
stack
|
page read and write
|
||
|
10F0000
|
direct allocation
|
page read and write
|
||
|
F0C000
|
direct allocation
|
page read and write
|
||
|
5CE000
|
stack
|
page read and write
|
||
|
417000
|
unkown
|
page read and write
|
||
|
96000
|
stack
|
page read and write
|
||
|
2C80000
|
direct allocation
|
page read and write
|
||
|
13ED000
|
stack
|
page read and write
|
||
|
22C2000
|
direct allocation
|
page read and write
|
||
|
140013000
|
unkown
|
page read and write
|
||
|
2152000
|
direct allocation
|
page read and write
|
||
|
2466000
|
direct allocation
|
page read and write
|
||
|
73B000
|
heap
|
page read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
772000
|
heap
|
page read and write
|
||
|
500000
|
unkown
|
page read and write
|
||
|
F03000
|
direct allocation
|
page read and write
|
||
|
223B000
|
direct allocation
|
page read and write
|
||
|
10A8000
|
direct allocation
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
22DF000
|
direct allocation
|
page read and write
|
||
|
2210000
|
direct allocation
|
page read and write
|
||
|
A3F000
|
stack
|
page read and write
|
||
|
21D5000
|
heap
|
page read and write
|
||
|
10A1000
|
direct allocation
|
page read and write
|
||
|
FEA000
|
direct allocation
|
page read and write
|
||
|
2401000
|
direct allocation
|
page read and write
|
||
|
6EE000
|
stack
|
page read and write
|
||
|
76C000
|
heap
|
page read and write
|
||
|
6F4000
|
heap
|
page read and write
|
||
|
10F8000
|
direct allocation
|
page read and write
|
||
|
2248000
|
direct allocation
|
page read and write
|
||
|
2217000
|
direct allocation
|
page read and write
|
||
|
55C000
|
unkown
|
page read and write
|
||
|
6D9000
|
heap
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
F49000
|
direct allocation
|
page read and write
|
||
|
551000
|
unkown
|
page write copy
|
||
|
9A000
|
stack
|
page read and write
|
||
|
112A000
|
direct allocation
|
page read and write
|
||
|
2299000
|
direct allocation
|
page read and write
|
||
|
29B4000
|
direct allocation
|
page read and write
|
||
|
F84000
|
direct allocation
|
page read and write
|
||
|
416000
|
unkown
|
page execute read
|
||
|
FDA000
|
direct allocation
|
page read and write
|
||
|
1131000
|
direct allocation
|
page read and write
|
||
|
F66000
|
direct allocation
|
page read and write
|
||
|
F99000
|
direct allocation
|
page read and write
|
||
|
217D000
|
direct allocation
|
page read and write
|
||
|
22D8000
|
direct allocation
|
page read and write
|
||
|
FAF000
|
direct allocation
|
page read and write
|
||
|
2449000
|
direct allocation
|
page read and write
|
||
|
75C000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2498000
|
direct allocation
|
page read and write
|
||
|
635000
|
heap
|
page read and write
|
||
|
715000
|
heap
|
page read and write
|
||
|
555000
|
unkown
|
page read and write
|
||
|
780000
|
direct allocation
|
page execute and read and write
|
||
|
772000
|
heap
|
page read and write
|
||
|
2C96000
|
direct allocation
|
page read and write
|
||
|
2390000
|
direct allocation
|
page read and write
|
||
|
F1C000
|
direct allocation
|
page read and write
|
||
|
660000
|
heap
|
page read and write
|
||
|
555000
|
unkown
|
page read and write
|
||
|
FA2000
|
direct allocation
|
page read and write
|
||
|
23A5000
|
direct allocation
|
page read and write
|
||
|
2258000
|
direct allocation
|
page read and write
|
||
|
67A000
|
heap
|
page read and write
|
||
|
41C000
|
unkown
|
page readonly
|
||
|
1106000
|
direct allocation
|
page read and write
|
||
|
1F6B482B000
|
heap
|
page read and write
|
||
|
FC4000
|
direct allocation
|
page read and write
|
||
|
F58000
|
direct allocation
|
page read and write
|
||
|
55C000
|
unkown
|
page read and write
|
||
|
556000
|
unkown
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
10DB000
|
direct allocation
|
page read and write
|
||
|
F05000
|
direct allocation
|
page read and write
|
||
|
750000
|
direct allocation
|
page execute and read and write
|
||
|
2474000
|
direct allocation
|
page read and write
|
||
|
F26000
|
direct allocation
|
page read and write
|
||
|
FA8000
|
direct allocation
|
page read and write
|
||
|
1010000
|
heap
|
page read and write
|
||
|
208F000
|
stack
|
page read and write
|
||
|
216F000
|
direct allocation
|
page read and write
|
||
|
23F4000
|
direct allocation
|
page read and write
|
||
|
FB6000
|
direct allocation
|
page read and write
|
||
|
23AC000
|
direct allocation
|
page read and write
|
||
|
23F2000
|
direct allocation
|
page read and write
|
||
|
7BF000
|
stack
|
page read and write
|
||
|
140025000
|
unkown
|
page readonly
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
2430000
|
heap
|
page read and write
|
||
|
1020000
|
heap
|
page read and write
|
||
|
1138000
|
direct allocation
|
page read and write
|
||
|
2442000
|
direct allocation
|
page read and write
|
||
|
2C71000
|
direct allocation
|
page read and write
|
||
|
222D000
|
direct allocation
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
6F8000
|
heap
|
page read and write
|
||
|
9A000
|
stack
|
page read and write
|
||
|
2411000
|
direct allocation
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
111C000
|
direct allocation
|
page read and write
|
||
|
2200000
|
direct allocation
|
page read and write
|
||
|
2610000
|
heap
|
page read and write
|
||
|
708000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
EB0000
|
heap
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
2168000
|
direct allocation
|
page read and write
|
||
|
470000
|
heap
|
page read and write
|
||
|
55C000
|
unkown
|
page read and write
|
||
|
89F000
|
stack
|
page read and write
|
||
|
21F9000
|
direct allocation
|
page read and write
|
||
|
229D000
|
direct allocation
|
page read and write
|
||
|
9EF000
|
stack
|
page read and write
|
||
|
6D9000
|
heap
|
page read and write
|
||
|
1123000
|
direct allocation
|
page read and write
|
||
|
2160000
|
direct allocation
|
page read and write
|
||
|
8EF000
|
stack
|
page read and write
|
||
|
6ED000
|
heap
|
page read and write
|
||
|
660000
|
heap
|
page read and write
|
||
|
54BD000
|
stack
|
page read and write
|
||
|
FA0000
|
direct allocation
|
page read and write
|
||
|
2292000
|
direct allocation
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
86E000
|
heap
|
page read and write
|
||
|
FB0000
|
direct allocation
|
page read and write
|
||
|
660000
|
heap
|
page read and write
|
||
|
2390000
|
direct allocation
|
page read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
79C01FD000
|
stack
|
page read and write
|
||
|
2183000
|
heap
|
page read and write
|
||
|
84E000
|
heap
|
page read and write
|
||
|
221D000
|
direct allocation
|
page read and write
|
||
|
22A5000
|
direct allocation
|
page read and write
|
||
|
10D4000
|
direct allocation
|
page read and write
|
||
|
508000
|
unkown
|
page read and write
|
||
|
6EB000
|
heap
|
page read and write
|
||
|
6AE000
|
stack
|
page read and write
|
||
|
21F2000
|
direct allocation
|
page read and write
|
||
|
2990000
|
heap
|
page read and write
|
||
|
A4F000
|
stack
|
page read and write
|
||
|
73F000
|
heap
|
page read and write
|
||
|
2290000
|
heap
|
page read and write
|
||
|
67E000
|
stack
|
page read and write
|
||
|
2378000
|
direct allocation
|
page read and write
|
||
|
2350000
|
heap
|
page read and write
|
||
|
FDC000
|
direct allocation
|
page read and write
|
||
|
6ED000
|
heap
|
page read and write
|
||
|
553000
|
unkown
|
page read and write
|
||
|
79C02FE000
|
unkown
|
page readonly
|
||
|
440000
|
heap
|
page read and write
|
||
|
FE1000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
F4B000
|
direct allocation
|
page read and write
|
||
|
F9B000
|
direct allocation
|
page read and write
|
||
|
140002000
|
unkown
|
page readonly
|
||
|
2C7C000
|
direct allocation
|
page read and write
|
||
|
2923000
|
heap
|
page read and write
|
||
|
22ED000
|
direct allocation
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
F8C000
|
direct allocation
|
page read and write
|
||
|
140000000
|
unkown
|
page readonly
|
||
|
1D0000
|
heap
|
page read and write
|
||
|
21DC000
|
direct allocation
|
page read and write
|
||
|
2416000
|
direct allocation
|
page read and write
|
||
|
6AE000
|
stack
|
page read and write
|
||
|
424000
|
unkown
|
page readonly
|
||
|
2434000
|
direct allocation
|
page read and write
|
||
|
78B000
|
heap
|
page read and write
|
||
|
79C05FE000
|
stack
|
page read and write
|
||
|
F24000
|
direct allocation
|
page read and write
|
||
|
79C06FE000
|
unkown
|
page readonly
|
||
|
1F6B47C0000
|
heap
|
page read and write
|
||
|
30EE000
|
stack
|
page read and write
|
||
|
2270000
|
direct allocation
|
page read and write
|
||
|
F35000
|
direct allocation
|
page read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2372000
|
direct allocation
|
page read and write
|
||
|
EF0000
|
heap
|
page read and write
|
||
|
546000
|
unkown
|
page read and write
|
||
|
F59000
|
direct allocation
|
page read and write
|
||
|
2180000
|
heap
|
page read and write
|
||
|
745000
|
heap
|
page read and write
|
||
|
840000
|
heap
|
page read and write
|
||
|
FF8000
|
direct allocation
|
page read and write
|
||
|
411000
|
unkown
|
page execute read
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
173E000
|
stack
|
page read and write
|
||
|
23E6000
|
direct allocation
|
page read and write
|
||
|
188E000
|
stack
|
page read and write
|
||
|
227D000
|
direct allocation
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
630000
|
heap
|
page read and write
|
||
|
A5F000
|
stack
|
page read and write
|
||
|
2A80000
|
heap
|
page read and write
|
||
|
50B000
|
unkown
|
page write copy
|
||
|
F2D000
|
direct allocation
|
page read and write
|
||
|
213A000
|
direct allocation
|
page read and write
|
||
|
553000
|
unkown
|
page write copy
|
||
|
31EF000
|
stack
|
page read and write
|
||
|
1099000
|
direct allocation
|
page read and write
|
||
|
110D000
|
direct allocation
|
page read and write
|
||
|
565000
|
unkown
|
page readonly
|
||
|
2DE2000
|
heap
|
page read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
6EE000
|
stack
|
page read and write
|
||
|
21E0000
|
direct allocation
|
page read and write
|
||
|
7FD30000
|
direct allocation
|
page read and write
|
||
|
2CA5000
|
direct allocation
|
page read and write
|
||
|
2351000
|
direct allocation
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
6DD000
|
heap
|
page read and write
|
||
|
555000
|
unkown
|
page write copy
|
||
|
FC6000
|
direct allocation
|
page read and write
|
||
|
1A0000
|
heap
|
page read and write
|
||
|
58E000
|
stack
|
page read and write
|
||
|
21D0000
|
heap
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
1F6B4841000
|
heap
|
page read and write
|
||
|
218B000
|
direct allocation
|
page read and write
|
||
|
86A000
|
heap
|
page read and write
|
||
|
24A5000
|
direct allocation
|
page read and write
|
||
|
221F000
|
direct allocation
|
page read and write
|
||
|
96F000
|
stack
|
page read and write
|
||
|
537F000
|
stack
|
page read and write
|
||
|
21CE000
|
direct allocation
|
page read and write
|
There are 483 hidden memdumps, click here to show them.