Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
R9GpVOQoR3.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252,
Revision Number: {4EC82513-0279-4313-850F-996E4FDD9AFE}, Number of Words: 10, Subject: Oovi Appc, Author: Yuwei Qusi, Name
of Creating Application: Oovi Appc, Template: x64;1033, Comments: This installer database contains the logic and data required
to install Oovi Appc., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Sun Nov 24 19:56:54
2024, Last Saved Time/Date: Sun Nov 24 19:56:54 2024, Last Printed: Sun Nov 24 19:56:54 2024, Number of Pages: 450
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Temp\msiADB3.txt
|
Unicode text, UTF-16, little-endian text, with no line terminators
|
dropped
|
 |
|
|
C:\Users\user\AppData\Local\Temp\pssADC5.ps1
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\scrADB4.ps1
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\libpkcs11-helper-1.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\libssl-3-x64.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\libwinpthread-1.dll
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\openvpn.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\vlc.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Installer\MSI6417.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Installer\MSI657F.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Installer\MSI65CF.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Installer\MSI661E.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Installer\MSI6738.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Installer\MSI834C.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Installer\MSIA2FB.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Installer\MSIA33A.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Installer\MSIAD4D.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Installer\MSIB703.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Config.Msi\6358a0.rbs
|
data
|
modified
|
||
|
C:\ProgramData\vlc.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0,
Archive, ctime=Fri Jun 18 23:44:58 2021, mtime=Mon Nov 25 19:33:34 2024, atime=Fri Jun 18 23:44:58 2021, length=984312, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\licenseUser[1].htm
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cjv4i1t2.r1c.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pbpr5wcz.1d1.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\71da1f76509d9c721d84655251014c87_9e146be9-c76a-4720-bcdb-53011b87bd06
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Installer\{2F276CDE-219F-4225-94D5-04B7DB2F9854}\icon_27.exe
|
MS Windows icon resource - 9 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel,
-128x-128, 32 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\SecureProp.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\UnRar.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\VCRUNTIME140.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\api-ms-win-core-processthreads-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\api-ms-win-core-processthreads-l1-1-1.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\api-ms-win-core-profile-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\api-ms-win-core-rtlsupport-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\api-ms-win-core-string-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\api-ms-win-core-synch-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\api-ms-win-core-synch-l1-2-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\api-ms-win-core-sysinfo-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\api-ms-win-core-timezone-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\api-ms-win-core-util-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\api-ms-win-crt-conio-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\api-ms-win-crt-convert-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\api-ms-win-crt-environment-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\api-ms-win-crt-filesystem-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\api-ms-win-crt-heap-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\api-ms-win-crt-locale-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\api-ms-win-crt-math-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\api-ms-win-crt-multibyte-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\api-ms-win-crt-private-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\api-ms-win-crt-process-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\api-ms-win-crt-runtime-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\api-ms-win-crt-stdio-l1-1-0.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\dictionaries\en_US.aff
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\dictionaries\en_US.dic
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\icons\clipboard-40-16.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\icons\documents-folders-16.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\icons\download-folder-9-32.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\icons\employee-id-1-16.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\icons\eraser-16-16.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\icons\fonts-folder-3-16.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\icons\list-document-32.png
|
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\icons\safe-31-16.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\icons\star-folder-1-16.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\icons\swatch-1-16.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\icons\sync-folder-1-16.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\icons\text-document-10-16.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\icons\upload-folder-5-16.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\libassuan-0.dll
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\libcrypto-3-x64.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\libgpg-error-0.dll
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\java.base.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\java.compiler.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\java.datatransfer.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\java.desktop.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\java.instrument.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\java.logging.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\java.management.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\java.management.rmi.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\java.naming.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\java.net.http.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\java.prefs.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\java.rmi.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\java.scripting.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\java.se.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\java.security.jgss.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\java.security.sasl.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\java.smartcardio.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\java.sql.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\java.sql.rowset.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\java.transaction.xa.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\java.xml.crypto.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\jdk.accessibility.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\jdk.aot.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\jdk.attach.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\jdk.crypto.cryptoki.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\jdk.crypto.ec.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\jdk.crypto.mscapi.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\jdk.dynalink.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\jdk.editpad.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\jdk.httpserver.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\jdk.incubator.foreign.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\jdk.incubator.jpackage.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\jdk.internal.ed.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\jdk.internal.jvmstat.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\jdk.internal.le.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\jdk.internal.opt.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\jdk.internal.vm.ci.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\jdk.internal.vm.compiler.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\jdk.internal.vm.compiler.management.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\jdk.jartool.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\jdk.javadoc.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\jdk.jcmd.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\jdk.jconsole.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\jdk.jdeps.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\jdk.jdi.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\jdk.jdwp.agent.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\jdk.jfr.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\jdk.jlink.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\jdk.jshell.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\jdk.jsobject.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\jdk.jstatd.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\jdk.management.agent.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\jdk.management.jfr.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\jdk.management.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\jdk.naming.dns.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\jdk.naming.rmi.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\jdk.net.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\jdk.nio.mapmode.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\jdk.sctp.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\jdk.security.auth.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\jdk.security.jgss.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\jdk.unsupported.desktop.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\jdk.unsupported.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\jdk.xml.dom.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\jdk.zipfs.jmod
|
Java jmod module version 1.0
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\sauighfs.rar
|
RAR archive data, v5
|
dropped
|
||
|
C:\Windows\Installer\63589e.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252,
Revision Number: {4EC82513-0279-4313-850F-996E4FDD9AFE}, Number of Words: 10, Subject: Oovi Appc, Author: Yuwei Qusi, Name
of Creating Application: Oovi Appc, Template: x64;1033, Comments: This installer database contains the logic and data required
to install Oovi Appc., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Sun Nov 24 19:56:54
2024, Last Saved Time/Date: Sun Nov 24 19:56:54 2024, Last Printed: Sun Nov 24 19:56:54 2024, Number of Pages: 450
|
dropped
|
||
|
C:\Windows\Installer\6358a1.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252,
Revision Number: {4EC82513-0279-4313-850F-996E4FDD9AFE}, Number of Words: 10, Subject: Oovi Appc, Author: Yuwei Qusi, Name
of Creating Application: Oovi Appc, Template: x64;1033, Comments: This installer database contains the logic and data required
to install Oovi Appc., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Sun Nov 24 19:56:54
2024, Last Saved Time/Date: Sun Nov 24 19:56:54 2024, Last Printed: Sun Nov 24 19:56:54 2024, Number of Pages: 450
|
dropped
|
||
|
C:\Windows\Installer\MSIB80D.tmp
|
data
|
dropped
|
||
|
C:\Windows\Installer\SourceHash{2F276CDE-219F-4225-94D5-04B7DB2F9854}
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Installer\inprogressinstallinfo.ipi
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\~DF0291037750D2D7B3.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF0CFEEA10AB84157E.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF17553589A8E7A071.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF24F09E3E4418CC1E.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF326BD11143E254EE.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF374CAADCCE66B05A.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF4D4D3A56B9EC7622.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF5461D03B0EBABF18.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF58A318BD7E4ACCF9.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF58E00B976A6E6244.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFC1B20FA37EDF130D.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DFED056EB7B30F59ED.TMP
|
data
|
dropped
|
There are 144 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\msiexec.exe
|
"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\R9GpVOQoR3.msi"
|
|
|
|
C:\Windows\System32\msiexec.exe
|
C:\Windows\system32\msiexec.exe /V
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding 57EB98099E4B236155B9A7DA141C0C85
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
-NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\pssADC5.ps1" -propFile "C:\Users\user\AppData\Local\Temp\msiADB3.txt"
-scriptFile "C:\Users\user\AppData\Local\Temp\scrADB4.ps1" -scriptArgsFile "C:\Users\user\AppData\Local\Temp\scrADB5.txt"
-propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\openvpn.exe
|
"C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\openvpn.exe"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://key-keys.com/licenseUser.php
|
104.21.81.131
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://openvpn.net/howto.html#mitm
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://aka.ms/pscore6lBdq
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://key-keys.com/licenseUser.phpAI_DATA_SETTER_4Params
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://www.openssl.org/H
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://openvpn.net/faq.html#dhcpclientserv
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://www.openssl.org/
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
There are 7 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
key-keys.com
|
104.21.81.131
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
104.21.81.131
|
key-keys.com
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
|
GlobalAssocChangedCounter
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Config.Msi\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\6358a0.rbs
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\6358a0.rbsLow
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Roaming\Microsoft\Installer\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\E000BAE45BED82E4488460C826B4BCAA
|
EDC672F2F9125224495D407BBDF28945
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\E42C39A34CE969B479D3D8468735891E
|
EDC672F2F9125224495D407BBDF28945
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\09DEA3894AA5B2C49A3F5236FFAD9E46
|
EDC672F2F9125224495D407BBDF28945
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\D22AA40CB6EB3EE4C8639F83ABC44D58
|
EDC672F2F9125224495D407BBDF28945
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\2F1ABDAE04A95194999734FCDCC153EC
|
EDC672F2F9125224495D407BBDF28945
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\FD09DCBC63BD76D4EADD14171F0EC2A1
|
EDC672F2F9125224495D407BBDF28945
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\BE627DB8E08DFB44781C0EFF7323EDEB
|
EDC672F2F9125224495D407BBDF28945
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\92F04EE66B4ADBF4CBC057DA4DB0188F
|
EDC672F2F9125224495D407BBDF28945
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\F5C84B1B67C08C245958B3B93F640FC0
|
EDC672F2F9125224495D407BBDF28945
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\22A956918B7694F4B986104BCAFB9283
|
EDC672F2F9125224495D407BBDF28945
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\CDA444FC31C752C499BA2E9D0AA5E7CD
|
EDC672F2F9125224495D407BBDF28945
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\2572380F9F93EF447A2C57BF9EAD8982
|
EDC672F2F9125224495D407BBDF28945
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\83CB34FD58A69E2489228EDC23D21E59
|
EDC672F2F9125224495D407BBDF28945
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\E85FA6A1E923F994DBEE614F15834E52
|
EDC672F2F9125224495D407BBDF28945
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\E03905B45AC6B944185B279DEAC536F2
|
EDC672F2F9125224495D407BBDF28945
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\25E3D9CAE45C12248A31CEE570AC9AA2
|
EDC672F2F9125224495D407BBDF28945
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\D4FF501F37C103E4189E0A8A74C74FE2
|
EDC672F2F9125224495D407BBDF28945
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\CFE3A3E19911095469DC1A13A19D4FAD
|
EDC672F2F9125224495D407BBDF28945
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\1109C9A9D2CD191469C158238BE35B1B
|
EDC672F2F9125224495D407BBDF28945
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\A2734DF1DE79DE14690721BD3514959B
|
EDC672F2F9125224495D407BBDF28945
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\A9A88D71D61CE1949865F05E70FC1800
|
EDC672F2F9125224495D407BBDF28945
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\511802B4642AEA14DA183BCB85220E8D
|
EDC672F2F9125224495D407BBDF28945
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\AEFBF3CB8A802BE478A44D079D549FDD
|
EDC672F2F9125224495D407BBDF28945
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\95A3C13A1B506EF4C96155EE067A59C4
|
EDC672F2F9125224495D407BBDF28945
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\C9728280E63B04945A605D9A61D5D7B5
|
EDC672F2F9125224495D407BBDF28945
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\DCCAA405819BE75469E03C6BA6F706C9
|
EDC672F2F9125224495D407BBDF28945
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\49D45A55367298246A8ABABCD04ECF9A
|
EDC672F2F9125224495D407BBDF28945
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\E606FBFBD02C10643BAC5FE46D1F061D
|
EDC672F2F9125224495D407BBDF28945
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\5A5D08D378EAA464DBD0FFE041C4D024
|
EDC672F2F9125224495D407BBDF28945
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\8E302E30E63B1B949AB0E226F0A03A84
|
EDC672F2F9125224495D407BBDF28945
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\53CBBD1400A04C94D9EC87B26A6D5B67
|
EDC672F2F9125224495D407BBDF28945
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\CC350337CDB4A0E4B9AA48603F9A3461
|
EDC672F2F9125224495D407BBDF28945
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\BCF6AC4E244C89947A4F9E9D1861FC9B
|
EDC672F2F9125224495D407BBDF28945
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\DA0E4E380A47D44479C3E92D7366FF9A
|
EDC672F2F9125224495D407BBDF28945
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\C264F6F1F2C338944844E9AA04D3170F
|
EDC672F2F9125224495D407BBDF28945
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\EE9D11E2C258CB1449B6083197710913
|
EDC672F2F9125224495D407BBDF28945
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\DD49B639E89716A4BB391441959A4E6B
|
EDC672F2F9125224495D407BBDF28945
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\DDAD9B8576BD0F640A198360CFE52F56
|
EDC672F2F9125224495D407BBDF28945
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\D141D51ADD113C04BBFDC8B4755E6982
|
EDC672F2F9125224495D407BBDF28945
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Components\7B9252ADE0C1DD042BC99BA22FCE0E79
|
EDC672F2F9125224495D407BBDF28945
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\icons\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\mods\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Roaming\Yuwei Qusi\Oovi Appc\dictionaries\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Roaming\Microsoft\Installer\{2F276CDE-219F-4225-94D5-04B7DB2F9854}\
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Yuwei Qusi\Oovi Appc
|
Version
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Yuwei Qusi\Oovi Appc
|
Path
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Yuwei Qusi\Oovi Appc
|
QuotaRLic
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\EDC672F2F9125224495D407BBDF28945\InstallProperties
|
LocalPackage
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\EDC672F2F9125224495D407BBDF28945\InstallProperties
|
AuthorizedCDFPrefix
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\EDC672F2F9125224495D407BBDF28945\InstallProperties
|
Comments
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\EDC672F2F9125224495D407BBDF28945\InstallProperties
|
Contact
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\EDC672F2F9125224495D407BBDF28945\InstallProperties
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\EDC672F2F9125224495D407BBDF28945\InstallProperties
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\EDC672F2F9125224495D407BBDF28945\InstallProperties
|
HelpTelephone
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\EDC672F2F9125224495D407BBDF28945\InstallProperties
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\EDC672F2F9125224495D407BBDF28945\InstallProperties
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\EDC672F2F9125224495D407BBDF28945\InstallProperties
|
InstallSource
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\EDC672F2F9125224495D407BBDF28945\InstallProperties
|
ModifyPath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\EDC672F2F9125224495D407BBDF28945\InstallProperties
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\EDC672F2F9125224495D407BBDF28945\InstallProperties
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\EDC672F2F9125224495D407BBDF28945\InstallProperties
|
Readme
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\EDC672F2F9125224495D407BBDF28945\InstallProperties
|
Size
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\EDC672F2F9125224495D407BBDF28945\InstallProperties
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\EDC672F2F9125224495D407BBDF28945\InstallProperties
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\EDC672F2F9125224495D407BBDF28945\InstallProperties
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\EDC672F2F9125224495D407BBDF28945\InstallProperties
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\EDC672F2F9125224495D407BBDF28945\InstallProperties
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\EDC672F2F9125224495D407BBDF28945\InstallProperties
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\EDC672F2F9125224495D407BBDF28945\InstallProperties
|
WindowsInstaller
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\EDC672F2F9125224495D407BBDF28945\InstallProperties
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\EDC672F2F9125224495D407BBDF28945\InstallProperties
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F276CDE-219F-4225-94D5-04B7DB2F9854}
|
AuthorizedCDFPrefix
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F276CDE-219F-4225-94D5-04B7DB2F9854}
|
Comments
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F276CDE-219F-4225-94D5-04B7DB2F9854}
|
Contact
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F276CDE-219F-4225-94D5-04B7DB2F9854}
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F276CDE-219F-4225-94D5-04B7DB2F9854}
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F276CDE-219F-4225-94D5-04B7DB2F9854}
|
HelpTelephone
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F276CDE-219F-4225-94D5-04B7DB2F9854}
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F276CDE-219F-4225-94D5-04B7DB2F9854}
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F276CDE-219F-4225-94D5-04B7DB2F9854}
|
InstallSource
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F276CDE-219F-4225-94D5-04B7DB2F9854}
|
ModifyPath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F276CDE-219F-4225-94D5-04B7DB2F9854}
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F276CDE-219F-4225-94D5-04B7DB2F9854}
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F276CDE-219F-4225-94D5-04B7DB2F9854}
|
Readme
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F276CDE-219F-4225-94D5-04B7DB2F9854}
|
Size
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F276CDE-219F-4225-94D5-04B7DB2F9854}
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F276CDE-219F-4225-94D5-04B7DB2F9854}
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F276CDE-219F-4225-94D5-04B7DB2F9854}
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F276CDE-219F-4225-94D5-04B7DB2F9854}
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F276CDE-219F-4225-94D5-04B7DB2F9854}
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F276CDE-219F-4225-94D5-04B7DB2F9854}
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F276CDE-219F-4225-94D5-04B7DB2F9854}
|
WindowsInstaller
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F276CDE-219F-4225-94D5-04B7DB2F9854}
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F276CDE-219F-4225-94D5-04B7DB2F9854}
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\6127F4BF57835794DBCE1FBE82CAB2AB
|
EDC672F2F9125224495D407BBDF28945
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\EDC672F2F9125224495D407BBDF28945\InstallProperties
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F276CDE-219F-4225-94D5-04B7DB2F9854}
|
DisplayName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Features\EDC672F2F9125224495D407BBDF28945
|
MainFeature
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\EDC672F2F9125224495D407BBDF28945\Features
|
MainFeature
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1002\Products\EDC672F2F9125224495D407BBDF28945\Patches
|
AllPatches
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\EDC672F2F9125224495D407BBDF28945
|
ProductName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\EDC672F2F9125224495D407BBDF28945
|
PackageCode
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\EDC672F2F9125224495D407BBDF28945
|
Language
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\EDC672F2F9125224495D407BBDF28945
|
Version
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\EDC672F2F9125224495D407BBDF28945
|
Assignment
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\EDC672F2F9125224495D407BBDF28945
|
AdvertiseFlags
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\EDC672F2F9125224495D407BBDF28945
|
ProductIcon
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\EDC672F2F9125224495D407BBDF28945
|
InstanceType
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\EDC672F2F9125224495D407BBDF28945
|
AuthorizedLUAApp
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\EDC672F2F9125224495D407BBDF28945
|
DeploymentFlags
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\UpgradeCodes\6127F4BF57835794DBCE1FBE82CAB2AB
|
EDC672F2F9125224495D407BBDF28945
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\EDC672F2F9125224495D407BBDF28945\SourceList
|
PackageName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\EDC672F2F9125224495D407BBDF28945\SourceList\Net
|
1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\EDC672F2F9125224495D407BBDF28945\SourceList\Media
|
DiskPrompt
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\EDC672F2F9125224495D407BBDF28945\SourceList\Media
|
1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\EDC672F2F9125224495D407BBDF28945
|
Clients
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\EDC672F2F9125224495D407BBDF28945\SourceList
|
LastUsedSource
|
There are 117 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7FF787195000
|
unkown
|
page write copy
|
||
|
49CE000
|
trusted library allocation
|
page read and write
|
||
|
283C000
|
heap
|
page read and write
|
||
|
7FFDFA67C000
|
unkown
|
page readonly
|
||
|
2818000
|
heap
|
page read and write
|
||
|
29D0000
|
heap
|
page readonly
|
||
|
27ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
678F000
|
stack
|
page read and write
|
||
|
7190000
|
trusted library allocation
|
page read and write
|
||
|
7FFE003FA000
|
unkown
|
page write copy
|
||
|
708E000
|
stack
|
page read and write
|
||
|
6F29000
|
heap
|
page read and write
|
||
|
674E000
|
stack
|
page read and write
|
||
|
7FF7870A0000
|
unkown
|
page readonly
|
||
|
500000
|
heap
|
page read and write
|
||
|
7FFE0055D000
|
unkown
|
page write copy
|
||
|
4D42000
|
trusted library allocation
|
page read and write
|
||
|
28B1000
|
heap
|
page read and write
|
||
|
7120000
|
trusted library allocation
|
page read and write
|
||
|
42D0000
|
heap
|
page execute and read and write
|
||
|
498000
|
stack
|
page read and write
|
||
|
6EDB000
|
heap
|
page read and write
|
||
|
7FFE1A531000
|
unkown
|
page execute read
|
||
|
2940000
|
heap
|
page execute and read and write
|
||
|
6ADD000
|
stack
|
page read and write
|
||
|
2910000
|
trusted library allocation
|
page read and write
|
||
|
6F90000
|
trusted library allocation
|
page read and write
|
||
|
681D000
|
stack
|
page read and write
|
||
|
6960000
|
heap
|
page read and write
|
||
|
7BC0000
|
trusted library allocation
|
page read and write
|
||
|
6B8E000
|
stack
|
page read and write
|
||
|
6FC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4B39000
|
trusted library allocation
|
page read and write
|
||
|
7C50000
|
trusted library allocation
|
page execute and read and write
|
||
|
6970000
|
heap
|
page read and write
|
||
|
27E3000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A902ADB000
|
heap
|
page read and write
|
||
|
60843FE000
|
unkown
|
page readonly
|
||
|
28F9000
|
heap
|
page read and write
|
||
|
6C0E000
|
stack
|
page read and write
|
||
|
2930000
|
trusted library allocation
|
page read and write
|
||
|
45C000
|
stack
|
page read and write
|
||
|
27E4000
|
trusted library allocation
|
page read and write
|
||
|
7FFE00341000
|
unkown
|
page execute read
|
||
|
7FFE00560000
|
unkown
|
page read and write
|
||
|
65D000
|
stack
|
page read and write
|
||
|
49D000
|
stack
|
page read and write
|
||
|
7140000
|
trusted library allocation
|
page read and write
|
||
|
70D0000
|
trusted library allocation
|
page read and write
|
||
|
60844FE000
|
stack
|
page read and write
|
||
|
27F9000
|
trusted library allocation
|
page read and write
|
||
|
271F000
|
stack
|
page read and write
|
||
|
7C60000
|
heap
|
page read and write
|
||
|
7110000
|
trusted library allocation
|
page read and write
|
||
|
6DE0000
|
trusted library allocation
|
page read and write
|
||
|
1A902A20000
|
heap
|
page read and write
|
||
|
704E000
|
stack
|
page read and write
|
||
|
420C000
|
stack
|
page read and write
|
||
|
1A902A70000
|
heap
|
page read and write
|
||
|
7FFDFA330000
|
unkown
|
page readonly
|
||
|
6A9D000
|
stack
|
page read and write
|
||
|
6FB0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7870A0000
|
unkown
|
page readonly
|
||
|
7FFDFA331000
|
unkown
|
page execute read
|
||
|
6F25000
|
heap
|
page read and write
|
||
|
298E000
|
stack
|
page read and write
|
||
|
7FF7870A1000
|
unkown
|
page execute read
|
||
|
6E60000
|
heap
|
page read and write
|
||
|
7170000
|
trusted library allocation
|
page read and write
|
||
|
42D5000
|
heap
|
page execute and read and write
|
||
|
6E50000
|
trusted library allocation
|
page read and write
|
||
|
2848000
|
heap
|
page read and write
|
||
|
7FFE1A547000
|
unkown
|
page readonly
|
||
|
27F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE004A0000
|
unkown
|
page readonly
|
||
|
4B3B000
|
trusted library allocation
|
page read and write
|
||
|
7FFE1A546000
|
unkown
|
page read and write
|
||
|
1A902AB0000
|
heap
|
page read and write
|
||
|
6C4E000
|
stack
|
page read and write
|
||
|
546000
|
heap
|
page read and write
|
||
|
70E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE1A541000
|
unkown
|
page readonly
|
||
|
70CD000
|
stack
|
page read and write
|
||
|
7CA0000
|
trusted library allocation
|
page read and write
|
||
|
1A902AD6000
|
heap
|
page execute and read and write
|
||
|
7FF78719F000
|
unkown
|
page readonly
|
||
|
7FFE00478000
|
unkown
|
page readonly
|
||
|
7FFE00561000
|
unkown
|
page readonly
|
||
|
60842FE000
|
stack
|
page read and write
|
||
|
4868000
|
trusted library allocation
|
page read and write
|
||
|
1A902920000
|
heap
|
page read and write
|
||
|
275E000
|
stack
|
page read and write
|
||
|
7100000
|
trusted library allocation
|
page read and write
|
||
|
7BA0000
|
heap
|
page read and write
|
||
|
5711000
|
trusted library allocation
|
page read and write
|
||
|
6DF7000
|
trusted library allocation
|
page read and write
|
||
|
2915000
|
trusted library allocation
|
page execute and read and write
|
||
|
7C4F000
|
stack
|
page read and write
|
||
|
6CCE000
|
stack
|
page read and write
|
||
|
71A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
4DD3000
|
trusted library allocation
|
page read and write
|
||
|
6BCB000
|
stack
|
page read and write
|
||
|
2912000
|
trusted library allocation
|
page read and write
|
||
|
279F000
|
stack
|
page read and write
|
||
|
6E00000
|
trusted library allocation
|
page read and write
|
||
|
6ED3000
|
heap
|
page read and write
|
||
|
6F80000
|
heap
|
page read and write
|
||
|
6EE9000
|
heap
|
page read and write
|
||
|
429E000
|
stack
|
page read and write
|
||
|
4711000
|
trusted library allocation
|
page read and write
|
||
|
2A10000
|
trusted library allocation
|
page read and write
|
||
|
7FFE003F9000
|
unkown
|
page read and write
|
||
|
4D40000
|
trusted library allocation
|
page read and write
|
||
|
7FF7870A1000
|
unkown
|
page execute read
|
||
|
6CF2000
|
heap
|
page read and write
|
||
|
7FFDFA458000
|
unkown
|
page execute read
|
||
|
2810000
|
heap
|
page read and write
|
||
|
7FFE1A530000
|
unkown
|
page readonly
|
||
|
43B0000
|
heap
|
page read and write
|
||
|
7FFE00340000
|
unkown
|
page readonly
|
||
|
7FF78714E000
|
unkown
|
page readonly
|
||
|
7FFDFA777000
|
unkown
|
page write copy
|
||
|
691E000
|
stack
|
page read and write
|
||
|
6E96000
|
heap
|
page read and write
|
||
|
6C8E000
|
stack
|
page read and write
|
||
|
685B000
|
stack
|
page read and write
|
||
|
49CC000
|
trusted library allocation
|
page read and write
|
||
|
6F0D000
|
heap
|
page read and write
|
||
|
7FF78714E000
|
unkown
|
page readonly
|
||
|
1A902AB9000
|
heap
|
page read and write
|
||
|
7150000
|
trusted library allocation
|
page read and write
|
||
|
43C0000
|
heap
|
page read and write
|
||
|
27A0000
|
heap
|
page read and write
|
||
|
7FFDFA77B000
|
unkown
|
page read and write
|
||
|
5719000
|
trusted library allocation
|
page read and write
|
||
|
6E59000
|
trusted library allocation
|
page read and write
|
||
|
435E000
|
stack
|
page read and write
|
||
|
29E8000
|
trusted library allocation
|
page read and write
|
||
|
7FFE004A1000
|
unkown
|
page execute read
|
||
|
6E9F000
|
heap
|
page read and write
|
||
|
29CF000
|
stack
|
page read and write
|
||
|
689E000
|
stack
|
page read and write
|
||
|
7FFDFA77F000
|
unkown
|
page readonly
|
||
|
5739000
|
trusted library allocation
|
page read and write
|
||
|
695A000
|
stack
|
page read and write
|
||
|
28CB000
|
heap
|
page read and write
|
||
|
6F11000
|
heap
|
page read and write
|
||
|
7FFE00472000
|
unkown
|
page read and write
|
||
|
476A000
|
trusted library allocation
|
page read and write
|
||
|
6EAF000
|
heap
|
page read and write
|
||
|
7FF787195000
|
unkown
|
page read and write
|
||
|
1A902A00000
|
heap
|
page read and write
|
||
|
60840FA000
|
stack
|
page read and write
|
||
|
6DF0000
|
trusted library allocation
|
page read and write
|
||
|
68DE000
|
stack
|
page read and write
|
||
|
2899000
|
heap
|
page read and write
|
||
|
439E000
|
stack
|
page read and write
|
||
|
2A00000
|
trusted library allocation
|
page execute and read and write
|
||
|
6F70000
|
heap
|
page execute and read and write
|
||
|
7130000
|
trusted library allocation
|
page read and write
|
||
|
700E000
|
stack
|
page read and write
|
||
|
7BB0000
|
trusted library allocation
|
page read and write
|
||
|
27D0000
|
trusted library allocation
|
page read and write
|
||
|
6EF1000
|
heap
|
page read and write
|
||
|
424E000
|
stack
|
page read and write
|
||
|
2A27000
|
heap
|
page read and write
|
||
|
49BC000
|
trusted library allocation
|
page read and write
|
||
|
6EE1000
|
heap
|
page read and write
|
||
|
2886000
|
heap
|
page read and write
|
||
|
2A20000
|
heap
|
page read and write
|
||
|
577D000
|
trusted library allocation
|
page read and write
|
||
|
27E0000
|
trusted library allocation
|
page read and write
|
||
|
70F0000
|
trusted library allocation
|
page read and write
|
||
|
6EEE000
|
heap
|
page read and write
|
||
|
7CC0000
|
trusted library allocation
|
page read and write
|
||
|
7C0D000
|
stack
|
page read and write
|
||
|
431F000
|
stack
|
page read and write
|
||
|
7180000
|
trusted library allocation
|
page read and write
|
||
|
7FFE00530000
|
unkown
|
page readonly
|
||
|
540000
|
heap
|
page read and write
|
||
|
29E0000
|
trusted library allocation
|
page read and write
|
||
|
7FF78719F000
|
unkown
|
page readonly
|
||
|
7160000
|
trusted library allocation
|
page read and write
|
||
|
6F97000
|
trusted library allocation
|
page read and write
|
||
|
6E45000
|
trusted library allocation
|
page read and write
|
There are 176 hidden memdumps, click here to show them.